function remove($cp_id, $order_id)
{
$val = Validation::own_cus_product($cp_id, $_SESSION["user_id"]);
if ($val) {
$cus_pro = CusProduct::find($cp_id);
$order = Order::find($order_id);
$order->remove_product($cus_pro);
$order->update();
}
}
<?php
include 'inc.php';
if (!$user->is_admin()) {
set_msg("You do not have enough permission.");
header("Location: index.php");
exit;
}
$products = Product::get_all_products();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$product_ids = $_POST["product_ids"];
}
if (empty($product_ids)) {
$product_ids = array();
}
$cus_products = CusProduct::search($product_ids);
include 'header.php';
include 'menu.php';
?>
<div id="content">
<div id="ajax-popup" style="display: none;">
<div id="ajax-close"><a onclick="close_ajax()">Close</a></div>
<div id="ajax-title">Cart Details for Customized Product ID <span id="ajax-id"> </span></div>
<div id="ajax-loading">
<p>Loading...</p>
<img src="images/ajax-loader.gif" width="220" height="19" alt="Loading" />
</div>
<div id="ajax-body" style=""> </div>
</div>
<div id="admin-menu">
<h2>Admin Panel</h2>
static function search($product_ids)
{
for ($i = 0; $i < count($product_ids); $i++) {
$product_ids[$i] = intval($product_ids[$i]);
}
$str = empty($product_ids) ? "" : "AND c.product_id IN (" . implode(",", $product_ids) . ")";
$query = "SELECT c.id FROM cus_products c, orders o, order_products p\n WHERE c.id = p.cus_product_id AND o.id = p.order_id AND o.status='completed' {$str}";
$result = sql($query, SQL_SINGLE_COL);
if (!$result) {
log2("sql error! -- " . mysql_error() . ": {$query}");
return array();
}
$ret = array();
foreach ($result as $id) {
$obj = CusProduct::find($id);
if ($obj instanceof CusProduct) {
$ret[] = $obj;
}
}
return $ret;
}
<?php
include 'inc.php';
$cp_id = $_GET["id"];
$val = Validation::own_cus_product($cp_id, $_SESSION["user_id"]);
if (!$val or empty($cp_id)) {
header("Location: cart.php");
exit;
}
$cp = CusProduct::find($cp_id);
if ($_SERVER["REQUEST_METHOD"] == "GET") {
$_POST["attr"]["quantity"] = $cp->get_quantity();
foreach ($cp->get_custom() as $type => $value) {
$_POST["attr"][$type] = $value;
}
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$_POST["attr"]["image"] = intval($_POST["attr"]["image"]);
//handle add product request
if ($_POST["attr"]["image"] <= 0) {
$_POST["attr"]["image"] = Image::process_image($_FILES['upload'], $user);
}
if ($_POST["attr"]["image"] <= 0) {
set_msg("Image Error: " . get_error_msg($_POST["attr"]["image"]));
} else {
$result = modify_product($user, $cp, $_POST["attr"]);
if ($result) {
header("Location: cart.php");
exit;
}
}
static function find($id, $isCommitted = false)
{
if (!$id) {
return false;
}
if ((string) (int) $id != (string) $id) {
return false;
}
$id = intval($id);
$committed_sql = $isCommitted ? "AND status='completed'" : "";
$info = sql("SELECT * FROM orders WHERE id = {$id} {$committed_sql}", SQL_SINGLE_ROW);
if (!$info) {
log2("failed to find the order with id {$id}");
return false;
}
$order = new Order();
$order->info = $info;
$order->info["user"] = new User($info["user_id"]);
$cus_product_ids = sql("SELECT cus_product_id FROM order_products WHERE order_id= {$id}", SQL_SINGLE_COL);
foreach ($cus_product_ids as $cp_id) {
$obj = CusProduct::find(intval($cp_id));
if ($obj instanceof CusProduct) {
$order->cus_products[] = $obj;
}
}
return $order;
}