Exemplo n.º 1
0
 function eshop_checkout($espost)
 {
     $espost = stripslashes_deep($espost);
     global $blog_id, $eshopoptions, $wpdb;
     $contineproceed = '1';
     //cache
     eshop_cache();
     $echoit = '';
     include_once ABSPATH . 'wp-includes/wp-db.php';
     include_once WP_PLUGIN_DIR . "/eshop/cart-functions.php";
     if (isset($espost['eshop_payment'])) {
         $_SESSION['eshop_payment' . $blog_id] = preg_replace('/[^a-zA-Z0-9\\-_]/', '', $espost['eshop_payment']);
     }
     if (!isset($_SESSION['eshop_payment' . $blog_id])) {
         $paymentmethod = 'paypal';
     } else {
         $paymentmethod = $_SESSION['eshop_payment' . $blog_id];
     }
     //left over from previous script, leaving in just in case another payment method is used.
     $chkerror = 0;
     $numberofproducts = 0;
     //filter for plugin merchant gateways
     $eshopmgincpath = apply_filters('eshop_mg_inc_path', WP_PLUGIN_DIR . '/eshop/' . $paymentmethod . '.php', $paymentmethod);
     // if everything went ok do the following, hopefully the rest won't happen!
     if (isset($_GET['eshopaction'])) {
         if ($_GET['eshopaction'] == 'success') {
             include_once $eshopmgincpath;
         }
     }
     //filter for plugin merchant gateways
     $eshopmgincidxpath = apply_filters('eshop_mg_inc_idx_path', WP_PLUGIN_DIR . '/eshop/' . $paymentmethod . '/index.php', $paymentmethod);
     if (file_exists($eshopmgincidxpath)) {
         include_once $eshopmgincidxpath;
     }
     if (isset($_SESSION['eshopcart' . $blog_id])) {
         $shopcart = $_SESSION['eshopcart' . $blog_id];
         $numberofproducts = sizeof($_SESSION['eshopcart' . $blog_id]);
         /* unused code?
         			$productsandqty='';
         			while (list ($product, $amount) = each ($_SESSION['eshopcart'.$blog_id])){
         				$productsandqty.=" $product-$amount";
         				$productsandqty=trim($productsandqty);
         			}
         			*/
         $keys = array_keys($_SESSION['eshopcart' . $blog_id]);
         $productidkeys = implode(",", $keys);
         $productidkeys = trim($productidkeys);
         //reqd for shipping - finds the correct state for working out shipping, and set things up for later usage.
         if (isset($espost['ship_name'])) {
             if ($espost['ship_name'] != '' || $espost['ship_address'] != '' || $espost['ship_city'] != '' || $espost['ship_postcode'] != '' || $espost['ship_company'] != '' || $espost['ship_phone'] != '' || $espost['ship_country'] != '' || $espost['ship_state'] != '') {
                 if ($espost['ship_name'] == '') {
                     $espost['ship_name'] = $espost['first_name'] . " " . $espost['last_name'];
                 }
                 if ($espost['ship_company'] == '') {
                     $espost['ship_company'] = $espost['company'];
                 }
                 if ($espost['ship_phone'] == '') {
                     $espost['ship_phone'] = $espost['phone'];
                 }
                 if ($espost['ship_address'] == '') {
                     $espost['ship_address'] = $espost['address1'];
                     if ($espost['address2'] != '') {
                         $espost['ship_address'] .= ", " . $espost['address2'];
                     }
                 }
                 if ($espost['ship_city'] == '') {
                     $espost['ship_city'] = $espost['city'];
                 }
                 if ($espost['ship_postcode'] == '') {
                     $espost['ship_postcode'] = $espost['zip'];
                 }
                 if ($espost['ship_country'] == '') {
                     $espost['ship_country'] = $espost['country'];
                 }
                 if ($espost['ship_state'] == '') {
                     $espost['ship_state'] = $espost['state'];
                 }
                 if ($espost['ship_altstate'] == '') {
                     $espost['ship_altstate'] = $espost['altstate'];
                 }
             } else {
                 $espost['ship_name'] = $espost['first_name'] . " " . $espost['last_name'];
                 $espost['ship_company'] = $espost['company'];
                 $espost['ship_phone'] = $espost['phone'];
                 if ($espost['ship_address'] == '') {
                     $espost['ship_address'] = $espost['address1'];
                     if ($espost['address2'] != '') {
                         $espost['ship_address'] .= ", " . $espost['address2'];
                     }
                 }
                 $espost['ship_city'] = $espost['city'];
                 $espost['ship_postcode'] = $espost['zip'];
                 $espost['ship_country'] = $espost['country'];
                 $espost['ship_state'] = $espost['state'];
                 $espost['ship_altstate'] = $espost['altstate'];
             }
             $tablecountries = $wpdb->prefix . 'eshop_countries';
             $tablestates = $wpdb->prefix . 'eshop_states';
             $shippingzone = $eshopoptions['shipping_zone'];
             if (isset($espost['eshop_shiptype']) && $espost['eshop_shiptype'] != '0') {
                 $sztype = $espost['eshop_shiptype'];
                 $shippingzone = $wpdb->get_var("SELECT area FROM " . $wpdb->prefix . "eshop_rates WHERE rate_type='ship_weight' && class='{$sztype}' LIMIT 1");
             }
             $pzoneid = '';
             //$eshopoptions['unknown_state'];
             if ($shippingzone == 'country') {
                 if (isset($espost['ship_country']) && $espost['ship_country'] != '') {
                     $pzoneid = $espost['ship_country'];
                 } elseif (isset($espost['country']) && $espost['country'] != '') {
                     $pzoneid = $espost['country'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablecountries} WHERE code='{$pzoneid}' LIMIT 1");
             } else {
                 if (isset($espost['state']) && $espost['state'] != '') {
                     $pzoneid = $espost['state'];
                 }
                 if (isset($espost['ship_state']) && $espost['ship_state'] != '') {
                     $pzoneid = $espost['ship_state'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablestates} WHERE id='{$pzoneid}' LIMIT 1");
                 if (isset($espost['altstate']) && $espost['altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
                 if (isset($espost['ship_altstate']) && $espost['ship_altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
             }
             $_SESSION['shiptocountry' . $blog_id] = $eshopoptions['location'];
             if (isset($espost['ship_country']) && $espost['ship_country'] != '') {
                 $_SESSION['shiptocountry' . $blog_id] = $espost['ship_country'];
             } elseif (isset($espost['country']) && $espost['country'] != '') {
                 $_SESSION['shiptocountry' . $blog_id] = $espost['country'];
             }
         } else {
             $pzoneid = '';
             //$eshopoptions['unknown_state'];
             $tablecountries = $wpdb->prefix . 'eshop_countries';
             $tablestates = $wpdb->prefix . 'eshop_states';
             $shippingzone = $eshopoptions['shipping_zone'];
             if (isset($espost['eshop_shiptype'])) {
                 $sztype = $espost['eshop_shiptype'];
                 $shippingzone = $wpdb->get_var("SELECT area FROM " . $wpdb->prefix . "eshop_rates WHERE rate_type='ship_weight' && class='{$sztype}' LIMIT 1");
             }
             if ($shippingzone == 'country') {
                 if (isset($espost['ship_country']) && $espost['ship_country'] != '') {
                     $pzoneid = $espost['ship_country'];
                 } elseif (isset($espost['country']) && $espost['country'] != '') {
                     $pzoneid = $espost['country'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablecountries} WHERE code='{$pzoneid}' LIMIT 1");
             } else {
                 if (isset($espost['ship_state']) && $espost['ship_state'] != '') {
                     $pzoneid = $espost['ship_state'];
                 }
                 if (isset($espost['state']) && $espost['state'] != '') {
                     $pzoneid = $espost['state'];
                 }
                 $pzone = $wpdb->get_var("SELECT zone FROM {$tablestates} WHERE id='{$pzoneid}' LIMIT 1");
                 if (isset($espost['altstate']) && $espost['altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
                 if (isset($espost['ship_altstate']) && $espost['ship_altstate'] != '') {
                     $pzone = $eshopoptions['unknown_state'];
                 }
             }
         }
         //
         $shiparray = array();
         $eshopcartarray = $_SESSION['eshopcart' . $blog_id];
         foreach ($eshopcartarray as $productid => $opt) {
             if (is_array($opt)) {
                 switch ($eshopoptions['shipping']) {
                     case '1':
                         //( per quantity of 1, prices reduced for additional items )
                         for ($i = 1; $i <= $opt['qty']; $i++) {
                             array_push($shiparray, $opt["pclas"]);
                         }
                         break;
                     case '2':
                         //( once per shipping class no matter what quantity is ordered )
                         if (!in_array($opt["pclas"], $shiparray)) {
                             array_push($shiparray, $opt["pclas"]);
                         }
                         break;
                     case '3':
                         //( one overall charge no matter how many are ordered )
                         if (!in_array($opt["pclas"], $shiparray)) {
                             if ($opt["pclas"] != 'F') {
                                 array_push($shiparray, 'A');
                             }
                         }
                         break;
                     case '4':
                         //( weight )
                         if (isset($espost['eshop_shiptype'])) {
                             unset($shiparray);
                             $shiparray = $espost['eshop_shiptype'];
                         }
                         break;
                 }
             }
         }
         //need an extra check
         if ($eshopoptions['shipping'] == '4' && 'no' == $eshopoptions['downloads_only'] && isset($espost['submit']) && !isset($espost['eshop_shiptype']) && !eshop_only_downloads()) {
             $pzone = '';
         }
         //need to check the discount codes here as well:
         if (eshop_discount_codes_check()) {
             $_SESSION['eshop_discount' . $blog_id] = '';
             unset($_SESSION['eshop_discount' . $blog_id]);
             if (isset($espost['eshop_discount']) && $espost['eshop_discount'] != '') {
                 $chkcode = valid_eshop_discount_code($espost['eshop_discount']);
                 if ($chkcode) {
                     $_SESSION['eshop_discount' . $blog_id] = $espost['eshop_discount'];
                 }
             }
         }
         //show the cart
         if (isset($_GET['eshopaction']) && $_GET['eshopaction'] != 'redirect' || !isset($_GET['eshopaction'])) {
             $echoit .= display_cart($_SESSION['eshopcart' . $blog_id], false, $eshopoptions['checkout'], $pzone, $shiparray);
         }
     }
     $error = '';
     if (isset($espost['submit'])) {
         //form handling
         foreach ($espost as $key => $value) {
             $key = $value;
         }
         //setupshipping arrays
         $reqdvalues = array('shipping', 'first_name', 'last_name', 'email', 'phone', 'address', 'city', 'zip', 'pay');
         if ($eshopoptions['shipping'] != '4') {
             if ($eshopoptions['shipping_zone'] == 'country') {
                 $reqdvalues[] = 'country';
             } else {
                 $reqdvalues[] = 'state';
             }
         } else {
             $creqd = '';
             $dtable = $wpdb->prefix . 'eshop_rates';
             $query = $wpdb->get_results("SELECT DISTINCT(area) from {$dtable} where rate_type='ship_weight'");
             foreach ($query as $k) {
                 $reqdvalues[] = $k->area;
             }
         }
         $linkattr = apply_filters('eShopCheckoutLinksAttr', '');
         $reqdarray = apply_filters('eshopCheckoutReqd', $reqdvalues);
         if ($eshopoptions['shipping'] == '4' && 'no' == $eshopoptions['downloads_only'] && !isset($espost['eshop_shiptype']) && !eshop_only_downloads()) {
             $error .= '<li>' . __('<strong>Shipping</strong> - not selected.', 'eshop') . '</li>';
         }
         if (isset($espost['first_name'])) {
             $valid = checkAlpha($espost['first_name']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'first_name')) {
                 $error .= '<li>' . __('<strong>First name</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['last_name'])) {
             $valid = checkAlpha($espost['last_name']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'last_name')) {
                 $error .= '<li>' . __('<strong>Last name</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['email'])) {
             $valid = checkEmail($espost['email']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'email')) {
                 $error .= '<li>' . __('<strong>Email address</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['phone'])) {
             $valid = checkPhone($espost['phone']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'phone')) {
                 $error .= '<li>' . __('<strong>Phone Number</strong> - missing or incorrect', 'eshop') . '.</li>';
             }
         }
         if (isset($espost['address1'])) {
             $valid = checkAlpha($espost['address1']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'address')) {
                 $error .= '<li>' . __('<strong>Address</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['city'])) {
             $valid = checkAlpha($espost['city']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'city')) {
                 $error .= '<li>' . __('<strong>City or town</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (eshop_checkreqd($reqdarray, 'state')) {
             if (isset($espost['state']) && $espost['state'] == '' && $espost['altstate'] == '') {
                 $error .= '<li>' . __('<strong>State/County/Province</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (eshop_checkreqd($reqdarray, 'country')) {
             if (isset($espost['country'])) {
                 $valid = checkAlpha($espost['country']);
                 if ($valid == FALSE) {
                     $error .= '<li>' . __('<strong>Country</strong> - missing or incorrect.', 'eshop') . '</li>';
                 }
             }
         }
         if (isset($espost['country']) && $espost['country'] == 'US' && $espost['state'] == '' && $espost['altstate'] == '') {
             //must pick a state for US deliveries
             $error .= '<li>' . __('<strong><abbr title="United States">US</abbr> State</strong> - missing or incorrect.', 'eshop') . '</li>';
         }
         if (isset($espost['zip'])) {
             $valid = checkAlphaNum($espost['zip']);
             if ($valid == FALSE && eshop_checkreqd($reqdarray, 'zip')) {
                 $error .= '<li>' . __('<strong>Zip/Post code</strong> - missing or incorrect.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['reference'])) {
             if ($espost['reference'] == '' && eshop_checkreqd($reqdarray, 'ref')) {
                 $error .= '<li>' . __('<strong>Reference</strong> - missing.', 'eshop') . '</li>';
             }
         }
         if (isset($espost['comments'])) {
             if ($espost['comments'] == '' && eshop_checkreqd($reqdarray, 'comments')) {
                 $error .= '<li>' . __('<strong>Comments</strong> - missing.', 'eshop') . '</li>';
             }
         }
         if (isset($eshopoptions['users']) && $eshopoptions['users'] == 'yes' && !is_user_logged_in()) {
             if (!isset($espost['eshop_users']) && eshop_checkreqd($reqdarray, 'signup')) {
                 $error .= '<li>' . __('<strong>Sign Up</strong> - not checked.', 'eshop') . '</li>';
             }
         }
         //add in error checking for any new values here
         $temperror = apply_filters('eshoperrorcheckout', $espost);
         if (!is_array($temperror)) {
             $error .= $temperror;
         }
         ////////////////////////////////////////////////
         if ('yes' == $eshopoptions['tandc_use']) {
             if (!isset($espost['eshop_tandc'])) {
                 $error .= '<li><strong>' . $eshopoptions['tandc'] . '</strong>' . __(' - not checked.', 'eshop') . '</li>';
             }
         }
         if (!isset($espost['eshop_payment'])) {
             $error .= '<li>' . __('You have not chosen a <strong>payment option</strong>.', 'eshop') . '</li>';
         }
         if (eshop_discount_codes_check()) {
             $_SESSION['eshop_discount' . $blog_id] = '';
             unset($_SESSION['eshop_discount' . $blog_id]);
             if (isset($espost['eshop_discount']) && $espost['eshop_discount'] != '') {
                 $chkcode = valid_eshop_discount_code($espost['eshop_discount']);
                 if (!$chkcode) {
                     $error .= '<li>' . __('<strong>Discount Code</strong> - is not valid.', 'eshop') . '</li>';
                 } else {
                     $_SESSION['eshop_discount' . $blog_id] = $espost['eshop_discount'];
                 }
             }
         }
         if (isset($eshopoptions['users']) && $eshopoptions['users'] == 'yes' && isset($espost['eshop_users']) && !is_user_logged_in()) {
             $_SESSION['eshop_user' . $blog_id] = '1';
         }
         if ($error != '') {
             $echoit .= "<p><strong class=\"eshoperror error\">" . __('There were some errors in the details you entered&#8230;', 'eshop') . "</strong></p><ul class=\"eshoperrors errors\">" . $error . '</ul>';
             $first_name = $last_name = $company = $phone = $reference = '';
             $email = $address1 = $address2 = $city = $country = '';
             $state = $altstate = $zip = $ship_name = $ship_company = '';
             $ship_phone = $ship_address = $ship_city = $ship_postcode = '';
             $ship_country = $ship_state = $ship_altstate = $comments = '';
             if (isset($espost['first_name'])) {
                 $first_name = $espost['first_name'];
             }
             if (isset($espost['last_name'])) {
                 $last_name = $espost['last_name'];
             }
             if (isset($espost['phone'])) {
                 $phone = $espost['phone'];
             }
             if (isset($espost['reference'])) {
                 $reference = $espost['reference'];
             }
             if (isset($espost['email'])) {
                 $email = $espost['email'];
             }
             if (isset($espost['address1'])) {
                 $address1 = $espost['address1'];
             }
             if (isset($espost['address2'])) {
                 $address2 = $espost['address2'];
             }
             if (isset($espost['city'])) {
                 $city = $espost['city'];
             }
             if (isset($espost['country'])) {
                 $country = $espost['country'];
             }
             if (isset($espost['state'])) {
                 $state = $espost['state'];
             }
             if (isset($espost['altstate'])) {
                 $altstate = $espost['altstate'];
             }
             if (isset($espost['zip'])) {
                 $zip = $espost['zip'];
             }
             if (isset($espost['ship_name'])) {
                 $ship_name = $espost['ship_name'];
             }
             if (isset($espost['ship_company'])) {
                 $ship_company = $espost['ship_company'];
             }
             if (isset($espost['ship_phone'])) {
                 $ship_phone = $espost['ship_phone'];
             }
             if (isset($espost['ship_address'])) {
                 $ship_address = $espost['ship_address'];
             }
             if (isset($espost['ship_city'])) {
                 $ship_city = $espost['ship_city'];
             }
             if (isset($espost['ship_country'])) {
                 $ship_country = $espost['ship_country'];
             }
             if (isset($espost['ship_state'])) {
                 $ship_state = $espost['ship_state'];
             }
             if (isset($espost['ship_altstate'])) {
                 $ship_altstate = $espost['ship_altstate'];
             }
             if (isset($espost['ship_postcode'])) {
                 $ship_postcode = $espost['ship_postcode'];
             }
             if (isset($espost['comments'])) {
                 $comments = $espost['comments'];
             }
             $chkerror = '1';
         } else {
             if (!isset($_GET['eshopaction'])) {
                 $shipping = 0;
                 $echoit .= "<div class=\"hr\"></div><div class=\"eshopcheckoutconf\"><h3>" . __('<span class="noprint">Please Confirm </span>Your Details', 'eshop') . '</h3>';
                 // create a custom id, and shove details in database
                 $date = date('YmdHis');
                 $_SESSION['date' . $blog_id] = $date;
                 $fprice = number_format($_SESSION['final_price' . $blog_id], 2, '.', '');
                 $espost['amount'] = $fprice;
                 $espost['custom'] = $date;
                 $espost['numberofproducts'] = sizeof($_SESSION['eshopcart' . $blog_id]);
                 //shipping
                 if (isset($_SESSION['shipping' . $blog_id])) {
                     $shipping = eshopShipTaxAmt();
                 }
                 //discount shipping
                 if (is_shipfree(calculate_total())) {
                     $shipping = 0;
                 }
                 //shipping
                 $espost['shipping_1'] = $shipping;
                 $ctable = $wpdb->prefix . 'eshop_countries';
                 $stable = $wpdb->prefix . 'eshop_states';
                 if ('no' == $eshopoptions['downloads_only']) {
                     $echoit .= '<h4>' . __('Mailing Address', 'eshop') . '</h4><ul class="eshop confirm">';
                 } else {
                     $echoit .= '<h4>' . __('Contact Details', 'eshop') . '</h4><ul class="eshop confirm">';
                 }
                 $echoit .= "<li><span class=\"items fullname\">" . __('Full name:', 'eshop') . "</span> " . $espost['first_name'] . " " . $espost['last_name'] . "</li>\n";
                 if ('no' == $eshopoptions['downloads_only']) {
                     $echoit .= "<li class=\"company\"><span class=\"items\">" . __('Company:', 'eshop') . "</span> " . $espost['company'] . "</li>\n";
                 }
                 $echoit .= "<li class=\"email\"><span class=\"items\">" . __('Email:', 'eshop') . "</span> " . $espost['email'] . "</li>\n";
                 if ('no' == $eshopoptions['downloads_only']) {
                     $echoit .= "<li class=\"phone\"><span class=\"items\">" . __('Phone:', 'eshop') . "</span> " . $espost['phone'] . "</li>\n";
                     $echoit .= "<li class=\"address\"><span class=\"items\">" . __('Address:', 'eshop') . "</span> " . $espost['address1'] . " " . $espost['address2'] . "</li>\n";
                     $echoit .= "<li class=\"city\"><span class=\"items\">" . __('City or town:', 'eshop') . "</span> " . $espost['city'] . "</li>\n";
                     $qcode = $wpdb->escape($espost['state']);
                     $qstate = $wpdb->get_var("SELECT stateName FROM {$stable} WHERE id='{$qcode}' limit 1");
                     if ($espost['altstate'] != '') {
                         $echoit .= "<li class=\"state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $espost['altstate'] . "</li>\n";
                     } elseif ($qstate != '') {
                         $echoit .= "<li class=\"state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $qstate . "</li>\n";
                     }
                     $echoit .= "<li class=\"zip\"><span class=\"items\">" . __('Zip/Post code:', 'eshop') . "</span> " . $espost['zip'] . "</li>\n";
                     $qccode = $wpdb->escape($espost['country']);
                     $qcountry = $wpdb->get_var("SELECT country FROM {$ctable} WHERE code='{$qccode}' limit 1");
                     $echoit .= "<li class=\"country\"><span class=\"items\">" . __('Country:', 'eshop') . "</span> " . $qcountry . "</li>\n";
                 }
                 $echoit .= "</ul>\n";
                 //
                 $temp = apply_filters('eshopconfcheckout', $espost);
                 if (!is_array($temp)) {
                     $echoit .= $temp;
                 }
                 //
                 if (!isset($espost['reference'])) {
                     $espost['reference'] = '';
                 }
                 if (!isset($espost['comments'])) {
                     $espost['comments'] = '';
                 }
                 if (trim($espost['reference']) != '' && trim($espost['comments']) == '') {
                     $echoit .= "<div class=\"eshop fld3\"><h4>" . __('Additional information', 'eshop') . "</h4>\n<ul class=\"eshop confirmref\">\n";
                     $echoit .= '<li><span class="items">' . __('Reference or <abbr title="Purchase Order number">PO</abbr>', 'eshop') . '</span> ' . $espost['reference'] . '</li>' . "\n";
                     $echoit .= '</ul></div>' . "\n";
                 }
                 if (trim($espost['reference']) == '' && trim($espost['comments']) != '') {
                     $echoit .= "<div class=\"eshop fld3\"><h4>" . __('Additional information', 'eshop') . "</h4>\n<ul class=\"eshop confirmref\">\n";
                     $echoit .= '<li><span class="items">' . __('Comments or instructions:', 'eshop') . '</span> ' . $espost['comments'] . '</li>' . "\n";
                     $echoit .= '</ul></div>' . "\n";
                 }
                 if (trim($espost['reference']) != '' && trim($espost['comments']) != '') {
                     $echoit .= "<div class=\"eshop fld3\"><h4>" . __('Additional information', 'eshop') . "</h4>\n<ul class=\"eshop confirmref\">\n";
                     $echoit .= '<li><span class="items">' . __('Reference or PO:', 'eshop') . '</span> ' . $espost['reference'] . '</li>' . "\n";
                     $echoit .= '<li><span class="items">' . __('Comments or instructions:', 'eshop') . '</span> ' . $espost['comments'] . '</li>' . "\n";
                     $echoit .= '</ul></div>' . "\n";
                 }
                 if ('no' == $eshopoptions['downloads_only']) {
                     if ('yes' != $eshopoptions['hide_shipping']) {
                         if ($espost['ship_name'] != '' || $espost['ship_address'] != '' || $espost['ship_city'] != '' || $espost['ship_postcode'] != '') {
                             $echoit .= "<div class=\"eshop fld4\"><h4>" . __('Shipping Address', 'eshop') . "</h4>\n<ul class=\"eshop confirmship\">\n";
                             $echoit .= "<li><span class=\"items\">" . __('Full name:', 'eshop') . "</span> " . $espost['ship_name'] . "</li>\n";
                             $echoit .= "<li class=\"ship_company\"><span class=\"items\">" . __('Company:', 'eshop') . "</span> " . $espost['ship_company'] . "</li>\n";
                             $echoit .= "<li><span class=\"items\">" . __('Phone:', 'eshop') . "</span> " . $espost['ship_phone'] . "</li>\n";
                             $echoit .= "<li><span class=\"items\">" . __('Address:', 'eshop') . "</span> " . $espost['ship_address'] . "</li>\n";
                             $echoit .= "<li><span class=\"items\">" . __('City or town:', 'eshop') . "</span> " . $espost['ship_city'] . "</li>\n";
                             $qcode = $wpdb->escape($espost['ship_state']);
                             $qstate = $wpdb->get_var("SELECT stateName FROM {$stable} WHERE id='{$qcode}' limit 1");
                             if ($espost['ship_altstate'] != '') {
                                 $echoit .= "<li class=\"ship_state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $espost['ship_altstate'] . "</li>\n";
                             } elseif ($qstate != '') {
                                 $echoit .= "<li class=\"ship_state\"><span class=\"items\">" . __('State/County/Province:', 'eshop') . "</span> " . $qstate . "</li>\n";
                             }
                             $echoit .= "<li><span class=\"items\">" . __('Zip/Post code:', 'eshop') . "</span> " . $espost['ship_postcode'] . "</li>\n";
                             $qccode = $wpdb->escape($espost['ship_country']);
                             $qcountry = $wpdb->get_var("SELECT country FROM {$ctable} WHERE code='{$qccode}' limit 1");
                             $echoit .= "<li class=\"shipcountry\"><span class=\"items\">" . __('Country:', 'eshop') . "</span> " . $qcountry . "</li>\n";
                             $echoit .= "</ul></div>\n";
                         }
                     }
                 }
                 $echoit .= "\n";
                 $echoit .= "</div>\n";
             }
             //add to a session to store address:
             $_SESSION['addy' . $blog_id]['first_name'] = $espost['first_name'];
             $_SESSION['addy' . $blog_id]['last_name'] = $espost['last_name'];
             $_SESSION['addy' . $blog_id]['email'] = $espost['email'];
             if (isset($espost['company'])) {
                 $_SESSION['addy' . $blog_id]['company'] = $espost['company'];
             } else {
                 $_SESSION['addy' . $blog_id]['company'] = '';
             }
             if (isset($espost['phone'])) {
                 $_SESSION['addy' . $blog_id]['phone'] = $espost['phone'];
             } else {
                 $_SESSION['addy' . $blog_id]['phone'] = '';
             }
             if (isset($espost['reference'])) {
                 $_SESSION['addy' . $blog_id]['reference'] = $espost['reference'];
             } else {
                 $_SESSION['addy' . $blog_id]['reference'] = '';
             }
             if (isset($espost['address1'])) {
                 $_SESSION['addy' . $blog_id]['address1'] = $espost['address1'];
             } else {
                 $_SESSION['addy' . $blog_id]['address1'] = '';
             }
             if (isset($espost['address2'])) {
                 $_SESSION['addy' . $blog_id]['address2'] = $espost['address2'];
             } else {
                 $_SESSION['addy' . $blog_id]['address2'] = '';
             }
             if (isset($espost['city'])) {
                 $_SESSION['addy' . $blog_id]['city'] = $espost['city'];
             }
             if (isset($espost['country'])) {
                 $_SESSION['addy' . $blog_id]['country'] = $espost['country'];
             } else {
                 $_SESSION['addy' . $blog_id]['country'] = '';
             }
             if (isset($espost['state'])) {
                 $_SESSION['addy' . $blog_id]['state'] = $espost['state'];
             } else {
                 $_SESSION['addy' . $blog_id]['state'] = '';
             }
             if (isset($espost['altstate']) && $espost['altstate'] != '') {
                 $_SESSION['addy' . $blog_id]['state'] = $espost['altstate'];
             }
             if (isset($espost['zip'])) {
                 $_SESSION['addy' . $blog_id]['zip'] = $espost['zip'];
             } else {
                 $_SESSION['addy' . $blog_id]['zip'] = '';
             }
             if (isset($espost['ship_name'])) {
                 $_SESSION['addy' . $blog_id]['ship_name'] = $espost['ship_name'];
                 $_SESSION['addy' . $blog_id]['ship_company'] = $espost['ship_company'];
                 $_SESSION['addy' . $blog_id]['ship_phone'] = $espost['ship_phone'];
                 $_SESSION['addy' . $blog_id]['ship_address'] = $espost['ship_address'];
                 $_SESSION['addy' . $blog_id]['ship_city'] = $espost['ship_city'];
                 $_SESSION['addy' . $blog_id]['ship_country'] = $espost['ship_country'];
                 $_SESSION['addy' . $blog_id]['ship_state'] = $espost['ship_state'];
                 if (isset($espost['ship_altstate']) && $espost['ship_altstate'] != '') {
                     $_SESSION['addy' . $blog_id]['ship_state'] = $espost['ship_altstate'];
                 }
                 $_SESSION['addy' . $blog_id]['ship_postcode'] = $espost['ship_postcode'];
             }
             if (isset($espost['comments'])) {
                 $_SESSION['addy' . $blog_id]['comments'] = $espost['comments'];
             } else {
                 $_SESSION['addy' . $blog_id]['comments'] = '';
             }
             if (!isset($_SESSION['shipping' . $blog_id])) {
                 $_SESSION['shipping' . $blog_id]['cost'] = $shipping;
             }
             //grab all the POST variables and store in cookie
             $array = $espost;
             //but first make a few extra equal nothing
             //add others in here if needed
             $array['comments'] = $array['reference'] = '';
             $eshopsetcookie = apply_filters('eshop_use_cookie', true);
             if ($eshopsetcookie == true) {
                 $biscuits = eshop_build_cookie($array);
                 setcookie("eshopcart", $biscuits, time() + 60 * 60 * 24 * 365);
             }
             $eshopmgincpath = apply_filters('eshop_mg_inc_path', WP_PLUGIN_DIR . '/eshop/' . $paymentmethod . '.php', $paymentmethod);
             include_once $eshopmgincpath;
             $contineproceed = '3';
         }
     } else {
         //for first time form usage.
         if (isset($_SESSION['addy' . $blog_id])) {
             $first_name = $_SESSION['addy' . $blog_id]['first_name'];
             $last_name = $_SESSION['addy' . $blog_id]['last_name'];
             $company = $_SESSION['addy' . $blog_id]['company'];
             $phone = $_SESSION['addy' . $blog_id]['phone'];
             $reference = $_SESSION['addy' . $blog_id]['reference'];
             $email = $_SESSION['addy' . $blog_id]['email'];
             $address1 = $_SESSION['addy' . $blog_id]['address1'];
             $address2 = $_SESSION['addy' . $blog_id]['address2'];
             $city = '';
             if (isset($_SESSION['addy' . $blog_id]['city'])) {
                 $city = $_SESSION['addy' . $blog_id]['city'];
             }
             $country = $_SESSION['addy' . $blog_id]['country'];
             $state = $_SESSION['addy' . $blog_id]['state'];
             if (!is_numeric($state)) {
                 $li = $wpdb->escape($state);
                 $table = $wpdb->prefix . 'eshop_states';
                 $stateList = $wpdb->get_var("SELECT id FROM {$table} WHERE code='{$li}' limit 1");
                 $state = $stateList;
             }
             if (isset($_SESSION['addy' . $blog_id]['altstate'])) {
                 $altstate = $_SESSION['addy' . $blog_id]['altstate'];
             } else {
                 $altstate = '';
             }
             $zip = $_SESSION['addy' . $blog_id]['zip'];
             /* defaults */
             $ship_name = $ship_company = '';
             $ship_phone = $ship_address = $ship_city = $ship_postcode = '';
             $ship_country = $ship_state = $ship_altstate = $comments = '';
             if (isset($_SESSION['addy' . $blog_id]['ship_name'])) {
                 $ship_name = $_SESSION['addy' . $blog_id]['ship_name'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_company'])) {
                 $ship_company = $_SESSION['addy' . $blog_id]['ship_company'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_phone'])) {
                 $ship_phone = $_SESSION['addy' . $blog_id]['ship_phone'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_address'])) {
                 $ship_address = $_SESSION['addy' . $blog_id]['ship_address'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_city'])) {
                 $ship_city = $_SESSION['addy' . $blog_id]['ship_city'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_country'])) {
                 $ship_country = $_SESSION['addy' . $blog_id]['ship_country'];
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_state'])) {
                 $ship_state = $_SESSION['addy' . $blog_id]['ship_state'];
                 if (!is_numeric($ship_state)) {
                     $li = $wpdb->escape($ship_state);
                     $table = $wpdb->prefix . 'eshop_states';
                     $stateSList = $wpdb->get_var("SELECT id FROM {$table} WHERE code='{$li}' limit 1");
                     $ship_state = $stateSList;
                 }
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_altstate'])) {
                 $ship_altstate = $_SESSION['addy' . $blog_id]['ship_altstate'];
             } else {
                 $ship_altstate = '';
             }
             if (isset($_SESSION['addy' . $blog_id]['ship_postcode'])) {
                 $ship_postcode = $_SESSION['addy' . $blog_id]['ship_postcode'];
             }
             if (isset($_SESSION['addy' . $blog_id]['comments'])) {
                 $comments = $_SESSION['addy' . $blog_id]['comments'];
             }
         } else {
             $first_name = $last_name = $company = $phone = $reference = '';
             $email = $address1 = $address2 = $city = $country = '';
             $state = $altstate = $zip = $ship_name = $ship_company = '';
             $ship_phone = $ship_address = $ship_city = $ship_postcode = '';
             $ship_country = $ship_state = $ship_altstate = $comments = '';
             $eshopsetcookie = apply_filters('eshop_use_cookie', true);
             if (isset($_COOKIE["eshopcart"]) && calculate_items() != 0 && $eshopsetcookie == true) {
                 $crumbs = eshop_break_cookie($_COOKIE["eshopcart"]);
                 foreach ($crumbs as $k => $v) {
                     ${$k} = $v;
                 }
             }
             if (is_user_logged_in() && isset($eshopoptions['users']) && 'yes' == $eshopoptions['users']) {
                 global $current_user;
                 get_currentuserinfo();
                 $crumbs = stripslashes_deep(get_the_author_meta('eshop', $current_user->ID));
                 if (is_array($crumbs)) {
                     foreach ($crumbs as $k => $v) {
                         ${$k} = esc_attr($v);
                     }
                     $first_name = esc_attr($current_user->user_firstname);
                     $last_name = esc_attr($current_user->user_lastname);
                     $email = esc_attr($current_user->user_email);
                 }
             }
         }
     }
     if ($chkerror != 0 || !isset($espost['submit']) && $numberofproducts >= 1) {
         // only show form if not filled in.
         $echoit .= eshopShowform($first_name, $last_name, $company, $phone, $email, $address1, $address2, $city, $state, $altstate, $zip, $country, $reference, $comments, $ship_name, $ship_company, $ship_phone, $ship_address, $ship_city, $ship_postcode, $ship_state, $ship_altstate, $ship_country);
     }
     if (isset($_SESSION['eshopcart' . $blog_id])) {
         switch ($contineproceed) {
             case '1':
                 $echoit .= '<ul class="continue-proceed eshopcp1"><li class="editcart"><a href="' . get_permalink($eshopoptions['cart']) . '">' . __('&laquo; Edit Cart or Continue Shopping', 'eshop') . '</a></li></ul>';
                 break;
             case '2':
                 $echoit .= '<ul class="continue-proceed redirect eshopcp2"><li class="editcheckout"><a href="' . get_permalink($eshopoptions['checkout']) . '">' . __('&laquo; Edit Details or Continue Shopping', 'eshop') . '</a></li></ul>';
                 break;
             case '3':
                 $echoit .= '<ul class="continue-proceed redirect eshopcp3"><li class="editcheckout"><a href="' . get_permalink($eshopoptions['checkout']) . '">' . __('&laquo; Edit Details or Continue Shopping', 'eshop') . '</a></li></ul>';
                 break;
         }
     } else {
         $echoit .= "<p><strong class=\"eshoperror error\">" . __('Your shopping cart is currently empty.', 'eshop') . "</strong></p>";
     }
     return $echoit;
 }
Exemplo n.º 2
0
 $p->add_field('notify_url', $ilink);
 $p->add_field('shipping_1', eshopShipTaxAmt());
 $sttable = $wpdb->prefix . 'eshop_states';
 $getstate = $eshopoptions['shipping_state'];
 if ($eshopoptions['show_allstates'] != '1') {
     $stateList = $wpdb->get_results("SELECT id,code,stateName FROM {$sttable} WHERE list='{$getstate}' ORDER BY stateName", ARRAY_A);
 } else {
     $stateList = $wpdb->get_results("SELECT id,code,stateName,list FROM {$sttable} ORDER BY list,stateName", ARRAY_A);
 }
 foreach ($stateList as $code => $value) {
     $eshopstatelist[$value['id']] = $value['code'];
 }
 foreach ($_POST as $name => $value) {
     //have to do a discount code check here - otherwise things just don't work - but fine for free shipping codes
     if (strstr($name, 'amount_')) {
         if (isset($_SESSION['eshop_discount' . $blog_id]) && eshop_discount_codes_check()) {
             $chkcode = valid_eshop_discount_code($_SESSION['eshop_discount' . $blog_id]);
             if ($chkcode && apply_eshop_discount_code('discount') > 0) {
                 $discount = apply_eshop_discount_code('discount') / 100;
                 $value = number_format(round($value - $value * $discount, 2), 2);
                 $vset = 'yes';
             }
         }
         if (is_discountable(calculate_total()) != 0 && !isset($vset)) {
             $discount = is_discountable(calculate_total()) / 100;
             $value = number_format(round($value - $value * $discount, 2), 2);
         }
     }
     if (sizeof($stateList) > 0 && ($name == 'state' || $name == 'ship_state')) {
         if ($value != '') {
             $value = $eshopstatelist[$value];
 function orderhandle($_POST, $checkid)
 {
     //This function puts the order into the db.
     global $wpdb, $blog_id, $eshopoptions;
     if (!is_user_logged_in() && isset($eshopoptions['users']) && $eshopoptions['users'] == 'yes' && isset($_SESSION['eshop_user' . $blog_id])) {
         //set up blank user if in case anything goes phooey
         $user_id = 0;
         if (get_bloginfo('version') < '3.1') {
             require_once ABSPATH . WPINC . '/registration.php';
         }
         //auto create a new user if they don't exist - only works if not logged in ;)
         $user_email = $_POST['email'];
         $utable = $wpdb->prefix . "users";
         $filtnames = apply_filters('eshop_add_username', $_POST['first_name'], $_POST['last_name']);
         $names = str_replace(" ", "", $filtnames);
         $username = strtolower($names);
         $eshopch = $wpdb->get_results("SHOW TABLE STATUS LIKE '{$utable}'");
         //a unique'ish number
         $altusername = strtolower($names . $eshopch[0]->Auto_increment);
         if (!email_exists($user_email)) {
             if (username_exists($username)) {
                 $username = $altusername;
             }
             if (!username_exists($username)) {
                 $random_password = wp_generate_password(12, false);
                 $user_id = wp_create_user($username, $random_password, $user_email);
                 $eshopuser['company'] = $_POST['company'];
                 $eshopuser['phone'] = $_POST['phone'];
                 $eshopuser['address1'] = $_POST['address1'];
                 $eshopuser['address2'] = $_POST['address2'];
                 $eshopuser['city'] = $_POST['city'];
                 $eshopuser['country'] = $_POST['country'];
                 $eshopuser['state'] = $_POST['state'];
                 $eshopuser['zip'] = $_POST['zip'];
                 if (isset($_POST['altstate']) && $_POST['altstate'] != '') {
                     $eshopuser['altstate'] = $_POST['altstate'];
                 }
                 if (!is_numeric($_POST['state'])) {
                     $statechk = $wpdb->escape($_POST['state']);
                     $sttable = $wpdb->prefix . 'eshop_states';
                     $eshopuser['state'] = $wpdb->get_var("SELECT id FROM {$sttable} where code='{$statechk}' limit 1");
                 } else {
                     $eshopuser['state'] = $_POST['state'];
                 }
                 update_user_meta($user_id, 'eshop', $eshopuser);
                 update_user_meta($user_id, 'first_name', $_POST['first_name']);
                 update_user_meta($user_id, 'last_name', $_POST['last_name']);
                 update_user_option($user_id, 'default_password_nag', true, true);
                 //Set up the Password change nag.
                 wp_new_user_notification($user_id, $random_password);
             }
         }
     } else {
         global $current_user;
         get_currentuserinfo();
         $user_id = $current_user->ID;
     }
     if (!isset($eshopoptions['users'])) {
         $user_id = '0';
     }
     //$wpdb->show_errors();
     if (get_magic_quotes_gpc()) {
         $_POST = stripslashes_array($_POST);
     }
     $custom_field = $wpdb->escape($_POST['custom']);
     $first_name = $wpdb->escape($_POST['first_name']);
     $last_name = $wpdb->escape($_POST['last_name']);
     $email = $wpdb->escape($_POST['email']);
     //set up some defaults
     $phone = $company = $address1 = $address2 = $city = $zip = $state = $country = $paidvia = '';
     if (isset($_POST['phone'])) {
         $phone = $wpdb->escape($_POST['phone']);
     }
     if (isset($_POST['company'])) {
         $company = $wpdb->escape($_POST['company']);
     }
     if (isset($_POST['address1'])) {
         $address1 = $wpdb->escape($_POST['address1']);
     }
     if (isset($_POST['address2'])) {
         $address2 = $wpdb->escape($_POST['address2']);
     }
     if (isset($_POST['city'])) {
         $city = $wpdb->escape($_POST['city']);
     }
     if (isset($_POST['zip'])) {
         $zip = $wpdb->escape($_POST['zip']);
     }
     if (isset($_POST['state'])) {
         $state = $wpdb->escape($_POST['state']);
     }
     if (isset($_POST['country'])) {
         $country = $wpdb->escape($_POST['country']);
     }
     $paidvia = $wpdb->escape($_SESSION['eshop_payment' . $blog_id]);
     if (strtolower($paidvia) == __('cash', 'eshop')) {
         $eshopcash = $eshopoptions['cash'];
         if ($eshopcash['rename'] != '') {
             $paidvia = $eshopcash['rename'];
         }
     }
     if (strtolower($paidvia) == __('bank', 'eshop')) {
         $eshopbank = $eshopoptions['bank'];
         if ($eshopbank['rename'] != '') {
             $paidvia = $eshopbank['rename'];
         }
     }
     if (isset($_POST['state']) && $_POST['state'] == '' && isset($_POST['altstate']) && $_POST['altstate'] != '') {
         $state = $wpdb->escape($_POST['altstate']);
     }
     if (isset($_POST['ship_name'])) {
         $ship_name = $wpdb->escape($_POST['ship_name']);
     } else {
         $ship_name = $first_name . ' ' . $last_name;
     }
     if (isset($_POST['ship_phone'])) {
         $ship_phone = $wpdb->escape($_POST['ship_phone']);
     } else {
         $ship_phone = $phone;
     }
     if (isset($_POST['ship_company'])) {
         $ship_company = $wpdb->escape($_POST['ship_company']);
     } else {
         $ship_company = $company;
     }
     if (isset($_POST['ship_address'])) {
         $ship_address = $wpdb->escape($_POST['ship_address']);
     } else {
         $ship_address = $address1 . ' ' . $address2;
     }
     if (isset($_POST['ship_city'])) {
         $ship_city = $wpdb->escape($_POST['ship_city']);
     } else {
         $ship_city = $city;
     }
     if (isset($_POST['ship_postcode'])) {
         $ship_postcode = $wpdb->escape($_POST['ship_postcode']);
     } else {
         $ship_postcode = $zip;
     }
     if (isset($_POST['ship_country'])) {
         $ship_country = $wpdb->escape($_POST['ship_country']);
     } else {
         $ship_country = $country;
     }
     if (isset($_POST['ship_state'])) {
         $ship_state = $wpdb->escape($_POST['ship_state']);
     } else {
         $ship_state = $state;
     }
     if (empty($_POST['ship_state']) && !empty($_POST['ship_altstate'])) {
         $ship_state = $wpdb->escape($_POST['ship_altstate']);
     }
     if (isset($_POST['reference'])) {
         $reference = $wpdb->escape($_POST['reference']);
     } else {
         $reference = '';
     }
     if (isset($_POST['comments'])) {
         $comments = $wpdb->escape($_POST['comments']);
     } else {
         $comments = '';
     }
     if (isset($_POST['affiliate'])) {
         $affiliate = $wpdb->escape($_POST['affiliate']);
     } else {
         $affiliate = '';
     }
     $detailstable = $wpdb->prefix . 'eshop_orders';
     $itemstable = $wpdb->prefix . 'eshop_order_items';
     $processing = __('Processing&#8230;', 'eshop');
     //readjust state if needed
     $sttable = $wpdb->prefix . 'eshop_states';
     $getstate = $eshopoptions['shipping_state'];
     if ($eshopoptions['show_allstates'] != '1') {
         $stateList = $wpdb->get_results("SELECT id,code,stateName FROM {$sttable} WHERE list='{$getstate}' ORDER BY stateName", ARRAY_A);
     } else {
         $stateList = $wpdb->get_results("SELECT id,code,stateName,list FROM {$sttable} ORDER BY list,stateName", ARRAY_A);
     }
     foreach ($stateList as $code => $value) {
         $eshopstatelist[$value['code']] = $value['id'];
     }
     if (isset($eshopstatelist[$state])) {
         $state = $eshopstatelist[$state];
     }
     if (isset($eshopstatelist[$ship_state])) {
         $ship_state = $eshopstatelist[$ship_state];
     }
     //if (!is_user_logged_in()) {
     $eshopching = $wpdb->get_var("SELECT checkid from {$detailstable} where checkid='{$checkid}' limit 1");
     if ($eshopching != $checkid) {
         $query1 = $wpdb->query("INSERT INTO {$detailstable}\n\t\t\t\t(checkid, first_name, last_name,company,email,phone, address1, address2, city,\n\t\t\t\tstate, zip, country, reference, ship_name,ship_company,ship_phone, \n\t\t\t\tship_address, ship_city, ship_postcode,\tship_state, ship_country, \n\t\t\t\tcustom_field,transid,edited,comments,thememo,paidvia,affiliate,user_id,admin_note,user_notes)VALUES(\n\t\t\t\t'{$checkid}',\n\t\t\t\t'{$first_name}',\n\t\t\t\t'{$last_name}',\n\t\t\t\t'{$company}',\n\t\t\t\t'{$email}',\n\t\t\t\t'{$phone}',\n\t\t\t\t'{$address1}',\n\t\t\t\t'{$address2}',\n\t\t\t\t'{$city}',\n\t\t\t\t'{$state}',\n\t\t\t\t'{$zip}',\n\t\t\t\t'{$country}',\n\t\t\t\t'{$reference}',\n\t\t\t\t'{$ship_name}',\n\t\t\t\t'{$ship_company}',\n\t\t\t\t'{$ship_phone}',\n\t\t\t\t'{$ship_address}',\n\t\t\t\t'{$ship_city}',\n\t\t\t\t'{$ship_postcode}',\n\t\t\t\t'{$ship_state}',\n\t\t\t\t'{$ship_country}',\n\t\t\t\t'{$custom_field}',\n\t\t\t\t'{$processing}',\n\t\t\t\tNOW(),\n\t\t\t\t'{$comments}',\n\t\t\t\t'',\n\t\t\t\t'{$paidvia}',\n\t\t\t\t'{$affiliate}',\n\t\t\t\t'{$user_id}',\n\t\t\t\t'',''\n\t\t\t\t\t);");
         $i = 1;
         //this is here to generate just one code per order
         $code = eshop_random_code();
         while ($i <= $_POST['numberofproducts']) {
             //test
             $addoprice = 0;
             $chk_id = 'item_number_' . $i;
             $chk_qty = 'quantity_' . $i;
             $chk_amt = 'amount_' . $i;
             //$chk_opt=$itemoption.$i;
             $chk_opt = 'item_name_' . $i;
             $chk_postid = 'postid_' . $i;
             $chk_weight = 'weight_' . $i;
             //tax
             $tax_amt = $tax_rate = '';
             if (isset($eshopoptions['tax']) && $eshopoptions['tax'] == '1') {
                 $chk_tax = 'tax_' . $i;
                 $chk_tax_rate = 'tax_rate_' . $i;
                 if (isset($_POST[$chk_tax])) {
                     $tax_amt = $wpdb->escape($_POST[$chk_tax]);
                     $tax_rate = $wpdb->escape($_POST[$chk_tax_rate]);
                 }
             }
             $item_id = $wpdb->escape($_POST[$chk_id]);
             $item_qty = $wpdb->escape($_POST[$chk_qty]);
             $item_amt = $wpdb->escape(str_replace(',', "", $_POST[$chk_amt]));
             $optname = $wpdb->escape($_POST[$chk_opt]);
             $post_id = $wpdb->escape($_POST[$chk_postid]);
             $weight = $wpdb->escape($_POST[$chk_weight]);
             $dlchking = $_POST['eshopident_' . $i];
             //add opt sets
             if (isset($_SESSION['eshopcart' . $blog_id][$dlchking]['optset'])) {
                 $data['optset'] = $_SESSION['eshopcart' . $blog_id][$dlchking]['optset'];
                 $data['addoprice'] = $addoprice;
                 $data = eshop_parse_optsets($data);
                 $optset = $data['optset'];
                 $addoprice = $data['addoprice'];
             } else {
                 $optset = '';
             }
             $optset = $wpdb->escape($optset);
             //end
             $thechk = $_SESSION['eshopcart' . $blog_id][$dlchking]['option'];
             $option_id = $wpdb->escape($thechk);
             if (strpos($thechk, ' ') === true) {
                 $edown = explode(' ', $thechk);
                 $edl = $edown[1];
             } else {
                 $edl = $thechk;
             }
             $eshop_product = maybe_unserialize(get_post_meta($post_id, '_eshop_product', true));
             $dlchk = '';
             if (isset($eshop_product['products'][$edl]['download'])) {
                 $dlchk = $eshop_product['products'][$edl]['download'];
             }
             if ($dlchk != '') {
                 //there are downloads.
                 $queryitem = $wpdb->query("INSERT INTO {$itemstable}\n\t\t\t\t\t(checkid, item_id,item_qty,item_amt,tax_rate,tax_amt,optname,post_id,option_id,down_id,optsets,weight)values(\n\t\t\t\t\t'{$checkid}','{$item_id}','{$item_qty}','{$item_amt}', '{$tax_rate}', '{$tax_amt}', \n\t\t\t\t\t'{$optname}','{$post_id}','{$option_id}',\n\t\t\t\t\t'{$dlchk}','{$optset}','{$weight}');");
                 $wpdb->query("UPDATE {$detailstable} set downloads='yes' where checkid='{$checkid}'");
                 //add to download orders table
                 $dloadtable = $wpdb->prefix . 'eshop_download_orders';
                 //$email,$checkid already set
                 $producttable = $wpdb->prefix . 'eshop_downloads';
                 $grabit = $wpdb->get_row("SELECT id,title, files FROM {$producttable} where id='{$dlchk}'");
                 $downloads = $eshopoptions['downloads_num'];
                 $wpdb->query("INSERT INTO {$dloadtable}\n\t\t\t\t\t(checkid, title,purchased,files,downloads,code,email)values(\n\t\t\t\t\t'{$checkid}',\n\t\t\t\t\t'{$grabit->title}',\n\t\t\t\t\tNOW(),\n\t\t\t\t\t'{$grabit->files}',\n\t\t\t\t\t'{$downloads}',\n\t\t\t\t\t'{$code}',\n\t\t\t\t\t'{$email}');");
             } else {
                 $queryitem = $wpdb->query("INSERT INTO {$itemstable}\n\t\t\t\t\t(checkid, item_id,item_qty,item_amt,tax_rate,tax_amt,optname,post_id,option_id,optsets,weight)values(\n\t\t\t\t\t'{$checkid}','{$item_id}','{$item_qty}','{$item_amt}','{$tax_rate}', '{$tax_amt}', \n\t\t\t\t\t'{$optname}','{$post_id}','{$option_id}','{$optset}','{$weight}');");
             }
             $i++;
         }
         $postage = $wpdb->escape(str_replace(',', "", $_POST['shipping_1']));
         $shiptaxamt = $shiptaxrate = '';
         if (isset($eshopoptions['tax']) && $eshopoptions['tax'] == '1') {
             if (isset($_SESSION['shipping' . $blog_id]['cost'])) {
                 $postage = $wpdb->escape(str_replace(',', "", $_SESSION['shipping' . $blog_id]['cost']));
             }
             if (isset($_SESSION['shipping' . $blog_id]['tax'])) {
                 $shiptaxamt = $wpdb->escape(str_replace(',', "", $_SESSION['shipping' . $blog_id]['tax']));
             }
             if (isset($_SESSION['shipping' . $blog_id]['taxrate'])) {
                 $shiptaxrate = $wpdb->escape(str_replace(',', "", $_SESSION['shipping' . $blog_id]['taxrate']));
             }
         }
         $postage_name = '';
         if (isset($_SESSION['eshopshiptype' . $blog_id]) && !eshop_only_downloads() && $_SESSION['eshopshiptype' . $blog_id] != '0') {
             $st = $_SESSION['eshopshiptype' . $blog_id] - 1;
             $typearr = explode("\n", $eshopoptions['ship_types']);
             $postage_name = stripslashes(esc_attr($typearr[$st])) . ' ';
         }
         $postage_name .= __('Shipping', 'eshop');
         $querypostage = $wpdb->query("INSERT INTO  {$itemstable} \n\t\t\t\t\t(checkid, item_id,item_qty,item_amt,tax_rate,tax_amt,optsets)values(\n\t\t\t\t\t'{$checkid}',\n\t\t\t\t\t'{$postage_name}',\n\t\t\t\t\t'1',\n\t\t\t\t\t'{$postage}',\n\t\t\t\t\t'{$shiptaxrate}',\n\t\t\t\t\t'{$shiptaxamt}',\n\t\t\t\t\t'');");
         //update the discount codes used, and remove from remaining
         $disctable = $wpdb->prefix . 'eshop_discount_codes';
         if (eshop_discount_codes_check()) {
             if (isset($_SESSION['eshop_discount' . $blog_id]) && valid_eshop_discount_code($_SESSION['eshop_discount' . $blog_id])) {
                 $discvalid = $wpdb->escape($_SESSION['eshop_discount' . $blog_id]);
                 do_action('eshop_discount_code_used', $checkid, $discvalid);
                 $wpdb->query("UPDATE {$disctable} SET used=used+1 where disccode='{$discvalid}' limit 1");
                 $remaining = $wpdb->get_var("SELECT remain FROM {$disctable} where disccode='{$discvalid}' && dtype!='2' && dtype!='5' limit 1");
                 //reduce remaining
                 if (is_numeric($remaining) && $remaining != '') {
                     $wpdb->query("UPDATE {$disctable} SET remain=remain-1 where disccode='{$discvalid}' limit 1");
                 }
             }
         }
         do_action('eshoporderhandle', $_POST, $checkid);
         if ($eshopoptions['status'] != 'live') {
             echo "<p class=\"testing\"><strong>" . __('Test Mode &#8212; No money will be collected. This page will not auto redirect in test mode.', 'eshop') . "</strong></p>\n";
         }
     }
 }