$parameters = array('action', 'cPath', 'products_id', 'pid');
} else {
$goto = $PHP_SELF;
if ($_GET['action'] == 'buy_now') {
$parameters = array('action', 'pid', 'products_id');
} else {
$parameters = array('action', 'pid');
}
}
switch ($_GET['action']) {
// customer wants to update the product quantity in their shopping cart
case 'update_product':
for ($i = 0, $n = sizeof($_POST['products_id']); $i < $n; $i++) {
$attributes = $_POST['id'][$_POST['products_id'][$i]] ? $_POST['id'][$_POST['products_id'][$i]] : '';
$_SESSION['cart']->add_cart($_POST['products_id'][$i], $_POST['cart_quantity'][$i], $attributes, false);
$messageStack->add_session('product_action', sprintf(PRODUCT_ADDED, tep_get_products_name((int) $_POST['products_id'][$i])), 'success');
}
OSCOM::redirect($goto, tep_get_all_get_params($parameters));
break;
// customer adds a product from the products page
// customer adds a product from the products page
case 'add_product':
if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) {
$attributes = isset($_POST['id']) ? $_POST['id'] : '';
$_SESSION['cart']->add_cart($_POST['products_id'], $_SESSION['cart']->get_quantity(tep_get_uprid($_POST['products_id'], $attributes)) + 1, $attributes);
$messageStack->add_session('product_action', sprintf(PRODUCT_ADDED, tep_get_products_name((int) $_POST['products_id'])), 'success');
}
OSCOM::redirect($goto, tep_get_all_get_params($parameters));
break;
// customer removes a product from their shopping cart
// customer removes a product from their shopping cart
die;
}
$denied_operations_query = tep_db_query("select ug2c.denied_actions from " . TABLE_USERS . " u, " . TABLE_USERS_GROUPS_TO_CONTENT . " ug2c where u.users_groups_id = ug2c.users_groups_id and u.users_id = '" . $REMOTE_USER . "' and ug2c.filename = '" . basename($PHP_SELF) . "'");
$denied_operations_array = tep_db_fetch_array($denied_operations_query);
$denied_operations = explode(',', $denied_operations_array['denied_actions']);
if (!is_array($denied_operations)) {
$denied_operations = array();
}
$user_defined_action = '';
if (isset($HTTP_GET_VARS['action']) && tep_not_null($HTTP_GET_VARS['action'])) {
$action = $HTTP_GET_VARS['action'];
if (stristr($action, 'update') || stristr($action, 'edit') || stristr($action, 'copy') || stristr($action, 'move')) {
$user_defined_action = 'edit';
}
if (stristr($action, 'delete')) {
$user_defined_action = 'delete';
}
if (tep_not_null($user_defined_action) && in_array($user_defined_action, $denied_operations)) {
$messageStack->add_session(TEXT_OPERATION_DENIED, 'error');
tep_redirect($_SERVER['HTTP_REFERER']);
exit;
}
}
$debug_sections = array();
$debug_sections[] = array('id' => 'create', 'text' => DEBUG_MODES_DISALLOW_CREATE);
$debug_sections[] = array('id' => 'edit', 'text' => DEBUG_MODES_DISALLOW_EDIT);
$debug_sections[] = array('id' => 'delete', 'text' => DEBUG_MODES_DISALLOW_DELETE);
$debug_information = array();
$debug_information[] = array('id' => 'move', 'text' => DEBUG_MODES_DISALLOW_MOVE);
$debug_information[] = array('id' => 'edit', 'text' => DEBUG_MODES_DISALLOW_EDIT);
$debug_information[] = array('id' => 'delete', 'text' => DEBUG_MODES_DISALLOW_DELETE);
if ($HTTP_GET_VARS['from'] == 'postpone') {
$postpone_cart->remove($HTTP_GET_VARS['products_id']);
} elseif ($HTTP_GET_VARS['from'] == 'foreign') {
$foreign_cart->remove($HTTP_GET_VARS['products_id']);
} else {
$cart->remove($HTTP_GET_VARS['products_id']);
}
tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters), $ssl_params) . ($HTTP_GET_VARS['from'] != '' ? '#' . $HTTP_GET_VARS['from'] : ''));
break;
// customer remove a product from shopping cart or postpone cart
// customer remove a product from shopping cart or postpone cart
case 'notify':
if (tep_session_is_registered('customer_id')) {
$postpone_cart->change_notification($HTTP_GET_VARS['products_id'], $HTTP_GET_VARS['notify']);
} else {
$messageStack->add_session('header', POSTPONE_CART_NOTIFICATION_ERROR);
}
tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters), $ssl_params) . '#postpone');
break;
// customer adds a product from the products page
// customer adds a product from the products page
case 'add_product':
if (ALLOW_GUEST_TO_ADD_CART == 'true' || tep_session_is_registered('customer_id') || $HTTP_GET_VARS['link'] == 'mail') {
if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id']) || isset($HTTP_GET_VARS['products_id']) && is_numeric($HTTP_GET_VARS['products_id'])) {
$quantity = (int) $HTTP_POST_VARS['quantity'];
if (isset($HTTP_GET_VARS['products_id'])) {
$products_id = $HTTP_GET_VARS['products_id'];
} else {
$products_id = $HTTP_POST_VARS['products_id'];
}
if ($quantity < 1) {
$cart_qty = $_SESSION['cart']->in_cart_mixed($_POST['products_id']);
$new_qty = $_POST['cart_quantity'][$i];
if ($add_max == 1 and $cart_qty == 1) {
// do not add
$adjust_max = 'true';
} else {
// adjust quantity if needed
if ($new_qty + $cart_qty > $add_max and $add_max != 0) {
$adjust_max = 'true';
$new_qty = $add_max - $cart_qty;
}
$attributes = $_POST['id'][$_POST['products_id'][$i]] ? $_POST['id'][$_POST['products_id'][$i]] : '';
$_SESSION['cart']->add_cart($_POST['products_id'][$i], $new_qty, $attributes, false);
}
if ($adjust_max == 'true') {
$messageStack->add_session('header', ERROR_MAXIMUM_QTY . ' - ' . zen_get_products_name($_POST['products_id'][$i]), 'caution');
}
}
}
zen_redirect(zen_href_link($goto, zen_get_all_get_params($parameters)));
break;
// remove individual products from cart
// remove individual products from cart
case 'remove_product':
if (isset($_GET['product_id']) && zen_not_null($_GET['product_id'])) {
$_SESSION['cart']->remove($_GET['product_id']);
}
zen_redirect(zen_href_link($goto, zen_get_all_get_params($parameters)));
break;
// customer adds a product from the products page
// customer adds a product from the products page
