if (!$cart_itemcount or PEAR::isError($cart_itemcount)) {
header("Location: cart.php");
trigger_error("Attempt to checkout with an empty cart.", E_USER_ERROR);
exit;
}
$fex = new formex();
/* enter user shipping addr, and possibly new Anonymous user account */
if ($ACTION == OP_ADD_SHIP) {
$pdb->autoCommit(false);
// begin trans, because we have potential two stages here that each can fail validation
/* they would like to proceed without choosing a password and such. Create an "anonymous" user object stub and log them in automatically */
if (CSHOP_ALLOW_ANON_ACCOUNT and $auth->has_bypass_flag()) {
$user = cmClassFactory::getInstanceOf(CSHOP_CLASSES_USER, $pdb);
$fex_anon_user = new formex();
$fex_anon_user->add_element($user->get_anon_colmap());
if (!($errs = $fex_anon_user->validate($_POST))) {
$vals = $fex_anon_user->get_submitted_vals($_POST);
$res = $user->create_anon_user('', $vals);
if (PEAR::isError($res)) {
trigger_error($res->getCode(), E_USER_ERROR);
}
$auth->force_preauth($user->get_id());
// magically logs them in with the new uid
}
}
// save the comments on billing/shipping eitheway, its shared
if (!empty($_POST['f_user_comments'])) {
$cart->set_user_comment($_POST['f_user_comments']);
}
if (empty($errs) && !$cart->requires_shipping()) {
$pdb->commit();
// profile update only
$colmap = $user->get_colmap();
if (isset($colmap['username'])) {
unset($colmap['username']);
}
//cant change it
} elseif ($ACTION == OP_EDIT_ADDR) {
// change an address
$req_id = $_POST['f_addr_id'];
$colmap = $user->addr->get_colmap();
} else {
$colmap = $user->get_colmap();
}
if (!empty($colmap)) {
$fex->add_element($colmap);
$errs = $fex->validate($_POST);
// handled below
}
/* checking the password validity */
if ($ACTION == OP_NEW_USER or !empty($_POST['f_password'])) {
if ($_POST['f_password'] != $_POST['f_password2']) {
$errs[] = 'The two passwords you entered did not match. Please make sure there
is the same value in both password fields';
} elseif (strlen($_POST['f_password']) < 6) {
$errs[] = 'Your password must be 6 or more characters long';
} elseif (isset($_POST['f_username']) && $_POST['f_password'] == $_POST['f_username']) {
$errs[] = 'Your password cannot be the same as your username';
}
}
if (!count($errs)) {
$pdb->autoCommit(false);
}
$order->store_history("{$msg} \"{$item['product_descrip']}\" activated, amount {$item['price']}. {$card_list}", false);
$already_activated_cards = empty($item['item_options']['gc_activated']) ? 0 : $item['item_options']['gc_activated']['value'];
$order->store_item_options($oi, array("gc_activated" => array('descr' => '', 'value' => $success_count + $already_activated_cards)));
}
}
}
$ACTION = OP_VIEW;
} elseif ($ACTION == OP_UPDATE) {
$msg = '';
$order->set_id_by_token($itemid);
$vals = array();
$fex = new formex();
$fex->field_prefix = '';
$fex->add_element($order->colmap);
if (!($errs = $fex->validate($_POST))) {
// handled below
$vals = $fex->get_submitted_vals($_POST);
$status = null;
if (isset($vals['orders_status'])) {
$status = $vals['orders_status'];
unset($vals['orders_status']);
}
if ($vals) {
$res = $order->store($vals);
if (PEAR::isError($res) and $res->getCode() != DBCON_ZERO_EFFECT) {
$errs[] = $res->getMessage();
}
}
if (empty($errs)) {
if ($status) {
