function edit_store_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$store = \query\main::store_infos($id);
if ($store->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>';
}
/* */
$store_image = $store->image;
$form = '<div class="edit_store_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_store_form']);
try {
$post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd);
$store_image = $post_info->image;
$form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#" enctype="multipart/form-data">
<div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label>
<div><select name="edit_store_form[category]" id="edit_store_form[category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
$wcat = '<optgroup label="' . $cat['infos']->name . '">';
$wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
$wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
$wcat .= '</optgroup>';
$form .= $wcat;
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div>
<div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div>
<div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" />
<span>Note:* max width: 600px, max height: 400px.</span></div></div>
<input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_store_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
echo '<li><a href="?route=stores.php&action=list&type=publish&id=' . $_GET['id'] . '&token=' . $csrf . '">' . $LANG['publish'] . '</a></li>';
}
echo '</ul>
</div>';
}
echo '<a href="?route=stores.php&action=list" class="btn">' . $LANG['stores_view'] . '</a>
</div>';
if (!empty($LANG['stores_edit_subtitle'])) {
echo '<span>' . $LANG['stores_edit_subtitle'] . '</span>';
}
echo '</div>';
if ($store_exists) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'stores_csrf')) {
if (isset($_POST['user']) && isset($_POST['category']) && isset($_POST['name']) && isset($_POST['url']) && isset($_POST['tags']) && isset($_POST['description']) && isset($_FILES['logo']) && isset($_POST['meta_title']) && isset($_POST['meta_desc'])) {
if (actions::edit_store($_GET['id'], array('user' => $_POST['user'], 'category' => $_POST['category'], 'name' => $_POST['name'], 'url' => $_POST['url'], 'tags' => $_POST['tags'], 'description' => $_POST['description'], 'popular' => isset($_POST['popular']) ? 1 : 0, 'publish' => isset($_POST['publish']) ? 1 : 0, 'meta_title' => $_POST['meta_title'], 'meta_desc' => $_POST['meta_desc']))) {
$info = \query\main::store_infos($_GET['id']);
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_GET['type']) && isset($_GET['token']) && check_csrf($_GET['token'], 'stores_csrf')) {
if ($_GET['type'] == 'delete_image') {
if (isset($_GET['id'])) {
if (actions::delete_store_image($_GET['id'])) {
$info->image = '';
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
echo '</select>
<button class="btn" name="set_action">' . $LANG['set_all'] . '</button>';
}
echo '</div>';
}
foreach (\query\main::while_reviews(array_merge(array('orderby' => isset($_GET['orderby']) ? urldecode($_GET['orderby']) : 'date desc'), $options)) as $item) {
echo '<li>
<input type="checkbox" name="id[' . $item->ID . ']" />
<div style="display: table;">
<img src="' . \query\main::user_avatar($item->user_avatar) . '" alt="" />
<div class="info-div">
<h2>' . ($item->valid ? '<span class="msg-success">' . $LANG['published'] . '</span> ' : '<span class="msg-error">' . $LANG['notpublished'] . '</span> ') . sprintf($LANG['reviews_byto'], '<a href="?route=reviews.php&action=list&user='******'">' . $item->user_name . '</a>', '<a href="?route=reviews.php&action=list&store=' . $item->storeID . '">' . \query\main::store_infos($item->storeID)->name . '</a>') . '
<span class="fright date">' . date('Y.m.d, ' . (\query\main::get_option('hour_format') == 12 ? 'g:i A' : 'G:i'), strtotime($item->date)) . '</span></h2>
<div class="info-bar">' . $item->text . '</div>
</div></div>
<div class="options">';
if ($ab_edt) {
echo '<a href="?route=reviews.php&action=edit&id=' . $item->ID . '">' . $LANG['edit'] . '</a>';
echo '<a href="' . \site\utils::update_uri('', array('type' => $item->valid ? 'unpublish' : 'publish', 'id' => $item->ID, 'token' => $csrf)) . '">' . ($item->valid ? $LANG['unpublish'] : $LANG['publish']) . '</a>';
}
if ($ab_del) {
echo '<a href="' . \site\utils::update_uri('', array('action' => 'delete', 'id' => $item->ID, 'token' => $csrf)) . '" data-delete-msg="' . $LANG['delete_msg'] . '">' . $LANG['delete'] . '</a>
</div>
</li>';
<?php
/*
PUT THE OBJECT INTO A GLOBAL VARIABLE
*/
$GLOBALS['item'] = \query\main::store_infos();
$GLOBALS['exists'] = \query\main::store_exists();
/*
CHECK IF STORE EXISTS
*/
function exists()
{
return $GLOBALS['exists'];
}
/*
INFORMATIONS ABOUT STORE
*/
function the_item()
{
return $GLOBALS['item'];
}
/*
CHECK IF HAVE ITEMS
*/
function have_items($category = array())
{
$GLOBALS['have_items'] = \query\main::have_reviews($category, 'store');
/*
ACTIVATE PAGES INFORMATIONS IF FUNCTION have_items() IS CALLED
*/
/*
/*
SHOWING COUPONS OR PRODUCTS
*/
function searched_type()
{
if (isset($_GET['type']) && strtolower($_GET['type']) === 'products') {
return 'products';
}
return 'coupons';
}
/*
PUT THE OBJECT INTO A GLOBAL VARIABLE
*/
$GLOBALS['searched_type'] = searched_type();
$GLOBALS['item'] = \query\main::store_infos(0, array('update_views' => ''));
$GLOBALS['exists'] = \query\main::store_exists(0, array('user_view' => ''));
/*
CHECK IF STORE EXISTS
*/
function exists()
{
return $GLOBALS['exists'];
}
/*
INFORMATIONS ABOUT STORE
*/
function the_item()
{
return $GLOBALS['item'];
}
public static function delete_store_image($id)
{
global $db;
if (!ab_to(array('stores' => 'edit'))) {
return false;
}
$id = (array) $id;
$stmt = $db->stmt_init();
foreach ($id as $ID) {
if (\query\main::store_exists($ID)) {
$store = \query\main::store_infos($ID);
$stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "stores SET image = '' WHERE id = ?");
$stmt->bind_param("i", $ID);
$stmt->execute();
if (!empty($store->image)) {
@unlink(DIR . '/' . $store->image);
}
}
}
@$stmt->close();
return true;
}
public static function edit_store($id, $user, $post)
{
global $db, $LANG;
$post = array_map('trim', $post);
if (!\query\main::have_store($id, $user)) {
throw new \Exception($LANG['msg_error']);
// this error can appear only when user try to modify post data
} else {
if (!isset($post['name']) || trim($post['name']) == '') {
throw new \Exception($LANG['edit_store_writename']);
} else {
if (!isset($post['url']) || !preg_match('/(^http(s)?:\\/\\/)([a-zA-Z0-9-]{3,100}).([a-zA-Z]{2,12})/', $post['url'])) {
throw new \Exception($LANG['edit_store_wrongweb']);
} else {
if (!isset($post['description']) || strlen($post['description']) < 10) {
throw new \Exception($LANG['edit_store_writedesc']);
} else {
$store = \query\main::store_infos($id);
$logo = \site\images::upload($_FILES['edit_store_form_logo'], 'logo_', array('path' => '', 'max_size' => 400, 'max_width' => 600, 'max_height' => 400, 'current' => $store->image));
$stmt = $db->stmt_init();
$stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "stores SET category = ?, name = ?, link = ?, description = ?, tags = ?, image = ?, lastupdate_by = ?, lastupdate = NOW() WHERE id = ?");
$tags = isset($post['tags']) ? $post['tags'] : '';
$stmt->bind_param("isssssii", $post['category'], $post['name'], $post['url'], $post['description'], $tags, $logo, $user, $id);
$execute = $stmt->execute();
$stmt->close();
if ($execute) {
return (object) array('image' => $logo);
} else {
throw new \Exception($LANG['msg_error']);
}
}
}
}
}
}