в админке порядок если вы о ценах, order ниже, сам пока в базе посижу. спасибо.
<?php
/*****************************************************************************
* *
* Shop-Script FREE *
* Copyright (c) 2005 WebAsyst LLC. All rights reserved. *
* *
****************************************************************************/
//place order: save to the database, send notifications, gateway processing
if (isset($_POST["complete_order"]) || (isset($_GET["order_placement_result"]) && isset($_SESSION['order_reg']))) //place order
{
//shopping cart items count
$c = 0;
if (isset($_SESSION["gids"]))
for ($j=0; $j<count($_SESSION["gids"]); $j++)
if ($_SESSION["gids"][$j]) $c += $_SESSION["counts"][$j];
//not empty?
if (isset($_SESSION["gids"]) && $c)
{
//insert order into database
if (preg_match('/^[\s0-9-()+]+$/',$_POST["phone"])) $post_phone = $_POST["phone"]; else $post_phone = mysql_real_escape_string($_POST["phone"]);
if (preg_match('/[.+a-zA-Z0-9_-]+@[a-zA-Z0-9-]+.[a-zA-Z]+/',$_POST["email"])) $post_email = $_POST["email"]; else $post_email = mysql_real_escape_string($_POST["email"]);
//select manager
$q_m = db_query("SELECT ID, access, online_name, email FROM ".MANAGER_TABLE) or die (db_error());
while ($row = mysql_fetch_row($q_m)) if ($row[1] == 1) {$man_arr[] = $row[0]; $man_name[$row[0]] = $row[2]; $man_email[$row[0]] = $row[3];}
if ($man_arr)
{
shuffle($man_arr);
$smarty_mail->assign("manager", $man_name[$man_arr[0]]);
}
if (isset($_SESSION['cust_id']))
{
$userinfo=$_SESSION['userinf'];
$userinfo['order_time']=get_current_time();
$userinfo['custID']=$_SESSION['cust_id'];
add_field(ORDERS_TABLE,$userinfo);
$_POST["first_name"]=$userinfo['cust_firstname'];
$_POST["last_name"]=$userinfo["cust_lastname"];
}
else
db_query("INSERT INTO ".ORDERS_TABLE." (order_time, cust_firstname, cust_lastname, cust_email, cust_country, cust_zip, cust_state, cust_city, cust_address, cust_phone, comment, manager) values ('".get_current_time()."','".mysql_real_escape_string($_POST["first_name"])."','".mysql_real_escape_string($_POST["last_name"])."','".$post_email."','".mysql_real_escape_string($_POST["country"])."','".mysql_real_escape_string($_POST["zip"])."','".mysql_real_escape_string($_POST["state"])."','".mysql_real_escape_string($_POST["city"])."','".mysql_real_escape_string($_POST["address"])."','".$post_phone."','".$_POST["comment"]."', '".$man_arr[0]."');") or die (db_error());
$oid = db_insert_id(); //order ID
//now move shopping cart content to the database
$k = 0; //total cart value
$products = array();
$adm = ""; //order notification for administrator
if ($man_arr) {$adm .= "\n".ADMIN_MANAGER_MAIL.": ".$man_name[$man_arr[0]]."\n";}
$opt=$_SESSION["opt"];
for ($i=0; $i<count($_SESSION["gids"]); $i++)
if ($_SESSION["gids"][$i])
{
$q = db_query("SELECT name, Price, product_code, hurl, categoryID FROM ".PRODUCTS_TABLE." WHERE productID='".$_SESSION["gids"][$i]."'") or die (db_error());
if ($r = db_fetch_row($q))
{
$variants='';
if ($opt[$i] !='')
{
preg_match_all("'(?P<option>\w+):(?P<variant>\d+)'",$opt[$i],$tmp);
$variants='(';
for( $ti=0; $ti<count($tmp['option']); $ti++)
{
$o=db_query("select name from ".PRODUCT_OPTIONS_TABLE." where optionID=".$tmp['option'][$ti]);
$ro = db_fetch_row($o);
$variants .=$ro[0];
$v=db_query("select name from ".PRODUCT_OPTIONS_VAL_TABLE." where variantID=".$tmp['variant'][$ti]);
$ro = db_fetch_row($v);
$variants .=':'.$ro[0];
if (($ti+1)<count($tmp['option'])) $variants .=',';
unset($ro,$o,$v);
}
unset($tmp);
$variants .=')';
}
if ($r[1]!=$_SESSION['newprice'][$i] && $_SESSION['newprice'][$i]!=0) $r[1]=$_SESSION['newprice'][$i] ;
//product info
$tmp = array(
$_SESSION["gids"][$i],
$r[0].$variants,
$_SESSION["counts"][$i],
($_SESSION["counts"][$i]*$r[1])." ".CONF_CURRENCY_ID_RIGHT,
$r[2]
);
//store ordered products info into database
$articul = trim($tmp[4]) ? "[".$tmp[4]."] " : "";
//write to db
$order_insert=array();
$order_insert['orderID']=$oid;
$order_insert['productID']=$tmp[0];
$order_insert['name']=$articul.$tmp[1];
$order_insert['Price']=$r[1];
$order_insert['Quantity']=$tmp[2];
add_field(ORDERED_CARTS_TABLE, $order_insert);
#$q1=db_query("INSERT INTO ".ORDERED_CARTS_TABLE." (Quantity) values ( '".$r[1]."', '".$tmp[2]."');") or die (db_error());
//update item sold
db_query("UPDATE ".PRODUCTS_TABLE." SET items_sold=items_sold+1, in_stock=in_stock-".$tmp[2]." WHERE productID='".$_SESSION["gids"][$i]."'") or die (db_error());
$products[] = $tmp;
//update order amount
$k += $_SESSION["counts"][$i]*$r[1];
//order notification for administrator - update
$adm .= $articul.$tmp[1]."; ".TABLE_PRODUCT_COST." - ".$tmp[3]."; ".TABLE_PRODUCT_QUANTITY." - ".$tmp[2]."; ".TABLE_PRODUCT_SUMM." - ".$tmp[3]."\n";
$adm .= "\n";
}
}
if (isset($_SESSION["present"]))
{
$q1=db_query("insert into ".ORDERED_CARTS_TABLE." (orderID, productID, name, Price, Quantity) values ('".$oid."', '".$_SESSION["present"][0]."', '".$_SESSION["present"][2]."', '".STRING_PRESENT."', '1');") or die (db_error());
}
if (isset($_SESSION["shipping"]) && $_SESSION["shipping"][1]>0)
{
$q1=db_query("insert into ".ORDERED_CARTS_TABLE." (orderID, productID, name, Price, Quantity) values ('".$oid."', '".$_SESSION["shipping"][0]."', '".ADMIN_SHIPPING." ".$_SESSION["shipping"][2]."', '".$_SESSION["shipping"][1]."', '1');") or die (db_error());
$k += $_SESSION["shipping"][1];
}
if (isset($_SESSION["get_fast_order"]))
{
$q1=db_query("insert into ".ORDERED_CARTS_TABLE." (orderID, productID, name, Price, Quantity) values ('$oid', '$oid', '".ADMIN_FAST_ORDER."', '".$_SESSION["get_fast_order"]."', '1');") or die (db_error());
$k += $_SESSION["get_fast_order"];
}
if (isset($_SESSION["discount"]))
{
$q1=db_query("insert into ".ORDERED_CARTS_TABLE." (orderID, productID, name, Price, Quantity) values ('$oid', '".$_SESSION["discount"][0]."', '".ADMIN_DISCOUNT_STRING." ".$_SESSION["discount"][1]."', '".$_SESSION["discount"][2]."', '1');") or die (db_error());
$k -= $_SESSION["discount"][2];
}
// if (isset($_SESSION["minimal"]))
// {
// $q1=db_query("insert into ".ORDERED_CARTS_TABLE." (orderID, productID, name, Price, Quantity) values ('$oid', '".$tmp[0]."min01"."', '".$_SESSION["minimal"][0]."', '".$_SESSION["minimal"][1]."', '1');") or die (db_error());
// $k += $_SESSION["minimal"][1];
// }
//assign order content to smarty
$smarty_mail->assign("order_content", $products);
$smarty_mail->assign("order_total", $k." ".CONF_CURRENCY_ID_RIGHT);
$smarty_mail->assign("order_id", $oid);
$smarty_mail->assign("order_custname", $_POST["first_name"]." ".$_POST["last_name"]);
$smarty_mail->assign("order_shipping_address", "г.".$_POST["city"]."\n".$_POST["address"]); //."\nг.".." ".$_POST["state"]." ".$_POST["zip"]."\n".$_POST["country"]
if (isset($_SESSION["shipping"])) {$smarty_mail->assign("shipping", $_SESSION["shipping"]);}
if (isset($_SESSION["get_fast_order"])) {$smarty_mail->assign("get_fast_order", $_SESSION["get_fast_order"]);}
if (isset($_SESSION["present"])) {$smarty_mail->assign("present", $_SESSION["present"]);}
// if (isset($_SESSION["minimal"])) {$smarty_mail->assign("minimal", $_SESSION["minimal"]);}
if (isset($_SESSION["discount"])) {$smarty_mail->assign("discount", $_SESSION["discount"]);}
$_SESSION["order_id"] = $oid;
//$_SESSION["order_amount"] = $k;
//send message to customer
$file_name = "./css/css_".CONF_COLOR_SCHEME."/image/mail_logo.jpg";
$SHOP_NAME=CONF_SHOP_NAME;
$NOTIFICATION_SUBJECT=EMAIL_CUSTOMER_ORDER_NOTIFICATION_SUBJECT;
$last_name=$_POST["last_name"];
$first_name=$_POST["first_name"];
$html_body = $smarty_mail->fetch("order_notification.tpl.html");
if (DEFAULT_CHARSET=='utf-8')
{
#$_POST["first_name"] = win2utf($_POST["first_name"]);
#$_POST["last_name"] = win2utf($_POST["last_name"]);
$last_name=win2utf($_POST["last_name"]);
$first_name=win2utf($_POST["first_name"]);
$SHOP_NAME = win2utf($SHOP_NAME);
$NOTIFICATION_SUBJECT=win2utf(EMAIL_CUSTOMER_ORDER_NOTIFICATION_SUBJECT);
$html_body = win2utf($html_body);
}
$to['mail']=$_POST["email"];
$to['name']=$first_nam." ".$last_name;
$from['mail']=CONF_GENERAL_EMAIL;
$from['name']=$SHOP_NAME;
$file_img['file']=$file_name;
$file_img['cid']='mail_img_1';
phpmailer ($to, $from, $NOTIFICATION_SUBJECT,'', $html_body,$file_img);
$NOTIFICATION_SUBJECT=EMAIL_ADMIN_ORDER_NOTIFICATION_SUBJECT;
$last_name=$_POST["last_name"];
$first_name=$_POST["first_name"];
if (DEFAULT_CHARSET=='utf-8')
{
#$_POST["first_name"] = win2utf($_POST["first_name"]);
#$_POST["last_name"] = win2utf($_POST["last_name"]);
$last_name=win2utf($_POST["last_name"]);
$first_name=win2utf($_POST["first_name"]);
$NOTIFICATION_SUBJECT=win2utf(EMAIL_ADMIN_ORDER_NOTIFICATION_SUBJECT);
}
//notification for administrator
$od = STRING_ORDER_ID.": $oid\n\n";
if (isset($_SESSION["shipping"])) {$adm .= ADMIN_SHIPPING." ".$_SESSION["shipping"][2]." ".$_SESSION["shipping"][1].CONF_CURRENCY_ID_RIGHT."\n\n";}
if (isset($_SESSION["get_fast_order"])) {$adm .= ADMIN_FAST_ORDER." ".$_SESSION["get_fast_order"].CONF_CURRENCY_ID_RIGHT."\n\n";}
if (isset($_SESSION["present"]) && $_SESSION["present"][1]) {$adm .= $_SESSION["present"][2]." - ".STRING_PRESENT."\n\n";}
if (isset($_SESSION["discount"])) {$adm .= ADMIN_DISCOUNT_STRING." ".$_SESSION["discount"][1]."% - ".$_SESSION["discount"][3]."\n\n";}
$adm .= "Комментарий заказчика:"."\n".$_POST["comment"]."\n";
$adm .= "\n".CUSTOMER_FIRST_NAME." ".$_POST["first_name"]."\n".CUSTOMER_LAST_NAME." ".$_POST["last_name"]."\n".CUSTOMER_ADDRESS.": ".$_POST["country"].", ".$_POST["zip"].", ".$_POST["state"].", ".$_POST["city"].", ".$_POST["address"]."\n".CUSTOMER_PHONE_NUMBER.": ".$_POST["phone"]."\n".CUSTOMER_EMAIL.": ".$_POST["email"];
if (DB_CHARSET!='cp1251')
{
$od = win2utf($od);
$adm = win2utf($adm);
}
phpmailer(CONF_ORDERS_EMAIL, $from, $NOTIFICATION_SUBJECT, $od.$adm);
#mail($To_Admin, $Subject_Admin, $od.$adm, "From: ".$From_Admin."\n".stripslashes(EMAIL_MESSAGE_PARAMETERS)."\nReturn-path: <".CONF_GENERAL_EMAIL.">");
//mail to manager
/*if ($man_email[$man_arr[0]] != "")
{
$To_Admin = "=?".DEFAULT_CHARSET."?B?".base64_encode($man_email[$man_arr[0]])."?=<".$man_email[$man_arr[0]].">";
$from['mail']=CONF_GENERAL_EMAIL;
$from['name']=$SHOP_NAME;
#phpmailer(CONF_ORDERS_EMAIL, $from, $NOTIFICATION_SUBJECT, $od.$adm);
mail($To_Admin, $Subject_Admin, $od.$adm, "From: ".$From_Admin."\n".stripslashes(EMAIL_MESSAGE_PARAMETERS)."\nReturn-path: <".CONF_GENERAL_EMAIL.">");
}
*/
unset($_SESSION["gids"]);
unset($_SESSION["counts"]);
if (isset($_SESSION["opt"])) unset($_SESSION["opt"]);
if (isset($_SESSION["newprice"])) unset($_SESSION["newprice"]);
if (isset($_SESSION['order_reg'])) unset($_SESSION['order_reg']);
unset($_SESSION["shipping"]);
unset($_SESSION["get_fast_order"]);
unset($_SESSION["present"]);
// unset($_SESSION["minimal"]);
unset($_SESSION["discount"]);
//show order placement result
if (CONF_CHPU)
header("Location: http://".CONF_SHOP_URL."/cart/order_placed/");
else
header("Location: http://".CONF_SHOP_URL."/index.php?order_placement_result=1");
}
else //empty shopping cart
{
if (CONF_CHPU)
header("Location: http://".CONF_SHOP_URL."/cart/");
else
header("Location: http://".CONF_SHOP_URL."/index.php?shopping_cart=yes");
}
}
else
if (isset($_GET["order_placement_result"])) //show 'order successful' page
{
$q = db_query("SELECT orderID, cust_firstname, cust_lastname, cust_email, cust_city, cust_address, cust_phone, comment, manager FROM ".ORDERS_TABLE." WHERE orderID='".$_SESSION["order_id"]."'") or die (db_error());
$result = db_fetch_row($q);
$q = db_query("SELECT online_name FROM ".MANAGER_TABLE." WHERE ID='".$result[8]."'") or die (db_error());
$m_row = db_fetch_row($q);
$q = db_query("SELECT name, Price, Quantity FROM ".ORDERED_CARTS_TABLE." WHERE orderID='".$result[0]."' ORDER BY id ASC") or die(db_error());
while ($row = db_fetch_row($q))
{
if (substr_count($row[0],ADMIN_DISCOUNT_STRING) > 0)
{
$total -= $row[1]*$row[2];
$tmp = explode(" ",$row[0]);
$row[4] = "<br /><b>".show_price($row[1]*$row[2])."</b>";
$row[0] = "<br /><b>".$tmp[0]."</b>";
$row[1] = "";
$row[2] = "<br /><b>".$tmp[1]."%</b>";
$res[] = Array();
$res[] = $row;
}
else
{
$row[1]=$row[1]/CURRENCY_val;
$total += $row[1]*$row[2];
$row[4] = show_price($row[1]*$row[2]);
$row[1] = show_price($row[1]);
$res[] = $row;
}
}
//select all payments
$q = db_query("SELECT type, payvalue FROM ".PAYMENT_TABLE." LEFT JOIN ".PAYOPTION_TABLE." USING (payID) WHERE enabled='1' AND payoption = 'name'") or die (db_error());
while ($row = db_fetch_row($q))
{
$payment_list['values'][] = $row[0];
$payment_list['names'][] = $row[1];
}
$smarty->assign("payment_list", $payment_list);
$result[8] = $m_row[0];
$result[9] = show_price($total); //order value
$smarty->assign("orderer", $result);
$smarty->assign("order", $res);
$smarty->assign("main_content_template", "order_place.tpl.html");
}
?>