Просмотр файла Ashop/order/order.php

Автопокупка рекламы
Размер файла: 2.28Kb 
<?
include "../config.inc";
// Check if the required fields were filled in...

if (($firstname=="") || ($lastname=="") || ($email=="") || ($address=="") || ($zip=="") || ($city=="") || ($phone=="")) {
    header("Location:error1.html");
    exit;
}

// Create ordermessage to be sent to the shop maintainer by email...
$message="$ashopname - order\n\n";
foreach ($HTTP_POST_VARS as $field => $value) {
  if (!($field == "Submit")) {
	$message=$message."$field: $value\n\n";
  }
}

$products = "Products from $ashopname";
$date = date("Y-m-d H:i:s", time()+$timezoneoffset);

// Open database...
$db = @mysql_connect("localhost", "$databaseuser", "$databasepasswd");
@mysql_select_db("$databasename",$db);

// Store customerinfo...
$sql="SELECT customerid FROM customer WHERE email='$email'";
$result = @mysql_query("$sql",$db);
if (@mysql_num_rows($result) != 0) {
  $customerid = @mysql_result($result, 0, "customerid");
} else {
  $sql = "INSERT INTO customer (firstname, lastname, email, address, zip, city, phone, customerid) VALUES ('$firstname', '$lastname', '$email', '$address', '$zip', '$city', '$phone', 0)";
  $result = @mysql_query("$sql",$db);
  $customerid = @mysql_insert_id();
}

// Store order...
$sql = "INSERT INTO orders (customerid, orderid, products, date, price, paymentmethod, ip) VALUES ('$customerid','0','$products','$date','$sum','$paymentmethod','$REMOTE_ADDR')";
  $result = @mysql_query("$sql",$db);
  $orderid = @mysql_insert_id();

  // Reward affiliate...
  if($affiliate!="") {
    $sql="SELECT orders FROM affiliatestats WHERE affiliateid='$affiliate'";
    $result = @mysql_query("$sql",$db);
    if (@mysql_num_rows($result) != 0) {
      $orders = @mysql_result($result, 0, "orders");
      $sql = "UPDATE affiliatestats SET orders=$orders+1 WHERE affiliateid='$affiliate'";
      $result = @mysql_query("$sql",$db);
    }
    $sql="INSERT INTO orderaffiliate (affiliateid, orderid) VALUES ('$affiliate', '$orderid')";
    $result = @mysql_query("$sql", $db);
  }

  // Send order message by mail to shop maintainer...
  mail("$orderrecipient","$ordersubject","$message","From: $email \nContent-Type: text/plain; charset=windows-1251\nContent-Transfer-Encoding: 8bit");

  @mysql_close($db);
  header("Location:../orderinfo.php");

?>