Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

OrderStatus.inc.php

Last change on this file was 82, checked in by scdev, 18 years ago
Changed all usage of addslashes to mysql_real_escape_quotes
File size: 9.4 KB

Line
1	<?php
2	/**
3	* OrderStatus.inc.php
4	* Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information
5	*/
6
7
8	/**
9	* This function returns the number of orders with a status of $status.
10	* Current valid status' are pending, confirmed, shipped, and canceled.
11	*
12	* @param string $status the status for which to search. leave blank to
13	* search for all.
14	*
15	* @return int the number of orders with a status of $status
16	*/
17	function totalOrders($status='')
18	{
19	if ($status != '') {
20	$whereclause = 'WHERE status = ' . mysql_real_escape_string($status);
21	} else {
22	$whereclause = '';
23	}
24	$qid = dbQuery("
25	SELECT COUNT(*)
26	FROM order_tbl
27	$whereclause
28	");
29	$num = mysql_fetch_row($qid);
30	return $num[0];
31	}
32
33	/**
34	* Updates the status of an order. Checks that the order exists first. If the status
35	* is changed from an active order to an inactive one, the catalog quantities are increased
36	* just as if they were "not sold" and likewise, if change from inactive to active, then
37	* the catalog quantities are decreased like they've been sold. The user is emailed a
38	* notice of the change if $email_user = TRUE.
39	*
40	* @param int $order_id the id of the order to set
41	* @param string $new_status the status to set it to
42	* @param string $email_user if true, send this user an email with updated status
43	*
44	* @return bool true if old status is the same as new status
45	* false if the new status is not one of the 4 valid types
46	* true if order is valid, update is successful and user email
47	* (if specified) goes out
48	* false if order does not exist
49	*/
50	function setOrderStatus($order_id, $new_status='', $email_user=false)
51	{
52	global $CFG, $_SESSION;
53
54	$qid = dbQuery("SELECT status, email, first_name, last_name FROM order_tbl WHERE order_id = " . mysql_real_escape_string($order_id));
55	if (mysql_num_rows($qid) == 1) {
56	/* The order exists, we contine. */
57
58	$order = mysql_fetch_assoc($qid);
59	$old_status = $order['status'];
60	if ($old_status == $new_status) {
61	return true;
62	}
63
64	/* Determine if the items should be removed or added to the catalog depending
65	* on the type of status change. */
66	if (($old_status == 'pending' \|\| $old_status == 'canceled') && ($new_status == 'confirmed' \|\| $new_status == 'shipped')) {
67	$polarity = '-';
68	} else if (($new_status == 'pending' \|\| $new_status == 'canceled') && ($old_status == 'confirmed' \|\| $old_status == 'shipped')) {
69	$polarity = '+';
70	} else {
71	$polarity = '=';
72	}
73
74	/* Ensure that the new status is a valid option for the database update. */
75	switch ($new_status) {
76
77	case 'pending':
78	$db_update = 'pending';
79	break;
80
81	case 'canceled':
82	$db_update = 'canceled';
83	break;
84
85	case 'confirmed':
86	$db_update = 'confirmed';
87	break;
88
89	case 'shipped':
90	$db_update = 'shipped';
91	break;
92
93	default:
94	return false;
95	}
96
97	if (!actualizeOrderItems($order_id, $polarity)) {
98	/* If this fails (because of too few items in stock for this order change)
99	* we just say "fuck it" and cancel the order. */
100	$db_update = 'canceled';
101	$email_user = false;
102	raiseMsg(sprintf(_("Order number <strong>%s</strong> has been canceled because there is none in stock"), $order_id), MSG_WARNING, __FILE__, __LINE__);
103	}
104
105	/* Otherwise we assume everything was updated okay and that
106	* we have a valid new status and so proceed updating the orders table. */
107	dbQuery("UPDATE order_tbl SET status = " . mysql_real_escape_string($db_update) . " WHERE order_id = " . mysql_real_escape_string($order_id));
108
109	if ($email_user == true) {
110	/* email the user about the order status change */
111
112	/* Query to load the details of this order. */
113	$qid_order = dbQuery("SELECT * FROM order_tbl WHERE order_id = " . mysql_real_escape_string($order_id));
114	$order = mysql_fetch_assoc($qid_order);
115
116	/* Query to load the item associated with this order.
117	* $qid_items is used to display a list of items ordered. */
118	$qid_items = dbQuery("
119	SELECT
120	oi.product_id,
121	p.title,
122	p.product_type,
123	p.retail_price,
124	oi.purchase_price,
125	oi.purchase_weight,
126	oi.qty,
127	oi.purchase_price * oi.qty AS total
128	FROM order_items_tbl oi
129	LEFT JOIN product_tbl p
130	ON (oi.product_id = p.product_id)
131	WHERE oi.order_id = " . mysql_real_escape_string($order_id) . "
132	");
133	$item_num = 0;
134	while ($item = mysql_fetch_object($qid_items)) {
135	$product_name = getProductTitle($item->product_id);
136	$item_num++;
137	$subtotal += $item->total;
138	$item_list .= " $product_name " . getFormattedPrice ($item->retail_price) . " x " . $item->qty . "\n";
139	// $item_list .= " $item->product_id $product_name " . getFormattedPrice($item->retail_price) . " x " . $item->qty . "\n";
140	}
141
142	/* Get the credit card info from crypt. */
143	$cc = uncrypt_cc($order['crypt']);
144
145	$var = new stdClass;
146
147	$var->total_items = $item_num;
148	$var->item_list = $item_list;
149	$var->subtotal = getFormattedPrice($subtotal);
150	$var->tax = getFormattedPrice($order['tax']);
151	$var->delivery = getFormattedPrice($order['delivery']);
152	$var->final_price = getFormattedPrice($order['final_price']);
153
154	$var->email = $order['email'];
155	$var->first_name = $order['first_name'];
156	$var->last_name = $order['last_name'];
157	$var->phone = $order['phone'];
158	$var->bill_street = $order['bill_street'];
159	$var->bill_city = $order['bill_city'];
160	$var->bill_state = $order['bill_state'];
161	$var->bill_zip = $order['bill_zip'];
162	$var->bill_country = $order['bill_country'];
163	$var->ship_street = $order['ship_street'];
164	$var->ship_city = $order['ship_city'];
165	$var->ship_state = $order['ship_state'];
166	$var->ship_zip = $order['ship_zip'];
167	$var->ship_country = $order['ship_country'];
168	$var->notes = $order['notes'];
169	$var->emaillist = !empty($order['emaillist']) ? 'yes' : 'no';
170	$var->memberme = !empty($order['memberme']) ? 'yes' : 'no';
171	$var->delivery_type = $order['delivery_type'];
172	if ($order['payment_type'] != 'i_will_mail_my_payment' && $order['payment_type'] != 'contact_me_about_my_order') {
173	$var->payment_info = " " . strtoupper($order['payment_type']) . " credit card\n";
174	$var->payment_info .= " Cardholder: " . $cc['cc_name'] . "\n";
175	$var->payment_info .= " " . chop_ccnum($cc['cc_number']) . "\n";
176	$var->payment_info .= " Expires: " . $cc['cc_expiry'];
177	} else {
178	$var->payment_info = " " . $order['payment_type'];
179	}
180	$var->date = $order['date'];
181	$var->orderid = $order['order_id'];
182	$var->newstatus = $new_status;
183	$var->oldstatus = $old_status;
184
185	$emailbody = wordwrap(read_template($CFG->templatedir . '/order_status_emailbody.ihtml', $var));
186
187	mail("{$order['first_name']} {$order['last_name']} <{$order['email']}>",
188	$TXT->emailsubject_order_status_change . " $var->orderid - $var->newstatus",
189	$emailbody,
190	"From: $CFG->site_name <$CFG->site_email>\r\n");
191	}
192	// This is a valid order
193	return true;
194	}
195
196	return false;
197	}
198
199	/**
200	* Increments or decrements the catalog for items in an order, based on the quantities
201	* in that order. $polarity determines which way to go. Polarity values can be
202	* "+" for increasing the item quantities and thus showing them in the catalog,
203	* or "-" to subtract them from the catalog.
204	*
205	* @param int $order_id the id of the order that we change quantities for
206	* @param char $polarity '+' or '-' to increase or decrease inventory.
207	*
208	* @return bool true if quantity acualization goes through
209	* false if not enough inventory for an order
210	* true if polarity is '=' (don't know when this will happen)
211	* false if polarity is unknown.
212	*/
213	function actualizeOrderItems($order_id, $polarity='')
214	{
215	if ($polarity == '+' \|\| $polarity == '-') {
216	$qid = dbQuery("SELECT product_id, qty as order_qty FROM order_items_tbl WHERE order_id = " . mysql_real_escape_string($order_id));
217	/* First we make sure each item is in stock in adequate quantities. */
218	while ($order_item = mysql_fetch_assoc($qid)) {
219	$product_id =& $order_item['product_id'];
220	$qid_p = dbQuery("SELECT qty_in_stock FROM product_tbl WHERE product_id = '$product_id'");
221	$product = mysql_fetch_assoc($qid_p);
222	if ($polarity == '+') {
223	$new_qty[$product_id] = $product['qty_in_stock'] + $order_item['order_qty'];
224	} else if ($polarity == '-') {
225	$new_qty[$product_id] = $product['qty_in_stock'] - $order_item['order_qty'];
226	}
227	if ($new_qty[$product_id] < 0) {
228	$errormsg .= sprintf(_("Item <strong>%s</strong> in order number <strong>%s</strong> is no longer available in that quantity. There are %s available and the order is for %s items."), $product_id, $order_id, $product['qty_in_stock'], $order_item['order_qty']);
229	}
230	}
231
232	if (empty($errormsg)) {
233	/* We have enough quantities, so we go ahead and make the database changes. */
234	foreach ($new_qty as $product_id=>$qty) {
235	dbQuery("
236	UPDATE product_tbl
237	SET qty_in_stock = '$qty'
238	WHERE product_id = '$product_id'
239	");
240	}
241	return true;
242	} else {
243	/* Not enough of something in stock, we don't touch any quantities in the database.
244	* We should now cancel the order and print an alert that there are not enough items available */
245	raiseMsg($errormsg, MSG_WARNING, __FILE__, __LINE__);
246	return false;
247	}
248	} else if ($polarity == '=') {
249	return true;
250	} else {
251	return false;
252	}
253	}
254
255	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/1.1dev/lib/OrderStatus.inc.php

Download in other formats: