Viên ngọc phương Đông

ruạṛ

<?php
/**
 * Add products to cart
 * @version 0.10
 * @author Robert Urquhart <programmer@activatedesign.co.nz>
 * @package WEP-CMS
 * @todo institute a check that the request for this page is coming from a valid page on-site
 */

/**
 * @var string $includes_dir location of database connection details and global functions
 * @var string $template_dir location of template specific functions (and user connection details if different permissions supported)
 */
$data_dir = $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/';
$template_dir = $_SERVER['DOCUMENT_ROOT'].'/resources/template/';

/**
 * load includes
 */
require_once $data_dir.'universal.php';
require_once $template_dir.'functions.php';

/*
 * start the session (after includes so objects stored in $_SESSION are created properly)
 */
session_start();

/**
 * set up database connection
 * @var resource $connID db connection reference
 */
$connID=connect_to_db();

/**
 * suhosin workaround - load session user data
 * @var object $customer
 */
$customer = user_load();

/**
 * what cart are we adding to?
 * @var string $target
 * @var string $text cart name to return in message
 * @var string
 */
if(strpos(strtolower($_POST['action']),'wishlist') !== false)
{
	$target = $text = 'wishlist';
}
else
{
	$target = 'cart';
	$text = 'cart';
}
/**
 * create cart
 * @var object $cart
 */
$cart = $customer->load_cart($target);

//echo $target; print_r($customer); print_r($cart); exit;
/* 
 * note if we expect a lot of products from a category to be added at once 
 * then it might be more efficient to grab all products from the category 
 * and then iterate through them checking $_POST['product']
 */
if(isset($_POST['product']))
{
	/**
	 * quickest way of whitelisting product options is from the list in the product class
	 * @var object $p
	 */
	$cat_id = is_numeric_id($_POST['category_id'],0);
	$p = new product;
	
	foreach($_POST['product'] as $pid => $qty)
	{
		if(is_numeric_id($pid,false) && is_numeric_id($qty,false)) //this also skips qty = '' and qty = 0;
		{
			$selected = array();
			//foreach($p->prodAttr as $a){ //whitelist
			foreach($p->product_options_fields->options as $o) //whitelist
			{ 
				$a = 'options_'.$o->option_id;
				$selected[$o->text] = clean_plain_data($_POST[$a]);
			}
			//var_dump($cart);
			if($cart)
			{
				$cart->product($pid,$qty,$selected,$cat_id);
			}
			else
			{
				var_dump($customer->cart);
				exit;
			}

}
	}
	
	if($cart->ship_id)
	{
		$cart->set_shipping();
	}
	
	if($cart->discount_type)
	{
		$cart->set_discount($cart->discount_type,$cart->discount_var, $cart->discount_code);
	}
	
	if($customer->user_id)
	{
		$customer->update_cart($cart,$target);
	}
	else
	{
		user_save_cart($cart,$target);
	}
	
	$action = isset($_GET['action']) ? $_GET['action'] : "";
	
	setcookie($action.'Message', '<p class="message">The product was added to your '.$text.'</p>', time()+30,'/');
	//print_r($_SESSION); exit;
	getout('',select_one('page_data','path','page_type',$target) . "?action=" . $action);
}
else
{
	getout('');
}
exit;
?>