function valid_auth($auth_type)
{
// If the current auth_type is not even "member" then go to the login page
if (!CurrentMember::auth_type('member')) {
session_start();
if (count($_GET) > 0) {
$_SESSION['_GET'] = $_GET;
}
if (count($_POST) > 0) {
$_SESSION['_POST'] = $_POST;
}
$_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
header('Location: index.php?action=login');
exit(0);
} else {
$auth_fail = true;
foreach (explode(',', $auth_type) as $test_auth) {
if (CurrentMember::auth_type($test_auth)) {
$auth_fail = false;
}
}
if ($auth_fail) {
header("Location: index.php");
exit(0);
} else {
// Restore the $_POST and $_GET variables from the last (failed) access
// But do not unset any *real* GET or POST values
if (isset($_SESSION['_POST'])) {
$_POST = $_SESSION['_POST'];
unset($_SESSION['_POST']);
}
if (isset($_SESSION['_GET'])) {
$_GET = $_SESSION['_GET'];
unset($_SESSION['_GET']);
}
}
}
}
$product_id = $_POST['product_id'];
$product_version = $_POST['product_version'];
$producer_id = $_GET['producer_id'];
// Always _GET ... not _POST
$action = 'edit';
$check_validation = true;
} elseif (isset($_GET['product_id']) && isset($_GET['product_version']) && isset($_GET['producer_id'])) {
$product_id = $_GET['product_id'];
$product_version = $_GET['product_version'];
$producer_id = $_GET['producer_id'];
$action = 'edit';
$check_validation = false;
// Get product_info from the database to display in form
$product_info = get_product($_GET['product_id'], $_GET['product_version'], '');
// Abort if the producer does not match the selected producer
if ($product_info['producer_id'] != $producer_id && !CurrentMember::auth_type('producer_admin')) {
die(debug_print("ERROR: 367634 ", 'Product requested is not associated with this producer.', basename(__FILE__) . ' LINE ' . __LINE__));
}
} elseif (isset($_GET['producer_id'])) {
$action = 'add';
$producer_id = $_GET['producer_id'];
$check_validation = false;
// Set some new-product defaults
$product_info['tangible'] = 1;
$product_info['listing_auth_type'] = 'member';
} else {
die(debug_print("ERROR: 543612 ", 'Attempt to edit a product without providing required arguments.', basename(__FILE__) . ' LINE ' . __LINE__));
}
// Process any information posted previously
include 'func/edit_product_screen_updatequery.php';
// Now go get the main part of the screen
function open_list_top(&$product, &$unique)
{
$display_list_top = ($_GET['output'] == 'pdf' ? '' : '
<span class="current_view">
Current view: ' . ucfirst($unique['view']) . ' invoice<br>
View as
' . ($unique['view'] != 'adjusted' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['producer_id'] ? '&producer_id=' . $_GET['producer_id'] : '') . '&view=adjusted">Adjusted</a>]' : '') . '
' . ($unique['view'] != 'original' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['producer_id'] ? '&producer_id=' . $_GET['producer_id'] : '') . '&view=original">Original</a>]' : '') . '
' . ($unique['view'] != 'editable' && CurrentMember::auth_type('cashier') && $_GET['producer_id'] != $_SESSION['producer_id_you'] ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['producer_id'] ? '&producer_id=' . $_GET['producer_id'] : '') . '&view=editable">Editable</a>]' : '') . '
invoice.
</span>') . '
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="left" valign="top" width="50%"><!-- FOOTER LEFT "' . $unique['business_name'] . '" -->
<font size="+2"><b>' . $unique['business_name'] . '</b></font>
</td>
<td valign="top" align="right" rowspan="2" style="text-align:right;" width="50%">
<img src="' . BASE_URL . DIR_GRAPHICS . 'invoice_logo.gif" alt="logo" width="250" height="71">
</td>
</tr>
<tr>
<td align="left">
<br>
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td valign="top"><strong>Home:</strong><br>' . $unique['address_line1'] . ($unique['address_line2'] != '' ? '
<br>' . $unique['address_line2'] . '' : '') . '
<br>' . implode(', ', array_filter(array($unique['city'], $unique['state'], $unique['zip']))) . '<br>' . ($unique['home_phone'] != '' ? '
<br>' . $unique['home_phone'] : '') . '
</td>
<td width="8" style="width:8px;">
</td>
<td width="1" bgcolor="#888888" style="width:1px;">
</td>
<td width="8" style="width:8px;">
</td>
<td valign="top"><strong>Business:</strong><br>' . $unique['work_address_line1'] . ($unique['work_address_line2'] != '' ? '
<br>' . $unique['address_line2'] . '' : '') . '
<br>' . implode(', ', array_filter(array($unique['work_city'], $unique['work_state'], $unique['work_zip']))) . '<br>' . ($unique['work_phone'] != '' ? '
<br>' . $unique['work_phone'] : '') . '
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td valign="top">' . ($unique['email_address'] != '' ? '
<br><a href="mailto:' . $unique['email_address'] . '">' . $unique['email_address'] . '</a>' : '') . ($unique['email_address_2'] != '' ? '
<br><a href="mailto:' . $unique['email_address_2'] . '">' . $unique['email_address_2'] . '</a>' : '') . ($unique['mobile_phone'] != '' ? '
<br>' . $unique['mobile_phone'] . ' (mobile)' : '') . ($unique['fax'] != '' ? '
<br>' . $unique['fax'] . ' (fax)' : '') . '
</td>
<td valign="bottom" align="right" style="vertical-align:bottom;text-align:right">
<font size="+2">' . date("F j, Y", strtotime($unique['delivery_date'])) . '</font>
</td>
</tr>
<tr>
<td colspan="2">
' . ($unique['msg_all'] != '' ? '
<font color="#990000" size="-1">' . $unique['msg_all'] . ' E-mail any problems with your order to <a href="mailto:' . PROBLEMS_EMAIL . '">' . PROBLEMS_EMAIL . '</a><br>' : '') . ($unique['msg_unique'] != '' ? '
<br><font color="#990000" size="-1">' . $unique['msg_unique'] . '<br>' : '') . '
</td>
</tr>
<tr>
<td colspan="2" height="20" align="center"><img class="wide-line" src="' . BASE_URL . DIR_GRAPHICS . 'black_pixel.gif" width="750" height="1" alt="divider"></td>
</tr>
<tr>
<td colspan="2" align="right" padding="0"></td>
</tr>
</table>
<table cellpadding="0" cellspacing="0" border="0" style="width:100%;" width="750">
<tr>
<td colspan="7"><br></td>
</tr>
<tr>
<th valign="bottom" bgcolor="#444444" width="40"></th>
<th valign="bottom" bgcolor="#444444" width="35"><font color="#ffffff" size="-1">#</font></th>
<th valign="bottom" bgcolor="#444444" align="left"><font color="#ffffff" size="-1">Product Name</font></th>
<th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Shipped</font></th>
<th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Weight</font></th>
<th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Order</font></th>
<th valign="bottom" bgcolor="#444444" align=right width="8%" style="text-align:right;"><font color="#ffffff" size="-1">Total</font></th>
</tr>';
return $display_list_top;
}
$chk3d = ' style="display:none;"';
// hide this section if not needed
} elseif ($product_info['random_weight'] == 1) {
$chk3 = '';
$chk4 = ' checked';
}
// Begin main display for edit-product screen (start table/form)
if ($action == 'edit') {
$display = '<form action="' . $_SERVER['SCRIPT_NAME'] . '?product_id=' . $product_id . '&product_version=' . $product_version . '&producer_id=' . $producer_id . '&a=' . $_GET['a'] . '" method="post">';
} elseif ($action == 'add') {
$display = '<form action="' . $_SERVER['SCRIPT_NAME'] . '?producer_id=' . $producer_id . '&a=' . $_GET['a'] . '" method="post">';
}
$display .= '
<table bgcolor="#CCCCCC" border="0" cellpadding="2" cellspacing="2">';
// Admin-related fields
if (CurrentMember::auth_type('producer_admin,site_admin,cashier')) {
$display .= '
<tr bgcolor="#770000">
<th colspan="2" align="center"><font color="#FFFFFF">Administrative Options</font></th>
</tr>
<tr ' . $admin_bg . '>
<td>' . format_help_link('account_number') . 'Account</a></td>
<td><b>Attach an account for sales of this product</b><br>
<font size="-2">Probably should not use this field for regular member-producers</font>
' . $account_number_select . '<br>
<font size="-2">Rather than being applied to the respective producer account, proceeds from this
transaction will be sent to some other "internal" account. This might be useful for
things like membership "products".</font>
</td>
</tr>
<tr ' . $admin_bg . '>
<?php
include_once 'config_openfood.php';
session_start();
if (CurrentMember::auth_type('cashier') && $call_ajax_as_function != true) {
echo receive_payments_detail($_POST);
}
function receive_payments_detail($argument)
{
global $connection;
switch ($argument['request']) {
// BASKET TOTAL AND PAYMENTS ******************************************************
case 'basket_total_and_payments':
$non_payment_total = 0;
$non_payment_count = 0;
$payment_total = 0;
$payment_count = 0;
$query = '
SELECT
text_key,
SUM(amount) AS total,
COUNT(amount) AS count
FROM ' . NEW_TABLE_LEDGER . '
WHERE
basket_id = "' . mysql_real_escape_string($argument['basket_id']) . '"
AND (source_type = "member"
OR target_type = "member")
AND replaced_by IS NULL
GROUP BY
text_key';
$result = @mysql_query($query, $connection) or die(debug_print("ERROR: 768933 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
<div class="tab_frame">
<a href="' . PATH . 'panel_cashier.php" class="' . ($page_tab == 'cashier_panel' ? ' current_tab' : '') . '">Cashiers</a>
</div>';
}
if (CurrentMember::auth_type('site_admin')) {
$panel_admin_menu = '
<div class="tab_frame">
<a href="' . PATH . 'panel_admin.php" class="' . ($page_tab == 'admin_panel' ? ' current_tab' : '') . '">Site Admin</a>
</div>';
}
$logout_menu = '
<div class="tab_frame right">
<a href="' . PATH . 'index.php?action=logout" class="' . ($page_tab == 'login' ? ' current_tab' : '') . '">Logout</a>
</div>';
if (isset($basket_id) && $basket_id != 0) {
if (CurrentMember::auth_type('orderex') || ActiveCycle::ordering_window() == 'open') {
$basket_menu = '
<div class="tab_frame right">
<a href="' . PATH . 'product_list.php?type=basket" class="">View Basket [' . $basket_quantity . ' ' . Inflect::pluralize_if($basket_quantity, 'item') . ']</a>
</div>';
}
}
} else {
$login_menu = '
<div class="tab_frame right">
<a href="' . PATH . 'index.php?action=login" class="' . ($page_tab == 'login' ? ' current_tab' : '') . '">Login</a>
</div>';
}
// Put it all together now
////////////////////////////////////////////////////////////////////////////////
////////////// ////////////////////
// Items dependent upon the location of this header
$pager = array();
// Set up some variables that might be needed
if (isset($_SESSION['member_id'])) {
$member_id = $_SESSION['member_id'];
}
if (isset($_SESSION['producer_id_you'])) {
$producer_id_you = $_SESSION['producer_id_you'];
}
$delivery_id = mysql_real_escape_string(ActiveCycle::delivery_id());
// Allow cashier to override member_id
if (isset($_GET['member_id']) && CurrentMember::auth_type('cashier')) {
$member_id = $_GET['member_id'];
}
// Allow producer_admin or cashier to override producer_id_you
if (isset($_GET['producer_id']) && CurrentMember::auth_type('cashier,producer_admin')) {
$producer_id_you = $_GET['producer_id'];
}
// Allow anyone to override the delivery_id
if ($_GET['delivery_id']) {
$delivery_id = mysql_real_escape_string($_GET['delivery_id']);
}
// Initialize display of wholesale and retail to false
$wholesale_member = false;
$retail_member = false;
//////////////////////////////////////////////////////////////////////////////////////
// //
// QUERY AND DISPLAY THE DATA //
// //
//////////////////////////////////////////////////////////////////////////////////////
// Include the appropriate list "module" from the show_report directory
function open_list_top(&$product, &$unique)
{
$list_top = ($_GET['output'] == 'pdf' ? '' : '
<span class="current_view">
Current view: ' . ucfirst($unique['view']) . ' invoice<br>
View as
' . ($unique['view'] != 'adjusted' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['member_id'] ? '&member_id=' . $_GET['member_id'] : '') . '&view=adjusted">Adjusted</a>]' : '') . '
' . ($unique['view'] != 'original' ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['member_id'] ? '&member_id=' . $_GET['member_id'] : '') . '&view=original">Original</a>]' : '') . '
' . ($unique['view'] != 'editable' && CurrentMember::auth_type('cashier') && $_GET['member_id'] != $member_id ? '[<a href="' . $_SERVER['SCRIPT_NAME'] . '?' . ($_GET['type'] ? 'type=' . $_GET['type'] : '') . ($_GET['delivery_id'] ? '&delivery_id=' . $_GET['delivery_id'] : '') . ($_GET['member_id'] ? '&member_id=' . $_GET['member_id'] : '') . '&view=editable">Editable</a>]' : '') . '
invoice.
</span>') . '
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="left" valign="top"><!-- FOOTER LEFT "' . (strpos($unique['auth_type'], 'institution') !== false ? $unique['business_name'] : '') . $unique['last_name'] . ', ' . $unique['first_name'] . '" -->
<font size="+2"><b>' . $unique['preferred_name'] . ' ' . (strpos($unique['auth_type'], 'institution') !== false ? $unique['business_name'] . '<br>(attn: ' . $unique['first_name'] . ' ' . $unique['last_name'] . ')' : '') . '</b></font>
</td>
<td valign="top" align="right">
<table border="0" style="width:300px;float:right">
<tr>
<td align="center" style="text-align:center;">
<img src="' . BASE_URL . DIR_GRAPHICS . 'invoice_logo.gif" alt="logo" width="250" height="72">
</td>
</tr>
<tr>
<td align="center" style="text-align:center;">
<font size="-2">' . SITE_CONTACT_INFO . '</font>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="left">
<font size="+2">' . $unique['member_id'] . '-' . $unique['site_short'] . ' (' . $unique['site_long'] . ')</font>
</td>
<td align="right" style="text-align:right;">
<font size="+2">' . date("F j, Y", strtotime($unique['delivery_date'])) . '</font>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2" height="20"><img class="wide-line" src="' . BASE_URL . DIR_GRAPHICS . 'black_pixel.gif" width="100%" height="1" alt="divider"></td>
</tr>
<tr>
<td valign="top"><strong>Customer info</strong>' . ($unique['delivery_type'] == 'H' || $unique['delivery_type'] == 'P' ? '
(home):<br><br>' . $unique['address_line1'] . '' . ($unique['address_line2'] != '' ? '
<br>' . $unique['address_line2'] . '' : '') . '
<br>' . $unique['city'] . ', ' . $unique['state'] . ', ' . $unique['zip'] . '<br>' : '') . ($unique['delivery_type'] == 'W' ? '
(work):<br><br>' . $unique['work_address_line1'] . '' . ($unique['work_address_line2'] != '' ? '
<br>' . $unique['work_address_line2'] . '' : '') . '
<br>' . $unique['work_city'] . ', ' . $unique['work_state'] . ', ' . $unique['work_zip'] . '<br>' : '') . ($unique['email_address'] != '' ? '
<br><a href="mailto:' . $unique['email_address'] . '">' . $unique['email_address'] . '</a>' : '') . ($unique['email_address_2'] != '' ? '
<br><a href="mailto:' . $unique['email_address_2'] . '">' . $unique['email_address_2'] . '</a>' : '') . ($unique['home_phone'] != '' ? '
<br>' . $unique['home_phone'] . ' (home)' : '') . ($unique['work_phone'] != '' ? '
<br>' . $unique['work_phone'] . ' (work)' : '') . ($unique['mobile_phone'] != '' ? '
<br>' . $unique['mobile_phone'] . ' (mobile)' : '') . ($unique['fax'] != '' ? '
<br>' . $unique['fax'] . ' (fax)' : '') . '<br><br>
</td>
<td valign="top"><strong>Delivery/pickup details:</strong>
<dl>
<dt><font face="Times New Roman">' . $unique['site_long'] . '</font></dt>
<dd><pre><font face="Times New Roman">' . $unique['site_description'] . '</font></pre></dd>
</dl>
</td>
</tr>
<tr>
<td colspan="2">
' . ($unique['msg_all'] != '' ? '
<font color="#990000" size="-1">' . $unique['msg_all'] . '</font>' : '') . ($unique['msg_unique'] != '' ? '
<br><font color="#990000" size="-1">' . $unique['msg_unique'] . '<br></font>' : '') . '
</td>
</tr>
</table>
<font face="arial">
<table width="100%" cellpadding="0" cellspacing="0" border="0">' . ($unique['checked_out'] != 0 ? '
<tr>
<td colspan="7"><br></td>
</tr>
<tr>
<th valign="bottom" bgcolor="#444444" width="40"></th>
<th valign="bottom" bgcolor="#444444" width="35"><font color="#ffffff" size="-1">#</font></th>
<th valign="bottom" bgcolor="#444444" align="left"><font color="#ffffff" size="-1">Product Name</font></th>
<th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Price</font></th>
<th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Quantity</font></th>
<th valign="bottom" bgcolor="#444444"><font color="#ffffff" size="-1">Weight</font></th>
<th valign="bottom" bgcolor="#444444" align=right width="8%"><font color="#ffffff" size="-1">Amount</font></th>
</tr>' : '
<tr>
<td colspan="7" align="center"><br><br><br><br>EMPTY INVOICE<br>Nothing ordered<br><br><br></td>
</tr>');
return $list_top;
}
function update_basket(array $data)
{
// debug_print ('INFO: Update Basket', $data);
global $connection;
// $member_id_you = $_SESSION['member_id'];
$producer_id_you = $_SESSION['producer_id_you'];
// Allow admins to override certain checks if the requested action is not for themselves
$admin_override = true;
if ($member_id_you == $data['member_id'] || !CurrentMember::auth_type('cashier')) {
$admin_override = false;
}
// Set this value manually when converting from transactions to ledger accounting
$admin_override = true;
// Set flags for needed validations and operations
switch ($data['action']) {
// checkout will checkout all the items in the basket
case 'checkout':
$test_for_membership_privilege = true;
$test_customer_ordering_window = true;
$initiate_set_checkout = true;
$initiate_checkout_items = true;
break;
// same as "checkout" but only synchs items that were already checked out
// same as "checkout" but only synchs items that were already checked out
case 'synch_ledger_items':
$test_for_membership_privilege = true;
$test_customer_ordering_window = true;
$initiate_set_checkout = true;
$synch_ledger_items = true;
break;
// set_uncheckout is currently disabled
// set_uncheckout is currently disabled
case 'set_checkout':
$test_for_membership_privilege = true;
$test_customer_ordering_window = true;
$initiate_set_checkout = true;
break;
// un_checkout is currently disabled
// un_checkout is currently disabled
case 'un_checkout':
$test_customer_ordering_window = true;
$initiate_un_checkout = true;
break;
// update the site (Pickup|Home|Work)
// update the site (Pickup|Home|Work)
case 'set_site':
$update_site = true;
break;
default:
die(debug_print('ERROR: 679217 ', 'unexpected request', basename(__FILE__) . ' LINE ' . __LINE__));
break;
}
// Get information about the basket for this member
// Prefer to access basket by basket_id
if ($data['basket_id'] != 0) {
$basket_info = get_basket($data['basket_id']);
} elseif ($data['member_id'] != 0 && $data['delivery_id'] != 0) {
$basket_info = get_basket($data['member_id'], $data['delivery_id']);
} else {
die(debug_print('ERROR: 970893 ', 'incomplete information to locate basket', basename(__FILE__) . ' LINE ' . __LINE__));
}
// Check that we actually got some basket information
if (!is_array($basket_info)) {
die(debug_print('ERROR: 701854 ', 'basket does not exist', basename(__FILE__) . ' LINE ' . __LINE__));
}
// Check that the member is not pending or discontinued
if ($test_for_membership_privilege && !$admin_override) {
if ($member_info['pending'] == 1 || $member_info['membership_discontinued'] == 1) {
die(debug_print('ERROR: 974383 ', 'incorrect privilege to order', basename(__FILE__) . ' LINE ' . __LINE__));
}
}
// Check if shopping is closed for this order
if ($test_customer_ordering_window && !$admin_override) {
if (ActiveCycle::ordering_window() == 'closed') {
die(debug_print('ERROR: 823186 ', 'customer ordering period is not in effect', basename(__FILE__) . ' LINE ' . __LINE__));
}
}
// Update the basket with a new site and information related to the new site
if ($update_site) {
debug_print("ERROR: 892573 ", "UPDATE DELCODE", basename(__FILE__) . ' LINE ' . __LINE__);
if ($data['delivery_type'] == 'H' || $data['delivery_type'] == 'W') {
$query_delivery_type = 'D';
} else {
$query_delivery_type = $data['delivery_type'];
}
// P[ickup]
// Could check for changes and abort otherwise, but this will force updating
// delivery_postal_code just in case it might have changed.
$query_site = '
SELECT
delivery_charge,
delivery_postal_code
FROM ' . NEW_TABLE_SITES . '
WHERE
site_id = "' . mysql_real_escape_string($data['site_id']) . '"
AND delivery_type = "' . $query_delivery_type . '"
AND inactive = "0"
AND site_type = "customer"';
$result_site = mysql_query($query_site, $connection) or die(debug_print("ERROR: 892573 ", array($query_site, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
// Got we some information, then post the new information
if ($row_site = mysql_fetch_array($result_site)) {
$query_update_basket = '
UPDATE ' . NEW_TABLE_BASKETS . '
SET
delivery_cost = "' . mysql_real_escape_string($row_site['delivery_charge']) . '",
delivery_postal_code = "' . mysql_real_escape_string($row['delivery_postal_code']) . '",
site_id = "' . mysql_real_escape_string($data['site_id']) . '",
delivery_type = "' . mysql_real_escape_string($data['delivery_type']) . '"
WHERE basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"';
$result_update_basket = mysql_query($query_update_basket, $connection) or die(debug_print("ERROR: 892764 ", array($query_update_basket, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
debug_print("INFO: 892573 ", $query_update_basket, basename(__FILE__) . ' LINE ' . __LINE__);
// Update the $basket_info with changes
$basket_info['delivery_cost'] = $row_site['delivery_charge'];
$initiate_delivery_charge = true;
} else {
die(debug_print('ERROR: 898952 ', 'requested site does not exist or is not available', basename(__FILE__) . ' LINE ' . __LINE__));
}
}
// Change the checked_out setting on the basket
// Do this early so the update_basket_item will process the ledger items (only if they are in a checked-out state)
if ($initiate_set_checkout) {
// Get the number of items in the basket that are checked out
$query = '
SELECT
' . NEW_TABLE_PRODUCTS . '.tangible,
COUNT(' . NEW_TABLE_BASKET_ITEMS . '.bpid) AS count
FROM
' . NEW_TABLE_BASKET_ITEMS . '
LEFT JOIN
' . NEW_TABLE_PRODUCTS . ' USING(product_id,product_version)
WHERE
' . NEW_TABLE_BASKET_ITEMS . '.basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"
GROUP BY
' . NEW_TABLE_PRODUCTS . '.tangible';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 758023 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
while ($row = mysql_fetch_array($result)) {
if ($row['tangible'] == '0') {
$intangible_count = $row['count'];
}
if ($row['tangible'] == '1') {
$tangible_count = $row['count'];
}
}
// Preference is to set basket count to the number of *tangible* items in the basket
if ($tangible_count > 0) {
$checked_out = $tangible_count;
} elseif ($intangible_count > 0) {
$checked_out = 0 - $intangible_count;
} else {
$checked_out = 0;
}
$query = '
UPDATE ' . NEW_TABLE_BASKETS . '
SET checked_out = "' . mysql_real_escape_string($checked_out) . '"
WHERE basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 892764 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
// Sync the variable we just changed
$basket_info['checked_out'] = $checked_out;
// If there is an order cost (fixed), then post it (or clear it if wrongly set).
if ($basket_info['order_cost'] != 0 && $basket_info['order_cost_type'] == 'fixed' && $basket_info['checked_out'] != 0) {
// Add the order cost to the ledger for this basket
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'internal', 'target_key' => 'order_cost', 'amount' => $basket_info['order_cost'], 'text_key' => 'order cost', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'match_keys' => array('source_type', 'source_key', 'target_type', 'target_key', 'text_key', 'basket_id')));
} elseif ($basket_info['order_cost'] != 0 && $basket_info['order_cost_type'] == 'percent' && $basket_info['checked_out'] != 0) {
// First need to know the basket total to calculate the percent cost
$query = '
SELECT
SUM(amount) AS order_total
FROM
' . NEW_TABLE_LEDGER . '
WHERE
basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"
AND (text_key = "quantity cost"
OR text_key = "weight cost")';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 678304 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
if ($row = mysql_fetch_array($result)) {
$order_total = $row['order_total'];
$order_cost_total = round($row['order_total'] * $basket_info['order_cost'] / 100, 2);
}
// Add the order cost to the ledger for this basket
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'internal', 'target_key' => 'order_cost', 'amount' => $basket_info['order_cost'], 'text_key' => 'order cost', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'match_keys' => array('source_type', 'source_key', 'target_type', 'target_key', 'text_key', 'basket_id')));
}
}
// For checkout, synchronize ledger entries to all basket_items
if ($initiate_checkout_items || $synch_ledger_items) {
// $initiate_checkout_items: check out all items and synch ledger
// $synch_ledger_items: repost existing checked_out items to the ledger
if ($synch_ledger_items) {
// Restrict to just the checked_out items
$query_where = '
AND checked_out != "0"';
}
// Get the items currently in the basket
$query_basket_items = '
SELECT
bpid,
product_id,
product_version
FROM ' . NEW_TABLE_BASKET_ITEMS . '
WHERE basket_id = "' . mysql_real_escape_string($basket_info['basket_id']) . '"' . $query_where;
$result_basket_items = mysql_query($query_basket_items, $connection) or die(debug_print("ERROR: 892785 ", array($query_basket_items, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
// Go through all the basket items (or all the checked_out items)
while ($row_basket_items = mysql_fetch_array($result_basket_items)) {
$basket_item_info = update_basket_item(array('action' => 'synch_ledger', 'delivery_id' => $data['delivery_id'], 'member_id' => $data['member_id'], 'product_id' => $row_basket_items['product_id'], 'product_version' => $row_basket_items['product_version']));
if (!is_array($basket_item_info)) {
die(debug_print("ERROR: 902784 ", 'update_basket_item() did not return array.', basename(__FILE__) . ' LINE ' . __LINE__));
}
}
}
// This is done for any/all changes, so not conditional except for baskets that are not checked-out.
if ($basket_info['checked_out'] != 0) {
// If there is a delivery charge, then post it (or clear it if wrongly set).
if ($basket_info['delivery_cost'] != 0 || $initiate_delivery_charge) {
// Add the delivery cost to the ledger for this basket
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'internal', 'target_key' => 'delivery_cost', 'amount' => $basket_info['delivery_cost'], 'text_key' => 'delivery cost', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'match_keys' => array('source_type', 'source_key', 'target_type', 'target_key', 'text_key', 'basket_id')));
}
}
// // For un_checkout, clear all ledger entries related to the basket and basket_items
// // This will remove or clear the cost of ledger entries for all products in the basket
// if ($initiate_un_checkout)
// {
// // Get the items currently in the basket
// $query_basket_items = '
// SELECT
// bpid,
// product_id,
// product_version
// FROM '.NEW_TABLE_BASKET_ITEMS.'
// WHERE basket_id = "'.mysql_real_escape_string($basket_info['basket_id']).'"';
// $result_basket_items = mysql_query($query_basket_items, $connection) or die(debug_print ("ERROR: 892785 ", array ($query_basket_items,mysql_error()), basename(__FILE__).' LINE '.__LINE__));
// // Go through all the basket items
// while ($row_basket_items = mysql_fetch_array($result_basket_items))
// {
// // Problem: clear_item removes all quantity from the basket. We would like to leave the basket unchanged.
// // ... but if we define that as the desired behavior, then we have something, at least...
// $basket_item_info = update_basket_item (array(
// 'action' => 'un_checkout',
// 'delivery_id' => $data['delivery_id'],
// 'member_id' => $data['member_id'],
// 'product_id' => $row_basket_items['product_id'],
// 'product_version' => $row_basket_items['product_version'],
// 'post_even_if_zero' => 'YES'
// ));
// if ($basket_item_info != 'clear_item:'.$row_basket_items['bpid'])
// {
// return('error 100: expected "clear_item:'.$row_basket_items['bpid'].'" but got "'.$basket_item_info.'"');
// }
// }
// // And un-checkout the basket as well
// // Remove the delivery cost from the ledger for this basket
// $ledger_status = basket_item_to_ledger(array (
// 'source_type' => 'member',
// 'source_key' => $data['member_id'],
// 'target_type' => 'internal',
// 'target_key' => 'delivery_cost',
// 'amount' => 0,
// 'text_key' => 'delivery cost',
// 'posted_by' => $_SESSION['member_id'],
// 'basket_id' => $basket_info['basket_id'],
// 'site_id' => $basket_info['site_id'],
// 'delivery_id' => $basket_info['delivery_id'],
// 'match_keys' => array ('source_type','source_key','target_type','target_key','text_key','basket_id')
// ));
// }
// // Change the checked_out setting on the basket
// // Do this last so the update_basket_item will clear ledger items (only if they are in a checked-out state)
// if ($initiate_un_checkout)
// {
// $query = '
// UPDATE '.NEW_TABLE_BASKETS.'
// SET checked_out = "0"
// WHERE basket_id = "'.mysql_real_escape_string($basket_info['basket_id']).'"';
// $result = mysql_query($query, $connection) or die(debug_print ("ERROR: 892764 ", array ($query,mysql_error()), basename(__FILE__).' LINE '.__LINE__));
// $basket_info['checked_out'] = 0;
// }
// At this point, all basket information has been updated, so we need to consider any changes to the ledger.
// * messages link a message to this transaction
// * post_even_if_zero 'YES' will delete the transaction is zero and a singleton
// NEED TO ADD PAYPAL SURCHARGE CALCULATION
// Return the new (possibly changed) basket_info array
return $basket_info;
}
}
// Get a delivery_id for pulling current producer "invoices"
if ($_GET['delivery_id']) {
$delivery_id = mysql_real_escape_string($_GET['delivery_id']);
} else {
$delivery_id = mysql_real_escape_string(ActiveCycle::delivery_id());
}
// Get a basket_id in cases where we are looking at baskets or invoices...
if ($_GET['basket_id']) {
$basket_id = mysql_real_escape_string($_GET['basket_id']);
} else {
$basket_id = mysql_real_escape_string(CurrentBasket::basket_id());
}
// Determine whether the order is open or not
$order_open = false;
if (ActiveCycle::ordering_window() == 'open' && ActiveCycle::delivery_id() == $delivery_id || CurrentMember::auth_type('orderex')) {
$order_open = true;
}
// Initialize display of wholesale and retail to false
$display_wholesale_price = false;
$display_retail_price = false;
$is_wholesale_item = false;
// SET UP QUERY PARAMETERS THAT APPLY TO MOST LISTS
// Only show for listed producers -- not unlisted (1) or suspended (2)
$where_unlisted_producer = '
AND unlisted_producer = "0"';
// Normally, do not show producers that are pending (1)
$where_producer_pending = '
' . TABLE_PRODUCER . '.pending = 0';
// Set up an exception for hiding zero-inventory products
$where_zero_inventory = '';
<?php
include_once 'config_openfood.php';
session_start();
if (!CurrentMember::auth_type('cashier')) {
echo '
<div id="make_payment_row" class="data_row">
<span class="error_message">Only cashiers are permitted to execute this function.</span>
</div>';
exit(1);
// Not permitted to access this page
}
switch ($_POST['process']) {
// MAKE PAYMENTS FORM ******************************************************
case 'get_make_payment_form':
echo get_make_payment_form($_POST['delivery_id'], $_POST['producer_id'], $_POST['business_name'], '');
break;
// POST MAKE PAYMENTS ******************************************************
// POST MAKE PAYMENTS ******************************************************
case 'make_payment':
$error_array = array();
// Validate the data: amount
if (preg_match('/^[-]{0,1}[0-9]*(\\.[0-9]{2}){0,1}$/', $_POST['amount']) != 1) {
array_push($error_array, 'Payment must be numeric with decimal cents<br>(e.g. 45.67 or .89).');
}
// Validate the data: payment_type
if ($_POST['payment_type'] != 'cash' && $_POST['payment_type'] != 'check' && $_POST['payment_type'] != 'paypal') {
array_push($error_array, 'Please select a payment type.');
}
// Validate the data: memo
if (preg_match('/^[0-9]*$/', $_POST['memo']) != 1) {
<?php
include_once 'config_openfood.php';
session_start();
valid_auth('producer,producer_admin,site_admin');
// store.php3 - by Florian Dittmer <*****@*****.**>
// Example php script to demonstrate the storing of binary files into
// an sql database. More information can be found at http://www.phpbuilder.com/
// producer_admin and site_admin are allowed to pass $_GET directive
if ($_GET['producer_id'] && CurrentMember::auth_type('site_admin,cashier')) {
// Keep the same producer_id value
$producer_id = $_GET['producer_id'];
} elseif ($_SESSION['producer_id_you']) {
$producer_id = $_SESSION['producer_id_you'];
}
$sqll = '
SELECT
' . TABLE_PRODUCER_LOGOS . '.logo_id,
' . TABLE_PRODUCER . '.business_name
FROM
' . TABLE_PRODUCER . '
LEFT JOIN
' . TABLE_PRODUCER_LOGOS . ' USING(producer_id)
WHERE
' . TABLE_PRODUCER . '.producer_id = "' . mysql_real_escape_string($producer_id) . '"';
$rsrl = @mysql_query($sqll, $connection) or die(mysql_error() . "<br><b>Error No: </b>" . mysql_errno());
$num = mysql_numrows($rsrl);
while ($row = mysql_fetch_array($rsrl)) {
$logo_id = $row['logo_id'];
$business_name = $row['business_name'];
}
LEFT JOIN ' . NEW_TABLE_BASKETS . ' USING(basket_id)
LEFT JOIN ' . NEW_TABLE_PRODUCTS . ' USING(product_id,product_version)
WHERE
' . NEW_TABLE_PRODUCTS . '.producer_id = "' . mysql_real_escape_string($producer_id) . '"
AND ' . NEW_TABLE_BASKETS . '.delivery_id = "' . mysql_real_escape_string($delivery_id) . '"
AND ' . NEW_TABLE_BASKET_ITEMS . '.out_of_stock != ' . NEW_TABLE_BASKET_ITEMS . '.quantity
AND ' . NEW_TABLE_PRODUCTS . '.random_weight != "0"
AND ' . NEW_TABLE_BASKET_ITEMS . '.total_weight = "0"
ORDER BY producer_id ASC';
$resultprp = @mysql_query($sqlp, $connection) or die(debug_print("ERROR: 869307 ", array($sqlp, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
$num = mysql_numrows($resultprp);
while ($row = mysql_fetch_array($resultprp)) {
$display .= '<a href="product_list.php?&type=producer_byproduct&producer_id=' . $row['producer_id'] . '&delivery_id=' . $delivery_id . '">Weight needed: #' . $row['product_id'] . '</a><br>';
}
$display .= '</td>
<td class="producer_links">' . (CurrentMember::auth_type('producer_admin') == true ? '<a class="producer" onclick="popup_src(\'edit_producer.php?action=edit&producer_id=' . $producer_id . '&display_as=popup\', \'edit_producer\', \'\')">Edit</a>' : '') . '
</td>
<td class="order_links" valign="top"><a href="product_list.php?&type=producer_byproduct&delivery_id=' . $delivery_id . '&producer_id=' . $producer_id . '">Basket</a> | <a href="show_report.php?type=producer_invoice&delivery_id=' . $delivery_id . '&producer_id=' . $producer_id . '">Invoice</a></font></td>
</tr>';
$member_id_list .= '#' . $member_id;
}
$content_list = '
<div align="center">
<div id="delivery_id_nav">
<a class="prior" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id - 1) . '">← PRIOR CYCLE </a>
<a class="next" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id + 1) . '"> NEXT CYCLE →</a>
</div>
<table width="100%">
<tr>
<td align="left">
<h3>Producer Orders: ' . date('F j, Y', strtotime($delivery_date)) . ' (' . $num_orders . ' Orders)</h3>
function update_basket_item(array $data)
{
// debug_print ('INFO: Update Basket', $data);
global $connection;
// $member_id_you = $_SESSION['member_id'];
$producer_id_you = $_SESSION['producer_id_you'];
// Allow admins to override certain checks if the requested action is not for themselves
$admin_override_not_set = false;
if ($member_id_you == $data['member_id'] || !CurrentMember::auth_type('cashier')) {
$admin_override_not_set = true;
}
// Set flags for needed validations and operations
switch ($data['action']) {
case 'set_quantity':
$test_for_valid_product = true;
$test_for_customer_privilege = true;
$test_for_membership_privilege = true;
$test_customer_ordering_window = true;
$test_product_availability = true;
$test_for_producer_privilege = true;
$initiate_basket_item = true;
$initiate_change_quantity = true;
$initiate_set_message_to_producer = true;
break;
case 'set_message_to_producer':
$test_for_valid_product = true;
$test_customer_ordering_window = true;
$initiate_set_message_to_producer = true;
break;
case 'set_outs':
$test_for_valid_product = true;
$test_for_producer_privilege = true;
$test_basket_item_exists = true;
$test_producer_update_window = true;
$initiate_change_outs = true;
break;
case 'set_weight':
$test_for_valid_product = true;
$test_for_producer_privilege = true;
$test_basket_item_exists = true;
$test_producer_update_window = true;
$initiate_change_weight = true;
break;
case 'checkout':
$test_for_valid_product = true;
$test_for_membership_privilege = true;
$test_customer_ordering_window = true;
$test_basket_item_exists = true;
$initiate_set_message_to_producer = true;
$initiate_synch_ledger = true;
break;
case 'set_all_producer':
$test_for_valid_product = true;
$test_basket_item_exists = true;
$test_for_producer_privilege = true;
$test_producer_update_window = true;
$initiate_change_outs = true;
$initiate_change_weight = true;
break;
case 'set_everything':
$test_for_valid_product = true;
$test_basket_item_exists = true;
$test_customer_ordering_window = true;
$initiate_change_quantity = true;
$initiate_change_outs = true;
$initiate_clear_weight = true;
$initiate_clear_item = true;
$initiate_set_message_to_producer = true;
break;
case 'clear_item':
// Used when un_checking_out
$test_for_valid_product = true;
$test_basket_item_exists = true;
$test_customer_ordering_window = true;
$data['quantity'] = '0';
$data['out_of_stock'] = '0';
$data['weight'] = '0';
$initiate_change_quantity = true;
$initiate_change_outs = true;
$initiate_clear_weight = true;
$initiate_clear_item = true;
break;
case 'synch_ledger':
// Used when checking_out
$test_for_valid_product = true;
$test_basket_item_exists = true;
$test_for_membership_privilege = true;
$test_customer_ordering_window = true;
$test_basket_item_exists = true;
$initiate_synch_ledger = true;
break;
case 'producer_synch_ledger':
// Used when checking_out
$test_for_valid_product = true;
$test_basket_item_exists = true;
$test_for_producer_privilege = true;
$test_producer_update_window = true;
$initiate_synch_ledger = true;
break;
default:
return 'Unexpected request ' . $action;
break;
}
// Check if the product exists, regardless of $admin_override_not_set
if ($test_for_valid_product) {
$product_info = get_product($data['product_id'], $data['product_version'], $data['pvid']);
if (!is_array($product_info)) {
return 'Product not found in database';
}
}
// Get information about the basket for this member
// This needs to be done before the availability check
$basket_info = get_basket($data['member_id'], $data['delivery_id']);
// See if we already have this basket_item
if (is_array($basket_info)) {
$basket_item_info = get_basket_item($basket_info['basket_id'], $data['product_id']);
} else {
return 'Basket does not exist';
}
// Check for basket item
if ($test_basket_item_exists && !is_array($basket_item_info)) {
return 'Basket item does not exist';
}
// Check if the basket is locked
if ($basket_info['locked'] == 1) {
return 'Basket is locked';
}
// Check if this producer is permitted and enabled to sell
if ($test_for_producer_privilege && $admin_override_not_set) {
$producer_info = get_producer($product_info['producer_id']);
if ($producer_info['unlisted_producer'] > 0 || $producer_info['pending'] == 1) {
return 'Producer is restricted from selling';
}
}
// Check if the customer is allowed to purchase this product
if ($test_for_customer_privilege && $admin_override_not_set) {
$member_info = get_member($data['member_id']);
$member_auth_type_array = explode(',', $member_info['auth_type']);
// $product_info['listing_auth_type'] contains the *necessary* auth_type to buy this product
// and $member_auth_type_array contains all the members' allowable auth_types
// listing_auth_types archived and unlisted are not allowed for members, so can never be ordered
if (!is_array($member_auth_type_array) || !in_array($product_info['listing_auth_type'], $member_auth_type_array)) {
return 'Incorrect privilege to purchase requested product';
}
}
// Check that the member is not pending or discontinued
if ($test_for_membership_privilege && $admin_override_not_set) {
if ($member_info['pending'] == 1 || $member_info['membership_discontinued'] == 1) {
return 'Incorrect privilege to order';
}
}
// Check if shopping is closed for this order
if ($test_customer_ordering_window && $admin_override_not_set) {
if (ActiveCycle::ordering_window() == 'closed') {
return 'Customer ordering period is not in effect';
}
}
// Check if the product can be delivered to this site_id
if ($test_product_availability && $admin_override_not_set) {
if ($producer_info['available_site_ids'] != '' && !in_array($basket_info['site_id'], explode(',', $producer_info['available_site_ids']))) {
return 'Producer does not sell at this location';
}
}
// Check if producer activity is taking place within the producer update window
if ($test_producer_update_window && $producer_id_you && $admin_override_not_set) {
if (ActiveCycle::producer_update_window() == 'closed') {
return 'Producer update window is closed';
}
}
// Create an empty basket item if one does not already exist
if ($initiate_basket_item && !is_array($basket_item_info)) {
$query = '
INSERT INTO ' . NEW_TABLE_BASKET_ITEMS . '
(
/* bpid, */
basket_id,
product_id,
product_version,
quantity,
total_weight,
product_fee_percent,
subcategory_fee_percent,
producer_fee_percent,
taxable,
out_of_stock,
future_delivery,
future_delivery_type,
date_added
)
SELECT
' . mysql_real_escape_string($basket_info['basket_id']) . ' AS basket_id,
product_id,
product_version,
"0" AS quantity,
"0" AS total_weight,
product_fee_percent,
subcategory_fee_percent,
producer_fee_percent,
taxable,
"0" AS out_of_stock,
future_delivery,
future_delivery_type,
NOW() AS date_added
FROM ' . NEW_TABLE_PRODUCTS . '
LEFT JOIN ' . TABLE_SUBCATEGORY . ' USING(subcategory_id)
LEFT JOIN ' . TABLE_CATEGORY . ' USING(category_id)
LEFT JOIN ' . TABLE_PRODUCER . ' USING(producer_id)
WHERE
product_id = "' . mysql_real_escape_string($product_info['product_id']) . '"
AND product_version = "' . mysql_real_escape_string($product_info['product_version']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 748032 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
// Now get the basket information we just posted
$basket_item_info = get_basket_item($basket_info['basket_id'], $data['product_id']);
}
// Update the quantity for this basket_item and adjust inventory accordingly
if ($initiate_change_quantity) {
$old_requested_quantity = $basket_item_info['quantity'];
$old_out_of_stock = $basket_item_info['out_of_stock'];
// The following code is built around adding/subtracting [quantity], so we will first adjust
// the input to fit that method. If $data['quantity'] is like "+1" or "-2" then increment/decrement
if (preg_match('/^([\\+\\-])(\\d+)$/', $data['quantity'], $matches)) {
if ($matches[1] == '+') {
$data['quantity'] = $matches[2];
} elseif ($matches[1] == '-') {
$data['quantity'] = 0 - $matches[2];
} else {
return 'Unexpected result 789830';
}
} elseif (preg_match('/^(\\d+)$/', $data['quantity'], $matches)) {
$data['quantity'] = $matches[1] - $old_requested_quantity;
// Amount to increase the basket by
} else {
return 'Unexpected result 785932';
}
// If this is an inventory-controlled item
if ($product_info['inventory_id']) {
$old_actual_quantity = $old_requested_quantity - $old_out_of_stock;
// Note that available_inventory is the number of inventory_pull units available for this
// particular product and might actually leave a few inventory items remaining.
$available_inventory = floor($product_info['inventory_quantity'] / $product_info['inventory_pull']);
$inventory_reduction = 0;
// Just for sanity, make sure the old out_of_stock is not more than the old_requested_quantity
if ($old_out_of_stock > $old_requested_quantity) {
$old_out_of_stock = $old_requested_quantity;
}
// Add the request, no matter what (unless the quantity goes negative)
$new_requested_quantity = $old_requested_quantity + $data['quantity'];
// If we brought the requested quantity in the basket down to zero
if ($new_requested_quantity <= 0) {
// then set the new_requested_quantity to [all of it]
$data['quantity'] = 0 - $old_requested_quantity;
$new_requested_quantity = 0;
// and set out_of_stock to zero (empty the basket completely)
$new_out_of_stock = 0;
} else {
// We will begin by considering all of the new quantity as "out"
$new_out_of_stock = $old_out_of_stock + $data['quantity'];
}
// At this point, the new_requested_quantity is correct, but we might
// have set the new_out_of_stock incorrectly, so we will adjust that
// according to the inventory available
// Check if there is enough inventory to cover our entire out_of_stock request
if ($available_inventory > $new_out_of_stock) {
$inventory_reduction = $new_out_of_stock;
$new_out_of_stock = 0;
} else {
$inventory_reduction = $available_inventory;
// all of it
$new_out_of_stock = $new_out_of_stock - $inventory_reduction;
}
} else {
// If this somehow changed, then clear the out_of_stock setting
$new_out_of_stock = 0;
$inventory_reduction = 0;
// Add the new requested quantity
$new_requested_quantity = $old_requested_quantity + $data['quantity'];
// And make sure it isn't less than zero
if ($new_requested_quantity < 0) {
$new_requested_quantity = 0;
}
}
// Set these variables for use later
$basket_item_info['quantity'] = $new_requested_quantity;
$basket_item_info['out_of_stock'] = $new_out_of_stock;
// Update the basket quantity and out_of_stock
$query = '
UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
SET
quantity = "' . mysql_real_escape_string($new_requested_quantity) . '",
out_of_stock = "' . mysql_real_escape_string($new_out_of_stock) . '"
WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 842075 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
// And update the inventory amount
if ($inventory_reduction != 0) {
// This does work with negative numbers for $new_requested_quantity
$query = '
UPDATE ' . TABLE_INVENTORY . '
SET quantity = quantity + "' . mysql_real_escape_string($new_requested_quantity * $product_info['inventory_pull']) . '"
WHERE inventory_id = "' . mysql_real_escape_string($product_info['inventory_id']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 902784 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
}
} else {
$new_requested_quantity = $basket_item_info['quantity'];
}
// Change the "out" setting on this item
if ($initiate_change_outs) {
// If $data['out_of_stock'] is like "+1" or "-2" then increment/decrement
if (preg_match('/^([\\+\\-])(\\d+)$/', $data['out_of_stock'], $matches)) {
// Increase out_of_stock :: decreases actual order quantity
if ($matches[1] == '+') {
$new_out_of_stock = $basket_item_info['out_of_stock'] + $matches[2];
} elseif ($matches[1] == '-') {
$new_out_of_stock = $basket_item_info['out_of_stock'] - $matches[2];
} else {
return 'Unexpected result 578932';
}
} elseif (preg_match('/^(\\d+)$/', $data['out_of_stock'], $matches)) {
$new_out_of_stock = $matches[1];
} else {
return 'Unexpected result 874042';
}
// Make sure we have not outed more than the total quantity in the basket
if ($new_out_of_stock > $basket_item_info['quantity']) {
$new_out_of_stock = $basket_item_info['quantity'];
}
// Make sure we have not outed a negative number
if ($new_out_of_stock < 0) {
$new_out_of_stock = 0;
}
// Update the basket_item with the new quantities
$query = '
UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
SET out_of_stock = "' . mysql_real_escape_string($new_out_of_stock) . '"
WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 784303 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
}
// Set a basket_item message for this item
if ($initiate_set_message_to_producer && $basket_item_info['bpid'] && is_array($data['messages'])) {
foreach ($data['messages'] as $message_type => $message) {
// If there is a message, then add the message or replace an existing one
if (strlen($message) > 0) {
// Use [0]:orphaned message in case the description is not found
$query_post_message = '
REPLACE INTO ' . NEW_TABLE_MESSAGES . '
SET
message = "' . mysql_real_escape_string($message) . '",
message_type_id =
COALESCE((
SELECT message_type_id
FROM ' . NEW_TABLE_MESSAGE_TYPES . '
WHERE key1_target = "basket_items.bpid"
AND description = "' . mysql_real_escape_string($message_type) . '"
LIMIT 1
)
,0),
referenced_key1 = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
} else {
$query_post_message = '
DELETE FROM ' . NEW_TABLE_MESSAGES . '
WHERE
message_type_id =
COALESCE((
SELECT message_type_id
FROM ' . NEW_TABLE_MESSAGE_TYPES . '
WHERE key1_target = "basket_items.bpid"
AND description = "' . mysql_real_escape_string($message_type) . '"
LIMIT 1
)
,0)
AND referenced_key1 = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
}
$result_post_message = mysql_query($query_post_message, $connection) or die(debug_print("ERROR: 789021 ", array($query_post_message, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
}
}
// Clear any weight that might have been set for this item
if ($initiate_clear_weight && $basket_item_info['random_weight']) {
$total_weight = $data['weight'];
$query = '
UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
SET total_weight = "' . mysql_real_escape_string($total_weight) . '"
WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 890254 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
}
// Update the weight for this item
if ($initiate_change_weight && $basket_item_info['random_weight']) {
$total_weight = $data['weight'];
if ($new_requested_quantity - $new_out_of_stock) {
$average_weight = $data['weight'] / ($new_requested_quantity - $new_out_of_stock);
// // Check for weight in specified range (admins may override this check)
// if (($average_weight < $basket_item_info['minimum_weight'] ||
// $average_weight > $basket_item_info['maximum_weight']) &&
// $admin_override_not_set)
// {
// return ('Random-weight item outside declared weight range');
// }
} else {
$average_weight = 0;
$total_weight = 0;
}
$query = '
UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
SET total_weight = "' . mysql_real_escape_string($total_weight) . '"
WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 520561 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
}
if ($initiate_synch_ledger == true) {
// If the requested action is just to synch the ledger, then we need to preset these values:
$new_out_of_stock = $basket_item_info['out_of_stock'];
$new_requested_quantity = $basket_item_info['quantity'];
$product_tax_basis = 0;
$fee_tax_basis = 0;
// And make sure the basket is also checked out
$test_info = update_basket(array('action' => 'set_checkout', 'basket_id' => $basket_info['basket_id']));
// Sync the checked_out field
$basket_info['checked_out'] = $test_info['checked_out'];
$query = '
UPDATE ' . NEW_TABLE_BASKET_ITEMS . '
SET checked_out = "1"
WHERE bpid = "' . mysql_real_escape_string($basket_item_info['bpid']) . '"';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 893020 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
// Sync the checked_out field
$basket_item_info['checked_out'] = "1";
}
// If the quantity has become zero (i.e. out_of_stock == requested_quantity) then we don't want to
// charge people for random weight items -- even if a weight is entered -- so clobber the weight
if ($new_out_of_stock == $new_requested_quantity) {
// i.e. There are no items in stock... then multiply certain costs by zero
$basket_item_info['total_weight'] = 0;
}
// At this point, all basket_item information has been set, so we need to consider
// changes in the ledger. This is done for any/all changes, so not conditional
// except for baskets that are not checked-out.
if ($basket_info['checked_out'] != 0) {
// If this product is configured with an extra_charge, then post it
if ($product_info['extra_charge'] != 0) {
$extra_charge = ($new_requested_quantity - $new_out_of_stock) * $product_info['extra_charge'];
// Assumption is that extra_charges are passed through to the producer
// Should they/could they be held by the co-op???
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'producer', 'target_key' => $product_info['producer_id'], 'amount' => $extra_charge, 'text_key' => 'extra charge', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
}
// If this product is configured with a regular cost, then post it
if ($product_info['unit_price'] != 0) {
if ($product_info['random_weight'] == 1) {
$total_price = $product_info['unit_price'] * $basket_item_info['total_weight'];
$text_key = 'weight cost';
} elseif ($product_info['random_weight'] == 0) {
$total_price = $product_info['unit_price'] * ($new_requested_quantity - $new_out_of_stock);
$text_key = 'quantity cost';
} else {
return 'Unexpected result 579210';
}
// Start accumulating basis for taxation
$product_tax_basis += $total_price;
// Write the transaction to the ledger
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'producer', 'target_key' => $product_info['producer_id'], 'amount' => $total_price, 'text_key' => $text_key, 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
}
// If there is a product fee, post it
if ($basket_item_info['product_fee_percent'] != 0 && PAYS_PRODUCT_FEE != 'nobody') {
$product_adjust_amount = $basket_item_info['product_fee_percent'] * $total_price / 100;
if (PAYS_PRODUCT_FEE == 'customer') {
$source_type = 'member';
$source_key = $data['member_id'];
// Accumulate basis for taxation
$fee_tax_basis += $product_adjust_amount;
} elseif (PAYS_PRODUCT_FEE == 'producer') {
$source_type = 'producer';
$source_key = $product_info['producer_id'];
} else {
return 'No designated payee for product fee';
}
// Post product fee to the ledger for each product
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'product_fee', 'amount' => $product_adjust_amount, 'text_key' => 'product fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
}
// If there is a subcategory fee, post it
if ($basket_item_info['subcategory_fee_percent'] != 0 && PAYS_SUBCATEGORY_FEE != 'nobody') {
$subcategory_adjust_amount = $basket_item_info['subcategory_fee_percent'] * $total_price / 100;
if (PAYS_SUBCATEGORY_FEE == 'customer') {
$source_type = 'member';
$source_key = $data['member_id'];
// Accumulate basis for taxation
$fee_tax_basis += $subcategory_adjust_amount;
} elseif (PAYS_SUBCATEGORY_FEE == 'producer') {
$source_type = 'producer';
$source_key = $product_info['producer_id'];
} else {
return 'No designated payee for subcategory fee';
}
// Post subcategory fee to the ledger for each product
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'subcategory_fee', 'amount' => $subcategory_adjust_amount, 'text_key' => 'subcategory fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
}
// If there is a producer fee, post it
if ($basket_item_info['producer_fee_percent'] != 0 && PAYS_PRODUCER_FEE != 'nobody') {
$producer_adjust_amount = $basket_item_info['producer_fee_percent'] * $total_price / 100;
if (PAYS_PRODUCER_FEE == 'customer') {
$source_type = 'member';
$source_key = $data['member_id'];
// Accumulate basis for taxation
$fee_tax_basis += $producer_adjust_amount;
} elseif (PAYS_PRODUCER_FEE == 'producer') {
$source_type = 'producer';
$source_key = $product_info['producer_id'];
} else {
return 'No designated payee for producer fee';
}
// Post producer fee to the ledger for each product
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'producer_fee', 'amount' => $producer_adjust_amount, 'text_key' => 'producer fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
}
// If there is a customer fee, post it
if ($basket_info['customer_fee_percent'] != 0 && PAYS_CUSTOMER_FEE != 'nobody') {
$customer_adjust_amount = $basket_info['customer_fee_percent'] * $total_price / 100;
if (PAYS_CUSTOMER_FEE == 'customer') {
$source_type = 'member';
$source_key = $data['member_id'];
// Accumulate basis for taxation
$fee_tax_basis += $customer_adjust_amount;
} elseif (PAYS_CUSTOMER_FEE == 'producer') {
$source_type = 'producer';
$source_key = $product_info['producer_id'];
} else {
return 'No designated payee for customer fee';
}
// Post customer fee to the ledger for each product
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => $source_type, 'source_key' => $source_key, 'target_type' => 'internal', 'target_key' => 'customer_fee', 'amount' => $customer_adjust_amount, 'text_key' => 'customer fee', 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
}
// If this is a taxable item, then collect all the requisite taxes
if ($basket_item_info['taxable'] == 1 || COOP_FEE_IS_TAXED == 'always') {
// Get the tax information...
$query = '
SELECT
tax_id,
region_code,
region_type,
tax_percent
FROM ' . NEW_TABLE_TAX_RATES . '
WHERE
postal_code = "' . mysql_real_escape_string($basket_info['delivery_postal_code']) . '"
AND order_id_start <= "' . mysql_real_escape_string($data['delivery_id']) . '"
AND (
order_id_stop >= "' . mysql_real_escape_string($data['delivery_id']) . '"
OR order_id_stop = "0"
)';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 890236 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
while ($row = mysql_fetch_array($result)) {
$text_key = $row['region_type'] . ' tax';
// e.g. 'county tax'
// Just tax the item and not the fees
if (COOP_FEE_IS_TAXED == 'never') {
$tax_amount = $row['tax_percent'] * $product_tax_basis / 100;
} elseif (COOP_FEE_IS_TAXED == 'on taxable items' || COOP_FEE_IS_TAXED == 'always' && $basket_item_info['taxable'] == 1) {
$tax_amount = $row['tax_percent'] * ($product_tax_basis + $fee_tax_basis) / 100;
} elseif (COOP_FEE_IS_TAXED == 'always' && $basket_item_info['taxable'] == 0) {
$tax_amount = $row['tax_percent'] * $fee_tax_basis / 100;
}
$ledger_status = basket_item_to_ledger(array('transaction_group_id' => $data['transaction_group_id'], 'source_type' => 'member', 'source_key' => $data['member_id'], 'target_type' => 'tax', 'target_key' => $row['tax_id'], 'amount' => $tax_amount, 'text_key' => $text_key, 'posted_by' => $_SESSION['member_id'], 'basket_id' => $basket_info['basket_id'], 'bpid' => $basket_item_info['bpid'], 'site_id' => $basket_info['site_id'], 'delivery_id' => $basket_info['delivery_id'], 'pvid' => $product_info['pvid'], 'match_keys' => array('text_key', 'bpid')));
}
}
}
return $basket_item_info;
}
public static function clear_member_info()
{
self::get_member_info();
self::$pending = false;
self::$username = false;
self::$auth_type = false;
self::$business_name = false;
self::$first_name = false;
self::$last_name = false;
self::$first_name_2 = false;
self::$last_name_2 = false;
self::$query_complete = false;
}
/// [show_parts: null] Default condition will output the selected ///
/// category list with headers and footers ///
/// ///
/// &depth=# Will truncate display to this many levels ///
/// ///
/// &offset=# Subtract this number to get the proper level ///
/// category for css markup ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//Configure dividers for between the category text and the number of items
$classA_divider = ' ';
$classB_divider = ' — ';
$classC_divider = ' — ';
// Set up the "listing_auth_type" field condition based on whether the member is an "institution" or not
// Only institutions are allowed to see listing_auth_type=3 (wholesale products)
if (CurrentMember::auth_type('institution') && $seconds_until_close < INSTITUTION_WINDOW) {
$where_auth_type = '
AND (
' . NEW_TABLE_PRODUCTS . '.listing_auth_type = "member"
OR ' . NEW_TABLE_PRODUCTS . '.listing_auth_type = "institution")';
} else {
$where_auth_type = '
AND ' . NEW_TABLE_PRODUCTS . '.listing_auth_type = "member"';
}
// Normally, do not show producers that are pending (1) or suspended (2)
$where_producer_pending = '
AND ' . TABLE_PRODUCER . '.pending = 0';
// Only show for listed producers -- not unlisted (1) or suspended (2)
$where_unlisted_producer = '
AND unlisted_producer = "0"';
// Set the default subquery_confirmed to look only at confirmed products
' . NEW_TABLE_SITES . $query_values;
} else {
$query = '
UPDATE
' . NEW_TABLE_SITES . '
' . $query_values . '
WHERE
site_id = "' . mysql_real_escape_string($_POST['site_id']) . '"';
}
$result = @mysql_query($query, $connection) or die(mysql_error() . "<br><b>Error No: </b>" . mysql_errno());
$message = ': <font color="#FFFFFF">Delivery Information Updated</font>';
} else {
$message = ': <font color="#FFFFFF">You can only update the route you manage</font>';
}
} elseif ($_POST['action'] == "Save changes to this route") {
if ($_SESSION['member_id'] == $_POST['rtemgr_member_id'] || CurrentMember::auth_type('site_admin')) {
$query_values = '
SET
route_name = "' . mysql_real_escape_string($_POST['route_name']) . '",
rtemgr_member_id = "' . mysql_real_escape_string($_POST['rtemgr_member_id']) . '",
rtemgr_namecd = "' . mysql_real_escape_string($_POST['rtemgr_namecd']) . '",
route_desc = "' . mysql_real_escape_string($_POST['route_desc']) . '",
hub_id = "' . mysql_real_escape_string($_POST['hub_id']) . '"';
if ($_POST['route_id'] == 'new') {
$query = '
INSERT INTO
' . TABLE_ROUTE . $query_values;
} else {
$query = '
UPDATE
' . TABLE_ROUTE . $query_values . '
<?php
include_once 'config_openfood.php';
session_start();
valid_auth('producer,producer_admin');
$date_today = date("F j, Y");
// Check if auth_type = producer_admin and there is a producer_id provided
if (CurrentMember::auth_type('producer_admin') && $_GET['producer_id']) {
// Keep the same producer_id value
$producer_id = $_GET['producer_id'];
} elseif ($_SESSION['producer_id_you']) {
$producer_id = $_SESSION['producer_id_you'];
}
if ($_SESSION['producer_id_you'] != $producer_id) {
$fulllist_link = '<b> - <a href="edit_info_list.php#p_' . $producer_id . '">Return to List</a></b>';
}
if ($_REQUEST['producer_submit']) {
$sql = '
UPDATE
' . TABLE_PRODUCER . '
SET
producttypes = "' . mysql_real_escape_string($_REQUEST['producttypes']) . '",
about = "' . mysql_real_escape_string(nl2br2($_REQUEST['about'])) . '",
general_practices = "' . mysql_real_escape_string(nl2br2($_REQUEST['practices'])) . '",
ingredients = "' . mysql_real_escape_string(nl2br2($_REQUEST['ingredients'])) . '",
additional = "' . mysql_real_escape_string(nl2br2($_REQUEST['additional'])) . '",
highlights = "' . mysql_real_escape_string(nl2br2($_REQUEST['highlights'])) . '"
WHERE
producer_id = "' . mysql_real_escape_string($producer_id) . '"';
$result = mysql_query($sql, $connection) or die(mysql_error() . "<br><b>Error No: </b>" . mysql_errno());
$message = "<font color=#3333FF><b>Your information has been updated</b></font><br>";
<?php
valid_auth('member');
$view = 'adjusted';
if ($_GET['view'] == 'original') {
$view = 'original';
} elseif ($_GET['view'] == 'editable' && CurrentMember::auth_type('cashier') && $member_id != $_SESSION['member_id']) {
$view = 'editable';
}
if ($view == 'original') {
$view_original = '
AND ' . NEW_TABLE_LEDGER . '.transaction_group_id = ""
OR ( ' . NEW_TABLE_LEDGER . '.replaced_by IS NOT NULL
AND ' . NEW_TABLE_LEDGER . '.replaced_datetime <= delivery_date )';
} else {
$view_original = '';
}
// Do not paginate invoices under any circumstances (web pages)
$per_page = 1000000;
// Assign page tab and title information
$page_title_html = '<span class="title">Basket</span>';
$page_subtitle_html = '<span class="subtitle">Basket Items</span>';
$page_title = 'Basket: Basket Items';
$page_tab = 'shopping_panel';
// Set display groupings
$major_product = 'producer_id';
$major_product_prior = $major_product . '_prior';
$minor_product = 'product_id';
$minor_product_prior = $minor_product . '_prior';
$show_major_product = true;
$show_minor_product = true;
</form>';
$display .= '
<li class="last_of_group">' . $search_display . '</li>';
if (CurrentMember::auth_type('unfi')) {
$display .= '
<!-- <li><a href="product_list.php?type=unfi">All products (UNFI)</a></li> -->';
}
$display .= '
<li> <a href=category_list2.php> Browse by category</a></li>
<li> <a href="prdcr_list.php"> Browse by producer</a></li>
<li class="last_of_group"> <a href="product_list.php?type=prior_baskets"> Previously ordered products</a></li>
<li> <a href="product_list.php?type=by_id"> All products by number</a></li>
<li class="last_of_group"> <a href="product_list.php?type=full"> All products by category</a></li>
<li> <a href="product_list.php?type=organic"> Organic products</a></li>
<li> <a href="product_list.php?type=new"> New products</a></li>
<li> <a href="product_list.php?type=changed"> Changed products</a></li>' . (CurrentMember::auth_type('institution') ? '
<li> <a href="product_list.php?type=wholesale"> Wholesale products</a></li>' : '') . '
</ul>
</td>
</tr>
</table>';
$page_specific_javascript .= '';
$page_specific_css .= '
<link rel="stylesheet" type="text/css" href="delivery_dropdown.css">
<link rel="stylesheet" type="text/css" href="basket_dropdown.css">
<style type="text/css">
.content_top {
margin-bottom:45px;
width:300px;
}
#basket_dropdown {
<?php
include_once 'config_openfood.php';
session_start();
valid_auth('site_admin,cashier,member');
if (isset($_GET['member_id']) && is_numeric($_GET['member_id'])) {
// If not authorized then force to member's own member_id
if (!CurrentMember::auth_type('cashier') && !CurrentMember::auth_type('site_admin')) {
$member_id = $_SESSION['member_id'];
} else {
$member_id = $_GET['member_id'];
}
$query_where = '
WHERE ' . NEW_TABLE_BASKETS . '.member_id = "' . mysql_real_escape_string($member_id) . '"';
$query_member_name = '
SELECT
preferred_name
FROM
' . TABLE_MEMBER . '
WHERE
member_id = "' . mysql_real_escape_string($member_id) . '"';
$result_member_name = @mysql_query($query_member_name, $connection) or die("Couldn't execute query.");
if ($row = mysql_fetch_array($result_member_name)) {
$preferred_name = $row['preferred_name'];
}
} else {
$member_id = 0;
}
$content = '
<table width="80%">
<tr>
function get_delivery_codes_list($request_data)
{
global $connection;
// See if it is okay to open a basket...
if (ActiveCycle::delivery_id() && (ActiveCycle::ordering_window() == 'open' || CurrentMember::auth_type('orderex'))) {
// If requested to open-basket...
if ($request_data['action'] == 'open_basket') {
if ($request_data['site_id'] && $request_data['delivery_type']) {
$site_id = $request_data['site_id'];
$delivery_type = $request_data['delivery_type'];
// First try an assigned delivery_id... then use the current active one
$delivery_id = $request_data['delivery_id'];
if (!$delivery_id) {
$delivery_id = ActiveCycle::delivery_id();
}
// First try an assigned member_id... then use the current session one
$member_id = $request_data['member_id'];
if (!$member_id) {
$member_id = $_SESSION['member_id'];
}
// Update the basket
$basket_info = open_update_basket(array('member_id' => $member_id, 'delivery_id' => $delivery_id, 'site_id' => $site_id, 'delivery_type' => $delivery_type));
}
} else {
$basket_info = get_basket($request_data['member_id'], $request_data['delivery_id']);
}
// // Ordering is open and there is no basket open yet
// // Get this member's most recent delivery location
// $query = '
// SELECT
// '.NEW_TABLE_SITES.'.site_id,
// '.NEW_TABLE_SITES.'.deltype
// FROM
// '.NEW_TABLE_BASKETS.'
// LEFT JOIN
// '.NEW_TABLE_SITES.' USING(site_id)
// WHERE
// '.NEW_TABLE_BASKETS.'.member_id = "'.mysql_real_escape_string($_SESSION['member_id']).'"
// AND '.NEW_TABLE_SITES.'.inactive = "0"
// ORDER BY
// delivery_id DESC
// LIMIT
// 1';
// $result = mysql_query ($query, $connection) or die(debug_print ("ERROR: 548167 ", array ($query,mysql_error()), basename(__FILE__).' LINE '.__LINE__));
// if ($row = mysql_fetch_array ($result))
// {
// $site_id_prior = $row['site_id'];
// $deltype_prior = $row['deltype'];
// }
// Constrain this shopper's baskets to the site_type they are enabled to use
$site_type_constraint = '';
if (CurrentMember::auth_type('member')) {
$site_type_constraint .= '
' . (strlen($site_type_constraint) > 0 ? 'OR ' : '') . 'site_type LIKE "%customer%"';
}
if (CurrentMember::auth_type('institution')) {
$site_type_constraint .= '
' . (strlen($site_type_constraint) > 0 ? 'OR ' : '') . 'site_type LIKE "%institution%"';
}
$site_type_constraint = '
AND (' . $site_type_constraint . '
)';
// Now get the list of all available delivery codes and flag the one
// that corresponds to this member's prior order
$query = '
SELECT
' . NEW_TABLE_SITES . '.site_id,
' . NEW_TABLE_SITES . '.site_short,
' . NEW_TABLE_SITES . '.site_long,
' . NEW_TABLE_SITES . '.delivery_type,
' . NEW_TABLE_SITES . '.site_description,
' . NEW_TABLE_SITES . '.delivery_charge,
' . NEW_TABLE_SITES . '.inactive,
' . TABLE_MEMBER . '.address_line1,
' . TABLE_MEMBER . '.work_address_line1
FROM
(' . NEW_TABLE_SITES . ',
' . TABLE_MEMBER . ')
WHERE
' . NEW_TABLE_SITES . '.inactive != "1"
AND ' . TABLE_MEMBER . '.member_id = "' . mysql_real_escape_string($_SESSION['member_id']) . '"' . $site_type_constraint . '
ORDER BY
site_long';
$result = mysql_query($query, $connection) or die(debug_print("ERROR: 671934 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
$site_id_array = array();
$delivery_type_array = array();
$display .= '
<div id="delivery_dropdown" class="dropdown">
<a href="' . $_SERVER['SCRIPT_NAME'] . '?action=delivery_list_only"><h1 class="delivery_select">' . ($basket_info['site_id'] ? 'Selected: ' . $basket_info['site_long'] : 'Select Location') . '
</h1></a>
<div id="delivery_select">
<ul class="delivery_select">';
while ($row = mysql_fetch_array($result)) {
// Simplify variables
$site_id = $row['site_id'];
$site_long = $row['site_long'];
$delivery_type = $row['delivery_type'];
$site_description = $row['site_description'];
$delivery_charge = $row['delivery_charge'];
$inactive = $row['inactive'];
$address = $row['address_line1'];
$work_address = $row['work_address_line1'];
// Set up some text for the $delivery type (delivery or pickup)
if ($delivery_type == 'P') {
$delivery_type_text = 'Pick up your order here';
$delivery_type_class = 'delivery_type-p';
} elseif ($delivery_type == 'D') {
$delivery_type_text_h = 'HOME delivery';
$delivery_type_text_w = 'WORK delivery';
if ($delivery_charge) {
$delivery_type_text_h .= ' ($' . number_format($delivery_charge, 2) . ' charge)';
$delivery_type_text_w .= ' ($' . number_format($delivery_charge, 2) . ' charge)';
}
$delivery_type_class = 'delivery_type-d';
} else {
$delivery_type_text = '';
$delivery_type_class = '';
}
// Process the inactive options
if ($inactive == 0) {
$show_site = true;
$active_class = ' active';
$select_link_href = $_SERVER['SCRIPT_NAME'] . '?action=open_basket&site_id=' . $site_id . '&delivery_type=P';
$select_link_h_href = $_SERVER['SCRIPT_NAME'] . '?action=open_basket&site_id=' . $site_id . '&delivery_type=H';
$select_link_w_href = $_SERVER['SCRIPT_NAME'] . '?action=open_basket&site_id=' . $site_id . '&delivery_type=W';
$delivery_type_class .= 'a';
// color
} elseif ($inactive == 2) {
$show_site = true;
$active_class = ' inactive';
$select_link_href = '';
$select_link_h_href = '';
$select_link_w_href = '';
$delivery_type_class .= 'i';
// color
$delivery_type_text = '(Not available for pick up this cycle)';
// clobber the delivery type text
$delivery_type_text_h = '(Not available for home delivery this cycle)';
// clobber the delivery type text
$delivery_type_text_w = '(Not available for work delivery this cycle)';
// clobber the delivery type text
} else {
$show_site = false;
$active_class = ' suspended';
$select_link_href = '';
$select_link_h_href = '';
$select_link_w_href = '';
$delivery_type_class .= 'i';
// color
$delivery_type_text = '(Not available for pick up this cycle)';
// clobber the delivery type text
$delivery_type_text_h = '(Not available for home delivery this cycle)';
// clobber the delivery type text
$delivery_type_text_w = '(Not available for work delivery this cycle)';
// clobber the delivery type text
}
// Process current selection
if ($site_id == CurrentBasket::site_id()) {
$selected = true;
$select_class = ' select';
$delivery_type_class .= 'c';
// color
} else {
$selected = 'false';
$select_class = '';
$delivery_type_class .= 'g';
// greyscale
}
if ($show_site == true) {
if ($delivery_type == 'P') {
$display .= '
<li class="' . $delivery_type_class . $active_class . $select_class . '" ' . ($select_link_href != '' ? 'onclick="javascript:location.href=\'' . $select_link_href : '') . '\';parent.close_delivery_selector();">
<span class="site_long">' . $site_long . '</span>
<span class="site_action">' . $delivery_type_text . '</span>
<span class="site_description">' . br2nl($site_description) . '</span>
</li>';
}
// For delivery_type = delivery, we will give an option for "home"
if ($delivery_type == 'D' && $address) {
if ($basket_info['delivery_type'] != 'H') {
$select_class = '';
}
$display .= '
<li class="' . $delivery_type_class . $active_class . $select_class . '" ' . ($select_link_h_href != '' ? 'onclick="javascript:location.href=\'' . $select_link_h_href : '') . '\';parent.close_delivery_selector();">
<span class="site_long">' . $site_long . '</span>
<span class="site_action">' . $delivery_type_text_h . '</span>
<span class="site_description"><strong>To home address:</strong> ' . $address . '<br>' . br2nl($site_description) . '</span>
</li>';
}
// For delivery_type = delivery, we will also give an option for "work"
if ($delivery_type == 'D' && $work_address) {
if ($basket_info['delivery_type'] != 'W') {
$select_class = '';
}
$display .= '
<li class="' . $delivery_type_class . $active_class . $select_class . '" ' . ($select_link_w_href != '' ? 'onclick="javascript:location.href=\'' . $select_link_w_href : '') . '\';parent.close_delivery_selector();">
<span class="site_long">' . $site_long . '</span>
<span class="site_action">' . $delivery_type_text_w . '</span>
<span class="site_description"><strong>To work address:</strong> ' . $work_address . '<br>' . br2nl($site_description) . '</span>
</li>';
}
}
}
$display .= '
</ul>
</div>
</div>';
}
return $display;
}
<?php
include_once 'config_openfood.php';
session_start();
// First ensure we have authority to execute member updates
if (!CurrentMember::auth_type('site_admin,member_admin')) {
echo 'Unauthorizied access';
exit(0);
}
////////////////////////////////////////////////////////////////////////////////
/// ///
/// AJAX BACKEND FOR UPDATING A SINGLE VALUE IN THE MEMBER TABLE ///
/// ///
////////////////////////////////////////////////////////////////////////////////
// Get the arguments passed in the query_data variable
list($member_id, $field_name, $new_value) = explode(':', $_POST['query_data']);
// Get an array of all member columns
$query = '
SHOW COLUMNS FROM
' . TABLE_MEMBER;
$result = mysql_query($query) or die("Error: " . mysql_error());
$member_columns_array = array();
while ($row = mysql_fetch_object($result)) {
array_push($member_columns_array, $row->Field);
// Get an array of all available auth_types
if ($row->Field == 'auth_type') {
// $row->Type will give something like this:
// set('member','producer','route_admin','cashier','member_admin','site_admin')
// so substr ($row->Type, 5, 2) removes the first five and last two characters
// leaving the split to operate on the intermediate ',' strings.
$auth_types_array = array();
<?php
include_once 'config_openfood.php';
session_start();
// valid_auth('member');
// In the case of site-admin auth_types, allow resetting the MOTD views in the database
if (CurrentMember::auth_type('site_admin')) {
if ($_GET['action'] == 'reset_motd') {
$query = '
DELETE FROM ' . NEW_TABLE_STATUS . '
WHERE
status_scope = "motd_viewed"
AND status_value = "popup"';
$result = @mysql_query($query, $connection) or die(debug_print("ERROR: 786340 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
// We would send the return value and exit here, but we still need to get
// the current number of views to send back, so do the next query first...
}
$query = '
SELECT
COUNT(status_key) AS total_views,
MIN(timestamp) AS oldest_view
FROM ' . NEW_TABLE_STATUS . '
WHERE
status_scope = "motd_viewed"
AND status_value = "popup"';
$result = @mysql_query($query, $connection) or die(debug_print("ERROR: 578230 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
if ($row = mysql_fetch_object($result)) {
$total_views = $row->total_views;
$oldest_view = $row->oldest_view;
}
$views_text = 'Viewed by ' . $total_views . ' ' . Inflect::pluralize_if($total_views, 'member') . (isset($oldest_view) ? ' since<br />' . $oldest_view : '') . '.';
// No zero-inventory exclusion for producers' own products
$where_zero_inventory = '';
// This is the producer's own listing, so no restriction on producers
$where_producer_pending = '
1';
// For producer product list, show both the wholesale and retail prices... unless it is a wholesale-only product
$display_wholesale_price_true = 1;
// Force display
$display_retail_price_true = 1;
// Force display
// Listing all versions of a product, which includes the un-confirmed ones
$where_confirmed = '';
// Showing all versions, so no restrict by listing_auth_type_condition
$where_auth_type = '';
// Producer admin is allowed to see the versions for anyone...
if (CurrentMember::auth_type('producer_admin')) {
$where_misc = '
AND ' . NEW_TABLE_PRODUCTS . '.product_id = "' . mysql_real_escape_string($_GET['product_id']) . '"';
} else {
$where_misc = '
AND ' . NEW_TABLE_PRODUCTS . '.producer_id = "' . mysql_real_escape_string($producer_id_you) . '"
AND ' . NEW_TABLE_PRODUCTS . '.product_id = "' . mysql_real_escape_string($_GET['product_id']) . '"';
}
$order_by = '
' . TABLE_CATEGORY . '.sort_order ASC,
' . TABLE_SUBCATEGORY . '.subcategory_name ASC,
' . NEW_TABLE_PRODUCTS . '.product_version DESC';
// Assign page tab and title information
$page_title_html = '<span class="title">Products</span>';
$page_subtitle_html = '<span class="subtitle">Listed by Category</span>';
$page_title = 'Products: Listed by Category';
LEFT JOIN ' . NEW_TABLE_BASKETS . ' USING(basket_id)
LEFT JOIN ' . NEW_TABLE_PRODUCTS . ' USING(product_id,product_version)
WHERE
' . NEW_TABLE_BASKETS . '.member_id = "' . mysql_real_escape_string($member_id) . '"
AND ' . NEW_TABLE_BASKETS . '.basket_id = "' . mysql_real_escape_string($basket_id) . '"
AND ' . NEW_TABLE_BASKET_ITEMS . '.out_of_stock != ' . NEW_TABLE_BASKET_ITEMS . '.quantity
AND ' . NEW_TABLE_PRODUCTS . '.random_weight != "0"
AND ' . NEW_TABLE_BASKET_ITEMS . '.total_weight = "0"
ORDER BY producer_id ASC';
$resultprp = @mysql_query($sqlp, $connection) or die(debug_print("ERROR: 785033 ", array($sqlp, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
$num = mysql_numrows($resultprp);
while ($row = mysql_fetch_array($resultprp)) {
$display .= '<a href="product_list.php?&type=producer_byproduct&producer_id=' . $row['producer_id'] . '&delivery_id=' . $delivery_id . '">Weight needed: #' . $row['product_id'] . '</a><br>';
}
$display .= '</td>
<td class="member_links">' . (CurrentMember::auth_type('member_admin') == true ? '<a class="popup" onclick="popup_src(\'edit_member.php?action=edit&member_id=' . $member_id . '&display_as=popup\', \'edit_producer\', \'\')">Edit</a>' : '') . (CurrentMember::auth_type('member_admin') == true && CurrentMember::auth_type('cashier') == true ? ' | ' : '') . (CurrentMember::auth_type('cashier') == true ? '<a class="popup" onclick="popup_src(\'member_information.php?member_id=' . $member_id . '&display_as=popup\', \'edit_member\', \'\')">View</a>' : '') . '
</td>
<td class="order_links" valign="top"><a href="product_list.php?type=basket&delivery_id=' . $delivery_id . '&member_id=' . $member_id . '&basket_id=' . $basket_id . '">Basket</a> | <a href="show_report.php?type=customer_invoice&delivery_id=' . $delivery_id . '&member_id=' . $member_id . '">Invoice</a></td>
</tr>';
$member_id_list .= '#' . $member_id;
}
$content_list = '
<div align="center">
<div id="delivery_id_nav">
<a class="prior" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id - 1) . '">← PRIOR CYCLE </a>
<a class="next" href="' . $_SERVER['SCRIPT_NAME'] . '?delivery_id=' . ($delivery_id + 1) . '"> NEXT CYCLE →</a>
</div>
<table width="100%">
<tr>
<td align="left">
<h3>Customer Orders: ' . date('F j, Y', strtotime($delivery_date)) . ' (' . $num_orders . ' Orders)</h3>
<td align="left" valign=top colspan=2>' . nl2br($site_description) . '<br><br></td>
</tr>';
$display_charge = '';
$route_id_prev = $route_id;
}
$display .= '
<tr>
<td><br></td>
</tr>';
}
$display_block = '
<table bgcolor="#ffffff" cellspacing="0" cellpadding="2" border="0" width="90%">
<tr>
<td colspan="3">
Note: If you don’t see your town listed here, please contact <a href="mailto:' . GENERAL_EMAIL . '">' . GENERAL_EMAIL . '</a>.
We are adding new routes all the time and if there is interest in a particular location, we may be able to add it.' . (CurrentMember::auth_type('institution') ? ' Sites are marked ∗ for institution/wholesale deliveries and • for retail deliveries.' : '') . '
</td>
</tr>
<tr>
<td colspan="3">
Quick Links:
<ul>
' . $quicklinks . '
</ul>
</td>
</tr>
' . $display . '
</table>
';
$page_title_html = '<span class="title">' . SITE_NAME . '</span>';
$page_subtitle_html = '<span class="subtitle">Pickup and Delivery Locations</span>';
<?php
include_once 'config_openfood.php';
session_start();
valid_auth('site_admin,member_admin');
// Disable this line to allow member access to their own information
include_once 'func.check_membership.php';
// Restrict view to member_admin and cashier except for a person's own information
if (CurrentMember::auth_type('member_admin,cashier') && isset($_GET['member_id'])) {
$member_id = $_GET['member_id'];
} else {
$member_id = $_SESSION['member_id'];
}
// Process any updates
// --- NONE ---
// Do queries and create content
$query_member_info = '
SELECT
*
FROM ' . TABLE_MEMBER . '
LEFT JOIN ' . TABLE_MEMBERSHIP_TYPES . ' USING (membership_type_id)
WHERE
member_id = "' . mysql_real_escape_string($member_id) . '"';
$result_member_info = @mysql_query($query_member_info, $connection) or die(debug_print("ERROR: 785033 ", array($query, mysql_error()), basename(__FILE__) . ' LINE ' . __LINE__));
$member_data_found = false;
if ($row_member_info = mysql_fetch_array($result_member_info)) {
$member_data_found = true;
}
$renewal_info = check_membership_renewal(get_membership_info($member_id));
$member_content = '
<div id="member_info_main">
<?php
include_once 'config_openfood.php';
session_start();
valid_auth('route_admin,producer,producer_admin');
$type = $_GET['type'];
$delivery_id = $_GET['delivery_id'];
$checkbox = '<img src="' . DIR_GRAPHICS . 'checkbox.gif" style="height:1em;vertical-align:text-top;">';
// Check how to restrict the results...
if (isset($_GET['producer_id'])) {
// Producers and Route Admins get the specified list, if requested.
$and_producer_id = '
AND ' . NEW_TABLE_PRODUCTS . '.producer_id = "' . mysql_real_escape_string($_GET['producer_id']) . '"';
// Use only ONE checkbox on these listings
$checkbox = ' <img src="' . DIR_GRAPHICS . 'checkbox.gif" style="height:1em;vertical-align:text-top;"> ';
} elseif (CurrentMember::auth_type('route_admin')) {
$and_producer_id = '';
} else {
$and_producer_id = '
AND ' . NEW_TABLE_PRODUCTS . '.producer_id = ""';
}
if ($type == 'pickup') {
$output .= '
<h1>Producer Pick-up List</h1>
<pre>';
$query = '
SELECT
' . TABLE_PRODUCT_STORAGE_TYPES . '.storage_code,
' . NEW_TABLE_BASKET_ITEMS . '.product_id,
' . NEW_TABLE_PRODUCTS . '.product_name,
' . NEW_TABLE_SITES . '.*,
// [provide redirect]
// }
// else
// {
// [provide site message(s)]
// [provide order cycle information]
// }
// If being asked to logout, then do that first
if ($_REQUEST['action'] == 'logout') {
session_destroy();
unset($_SESSION);
if (WORDPRESS_ENABLED == true) {
require 'wordpress_utilities.php';
wordpress_logout();
}
CurrentMember::clear_member_info();
$page_title_html = '<span class="title">' . SITE_NAME . '</span>';
$page_subtitle_html = '<span class="subtitle">Logout</span>';
$page_title = 'Logout';
$page_tab = 'login';
}
// Check if the member is not already logged in
if ($_REQUEST['action'] == 'login' && !$_SESSION['member_id']) {
// Check if we already have a posted username/password combination
if ($_POST['username'] && $_POST['password']) {
$query_login = '
SELECT
member_id,
username,
pending,
membership_discontinued