<?php
if($pnconfig[Version_Sub] == "Rogue")
{
if (!eregi('admin.php', $PHP_SELF)) die ('Access Denied: You can\'t access this file directly.');
if (!authorised(0, "$ModName::", '::', ACCESS_ADMIN)) die ('Access Denied: No permissions');
}
else
{
if (!eregi("admin.php", $PHP_SELF)) die ("Access Denied");
}
include ("header.php");
include ("modules/$ModName/classes/products.php");
GraphicAdmin($hlpfile);
cp_menu();
OpenTable();
// output an edit/delete box for current hosts
if (mysql_num_rows($result = mysql_query("SELECT prod, name, ptype FROM $pntable[cp_products] ORDER BY ptype"))) {
echo " <table border=0>\n"
." <tr>\n"
." <td>\n"
." <form action=\"admin.php\" method=\"post\" style=\"margin: 0;\">\n"
." <input type=hidden name=op value=add_product_$ModName>\n"
." <input type=hidden name=cpop value=edit_product>\n"
." <b>Edit Product: </b>\n"
." </td>\n"
." <td>\n"
." <select name=editProd>\n";
while ($row = mysql_fetch_array($result)) {
$kind = $row[ptype];
echo " <option value=\"$row[prod]\">$products[$kind]: $row[name] - #$row[prod]</option>\n";
}
$result = mysql_query("SELECT prod, name, ptype FROM $pntable[cp_products] ORDER BY ptype");
echo " </select>\n"
." <input type=submit value=\"Edit\" style=\"width: 40px;\">\n"
." </form>\n"
." </td>\n"
." </tr>\n"
." <tr>\n"
." <td>\n"
." <form action=\"admin.php\" method=\"post\" style=\"margin: 0;\">\n"
." <input type=hidden name=op value=add_product_$ModName>\n"
." <input type=hidden name=cpop value=delete_product>\n"
." <b>Delete Product: </b>\n"
." </td>\n"
." <td>\n"
." <select name=deleteProd>\n";
while ($row = mysql_fetch_array($result)) {
$kind = $row[ptype];
echo " <option value=\"$row[prod]\">$products[$kind]: $row[name] - #$row[prod]</option>\n";
}
echo " </select>\n"
." <input type=submit value=\"Delete\" style=\"width: 40px;\">\n"
." </form>\n"
." </td>\n"
." </tr>\n"
." </table>\n";
CloseTable();
echo " <br>\n";
OpenTable();
}
// shows form to add a store/also is where we redirect unfinnished forms
function showAddForm($prod, $store, $ptype, $name, $charge, $description, $def_view, $active, $error) {
global $ModName, $pntable, $products;
if (!$stores = mysql_query("SELECT id, acct FROM $pntable[CP_Stores]")) die ("<font color=red>ERROR: </font>".mysql_error()."<br>");
if (!mysql_num_rows($stores)) die ("You must have at least one store to add a product.");
$charge = preg_replace("/\\$/", "", $charge);
echo " <form action=\"admin.php\" method=\"get\">\n"
." <input type=hidden name=op value=\"add_product_$ModName\">\n"
." <input type=hidden name=cpop value=\"add_new\">\n"
." <table border=0 width=\"100%\">\n";
if ($error) echo " <tr>\n"
." <td colspan=2 align=center><b><font color=red>ERROR: </font>$error</b></td>\n"
." </tr>\n";
echo " <tr>\n"
." <td valign=top width=\"85%\"><h3>Add Product</h3></td>\n"
." <td rowspan=2 valign=top align=center><a href=\"http://www.cafepress.com/cp/info/storeref.aspx?refby=rastafari\" target=\"_blank\"><img src=\"modules/$ModName/images/admin.gif\" alt=\"Don't have a store? Click to signup!\" border=0><br>Click to Get a Store!</a></td>\n"
." </tr>\n"
." <tr>\n"
." <td>\n"
." Product Number:<br>\n"
." <input type=text size=30 maxlength=11 name=prod value=\"$prod\"><br>\n"
." Product Name:<br>\n"
." <input type=text size=30 maxlength=50 name=name value=\"$name\"><br>\n"
." Product Type:<br>\n"
." <select name=ptype>\m";
foreach ($products as $key => $value) {
if ($key == '99') echo '';
elseif ($ptype == $key) echo " <option value=\"$key\" SELECTED>$value</option>\n";
else echo " <option value=\"$key\">$value</option>\n";
}
echo " </select><br>\n"
." Charge:<br>\n"
." <input type=text size=30 maxlength=10 name=charge value=\"$charge\"><br>\n"
." Store Name/Account:<br>\n"
." <select name=store>\n";
while ($row = mysql_fetch_array($stores)) {
if ($store == $row[id]) echo " <option value=\"$row[id]\" SELECTED>$row[acct]</option>\n";
else echo " <option value=\"$row[id]\">$row[acct]</option>\n";
}
echo " </select><br>\n"
." Description:<br>\n"
." <textarea name=description style=\"width: 75%; height: 100px;\">".stripslashes($description)."</textarea><br>\n"
." Defalut View:<br>\n"
." <table border=0>\n"
." <tr><td width=50px> <b>Front</b></td><td><input type=radio name=def_view value=F";
if ($def_view == 'F') echo " CHECKED";
echo "></td></tr>\n"
." <tr><td width=50px> Back</td><td><input type=radio name=def_view value=B";
if ($def_view == 'B') echo " CHECKED";
echo "></td></tr>\n"
." </table><br>\n"
." Enabled?<br>\n"
." <table border=0>\n"
." <tr><td width=50px> <b>Enabled</b></td><td><input type=radio name=active value=1";
if ($active == '1') echo " CHECKED";
echo "></td></tr>\n"
." <tr><td width=50px> Disabled</td><td><input type=radio name=active value=0";
if ($active == '0') echo " CHECKED";
echo "></td></tr>\n"
." </table><br>\n"
." <br>\n"
." <input type=submit value=\"Add Product\">\n"
." </td>\n"
." </tr>\n"
." </table>\n"
." </form>\n";
}
// this allows us to edit a product
function cpedit($editProd, $error) {
global $pntable, $ModName, $products;
if (!$prod = mysql_fetch_array(mysql_query("SELECT * FROM $pntable[cp_products] WHERE prod='$editProd'"))) die ("Could not access database, or product #$editProd doesn't exist.");
$stores = mysql_query("SELECT id, acct FROM $pntable[CP_Stores]");
$prod[charge] = preg_replace("/\\$/", "", $prod[charge]);
echo " <form action=\"admin.php\" method=\"post\">\n"
." <input type=hidden name=op value=\"add_product_$ModName\">\n"
." <input type=hidden name=cpop value=\"update_product\">\n"
." <input type=hidden name=prod value=\"$editProd\">\n"
." <table border=0 width=\"100%\">\n";
if ($error) echo " <tr>\n"
." <td colspan=2 align=center><b>ERROR: $error</b></td>\n"
." </tr>\n";
echo " <tr>\n"
." <td valign=top width=\"85%\"><h3>Edit Product</h3></td>\n"
." <td rowspan=2 valign=top align=center><a href=\"http://www.cafepress.com/cp/info/storeref.aspx?refby=rastafari\" target=\"_blank\"><img src=\"modules/$ModName/images/admin.gif\" alt=\"Don't have a store? Click to signup!\" border=0><br>Click to Get a Store!</a></td>\n"
." </tr>\n"
." <tr>\n"
." <td>\n"
." Product Name:<br>\n"
." <input type=text size=30 maxlength=50 name=name value=\"$prod[name]\"><br>\n"
." Product Type:<br>\n"
." <select name=ptype>\n";
foreach ($products as $key => $value) {
if ($key == '99') echo "";
elseif ($prod[ptype] == $key) echo " <option value=\"$key\" SELECTED>$value</option>\n";
else echo " <option value=\"$key\">$value</option>\n";
}
echo " </select><br>\n"
." Charge:<br>\n"
." <input type=text size=30 maxlength=10 name=charge value=\"$prod[charge]\"><br>\n"
." Store Name/Account:<br>\n"
." <select name=store>\n";
while ($row = mysql_fetch_array($stores)) {
if ($prod[store] == $row[id]) echo " <option value=\"$row[id]\" SELECTED>$row[acct]</option>\n";
else echo " <option value=\"$row[id]\">$row[acct]</option>\n";
}
echo " </select><br>\n"
." Description:<br>\n"
." <textarea name=description style=\"width: 75%; height: 100px;\">$prod[description]</textarea><br>\n"
." Defalut View:<br>\n"
." <table border=0>\n"
." <tr><td width=50px> Front</td><td><input type=radio name=def_view value=F";
if ($prod[def_view] == 'F') echo " CHECKED";
echo "></td></tr>\n"
." <tr><td width=50px> Back</td><td><input type=radio name=def_view value=B";
if ($prod[def_view] == 'B') echo " CHECKED";
echo "></td></tr>\n"
." </table><br>\n"
." Enabled?<br>\n"
." <table border=0>\n"
." <tr><td width=50px> Enabled</td><td><input type=radio name=active value=1";
if ($prod[active] == '1') echo " CHECKED";
echo "></td></tr>\n"
." <tr><td width=50px> Disabled</td><td><input type=radio name=active value=0";
if ($prod[active] == '0') echo " CHECKED";
echo "></td></tr>\n"
." </table><br>\n"
." <br>\n"
." <input type=submit value=\"Update Product\">\n"
." </td>\n"
." </tr>\n"
." </table>\n"
." </form>\n";
}
// adds the product to database
function cpadd($prod, $store, $ptype, $name, $charge, $description, $def_view, $active) {
global $pntable;
$charge = preg_replace("/\\$/", "", $charge);
if ($def_view && $ptype != '7' && $ptype != '8' && $ptype != '9' && $ptype != '13') $def_view_query = ", def_view='$def_view'";
if ($active == '0' || $active == '1') $active_query = ", active='$active'";
if (!$prod || !$store || !$ptype || !$name || !$charge) showAddForm($prod, $store, $ptype, $name, $charge, $description, $def_view, $active, "Please make sure all feilds are filled in.");
elseif (mysql_num_rows(mysql_query("SELECT prod FROM $pntable[cp_products] WHERE prod='$prod'"))) showAddForm($prod, $store, $ptype, $name, $charge, $description, $def_view, $active, "Product ID#$prod is already in the database, please try another.");
elseif (!mysql_query("INSERT INTO $pntable[cp_products] SET prod='$prod', store='$store', ptype='$ptype', name='$name', charge='$charge', description='$description'$def_view_query$active_query")) die ("Could not insert into database.<br>".mysql_errno().": ".mysql_error()."<br>");
else echo " <center>\n"
." <h2>Product ID# $prod Added!</h2>\n"
." </center>";
}
// updates a prodcut
function cpupdate($prod, $store, $ptype, $name, $charge, $description, $def_view, $active) {
global $pntable;
$charge = preg_replace("/\\$/", "", $charge);
if ($def_view && $ptype != '7' && $ptype != '8' && $ptype != '9' && $ptype != '13') $def_view_query = ", def_view='$def_view'";
if ($active == '0' || $active == '1') $active_query = ", active='$active'";
if (!$store || !$ptype || !$name || !$charge) cpedit($prod, "Please make sure all feilds are filled in.");
elseif (!mysql_query("UPDATE $pntable[cp_products] SET store='$store', ptype='$ptype', name='$name', charge='$charge', description='$description'$def_view_query$active_query WHERE prod='$prod'")) die ("Could not update database.");
else echo " <center>\n"
." <h2>Product ID# $prod Edited!</h2>\n"
." </center>";
}
function cpdelete($deleteProd) {
global $pntable;
if (!mysql_query("DELETE FROM $pntable[cp_products] WHERE prod='$deleteProd'")) $error .= "Couldn't delete product # $deleteProd from table.<br>";
else echo "<center><h2>Product # $deleteProd Deleted</h2></center>";
echo $error;
}
switch ($cpop) {
case "add_new":
cpadd($prod, $store, $ptype, $name, $charge, $description, $def_view, $active);
break;
case "update_product":
cpupdate($prod, $store, $ptype, $name, $charge, $description, $def_view, $active);
break;
case "edit_product":
cpedit($editProd, '');
break;
case "delete_product":
cpdelete($deleteProd);
break;
default:
showAddForm($prod, $store, $ptype, $name, $charge, $description, $def_view, $active, $error);
break;
}
CloseTable();
include ("footer.php");
?>