orders.php | searchcode

/application/views/pages/admin/orders.php

Large files files are truncated, but you can click here to view the full file

<?php
include('init.php');
if (strstr($_SERVER['HTTP_HOST'], ':8888')) {
	include_once('kohanabase/kohana.php');
} else {
	include_once(IFZROOT.'kohana.php');
}

if ($_POST["return_status_search"]=="")$_SESSION["return_status_search"]="";
else if ($_POST["return_status_search"]!="")$_SESSION["return_status_search"]=$_POST["return_status_search"];
//showarray($_POST);
//$_SESSION['counter']=0;
//$_SESSION['counter_id']=0;
//This code is copyright (c) Internet Business Solutions SL, all rights reserved.
//The contents of this file are protect under law as the intellectual property of Internet
//Business Solutions SL. Any use, reproduction, disclosure or copying of any kind 
//without the express and written permission of Internet Business Solutions SL is forbidden.
//Author: Vince Reid, vince@virtualred.net
include(APPPATH.'views/pages/admin/cartmisc.php');
//session_register('order_id_commas');
$lisuccess=0;
if(@$dateadjust=="") $dateadjust=0;
if(@$dateformatstr == "") $dateformatstr = "m/d/Y";
$admindatestr="Y-m-d";
if(@$admindateformat=="") $admindateformat=0;
if($admindateformat==1)
	$admindatestr="m/d/Y";
elseif($admindateformat==2)
	$admindatestr="d/m/Y";
if(@$storesessionvalue=="") $storesessionvalue="virtualstore".time();
if(@$_GET["doedit"]=="true") $doedit=TRUE; else $doedit=FALSE;
function editfunc($data,$col,$size){
	global $doedit;
	if($doedit) return('<input type="text" id="' . $col . '" name="' . $col . '" value="' . str_replace('"','&quot;',$data) . '" size="' . $size . '">'); else return($data);
}
function editnumeric($data,$col,$size){
	global $doedit;
	if($doedit) return('<input type="text" id="' . $col . '" name="' . $col . '" value="' . number_format($data,2,'.','') . '" size="' . $size . '">'); else return(FormatEuroCurrency($data));
}
if(@$_SESSION["loggedon"] != $storesessionvalue && trim(@$_COOKIE["WRITECKL"])!=""){
	$config_admin = RBI_Kohana::config('database.default_admin.connection');

	$db_admin = mysql_connect($config['hostname'], $config['username'], $config['password']);
	mysql_select_db($config['database']) or die ('DB Admin connection failed.</td></tr></table></body></html>');
	$rbiSQL = 'SELECT * 
			   FROM employee 
			   WHERE username="'.mysql_real_escape_string(unstripslashes(trim(@$_COOKIE["WRITECKL"]))).'" and password="'.mysql_real_escape_string(unstripslashes(trim(@$_COOKIE["WRITECKP"]))).'"';
	$rs_rbi = mysql_query($rbiSQL, $db_admin);
	if(mysql_num_rows($rs_rbi) > 0) {
		@$_SESSION["loggedon"] = $storesessionvalue;
	}else{
		$lisuccess=2;
	}
	mysql_free_result($rs_rbi);
	
	include(APPPATH.'views/partials/admin/dbconnection.php');
}
if(($_SESSION["loggedon"] != $storesessionvalue && $lisuccess!=2) || @$disallowlogin==TRUE) exit;
if(@$htmlemails==TRUE) $emlNl = "<br />"; else $emlNl="\n";
//old release_stock function was here
if($lisuccess==2){
?>
	  <table border="0" cellspacing="0" cellpadding="0" width="100%" bgcolor="" align="center">
        <tr>
          <td width="100%">
            <table width="100%" border="0" cellspacing="0" cellpadding="2" bgcolor="">
			  <tr> 
                <td width="100%" colspan="4" align="center"><p>&nbsp;</p><p>&nbsp;</p>
				  <p><strong><?php print $yyOpFai?></strong></p><p>&nbsp;</p>
				  <p><?php print $yyCorCoo?> <?php print $yyCorLI?> <a href="/admin/login.php"><?php print $yyClkHer?></a>.</p>
				</td>
			  </tr>
			</table>
		  </td>
		</tr>
	  </table>
<?php
}else{
$success=true;
$alreadygotadmin = getadminsettings();
if(@$_POST["updatestatus"]=="1"){
	// updates returns and adds to history
	$result_r=mysql_query("SELECT ordReturnID FROM orders WHERE ordID=".$_POST["orderid"]);
	$row_r=mysql_fetch_assoc($result_r);
	//echo $row_r["ordReturnID"]."=".$_POST["return_status"];
	//exit;
	if($row_r["ordReturnID"]!=$_POST["return_status"] && $_POST["return_status"]>0 ){
		$sql_return_history="INSERT INTO order_returns_history (ordID,reasonID,returnID,date_added) 
		VALUES(".$_POST["orderid"].",".$_POST["return_reason"].",".$_POST["return_status"].",'".date('Y-m-d H:i:s')."')";
		//echo $sql_return_history;
		//exit;
		mysql_query($sql_return_history);
	}
	// end
	mysql_query("UPDATE orders SET ordStatusInfo='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["ordStatusInfo"]))) ."', ordSupportInfo='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["ordSupportInfo"]))) . "' , ordReturnID='" . trim(@$_POST["return_status"]) . "' WHERE ordID=" . @$_POST["orderid"]) or print(mysql_error());
}elseif(@$_GET["id"] != ""){
	// Commented out below code because we put this into a cron job
	/*if(@$_POST["delccdets"] != ""){
		mysql_query("UPDATE orders SET ordCNum='' WHERE ordID=" . @$_GET["id"]);
	}*/
	$sSQL = "SELECT c.cartProdID,c.cartProdName,c.cartProdPrice,c.cartQuantity,c.cartID,p.pDownload,p.p_iscert,d.dsName,pInStock,pSell,c.cartReason,c.cartNote FROM cart c, products p LEFT JOIN dropshipper d ON p.pDropship=d.dsID WHERE c.cartProdID=p.pID AND c.cartOrderID=" . $_GET["id"];
	$allorders = mysql_query($sSQL) or print(mysql_error().$sSQL);
}else{
	// Delete old uncompleted orders.
	//   Commented out below code because we put this into a daily cron job (delcc.php)
	/*if($delccafter != 0){
		$sSQL = "UPDATE orders SET ordCNum='' WHERE ordDate<'" . date("Y-m-d H:i:s", time()-($delccafter*60*60*24)) . "'";
		mysql_query($sSQL) or print(mysql_error().$sSQL);
	}*/
	/*if($delAfter != 0){
		$sSQL = "SELECT cartOrderID,cartID FROM cart WHERE cartCompleted=0 AND cartDateAdded<'" . date("Y-m-d H:i:s", time()-($delAfter*60*60*24)) . "'";
		$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
		if(mysql_num_rows($result)>0){
			$delStr="";
			$delOptions="";
			$addcomma = "";
			while($rs = mysql_fetch_assoc($result)){
				$delStr .= $addcomma . $rs["cartOrderID"];
				$delOptions .= $addcomma . $rs["cartID"];
				$addcomma = ",";
			}
			mysql_query("DELETE FROM orders WHERE ordID IN (" . $delStr . ")") or print(mysql_error());
			mysql_query("DELETE FROM cartoptions WHERE coCartID IN (" . $delOptions . ")") or print(mysql_error());
			mysql_query("DELETE FROM cart WHERE cartID IN (" . $delOptions . ")") or print(mysql_error());
		}
		mysql_free_result($result);
	}else{
		$sSQL = "SELECT cartOrderID,cartID FROM cart WHERE cartCompleted=0 AND cartOrderID=0 AND cartDateAdded<'" . date("Y-m-d H:i:s", time()-(3*60*60*24)) . "'";
		$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
		if(mysql_num_rows($result)>0){
			$delStr="";
			$delOptions="";
			$addcomma = "";
			while($rs = mysql_fetch_assoc($result)){
				$delStr .= $addcomma . $rs["cartOrderID"];
				$delOptions .= $addcomma . $rs["cartID"];
				$addcomma = ",";
			}
			mysql_query("DELETE FROM cartoptions WHERE coCartID IN (" . $delOptions . ")") or print(mysql_error());
			mysql_query("DELETE FROM cart WHERE cartID IN (" . $delOptions . ")") or print(mysql_error());
		}
		mysql_free_result($result);
	}*/
	$numstatus=0;
	$sSQL = "SELECT statID,statPrivate FROM orderstatus WHERE statPrivate<>'' ORDER BY statID";
	$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
	while($rs = mysql_fetch_assoc($result)){
		$allstatus[$numstatus++]=$rs;
	}
	mysql_free_result($result);
}
if(@$_POST["updatestatus"]=="1"){
?>
<script language="JavaScript" type="text/javascript">
<!--
setTimeout("history.go(-2);",1100);
// -->
</script>
	  <table border="0" cellspacing="0" cellpadding="0" width="100%" bgcolor="" align="center">
        <tr>
          <td width="100%">
            <table width="100%" border="0" cellspacing="0" cellpadding="2" bgcolor="">
			  <tr> 
                <td width="100%" colspan="4" align="center"><br /><strong><?php print $yyUpdSuc?></strong><br /><br /><?php print $yyNowFrd?><br /><br />
                        <?php print $yyNoAuto?> <a href="javascript:history.go(-2)"><strong><?php print $yyClkHer?></strong></a>.<br /><br />
						<img src="/lib/images/misc/clearpixel.gif" width="300" height="3" alt="" /></td>
			  </tr>
			</table>
		  </td>
		</tr>
	  </table>
<?php
}elseif(!empty($_POST["getdownload"])){
	$sql_down="SELECT * FROM digitaldownloads WHERE type='".$_POST['downloadtype']."' AND active=1 AND orderID=0 LIMIT ".$_POST['downQty'];
	$result_down=mysql_query($sql_down);
	$num_rows_download=mysql_num_rows($result_down);
	if($num_rows_download>0){
		$error=FALSE;
		while($row_download=mysql_fetch_assoc($result_down)){
			$sql_update="UPDATE digitaldownloads SET active=0, orderID=".$_POST['downOrder']." WHERE id=".$row_download['id'];
			$result_update=mysql_query($sql_update);
			if(!$result_update) $error=TRUE;
		}
		if(!$error) $pg_msg= 'Update Successful.';
		else $pg_msg= 'Update Unsuccessful.';
	} else $pg_msg= 'NO License and Password Available.';
	$auto_link = "/admin/orders.php?id=".$_POST['downOrder']."&doedit=true";
	if(!$clone_error) {
			
		}else{
			$auto_link = "/admin/orders.php";
		}
	
	?>
	 <script language="JavaScript" type="text/javascript">
	<!--
	setTimeout("window.location='/admin/orders.php?id=<?=$_POST['downOrder']?>&doedit=true'",4000);
	// -->
	</script>
	 <table border="0" cellspacing="0" cellpadding="0" width="100%" bgcolor="" align="center">
        <tr>
          <td width="100%">
            <table width="100%" border="0" cellspacing="0" cellpadding="2" bgcolor="">
			  <tr> 
                <td width="100%" colspan="4" align="center"><br /><strong><?=$pg_msg?></strong><br /><br />You will now be forwarded to view the order.<br /><br />
                        <?php print $yyNoAuto?> <a href="<?=$auto_link?>"><strong><?php print $yyClkHer?></strong></a>.<br /><br />
						<img src="/lib/images/misc/clearpixel.gif" width="300" height="3" alt="" /></td>
			  </tr>
			</table>
		  </td>
		</tr>
</table>
<? }elseif(!empty($_POST["giftcert"])){	  
	$giftcertOrderID=$_POST["giftcertOrderID"];
	$_SESSION['cert_prod']=$_POST["cert_prod"];
	create_certificate($giftcertOrderID);
	$auto_link = "/admin/orders.php?id=".$giftcertOrderID."&doedit=true";
	$pg_msg='Update Successful.';
	?>
	<script language="JavaScript" type="text/javascript">
	<!--
	setTimeout("window.location='/admin/orders.php?id=<?=$giftcertOrderID?>&doedit=true'",4000);
	// -->
	</script>
	 <table border="0" cellspacing="0" cellpadding="0" width="100%" bgcolor="" align="center">
        <tr>
          <td width="100%">
            <table width="100%" border="0" cellspacing="0" cellpadding="2" bgcolor="">
			  <tr> 
                <td width="100%" colspan="4" align="center"><br /><strong><?=$pg_msg?></strong><br /><br />You will now be forwarded to view the order.<br /><br />
                        <?php print $yyNoAuto?> <a href="<?=$auto_link?>"><strong><?php print $yyClkHer?></strong></a>.<br /><br />
						<img src="/lib/images/misc/clearpixel.gif" width="300" height="3" alt="" /></td>
			  </tr>
			</table>
		  </td>
		</tr>
</table>
<? }elseif(@$_POST["doedit"] == "true"){
	if(!empty($_POST['clone'])) {
		// update old order status after editing
		$ordstatusnew=$_POST["ordstatusnew"];
		$ordStatusInfo=mysql_real_escape_string(trim(unstripslashes($_POST["ordStatusInfo"])));
		$ordSupportInfo=mysql_real_escape_string(trim(unstripslashes($_POST["ordSupportInfo"])));
		$sql_status_update="UPDATE orders SET ordStatus=".$ordstatusnew.",ordStatusInfo='".$ordStatusInfo."',ordSupportInfo='".$ordSupportInfo."' WHERE ordID=".$_POST["orderid"];
		mysql_query($sql_status_update) or print(mysql_error().$sql_status_update);
		if(!setNewLocation( $ordstatusnew , $_POST["orderid"],'Manual' )) print("Unable to record status change.");

		// stock manage
		if($ordstatusnew>=3 && $ordstatusnew!=10 && $ordstatusnew!=17) {
			mysql_query("UPDATE cart SET cartCompleted=0 WHERE cartOrderID=" . $_POST["orderid"]) or print(mysql_error());
			do_stock_management($_POST["orderid"]); 
			mysql_query("UPDATE cart SET cartCompleted=1 WHERE cartOrderID=" . $_POST["orderid"]) or print(mysql_error());
		}
		// GET ALL THE INFORMATION TO CLONE THE ORDER
		//   - To clone an order we need to duplicate the order's information in the orders, cart, and cartoptions tables
		$aNewOrder = array();
		
		$sql_orders = "SELECT * FROM orders WHERE ordID = " . $_POST["orderid"] ;
		$res_orders = mysql_query($sql_orders) or print(mysql_error().$sql_orders);
		$row_orders = mysql_fetch_assoc($res_orders);
		$aNewOrder["orders"] = $row_orders;
		$aNewOrder["orders"]["ordName"]=mysql_real_escape_string($row_orders["ordName"]);
		$aNewOrder["orders"]["ordShipName"]=mysql_real_escape_string($row_orders["ordShipName"]);
		if ($row_orders["ordShipCountry"] != "") {
			 if ($row_orders["ordShipCountry"] == "United States of America") $aNewOrder["orders"]["ordShipType"]='Standard';
		} else {
			 if ($row_orders["ordCountry"] == "United States of America") $aNewOrder["orders"]["ordShipType"]='Standard';
		}
		
		$sql_cart = "SELECT * FROM cart c LEFT JOIN cartoptions co ON c.cartID = co.coCartID
					 WHERE c.cartOrderID = " . $_POST["orderid"] . "
					 ORDER BY c.cartID, c.cartProdID";
		
		//echo $sql_cart; exit;
		$res_cart = mysql_query($sql_cart) or print(mysql_error().$sql_cart);
		$prod_id = '';
		$i=0;
		$j=0;
		$isfirst = true;
		while($row_cart = mysql_fetch_assoc($res_cart)) {
			if($isfirst) {
				$prod_id = $row_cart["cartProdID"];
			}
			if(($prod_id != $row_cart["cartProdID"]) && !$isfirst) {
				$i++;
				$j=0;
				$prod_id = $row_cart["cartProdID"];
			
				$aNewOrder["cart"][$i]["cartID"] = $row_cart["cartID"];
				$aNewOrder["cart"][$i]["cartSessionID"] = $row_cart["cartSessionID"];
				$aNewOrder["cart"][$i]["cartProdID"] = $row_cart["cartProdID"];
				$aNewOrder["cart"][$i]["cartProdName"] = $row_cart["cartProdName"];
				$aNewOrder["cart"][$i]["cartProdPrice"] = $row_cart["cartProdPrice"];
				$aNewOrder["cart"][$i]["cartDateAdded"] = $row_cart["cartDateAdded"];
				$aNewOrder["cart"][$i]["cartQuantity"] = $row_cart["cartQuantity"];
				$aNewOrder["cart"][$i]["cartOrderID"] = $row_cart["cartOrderID"];
				$aNewOrder["cart"][$i]["cartCompleted"] = $row_cart["cartCompleted"];
				$aNewOrder["cart"][$i]["cartCustID"] = $row_cart["cartCustID"];
				
				if(!empty($row_cart["coID"])){
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coID"] = $row_cart["coID"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coCartID"] = $row_cart["coCartID"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coOptID"] = $row_cart["coOptID"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coOptGroup"] = $row_cart["coOptGroup"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coCartOption"] = $row_cart["coCartOption"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coPriceDiff"] = $row_cart["coPriceDiff"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coWeightDiff"] = $row_cart["coWeightDiff"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coExtendShipping"] = $row_cart["coExtendShipping"];
					$j++;
				}
			}else{
				$aNewOrder["cart"][$i]["cartID"] = $row_cart["cartID"];
				$aNewOrder["cart"][$i]["cartSessionID"] = $row_cart["cartSessionID"];
				$aNewOrder["cart"][$i]["cartProdID"] = $row_cart["cartProdID"];
				$aNewOrder["cart"][$i]["cartProdName"] = $row_cart["cartProdName"];
				$aNewOrder["cart"][$i]["cartProdPrice"] = $row_cart["cartProdPrice"];
				$aNewOrder["cart"][$i]["cartDateAdded"] = $row_cart["cartDateAdded"];
				$aNewOrder["cart"][$i]["cartQuantity"] = $row_cart["cartQuantity"];
				$aNewOrder["cart"][$i]["cartOrderID"] = $row_cart["cartOrderID"];
				$aNewOrder["cart"][$i]["cartCompleted"] = $row_cart["cartCompleted"];
				$aNewOrder["cart"][$i]["cartCustID"] = $row_cart["cartCustID"];
				
				if(!empty($row_cart["coID"])){
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coID"] = $row_cart["coID"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coCartID"] = $row_cart["coCartID"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coOptID"] = $row_cart["coOptID"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coOptGroup"] = $row_cart["coOptGroup"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coCartOption"] = $row_cart["coCartOption"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coPriceDiff"] = $row_cart["coPriceDiff"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coWeightDiff"] = $row_cart["coWeightDiff"];
					$aNewOrder["cart"][$i]["cartoptions"][$j]["coExtendShipping"] = $row_cart["coExtendShipping"];
					$j++;
				}
			}
			$isfirst = false;
		}
		
		//showarray($aNewOrder); exit;
		
		// UPDATE SOME OF THE INFORMATION FOR THE CLONED ORDER
		$aNewOrder["orders"]["ordID"] = '';
		$aNewOrder["orders"]["ordSessionID"] = session_id();
		$aNewOrder["orders"]["ordAuthNumber"] = 'CLONED';
		$aNewOrder["orders"]["ordTransID"] = 0;
		$aNewOrder["orders"]["ordShipping"] = 0;
		$aNewOrder["orders"]["ordStateTax"] = 0;
		$aNewOrder["orders"]["ordCountryTax"] = 0;
		$aNewOrder["orders"]["ordHSTTax"] = 0;
		$aNewOrder["orders"]["ordHandling"] = 0;
		$aNewOrder["orders"]["ordTotal"] = 0;
		$aNewOrder["orders"]["ordDate"] = date("Y-m-d H:i:s");
		$aNewOrder["orders"]["ordIP"] = $_SERVER['REMOTE_ADDR'];
		$aNewOrder["orders"]["ordDiscount"] = 0;
		$aNewOrder["orders"]["ordDiscountText"] = '';
		$aNewOrder["orders"]["ordStatus"] = 2;
		$aNewOrder["orders"]["ordStatusDate"] = date("Y-m-d H:i:s");
		$aNewOrder["orders"]["ordStatusInfo"] = '';
		$aNewOrder["orders"]["ordSupportInfo"] = '';
		$aNewOrder["orders"]["order_changed"] = 'no';
		
		for($i=0; $i<count($aNewOrder["cart"]); $i++) {
			$aNewOrder["cart"][$i]["cartSessionID"] = session_id();
			$aNewOrder["cart"][$i]["cartDateAdded"] = date("Y-m-d H:i:s");
		}
		
		//showarray($aNewOrder); exit;
		
		// CREATE CLONED ORDER
		$clone_error = false;
		$sql_cr_ord = "INSERT INTO orders ( ordSessionID , ordName , ordAddress , ordAddress2 , ordCity , ordState , 
											ordZip , ordCountry , ordEmail , ordPhone , ordShipName , ordShipAddress , 
											ordShipAddress2 , ordShipCity , ordShipState , ordShipZip , ordShipCountry , 
											ordAuthNumber , ordAffiliate , ordPayProvider , ordTransID , ordShipping , 
											ordStateTax , ordCountryTax , ordHSTTax , ordHandling , ordShipType , ordTotal , 
											ordDate , ordIP , ordDiscount , ordDiscountText , ordExtra1 , ordExtra2 , ordAddInfo , 
											ordCNum , ordComLoc , ordStatus , ordStatusDate , ordStatusInfo , ordPoApo , 
											ordShipPoApo , ordHowFound , ordSupportInfo , order_changed , ordPmtMessage , 
											ordCCType , ord_cert_id , ord_cert_amt , ordExtra3 , ordExtra4 , ordExtra5 , ordEID , 
											ordEOrderID )
						VALUES ( '".$aNewOrder["orders"]["ordSessionID"]."' , 
								 '".$aNewOrder["orders"]["ordName"]."' , '".mysql_real_escape_string($aNewOrder["orders"]["ordAddress"])."' , 
								 '".mysql_real_escape_string($aNewOrder["orders"]["ordAddress2"])."' , '".$aNewOrder["orders"]["ordCity"]."' ,
								 '".mysql_real_escape_string($aNewOrder["orders"]["ordState"])."' , '".$aNewOrder["orders"]["ordZip"]."' ,
								 '".$aNewOrder["orders"]["ordCountry"]."' , '".$aNewOrder["orders"]["ordEmail"]."' , 
								 '".$aNewOrder["orders"]["ordPhone"]."' , '".$aNewOrder["orders"]["ordShipName"]."' , 
								 '".mysql_real_escape_string($aNewOrder["orders"]["ordShipAddress"])."' , '".mysql_real_escape_string($aNewOrder["orders"]["ordShipAddress2"])."' ,
								 '".mysql_real_escape_string($aNewOrder["orders"]["ordShipCity"])."' , '".mysql_real_escape_string($aNewOrder["orders"]["ordShipState"])."' ,
								 '".$aNewOrder["orders"]["ordShipZip"]."' , '".$aNewOrder["orders"]["ordShipCountry"]."' , 
								 '".$aNewOrder["orders"]["ordAuthNumber"]."' , '".$aNewOrder["orders"]["ordAffiliate"]."' , 
								 '".$aNewOrder["orders"]["ordPayProvider"]."' , '".$aNewOrder["orders"]["ordTransID"]."' , 
								 '".$aNewOrder["orders"]["ordShipping"]."' , '".$aNewOrder["orders"]["ordStateTax"]."' , 
								 '".$aNewOrder["orders"]["ordCountryTax"]."' , '".$aNewOrder["orders"]["ordHSTTax"]."' , 
								 '".$aNewOrder["orders"]["ordHandling"]."' , '".$aNewOrder["orders"]["ordShipType"]."' , 
								 '".$aNewOrder["orders"]["ordTotal"]."' , '".$aNewOrder["orders"]["ordDate"]."' , 
								 '".$aNewOrder["orders"]["ordIP"]."' , '".$aNewOrder["orders"]["ordDiscount"]."' , 
								 '".$aNewOrder["orders"]["ordDiscountText"]."' , '".$aNewOrder["orders"]["ordExtra1"]."' , 
								 '".$aNewOrder["orders"]["ordExtra2"]."' , '".mysql_real_escape_string($aNewOrder["orders"]["ordAddInfo"])."' , 
								 '".$aNewOrder["orders"]["ordCNum"]."' , '".$aNewOrder["orders"]["ordComLoc"]."' , 
								 '".$aNewOrder["orders"]["ordStatus"]."' , '".$aNewOrder["orders"]["ordStatusDate"]."' , 
								 '".mysql_real_escape_string($aNewOrder["orders"]["ordStatusInfo"])."' , '".$aNewOrder["orders"]["ordPoApo"]."' , 
								 '".$aNewOrder["orders"]["ordShipPoApo"]."' , '".$aNewOrder["orders"]["ordHowFound"]."' , 
								 '".mysql_real_escape_string($aNewOrder["orders"]["ordSupportInfo"])."' , '".$aNewOrder["orders"]["order_changed"]."' , 
								 '".$aNewOrder["orders"]["ordPmtMessage"]."' , '".$aNewOrder["orders"]["ordCCType"]."' , 
								 '".$aNewOrder["orders"]["ord_cert_id"]."' , '".$aNewOrder["orders"]["ord_cert_amt"]."' , 
								 '".$aNewOrder["orders"]["ordExtra3"]."' , '".$aNewOrder["orders"]["ordExtra4"]."' , 
								 '".$aNewOrder["orders"]["ordExtra5"]."' , '".$aNewOrder["orders"]["ordEID"]."' , 
								 '".$aNewOrder["orders"]["ordEOrderID"]."' )";
		//echo $sql_cr_ord; //exit;
		$res_cr_ord = mysql_query($sql_cr_ord);
		if(!$res_cr_ord) {
			print(mysql_error().$sql_cr_ord);
			$clone_error = true;
		}
		$ordID = mysql_insert_id();
		$aNewOrder["orders"]["ordID"] = $ordID;
		//showarray($aNewOrder);
		if(!$clone_error) {
			for($i=0; $i<count($aNewOrder["cart"]); $i++) {	
				$aNewOrder["cart"][$i]["cartOrderID"] = $ordID;
				$sql_cr_cart = "INSERT INTO cart ( cartSessionID , cartProdID , cartProdName , cartProdPrice , cartDateAdded , 
												   cartQuantity , cartOrderID , cartCompleted )
								VALUES ( '".session_id()."' , '".$aNewOrder["cart"][$i]["cartProdID"]."' , 
										 '".$aNewOrder["cart"][$i]["cartProdName"]."' , '".$aNewOrder["cart"][$i]["cartProdPrice"]."' , 
										 '".date("Y-m-d H:i:s")."' , '".$aNewOrder["cart"][$i]["cartQuantity"]."' , 
										 '".$aNewOrder["cart"][$i]["cartOrderID"]."' , 1 )";
				//echo $sql_cr_cart; //exit;
				$res_cr_cart = mysql_query($sql_cr_cart) or print(mysql_error().$sql_cr_cart);
				$cart_id = mysql_insert_id();
				$aNewOrder["cart"][$i]["cartID"] = $cart_id;
				
				for($j=0; $j<count($aNewOrder["cart"][$i]["cartoptions"]); $j++) {
					$sql_cr_cartoptions = "INSERT INTO cartoptions ( coCartID , coOptID , coOptGroup , coCartOption , coPriceDiff , 
																	 coWeightDiff , coExtendShipping )
										   VALUES ( ".$aNewOrder["cart"][$i]["cartID"]." , 
													".$aNewOrder["cart"][$i]["cartoptions"][$j]["coOptID"]." , 
													'".$aNewOrder["cart"][$i]["cartoptions"][$j]["coOptGroup"]."' , 
													'".$aNewOrder["cart"][$i]["cartoptions"][$j]["coCartOption"]."' , 
													".$aNewOrder["cart"][$i]["cartoptions"][$j]["coPriceDiff"]." , 
													".$aNewOrder["cart"][$i]["cartoptions"][$j]["coWeightDiff"]." , 
													'".$aNewOrder["cart"][$i]["cartoptions"][$j]["coExtendShipping"]."' )";
					//echo $sql_cr_cartoptions; //exit;
					$res_cr_cartoptions = mysql_query($sql_cr_cartoptions) or print(mysql_error().$sql_cr_cartoptions);
				}
			}
			//exit;
			// UPDATE INVENTORY
			$sSQL="SELECT cartID,cartProdID,cartQuantity,pSell FROM cart INNER JOIN products ON cart.cartProdID=products.pID WHERE cartOrderID='" . $ordID . "'";
			$result1 = mysql_query($sSQL) or print(mysql_error().$sSQL);
			while($rs1 = mysql_fetch_array($result1)){
				if(($rs1["pSell"] & 2) == 2){
					// Determine extended shipping
					$sSQL2 = "SELECT coID,optStock,cartQuantity,coOptID,optExtend_shipping,optMin FROM cart INNER JOIN cartoptions ON cart.cartID=cartoptions.coCartID INNER JOIN options ON cartoptions.coOptID=options.optID INNER JOIN optiongroup ON options.optGroup=optiongroup.optGrpID WHERE (optType=2 OR optType=-2";
					// ADDED by Chad - Fix to allow quantity change for custom screenz
					//if(eregi("^[a-z]{1,3}-Custom$",$pID)) {
					if(preg_match("/^[a-z]{1,3}-Custom$/i",$pID)) {
						$sSQL2 .= " OR optType=3";
					}
					// ADD ENDED
					$sSQL2 .= ") AND cartID='" . $rs1['cartID'] . "'";
					$result2 = mysql_query($sSQL2) or print(mysql_error().$sSQL2);
					if(mysql_num_rows($result2)>0){
						while($rs2 = mysql_fetch_assoc($result2)){
							$pInStock = (int)$rs2["optStock"]+1000;
							$actualpInStock = (int)$rs2["optStock"];
							$extend_shipping = $rs2["optExtend_shipping"];//extends shipping time, displayed in the cart
							$min = $rs2["optMin"];//sets how many in stock above zero the extend_shipping is displayed in the cart 
							$coID = $rs2["coID"];
							$totQuant = 0;
							$cartQuantity = (int)$rs2["cartQuantity"];
							$sSQL3 = "SELECT SUM(cartQuantity) AS cartQuant FROM cart INNER JOIN cartoptions ON cart.cartID=cartoptions.coCartID WHERE cartCompleted=0 AND cartCustID=0 AND coOptID=" . $rs2["coOptID"];
							$result3 = mysql_query($sSQL3) or print(mysql_error().$sSQL3);
							if($rs3 = mysql_fetch_assoc($result3))
								if(! is_null($rs3["cartQuant"])) $totQuant = (int)$rs3["cartQuant"];
							mysql_free_result($result3);
							$extend='';
							//echo '<div style"position:absolute; z-index:100;>actual='.$actualpInStock.' total qty='.$totQuant. ' cart qty='.$cartQuantity.' min='. $min. ' new qty='.abs((int)$objValue).'</div>';
							if(($actualpInStock - $totQuant + $cartQuantity - $min) < 0) {
								$extend = $extend_shipping;
							}
							$sql_co="UPDATE cartoptions SET coExtendShipping='$extend' WHERE coID=".$coID;
								mysql_query($sql_co);
						}
					}
					// End of Determine extended shipping
					// Inventory get subtracted when set to authorized
					/*$sSQL = "SELECT coOptID FROM cartoptions INNER JOIN options ON cartoptions.coOptID=options.optID INNER JOIN optiongroup ON options.optGroup=optiongroup.optGrpID WHERE (optType=2 OR optType=-2) AND coCartID=" . $rs1["cartID"];
					$result2 = mysql_query($sSQL) or print(mysql_error());
					while($rs2 = mysql_fetch_array($result2)){
						$sSQL = "UPDATE options SET optStock=optStock-" . $rs1["cartQuantity"] . " WHERE optID=" . $rs2["coOptID"];
						mysql_query($sSQL) or print(mysql_error());
					}
					mysql_free_result($result2);*/
				//}else{
					//$sSQL = "UPDATE products SET pInStock=pInStock-" . $rs1["cartQuantity"] . " WHERE pID='" . $rs1["cartProdID"] . "'";
					//mysql_query($sSQL) or print(mysql_error());
				}
			}
			mysql_free_result($result1);
					
			// INSERT LOCATION
			setNewLocation(2,$ordID,'Manual');
			$sql_insert="INSERT INTO orderssplit (orgOrder,newOrder,movedCardIDs,splitType) VALUES (".$_POST["orderid"].",".$ordID.",'','Cloned')";
			$result_insert = mysql_query($sql_insert);
			if(!$result_insert) {print(mysql_error().$sql_insert);exit;}
		}
		
		if($clone_error) {
			$pg_msg = "There was a problem cloning your order.";
		}else{
			$pg_msg = "Your order has been cloned successfully.";
?>
<script language="JavaScript" type="text/javascript">
<!--
//setTimeout("history.go(-2);",1100);
setTimeout("window.location='/admin/orders.php?id=<?=$ordID?>&doedit=true'",4000);
// -->
</script>
<?php
		}
		
		if(!$clone_error) {
			$auto_link = "/admin/orders.php?id=$ordID&doedit=true";
		}else{
			$auto_link = "/admin/orders.php";
		}
?>
	  <table border="0" cellspacing="0" cellpadding="0" width="100%" bgcolor="" align="center">
        <tr>
          <td width="100%">
            <table width="100%" border="0" cellspacing="0" cellpadding="2" bgcolor="">
			  <tr> 
                <td width="100%" colspan="4" align="center"><br /><strong><?=$pg_msg?></strong><br /><br />You will now be forwarded to view the order.<br /><br />
                        <?php print $yyNoAuto?> <a href="<?=$auto_link?>"><strong><?php print $yyClkHer?></strong></a>.<br /><br />
						<img src="/lib/images/misc/clearpixel.gif" width="300" height="3" alt="" /></td>
			  </tr>
			</table>
		  </td>
		</tr>
	  </table>
<?php
	}else{
		$OWSP = "";
		$sSQL = "SELECT ordSessionID FROM orders WHERE ordID='" . $_POST["orderid"] . "'";
		$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
		$rs = mysql_fetch_array($result);
		$thesessionid = $rs["ordSessionID"];
		mysql_free_result($result);
		$sSQL = "UPDATE orders SET ";
		$sSQL .= "ordName='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["name"]))) . "',";
		$sSQL .= "ordAddress='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["address"]))) . "',";
		if(@$useaddressline2==TRUE) $sSQL .= "ordAddress2='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["address2"]))) . "',";
		$sSQL .= "ordCity='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["city"]))) . "',";
		$sSQL .= "ordPoApo='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["APO"]))) . "',";
		$sSQL .= "ordState='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["state"]))) . "',";
		$sSQL .= "ordZip='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["zip"]))) . "',";
		$sSQL .= "ordCountry='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["country"]))) . "',";
		$sSQL .= "ordEmail='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["email"]))) . "',";
		$sSQL .= "ordPhone='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["phone"]))) . "',";
		$sSQL .= "ordShipName='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["sname"]))) . "',";
		$sSQL .= "ordShipAddress='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["saddress"]))) . "',";
		if(@$useaddressline2==TRUE) $sSQL .= "ordShipAddress2='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["saddress2"]))) . "',";
		$sSQL .= "ordShipCity='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["scity"]))) . "',";
		$sSQL .= "ordShipPoApo='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["ShipAPO"]))) . "',";
		$sSQL .= "ordShipState='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["sstate"]))) . "',";
		$sSQL .= "ordShipZip='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["szip"]))) . "',";
		$sSQL .= "ordShipCountry='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["scountry"]))) . "',";
		$sSQL .= "ordShipType='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["shipmethod"]))) . "',";
		$sSQL .= "ordIP='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["ipaddress"]))) . "',";
		$ordComLoc = 0;
		if(trim(@$_POST["commercialloc"])=="Y") $ordComLoc = 1;
		if(trim(@$_POST["wantinsurance"])=="Y") $ordComLoc += 2;
		$sSQL .= "ordComLoc=" . $ordComLoc . ",";
		$sSQL .= "ordAffiliate='" . trim(@$_POST["PARTNER"]) . "',";
		$sSQL .= "ordAddInfo='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["ordAddInfo"]))) . "',";
		$sSQL .= "ordStatus=" . $ordstatusnew . ",";
		$sSQL .= "ordStatusInfo='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["ordStatusInfo"]))) . "',";
		$sSQL .= "ordReturnID=". trim(@$_POST["return_status"]) . ",";		
		$sSQL .= "ordSupportInfo='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["ordSupportInfo"]))) . "',";
		$sSQL .= "order_changed='yes',";
		$sSQL .= "ordDiscountText='" . mysql_real_escape_string(trim(unstripslashes(@$_POST["discounttext"]))) . "',";
		$sSQL .= "ordExtra1='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["ordextra1"]))) . "',";
		$sSQL .= "ordExtra2='" . mysql_real_escape_string(unstripslashes(trim(@$_POST["ordextra2"]))) . "',";
		$sSQL .= "ordShipping='" . mysql_real_escape_string(trim(@$_POST["ordShipping"])) . "',";
		$sSQL .= "ordStateTax='" . mysql_real_escape_string(trim(@$_POST["ordStateTax"])) . "',";
		$sSQL .= "ordCountryTax='" . mysql_real_escape_string(trim(@$_POST["ordCountryTax"])) . "',";
		if(@$canadataxsystem==TRUE) $sSQL .= "ordHSTTax='" . mysql_real_escape_string(trim(@$_POST["ordHSTTax"])) . "',";
		$sSQL .= "ordDiscount='" . mysql_real_escape_string(trim(@$_POST["ordDiscount"])) . "',";
		$sSQL .= "ordHandling='" . mysql_real_escape_string(trim(@$_POST["ordHandling"])) . "',";
		$sSQL .= "ordAuthNumber='" . mysql_real_escape_string(trim(@$_POST["ordAuthNumber"])) . "',";
		$sSQL .= "ordTransID='" . mysql_real_escape_string(trim(@$_POST["ordTransID"])) . "',";
		$sSQL .= "ordTotal='" . mysql_real_escape_string(trim(@$_POST["ordtotal"])) . "',";
		$sSQL .= "ord_cert_amt='" . mysql_real_escape_string(trim(@$_POST["ord_cert_amt"])) . "'";
		$sSQL .= " WHERE ordID='" . $_POST["orderid"] . "'";
		mysql_query($sSQL) or print(mysql_error().$sSQL);
		
		if(!setNewLocation( $ordstatusnew , $_POST["orderid"],'Manual' )) print("Unable to record status change.");
		$msg='';
		foreach($_POST as $objItem => $objValue){
			//print $objItem . " : " . $objValue . "<br>";
			if(substr($objItem,0,6)=="prodid"){
				$idno = (int)substr($objItem, 6);
				$cartid = trim(@$_POST["cartid" . $idno]);
				$prodid = trim(@$_POST["prodid" . $idno]);
				$quant = trim(@$_POST["quant" . $idno]);
				$theprice = trim(@$_POST["price" . $idno]);
				$prodname = trim(@$_POST["prodname" . $idno]);
				$delitem = trim(@$_POST["del_" . $idno]);
				$certID = trim(@$_POST["certID" . $idno]);
				$reason = trim(@$_POST["reason_" . $idno]);
				$note = trim(@$_POST["note_" . $idno]);
				
				if($delitem=="yes"){
					// Added By Blake
					// Deletes License ID and Password from downloads
					$sql_check="SELECT p.pDownload,p.p_iscert,c.cartOrderID FROM products p, cart c WHERE p.pID=c.cartProdID AND c.cartID=".$cartid;
					$result_check=mysql_query($sql_check);
					$rs_check=mysql_fetch_assoc($result_check);
					if(!empty($rs_check["pDownload"])){
						$sql_down="UPDATE digitaldownloads SET active=1, orderID=0 WHERE orderID=".$rs_check['cartOrderID']." AND type='".$prodid."'";
						mysql_query($sql_down) or print(mysql_error().$sql_down);
					}
					//deletes gift cert
					if($rs_check["p_iscert"]==1 && !empty($certID)){
						$sql_cert="DELETE FROM certificates WHERE cert_id=".$certID;
						mysql_query($sql_cert) or print(mysql_error().$sql_cert);
					}
					//end
					mysql_query("DELETE FROM cart WHERE cartID=" . $cartid) or print(mysql_error());
					mysql_query("DELETE FROM cartoptions WHERE coCartID=" . $cartid) or print(mysql_error());
					$cartid = "";
				}elseif($cartid != ""){
					$sSQL = "UPDATE cart SET cartProdID='" . mysql_real_escape_string(trim(unstripslashes($prodid))) . "',cartProdPrice=" . $theprice . ",cartProdName='" . mysql_real_escape_string(trim(unstripslashes($prodname))) . "',cartQuantity=" . $quant . ", cartReason=" . $reason . ", cartNote='" . $note . "' WHERE cartID=" . $cartid;
					mysql_query($sSQL) or print(mysql_error().$sSQL);
					mysql_query("DELETE FROM cartoptions WHERE coCartID=" . $cartid) or print(mysql_error());
					//download license ID and Password
					$sql_check2="SELECT p.pDownload,p.p_iscert,c.cartOrderID,pID FROM products p, cart c WHERE p.pID=c.cartProdID AND c.cartID=".$cartid;
					$result_check2=mysql_query($sql_check2);
					$rs_check2=mysql_fetch_assoc($result_check2);
					if(!empty($rs_check2["pDownload"])){
						$sql_down_check="SELECT * FROM digitaldownloads WHERE type='".$rs_check2["pID"]."' AND orderID=".$_POST["orderid"];
						$result_down_check=mysql_query($sql_down_check);
						$num_rows_download_check=mysql_num_rows($result_down_check);
						$quantdownloads=$quant-$num_rows_download_check;
						if($quantdownloads>0){
							$sql_down1="SELECT * FROM digitaldownloads WHERE type='".$rs_check2["pID"]."' AND active=1 AND orderID=0 LIMIT ".$quantdownloads;
							$result_down1=mysql_query($sql_down1);
							$num_rows_download1=mysql_num_rows($result_down1);
							if($num_rows_download1>0){
								$error=FALSE;

								while($row_download1=mysql_fetch_assoc($result_down1)){
									$sql_update1="UPDATE digitaldownloads SET active=0, orderID=".$_POST["orderid"]." WHERE id=".$row_download1['id'];
									$result_update1=mysql_query($sql_update1);
									if(!$result_update1) $error=TRUE;
								}
							}
						}elseif($quantdownloads<0){
							$thisquantdownloads=$quantdownloads;
							while($row_down_check=mysql_fetch_assoc($result_down_check)){
								$sql_update2="UPDATE digitaldownloads SET active=1, orderID=0 WHERE id=".$row_down_check["id"];
								$result_update2=mysql_query($sql_update2);
								$thisquantdownloads++;
								if($thisquantdownloads==0) break;
							}
						}
					}
				}else{
					$sSQL = "INSERT INTO cart (cartSessionID,cartProdID,cartQuantity,cartCompleted,cartProdName,cartProdPrice,cartOrderID,cartReason,cartDateAdded) VALUES (";
					$sSQL .= "'" . $thesessionid . "',";
					$sSQL .= "'" . mysql_real_escape_string(trim(unstripslashes($prodid))) . "',";
					$sSQL .= $quant . ",";
					$sSQL .= "1,";
					$sSQL .= "'" . mysql_real_escape_string(trim(unstripslashes($prodname))) . "',";
					$sSQL .= "'" . $theprice . "',";
					$sSQL .= @$_POST["orderid"] . ",";
					if($reason=="") $reason=0;
					$sSQL .= $reason . ",";
					$sSQL .= "'" . date("Y-m-d H:i:s", time() + ($dateadjust*60*60)) . "')";
					mysql_query($sSQL) or print(mysql_error().$sSQL);
					$cartid = mysql_insert_id();
					//download license ID and Password
					$sql_check2="SELECT p.pDownload,p.p_iscert,c.cartOrderID,pID FROM products p, cart c WHERE p.pID=c.cartProdID AND c.cartID=".$cartid;
					$result_check2=mysql_query($sql_check2);
					$rs_check2=mysql_fetch_assoc($result_check2);

					if(!empty($rs_check2["pDownload"])){
						$sql_down1="SELECT * FROM digitaldownloads WHERE type='".$rs_check2["pID"]."' AND active=1 AND orderID=0 LIMIT ".$quant;
						$result_down1=mysql_query($sql_down1);
						$num_rows_download1=mysql_num_rows($result_down1);
						if($num_rows_download1>0){
							$error=FALSE;
							while($row_download1=mysql_fetch_assoc($result_down1)){
								$sql_update1="UPDATE digitaldownloads SET active=0, orderID=".$_POST["orderid"]." WHERE id=".$row_download1['id'];
								$result_update1=mysql_query($sql_update1);
								if(!$result_update1) $error=TRUE;
							}
						} else $pg_msg= 'NO License and Password Available.';
					}
				}
				if($cartid != ""){
					$optprefix = "optn" . $idno . '_';					
					$prefixlen = strlen($optprefix);
					$isemailcert=FALSE;
					foreach($_POST as $kk => $kkval){
						if(substr($kk,0,$prefixlen)==$optprefix && trim($kkval) != ''){
							$optidarr = explode('|', $kkval);
							$optid = $optidarr[0];
							if(@$_POST["v" . $kk] == ""){
								$sSQL="SELECT optID,".getlangid("optGrpName",16).",".getlangid("optName",32)."," . $OWSP . "optPriceDiff,optWeightDiff,optType,optFlags FROM options LEFT JOIN optiongroup ON options.optGroup=optiongroup.optGrpID WHERE optID='" . mysql_real_escape_string($kkval) . "'";
								$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
								if($rs = mysql_fetch_array($result)){
									if($rs["optName"]=='Email') $isemailcert=TRUE;
									if(abs($rs["optType"]) != 3){
										$sSQL = "INSERT INTO cartoptions (coCartID,coOptID,coOptGroup,coCartOption,coPriceDiff,coWeightDiff) VALUES (" . $cartid . "," . $rs["optID"] . ",'" . mysql_real_escape_string($rs[getlangid("optGrpName",16)]) . "','" . mysql_real_escape_string($rs[getlangid("optName",32)]) . "',";
										$sSQL .= $optidarr[1] . ",0)";
									}else
										$sSQL = "INSERT INTO cartoptions (coCartID,coOptID,coOptGroup,coCartOption,coPriceDiff,coWeightDiff) VALUES (" . $cartid . "," . $rs["optID"] . ",'" . mysql_real_escape_string($rs[getlangid("optGrpName",16)]) . "','',0,0)";
									mysql_query($sSQL) or print(mysql_error().$sSQL);
								}
								mysql_free_result($result);
							}else{
								$sSQL="SELECT optID,".getlangid("optGrpName",16).",".getlangid("optName",32)." FROM options LEFT JOIN optiongroup ON options.optGroup=optiongroup.optGrpID WHERE optID='" . mysql_real_escape_string($kkval) . "'";
								$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
								$rs = mysql_fetch_array($result);
								if($rs["optName"]=='Email') $isemailcert=TRUE;
								$sSQL = "INSERT INTO cartoptions (coCartID,coOptID,coOptGroup,coCartOption,coPriceDiff,coWeightDiff) VALUES (" . $cartid . "," . $rs["optID"] . ",'" . mysql_real_escape_string($rs[getlangid("optGrpName",16)]) . "','" . mysql_real_escape_string(unstripslashes(trim(@$_POST["v" . $kk]))) . "',0,0)";
								mysql_query($sSQL) or print(mysql_error().$sSQL);
								mysql_free_result($result);
							}
							//gift cert
							if($isemailcert){
								$giftcertOrderID=$_POST["orderid"];
								$_SESSION['cert_prod']=$prodid;
								create_certificate($giftcertOrderID);
							}
						}
					}
				}
			}			
		}
		//echo 'edit new='.$ordstatusnew.' '.$_POST["orderid"];
		$ordstatusnew=$_POST["ordstatusnew"];
		// stock manage
		if($ordstatusnew>=3 && $ordstatusnew!=10 && $ordstatusnew!=17) {
			mysql_query("UPDATE cart SET cartCompleted=0 WHERE cartOrderID=" . $_POST["orderid"]) or print(mysql_error());
			do_stock_management($_POST["orderid"]); //echo 'do_stock_management 2';
			mysql_query("UPDATE cart SET cartCompleted=1 WHERE cartOrderID=" . $_POST["orderid"]) or print(mysql_error());
		}
?>
	<script language="JavaScript" type="text/javascript">
	<!--
	//setTimeout("history.go(-2);",1100);
	setTimeout("window.location='/admin/orders.php?ordid=<?=$_POST["orderid"]?>'",1100);
	// -->
	</script>
	  <table border="0" cellspacing="0" cellpadding="0" width="100%" bgcolor="" align="center">
        <tr>
          <td width="100%">
            <table width="100%" border="0" cellspacing="0" cellpadding="2" bgcolor="">
			  <tr> 
                <td width="100%" colspan="4" align="center"><br /><strong><?php print $yyUpdSuc?></strong><br /><br /><?php print $yyNowFrd?><br /><br />
                        <?php print $yyNoAuto?> <a href="javascript:history.go(-2)"><strong><?php print $yyClkHer?></strong></a>.<br /><br />
						<img src="/lib/images/misc/clearpixel.gif" width="300" height="3" alt="" /></td>
			  </tr>
			</table>
		  </td>
		</tr>
	  </table>
<?php
	}
}elseif(@$_GET["id"] != ""){
	$statetaxrate=0;
	$countrytaxrate=0;
	$hsttaxrate=0;
	$countryorder=0;
	$sSQL = "SELECT ordID,ordName,ordAddress,ordAddress2,ordCity,ordState,ordZip,ordCountry,ordEmail,ordPhone,ordShipName,ordShipAddress,ordShipAddress2,ordShipCity,ordShipState,ordShipZip,ordShipCountry,ordPayProvider,ordAuthNumber,ordTransID,ordTotal,ordDate,ordStateTax,ordCountryTax,ordHSTTax,ordShipping,ordShipType,ordIP,ordAffiliate,ordDiscount,ordHandling,ordDiscountText,ordComLoc,ordExtra1,ordExtra2,ordAddInfo,ordCNum,ordStatusInfo,ordSupportInfo,order_changed,ordStatus,ord_cert_amt,ord_cert_id,ordPoApo,ordShipPoApo,ordEID,ordReturnID,ordReturnReasonID FROM orders LEFT JOIN payprovider ON payprovider.payProvID=orders.ordPayProvider WHERE ordID='" . $_GET["id"] . "' AND ordEID!=34";
	//echo $sSQL;
	$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
	$alldata = mysql_fetch_array($result);
	$alldata["ordDate"] = strtotime($alldata["ordDate"]);	
	$oldordstatusedit=$alldata["ordStatus"];
	mysql_free_result($result);
	//all stutuses
	$numstatus=0;
	$sSQL = "SELECT statID,statPrivate FROM orderstatus WHERE statPrivate<>'' ORDER BY statID";
	$result = mysql_query($sSQL) or print(mysql_error().$sSQL);
	while($rs = mysql_fetch_assoc($result)){
		$allstatus[$numstatus++]=$rs;
	}
	mysql_free_result($result);
?>
	<table border="0" cellspacing="0" cellpadding="0" width="100%" bgcolor="">
        <tr>
          <td width="100%" align="center">
<?php	$themask = 'yyyy-mm-dd';
		if($admindateformat==1)
			$themask='mm/dd/yyyy';
		elseif($admindateformat==2)
			$themask='dd/mm/yyyy';
		if(! $success) print "<p><font color='#FF0000'>" . $errmsg . "</font></p>"; ?>
			<span name="searchspan" id="searchspan" <?php //if($usepowersearch) print 'style="display:block"'; else print 'style="display:none"'?>>
            <table width="100%" border="0" cellspacing="1" cellpadding="2" bgcolor="">
			  <form method="post" action="/admin/orders.php" name="psearchform">
			  <input type="hidden" name="powersearch" value="1" />
			  <tr bgcolor="#030133"><td colspan="6"><strong><font color="#E7EAEF">&nbsp;<?php print $yyPowSea?></font></strong></td></tr>
			  <tr bgcolor="#E7EAEF"> 
                <td align="right" width="15%"><strong><?php print $yyOrdFro?>:</strong></td>
				<td width="15%" align="left" nowrap="nowrap">&nbsp;
			    <input type="text" size="14" name="fromdate" value="<?php print $fromdate?>" /> <input type=button onclick="popUpCalendar(this, document.forms.psearchform.fromdate, '<?php print $themask?>', 0)" value='DP' /></td>
				<td width="15%" align="right"><strong>E-tailers:</strong></td>
				<td align="left" width="15%">
				<select name="custID">
				 	<option value="" <?=(empty($_POST['custID']))?' selected="selected"':''?>>None Selected</option>
				 <? 
				 $sql_EID="SELECT custID, Name FROM customers WHERE active=1";
				 $result_EID=mysql_query($sql_EID);
				 while($rs_EID=mysql_fetch_array($result_EID)){ ?>
					  	<option value="<?=$rs_EID['custID']?>" <? if($_POST['custID']==$rs_EID['custID']) echo " selected"?>><?= str_replace('<br />',' ',$rs_EID['Name'])?></option>
				<? } ?> 
				 </select>				</td>
				<td align="right" width="20%"><strong><?php print $yyOrdTil?>:</strong></td>
				<td align="left" width="25%">&nbsp;<input type="text" size="14" name="todate" value="<?php print $todate?>" /> <input type=button onclick="popUpCalendar(this, document.forms.psearchform.todate, '<?php print $themask?>', -205)" value='DP' /></td>
			  </tr>
			  <tr bgcolor="#EAECEB">
				<td align="right"><strong><?php print $yyOrdId?>:</strong></td>
				<td align="left">&nbsp;<input type="text" size="14" name="ordid" value="<?php print $ordid?>" /><img src="/lib/images/misc/info_icon.png" id="myfrogz_info" align="absmiddle" /></td>
				<td align="right"><strong>PO/APOs:</strong></td>
				<td align="left">
					<select id="ordPOAPOs" name="ordPOAPOs">
						<option value="none"<?=(empty($_POST['ordPOAPOs']))?' selected="selected"':''?>>None Selected</option>
						<option value="APOs"<?=($_POST['ordPOAPOs'] == 'APOs')?' selected="selected"':''?>>APOs</option>
						<option value="PO_APO"<?=($_POST['ordPOAPOs'] == 'PO_APO')?' selected="selected"':''?>>PO/APOs</option>
						<option value="POs"<?=($_POST['ordPOAPOs'] == 'POs')?' selected="selected"':''?>>POs</option>
						<option value="shipping_APOs"<?=($_POST['ordPOAPOs'] == 'shipping_APOs')?' selected="selected"':''?>>Shipping to APOs</option>
						<option value="shipping_PO_APO"<?=($_POST['ordPOAPOs'] == 'shipping_PO_APO')?' selected="selected"':''?>>Shipping to PO/APOs</option>
						<option value="shipping_POs"<?=($_POST['ordPOAPOs'] == 'shipping_POs')?' selected="selected"':''?>>Shipping to POs</option>
					</select>				</td>
				<td align="right"><strong><?php print $yySeaTxt?>:</strong></td>
				<td align="left" valign="middle">&nbsp;
				  <input type="text" size="24" name="searchtext" value="<?php print $origsearchtext?>" /></td>
			  </tr>
			  <tr bgcolor="#E7EAEF">
				<td rowspan="2" align="right"><strong><?php print $yyOrdSta?>:</strong></td>
				<td rowspan="2" align="left">&nbsp;<select name="ordstatus[]" size="5" multiple><option value="9999" <?php if(strpos($ordstatus,"9999") !== FALSE) print "selected"?>><?php print $yyAllSta?></option><?php
						$ordstatus="";
						$addcomma = "";
						if(is_array(@$_REQUEST["ordstatus"])){
							foreach($_REQUEST["ordstatus"] as $objValue){
								if(is_array($objValue))$objValue=$objValue[0];
								$ordstatus .= $addcomma . $objValue;
								$addcomma = ",";
							}
						}else
							$ordstatus = trim(@$_REQUEST["ordstatus"]);
						$ordstatusarr = explode(",", $ordstatus);
						for($index=0; $index < $numstatus; $index++){
							print '<option value="' . $allstatus[$index]["statID"] . '"';
							if(is_array($ordstatusarr)){
								foreach($ordstatusarr as $objValue)
									if($objValue==$allstatus[$index]["statID"]) print " selected";
							}
							print ">" . $allstatus[$index]["statPrivate"] . "</option>";
						} ?></select>				</td>
				<td rowspan="2" align="right"><strong><?=$yyOrdCou?>:</strong></td>
				<td rowspan="2" align="left">
				<? $sSQL2="SELECT DISTINCT cpnID,cpnName,cpnNumber FROM orders o LEFT JOIN coupons c ON o.ordCoupon=c.cpnID WHERE ordDiscount>0 ORDER BY cpnNumber,cpnName";
					$result2=mysql_query($sSQL2) or die(mysql_error().$sSQL2);
					$total2=mysql_num_rows($result2);?>
					<select name="ordcoupon" size="5" style="width:250px; font-size:10px; ">
					 	<? while($rs2=mysql_fetch_array($result2)){ ?>
					  	<option value="<?=$rs2['cpnID']?>" <?=$rs2['cpnNumber']==""?"":'style="font-weight:bold;"'?> <? if($ordcoupon==$rs2['cpnID']) echo " selected"?>><?=$rs2['cpnNumber']==""?"":$rs2['cpnNumber'].' | '?> <?= str_replace('<br />',' ',$rs2['cpnName'])?></option>
						<? } ?>
					</select>
					<div style="font-size:9px;">Coupons are in bold</div>
					</td>
				<td align="right" valign="middle"><strong>Return Status:</strong></td>
				<td align="left" valign="middle">
						<?
						$sql_return="SELECT * FROM returns ORDER BY status_order";
						$result_return=mysql_query($sql_return);
						?>
						<select name="return_status_search">
						  <option value="" <?php if ($_SESSION['return_status_search']=="") {echo "selected=\"selected\"";} ?>></option>
						  <? while($row_return=mysql_fetch_assoc($result_return)){?>
						  <option value="<?=$row_return["id"]?>" <?php if (!(strcmp($row_return["id"], $_SESSION['return_status_search']))) {echo "selected=\"selected\"";} ?>>
						  <?=$row_return["status"]?>
						  </option>
						  <? } ?>
					  </select></td>
			  </tr>	
			  <tr bgcolor="#E7EAEF">
			    <td align="right" valign="top">&nbsp;</td>
			    <td align="left">			</td>
			    </tr>		  
			  <tr bgcolor="#E7EAEF">
				<td colspan="3" align="left"><input type="c…
Large files files are truncated, but you can click here to view the full file