sql_query($sql) ){
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
if ( !$db->sql_numrows($result) ){
return false;
}
$user_info = $db->sql_fetchrow($result);
$data['email'] = $user_info['email'];
$data['customer'] = $user_info['name'];
$data['company'] = $user_info['company'];
$data['address'] = $user_info['address'];
$data['phone'] = $user_info['phone'];
$data['fax'] = $user_info['fax'];
view_confirm();
die();
}
function add_cart(){
global $db,$template,$base_url,$base_redirect_url;
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
//Check products
$sql = 'SELECT * FROM shop_pro WHERE product_id='.$id;
if( !$result = $db->sql_query($sql) ){
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
if (!$db->sql_numrows($result)){
redirect($base_redirect_url);
die();
}
$product = isset($_SESSION['product']) ? $_SESSION['product'] .','. $id : $id;
$quantity = isset($_SESSION['quantity']) ? $_SESSION['quantity'] .',1' : 1;
$_SESSION['product'] = $product;
$_SESSION['quantity'] = $quantity;
view_cart();
}
function view_cart(){
global $db,$template,$template_body_page,$base_url,$base_product_url,$image_path;
$flag = isset($_GET['flag']) ? $_GET['flag'] : '';
$itemperpage = get_option('items_per_page');
$currency = get_option('product_currency');
//Compile session
$product = isset($_SESSION['product']) ? explode(",",$_SESSION['product']) : '';
$quantity = isset($_SESSION['quantity']) ? explode(",",$_SESSION['quantity']) : '';
$product_result = array();
if (is_array($product)){
reset($product);
while (list($key,$id) = each($product)){
$id = intval($id);
$quan = isset($quantity[$key]) ? intval($quantity[$key]) : 0;
if ($id && $quan){
if (!isset($product_result[$id])){
$product_result[$id] = $quan;
}
else{
$product_result[$id] += $quan;
}
}
}
}
$str_1 = "";
$str_2 = "";
$where_sql = " WHERE product_id=-1";
reset($product_result);
while (list($id,$quan) = each($product_result)){
$where_sql .= " OR product_id=". $id;
$str_1 .= ",$id";
$str_2 .= ",$quan";
}
$_SESSION['product'] = $str_1;
$_SESSION['quantity'] = $str_2;
//Get products
$sql = 'SELECT * FROM shop_pro '. $where_sql;
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$product_count = $db->sql_numrows($result);
$product_data = $db->sql_fetchrowset($result);
$totalprice = 0;
$noprice = false;
for ($i=0;$i<$product_count;$i++){
$price = $product_data[$i]['price'];
$num = $product_result[$product_data[$i]['product_id']];
$totalprice += $price * $num;
$template->assign_block_vars("productrow",array(
'QUANTITY' => $num,
'PRODUCT_ID' => $product_data[$i]['product_id'],
'CODE' => $product_data[$i]['code'],
'PIC_THUMB' => !empty($product_data[$i]['pic_thumb']) ? '' : '',
'TITLE' => $product_data[$i]['title'],
'PRICE' => $price ? number_format($price,DECIMALS,DEC_POINT,THOUSANDS_SEP) : '',
'TOTAL_PRICE' => $price ? number_format($price*$num,DECIMALS,DEC_POINT,THOUSANDS_SEP) : '',
'U_PRODUCT_VIEW' => $base_product_url .'?id='. $product_data[$i]['product_id'],
'U_PRODUCT_REMOVE' => $base_url . '?mode=remove&id='. $product_data[$i]['product_id'],
));
if ($price > 0){
$template->assign_block_vars("productrow.haveprice",array());
}
else{
$template->assign_block_vars("productrow.nothaveprice",array());
$noprice = true;
}
}
$template->set_filenames(array(
'body' => $template_body_page
));
if ($product_count){
$template->assign_block_vars("haveproduct",array());
if (!$noprice){
$template->assign_block_vars("havetotalprice",array());
}
}
if ( ($flag == 'added') && !$product_count ){
$template->assign_block_vars("nocookie", array());
}
$template->assign_vars(array(
'ALL_PRICE' => number_format($totalprice,DECIMALS,DEC_POINT,THOUSANDS_SEP),
'CURRENCY' => $currency,
'S_ACTION' => $base_url .'?mode=update',
'U_CART_DEL' => $base_url .'?mode=del',
'U_CART_CHECKOUT' => $base_url .'?mode=order',
));
$template->pparse('body');
}
function update_cart(){
global $db,$template,$base_redirect_url;
$quantity = isset($_POST['quantity']) ? $_POST['quantity'] : '';
$str_1 = "";
$str_2 = "";
if (is_array($quantity)){
reset($quantity);
while (list($id,$quan) = each($quantity)){
$id = intval($id);
$quan = intval($quan);
if ($id && $quan){
$str_1 .= ",". $id;
$str_2 .= ",". $quan;
}
}
}
$_SESSION['product'] = $str_1;
$_SESSION['quantity'] = $str_2;
redirect($base_redirect_url);
}
function delete_cart(){
global $base_redirect_url;
$_SESSION['product'] = "";
$_SESSION['quantity'] = "";
redirect($base_redirect_url);
}
function remove_item(){
global $base_redirect_url;
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$product = isset($_SESSION['product']) ? explode(",",$_SESSION['product']) : '';
$quantity = isset($_SESSION['quantity']) ? explode(",",$_SESSION['quantity']) : '';
$str_1 = "";
$str_2 = "";
if (is_array($product)){
reset($product);
while (list($key,$pid) = each($product)){
$pid = intval($pid);
$quan = isset($quantity[$key]) ? intval($quantity[$key]) : 0;
if ($pid && $quan && ($pid != $id)){
$str_1 .= ",$pid";
$str_2 .= ",$quan";
}
}
}
$_SESSION['product'] = $str_1;
$_SESSION['quantity'] = $str_2;
redirect($base_redirect_url);
}
function view_form_order($msg=""){
global $db,$template,$template_order_page,$base_url,$base_product_url,$base_member_url,$image_path,$data;
$itemperpage = get_option('items_per_page');
$currency = get_option('product_currency');
//Compile session
$product = isset($_SESSION['product']) ? explode(",",$_SESSION['product']) : '';
$quantity = isset($_SESSION['quantity']) ? explode(",",$_SESSION['quantity']) : '';
$product_result = array();
if (is_array($product)){
reset($product);
while (list($key,$id) = each($product)){
$id = intval($id);
$quan = isset($quantity[$key]) ? intval($quantity[$key]) : 0;
if ($id && $quan){
if (!isset($product_result[$id])){
$product_result[$id] = $quan;
}
else{
$product_result[$id] += $quan;
}
}
}
}
$where_sql = " WHERE product_id=-1";
reset($product_result);
while (list($id,$quan) = each($product_result)){
$where_sql .= " OR product_id=". $id;
}
//Get products
$sql = 'SELECT * FROM shop_pro '. $where_sql;
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$product_count = $db->sql_numrows($result);
$product_data = $db->sql_fetchrowset($result);
$totalprice = 0;
$noprice = false;
for ($i=0;$i<$product_count;$i++){
$price = $product_data[$i]['price'];
$num = $product_result[$product_data[$i]['product_id']];
$totalprice += $price * $num;
if ($product_data[$i]['price'] <= 0){
$noprice = true;
}
$title = cut_string($product_data[$i]['title'],40);
$template->assign_block_vars("productrow",array(
'QUANTITY' => $num,
'PRODUCT_ID' => $product_data[$i]['product_id'],
'PIC_THUMB' => !empty($product_data[$i]['pic_thumb']) ? '' : '',
'TITLE' => $title,
'CODE' => $product_data[$i]['code'],
'PRICE' => ($product_data[$i]['price']) ? number_format($price,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
'TOTAL_PRICE' => ($product_data[$i]['price']) ? number_format($price * $num,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
'U_PRODUCT_VIEW' => $base_product_url . '?id='.$product_data[$i]['cat_id'].'&id='. $product_data[$i]['product_id'],
'U_PRODUCT_REMOVE' => $base_url . '?mode=remove&id='. $product_data[$i]['product_id'],
));
}
$template->set_filenames(array(
'body' => $template_order_page
));
$template->assign_vars(array(
'ERR_MESSAGE' => $msg,
'ALL_PRICE' => ( !$noprice ) ? number_format($totalprice,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
'CURRENCY' => $currency,
'S_REG_ACTION' => $base_url .'?mode=reg',
'S_LOGIN_ACTION' => $base_url .'?mode=login',
'U_FORGOT_PASS' => $base_member_url .'?mode=forgotpwd',
'CUSTOMER' => isset($data['customer']) ? $data['customer'] : '',
'COMPANY' => isset($data['company']) ? $data['company'] : '',
'ADDRESS' => isset($data['address']) ? $data['address'] : '',
'PHONE' => isset($data['phone']) ? $data['phone'] : '',
'FAX' => isset($data['fax']) ? $data['fax'] : '',
'EMAIL' => isset($data['email']) ? $data['email'] : '',
'REGEMAIL' => isset($data['regemail']) ? $data['regemail'] : '',
));
$template->pparse('body');
}
function send_order(){
global $emailer,$db,$template,$template_finish_page,$base_url,$base_product_url,$base_redirect_url,$image_path,$template_mail_admin,$template_mail_user,$data;
$data['customer'] = isset($_POST['customer']) ? htmlspecialchars($_POST['customer']) : '';
$data['company'] = isset($_POST['company']) ? htmlspecialchars($_POST['company']) : '';
$data['address'] = isset($_POST['address']) ? htmlspecialchars($_POST['address']) : '';
$data['phone'] = isset($_POST['phone']) ? htmlspecialchars($_POST['phone']) : '';
$data['fax'] = isset($_POST['fax']) ? htmlspecialchars($_POST['fax']) : '';
$data['email'] = isset($_POST['email']) ? htmlspecialchars($_POST['email']) : '';
$site_option = get_all_options();
$currency = $site_option['product_currency'];
$timezone = $site_option['timezone'];
$date_format = $site_option['date_format'];
if ( empty($data['customer']) || empty($data['address']) || (empty($data['phone']) && empty($data['email'])) ){
edit_info('Please complete all required fields.');
return;
}
//Compile session
$product = isset($_SESSION['product']) ? explode(",",$_SESSION['product']) : '';
$quantity = isset($_SESSION['quantity']) ? explode(",",$_SESSION['quantity']) : '';
$product_result = array();
if (is_array($product)){
reset($product);
while (list($key,$id) = each($product)){
$id = intval($id);
$quan = isset($quantity[$key]) ? intval($quantity[$key]) : 0;
if ($id && $quan){
if (!isset($product_result[$id])){
$product_result[$id] = $quan;
}
else{
$product_result[$id] += $quan;
}
}
}
}
$where_sql = " WHERE product_id=-1";
reset($product_result);
while (list($id,$quan) = each($product_result)){
$where_sql .= " OR product_id=". $id;
}
//Get products
$sql = 'SELECT * FROM shop_pro '. $where_sql .' ORDER BY product_id DESC';
if( !$result = $db->sql_query($sql) ){
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$product_count = $db->sql_numrows($result);
$product_data = $db->sql_fetchrowset($result);
if (!$product_count){
redirect($base_redirect_url);
die();
}
//Insert new order
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : "";
$sql = 'INSERT INTO shop_order(user_id,customer,company,address,phone,fax,email,total_price,added_date,status)';
$sql .= " VALUES('". $user_id ."','". $data['customer'] ."','". $data['company'] ."','". $data['address'] ."','". $data['phone'] ."','". $data['fax'] ."','". $data['email'] ."',0,". time() .",0)";
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$order_id = $db->sql_nextid();
$totalprice = 0;
$noprice = false;
for ($i=0;$i<$product_count;$i++){
$price = $product_data[$i]['price'];
$quantity = $product_result[$product_data[$i]['product_id']];
$totalprice += $price * $quantity;
if ($price <= 0){
$noprice = true;
}
$template->assign_block_vars("productrow",array(
'QUANTITY' => $quantity,
'CODE' => $product_data[$i]['code'],
'TITLE' => $product_data[$i]['title'],
'PRICE' => ($price>0) ? number_format($price,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
'TOTAL_PRICE' => ($price>0) ? number_format($price * $quantity,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
));
$sql = 'INSERT INTO shop_order_detail(order_id,product_id,product_code,product_title,product_price,quantity)';
$sql .= " VALUES($order_id,". $product_data[$i]['product_id'] .",'". $product_data[$i]['code'] ."','". $product_data[$i]['title'] ."',$price,$quantity)";
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
//Update order counter of products
$sql = "UPDATE shop_pro SET orders=orders+". $quantity ." $where_sql";
if( !$result = $db->sql_query($sql) ){
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
}
if ($noprice){
$totalprice = 0;
}
$sql = 'UPDATE shop_order SET total_price='. $totalprice .' WHERE order_id='. $order_id;
if( !$result = $db->sql_query($sql) ) {
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$sql = 'UPDATE shop_user SET order_counter=order_counter+1 WHERE user_id='. $user_id;
if( !$result = $db->sql_query($sql) ) {
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$template->set_filenames(array(
'body' => $template_finish_page,
'mail_admin' => $template_mail_admin,
'mail_user' => $template_mail_user,
));
$added_date = gmdate($date_format,time() + $timezone*3600);
$template->assign_vars(array(
'CURRENCY' => $currency,
'ALL_PRICE' => ( !$noprice) ? number_format($totalprice,DECIMALS,DEC_POINT,THOUSANDS_SEP) : '',
'CUSTOMER' => $data['customer'],
'COMPANY' => $data['company'],
'ADDRESS' => $data['address'],
'PHONE' => $data['phone'],
'FAX' => $data['fax'],
'EMAIL' => $data['email'],
'ADDED_DATE' => $added_date,
'U_PRODUCT' => $base_product_url,
));
$sitename = get_option('sitename');
$admin_email = get_option('admin_email');
//Send to admin
$emailer->from('"'. $sitename .'" <'. $admin_email .'>');
$emailer->recipient($admin_email);
$emailer->charset('utf-8'); //Option
$emailer->subject('New order form ('. $added_date .')');
$emailer->message($template->getparse('mail_admin'));
$result = $emailer->send();
//Send to user
if (!empty($data['email'])){
$emailer->from('"'. $sitename .'" <'. $admin_email .'>');
$emailer->recipient($data['email']);
$emailer->replyto($admin_email); //Option
$emailer->charset('utf-8'); //Option
$emailer->subject('Your order information ('. $added_date .')');
$emailer->message($template->getparse('mail_user'));
$result = $emailer->send();
}
//Delete session
$_SESSION['product'] = "";
$_SESSION['quantity'] = "";
$template->pparse('body');
}
function user_register(){
global $db,$data;
$data['customer'] = isset($_POST['customer']) ? htmlspecialchars($_POST['customer']) : '';
$data['company'] = isset($_POST['company']) ? htmlspecialchars($_POST['company']) : '';
$data['address'] = isset($_POST['address']) ? htmlspecialchars($_POST['address']) : '';
$data['phone'] = isset($_POST['phone']) ? htmlspecialchars($_POST['phone']) : '';
$data['fax'] = isset($_POST['fax']) ? htmlspecialchars($_POST['fax']) : '';
$data['regemail'] = isset($_POST['regemail']) ? htmlspecialchars($_POST['regemail']) : '';
$data['regpass'] = isset($_POST['regpass']) ? htmlspecialchars($_POST['regpass']) : '';
$data['verifyregpass'] = isset($_POST['verifyregpass']) ? htmlspecialchars($_POST['verifyregpass']) : '';
if ( empty($data['customer']) || empty($data['address']) || empty($data['phone']) || empty($data['regemail']) ){
view_form_order('Please complete all required fields.');
return;
}
if ( check_email($data['regemail']) == false ){
view_form_order('Invalid email.');
return;
}
if (!empty($data['regpass']) && !empty($data['verifyregpass'])){//Register new
if ($data['verifyregpass'] != $data['regpass']){
view_form_order('The password is did not match.Please check again.');
return;
}
//Check wheather exist email
$sql = "SELECT user_id FROM shop_user WHERE email='". $data['regemail'] ."'";
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result)){
view_form_order('The email '.$data['regemail'].' is already in use by someone else!
Please enter another one');
return;
}
//Create a login_id to insert
$login_id = md5($data['regemail'].$data['regpass'].time());
$sql = 'INSERT INTO shop_user(email,password,name,company,address,phone,fax,login_id,login_time,enabled)';
$sql .= " VALUES('". $data['regemail'] ."','". md5($data['regpass']) ."','". $data['customer'] ."','". $data['company'] ."','". $data['address'] ."','". $data['phone'] ."','". $data['fax'] ."','". $login_id ."',". time() .",1)";
if( !$result = $db->sql_query($sql) ) {
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$_SESSION['user_id'] = $db->sql_nextid($result);
$_SESSION['shop_user_login_id'] = $login_id;
}
view_confirm();
return;
}
function user_login(){
global $db,$template,$base_url,$data;
$data['email'] = isset($_POST['email']) ? htmlspecialchars($_POST['email']) : '';
$data['pass'] = isset($_POST['pass']) ? md5(htmlspecialchars($_POST['pass'])) : '';
if (empty($data['email']) || empty($data['pass'])){
view_form_order('Please enter your email and password.');
return;
}
$sql = "SELECT * FROM shop_user WHERE email='". $data['email'] ."' AND enabled=1";
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
if (!$db->sql_numrows($result)){
view_form_order('The email is not exist.');
return;
}
$user_info = $db->sql_fetchrow($result);
if ($data['pass'] != $user_info['password']){
view_form_order('Wrong password.');
return;
}
$data['customer'] = $user_info['name'];
$data['company'] = $user_info['company'];
$data['address'] = $user_info['address'];
$data['phone'] = $user_info['phone'];
$data['fax'] = $user_info['fax'];
//Create login id and insert into db
$login_id = md5($user_info["email"].$user_info["password"].time());
$sql = "UPDATE shop_user SET login_id='".$login_id."',login_time=".time()." WHERE user_id=". $user_info["user_id"];
if( !$result = $db->sql_query($sql) ) {
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$_SESSION['shop_user_login_id'] = $login_id;
$_SESSION['user_id'] = $user_info['user_id'];
view_confirm();
return;
}
function view_confirm($msg=""){
global $db,$template,$template_confirm_page,$base_url,$base_product_url,$image_path,$data;
$itemperpage = get_option('items_per_page');
$currency = get_option('product_currency');
//Compile session
$product = isset($_SESSION['product']) ? explode(",",$_SESSION['product']) : '';
$quantity = isset($_SESSION['quantity']) ? explode(",",$_SESSION['quantity']) : '';
$product_result = array();
if (is_array($product)){
reset($product);
while (list($key,$id) = each($product)){
$id = intval($id);
$quan = isset($quantity[$key]) ? intval($quantity[$key]) : 0;
if ($id && $quan){
if (!isset($product_result[$id])){
$product_result[$id] = $quan;
}
else{
$product_result[$id] += $quan;
}
}
}
}
$where_sql = " WHERE product_id=-1";
reset($product_result);
while (list($id,$quan) = each($product_result)){
$where_sql .= " OR product_id=". $id;
}
//Get products
$sql = 'SELECT * FROM shop_pro '. $where_sql;
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
$product_count = $db->sql_numrows($result);
$product_data = $db->sql_fetchrowset($result);
$totalprice = 0;
$noprice = false;
for ($i=0;$i<$product_count;$i++){
$price = $product_data[$i]['price'];
$num = $product_result[$product_data[$i]['product_id']];
$totalprice += $price * $num;
if ($price <= 0){
$noprice = true;
}
if (strlen($product_data[$i]['title']) > 40){
$title = substr($product_data[$i]['title'],0,40) .'...';
}
else{
$title = $product_data[$i]['title'];
}
$template->assign_block_vars("productrow",array(
'QUANTITY' => $num,
'PRODUCT_ID' => $product_data[$i]['product_id'],
'PIC_THUMB' => !empty($product_data[$i]['pic_thumb']) ? '' : '',
'TITLE' => $title,
'CODE' => $product_data[$i]['code'],
'PRICE' => ($price) ? number_format($price,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
'TOTAL_PRICE' => ($price) ? number_format($price * $num,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
'U_PRODUCT_VIEW' => $base_product_url . '?id='. $product_data[$i]['product_id'],
'U_PRODUCT_REMOVE' => $base_url . '?mode=remove&id='. $product_data[$i]['product_id'],
));
}
$template->set_filenames(array(
'body' => $template_confirm_page
));
$template->assign_vars(array(
'ERR_MESSAGE' => $msg,
'U_EDIT' => $base_url .'?mode=edit',
'S_ACTION' => $base_url .'?mode=send',
'ALL_PRICE' => ( !$noprice) ? number_format($totalprice,DECIMALS,DEC_POINT,THOUSANDS_SEP) . ' '. $currency : '',
'CURRENCY' => $currency,
'CUSTOMER' => isset($data['customer']) ? $data['customer'] : '',
'COMPANY' => isset($data['company']) ? $data['company'] : '',
'ADDRESS' => isset($data['address']) ? $data['address'] : '',
'PHONE' => isset($data['phone']) ? $data['phone'] : '',
'FAX' => isset($data['fax']) ? $data['fax'] : '',
'EMAIL' => isset($data['email']) ? $data['email'] : (isset($data['regemail']) ? $data['regemail'] : ''),
));
$template->pparse('body');
}
function edit_info($msg=""){
global $db,$template,$template_edit_page,$base_url,$base_product_url,$image_path,$data;
$data['customer'] = isset($_POST['customer']) ? htmlspecialchars($_POST['customer']) : '';
$data['company'] = isset($_POST['company']) ? htmlspecialchars($_POST['company']) : '';
$data['address'] = isset($_POST['address']) ? htmlspecialchars($_POST['address']) : '';
$data['phone'] = isset($_POST['phone']) ? htmlspecialchars($_POST['phone']) : '';
$data['fax'] = isset($_POST['fax']) ? htmlspecialchars($_POST['fax']) : '';
$data['email'] = isset($_POST['email']) ? htmlspecialchars($_POST['email']) : '';
$template->set_filenames(array(
'body' => $template_edit_page
));
$template->assign_vars(array(
'ERR_MESSAGE' => $msg,
'S_ACTION' => $base_url .'?mode=editsm',
'CUSTOMER' => isset($data['customer']) ? $data['customer'] : '',
'COMPANY' => isset($data['company']) ? $data['company'] : '',
'ADDRESS' => isset($data['address']) ? $data['address'] : '',
'PHONE' => isset($data['phone']) ? $data['phone'] : '',
'FAX' => isset($data['fax']) ? $data['fax'] : '',
'EMAIL' => isset($data['email']) ? $data['email'] : '',
));
$template->pparse('body');
}
function do_edit_info(){
global $db,$template,$template_confirm_page,$base_url,$base_product_url,$image_path,$data;
$data['customer'] = isset($_POST['customer']) ? htmlspecialchars($_POST['customer']) : '';
$data['company'] = isset($_POST['company']) ? htmlspecialchars($_POST['company']) : '';
$data['address'] = isset($_POST['address']) ? htmlspecialchars($_POST['address']) : '';
$data['phone'] = isset($_POST['phone']) ? htmlspecialchars($_POST['phone']) : '';
$data['fax'] = isset($_POST['fax']) ? htmlspecialchars($_POST['fax']) : '';
$data['email'] = isset($_POST['email']) ? htmlspecialchars($_POST['email']) : '';
//Checking the infomation submited
if ( empty($data['customer']) || empty($data['address']) || empty($data['phone']) || empty($data['email']) ){
edit_info('Please complete all required fields.');
return;
}
//Check invalid email
if ( check_email($data['email']) == false ){
edit_info('Invalid email.');
return;
}
$login_expiretime = get_option('login_expiretime');
$login_id = isset($_SESSION['shop_user_login_id']) ? htmlspecialchars($_SESSION['shop_user_login_id']) : '';
if (!empty($login_id))
{
$login_time = time() - $login_expiretime;
$sql = "SELECT user_id FROM shop_user WHERE login_id='" . $login_id . "' AND login_time>=$login_time";
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result))
{
$user_info = $db->sql_fetchrow($result);
//Check exist email
$sql = "SELECT email FROM shop_user WHERE email='" . $data['email'] . "' AND user_id != '". $user_info['user_id'] ."'";
if( !$result = $db->sql_query($sql) ) {
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result)) {
edit_info('The email '.$data['email'].' is already in use by someone else.
Please enter another one.');
return;
}
//Update user info
$sql = "UPDATE shop_user SET email='". $data['email'] ."', name='". $data['customer'] ."', address='". $data['address'] ."', phone='". $data['phone'] ."', fax='". $data['fax'] ."' WHERE user_id=". $user_info['user_id'];
if( !$result = $db->sql_query($sql) )
{
message_die("Couldn't access to database!!!", "", __LINE__, __FILE__, $sql);
}
}
}
view_confirm();
}
?>