$rating = intval($review->product_rating);
$captcha_id = intval($review->captcha_id);
$captcha_value = intval($review->captcha_value);
$product_name = htmlentities(strip_tags($review->product_name));
$product_review = htmlentities(strip_tags($review->product_review));
$name = htmlentities(strip_tags($review->user_name));
$phone = htmlentities(strip_tags($review->user_phone));
$email = htmlentities(strip_tags($review->user_email));
$options = $app->fetchAll('SELECT * FROM `options`');
if (count($options)) {
foreach ($options as $key => $option) {
${$option}['name'] = $option['value'];
}
if ($app->execCount("DELETE FROM captchas WHERE id = {$captcha_id} AND value = {$captcha_value}")) {
if ($product_id and $name and $phone and $email) {
$num = $app->fetch("SELECT COUNT(*) FROM `reviews` WHERE `mail` = '{$email}' AND `product_id` = {$product_id}")['COUNT(*)'];
if ($num) {
$return['error'] .= $error_count++ . '. На этот товар вы уже оставили отзыв!';
} else {
if (preg_match('#(.+)@(.+)\\.(.){2,6}#', $email) and strlen($email) < 100) {
$code = md5(crypt($email, 'mms_shop'));
$num = $app->execCount("INSERT INTO `reviews` (`name`, `phone`, `mail`, `review`, `product_id`, `product_name`," . " `rating`, `code`, `approved`, `create_tm`, `approve_tm`, `ip`) VALUES (" . $app->pdo->quote($name) . ", " . $app->pdo->quote($phone) . ", " . $app->pdo->quote($email) . ", " . $app->pdo->quote($product_review) . ", {$product_id}, " . $app->pdo->quote($product_name) . ", {$rating}, '{$code}', 0, " . time() . ", 0, '" . $_SERVER['REMOTE_ADDR'] . "' )");
if ($num) {
// Sends email to customer to approve subscription
$app->myMail($email, 'Отзыв в MinskElectro', "<html><body><h1>Здравствуйте, {$name}.</h1>" . "E-mail {$email} был указан при добавлении отзыва на сайте MinskElectro.com. Для подтверждения вам следует перейти по <a href='http://www.minskelectro.com/?confirm={$code}'>этой ссылке</a>." . "<p>С уважением,<br>MinskElectro.com</p>" . "</body></html>", 'MinskElectro', $order_mail);
$return['success'] .= $success_count++ . '. Сообщение для подтверждения отправлено.';
} else {
$return['error'] .= $error_count++ . '. Отзыв не добавлен из-за ошибки сервера.';
}
} else {
$return['error'] .= $error_count++ . '. Неверно указан e-mail.';
break;
case '2':
$order_by = '`price_out` DESC';
break;
case '3':
$order_by = '`name` DESC';
break;
case '4':
$order_by = '`date_add`';
break;
case '5':
$order_by = '`date_add` DESC';
break;
}
// products of section
$return['product_count'] = $app->fetch("SELECT COUNT(*) FROM `products` WHERE " . ($secId == 1 ? '`on_top` = 1' : "`parent` = {$secId}") . " AND " . ($filter_stock == 0 ? "`absent` = 0 AND " : '') . "`price_out` >= {$filter_minprice} AND `price_out` <= {$filter_maxprice} AND `linkto` = 0")['COUNT(*)'];
if ($return['product_count']) {
// products of current page
$products = $app->fetchAll("SELECT * FROM `products` WHERE " . ($secId == 1 ? '`on_top` = 1' : "`parent` = {$secId}") . " AND " . ($filter_stock == 0 ? "`absent` = 0 AND " : '') . "`price_out` >= {$filter_minprice} AND " . "`price_out` <= {$filter_maxprice} AND `linkto` = 0 ORDER BY {$order_by} LIMIT " . ($current_page - 1) * $products_per_page . ", {$products_per_page}");
foreach ($products as $k => $product) {
$icon = '../tn/' . str_pad($product['id'], 4, '0', STR_PAD_LEFT) . '_m.';
if (file_exists($icon . 'jpg')) {
$icon = '/' . $icon . 'jpg';
} else {
if (file_exists($icon . 'gif')) {
$icon = '/' . $icon . 'gif';
} else {
$icon = '';
}
}
$rating_average = 0;
<?php
/**
* Gets site options and returns JSON data of config.
*
* @return array JSON data of result.
*/
include 'app.inc';
$app = new App();
$error_count = 1;
$return = array('categories' => '', 'config' => '', 'error' => '');
$options = $app->fetchAll('SELECT * FROM `options`');
if (count($options)) {
foreach ($options as $key => $option) {
${$option}['name'] = $option['value'];
}
// products of shop
$product_count_instock = $app->fetch("SELECT COUNT(*) FROM `products` WHERE `linkto` = 0 AND `absent` = 0")['COUNT(*)'];
$product_count_total = $app->fetch("SELECT COUNT(*) FROM `products` WHERE `linkto` = 0")['COUNT(*)'];
// Filtered to the front-end
$return['config'] = array('filter_stock' => (int) $filter_stock, 'filter_sort_order' => (int) $filter_sort_order, 'filter_currency' => (int) $filter_currency, 'delivery_cost' => (int) $delivery_cost, 'products_per_page' => (int) $products_per_page < 1 ? 15 : $products_per_page, 'currency_exchange_rate' => (int) $currency_exchange_rate, 'product_count_instock' => (int) $product_count_instock, 'product_count_total' => (int) $product_count_total, 'delivery_free' => (int) $delivery_free, 'currency_id' => (int) $currency_name != 'у.е' ? 1 : 0, 'neighbors_count' => (int) $page_neighbors_count, 'currency_name' => $currency_name ? ' ' . $currency_name : '', 'currency_symbol' => $currency_name ? '' : $currency_symbol, 'order_reaction_time' => $order_time, 'app_name' => $name, 'page_main_center_info' => $page_main_center_info, 'page_center_info' => $page_center_info, 'page_bottom_info' => $page_bottom_info);
} else {
$return['error'] .= $error_count++ . '. Инициализация магазина.';
}
echo json_encode($return);
*/
include 'app.inc';
$app = new App();
$error_count = 1;
$success_count = 1;
$return = array('success' => '', 'error' => '');
$options = $app->fetchAll('SELECT * FROM `options`');
if (count($options)) {
foreach ($options as $key => $option) {
${$option}['name'] = $option['value'];
}
$code = isset($_GET['code']) ? htmlentities(strip_tags($_GET['code'])) : '';
$command = isset($_GET['command']) ? htmlentities(strip_tags($_GET['command'])) : '';
switch ($command) {
case 'review':
$num = $app->fetch("SELECT COUNT(*) FROM `reviews` WHERE `code` = " . $app->pdo->quote($code))['COUNT(*)'];
if ($num) {
$review = $app->fetch("SELECT * FROM `reviews` WHERE `code` = " . $app->pdo->quote($code));
if ($review['approved'] == 1) {
$return['success'] .= $success_count++ . '. Ваш e-mail уже подтверждён. ';
} else {
$num = $app->execCount("UPDATE `reviews` SET `approved` = 1, `approve_tm` = " . time() . " WHERE `code` = " . $app->pdo->quote($code));
if ($num) {
$return['success'] .= $success_count++ . '. Ваш отзыв подтверждён.';
// Sends email to customer about confirming subscription
if ($app->myMail($review['mail'], 'ME Notification', "<html><body>Отзыв подтверждён.<br><br>{$review['review']}</body></html>")) {
$return['success'] .= $success_count++ . '. Письмо об успешном подтверждении отзыва отправлено.';
}
// Sends email to admin about confirming subscription
if ($app->myMail($order_mail, 'ME Notification', "<html><body>E-mail {$review['mail']} подтверждён.<br><br>{$review['review']}</body></html>")) {
$return['success'] .= $success_count++ . '. Письмо об успешном подтверждении отзыва отправлено.';
<?php
/**
* Returns JSON full data of product.
*
* @param number id Product ID.
*
* @return array JSON data of product.
*/
include 'app.inc';
$app = new App();
$error_count = 1;
$return = array('product' => '', 'error' => '');
$prodId = (int) $_GET['id'];
$num = $app->fetch("SELECT COUNT(*) FROM `products` WHERE `id` = {$prodId}")['COUNT(*)'];
if ($num == 1) {
$product = $app->fetch("SELECT * FROM `products` WHERE `id` = {$prodId}");
// for product details
$image = '../pictures/' . str_pad($product['id'], 4, '0', STR_PAD_LEFT) . '.';
if (file_exists($image . 'jpg')) {
$image = '/' . $image . 'jpg';
} else {
if (file_exists($image . 'gif')) {
$image = '/' . $image . 'gif';
} else {
$image = '';
}
}
// for cart
$icon = '../tn/' . str_pad($product['id'], 4, '0', STR_PAD_LEFT) . '_m.';
if (file_exists($icon . 'jpg')) {
case '5':
$order_by = '`date_add` DESC';
break;
}
$sql = '';
foreach ($words as $k => $word) {
/*
// Matching taking into account Russian morphology (good for search in description)
if( strlen($word) > 3 ) {
$word = preg_replace('#(ая|а|у|е|ом|ами|ов|и|ой|ы|я|ть|\'s)$#i', '', trim($word));
}
*/
$sql .= ($sql ? ' AND ' : '') . "`name` LIKE '%" . trim($word) . "%'";
}
$sql = '(' . ($sql ? $sql : 0) . ") AND `price_out` >= {$filter_minprice} AND `price_out` <= {$filter_maxprice}";
$return['product_count'] = $app->fetch("SELECT COUNT(*) FROM `products` WHERE {$sql} AND " . ($filter_stock == 0 ? "`absent` = 0 AND " : '') . " `linkto` = 0")['COUNT(*)'];
if ($return['product_count'] > 0) {
$products = $app->fetchAll($sql2 = "SELECT * FROM `products` WHERE {$sql} AND " . ($filter_stock == 0 ? "`absent` = 0 AND " : '') . " `linkto` = 0 ORDER BY {$order_by} LIMIT " . ($current_page - 1) * $products_per_page . ", {$products_per_page}");
foreach ($products as $k => $product) {
$icon = '../tn/' . str_pad($product['id'], 4, '0', STR_PAD_LEFT) . '_m.';
if (file_exists($icon . 'jpg')) {
$icon = '/' . $icon . 'jpg';
} else {
if (file_exists($icon . 'gif')) {
$icon = '/' . $icon . 'gif';
} else {
$icon = '';
}
}
$rating_average = 0;
$reviews = $app->fetchAll("SELECT rating FROM `reviews` WHERE `product_id` = {$product['id']} AND `approved` = 1");
/**
* Returns JSON data with path array.
*
* @param number id Product ID.
*
* @return array JSON data of path.
*/
include 'app.inc';
$app = new App();
$buf = array();
$sectionCount = 0;
$error_count = 1;
$return = array('navigation' => '', 'error' => '');
$id = (int) $_GET['id'];
$productCount = $app->fetch("SELECT COUNT(*) FROM `products` WHERE `id` = {$id}")['COUNT(*)'];
if ($productCount != 1) {
$sectionCount = $app->fetch("SELECT COUNT(*) FROM `categories` WHERE `id` = {$id}")['COUNT(*)'];
}
if ($productCount == 1 or $sectionCount == 1) {
if ($productCount) {
$product = $app->fetch("SELECT `parent`, `name` FROM `products` WHERE `id` = {$id}");
$parent = $product['parent'];
} else {
$parent = $id;
}
if ($parent) {
$category = $app->fetchAll("SELECT `id`, `name`, `parent` FROM `categories` WHERE `id` = " . $parent);
while (count($category)) {
array_push($buf, $category[0]['id'], $category[0]['name']);
$category = $app->fetchAll("SELECT `id`, `name`, `parent` FROM `categories` WHERE `id` = " . $category[0]['parent']);
$captcha_value = intval($order->user->captcha->value);
$name = htmlentities(strip_tags($order->user->name));
$phone = htmlentities(strip_tags($order->user->phone));
$address = htmlentities(strip_tags($order->user->address));
$email = isset($order->user->email) ? htmlentities(strip_tags($order->user->email)) : '';
$comment = isset($order->user->comment) ? htmlentities(strip_tags($order->user->comment)) : '';
$referral = isset($order->user->referral) ? htmlentities(strip_tags($order->user->referral)) : '';
$subscribe = isset($order->user->subscribe) ? htmlentities(strip_tags($order->user->subscribe)) : '';
$subscribe_now = '';
$subscribe_already = '';
$subscribe_decline = '';
if ($app->execCount("DELETE FROM captchas WHERE id = {$captcha_id} AND value = {$captcha_value}")) {
if (count($order->product)) {
if ($name and $phone and $address) {
if ($subscribe and $email) {
$num = $app->fetch("SELECT COUNT(*) FROM `subscribes` WHERE `mail` = '" . $email . "'")['COUNT(*)'];
if ($num) {
$code = $app->fetch("SELECT `code` FROM `subscribes` WHERE `mail`= '" . $email . "'")[0];
$subscribe_already = "подписаны ранее";
} else {
if (preg_match('#(.+)@(.+)\\.(.){2,6}#', $email) and strlen($email) < 100) {
$code = md5(crypt($email, 'mms_shop'));
$num = $app->execCount("INSERT INTO subscribes (`name`, `mail`, `code`, `approved`, `create_tm`, `approve_tm`, `ip`) VALUES (" . $app->pdo->quote($name) . ", " . $app->pdo->quote($email) . ", '" . $code . "', 0, " . time() . ", 0, '" . $_SERVER['REMOTE_ADDR'] . "' )");
$subscribe_now = "подписаны сейчас";
// Sends email to customer to approve subscription
$app->myMail($email, 'Подписка в MinskElectro', "<html><body><h1>Здравствуйте, {$name}.</h1>" . "E-mail {$email} был указан при подписке на новости сайта MinskElectro.com. Для подтверждения подписки вам следует перейти по <a href='http://www.minskelectro.com/?subscribe={$code}'>этой ссылке</a>." . "<p>С уважением,<br>MinskElectro.com</p>" . "</body></html>", 'MinskElectro', $order_mail);
$return['success'] .= $success_count++ . '. Subscription e-mail sent to the customer.';
} else {
$return['error'] .= $error_count++ . 'Email is invalid.';
}
}
<?php
/**
* Gets review status.
*
* @return array JSON data of result.
*/
include 'app.inc';
$app = new App();
$error_count = 1;
$return = array('review' => array(), 'error' => '');
$prodId = isset($_GET['id']) ? (int) $_GET['id'] : 1;
$num = $app->fetch("SELECT COUNT(*) FROM `reviews` WHERE product_id = {$prodId} AND `approved` = 1")['COUNT(*)'];
if ($num) {
$reviews = $app->fetchAll("SELECT * FROM `reviews` WHERE product_id = {$prodId} AND `approved` = 1 ORDER BY create_tm");
foreach ($reviews as $k => $review) {
$return['review'][$k] = array('rating' => $review['rating'], 'name' => $review['name'], 'review' => $review['review'], 'create_tm' => date("Y-m-d H:i:s", intval($review['create_tm'])));
}
}
echo json_encode($return);
