PageRenderTime 40ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/application/views/pages/admin/prodsnew.php

https://bitbucket.org/chadsaun/ifrogz-panel
PHP | 200 lines | 186 code | 7 blank | 7 comment | 36 complexity | 416cfb17d0ab19544feae16b8a28ac84 MD5 | raw file
  1. <script language="JavaScript" type="text/javascript" src="http://assets.ifrogz.com/lib/packages/scriptaculous-js/1.5.1/prototype.js"></script>
  2. <?php
  3. //This code is copyright (c) Internet Business Solutions SL, all rights reserved.
  4. //The contents of this file are protect under law as the intellectual property of Internet
  5. //Business Solutions SL. Any use, reproduction, disclosure or copying of any kind
  6. //without the express and written permission of Internet Business Solutions SL is forbidden.
  7. //Author: Vince Reid, vince@virtualred.net
  8. if(@$storesessionvalue=="") $storesessionvalue="virtualstore".time();
  9. if($_SESSION["loggedon"] != $storesessionvalue || @$disallowlogin==TRUE) exit();
  10. $success=TRUE;
  11. $nprodoptions=0;
  12. $nprodsections=0;
  13. $nalloptions=0;
  14. $nallsections=0;
  15. $nalldropship=0;
  16. $alreadygotadmin = getadminsettings();
  17. $simpleOptions = (($adminTweaks & 2)==2);
  18. $simpleSections = (($adminTweaks & 4)==4);
  19. $dorefresh=FALSE;
  20. if(@$maxprodsects=="") $maxprodsects=20;
  21. if ($_POST['search']) {
  22. $xSearchFor = $_POST['searchfor'];
  23. $whereand = ' WHERE ';
  24. $sql = "SELECT p.*, s.sectionName, s.sectionWorkingName
  25. FROM multisections ms RIGHT JOIN products p ON p.pId = ms.pId LEFT OUTER JOIN sections s ON p.pSection = s.sectionID";
  26. if ($_POST['incategory'] != '') {
  27. $sectionids = getsectionids($_POST['incategory'], TRUE);
  28. if($sectionids != "") $sql .= $whereand . " (p.pSection IN (" . $sectionids . ") OR ms.pSection IN (" . $sectionids . ")) ";
  29. $whereand=' AND ';
  30. }
  31. if (!empty($_POST['price'])) {
  32. $sprice = $_POST['price'];
  33. if(strpos($sprice, '-') !== FALSE){
  34. $pricearr=split('-', $sprice);
  35. if(! is_numeric($pricearr[0])) $pricearr[0]=0;
  36. if(! is_numeric($pricearr[1])) $pricearr[1]=10000000;
  37. $sql .= $whereand . "pPrice BETWEEN " . $pricearr[0] . " AND " . $pricearr[1];
  38. $whereand=' AND ';
  39. }elseif(is_numeric($sprice)){
  40. $sql .= $whereand . "pPrice='" . mysql_real_escape_string($sprice) . "' ";
  41. $whereand=' AND ';
  42. }
  43. }
  44. if (!empty($_POST['searchfor'])) {
  45. $Xstext = mysql_real_escape_string($_POST['searchfor']);
  46. $aText = split(" ",$Xstext);
  47. $aFields[0]="p.pId";
  48. $aFields[1]=getlangid("pName",1);
  49. $aFields[2]=getlangid("pDescription",2);
  50. if($stype=="exact"){
  51. $sql .= $whereand . "(products.pId LIKE '%" . $Xstext . "%' OR ".getlangid("pName",1)." LIKE '%" . $Xstext . "%' OR ".getlangid("pDescription",2)." LIKE '%" . $Xstext . "%' OR ".getlangid("pLongDescription",4)." LIKE '%" . $Xstext . "%') ";
  52. $whereand=' AND ';
  53. }else{
  54. $sJoin="AND ";
  55. if($stype=="any") $sJoin="OR ";
  56. $sql .= $whereand . "(";
  57. $whereand=' AND ';
  58. for($index=0;$index<=2;$index++){
  59. $sql .= "(";
  60. $rowcounter=0;
  61. $arrelms=count($aText);
  62. foreach($aText as $theopt){
  63. if(is_array($theopt))$theopt=$theopt[0];
  64. $sql .= $aFields[$index] . " LIKE '%" . $theopt . "%' ";
  65. if(++$rowcounter < $arrelms) $sql .= $sJoin;
  66. }
  67. $sql .= ") ";
  68. if($index < 2) $sql .= "OR ";
  69. }
  70. $sql .= ") ";
  71. }
  72. }
  73. if(@$_REQUEST['stock']=='1') {
  74. $sql .= $whereand . '(pInStock<=0 AND pStockByOpts=0)';
  75. }
  76. $sql .= ' ORDER BY pName';
  77. //echo $sql;
  78. $res = mysql_query($sql) or print(mysql_error());
  79. }
  80. ?>
  81. <form id="mainform" name="mainform" method="post" action="/admin/prodsnew.php">
  82. <table width="100%" cellpadding="5" cellspacing="0" border="1" bordercolor="#95A7CF" style="border-collapse: collapse;">
  83. <tr>
  84. <td bgcolor="#E6E9F5" align="right">Search For:</td>
  85. <td><input type="text" id="searchfor" name="searchfor" value="<?=$_POST['searchfor']?>" /></td>
  86. <td bgcolor="#E6E9F5" align="right">Price:</td>
  87. <td><input type="text" id="price" name="price" value="<?=$_POST['price']?>" /></td>
  88. </tr>
  89. <tr>
  90. <td bgcolor="#E6E9F5" align="right">Search Type:</td>
  91. <td>
  92. <select id="searchtype" name="searchtype">
  93. <option value="all">All words</option>
  94. <option value="any">Any word</option>
  95. <option value="exact">Exact phrase</option>
  96. </select>
  97. </td>
  98. <td bgcolor="#E6E9F5" align="right">In Category:</td>
  99. <td>
  100. <select id="incategory" name="incategory">
  101. <?php
  102. $thecat = @$_POST['incategory'];
  103. ?>
  104. <option value=""<?=(empty($thecat)) ? 'selected="selected"' : '' ?>>All Categories</option>
  105. <?php
  106. if($thecat != '') $thecat = (int)$thecat;
  107. $sSQL = "SELECT sectionID,sectionWorkingName,topSection,rootSection FROM sections " . (@$adminonlysubcats==TRUE ? "WHERE rootSection=1 ORDER BY sectionWorkingName" : "ORDER BY sectionWorkingName");
  108. $allcats = mysql_query($sSQL) or print(mysql_error());
  109. $lasttsid = -1;
  110. while ($row = mysql_fetch_row($allcats)) {
  111. $allcatsa[$numcats++]=$row;
  112. }
  113. if ($numcats > 0) {
  114. for($index=0;$index<$numcats;$index++) {
  115. print '<option value="' . $allcatsa[$index][0] . '"';
  116. if($allcatsa[$index][0]==$thecat) print ' selected';
  117. print '>' . $allcatsa[$index][1] . "</option>\n";
  118. }
  119. }
  120. ?>
  121. </select>
  122. </td>
  123. </tr>
  124. <tr>
  125. <td colspan="4" align="center" bgcolor="#E6E9F5">
  126. <input type="submit" id="search" name="search" value="Search" />
  127. </td>
  128. </tr>
  129. </table>
  130. </form>
  131. <div>&nbsp;</div>
  132. <?php
  133. if ($res) {
  134. ?>
  135. <table cellpadding="3" cellspacing="0" border="0" width="100%">
  136. <tr>
  137. <td><strong>Product ID</strong></td>
  138. <td><strong>Product Name</strong></td>
  139. <td><strong>Sections</strong></td>
  140. <td><strong>Section Working Names</strong></td>
  141. </tr>
  142. <?php
  143. if (mysql_num_rows($res) > 0) {
  144. // Build an array for section names
  145. $sql3 = "SELECT * FROM sections";
  146. $res3 = mysql_query($sql3) or print(mysql_error());
  147. $aSections = array();
  148. while ($row3 = mysql_fetch_assoc($res3)) {
  149. $aSections[$row3['sectionID']]['sectionName'] = $row3['sectionName'];
  150. $aSections[$row3['sectionID']]['sectionWorkingName'] = $row3['sectionWorkingName'];
  151. }
  152. $i = 0;
  153. while ($row = mysql_fetch_assoc($res)) {
  154. $sql2 = "SELECT p.pSection, ms.pSection AS mSection
  155. FROM multisections ms
  156. RIGHT JOIN products p ON p.pID = ms.pID
  157. WHERE ms.pID = '" . $row['pID'] . "'";
  158. $res2 = mysql_query($sql2) or print(mysql_error());
  159. ?>
  160. <tr<?=($i % 2 == 0) ? ' bgcolor="#E7EAEF"' : '' ?>>
  161. <td><?=$row['pID']?></td>
  162. <td><?=$row['pName']?></td>
  163. <td><?=$row['sectionName']?> - <em>(Root)</em></td>
  164. <td><?=$row['sectionWorkingName']?></td>
  165. </tr>
  166. <?php
  167. $j = 0;
  168. while ($row2 = mysql_fetch_assoc($res2)) {
  169. ?>
  170. <tr<?=($i % 2 == 0) ? ' bgcolor="#E7EAEF"' : '' ?> style="">
  171. <td>&nbsp;</td>
  172. <td>&nbsp;</td>
  173. <td><?=$aSections[$row2['mSection']]['sectionName']?></td>
  174. <td><?=$aSections[$row2['mSection']]['sectionWorkingName']?></td>
  175. </tr>
  176. <?php
  177. $j++;
  178. }
  179. $i++;
  180. }
  181. mysql_free_result($res);
  182. } else {
  183. ?>
  184. <tr>
  185. <td colspan="4" bgcolor="#E7EAEF" style="text-align: center;"><strong>No products found.</strong></td>
  186. </tr>
  187. <?php
  188. }
  189. ?>
  190. </table>
  191. <?php
  192. }
  193. ?>