Code:<?php
if (!stristr($_SERVER['SCRIPT_NAME'], 'modules.php')) {
die ('You can\'t access this file directly...');
}
require_once 'mainfile.php';
$module_name = basename(dirname(__FILE__));
require_once 'modules/$module_name/includes/core.php';
get_lang($module_name);
function userOrders(){
global $user, $prefix, $db, $bgcolor2;
include_once 'header.php';
user_menu();
search_menu();
$userinfo = cartuserinfo();
if (is_user($user)){
$orders = $db->sql_query('SELECT `orderID`, `orderDate`, `orderStatus` FROM `' . $prefix . '_cart_orders` WHERE `userID` = \'' . $userinfo[user_id] . '\'');
$order_num = $db->sql_numrows($orders);
OpenTable();
echo '<div align="center" class="title">' . _EMPORIUM_MODULE_ACCOUNT_ORDERS_PREVIOUSORDERS . '</div>' , PHP_EOL;
CloseTable();
echo '<br />' , PHP_EOL;
if($order_num > 0){
OpenTable();
echo '<table border="0" cellpadding="2" cellspacing="0" width="100%">' , PHP_EOL
, '<tr><td width="100%" align="center" valign="top">' , PHP_EOL
, '<table border="0" cellpadding="2" cellspacing="0">' , PHP_EOL
, '<tr>' , PHP_EOL
, '<td class="option" bgcolor="' . $bgcolor2 . '" align="center">' . _EMPORIUM_MODULE_ACCOUNT_ORDERS_ORDERNUM . '</td>' , PHP_EOL
, '<td class="option" bgcolor="' . $bgcolor2 . '" align="center">' . _EMPORIUM_MODULE_ACCOUNT_ORDERS_ORDERDATE . '</td>' , PHP_EOL
, '<td class="option" bgcolor="' . $bgcolor2 . '" align="center">' . _EMPORIUM_MODULE_ACCOUNT_ORDERS_ORDERSTATUS . '</td>' , PHP_EOL
, '<td class="option" bgcolor="' . $bgcolor2 . '" align="center">' . _EMPORIUM_MODULE_ACCOUNT_ORDERS_ORDERFUNCTIONS . '</td>' , PHP_EOL
, '</tr>' , PHP_EOL;
while (list($orderID, $orderDate, $status) = $db->sql_fetchrow($orders)) {
list($statusLabel) = $db->sql_fetchrow($db->sql_query('SELECT `statusLabel` FROM `' . $prefix . '_cart_orders_status` WHERE `statusID` = \'' . $status . '\''));
echo '<tr>' , PHP_EOL
, '<td class="content" align=center><a href="modules.php?name=Shopping_Cart&file=orders&c_op=viewReceipt&orderID=$orderID"><b>' . $orderID . '</b></a></td>' , PHP_EOL
, '<td class="content" align="center">' . $orderDate . '</td>' , PHP_EOL
, '<td class="content" align="center">' . $statusLabel . '</td>' , PHP_EOL
, '<td class="content" align="center">[ <a href="modules.php?name=Shopping_Cart&file=orders&c_op=viewReceipt&orderID=$orderID">' . _EMPORIUM_MODULE_ACCOUNT_ORDERS_ORDERVIEW . '</a> ]</td>' , PHP_EOL
, '</tr>' , PHP_EOL;
}
echo '</table>' , PHP_EOL
, '</td>' , PHP_EOL
, '<td width="50%" align="center" valign="top" class="content">' , PHP_EOL
, '</td></tr></table><p>' , PHP_EOL;
CloseTable();
} else {
OpenTable();
echo '<center><b>' . _EMPORIUM_MODULE_ACCOUNT_ORDERS_NOPREVIOUSORDERS . '</b><center>' , PHP_EOL;
CloseTable();
}
} else {
OpenTable();
echo '<center><b>' . _EMPORIUM_MODULE_ACCOUNT_NLI . '</b><center>' , PHP_EOL;
CloseTable();
}
include_once 'footer.php';
}
function userConfig(){
global $user, $admin, $prefix, $db, $bgcolor2;
include_once 'header.php';
user_menu();
search_menu();
if (is_user($user)) {
$userinfo = cartuserinfo();
OpenTable();
echo '<form name="cart" method=post action="modules.php"><input type="hidden" name="name" value="Shopping_Cart" /><input type="hidden" name="file" value="account" /><input type="hidden" name="c_op" value="userConfigUpdate" />' , PHP_EOL;
echo '<table align=center><font class="title" align="center"><b>' . _EMPORIUM_MODULE_ACCOUNT_USERINFORMATION . '</b></font></table><hr color="' . $bgcolor2 . '" />';
echo '<table border="0" cellpadding="2" cellspacing="0" width="100%">' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_USERNAME . ':</td>' , PHP_EOL
, '<td class="content" align="center">' . $userinfo[username] . '</td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_EMAIL . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="email" size="25" value="' . $userinfo[email] . '" /></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_FIRSTNAME . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="fname" size="25" value="' . $userinfo[fname] . '" /></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_LASTNAME . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="lname" size="25" value="' . $userinfo[lname] . '" /></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_ADDRESS . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="address1" size="25" value="' . $userinfo[address1] . '" /></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right"></td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="address2" size="25" value="' . $userinfo[address2] . '" /></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_CITY . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="city" size="25" value="' . $userinfo[city] . '"></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_STATE . ':</td>' , PHP_EOL
, '<td class="content" align="center">' , PHP_EOL;
echo '<select name="state" class="content">' , PHP_EOL;
echo '<option value="$0" "' . $sel . '">' . _EMPORIUM_MODULE_ACCOUNT_SELECTONE . '</option>' , PHP_EOL;
$states = $db->sql_query('SELECT `stateID`, `stateName` FROM `' . $prefix . '_cart_states`');
while (list($stateID, $stateName) = $db->sql_fetchrow($states)) {
if ($stateID == $userinfo[state]) { $sel = ' SELECTED'; } else { $sel = ''; }
echo '<option value="' . $stateID . '" ' . $sel . '>' . $stateName . '</option>' , PHP_EOL;
}
echo '</select></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_POSTALCODE . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="postcode" size="25" value="' . $userinfo[postcode] . '"></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_COUNTRY . ':</td>'
, '<td class="content" align="center">' , PHP_EOL;
echo '<select name="country" class="content">' , PHP_EOL;
$countries = $db->sql_query('SELECT `countryID`, `countryName` FROM `' . $prefix . '_cart_countries` ORDER BY `countryName`');
while (list($countryID, $countryName) = $db->sql_fetchrow($countries)) {
if ($countryID == $userinfo[country]) { $sel = ' SELECTED'; } else { $sel = ''; }
echo '<option value="' . $countryID . '" ' . $sel . '>' . $countryName . '</option>' , PHP_EOL;
}
echo '</select></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_DAYPHONE . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="dayPhone" size="25" value="' . $userinfo[dayPhone] . '" /></td></tr>' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_EVEPHONE . ':</td>' , PHP_EOL
, '<td class="content" align="center"><input type="text" name="evePhone" size="25" value="' . $userinfo[evePhone] . '" /></td></tr>' , PHP_EOL;
echo '</table>' , PHP_EOL;
CloseTable();
echo '<br />' , PHP_EOL;
OpenTable();
echo '<table align="center"><font class="title" align="center"><b>' . _EMPORIUM_MODULE_ACCOUNT_CARTPREFERENCES . '</b></font></table><hr color="' . $bgcolor2 . '" />' , PHP_EOL;
echo '<table align="center" width="100%">' , PHP_EOL;
echo '<tr><td class="option" align="right">' . _EMPORIUM_MODULE_ACCOUNT_CURRENCY . ':</td>' , PHP_EOL
, '<td class="content" align="center">' , PHP_EOL;
echo '<select name="currID" class="content">' , PHP_EOL;
if($userinfo[myCurr] == 0){ $sel = 'SELECTED'; } else { $sel = ''; }
echo '<option value="0" ' . $sel . '>' . _EMPORIUM_MODULE_ACCOUNT_DEFAULT . '' , PHP_EOL
$currencies = $db->sql_query('SELECT `currID`, `currency`, `currname` FROM `' . $prefix . '_cart_currencies` WHERE `active` = 1 ORDER BY `currency`');
while (list($currID, $currency, $currname) = $db->sql_fetchrow($currencies)) {
if ($currID == $userinfo[myCurr]) { $sel = ' SELECTED'; } else { $sel = ''; }
echo '<option value="' . $currID . ' ' . $sel . '>' . $currency . '' , PHP_EOL;
}
echo '</select><br /></td></tr>' , PHP_EOL;
echo '</table>' , PHP_EOL;
CloseTable();
echo '<br />' , PHP_EOL;
OpenTable();
echo '<table border="0" cellpadding="2" cellspacing="0" width="100%">' , PHP_EOL;
echo '<tr><td class="content" align="center><input type="submit" class="cartbotton" value="' . _EMPORIUM_MODULE_ACCOUNT_UPDATEDETAILS . '" /></td></tr>' , PHP_EOL;
echo '</table>' , PHP_EOL;
CloseTable();
} else {
OpenTable();
echo '' . _EMPORIUM_MODULE_ACCOUNT_NLI . '' , PHP_EOL;
CloseTable();
}
include_once 'footer.php';
}
function userConfigUpdate($fname, $lname, $email, $address1, $address2, $city, $state, $postcode, $country, $dayPhone, $evePhone, $currID){
global $user, $prefix, $db;
if (is_user($user)) {
$userinfo = cartuserinfo();
//Let's sanitize it before it goes to the db added by Nuken
$fname = $db->sql_escape_string(html_entity_decode(check_html($fname, 'nohtml'), ENT_QUOTES));
$lname = $db->sql_escape_string(html_entity_decode(check_html($lname, 'nohtml'), ENT_QUOTES));
$email = $db->sql_escape_string(html_entity_decode(check_html($email, 'nohtml'), ENT_QUOTES));
$address1 = $db->sql_escape_string(html_entity_decode(check_html($address1, 'nohtml'), ENT_QUOTES));
$address2 = $db->sql_escape_string(html_entity_decode(check_html($address2, 'nohtml'), ENT_QUOTES));
$city = $db->sql_escape_string(html_entity_decode(check_html($city, 'nohtml'), ENT_QUOTES));
$state = $db->sql_escape_string(html_entity_decode(check_html($state, 'nohtml'), ENT_QUOTES));
$postcode = $db->sql_escape_string(html_entity_decode(check_html($postcode, 'nohtml'), ENT_QUOTES));
$country = $db->sql_escape_string(html_entity_decode(check_html($country, 'nohtml'), ENT_QUOTES));
$dayPhone = $db->sql_escape_string(html_entity_decode(check_html($dayPhone, 'nohtml'), ENT_QUOTES));
$evePhone = $db->sql_escape_string(html_entity_decode(check_html($evePhone, 'nohtml'), ENT_QUOTES));
$currID = $db->sql_escape_string(html_entity_decode(check_html($currID, 'nohtml'), ENT_QUOTES));
//End sanitize
$db->sql_query('UPDATE `' . $prefix . '_cart_users` SET `fname` = \'' . $fname . '\', `lname` = \'' . $lname . '\', `email` = \'' . $email . '\', `address1` = \'' . $address1 . '\', `address2` = \'' . $address2 . '\', `city` = \'' . $city . '\', `state` = \'' . $city . '\', `postcode` = \'' . $postcode . '\', `country` = \'' . $country . '\', `dayPhone` = \'' . $dayPhone . '\', `evePhone` = \'' . $evePhone . '\', `myCurr` = \'' . $currID . '\' WHERE `user_id` = \'' . $userinfo[user_id] . '\'');
}
header('Location: modules.php?name=Shopping_Cart&file=account&c_op=userConfig');
}
function guestLogin(){
header('Location: account.html');
}
function setUserCurrency($currID, $redir) {
global $prefix, $db, $user, $cartsession;
if (is_user($user)) {
$userinfo = cartuserinfo();
$db->sql_query('UPDATE `' . $prefix . '_cart_users` SET `myCurr` = \'' . $currID . '\' WHERE `user_id` = \'' . $userinfo[user_id] . '\'');
header('Location: modules.php?name=Shopping_Cart&file=account');
} else {
$db->sql_query('UPDATE `' . $prefix . '_cart_guests` SET `myCurr` = \'' . $currID . '\' WHERE `sessionID` = \'' . $cartsession . '\'');
header('Location: modules.php?name=Shopping_Cart');
}
}
switch($c_op) {
case 'setUserCurrency':
setUserCurrency($currID, $redir);
break;
case 'userOrders':
userOrders();
break;
case 'userConfigUpdate':
userConfigUpdate($fname, $lname, $email, $address1, $address2, $city, $state, $postcode, $country, $dayPhone, $evePhone, $currID);
break;
case 'guestLogin':
guestLogin();
break;
case 'userConfig':
default:
userConfig();
break;
}
|