{"securerooturl"}.$GLOBALS["thisscriptname"]); } //showintro($GLOBALS["moduleid"]); if (empty($_REQUEST["function"])) { doheader(); showform(); dofooter(); } elseif ($_REQUEST["function"]=="saveorder") { doheader(); saveorder(); dofooter(); } include "../footer.php"; function showform() { ?> {"Price List Description"}; ?>
{"securerooturl"}; ?>pricelist/pricelist.php" method="post" name="order" id="order"> \n"; // do types list echo "\n"; $count=0; $sqlcmd2="SELECT * FROM PLtypes where cid = ".$rs["id"]." order by displayorder"; $rs2_query = mysql_query($sqlcmd2); while ($rs2 = mysql_fetch_array($rs2_query)) { echo "\n"; echo "\n"; echo "\n"; $lastbg=$rs2["bgcolor"]; $count++; } /* while ($count!==3) { // fill in the rest echo "\n"; $count++; } */ echo ""; $sqlcmd3="SELECT * FROM PLproducts where cid = ".$rs["id"]." order by displayorder"; $rs3_query = mysql_query($sqlcmd3); while ($rs3 = mysql_fetch_array($rs3_query)) { echo ""; echo "\n"; $sqlcmd4="SELECT id,bgcolor FROM PLtypes where cid = ".$rs["id"]." order by displayorder"; $rs4_query = mysql_query($sqlcmd4); $count=0; while ($rs4 = mysql_fetch_array($rs4_query)) { $sqlcmd5="SELECT id,price FROM plprices where tid = ".$rs4["id"]." and pid = ".$rs3["id"]; $rs5_query = mysql_query($sqlcmd5); if (mysql_num_rows($rs5_query) != 0) { $rs5 = mysql_fetch_array($rs5_query); if (number_format($rs5["price"],2)!="0.00") { echo "\n"; echo "\n"; echo "\n"; $itemcount++; } else { echo "\n"; } } else { echo "\n"; } $count++; } /* while ($count!==3) { // fill in the rest echo "\n"; $count++; } */ echo "\n"; } // item title color } ?>


".$rs["name"]."
Item".$rs2["name"]."QtyTotal   
"; if (isset($rs3["link"])) { echo "{"siterooturl"}.$rs3["link"]."\" target=_product>".$rs3["name"].""; } else { echo $rs3["name"]; } echo "$".number_format($rs5["price"],2)."\n"; echo "\n"; echo "\n"; echo "\n"; echo "         


{"Subtotal Label"};?>
{"Shipping Label"};?>
Canadian Residents HST 12%:
(Uncheck box if HST n/a) TOTAL:

Payment Information:
Method of Payment:
Cardholder Name:
Card Number:
Expiry Date:
(MM/YY)
 
Shipping Information:
All Fields Are Required
Name:
Address:
City:
State/Province:
Zip/Postal Code:
Country:
Telephone:
E-mail:
Special Shipping Instructions or Other Comments

---->".$sqlcmd."

"; if (!mysql_query($sqlcmd)) { $sqlcmd=$FIRST.$SECOND2; mysql_query($sqlcmd) or die('Invalid query1: ' . mysql_error()); } $oid=mysql_insert_id(); // update order with dynamic items (ipaddress,orderdate,archived) $sqlcmd="UPDATE PLorders SET ipaddress = '".GetHostByName($_SERVER["REMOTE_ADDR"])."' WHERE ID = ".$oid.";"; mysql_query($sqlcmd) or die('Invalid query2: ' . mysql_error()); $sqlcmd="UPDATE PLorders SET orderdate = '".assembledate(strtotime("now"))."' WHERE ID = ".$oid.";"; mysql_query($sqlcmd) or die('Invalid query3: ' . mysql_error()); $sqlcmd="UPDATE PLorders SET archived = '0' WHERE ID = ".$oid.";"; mysql_query($sqlcmd) or die('Invalid query4: ' . mysql_error()); // additems to plorderitems $itemcount=0; $sqlcmd="SELECT * FROM PLcategories order by displayorder"; $rs_query = mysql_query($sqlcmd); while ($rs = mysql_fetch_array($rs_query)) { $sqlcmd3="SELECT * FROM PLproducts where cid = ".$rs["id"]." order by displayorder"; $rs3_query = mysql_query($sqlcmd3); while ($rs3 = mysql_fetch_array($rs3_query)) { $sqlcmd4="SELECT name,id,bgcolor FROM PLtypes where cid = ".$rs["id"]." order by displayorder"; $rs4_query = mysql_query($sqlcmd4); while ($rs4 = mysql_fetch_array($rs4_query)) { $sqlcmd5="SELECT id,price FROM plprices where tid = ".$rs4["id"]." and pid = ".$rs3["id"]; $rs5_query = mysql_query($sqlcmd5); if (mysql_num_rows($rs5_query) != 0) { $rs5 = mysql_fetch_array($rs5_query); // oid,cid,prodname,typename,quantity,price,displayorder if (number_format($rs5["price"],2)!="0.00") { if ($_REQUEST["q".$itemcount]!=="") { if (number_format($_REQUEST["p".$itemcount],2)!="0.00") { $sqlcmd6="INSERT into PLorderitems (oid,pid,cid,prodname,typename,quantity,price,displayorder) "; $sqlcmd6=$sqlcmd6. "VALUES ('".$oid."','".$rs3["id"]."','".$rs["id"]."','".str_replace("'","''",$rs3["name"])."','".str_replace("'","''",$rs4["name"])."','".$_REQUEST["q".$itemcount]."','".$_REQUEST["p".$itemcount]."','".$itemcount."');"; mysql_query($sqlcmd6) or die('
Invalid query5:
'.mysql_error()."
".$sqlcmd6."
"); } } $itemcount++; } } } } } // check order for required fields if ($_REQUEST["cc_type"]=="Cash/Cheque") { $textfields=array("fullname","email"); } else { $textfields=array("cc_type","cc_name","cc_number","cc_expdate","fullname","email"); } $thepass="true"; foreach ($textfields as $field) { if ($_REQUEST[$field]=="") { $thepass="false"; $passfields[$field]="false"; } else { $passfields[$field]="true"; } } if ($thepass=="true") { // add the rest of the fields $textfields=array("cc_type","cc_name","cc_number","cc_expdate","fullname","email"); foreach ($textfields as $field) { $sqlcmd="UPDATE PLorders SET ".$field." = '".$_REQUEST[$field]."' WHERE ID = ".$oid.";"; $sqlcmd2="UPDATE PLorders SET ".$field." = '".str_replace("'","''",$_REQUEST[$field])."' WHERE ID = ".$oid.";"; //echo $sqlcmd2; if (!mysql_query($sqlcmd)) { mysql_query($sqlcmd2) or die('Invalid query6:
'.mysql_error()."
".$sqlcmd2."
"); } } $finalizeorder="true"; } else { echo "There was a problem with your order. Before it can be completed, you need to fill in the following information:
"; echo "
{"siterooturl"}."pricelist/pricelist.php\" method=\"post\" name=\"order\" id=\"order\">"; echo ""; echo ""; echo ""; echo ""; $textfields=array("cc_type","cc_name","cc_number","cc_expdate","fullname","email"); foreach ($textfields as $field) { if ($passfields[$field]=="false") { if ($field=="cc_type") { echo ""; echo ""; } else if ($field=="cc_name") { echo ""; echo ""; } else if ($field=="cc_number") { echo ""; echo ""; } else if ($field=="cc_expdate") { echo ""; echo ""; } else if ($field=="fullname") { echo ""; echo ""; } else if ($field=="phone") { echo ""; echo ""; } else if ($field=="email") { echo ""; echo ""; } // display the field } else { // update the field echo ""; $sqlcmd="UPDATE PLorders SET ".$field." = '".$_REQUEST[$field]."' WHERE ID = ".$oid.";"; $sqlcmd2="UPDATE PLorders SET ".$field." = '".str_replace("'","''",$_REQUEST[$field])."' WHERE ID = ".$oid.";"; //echo $sqlcmd2; if (!mysql_query($sqlcmd)) { mysql_query($sqlcmd2) or die('Invalid query7:
'.mysql_error()."
".$sqlcmd2."
"); } } } echo "
Method of Payment:
Cardholder Name:
Card Number:
Expiry Date:(MM/YY)
Your Name::
Telephone::
E-Mail Address::
"; echo ""; echo "
"; } } else { //end not an error $textfields=array("cc_type","cc_name","cc_number","cc_expdate","fullname","email"); $thepass="true"; foreach ($textfields as $field) { if ($_REQUEST[$field]=="") { $thepass="false"; echo $thepass."=".$field."
"; $passfields[$field]=="false"; } else { $passfields[$field]=="true"; } } if ($thepass=="true") { // add the rest of the fields $textfields=array("cc_type","cc_name","cc_number","cc_expdate","fullname","email"); foreach ($textfields as $field) { $sqlcmd="UPDATE PLorders SET ".$field." = '".$_REQUEST[$field]."' WHERE ID = ".$_REQUEST["orderid"].";"; $sqlcmd2="UPDATE PLorders SET ".$field." = '".str_replace("'","''",$_REQUEST[$field])."' WHERE ID = ".$_REQUEST["orderid"].";"; //echo $sqlcmd2; if (!mysql_query($sqlcmd)) { mysql_query($sqlcmd2) or die('Invalid query8: ' . mysql_error()); } } $finalizeorder="true"; } else { echo print_r($_REQUEST)."
"; echo "There was a problem with your order. Before it can be completed, you need to fill in the following information:
"; echo "
{"siterooturl"}."pricelist/pricelist.php\" method=\"post\" name=\"order\" id=\"order\">"; echo ""; echo ""; echo ""; echo ""; $textfields=array("cc_type","cc_name","cc_number","cc_expdate","fullname","email"); foreach ($textfields as $field) { if ($passfields[$field]=="false") { if ($field=="cc_type") { echo ""; echo ""; } else if ($field=="cc_name") { echo ""; echo ""; } else if ($field=="cc_number") { echo ""; echo ""; } else if ($field=="cc_name") { echo ""; echo ""; } else if ($field=="fullname") { echo ""; echo ""; } else if ($field=="phone") { echo ""; echo ""; } else if ($field=="email") { echo ""; echo ""; } // display the field } else { // update the field echo ""; $sqlcmd="UPDATE PLorders SET ".$field." = '".$_REQUEST[$field]."' WHERE ID = ".$_REQUEST["orderid"].";"; $sqlcmd2="UPDATE PLorders SET ".$field." = '".str_replace("'","''",$_REQUEST[$field])."' WHERE ID = ".$_REQUEST["orderid"].";"; //echo $sqlcmd2; if (!mysql_query($sqlcmd)) { mysql_query($sqlcmd2) or die('Invalid query9: ' . mysql_error()); } } } echo "
Method of Payment:
Cardholder Name:
Card Number:
Expiry Date:(MM/YY)
Your Name::
Telephone::
E-Mail Address::
"; echo ""; echo "
"; } } // it was an error if ($finalizeorder=="true") { // send admin "you've got orders" email // get order information $sqlcmd="SELECT * FROM plorders WHERE id = ".$oid; //echo $sqlcmd; $rs_query = mysql_query($sqlcmd); $rs = mysql_fetch_array($rs_query); mysql_data_seek($rs_query, 0); // Send email to client from website $subject="Thank You For Ordering From ".$GLOBALS["systemsettings"]->{"Company Name"}; if ($GLOBALS["usersettings"]->{"Order Success Email Text"}!="") { $body=$GLOBALS["usersettings"]->{"Order Success Email Text"}; $body=str_replace("%%fullname%%",ucfirst($rs["fullname"]),$body); $ishtml=true; } else { $body="Thank you for your order.\n\n"; $ishtml=false; } $theemaildata = array( "emailto" => $rs["email"], "emailtoname" => $GLOBALS["systemsettings"]->{"Company Name"}, "emailfrom" => $GLOBALS["systemsettings"]->{"Default Email Address"}, "emailfromname" => $GLOBALS["systemsettings"]->{"Company Name"}, "emailsubject" => $subject, "emailbody" => $body, "emailhtml" => $ishtml, "emailreply" => $GLOBALS["systemsettings"]->{"Default Email Address"} ); sendoutemail($theemaildata); // Send email to owner from website $newsubject="New Web Site Order"; $ishtml=false; $body="There is a new order at ".$GLOBALS["selfeditsettings"]->{"siteadminrooturl"}."pricelist/pricelistadmin.php?function=checkorders\n\n"; $theemaildata = array( "emailto" => $GLOBALS["usersettings"]->{"Admin Order Notice Email Address"}, "emailtoname" => $GLOBALS["systemsettings"]->{"Company Name"}, "emailfrom" => $GLOBALS["systemsettings"]->{"Default Email Address"}, "emailfromname" => $GLOBALS["systemsettings"]->{"Company Name"}, "emailsubject" => $newsubject, "emailbody" => $body, "emailhtml" => $ishtml, "emailreply" => $GLOBALS["systemsettings"]->{"Default Email Address"} ); sendoutemail($theemaildata); mysql_free_result($rs_query); // display thank you text echo $GLOBALS["usersettings"]->{"Order Success Display Text"}; } mysql_free_result($rs_query); return 0; } ?>