выкладываю на мой взгляд важные файлы(код):
order_place.php
<?php
//place order: save to the database, send notifications, gateway processing
if (isset($_GET["order_placement_result"])) {//show 'order successful' page
$smarty->assign("order_id", $_SESSION["order_id"]);
$smarty->assign("order_amount", $_SESSION["order_amount"]);
$smarty->assign("main_content_template", "order_place.tpl.html");
$smarty->assign("order_is_placed", $_GET["order_placement_result"]);
} else if (isset($_POST["complete_order"])) {//place order
//shopping cart items count
$c = 0;
if (isset($_SESSION["gids"]))
for ($j=0; $j<count($_SESSION["gids"]); $j++)
if ($_SESSION["gids"][$j]) $c += $_SESSION["counts"][$j];
//not empty?
if (isset($_SESSION["gids"]) && $c) {
//insert order into database
db_query("insert into ".ORDERS_TABLE." (order_time, cust_firstname, cust_lastname, cust_email, cust_country, cust_zip, cust_state, cust_city, cust_address, cust_phone) values ('".get_current_time()."','".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["country"]."','".$_POST["zip"]."','".$_POST["state"]."','".$_POST["city"]."','".$_POST["address"]."','".$_POST["phone"]."');") or die (db_error());
$oid = db_insert_id(); //order ID
//now move shopping cart content to the database
$k = 0; //total cart value
$products = array();
$adm = ""; //order notification for administrator
for ($i=0; $i<count($_SESSION["gids"]); $i++) {
if ($_SESSION["gids"][$i]) {
$q = db_query("SELECT name, Price, product_code FROM ".PRODUCTS_TABLE." WHERE productID='".$_SESSION["gids"][$i]."'") or die (db_error());
if ($r = db_fetch_row($q)) {
if ($_SESSION["pack"][$i]) {
$q_pack = db_query("SELECT price, pack_desc FROM ".PRODUCTS_PACK_TABLE." WHERE id='".$_SESSION["pack"][$i]."'") or die (db_error());
$rp = db_fetch_row($q_pack);
$price = $rp[0];
$pdesc = $rp[1];
} else {
$price = $r[1];
$pdesc = "";
}
//product info
$tmp = array(
$_SESSION["gids"][$i],
$r[0],
$_SESSION["counts"][$i],
($_SESSION["counts"][$i]*$price) . " " . $currency_iso_3,
$r[2],
$_SESSION["pack"][$i],
$pdesc);
//store ordered products info into database
$articul = trim($tmp[4]) ? "[".$tmp[4]."] " : "";
db_query("insert into ".ORDERED_CARTS_TABLE." (orderID, productID, name, Price, Quantity, pack) values ('$oid', '".$tmp[0]."', '".$articul.$tmp[1]."', '".$price."', '".$tmp[2]."', '".$tmp[5]."');");
$products[] = $tmp;
//update order amount
$k += $_SESSION["counts"][$i]*$price;
//order notification for administrator - update
$adm .= $articul.$tmp[1]." ".$pdesc." (x".$tmp[2]."): ".$k." ".$currency_iso_3."\n";
}
}
}
//assign order content to smarty
$smarty_mail->assign("order_content", $products);
$smarty_mail->assign("order_total", $k." ".$currency_iso_3);
$smarty_mail->assign("order_id", $oid);
$smarty_mail->assign("order_custname", $_POST["first_name"]." ".$_POST["last_name"]);
$smarty_mail->assign("order_shipping_address", $_POST["address"]."\n".$_POST["city"]." ".$_POST["state"]." ".$_POST["zip"]."\n".$_POST["country"]);
$_SESSION["order_id"] = $oid;
$_SESSION["order_amount"] = $k;
//send message to customer
mail($_POST["email"], EMAIL_CUSTOMER_ORDER_NOTIFICATION_SUBJECT, $smarty_mail->fetch("order_notification.tpl.html"), "From: \"".CONF_SHOP_NAME."\"<".CONF_GENERAL_EMAIL.">\n".stripslashes(EMAIL_MESSAGE_PARAMETERS)."\nReturn-path: <".CONF_GENERAL_EMAIL.">");
//notification for administrator
$od = STRING_ORDER_ID.": $oid\n\n";
$adm .= "\n".CUSTOMER_FIRST_NAME." ".$_POST["first_name"]."\n".CUSTOMER_LAST_NAME." ".$_POST["last_name"]."\n".CUSTOMER_ADDRESS.": ".$_POST["country"].", ".$_POST["zip"].", ".$_POST["state"].", ".$_POST["city"].", ".$_POST["address"]."\n".CUSTOMER_PHONE_NUMBER.": ".$_POST["phone"]."\n".CUSTOMER_EMAIL.": ".$_POST["email"];
mail(CONF_ORDERS_EMAIL, EMAIL_ADMIN_ORDER_NOTIFICATION_SUBJECT, $od.$adm, "From: \"".CONF_SHOP_NAME."\"<".CONF_GENERAL_EMAIL.">\n".stripslashes(EMAIL_MESSAGE_PARAMETERS)."\nReturn-path: <".CONF_GENERAL_EMAIL.">");
unset($_SESSION["gids"]);
unset($_SESSION["counts"]);
//show order placement result
header("Location: index.php?order_placement_result=1");
} else {//empty shopping cart
header("Location: index.php?shopping_cart=yes");
}
}
?>
custord_new_orders.php
<?php
//new orders subdepartment
if(!defined('WORKING_THROUGH_ADMIN_SCRIPT')){
die;
}
if (!strcmp($sub, "new_orders")){
if (isset($_GET["delete"]) && $_GET["delete"]){ //cancel order without affecting products table
db_query("DELETE FROM ".ORDERED_CARTS_TABLE." WHERE orderID='".$_GET["delete"]."'") or die (db_error());
db_query("DELETE FROM ".ORDERS_TABLE." WHERE orderID='".$_GET["delete"]."'") or die (db_error());
header("Location: admin.php?dpt=custord&sub=new_orders");
}
//show all incomplete orders
$q = db_query("SELECT orderID, order_time, cust_firstname, cust_lastname, cust_email, cust_country, cust_zip, cust_state, cust_city, cust_address, cust_phone FROM ".ORDERS_TABLE." order by order_time DESC") or die (db_error());
$result = array(); $i=0;
while ($row = db_fetch_row($q)){
foreach($row as $key=>$val){
$val = str_replace("<","<",$val);
$val = str_replace("\"",""",$val);
$row[$key] = $val;
}
$result[$i++] = $row;
}
$smarty->assign("new_order_count", count($result)); //new orders qunatity
//get all orders into array $result
for ($i=0; $i<count($result); $i++){
$prs = "";
$total = 0;
$q = db_query("SELECT name, Price, Quantity, pack FROM ".ORDERED_CARTS_TABLE." WHERE orderID=".$result[$i][0]."") or die(db_error());
while ($it = db_fetch_row($q)){
if($it[3]>0) {
$q_pack = db_query("SELECT pack_desc FROM ".PRODUCTS_PACK_TABLE." WHERE id='".$it[3]."'") or die (db_error());
$pdesc = db_fetch_row($q_pack);
$pack = $pdesc[0];
} else{
$pack = "";
}
$prs .= "$it[0] $pack x $it[2]: ".show_price($it[1]*$it[2])."<br>";
$total += $it[1]*$it[2];
}
//add several parameters to the orders array
$result[$i][11] = $prs; //order value
$result[$i][12] = show_price($total); //order value
}
$smarty->assign("orders", $result);
$smarty->assign("admin_sub_dpt", "custord_new_orders.tpl.html");
}
?>