One Hat Cyber Team
Your IP :
216.73.216.152
Server IP :
27.254.111.200
Server :
Linux wh-sh59.csloxinfo.com 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64
Server Software :
Apache
PHP Version :
5.5.38
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
var
/
www
/
vhosts
/
oakwine.co.th
/
httpdocs
/
controller
/
Edit File:
order_shopController.php
<?php SYS::DOMAIN("Product"); SYS::DOMAIN("Order_shop"); $action = isset($_GET["action"]) ? $_GET["action"] : null ; switch ($action) { /*case "save" : if($_FILES["paySlip"]["name"] != ""){ is_dir(CREATELINK::FILE("Order_shop")) ? null : mkdir(CREATELINK::FILE("Order_shop"),0777); is_dir(CREATELINK::FILE("Order_shop/paySlip")) ? null : mkdir(CREATELINK::FILE("Order_shop/paySlip"),0777); if(is_file(CREATELINK::FILE("Order_shop/paySlip/$_FILES[paySlip][name]"))){ $list = explode(".",$_FILES["paySlip"]["name"]); $fileName = $list[0]."_".date("U").".".$list[1]; }else{ $fileName = $_FILES["paySlip"]["name"]; } move_uploaded_file($_FILES["paySlip"]["tmp_name"],CREATELINK::FILE("Order_shop/paySlip/$fileName")); $_POST["paySlip"] = $fileName; } $order_shopInstance = new Order_shop(); $excute = $order_shopInstance->save($_POST); if($excute) { $order_shopInstance->lastRow(); header("location:?page=Order_shop/show&id=$order_shopInstance->id"); } break;*/ case "update" : $order_shopInstance = new Order_shop(); $order_shopInstance->get($_GET["id"]); $excute = $order_shopInstance->update($_POST); if($excute) { if (isset($_GET['stock'])){ checkStock($_GET['id']); } header("location:?page=Order_shop/show&id=$order_shopInstance->id"); } break; case "delete" : $order_shopInstance = new Order_shop(); $order_shopInstance->get($_GET["id"]); $excute = $order_shopInstance->delete(); if($excute) { $sql = "DELETE FROM Order_detail WHERE orderShop_id='".$_GET["id"]."'"; $excute = mysql_query($sql); header("location:?page=Order_shop/list"); } break; case "findorder" : $order_shopInstance = new Order_shop(); $condition='1'; if (isset($_GET['bill'])){ $condition = "id='".$_GET['bill']."' AND member_id='".$_SESSION['member']['id']."'"; }else if (isset($_POST)){ $condition = "code='".$_POST['code']."' AND email='".$_POST['email']."'"; } $order_shopInstance->find(array("condition"=>$condition)); if($order_shopInstance->id) { $excute = mysql_query($sql); header("location:?page=Order_shop/orderDetail&act=".$order_shopInstance->link); }else{ $_SESSION['error']['notfound'] = '<h4><i class="fa fa-warning"></i> Data not found!</h4>'; header("location:?page=Order_shop/orderList&error=notfound"); } break; case "addressSend" : if (isset($_SESSION['addressSend'])){ unset($_SESSION['addressSend']); } $_SESSION['addressSend'] = $_POST; header("location:?page=Order_shop/confirm"); break; case "confirmOrder" : $stock = true; $totalPrice = 0; $totalTax = 0; $totalNum = 0; $productInstance = new Product(); $order_shopInstance = new Order_shop(); foreach($_SESSION['cart'] as $products){ $productInstance->get($products["id"]); if ($products['num']>$productInstance->stock){ $_SESSION['cart'][$products["id"]]['num'] = $productInstance->stock; $stock = false; } $totalNum+=$products['num']; $totalPrice+=$products['price']*$products['num']; //$totalTax+= $products['send']*$products['num']; } //$vat = $totalPrice*0.07; $totalTax = $totalNum>5 ? 0 : 100; $totalPrice = $totalPrice; if ($stock){ $_POST['cashDel']= isset($_POST['cashDel']) ? $_POST['cashDel'] : "No"; $_POST['amount']=$totalNum; $_POST['total']=($totalPrice); $_POST['tax']=($totalTax); //$_POST['vat']=($vat); $_POST['eventData']=date("Y-m-d"); $_POST['member_id']=isset($_SESSION['member']['id']) ? $_SESSION['member']['id'] : null; if ($_POST['cashDel']=='Yes'){$_POST['status']=1;} $excute = $order_shopInstance->save($_POST); if($excute) { $order_shopInstance->lastRow(); $code = sprintf("%05d", $order_shopInstance->id)."".date("m")."".date("Y"); $link = md5($code); $order_shopInstance->update(array("code"=>$code, "link"=>$link)); unset($_POST); $sql = "INSERT INTO Order_detail (quantity, send, price, product_id, orderShop_id) VALUES "; $munti=""; foreach($_SESSION['cart'] as $products){ $sql.= $munti."('".$products["num"]."', '".$products["send"]."', '".$products["price"]."', '".$products["id"]."', '".$order_shopInstance->id."') "; //$sql.= $munti."('".$products["num"]."', '".$products["send"]."', '".$products["price"]."', '".$products["id"]."', '5') "; $munti=","; } mysql_query($sql); } $order_shopInstance->get($order_shopInstance->id); include_once("view/ContactUs/localMap.php"); include_once("view/Order_shop/orderTable.php"); /*include_once('src/function/mimemail.php'); $mail = new MIMEMAIL("HTML"); $mail->senderName = "WINEDD THAILAND";//$map['title']; $mail->senderMail = $map['emailReader'];//"wineddth@wineddthailand.com";//$map['emailReader']; $mail->bcc = $map['emailReader']; //$mail->senderMail = "kanapol0088@gmail.com"; //$mail->bcc = "kanapol0088@gmail.com"; $mail->subject = "Detail Ordering No. ".$order_shopInstance->code; $strMass = orderTable($order_shopInstance->id); $strMass.="คุณสามารถเข้าไปส่งหลักฐานการชำระเงินได้ที่เมนู <a href='".$_SERVER['HTTP_HOST']."/index.php?page=Order_shop/orderList' target='_bank'>ORDER HISTORY</a> โดยระบุเลขที่ใบสั่งซื้อและอีเมล์ที่ใช้สั่งซื้อ ให้ถูกต้อง<br>หรือ "; $strMass.="Click => <a href='".$_SERVER['HTTP_HOST']."/index.php?page=Order_shop/orderDetail&act=".$order_shopInstance->link."' target='_bank'>Link</a>"; $mail->body = $strMass; $mail->create(); $recipients = $order_shopInstance->email; if(!$mail->send($recipients)) echo $mail->error;*/ $subject = "Detail Ordering No. ".$order_shopInstance->code; $strMass = orderTable($order_shopInstance->id); $strMass.="คุณสามารถเข้าไปส่งหลักฐานการชำระเงินได้ที่เมนู <a href='".$_SERVER['HTTP_HOST']."/index.php?page=Order_shop/orderList' target='_bank'>ORDER HISTORY</a> โดยระบุเลขที่ใบสั่งซื้อและอีเมล์ที่ใช้สั่งซื้อ ให้ถูกต้อง<br>หรือ "; $strMass.="Click => <a href='".$_SERVER['HTTP_HOST']."/index.php?page=Order_shop/orderDetail&act=".$order_shopInstance->link."' target='_bank'>Link</a>"; //$headers = "From: "\r\n"; //$headers .= "Reply-To: ". strip_tags($map['emailReader']) . "\r\n"; //$headers = "From: kanaphol.a@gmail.com\r\n"; //$headers .= "Reply-To: kanaphol.a@gmail.com\r\n"; //$headers = "Cc: kanaphol.a@gmail.com". '\r\n'; $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=UTF-8\r\n"; // @mail('kanaphol.a@gmail.com, w_khunawat@hotmail.com, kanaphol@sut.ac.th', $subject, $strMass, $headers); @mail('wineddthailand@hotmail.com, order.wineddthailand@gmail.com, w_khunawat@hotmail.com', $subject, $strMass, $headers); //@mail($order_shopInstance->email.', '.$map['emailReader'], $subject, $strMass, $headers); unset($_SESSION['cart']); unset($_SESSION['addressSend']); echo '<script language="javascript">window.location.href = "?page=Order_shop/orderDetail&act='.$order_shopInstance->link.'"</script>'; }else{ } break; case "pay" : //$_POST["paySlip"] = null; if($_FILES["paySlip"]["name"] != ""){ is_dir(CREATELINK::FILE("Order_shop")) ? null : mkdir(CREATELINK::FILE("Order_shop"),0777); is_dir(CREATELINK::FILE("Order_shop/paySlip")) ? null : mkdir(CREATELINK::FILE("Order_shop/paySlip"),0777); $list = explode(".",$_FILES["paySlip"]["name"]); $fileName = $list[0]."_".date("U").".".$list[1]; move_uploaded_file($_FILES["paySlip"]["tmp_name"],"src/file/Order_shop/paySlip/$fileName"); $_POST["paySlip"] = $fileName; } $_POST["status"] = $_POST["paySlip"]!="" ? 1 : null; $order_shopInstance = new Order_shop(); $order_shopInstance->get($_GET["id"]); $excute = $order_shopInstance->update($_POST); if($excute) { echo '<script language="javascript">alert("บันทึกข้อมูลการชำระเงินเรียบร้อยแล้ว");window.location.href = "?page=Order_shop/orderDetail&act='.$order_shopInstance->link.'"</script>'; } break; } function checkStock($orderId){ $order_shopInstance = new Order_shop(); $order_shopInstance->get($_GET["id"]); foreach($order_shopInstance->instance("orderDetail") as $productInstance){ $product = new Product(); $product->get($productInstance->product_id); $product->update(array("stock"=>($product->stock-$productInstance->quantity))); } } ?>
Simpan