function funcDeleteItem($itemcode, $emailaddress)
{
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//$qty = "1";
//$itemcode = funcSanitize($_POST['removeitem']);
$strBool = 0;
$counter = 0;
$strUpdateStockQuery = "DELETE FROM tbl_PreOrder where stockID = '" . $itemcode . "' and emailaddress = '" . $emailaddress . "'";
mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
funcLogToDebug("RemovePreOrder.php: PreOrder for " . $itemcode . " by " . $emailaddress . "was removed.");
//header('location: ' . $_SERVER['PHP_SELF']);
//header('location: ' . $_POST['page']);
//echo $_POST['page'];
echo "<meta http-equiv='refresh' content='0;url=" . $_POST['page'] . "'>";
}
session_set_cookie_params($sessionExpire);
//start new session
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = array();
}
if ($_GET["key"] != "") {
$strBin = hex2bin($_GET["key"]);
$strDecrypted = funcDecrypt($strBin);
$strUserID = substr($strDecrypted, 0, strpos($strDecrypted, "&"));
$strNow = date('Y-m-j H:i:s');
$value = funcEncrypt($strUserID . "&" . $strNow);
//$str = strpos(strDecrypted,"&");
funcLogToDebug("ChooseDelivery3.php: " . $strBin);
funcLogToDebug("ChooseDelivery3.php: " . $strDecrypted);
funcLogToDebug("ChooseDelivery3.php: " . $strUserID);
}
if ($_GET["strUserID"] != $strUserID) {
setcookie("AUTH", "", time() - 600, "/", "shop.scifivault.com", 0);
/* expire in 10 mins ago */
echo "denied. Give it 3 seconds";
echo "<meta http-equiv='refresh' content='3;url=/UserLogon.php'>";
} else {
//echo "<!--\n<b>We have an Auth cookie</b>";
//echo "\n<br>Cookie(auth): " . $_COOKIE["AUTH"];
//now can we decrypt the cookie....
//echo "\n<br>Binary: " . hex2bin($_COOKIE["AUTH"]);
setcookie("AUTH", $value, $strExpiry, "/", "shop.scifivault.com", 0);
/* expire in 10 mins */
//echo $strUserID . "_" . $strExpiry ."<br>" ;
//print_r ($_COOKIE["AUTH"]);
<BODY>
<?php
include 'includes/SharedFunctionsStrict.php';
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
funcDebug("Connected to database");
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
$strNow = date('Y-m-j h:i:s');
$strStatus = funcSanitize($_POST["STATUS"]);
$strOrder = funcSanitize($_POST["orderno"]);
funcLogToDebug("updateOrder.php: Order (" . $strOrder . ") changed status to " . $strStatus);
$strUpdateQuery = "UPDATE tbl_Orders SET Status = '" . $strStatus . "' WHERE OrderNo = '" . $strOrder . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error());
//query to get all baskets
$strQuery = "SELECT * FROM tbl_Orders where OrderNo = '" . $strOrder . "'";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
$strOrderNo = $line["OrderNo"];
$strOrderSubmitted = $line["DateTme"];
$strCookie = $line["Cookie"];
$strItems = $line["Items"];
$strShipping = $line["Shipping"];
$strCost = $line["Cost"];
$strAddress = $line["Address"];
$strEmailAddress = $line["emailaddress"];
<?php
//connect to server
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
$strNow = date('Y-m-j G:i:s');
$strItem1 = funcSanitize($_POST["SPitem1"]);
$strItem2 = funcSanitize($_POST["SPitem2"]);
$strItem3 = funcSanitize($_POST["SPitem3"]);
$strItem4 = funcSanitize($_POST["SPitem4"]);
$strItem5 = funcSanitize($_POST["SPitem5"]);
$strItem6 = funcSanitize($_POST["SPitem6"]);
funcLogToDebug("submitSpecialItemsFP.php: " . $strItem1 . "," . $strItem2 . "," . $strItem3 . "," . $strItem4 . "," . $strItem5);
//first thing is first, remove all special items (subcategory) tags for the posted category
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '0' where DisplayonFrontPage = '1'";
//echo $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 1st item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem1 . "'";
//echo "<br>" . $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 2nd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem2 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 3rd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem3 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 4th item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem4 . "'";
$gblnDebug = false;
?>
<?php
include 'includes/SharedFunctionsStrict.php';
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
$strStockID = $_POST["stockID"];
$strQuery = "SELECT * FROM tblItem where stockID = '" . $strStockID . "'";
funcLogToDebug("submitAdd.php: Adding Item " . $strStockID);
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strResult);
funcDebug($conNumberofRows);
//funcDebug (mysql_num_rows($strResult) . "<br>");
//if there are any rows in the table with the same ID, error
if ($conNumberofRows != 0) {
echo "<b>ERROR! stockID " . $strStockID . "Already exists<br></b>\n";
} else {
$strDescription = $_POST["Description"];
$strSmallPicture = $_POST["smallPicture"];
$strBigPicture = $_POST["bigPicture"];
$strShortDescription = $_POST["shortDescription"];
$strName = $_POST["Name"];
$strCost = $_POST["Cost"];
$strRRP = $_POST["RRP"];
$strShippingNote = "Postage + Insurance";
$strShipping = $str1stClassCost + $strInsurance;
//echo "*" . $strShipping;
}
//$strShipping = "0.00";
//squirt order into database
$strUpdateOrder = "UPDATE tbl_Orders SET items = '" . $strOrder2 . "', cost = '" . $strTotal . "', Shipping = '" . $strShipping . "' where DateTme = '" . $strNow . "' and emailAddress = '" . $strEmailAddress . "'";
$strUpdateResult = mysql_query($strUpdateOrder) or die("Query Failed:" . mysql_error());
//log it.
funcLogToDebug("submitPreOrder.php: New Order created - " . $strOrder2 . ", Shipping - " . $strShipping);
//delete entries from pre-order table.
foreach ($strOrder as $o) {
$arrPreOrder = split("#", $o);
$strDeletePreOrderQry = "DELETE FROM tbl_PreOrder where uid = '" . $arrPreOrder[3] . "'";
$strDeletePreOrderResult = mysql_query($strDeletePreOrderQry) or die("Query Failed:" . mysql_error());
funcLogToDebug("submitPreOrder.php: Deleted preOrder " . $arrPreOrder[3] . ", (" . $arrPreOrder[0] . "x" . $arrPreOrder[1] . ")");
}
redirect("default.php?Action=OutstandingOrders", 0, "");
?>
<?php
// Redirects to another Page using HTTP-META Tag
function redirect($url, $delay = 0, $message = "")
{
/* redirects to a new URL using meta tags */
echo "<meta http-equiv='Refresh' content='" . $delay . "; url=" . $url . "'>";
die("<div style='font-family: Arial, Sans-serif; font-size: 12pt;' align=center> " . $message . " </div>");
}
$strUpdatedBasketValue = $line2["Qty"] + $qty;
$strAddToBasket = "UPDATE tblBasket SET qty = '" . $strUpdatedBasketValue . "' where item = '" . $itemcode . "' and PHPSessionID = '" . session_id() . "'";
mysql_query($strAddToBasket) or die("Update Basket Query Failed:" . mysql_error());
funcLogToDebug("addToBasket2.php: Item " . $itemcode . " update to basket (" . session_id() . ")");
} elseif ($conNumberofRows == 0) {
//need to insert a row into the table
$strAddToBasket = "INSERT tblBasket Values ('" . session_id() . "', '" . $itemcode . "', '" . $qty . "')";
mysql_query($strAddToBasket) or die("Add to Basket Query Failed:" . mysql_error());
funcLogToDebug("addToBasket2.php: Item " . $itemcode . " added to basket (" . session_id() . ")");
} else {
//catchall for invalid entries in basket. stops
//before making any changes in the main tblItems.
echo "Invalid number of rows in your basket, please contact us";
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
funcLogToDebug("addToBasket2.php: Problem updating Item " . $itemcode . " to basket (" . session_id() . ")");
exit;
}
//update tblItems with new stock value
$strUpdatedStockValue = $line["NoOfItems"] - $qty;
//funcDebug ("Updated stock value: " . $strUpdatedStockValue);
$strUpdateStockQuery = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedStockValue . "' WHERE stockID = '" . $itemcode . "'";
mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error());
} else {
//oh dear, no stock left
echo "Not enough stock I'm afraid for that item";
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
exit;
$strStockResult = mysql_query($strStockQry) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strStockResult);
if ($conNumberofRows == "1") {
//verify email is in our database
$strEmailQry = "SELECT emailAddress from tbl_UserLogin where emailAddress = '" . $email . "'";
$strEmailResult = mysql_query($strEmailQry) or die("Query Failed :" . mysql_error());
$conNumberofRows2 = mysql_num_rows($strEmailResult);
if ($conNumberofRows2 == "1") {
//add entry to tbl_PreOrder
$strInsertQry = "INSERT INTO tbl_PreOrder values ('" . $email . "', '" . $qty . "', '" . $comments . "', '" . $strNow . "','" . $itemcode . "','')";
$strInsert = mysql_query($strInsertQry) or die("Query Failed :" . mysql_error());
funcLogToDebug("UpdatePreOrder.php: Updated database");
} else {
funcLogToDebug("UpdatePreOrder.php: email address does not exist in db - shouldn\\'t happen");
}
} else {
echo " Error! More than one piece of this stock in the right state!";
funcLogToDebug("UpdatePreOrder.php: More than one piece of stock in the right state");
}
//header('location: ' . $_SERVER['PHP_SELF']);
//header('location: ' . $_POST['page']);
echo "<meta http-equiv='refresh' content='0;url=/thanks.htm'>";
exit;
?>
<HTML>
<br><a href="index3.php">index3.php</a>
<br><a href="session.php">session.php</a>
</HTML>
$strItemResult = mysql_query($strItemQuery) or die("Query Failed :" . mysql_error());
$strStockID = substr($item, 0, strpos($item, "("));
while ($lineItem = mysql_fetch_array($strItemResult, MYSQL_ASSOC)) {
$strNamedItem = $lineItem["Name"];
$strPrice = substr($item, strpos($item, "(") + 1, strrpos($item, ")") - strpos($item, "(") - 1);
$strQty = substr($item, strpos($item, "x") + 1);
echo "<tr><td>" . $strQty . "</td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strStockID . "</a></td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strNamedItem . "</a></td><td align='right'>£" . $strPrice . "</td><td align='right'>£" . $strPrice * $strQty . "</td></tr><br />";
}
}
echo "<tr><td></td><td></td><td> </td><td></td><td></td></tr>";
echo "<tr><td></td><td></td><td><b>Shipping</b></td><td></td><td align='right'>£" . $strShipping . "</td></tr>";
echo "<tr><td></td><td></td><td><b>Total</b></td><td></td><td align='right'>£" . ($strShipping + $strCost) . "</td></tr>";
echo "</table>";
} else {
echo "denied. Give it 3 seconds";
funcLogToDebug("Orderview.php: " . $_GET["strUserID"] . " just tried to look into order no " . $strOrderNo);
echo "<meta http-equiv='refresh' content='0;url=/UserLogon.php'>";
}
}
?>
<p>
</td>
<td width="200" align="center" valign="top">
<table width="200" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#002A54">
<tr>
<td bgcolor="#002A54">
<div align="center"><img src="images/buttons/LOGIN.gif" width="180" height="25"></div>
</td>
</tr>
}
} else {
//more than one user in our database with the same strUserID, log it and error
//passwords don't match. Error gracefully.
echo "<meta http-equiv='refresh' content='0;url=/UserPasswordChange.php?strUserID=" . $strUserID . "&PasswordError=3'>";
echo "</HEAD></HTML>";
funcLogToDebug("updatePassword.php failed: More than one userID in the database (" . $strUserID . ")");
exit;
}
//check passwords match
if ($strPassword2 == $strPassword3) {
//passwords match, lets carry on
$strMD5 = md5($strPassword2);
} else {
//passwords don't match. Error gracefully.
echo "<meta http-equiv='refresh' content='0;url=/UserPasswordChange.php?strUserID=" . $strUserID . "&PasswordError=1'>";
echo "</HEAD></HTML>";
funcLogToDebug("updatePassword.php:" . $strUserID . " couldn't match new passwords");
exit;
}
$strChPassQuery = "UPDATE tbl_UserLogin set Password = '******' where UserID = '" . $strUserID . "'";
$strResult = mysql_query($strChPassQuery) or die("Query Failed:" . mysql_error());
funcLogToDebug("updatePassword.php: Update " . $strUserID . " Password");
echo "<meta http-equiv='refresh' content='0;url=/passwordupdate.php?strUserID=" . $strUserID . "'>";
?>
</HEAD>
</HTML>
<?php
}
for ($i = 0; $i < $length; $i++) {
$rand_pos = rand(0, $rand_max);
$rand_key[] = $key_chars[$rand_pos];
}
$rand_pass = implode('', $rand_key);
//set in database
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strChPassQuery = "UPDATE tbl_UserLogin set Password = '******' where UserID = '" . $strEmailAddress . "'";
$strResult = mysql_query($strChPassQuery) or die("Query Failed:" . mysql_error());
//display msg
//echo "Password has been sent to your account";
//and send....
mail($strEmailAddress, "ScifiVault.com Password Retrieval", "\n\n Your Password is " . $rand_pass . ", Once logged in successfully, please change it as a security measure", "From: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
funcLogToDebug("passwordRetrieval.php: Password sent to " . $strEmailAddress);
funcLogToDebug("passwordRetrieval.php: " . $rand_pass);
}
?>
<table border="0" cellspacing="0" cellpadding="5" width="900" align="center">
<tr>
<td width="500"><a href="http://shop.scifivault.com/index3.php"><img src="images/scifi-small-best.jpg" width="403" height="62" border="0"></a>
</td>
<td align="right" valign="top" width="300">
<div align="right">
<script language=JavaScript>
</td></tr>
<tr><td>
$strVerifyCode = funcSanitize($_GET["VerifyKey"]);
funcDebug($strUserName);
funcDebug($strVerifyCode);
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strUserQuery = "SELECT UserID FROM tbl_UserLogin where UserID = '" . $strUserName . "'";
$strUserResult = mysql_query($strUserQuery) or die("Query Failed:" . mysql_error());
//User Exists, so Error gracefully, then forward the user on
$conNumberofRows = mysql_num_rows($strUserResult);
if ($conNumberofRows == 1) {
//here's our user
$strNow = date('Y-m-j h:i:s');
//User Doesn't exist so carry on Adding
$strAddUserQuery = "UPDATE tbl_UserLogin SET UserVerified='1' where UserID='" . $strUserName . "'";
$strAddUserResult = mysql_query($strAddUserQuery) or die("Query Failed:" . mysql_error());
echo "\r\n\r\n<table border='0' cellspacing='0' cellpadding='5' width='900' align='center'>\r\n <tr>\r\n <td width='500'><a href='http://shop.scifivault.com/index3.php'><img src='images/scifi-small-best.jpg' width='403' height='62' border='0'></a>\r\n\r\n </td>\r\n <td align='right' valign='top' width='300'>\r\n\r\n\r\n </td></tr>\r\n\r\n<tr><td>\r\n<br> <font face='verdana'>Thankyou! You've succesfully verified.\r\n\r\n<p>Feel free to sign on and shop. Click on the link below to hurry things along.\r\n<br><br><a href='index3.php'>Back to Shop</a></font></td><td></td></tr>\r\n\r\n</table>\r\n\r\n\r\n\t\t";
funcLogToDebug("VerifyUser.php: " . $strUserName . " verified successfully");
//echo "<meta http-equiv='refresh' content='10;url=/index3.php'>";
} else {
//we've got more than 1 user with the same user ID in the db (Shouldn't be possible)
//or no user with that user name
echo "Error! Please contact scifivault.com with details of your UserId";
funcLogToDebug("VerifyUser.php: " . $strUserName . " errored.");
echo "<A href='index3.php'>Back to shop</a>";
}
?>
</HTML>
//expires cookies after 1/2 hour
$sessionExpire = 60 * 30;
session_set_cookie_params($sessionExpire);
//start new session
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = array();
}
if ($_GET["key"] != "") {
$strBin = hex2bin($_GET["key"]);
$strDecrypted = funcDecrypt($strBin);
$strUserID = substr($strDecrypted, 0, strpos($strDecrypted, "&"));
//$str = strpos(strDecrypted,"&");
funcLogToDebug("submitOrder2.php: " . $strBin);
funcLogToDebug("submitOrder2.php: " . $strDecrypted);
funcLogToDebug("submitOrder2.php: " . $strUserID);
}
if ($_GET["strUserID"] != $strUserID) {
setcookie("AUTH", "", time() - 600, "/", "shop.scifivault.com", 0);
/* expire in 10 mins ago */
echo "denied. Give it 3 seconds";
echo "<meta http-equiv='refresh' content='3;url=/UserLogon.php'>";
} else {
//echo "<!--\n<b>We have an Auth cookie</b>";
//echo "\n<br>Cookie(auth): " . $_COOKIE["AUTH"];
//now can we decrypt the cookie....
//echo "\n<br>Binary: " . hex2bin($_COOKIE["AUTH"]);
setcookie("AUTH", $value, $strExpiry, "/", "shop.scifivault.com", 0);
/* expire in 10 mins */
//echo $strUserID . "_" . $strExpiry ."<br>" ;
//print_r ($_COOKIE["AUTH"]);
function funcDeleteItem($strSessionID, $itemcode, $qty)
{
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//$qty = "1";
//$itemcode = funcSanitize($_POST['removeitem']);
$strBool = 0;
$counter = 0;
//additional check to make sure $qty is a numeric
if (ereg("[0-9]+", $qty)) {
funcDebug("Quantity string is numeric");
} else {
echo "Invalid Input, stop trying to put non-numerics in the quantity field";
exit;
}
//is row locked?
$strLockCheck = "SELECT ColumnLock FROM tblItem WHERE stockID = '" . $itemcode . "'";
$strLockResult = mysql_query($strLockCheck) or die("Query Failed: " . mysql_error());
while ($line = mysql_fetch_array($strLockResult, MYSQL_ASSOC)) {
if ($line["ColumnLock"] == 'YES') {
echo "Item being edited, please try again";
echo "<br><a href='index3.php'>Back to Shop</a>";
exit;
//possible retry, or forward on back to original page??
} else {
funcDebug("Free to carry on");
}
}
//set row lock on in tblItem
$strLockQuery = "UPDATE tblItem SET ColumnLock = 'YES' WHERE stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
//Lets see how much stock for this item there is
$strStockQuery = "SELECT Qty FROM tblBasket where item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'";
$strStockResult = mysql_query($strStockQuery) or die("Query Failed:" . mysql_error());
while ($line = mysql_fetch_array($strStockResult, MYSQL_ASSOC)) {
if ($line["Qty"] >= $qty) {
//great we have some stock
funcDebug($itemcode . " in basket: " . $line["Qty"]);
//$qty = $line["Qty"] - $qty;
funcDebug("Request to return " . $qty . " of " . $itemcode);
//insert/update into tblBasket
$strBasket = "SELECT * FROM tblItem where stockID = '" . $itemcode . "'";
$strBasketResult = mysql_query($strBasket) or die("Basket Query Failed:" . mysql_error());
$conNumberofRows = mysql_num_rows($strBasketResult);
if ($conNumberofRows == 1) {
//need to update the table
$line2 = mysql_fetch_array($strBasketResult, MYSQL_ASSOC);
funcDebug("Quantity of " . $itemcode . " in stock is " . $line2["NoOfItems"]);
funcLogToDebug("removeFromBasket.php: Item " . $itemcode . " remove from basket (" . session_id() . ")");
$strUpdatedBasketValue = $line2["NoOfItems"] + $qty;
$strAddToBasket = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedBasketValue . "' where stockID = '" . $itemcode . "'";
mysql_query($strAddToBasket) or die("Update Basket Query Failed:" . mysql_error());
} else {
//catchall for invalid entries in basket. stops
//before making any changes in the main tblItems.
echo "Invalid number of rows in stock database, please contact us";
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
exit;
}
//update tblItems with new stock value
$strUpdatedStockValue = $line["Qty"] - $qty;
funcDebug("Updated stock value: " . $strUpdatedStockValue);
if ($strUpdatedStockValue == 0) {
$strUpdateStockQuery = "DELETE FROM tblBasket where item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'";
mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
} else {
$strUpdateStockQuery = "UPDATE tblBasket SET qty = '" . $strUpdatedStockValue . "' WHERE item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'";
mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
}
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error());
} else {
//oh dear, no stock left
echo "Not enough of that item in your basket";
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
}
}
//header('location: ' . $_SERVER['PHP_SELF']);
//header('location: ' . $_POST['page']);
//echo $_POST['page'];
echo "<meta http-equiv='refresh' content='0;url=" . $_POST['page'] . "'>";
}
$strAvailability = funcSanitize($strAvailability);
$strNoOfItems = funcSanitize($strNoOfItems);
$strSubjectTag = funcSanitize($strSubjectTag);
$strCategoryTag = funcSanitize($strCategoryTag);
$strVersionTag = funcSanitize($strVersionTag);
$strFrontPage = funcSanitize($strFrontPage);
$strSubCatPage = funcSanitize($strSubCatPage);
$strUpdateQuery = "UPDATE tblItem SET Subject = '" . $strSubject . "', Description = '" . $strDescription . "', Category = '" . $strCategory . "', smallPicture = '" . $strSmallPicture . "', bigPicture = '" . $strBigPicture . "', ShortDescription = '" . $strShortDescription . "', Name = '" . $strName . "', Cost = '" . $strCost . "', RRP = '" . $strRRP . "', SaleRRP = '" . $strSaleRRP . "', Weight = '" . $strWeight . "', Barcode = '" . $strBarcode . "', Features = '" . $strFeatures . "', Version = '" . $strVersion . "', Size = '" . $strSize . "', PercentDiscount = '" . $strPercentDiscount . "', WholesalePrice = '" . $strWholesalePrice . "', Supplier = '" . $strSupplier . "', Availability = '" . $strAvailability . "', NoOfItems = '" . $strNoOfItems . "', SubjectTag='" . $strSubjectTag . "', CategoryTag='" . $strCategoryTag . "', VersionTag='" . $strVersionTag . "', DisplayonFrontPage = '" . $strFrontPage . "', DisplayonSubCatPage='" . $strSubCatPage . "' WHERE stockID = '" . $strStockID . "'";
funcDebug("strUpdateQuery: " . $strUpdateQuery);
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed :" . mysql_error());
$strNow = date('Y-m-j h:i:s');
$strEditedInsert = "UPDATE: \$\$" . $strStockID . "\$\$,\$\$" . $strSmallPicture . "\$\$,\$\$" . $strBigPicture . "\$\$,\$\$" . $strShortDescription . "\$\$,\$\$" . $strName . "\$\$,\$\$" . $strCost . "\$\$,\$\$" . $strRRP . "\$\$,\$\$" . $strSaleRRP . "\$\$,\$\$" . $strWeight . "\$\$,\$\$" . $strBarcode . "\$\$,\$\$" . $strFeatures . "\$\$,\$\$" . $strVersion . "\$\$,\$\$" . $strSize . "\$\$,\$\$" . $strPercentDiscount . "\$\$,\$\$" . $strWholesalePrice . "\$\$,\$\$" . $strSupplier . "\$\$,\$\$" . $strAvailability . "\$\$,\$\$" . $strNoOfItems . "\$\$,\$\$" . $strCategoryTag . "\$\$,\$\$" . $strSubjectTag . "\$\$,\$\$" . $strVersionTag . "\$\$,\$\$" . $strFrontPage . "\$\$,\$\$" . $strSubCatPage;
$strLogInsert = "INSERT INTO tblLog Values ('" . $strNow . "','DEV','" . $strEditedInsert . "')";
funcDebug("strLogInsert: " . $strLogInsert);
$strInsertLogEntry = mysql_query($strLogInsert) or die("Log Entry Failed");
funcLogToDebug("submitUpdate.php: " . $strStockID . " has been edited");
}
//close connection to database
funcDebug("Closing link to db");
mysql_close($link);
redirect("/stock2/default.php?Action=ViewItem&stockID=" . $strStockID, 1, "<B>Redirecting...</B><br> <a href='default.php?Action=AmendItem&stockID=" . $strStockID . "'>Click here if redirect fails</a>");
?>
<?php
