/** * Place order * @param $order_number * @param $cc_params */ public static function PlaceOrder($order_number, $cc_params = array()) { global $objLogin; if (SITE_MODE == 'demo') { self::$message = draw_important_message(_OPERATION_BLOCKED, false); return false; } $sql = 'SELECT id, order_number FROM ' . TABLE_ORDERS . ' WHERE order_number = \'' . $order_number . '\' AND customer_id = ' . (int) $objLogin->GetLoggedID() . ' AND status = 0 ORDER BY id DESC'; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $sql = 'UPDATE ' . TABLE_ORDERS . ' SET created_date = \'' . date('Y-m-d H:i:s') . '\', status_changed = \'' . date('Y-m-d H:i:s') . '\', cc_type = \'' . $cc_params['cc_type'] . '\', cc_holder_name = \'' . $cc_params['cc_holder_name'] . '\', cc_number = AES_ENCRYPT(\'' . $cc_params['cc_number'] . '\', \'' . PASSWORDS_ENCRYPT_KEY . '\'), cc_expires_month = \'' . $cc_params['cc_expires_month'] . '\', cc_expires_year = \'' . $cc_params['cc_expires_year'] . '\', cc_cvv_code = \'' . $cc_params['cc_cvv_code'] . '\', status = \'1\' WHERE order_number = \'' . $order_number . '\''; database_void_query($sql); if (Orders::SendOrderEmail($order_number, 'accepted', $objLogin->GetLoggedID())) { // OK } else { //$this->message = draw_success_message(_ORDER_SEND_MAIL_ERROR, false); } return true; } else { self::$message = _ORDER_ERROR; return false; } }