$parameters = array('action', 'cPath', 'products_id', 'pid'); } else { $goto = $PHP_SELF; if ($_GET['action'] == 'buy_now') { $parameters = array('action', 'pid', 'products_id'); } else { $parameters = array('action', 'pid'); } } switch ($_GET['action']) { // customer wants to update the product quantity in their shopping cart case 'update_product': for ($i = 0, $n = sizeof($_POST['products_id']); $i < $n; $i++) { $attributes = $_POST['id'][$_POST['products_id'][$i]] ? $_POST['id'][$_POST['products_id'][$i]] : ''; $_SESSION['cart']->add_cart($_POST['products_id'][$i], $_POST['cart_quantity'][$i], $attributes, false); $messageStack->add_session('product_action', sprintf(PRODUCT_ADDED, tep_get_products_name((int) $_POST['products_id'][$i])), 'success'); } OSCOM::redirect($goto, tep_get_all_get_params($parameters)); break; // customer adds a product from the products page // customer adds a product from the products page case 'add_product': if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) { $attributes = isset($_POST['id']) ? $_POST['id'] : ''; $_SESSION['cart']->add_cart($_POST['products_id'], $_SESSION['cart']->get_quantity(tep_get_uprid($_POST['products_id'], $attributes)) + 1, $attributes); $messageStack->add_session('product_action', sprintf(PRODUCT_ADDED, tep_get_products_name((int) $_POST['products_id'])), 'success'); } OSCOM::redirect($goto, tep_get_all_get_params($parameters)); break; // customer removes a product from their shopping cart // customer removes a product from their shopping cart
die; } $denied_operations_query = tep_db_query("select ug2c.denied_actions from " . TABLE_USERS . " u, " . TABLE_USERS_GROUPS_TO_CONTENT . " ug2c where u.users_groups_id = ug2c.users_groups_id and u.users_id = '" . $REMOTE_USER . "' and ug2c.filename = '" . basename($PHP_SELF) . "'"); $denied_operations_array = tep_db_fetch_array($denied_operations_query); $denied_operations = explode(',', $denied_operations_array['denied_actions']); if (!is_array($denied_operations)) { $denied_operations = array(); } $user_defined_action = ''; if (isset($HTTP_GET_VARS['action']) && tep_not_null($HTTP_GET_VARS['action'])) { $action = $HTTP_GET_VARS['action']; if (stristr($action, 'update') || stristr($action, 'edit') || stristr($action, 'copy') || stristr($action, 'move')) { $user_defined_action = 'edit'; } if (stristr($action, 'delete')) { $user_defined_action = 'delete'; } if (tep_not_null($user_defined_action) && in_array($user_defined_action, $denied_operations)) { $messageStack->add_session(TEXT_OPERATION_DENIED, 'error'); tep_redirect($_SERVER['HTTP_REFERER']); exit; } } $debug_sections = array(); $debug_sections[] = array('id' => 'create', 'text' => DEBUG_MODES_DISALLOW_CREATE); $debug_sections[] = array('id' => 'edit', 'text' => DEBUG_MODES_DISALLOW_EDIT); $debug_sections[] = array('id' => 'delete', 'text' => DEBUG_MODES_DISALLOW_DELETE); $debug_information = array(); $debug_information[] = array('id' => 'move', 'text' => DEBUG_MODES_DISALLOW_MOVE); $debug_information[] = array('id' => 'edit', 'text' => DEBUG_MODES_DISALLOW_EDIT); $debug_information[] = array('id' => 'delete', 'text' => DEBUG_MODES_DISALLOW_DELETE);
if ($HTTP_GET_VARS['from'] == 'postpone') { $postpone_cart->remove($HTTP_GET_VARS['products_id']); } elseif ($HTTP_GET_VARS['from'] == 'foreign') { $foreign_cart->remove($HTTP_GET_VARS['products_id']); } else { $cart->remove($HTTP_GET_VARS['products_id']); } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters), $ssl_params) . ($HTTP_GET_VARS['from'] != '' ? '#' . $HTTP_GET_VARS['from'] : '')); break; // customer remove a product from shopping cart or postpone cart // customer remove a product from shopping cart or postpone cart case 'notify': if (tep_session_is_registered('customer_id')) { $postpone_cart->change_notification($HTTP_GET_VARS['products_id'], $HTTP_GET_VARS['notify']); } else { $messageStack->add_session('header', POSTPONE_CART_NOTIFICATION_ERROR); } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters), $ssl_params) . '#postpone'); break; // customer adds a product from the products page // customer adds a product from the products page case 'add_product': if (ALLOW_GUEST_TO_ADD_CART == 'true' || tep_session_is_registered('customer_id') || $HTTP_GET_VARS['link'] == 'mail') { if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id']) || isset($HTTP_GET_VARS['products_id']) && is_numeric($HTTP_GET_VARS['products_id'])) { $quantity = (int) $HTTP_POST_VARS['quantity']; if (isset($HTTP_GET_VARS['products_id'])) { $products_id = $HTTP_GET_VARS['products_id']; } else { $products_id = $HTTP_POST_VARS['products_id']; } if ($quantity < 1) {
$cart_qty = $_SESSION['cart']->in_cart_mixed($_POST['products_id']); $new_qty = $_POST['cart_quantity'][$i]; if ($add_max == 1 and $cart_qty == 1) { // do not add $adjust_max = 'true'; } else { // adjust quantity if needed if ($new_qty + $cart_qty > $add_max and $add_max != 0) { $adjust_max = 'true'; $new_qty = $add_max - $cart_qty; } $attributes = $_POST['id'][$_POST['products_id'][$i]] ? $_POST['id'][$_POST['products_id'][$i]] : ''; $_SESSION['cart']->add_cart($_POST['products_id'][$i], $new_qty, $attributes, false); } if ($adjust_max == 'true') { $messageStack->add_session('header', ERROR_MAXIMUM_QTY . ' - ' . zen_get_products_name($_POST['products_id'][$i]), 'caution'); } } } zen_redirect(zen_href_link($goto, zen_get_all_get_params($parameters))); break; // remove individual products from cart // remove individual products from cart case 'remove_product': if (isset($_GET['product_id']) && zen_not_null($_GET['product_id'])) { $_SESSION['cart']->remove($_GET['product_id']); } zen_redirect(zen_href_link($goto, zen_get_all_get_params($parameters))); break; // customer adds a product from the products page // customer adds a product from the products page