Exemplo n.º 1
function funcDeleteItem($itemcode, $emailaddress)
    //connect to server
    $link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
    //change to correct database
    mysql_select_db("sfvault_store") or die("Could not select database");
    //$qty = "1";
    //$itemcode = funcSanitize($_POST['removeitem']);
    $strBool = 0;
    $counter = 0;
    $strUpdateStockQuery = "DELETE FROM tbl_PreOrder where stockID = '" . $itemcode . "' and emailaddress = '" . $emailaddress . "'";
    mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
    funcLogToDebug("RemovePreOrder.php: PreOrder for " . $itemcode . " by " . $emailaddress . "was removed.");
    //header('location: ' . $_SERVER['PHP_SELF']);
    //header('location: ' . $_POST['page']);
    //echo $_POST['page'];
    echo "<meta http-equiv='refresh' content='0;url=" . $_POST['page'] . "'>";
Exemplo n.º 2
//start new session
if (!isset($_SESSION['cart'])) {
    $_SESSION['cart'] = array();
if ($_GET["key"] != "") {
    $strBin = hex2bin($_GET["key"]);
    $strDecrypted = funcDecrypt($strBin);
    $strUserID = substr($strDecrypted, 0, strpos($strDecrypted, "&"));
    $strNow = date('Y-m-j H:i:s');
    $value = funcEncrypt($strUserID . "&" . $strNow);
    //$str = strpos(strDecrypted,"&");
    funcLogToDebug("ChooseDelivery3.php: " . $strBin);
    funcLogToDebug("ChooseDelivery3.php: " . $strDecrypted);
    funcLogToDebug("ChooseDelivery3.php: " . $strUserID);
if ($_GET["strUserID"] != $strUserID) {
    setcookie("AUTH", "", time() - 600, "/", "shop.scifivault.com", 0);
    /* expire in 10 mins ago */
    echo "denied. Give it 3 seconds";
    echo "<meta http-equiv='refresh' content='3;url=/UserLogon.php'>";
} else {
    //echo "<!--\n<b>We have an Auth cookie</b>";
    //echo "\n<br>Cookie(auth): " . $_COOKIE["AUTH"];
    //now can we decrypt the cookie....
    //echo "\n<br>Binary: " . hex2bin($_COOKIE["AUTH"]);
    setcookie("AUTH", $value, $strExpiry, "/", "shop.scifivault.com", 0);
    /* expire in 10 mins */
    //echo $strUserID . "_" . $strExpiry ."<br>" ;
    //print_r ($_COOKIE["AUTH"]);
Exemplo n.º 3
include 'includes/SharedFunctionsStrict.php';
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
funcDebug("Connected to database");
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
$strNow = date('Y-m-j h:i:s');
$strStatus = funcSanitize($_POST["STATUS"]);
$strOrder = funcSanitize($_POST["orderno"]);
funcLogToDebug("updateOrder.php: Order (" . $strOrder . ") changed status to " . $strStatus);
$strUpdateQuery = "UPDATE tbl_Orders SET Status = '" . $strStatus . "' WHERE OrderNo = '" . $strOrder . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error());
//query to get all baskets
$strQuery = "SELECT * FROM tbl_Orders where OrderNo = '" . $strOrder . "'";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
    $strOrderNo = $line["OrderNo"];
    $strOrderSubmitted = $line["DateTme"];
    $strCookie = $line["Cookie"];
    $strItems = $line["Items"];
    $strShipping = $line["Shipping"];
    $strCost = $line["Cost"];
    $strAddress = $line["Address"];
    $strEmailAddress = $line["emailaddress"];
//connect to server
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
$strNow = date('Y-m-j G:i:s');
$strItem1 = funcSanitize($_POST["SPitem1"]);
$strItem2 = funcSanitize($_POST["SPitem2"]);
$strItem3 = funcSanitize($_POST["SPitem3"]);
$strItem4 = funcSanitize($_POST["SPitem4"]);
$strItem5 = funcSanitize($_POST["SPitem5"]);
$strItem6 = funcSanitize($_POST["SPitem6"]);
funcLogToDebug("submitSpecialItemsFP.php: " . $strItem1 . "," . $strItem2 . "," . $strItem3 . "," . $strItem4 . "," . $strItem5);
//first thing is first, remove all special items (subcategory) tags for the posted category
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '0' where DisplayonFrontPage = '1'";
//echo $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 1st item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem1 . "'";
//echo "<br>" . $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 2nd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem2 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 3rd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem3 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 4th item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem4 . "'";
Exemplo n.º 5
$gblnDebug = false;

include 'includes/SharedFunctionsStrict.php';
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
$strStockID = $_POST["stockID"];
$strQuery = "SELECT * FROM tblItem where stockID = '" . $strStockID . "'";
funcLogToDebug("submitAdd.php: Adding Item " . $strStockID);
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strResult);
//funcDebug (mysql_num_rows($strResult) . "<br>");
//if there are any rows in the table with the same ID, error
if ($conNumberofRows != 0) {
    echo "<b>ERROR! stockID " . $strStockID . "Already exists<br></b>\n";
} else {
    $strDescription = $_POST["Description"];
    $strSmallPicture = $_POST["smallPicture"];
    $strBigPicture = $_POST["bigPicture"];
    $strShortDescription = $_POST["shortDescription"];
    $strName = $_POST["Name"];
    $strCost = $_POST["Cost"];
    $strRRP = $_POST["RRP"];
Exemplo n.º 6
    $strShippingNote = "Postage + Insurance";
    $strShipping = $str1stClassCost + $strInsurance;
    //echo "*" . $strShipping;
//$strShipping = "0.00";
//squirt order into database
$strUpdateOrder = "UPDATE tbl_Orders SET items = '" . $strOrder2 . "', cost = '" . $strTotal . "', Shipping = '" . $strShipping . "' where DateTme = '" . $strNow . "' and emailAddress = '" . $strEmailAddress . "'";
$strUpdateResult = mysql_query($strUpdateOrder) or die("Query Failed:" . mysql_error());
//log it.
funcLogToDebug("submitPreOrder.php: New Order created - " . $strOrder2 . ", Shipping - " . $strShipping);
//delete entries from pre-order table.
foreach ($strOrder as $o) {
    $arrPreOrder = split("#", $o);
    $strDeletePreOrderQry = "DELETE FROM tbl_PreOrder where uid = '" . $arrPreOrder[3] . "'";
    $strDeletePreOrderResult = mysql_query($strDeletePreOrderQry) or die("Query Failed:" . mysql_error());
    funcLogToDebug("submitPreOrder.php: Deleted preOrder " . $arrPreOrder[3] . ", (" . $arrPreOrder[0] . "x" . $arrPreOrder[1] . ")");
redirect("default.php?Action=OutstandingOrders", 0, "");

// Redirects to another Page using HTTP-META Tag
function redirect($url, $delay = 0, $message = "")
    /* redirects to a new URL using meta tags */
    echo "<meta http-equiv='Refresh' content='" . $delay . "; url=" . $url . "'>";
    die("<div style='font-family: Arial, Sans-serif; font-size: 12pt;' align=center> " . $message . " </div>");
Exemplo n.º 7
         $strUpdatedBasketValue = $line2["Qty"] + $qty;
         $strAddToBasket = "UPDATE tblBasket SET qty = '" . $strUpdatedBasketValue . "' where item = '" . $itemcode . "' and PHPSessionID = '" . session_id() . "'";
         mysql_query($strAddToBasket) or die("Update Basket Query Failed:" . mysql_error());
         funcLogToDebug("addToBasket2.php: Item " . $itemcode . " update to basket (" . session_id() . ")");
     } elseif ($conNumberofRows == 0) {
         //need to insert a row into the table
         $strAddToBasket = "INSERT tblBasket Values ('" . session_id() . "', '" . $itemcode . "', '" . $qty . "')";
         mysql_query($strAddToBasket) or die("Add to Basket Query Failed:" . mysql_error());
         funcLogToDebug("addToBasket2.php: Item " . $itemcode . " added to basket (" . session_id() . ")");
     } else {
         //catchall for invalid entries in basket. stops
         //before making any changes in the main tblItems.
         echo "Invalid number of rows in your basket, please contact us";
         $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
         mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
         funcLogToDebug("addToBasket2.php: Problem updating Item " . $itemcode . " to basket (" . session_id() . ")");
     //update tblItems with new stock value
     $strUpdatedStockValue = $line["NoOfItems"] - $qty;
     //funcDebug ("Updated stock value: " . $strUpdatedStockValue);
     $strUpdateStockQuery = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedStockValue . "' WHERE stockID = '" . $itemcode . "'";
     mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
     $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
     mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error());
 } else {
     //oh dear, no stock left
     echo "Not enough stock I'm afraid for that item";
     $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
     mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
Exemplo n.º 8
$strStockResult = mysql_query($strStockQry) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strStockResult);
if ($conNumberofRows == "1") {
    //verify email is in our database
    $strEmailQry = "SELECT emailAddress from tbl_UserLogin where emailAddress = '" . $email . "'";
    $strEmailResult = mysql_query($strEmailQry) or die("Query Failed :" . mysql_error());
    $conNumberofRows2 = mysql_num_rows($strEmailResult);
    if ($conNumberofRows2 == "1") {
        //add entry to tbl_PreOrder
        $strInsertQry = "INSERT INTO tbl_PreOrder values ('" . $email . "', '" . $qty . "', '" . $comments . "', '" . $strNow . "','" . $itemcode . "','')";
        $strInsert = mysql_query($strInsertQry) or die("Query Failed :" . mysql_error());
        funcLogToDebug("UpdatePreOrder.php: Updated database");
    } else {
        funcLogToDebug("UpdatePreOrder.php: email address does not exist in db - shouldn\\'t happen");
} else {
    echo " Error! More than one piece of this stock in the right state!";
    funcLogToDebug("UpdatePreOrder.php: More than one piece of stock in the right state");
//header('location: ' . $_SERVER['PHP_SELF']);
//header('location: ' . $_POST['page']);
echo "<meta http-equiv='refresh' content='0;url=/thanks.htm'>";

<br><a href="index3.php">index3.php</a>
<br><a href="session.php">session.php</a>

Exemplo n.º 9
                $strItemResult = mysql_query($strItemQuery) or die("Query Failed :" . mysql_error());
                $strStockID = substr($item, 0, strpos($item, "("));
                while ($lineItem = mysql_fetch_array($strItemResult, MYSQL_ASSOC)) {
                    $strNamedItem = $lineItem["Name"];
                    $strPrice = substr($item, strpos($item, "(") + 1, strrpos($item, ")") - strpos($item, "(") - 1);
                    $strQty = substr($item, strpos($item, "x") + 1);
                    echo "<tr><td>" . $strQty . "</td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strStockID . "</a></td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strNamedItem . "</a></td><td align='right'>&pound;" . $strPrice . "</td><td align='right'>&pound;" . $strPrice * $strQty . "</td></tr><br />";
            echo "<tr><td></td><td></td><td>&nbsp;</td><td></td><td></td></tr>";
            echo "<tr><td></td><td></td><td><b>Shipping</b></td><td></td><td align='right'>&pound;" . $strShipping . "</td></tr>";
            echo "<tr><td></td><td></td><td><b>Total</b></td><td></td><td align='right'>&pound;" . ($strShipping + $strCost) . "</td></tr>";
            echo "</table>";
        } else {
            echo "denied. Give it 3 seconds";
            funcLogToDebug("Orderview.php: " . $_GET["strUserID"] . " just tried to look into order no " . $strOrderNo);
            echo "<meta http-equiv='refresh' content='0;url=/UserLogon.php'>";

    <td width="200" align="center" valign="top">
      <table width="200"  border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#002A54">
          <td bgcolor="#002A54">
            <div align="center"><img src="images/buttons/LOGIN.gif" width="180" height="25"></div>
Exemplo n.º 10
    } else {
        //more than one user in our database with the same strUserID, log it and error
        //passwords don't match. Error gracefully.
        echo "<meta http-equiv='refresh' content='0;url=/UserPasswordChange.php?strUserID=" . $strUserID . "&PasswordError=3'>";
        echo "</HEAD></HTML>";
        funcLogToDebug("updatePassword.php failed: More than one userID in the database (" . $strUserID . ")");
    //check passwords match
    if ($strPassword2 == $strPassword3) {
        //passwords match, lets carry on
        $strMD5 = md5($strPassword2);
    } else {
        //passwords don't match. Error gracefully.
        echo "<meta http-equiv='refresh' content='0;url=/UserPasswordChange.php?strUserID=" . $strUserID . "&PasswordError=1'>";
        echo "</HEAD></HTML>";
        funcLogToDebug("updatePassword.php:" . $strUserID . " couldn't match new passwords");
    $strChPassQuery = "UPDATE tbl_UserLogin set Password = '******' where UserID = '" . $strUserID . "'";
    $strResult = mysql_query($strChPassQuery) or die("Query Failed:" . mysql_error());
    funcLogToDebug("updatePassword.php: Update " . $strUserID . " Password");
    echo "<meta http-equiv='refresh' content='0;url=/passwordupdate.php?strUserID=" . $strUserID . "'>";


Exemplo n.º 11
    for ($i = 0; $i < $length; $i++) {
        $rand_pos = rand(0, $rand_max);
        $rand_key[] = $key_chars[$rand_pos];
    $rand_pass = implode('', $rand_key);
    //set in database
    //change to correct database
    mysql_select_db("sfvault_store") or die("Could not select database");
    $strChPassQuery = "UPDATE tbl_UserLogin set Password = '******' where UserID = '" . $strEmailAddress . "'";
    $strResult = mysql_query($strChPassQuery) or die("Query Failed:" . mysql_error());
    //display msg
    //echo "Password has been sent to your account";
    //and send....
    mail($strEmailAddress, "ScifiVault.com Password Retrieval", "\n\n Your Password is  " . $rand_pass . ", Once logged in successfully, please change it as a security measure", "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
    funcLogToDebug("passwordRetrieval.php: Password sent to " . $strEmailAddress);
    funcLogToDebug("passwordRetrieval.php: " . $rand_pass);

<table  border="0" cellspacing="0" cellpadding="5" width="900" align="center">
    <td width="500"><a href="http://shop.scifivault.com/index3.php"><img src="images/scifi-small-best.jpg" width="403" height="62" border="0"></a>

    <td align="right" valign="top" width="300">
      <div align="right">
        <script language=JavaScript>


Exemplo n.º 12
$strVerifyCode = funcSanitize($_GET["VerifyKey"]);
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strUserQuery = "SELECT UserID FROM tbl_UserLogin where UserID = '" . $strUserName . "'";
$strUserResult = mysql_query($strUserQuery) or die("Query Failed:" . mysql_error());
//User Exists, so Error gracefully, then forward the user on
$conNumberofRows = mysql_num_rows($strUserResult);
if ($conNumberofRows == 1) {
    //here's our user
    $strNow = date('Y-m-j h:i:s');
    //User Doesn't exist so carry on Adding
    $strAddUserQuery = "UPDATE tbl_UserLogin SET UserVerified='1' where UserID='" . $strUserName . "'";
    $strAddUserResult = mysql_query($strAddUserQuery) or die("Query Failed:" . mysql_error());
    echo "\r\n\r\n<table  border='0' cellspacing='0' cellpadding='5' width='900' align='center'>\r\n  <tr>\r\n    <td width='500'><a href='http://shop.scifivault.com/index3.php'><img src='images/scifi-small-best.jpg' width='403' height='62' border='0'></a>\r\n\r\n    </td>\r\n    <td align='right' valign='top' width='300'>\r\n\r\n\r\n    </td></tr>\r\n\r\n<tr><td>\r\n<br> <font face='verdana'>Thankyou! You've succesfully verified.\r\n\r\n<p>Feel free to sign on and shop.  Click on the link below to hurry things along.\r\n<br><br><a href='index3.php'>Back to Shop</a></font></td><td></td></tr>\r\n\r\n</table>\r\n\r\n\r\n\t\t";
    funcLogToDebug("VerifyUser.php: " . $strUserName . " verified successfully");
    //echo "<meta http-equiv='refresh' content='10;url=/index3.php'>";
} else {
    //we've got more than 1 user with the same user ID in the db (Shouldn't be possible)
    //or no user with that user name
    echo "Error! Please contact scifivault.com with details of your UserId";
    funcLogToDebug("VerifyUser.php: " . $strUserName . " errored.");
    echo "<A href='index3.php'>Back to shop</a>";

Exemplo n.º 13
//expires cookies after 1/2 hour
$sessionExpire = 60 * 30;
//start new session
if (!isset($_SESSION['cart'])) {
    $_SESSION['cart'] = array();
if ($_GET["key"] != "") {
    $strBin = hex2bin($_GET["key"]);
    $strDecrypted = funcDecrypt($strBin);
    $strUserID = substr($strDecrypted, 0, strpos($strDecrypted, "&"));
    //$str = strpos(strDecrypted,"&");
    funcLogToDebug("submitOrder2.php: " . $strBin);
    funcLogToDebug("submitOrder2.php: " . $strDecrypted);
    funcLogToDebug("submitOrder2.php: " . $strUserID);
if ($_GET["strUserID"] != $strUserID) {
    setcookie("AUTH", "", time() - 600, "/", "shop.scifivault.com", 0);
    /* expire in 10 mins ago */
    echo "denied. Give it 3 seconds";
    echo "<meta http-equiv='refresh' content='3;url=/UserLogon.php'>";
} else {
    //echo "<!--\n<b>We have an Auth cookie</b>";
    //echo "\n<br>Cookie(auth): " . $_COOKIE["AUTH"];
    //now can we decrypt the cookie....
    //echo "\n<br>Binary: " . hex2bin($_COOKIE["AUTH"]);
    setcookie("AUTH", $value, $strExpiry, "/", "shop.scifivault.com", 0);
    /* expire in 10 mins */
    //echo $strUserID . "_" . $strExpiry ."<br>" ;
    //print_r ($_COOKIE["AUTH"]);
Exemplo n.º 14
function funcDeleteItem($strSessionID, $itemcode, $qty)
    //connect to server
    $link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
    //change to correct database
    mysql_select_db("sfvault_store") or die("Could not select database");
    //$qty = "1";
    //$itemcode = funcSanitize($_POST['removeitem']);
    $strBool = 0;
    $counter = 0;
    //additional check to make sure $qty is a numeric
    if (ereg("[0-9]+", $qty)) {
        funcDebug("Quantity string is numeric");
    } else {
        echo "Invalid Input, stop trying to put non-numerics in the quantity field";
    //is row locked?
    $strLockCheck = "SELECT ColumnLock FROM tblItem WHERE stockID = '" . $itemcode . "'";
    $strLockResult = mysql_query($strLockCheck) or die("Query Failed: " . mysql_error());
    while ($line = mysql_fetch_array($strLockResult, MYSQL_ASSOC)) {
        if ($line["ColumnLock"] == 'YES') {
            echo "Item being edited, please try again";
            echo "<br><a href='index3.php'>Back to Shop</a>";
            //possible retry, or forward on back to original page??
        } else {
            funcDebug("Free to carry on");
    //set row lock on in tblItem
    $strLockQuery = "UPDATE tblItem SET ColumnLock = 'YES' WHERE stockID = '" . $itemcode . "'";
    mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
    //Lets see how much stock for this item there is
    $strStockQuery = "SELECT Qty FROM tblBasket where item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'";
    $strStockResult = mysql_query($strStockQuery) or die("Query Failed:" . mysql_error());
    while ($line = mysql_fetch_array($strStockResult, MYSQL_ASSOC)) {
        if ($line["Qty"] >= $qty) {
            //great we have some stock
            funcDebug($itemcode . " in basket: " . $line["Qty"]);
            //$qty = $line["Qty"] - $qty;
            funcDebug("Request to return " . $qty . " of " . $itemcode);
            //insert/update into tblBasket
            $strBasket = "SELECT * FROM tblItem where stockID = '" . $itemcode . "'";
            $strBasketResult = mysql_query($strBasket) or die("Basket Query Failed:" . mysql_error());
            $conNumberofRows = mysql_num_rows($strBasketResult);
            if ($conNumberofRows == 1) {
                //need to update the table
                $line2 = mysql_fetch_array($strBasketResult, MYSQL_ASSOC);
                funcDebug("Quantity of " . $itemcode . " in stock is " . $line2["NoOfItems"]);
                funcLogToDebug("removeFromBasket.php: Item " . $itemcode . " remove from basket (" . session_id() . ")");
                $strUpdatedBasketValue = $line2["NoOfItems"] + $qty;
                $strAddToBasket = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedBasketValue . "' where stockID = '" . $itemcode . "'";
                mysql_query($strAddToBasket) or die("Update Basket Query Failed:" . mysql_error());
            } else {
                //catchall for invalid entries in basket. stops
                //before making any changes in the main tblItems.
                echo "Invalid number of rows in stock database, please contact us";
                $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
                mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
            //update tblItems with new stock value
            $strUpdatedStockValue = $line["Qty"] - $qty;
            funcDebug("Updated stock value: " . $strUpdatedStockValue);
            if ($strUpdatedStockValue == 0) {
                $strUpdateStockQuery = "DELETE FROM tblBasket where item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'";
                mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
            } else {
                $strUpdateStockQuery = "UPDATE tblBasket SET qty = '" . $strUpdatedStockValue . "' WHERE item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'";
                mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
            $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
            mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error());
        } else {
            //oh dear, no stock left
            echo "Not enough of that item in your basket";
            $strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
            mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
    //header('location: ' . $_SERVER['PHP_SELF']);
    //header('location: ' . $_POST['page']);
    //echo $_POST['page'];
    echo "<meta http-equiv='refresh' content='0;url=" . $_POST['page'] . "'>";
Exemplo n.º 15
    $strAvailability = funcSanitize($strAvailability);
    $strNoOfItems = funcSanitize($strNoOfItems);
    $strSubjectTag = funcSanitize($strSubjectTag);
    $strCategoryTag = funcSanitize($strCategoryTag);
    $strVersionTag = funcSanitize($strVersionTag);
    $strFrontPage = funcSanitize($strFrontPage);
    $strSubCatPage = funcSanitize($strSubCatPage);
    $strUpdateQuery = "UPDATE tblItem SET Subject = '" . $strSubject . "', Description = '" . $strDescription . "', Category = '" . $strCategory . "', smallPicture = '" . $strSmallPicture . "', bigPicture = '" . $strBigPicture . "', ShortDescription = '" . $strShortDescription . "', Name = '" . $strName . "', Cost = '" . $strCost . "', RRP = '" . $strRRP . "', SaleRRP = '" . $strSaleRRP . "', Weight = '" . $strWeight . "', Barcode = '" . $strBarcode . "', Features = '" . $strFeatures . "', Version = '" . $strVersion . "', Size = '" . $strSize . "', PercentDiscount = '" . $strPercentDiscount . "', WholesalePrice = '" . $strWholesalePrice . "', Supplier = '" . $strSupplier . "', Availability = '" . $strAvailability . "', NoOfItems = '" . $strNoOfItems . "', SubjectTag='" . $strSubjectTag . "', CategoryTag='" . $strCategoryTag . "', VersionTag='" . $strVersionTag . "', DisplayonFrontPage = '" . $strFrontPage . "', DisplayonSubCatPage='" . $strSubCatPage . "' WHERE stockID = '" . $strStockID . "'";
    funcDebug("strUpdateQuery: " . $strUpdateQuery);
    $strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error());
    $strNow = date('Y-m-j h:i:s');
    $strEditedInsert = "UPDATE: \$\$" . $strStockID . "\$\$,\$\$" . $strSmallPicture . "\$\$,\$\$" . $strBigPicture . "\$\$,\$\$" . $strShortDescription . "\$\$,\$\$" . $strName . "\$\$,\$\$" . $strCost . "\$\$,\$\$" . $strRRP . "\$\$,\$\$" . $strSaleRRP . "\$\$,\$\$" . $strWeight . "\$\$,\$\$" . $strBarcode . "\$\$,\$\$" . $strFeatures . "\$\$,\$\$" . $strVersion . "\$\$,\$\$" . $strSize . "\$\$,\$\$" . $strPercentDiscount . "\$\$,\$\$" . $strWholesalePrice . "\$\$,\$\$" . $strSupplier . "\$\$,\$\$" . $strAvailability . "\$\$,\$\$" . $strNoOfItems . "\$\$,\$\$" . $strCategoryTag . "\$\$,\$\$" . $strSubjectTag . "\$\$,\$\$" . $strVersionTag . "\$\$,\$\$" . $strFrontPage . "\$\$,\$\$" . $strSubCatPage;
    $strLogInsert = "INSERT INTO tblLog Values ('" . $strNow . "','DEV','" . $strEditedInsert . "')";
    funcDebug("strLogInsert: " . $strLogInsert);
    $strInsertLogEntry = mysql_query($strLogInsert) or die("Log Entry Failed");
    funcLogToDebug("submitUpdate.php: " . $strStockID . " has been edited");
//close connection to database
funcDebug("Closing link to db");
redirect("/stock2/default.php?Action=ViewItem&stockID=" . $strStockID, 1, "<B>Redirecting...</B><br> <a href='default.php?Action=AmendItem&stockID=" . $strStockID . "'>Click here if redirect fails</a>");

