File: D:/HostingSpaces/SBogers10/deensekroon.komma-mediadesign.nl/wwwroot/admin/php/giftcards.php
<?php
/**
Directs the user to the correct page
*/
function initGiftcards(){
$output = '';
if(isset($_POST['back']))
{
if(isset($_POST['location']))
{
$location = $_POST['location'];
header('location: '.$location);
}
else{
$output .= showDashboard();
}
}
else if(isset($_POST['sbm-add-card']))
{
$output .= validateAddEdit('add');
}
else if(isset($_POST['sbm-edit-card']))
{
$output .= validateAddEdit('edit');
}
else if(isset($_POST['askMoveToTrash']))
{
$output .= askMoveToTrash();
}
else if(isset($_POST['moveToTrash']))
{
$output .= moveToTrash();
}
else if(defined('URL_SUB'))
{
$action = URL_SUB;
switch($action)
{
case 'add-card':
$output .= showFormAddEdit('add');
break;
case 'edit-card':
$output .= showFormAddEdit('edit');
break;
default:
$output .= showDashboard();
}
}
else
{
$output .= showDashboard();
}
return $output;
}
/**
Shows a list of giftcards
*/
function showDashboard()
{
// Unset add & edit session
if(isset($_SESSION['addedit-gc'])) unset($_SESSION['addedit-gc']);
// Global
global $mysqli;
$siteLabels = getLanguage();
$output = '';
// Title
$output .= '<h1>Giftcards</h1>';
$output .= '<form action="" name="chkForm" method="post">';
// Submenu
$output .= '<div class="submenu">';
$output .= '<a href="/admin/giftcards/add-card/" class="btn184 proceed">Add Giftcard</a>';
$output .= '<input type="submit" name="askMoveToTrash" value="Delete selected" class="btn184"/>';
$output .= '<div class="clear"></div>';
$output .= '</div>';
// List
$output .= '<div class="itemlist-row itemlist-heading">';
$output .= '<div class="itemlist-single-column"> </div>';
$output .= '<div class="itemlist-double-column"><input type="checkbox" name="checkCtrl" value="checkAll" onClick="check_all(this);" class="itemlist-cbox">title</div>';
$output .= '<div class="itemlist-single-column">code</div>';
$output .= '<div class="itemlist-single-column">ammount</div>';
$output .= '<div class="itemlist-single-column">remainder</div>';
$output .= '<div class="itemlist-single-column">status</div>';
$output .= '<div class="itemlist-double-column status-column"> </div>';
$output .= '<div class="itemlist-single-column itemlist-edit">edit</div>';
$output .= '</div>';
// Get info
$query = 'SELECT g.id, g.title, g.code, g.amount, g.remainder
FROM gc_cards as g, content_status as s
WHERE s.active = 1
AND s.itemId = g.id
AND s.linkname = "gc_cards"
ORDER BY g.timest DESC';
if($result = $mysqli->query($query)){
while($record = $result->fetch_assoc()){
$id = fromDatabase($record['id']);
$title = fromDatabase($record['title']);
$amount = displayPrice($record['amount']);
$remainder = displayPrice($record['remainder']);
$code = $record['code'];
if($record['remainder'] == $record['amount'])
{
$status = '<span class="orderlist-green">ongebruikt</span>';
}
else if($record['remainder'] > 0)
{
$status = '<span class="orderlist-orange">in gebruik</span>';
}
else{
$status = '<span class="orderlist-red">op</span>';
}
$output .= '<div class="itemlist-row">';
$output .= '<div class="itemlist-single-column"> </div>';
$output .= '<div class="itemlist-double-column"><input type="checkbox" name="option[]" id="option" value="'.$id.'" class="itemlist-cbox"/>'.$title.'</div>';
$output .= '<div class="itemlist-single-column">'.$code.'</div>';
$output .= '<div class="itemlist-single-column">'.$amount.'</div>';
$output .= '<div class="itemlist-single-column">'.$remainder.'</div>';
$output .= '<div class="itemlist-single-column">'.$status.'</div>';
$output .= '<div class="itemlist-double-column status-column"> </div>';
$output .= '<div class="itemlist-single-column itemlist-edit">';
if($remainder == $amount) $output .= '<a href="/admin/giftcards/edit-card/'.$id.'/" class="itemlist-btn" id="itemlist-btn-edit"></a>';
$output .= '</div>';
$output .= '</div>';
}
}
return $output;
}
/**
Shows the form to add or edit giftcards
*/
function showFormAddEdit($method)
{
// Globals
global $mysqli;
$siteLabels = getLanguage();
// Create session
if( ! isset($_SESSION['addedit-gc']))
{
$_SESSION['addedit-gc'] = array('title' => '', 'amount' => '');
}
// If method is equal to "edit", put values in the session
if($method == 'edit')
{
$editId = URL_SUB2;
if(is_numeric($editId))
{
$query = 'SELECT title, amount FROM gc_cards WHERE id = '.$editId.' LIMIT 1';
if($result = $mysqli->query($query))
{
$record = $result->fetch_assoc();
$_SESSION['addedit-gc']['title'] = fromDatabase($record['title']);
$_SESSION['addedit-gc']['amount'] = fromDatabase($record['amount']);
}
}
}
// Output form
$output = '';
$output .= '<h1>Giftcards › ';
if($method == 'add') $output .= 'Add new giftcard</h1>';
if($method == 'edit') $output .= 'Edit giftcard</h1>';
$output .= '<form action="" method="post">';
$output .= '<div class="single-column addproduct-lefttop margin-bottom-40">';
// title
$output .= 'Titel *<br />';
$output .= '<input type="text" name="gc-title" value="'.$_SESSION['addedit-gc']['title'].'" class="txt" />';
// amount
$output .= 'Waarde *<br />';
$output .= '<input type="text" name="gc-amount" value="'.$_SESSION['addedit-gc']['amount'].'" class="txt" /><br />';
// submit
if($method == 'add')
{
$output .= '<input type="submit" name="sbm-add-card" value="Add Giftcard" class="btn176 proceed"/>';
$output .= '<input type="hidden" name="location" value="../"/>';
}
else
{
$output .= '<input type="hidden" name="editId" value="'.$editId.'"/>';
$output .= '<input type="submit" name="sbm-edit-card" value="Edit Giftcard" class="btn176 proceed"/>';
$output .= '<input type="hidden" name="location" value="../../"/>';
}
$output .= '<input type="submit" name="back" value="'.$siteLabels['form-cancel'].'" class="btn176"/>';
$output .= '</div>';
$output .= '</form>';
return $output;
}
/**
Validates the form, then updates the database
*/
function validateAddEdit($method)
{
global $mysqli;
// save all values in session
$title = $_SESSION['addedit-gc']['title'] = $_POST['gc-title'];
$amount = $_SESSION['addedit-gc']['amount'] = $_POST['gc-amount'];
// check for empty values
if( ! empty($title) && ! empty($amount))
{
// check for valid amount
if($amount = checkPrice($amount))
{
$_SESSION['addedit-gc']['amount'] = $amount;
if($method == 'add')
{
// create code
$code = randomCardcode();
// add values to database
$title = inDatabase($title);
$code = inDatabase($code);
if($mysqli->query('INSERT INTO gc_cards(code, title, amount, remainder, timest) VALUES("'.$code.'", "'.$title.'", "'.$amount.'", "'.$amount.'",'.time().')'))
{
$itemId = $mysqli->insert_id;
$mysqli->query('INSERT INTO content_status ( linkname, itemId, active, timest) VALUES("gc_cards","'.$itemId.'","1",'.time().')');
unset($_SESSION['addedit-gc']);
header('location: ../');
exit;
}
else{
// echo $mysqli->error;
}
}
else{
// update database
$editId = $_POST['editId'];
$title = inDatabase($title);
$mysqli->query('UPDATE gc_cards SET title = "'.$title.'", amount = "'.$amount.'", remainder = "'.$amount.'" WHERE id = "'.$editId.'" ');
header('location: ../../');
exit;
}
}
}
header('location: ./');
exit;
}
/**
Makes sure the user want to move something to the trash
*/
function askMoveToTrash()
{
global $mysqli;
$siteLabels = getLanguage();
if(isset($_POST['option']))
{
$output = '';
$output .= $siteLabels['products-movetotrash-areyousure'].'<br /><br />';
$output .= '<div class="itemlist-row itemlist-heading">';
$output .= '<div class="itemlist-single-column"> </div>';
$output .= '<div class="itemlist-double-column">title</div>';
$output .= '<div class="itemlist-single-column">code</div>';
$output .= '<div class="itemlist-single-column">ammount</div>';
$output .= '<div class="itemlist-single-column">remainder</div>';
$output .= '<div class="itemlist-double-column"> </div>';
$output .= '<div class="itemlist-single-column status-column"> </div>';
$output .= '<div class="itemlist-single-column itemlist-edit"> </div>';
$output .= '</div>';
foreach($_POST['option'] as $id)
{
//get info
$query = 'SELECT title, amount, remainder, code
FROM gc_cards
WHERE id = '.$id.' LIMIT 1';
if($result = $mysqli->query($query))
{
$record = $result->fetch_assoc();
$title = fromDatabase($record['title']);
$amount = displayPrice($record['amount']);
$remainder = displayPrice($record['remainder']);
$code = $record['code'];
$output .= '<div class="itemlist-row">';
$output .= '<div class="itemlist-single-column"> </div>';
$output .= '<div class="itemlist-double-column">'.$title.'</div>';
$output .= '<div class="itemlist-single-column">'.$code.'</div>';
$output .= '<div class="itemlist-single-column">'.$amount.'</div>';
$output .= '<div class="itemlist-single-column">'.$remainder.'</div>';
$output .= '<div class="itemlist-double-column"> </div>';
$output .= '<div class="itemlist-single-column status-column">status</div>';
$output .= '<div class="itemlist-single-column itemlist-edit"> </div>';
$output .= '</div>';
}
}
$output .= '<div class="clear"></div>';
$output .= '<br /><br />';
$output .= '<form action="" name="moveToTrash" method="post" enctype="multipart/form-data">';
foreach($_POST['option'] as $id){
$output .= '<input type="hidden" name="sel_cards[]" value="'.$id.'" />';
}
$output .= '<input type="submit" name="moveToTrash" value="'.$siteLabels['form-yes'].'" class="btn176"/>';
$output .= '<input type="hidden" name="location" value="./"/>';
$output .= '<input type="submit" name="back" value="'.$siteLabels['form-no'].'" class="btn176 proceed"/>';
$output .= '</form>';
return $output;
}
else
{
$errors[] = $siteLabels['fm-nothingselected'];
displayErrors($errors);
header('location: ./');
}
}
/**
Moves giftcards to the trash
*/
function moveToTrash()
{
global $mysqli;
$siteLabels = getLanguage();
if(isset($_POST['sel_cards']))
{
foreach($_POST['sel_cards'] as $id){
/* For each product; change content status to 0 */
$queries[] = 'UPDATE content_status SET active = 0 WHERE itemId ='.$id.' AND linkname = "gc_cards"';
}
// Set autocommit to FALSE
$mysqli->autocommit(FALSE);
foreach($queries as $query)
{
if(!$mysqli->query($query))
{
$errors[] = $siteLabels['fm-somethingwentwrong'];
}
}
// ROLLBACK of COMMIT
if(isset($errors))
{
$mysqli->rollback();
displayErrors($errors);
}
else
{
$mysqli->commit();
$msg = str_replace('[numitems]', count($_POST['sel_cards']), $siteLabels['fm-itemsmovedtotrash']);
$_SESSION['feed-msg'] = '<span class="fm-suc"><span class="fm-suc-v">√</span>'.$msg.'</span>';
header('location: ./');
}
}
}
/**
Create random cardcode
*/
function randomCardcode(){
global $mysqli;
// settings
$lenght = 6;
$lowercase = true;
$uppercase = true;
$numeric = true;
$special = false;
$availableCharacters = null;
// configure characters
$lowercaseCharacters = 'abcdefghijklmnopqrstuvwxyz';
$uppercaseCharacters = strtoupper($lowercaseCharacters);
$numericCharacters = '0123456789';
$specialCharacters = '!@#$%^&';
// create string
$availableCharacters = ($lowercase ? $lowercaseCharacters : '').($uppercase ? $uppercaseCharacters : '').($numeric ? $numericCharacters : '').($special ? $specialCharacters : '');
$numOfCharacters = strlen($availableCharacters);
// create code
$code = 'GC';
for($i = 0; $i < $lenght; $i++){
$r = rand(1,$numOfCharacters);
$code .= substr($availableCharacters, $r, 1);
}
// check if exists
if($result = $mysqli->query('SELECT code FROM gc_cards WHERE code = "'.$code.'" LIMIT 1'))
{
if($result->num_rows == 0)
{
return $code;
}
else{
return randomCardcode();
}
}
}