\n"; } } $out .= "

"; if ($brief) { //showing a thumbnail if ($a[7] && file_exists("products_pictures/".$a[7])) { $size = getimagesize("products_pictures/".$a[7]); $out .= " $\"".MORE_INFO_ON_PRODUCT."$ \n"; $out .= "".MORE_INFO_ON_PRODUCT."\n"; } else //no thumbnail - showing regular image if ($a[5] && file_exists("products_pictures/".$a[5])) { $size = getimagesize("products_pictures/".$a[5]); $out .= " $\"".MORE_INFO_ON_PRODUCT."$ \n"; $out .= "".MORE_INFO_ON_PRODUCT."\n"; } } else { //showing regular image if ($a[5] && file_exists("products_pictures/".$a[5])) { $size = getimagesize("products_pictures/".$a[5]); if ($a[9] && file_exists("products_pictures/".$a[9])) //if there's big image uploaded { $out .= " $\"".ENLARGE_PICTURE."...\"$ "; $out .= "
".ENLARGE_PICTURE."\n"; } else $out .= " $\"$a[1]\"$ \n"; } else //no regular image - watching for thumbnail if ($a[7] && file_exists("products_pictures/".$a[7])) { $size = getimagesize("products_pictures/".$a[7]); $out .= " $\"$a[1]\"$ \n"; } }; $out .= "

"; if (!$brief) { // in stock info $out .= " "; }; $out .= " "; //now show description (brief or else) $out .= "

"; //show product's rating if ($a[8] > 0) { if ($brief) $out .= ""; if ($brief) $out .= ""; } $out .= "

"; if ($brief) $out .= "$a[1]"; else $out .= "$a[1]"; $out .= "
"; else $out .= "	"; $out .= " "; for ($i=0; $i"; for ( ; $i < 5; $i++) $out .= ""; if (!$brief) $out .= " ($a[8] ".VOTES_FOR_ITEM_STRING.")"; $out .= "

"; $q = db_query("SELECT count(*) FROM ".DISCUSSIONS_TABLE." WHERE productID=$product_id") or die (db_error()); $k = db_fetch_row($q); $k = $k[0]; if (!$brief) $out .= "".DISCUSS_ITEM_LINK." ($k ".POSTS_FOR_ITEM_STRING.")

"; $out .= "

"; //add 2 cart link in case product is in stock if ($a[6] > 0) $out .= " $\"".ADD_TO_CART_STRING."\"$ "; else $out .= " "; $out .= "

"; if ($a[10] > 0 && $a[10]!=$a[4]) //show list price { $out .= LIST_PRICE.": ~~"; $out .= show_price($a[10]); $out .= "~~
"; } $out .= "".CURRENT_PRICE.": 0 && $a[10]!=$a[4]) //show 'you save' value { $out .= "
".YOU_SAVE.": "; $out .= show_price($a[10]-$a[4]); $out .= " (".(ceil(((($a[10]-$a[4])/$a[10])*100)))."%)"; $out .= "
"; } $out .= "

"; if (!$brief) $out .= "

"; $out .= IN_STOCK.": \n"; $out .= ($a[6] > 0) ? $a[6] : "".ANSWER_NO.""; $out .= ""; //extra fields? $out .= "

"; $q1 = db_query("select optionID, name from ".PRODUCT_OPTIONS_TABLE."") or die (db_error()); while ($row = db_fetch_row($q1)) if ($row[1]!="") { $q = db_query("select option_value from ".PRODUCT_OPTIONS_VALUES_TABLE." where productID=$product_id AND optionID=$row[0]") or die (db_error()); $val = db_fetch_row($q); if ($val && $val[0]!="") { $out .= "$row[1]: $val[0]
"; } } $out .= "

".VOTING_FOR_ITEM_TITLE."

".MARK_EXCELLENT."
".MARK_GOOD."
".MARK_AVERAGE."
".MARK_POOR."
".MARK_PUNY."

"; }; $out .= "

"; //related products if (!$brief) { $q = db_query("SELECT count(*) FROM ".RELATED_PRODUCTS_TABLE." WHERE Owner=$product_id") or die (db_error()); $cnt = db_fetch_row($q); if ($cnt[0] > 0) { $q = db_query("SELECT productID FROM ".RELATED_PRODUCTS_TABLE." WHERE Owner=$product_id") or die (db_error()); // show related products in table $out .= "

".STRING_RELATED_ITEMS.":
"; $out .= ""; while ($row = db_fetch_row($q)) { $p = db_query("SELECT productID, name, Price FROM ".PRODUCTS_TABLE." WHERE productID=$row[0] AND Price>0") or die (db_error()); if ($r = db_fetch_row($p)) { $out .= ""; $out .= ""; $r[2] = show_price($r[2]); $out .= ""; $out .= ""; } } $out .= "
$r[1] $r[2]
\n"; $out .= "

"; } //showGood function showSubCategories(&$categories, $i, &$out) { //show subcategories of category with index $i $out .= "

\n"; if (trim($categories[$i][5])!="") $out .= ""; $out .= "
".trim($categories[$i][1])."\n"; $out .= "[".$categories[$i][3]."]:
\n"; //show $pl = 0; for ($j=0; $j".trim($categories[$j][1])."\n"; } $out .= "
\n"; } //showSubCategories function categoryIndexInArray(&$list, $id) { //search for index of category with categoryID=$id at array $list $j = 0; while ($j\n"; $out .= "\n"; } else //make a link { $out .= "\n"; } } //process subcategories if ($level+1"; $out .= str_replace("<","<",$list[$i][1])."\n"; //w -- parent of current category $out .= "\n"; //show products showproducts($list[$i][0], $level, &$out); //process all subcategories pricessCategories(&$list, $list[$i][0],$level+1,&$out); } } //pricessCategories function showproducts($cid, $level, &$out) //show products of selected category in the pricelist { $q = db_query("SELECT count(*) FROM ".PRODUCTS_TABLE." WHERE categoryID=$cid") or die (db_error()); $cnt = db_fetch_row($q); if ($cnt[0] > 0) $out .= ""; $q = db_query("SELECT productID, name, Price FROM ".PRODUCTS_TABLE." WHERE categoryID=$cid AND Price>0") or die (db_error()); while ($row = db_fetch_row($q)) { $out .= ""; for ($i=0; $i<$level; $i++) $out .= " "; $out .= "$row[1]\n"; if (!$row[2]) $row[2] = "n/a"; else $row[2] = show_price($row[2]); $out .= "$row[2]"; } } //showproducts // -------------------------INITIALIZATION-----------------------------// session_start(); //select new language? if (isset($new_language)) { $current_language = $new_language; session_register("current_language"); } include("cfg/settings.inc.php"); include("functions.php"); include("language_list.php"); if (!isset($current_language) || $current_language<0 || $current_language>count($lang_list)) $current_language = 0; //set default language if (isset($lang_list[$current_language]) && file_exists($lang_list[$current_language]->filename)) include($lang_list[$current_language]->filename); //include current language file else { die("ERROR: Couldn't find language file!

Click here to use default language"); } //connect to the database db_connect(DB_HOST,DB_USER,DB_PASS) or die (db_error()); db_select_db(DB_NAME) or die (db_error()); //$output is the main output buffer. //include template file (it is set in the language file) $output = implode("",file($lang_list[$current_language]->template)); //authorized access check include("checklogin.php"); //currencies file include("cfg/currency.inc.php"); //# of selected currency if (!isset($current_currency)) $current_currency = 0; //load all categories to array $cats to avoid multiple queries $cats = array(); $i=0; $q = db_query("SELECT categoryID, name, parent, products_count, description, picture FROM ".CATEGORIES_TABLE." where categoryID<>0 ORDER BY name") or die (db_error()); while ($row = db_fetch_row($q)) $cats[$i++] = $row; if (!isset($categoryID)) $categoryID = 0; if (!isset($vote_completed)) $vote_completed = array(); if (!isset($offset)) $offset=0; //checking for proper $offset init if ($offset<0 || $offset%$products_count) $offset=0; // -----------------------------------------------------------------// if (isset($logout)) //user logout { unset($log); session_unregister("log"); session_unregister("pass"); header("Location: index.php"); } else if (isset($enter) && !isset($log)) //user login { $q = db_query("SELECT cust_password FROM ".CUSTOMERS_TABLE." WHERE Login='$user_login'") or die (db_error()); $row = db_fetch_row($q); //serching for user in the database if (($row) && (!strcmp(trim($row[0]),stripslashes($user_pw)))) { //yes. start new session $log = $user_login; $pass = stripslashes($user_pw); session_register("log"); //$log -- authorized user login session_register("pass"); moveCartFromSession2DB(); //update prefered currency db_query("UPDATE ".CUSTOMERS_TABLE." SET default_currency=$current_currency WHERE Login='$log'") or die (db_error()); //is it admin? if (!isset($order)) if (!strcmp($log,ADMIN_LOGIN)) header("Location: admin.php"); else { $z = ""; if (isset($productID)) $z="?productID=$productID"; else if (isset($categoryID)) $z="?categoryID=$categoryID"; header("Location: index.php$z"); } } else //login error $wrongLoginOrPw = 1; } if (isset($subscribe) && !strcmp($subscribe,"true") && isset($email)) //subscribe for the news { db_set_identity(MAILING_LIST_TABLE); db_query("INSERT INTO ".MAILING_LIST_TABLE." (Email) VALUES ('$email')") or die (db_error()); $z = ""; if (isset($productID)) $z="&productID=$productID"; else if (isset($categoryID)) $z="&categoryID=$categoryID"; header("Location: index.php?subscribe=done$z"); } if (isset($killuser) && isset($log) && strcmp($log, ADMIN_LOGIN)) //terminate user account { db_query("DELETE FROM ".CUSTOMERS_TABLE." WHERE Login='$log'") or die (db_error()); db_query("DELETE FROM ".SHOPPING_CARTS_TABLE." WHERE customer_login='$log'") or die (db_error()); //clear his/her cart unset($log); unset($pass); session_unregister("log"); session_unregister("pass"); session_unregister("order_step"); $order_step=0; header("Location: index.php?kill_successful=1"); } if (isset($vote)) //vote for product { if (!isset($vote_completed[$vote]) && isset($mark) && $mark) $q = db_query("UPDATE ".PRODUCTS_TABLE." SET customers_rating=(customers_rating*customer_votes+$mark)/(customer_votes+1), customer_votes=customer_votes+1 WHERE productID=".$vote) or die (db_error()); $productID = $vote; $vote_completed[$vote] = 1; session_register("vote_completed"); } if (isset($productID)) //to rollout categories navigation table { $q = db_query("SELECT categoryID FROM ".PRODUCTS_TABLE." WHERE productID=$productID") or die (db_error()); $r = db_fetch_row($q); if ($r) $categoryID = $r[0]; } if (isset($searchstring)) //make a simple search { $products_search = array(); $cats_search = array(); $g_search_count = 0; //explode string to a set separate of words $searchstring = trim(str_replace("'","",stripslashes($searchstring))); $search = explode(" ",$searchstring); $result=array(); $r = array(); $i = 0; $k = 0; if ($searchstring) { //searching for categories $s = "SELECT categoryID, name FROM ".CATEGORIES_TABLE." WHERE categoryID<>0 and name LIKE '%".$search[0]."%' "; for ($i=1; $i$g_search_count) $offset = 0; $q = db_query($s_search."ORDER BY customers_rating DESC") or die (db_error()); $i = 0; while ($row = db_fetch_row($q)) { if ($i >= $offset && $i < $offset+$products_count) $products_search[] = $row; $i++; } } } if (isset($change_c) && isset($change_currency)) //change currency type { $current_currency = $change_currency; session_register("current_currency"); //make changes in the database if user is authorized if (isset($log)) db_query("UPDATE ".CUSTOMERS_TABLE." SET default_currency=$change_currency WHERE Login='$log'") or die (db_error()); header("Location: index.php"); } if (isset($add_topic) && isset($productID)) // add post to the product discussion { db_set_identity(DISCUSSIONS_TABLE); db_query("INSERT INTO ".DISCUSSIONS_TABLE." (productID, Author, Body, add_time, Topic) VALUES ($productID, '$nick','$body','".get_current_time()."','$topic')") or die (db_error()); header("Location: index.php?productID=$productID&discuss=yes"); } if (isset($remove_topic) && isset($productID) && isset($log) && !strcmp($log, ADMIN_LOGIN)) // delete topic in the discussion { db_query("DELETE FROM ".DISCUSSIONS_TABLE." WHERE DID=$remove_topic") or die (db_error()); header("Location: index.php?productID=$productID&discuss=yes"); } // ---------------------- TEMPLATE PARSER --------------------// // {TITLE} // $r = array(); $r[0] = ""; if (isset($categoryID) && !isset($productID) && $categoryID>0) { $q = db_query("SELECT name FROM ".CATEGORIES_TABLE." WHERE categoryID<>0 and categoryID=$categoryID") or die (db_error()); $r = db_fetch_row($q); $out = str_replace("\"","'",$r[0]." - ".$shopname); $output = str_replace("{TITLE}", $out, $output); } else if (isset($productID) && $productID>0) { $q = db_query("SELECT name FROM ".PRODUCTS_TABLE." WHERE productID=$productID") or die (db_error()); $r = db_fetch_row($q); $out = str_replace("\"","'",$r[0]." - ".$shopname); $output = str_replace("{TITLE}", $out, $output); } else $output = str_replace("{TITLE}", "$shopname", $output); // {META} // $r = array(); $r[0] = ""; if (isset($categoryID) && !isset($productID) && $categoryID>0) { $q = db_query("SELECT name, description FROM ".CATEGORIES_TABLE." WHERE categoryID<>0 and categoryID=$categoryID") or die (db_error()); $r = db_fetch_row($q); $out = str_replace("\"","'",$r[0].", ".$r[1]); $output = str_replace("{META}", $out, $output); } else if (isset($productID) && $productID>0) { $q = db_query("SELECT name, brief_description FROM ".PRODUCTS_TABLE." WHERE productID=$productID") or die (db_error()); $r = db_fetch_row($q); $out = str_replace("\"","'",$r[0].", ".$r[1]); $output = str_replace("{META}", $out, $output); } else $output = str_replace("{META}", "$shopname, powered by Shop-Script", $output); // {REGISTER/HOME} // if (isset($log)) //link to "My account" page { $out = "".MY_ACCOUNT_LINK.""; } else //link to the registration { $out = "".REGISTER_LINK.""; } $output = str_replace("{REGISTER/HOME}", $out, $output); // {LANGUAGE} // $out = "

\n"; $output = str_replace("{LANGUAGE}", $out, $output); // {CURRENCY} // if (count($currency_name) > 1) $out = "".CHANGE_CURRENCY_LINK.""; else $out = ""; $output = str_replace("{CURRENCY}", $out, $output); // {AUTHORIZATION} // if (!isset($log)) { //login form // !!! NOTICE THAT YOU SHOULD PLACE SYMBOL \ BEFORE SYMBOL " !!! // $out = " ".STRING_AUTHORIZATION." "; if (isset($productID)) $out .= ""; if (isset($categoryID)) $out .= ""; $out .= "

".CUSTOMER_LOGIN."
".CUSTOMER_PASSWORD."

".FORGOT_PASSWORD_LINK."

"; } else // logout link { // !!! NOTICE THAT YOU SHOULD PLACE SYMBOL \ BEFORE SYMBOL " !!! // $out = "

".LOGOUT_LINK."

"; } $output = str_replace("{AUTHORIZATION}", $out, $output); // {SEARCH} // // search form // !!! NOTICE THAT YOU SHOULD PLACE SYMBOL \ BEFORE SYMBOL " !!! // $tmp = isset($searchstring) ? $searchstring : ""; $out = " "; if (isset($s_search)) $out .= ""; $tmp = isset($inside) ? " checked" : ""; $out .= "

".STRING_SEARCH."
".STRING_SEARCH_IN_RESULTS."

".ADVANCED_SEARCH_LINK." "; $output = str_replace("{SEARCH}", $out, $output); // {SHOPPING_CART} // // !!! NOTICE THAT YOU SHOULD PLACE SYMBOL \ BEFORE SYMBOL " !!! // $out = "

"; //shopping cart value $k=0; $cnt = 0; if (isset($log)) //taking products from database { $q = db_query("SELECT productID, Quantity FROM ".SHOPPING_CARTS_TABLE." WHERE customer_login='$log'") or die (db_error()); while ($row = db_fetch_row($q)) { $t = db_query("SELECT Price FROM ".PRODUCTS_TABLE." WHERE productID=$row[0]") or die (db_error()); $rr = db_fetch_row($t); $k += $row[1]*$rr[0]; $cnt += $row[1]; } } else if (isset($gids)) //...session vars { for ($i=0; $i
"; else $out .= "
"; //create a link to checkout process (depends on the fact is user authorized or not) $link = isset($log) ? "index.php?check_order=yes" : "index.php?register=yes&order=yes"; $out .= "
".CART_PROCEED_TO_CHECKOUT.""; $out .= "

"; $output = str_replace("{SHOPPING_CART}", $out, $output); // {CATEGORIES} // $path = calculatePath(&$cats, $categoryID); //path from root to selected category $out = processCategories(&$cats,0,$path,$categoryID,""); $output = str_replace("{CATEGORIES}", $out, $output); // {NEWS} // $q = db_query("SELECT NID, add_date, Body, add_stamp FROM ".NEWS_TABLE." ORDER BY add_stamp DESC") or die (db_error()); $out = ""; $output = str_replace("{NEWS}", $out, $output); // {VOTING} // $out = ""; $out .= "\n\n

\n"; if (!isset($save_voting_results)) { //main voting form $f = file("cfg/voting.txt"); $r = file("cfg/voting_results.txt"); $m = $r[0] ? $r[0] : 0; $m = max($m, 1); for ($i=0; $i"; $out .= "\n"; $out .= "\n\n"; } $out .= "

$f[0]

\n"; for ($i=1; $i\n"; if (isset($productID)) $out .= ""; if (isset($categoryID)) $out .= ""; if (isset($currency)) $out .= ""; if (isset($user_details)) $out .= ""; if (isset($aux_page)) $out .= ""; if (isset($show_price)) $out .= ""; if (isset($register)) $out .= ""; if (isset($adv_search)) $out .= ""; if (isset($searchstring)) $out .= ""; if (isset($order)) $out .= ""; if (isset($check_order)) $out .= ""; $out .= "\n"; } else { //vote and show results $f = file("cfg/voting.txt"); //increase votes value if (!($r = file("cfg/voting_results.txt"))) { $r = array(); for ($i=0; $i 0) { $out .= "

"; for ($j = 0; $j< 10*$r[$i-1]/$m; $j++) $out .= "

"; $out .= "

"; } $out .= "

".$r[$i-1]."\n"; $out .= "

"; //don't allow user to vote more than 1 time $vote_completed[0] = 1; session_register("vote_completed"); } $out .= "

"; $output = str_replace("{VOTING}", $out, $output); // {MAIN_CONTENT} $out = ""; /* if (isset($killuser)) //tell about user's account termination $out .= "".STRING_SUCCESSFUL_ACCOUNT_TERMINATION."

\n"; else*/ if (isset($forgotpw)) //forgot password? { $q = db_query("SELECT cust_password, Email FROM ".CUSTOMERS_TABLE." WHERE Login='$forgotpw'") or die (db_error()); if ($row = db_fetch_row($q)) //send password { $tt = db_query("SELECT Email FROM ".CUSTOMERS_TABLE." WHERE Login='".ADMIN_LOGIN."'"); $ro = db_fetch_row($tt); mail($row[1], EMAIL_FORGOT_PASSWORD_SUBJECT, EMAIL_HELLO."\n\n".EMAIL_YOUR_PASSWORD.": $row[0]\n\n".EMAIL_SINCERELY.", $shopname.\n$shopurl", "From: \"$shopname\"<$ro[0]>;\n".EMAIL_MESSAGE_PARAMETERS."\nReturn-path: <$ro[0]>"); $out .= "".STRING_PASSWORD_SENT." <".$row[1].">

\n"; } else //login wasn't found in db { $out .= "

".STRING_CANT_FIND_USER_IN_DB." (".stripslashes($forgotpw).")!
"; $logging = "yes"; //show login form again } } else if (isset($show_price)) //show pricelist { $out .= "

".STRING_PRICELIST." $shopname

"; $out .= ""; pricessCategories(&$cats,0,0,&$out); $out .= "

"; } else if (isset($aux_page)) // auxiliary page { if (file_exists("cfg/$aux_page")) $f = file("cfg/$aux_page"); else { $f = array(); $f[0] = ERROR_CANT_FIND_REQUIRED_PAGE; } for ($i=0; $i1) //change currency type form { $out .= STRING_SELECT_CURRENCY_TYPE."
"; $out .= "

"; for ($i = 0; $i"; $out .= ""; } else if (isset($adv_search)) //advanced search form { include("includes/adv_search.php"); } else if (isset($searchstring)) //simple search results { include("includes/simple_search.php"); } else if ($categoryID && !isset($productID)) //show products in the category { include("includes/category_view.php"); } else if (isset($productID) && $productID>0) //show product detailed information { include("includes/show_good.php"); } else if (isset($user_details) && isset($log)) //show user's account { include("includes/user_details.php"); } else if (isset($logging) || isset($wrongLoginOrPw)) //wrong password page { $out .= " "; if (isset($wrongLoginOrPw)) $out .= "

".ERROR_WRONG_PASSWORD." "; $out .= " "; } else if (isset($register) || isset($update_details)) //customers registration { include("includes/register.php"); } else if (isset($check_order) && isset($log)) //order check { include("includes/check_order.php"); } else if (isset($proceed_ordering) && isset($log)) //ordering process { include("includes/proceed_ordering.php"); } else if (isset($complete_order) && isset($log)) //place order { include("includes/complete_order.php"); } else if (isset($r_successful)) //successful registration notification { $out .= "

"; if (isset($update)) $out .= "".STRING_ACOOUNT_UPDATE_SUCCESSFUL.""; else $out .= "".STRING_REGISTRATION_SUCCESSFUL.""; } else if (isset($kill_successful)) //sucessful account termination { $out .= "

"; $out .= "".STRING_SUCCESSFUL_ACCOUNT_TERMINATION.""; } else //homepage { //greetings text $out .= STRING_GREETINGS; $out .= "

\n"; //place categories into 2 columns $q = db_query("SELECT categoryID FROM ".CATEGORIES_TABLE." WHERE categoryID<>0 and parent=0 ORDER BY name") or die (db_error()); $rr = array(); while ($row = db_fetch_row($q)) $rr[] = $row; $k = count($rr); if ($k%2 == 0) $tmp = 0; else $tmp = 1; $out .= "\n"; for ($i=0; $i<$k; $i++) { $tmp = $i%2; if (!$tmp) $out .= ""; $out .= ""; if ($tmp) $out .= ""; }; $out .= "\n
"; showSubCategories(&$cats, categoryIndexInArray(&$cats, $rr[$i][0]), &$out); $out .= "
\n"; //show special offers $c = 2; //show 2 products in each row $q = db_query("SELECT productID, name, picture, Price FROM ".PRODUCTS_TABLE." WHERE show_as_special_offer=1 AND picture<>'' AND enabled=1 AND Price>0 AND categoryID>0 AND in_stock>0 ORDER BY show_as_special_offer DESC, customers_rating DESC, name") or die (db_error()); $i = 0; $out .= "

\n"; while (($row = db_fetch_row($q))) if (file_exists("products_pictures/$row[2]")) { if ($i % $c == 0 && $i != 0) $out .= ""; $i++; } $out .= "

"; else $out .= "

"; $out .= "

"; $out .= ""; $out .= ""; $out .= ""; $out .= "

"; $out .= "
$row[1]	".show_price($row[3])."

"; $out .= "

"; } $output = str_replace("{MAIN_CONTENT}", $out, $output); //show all output if (isset($log) && !strcmp($log, ADMIN_LOGIN)) echo "
".ADMINISTRATE_LINK."
"; echo $output; ?>