query("SELECT * FROM Users WHERE ID = '$_SESSION[userid]'");
$db->next_record();
if ($db->field("Enabled") == "YES"){
$action = "step3";
} else {
$action = "disallowed";
}
}
if ($action == "login"){
$db->query("SELECT * FROM Users WHERE EmailAddress = '{$_SAFE[username]}' AND Password = '{$_SAFE[password]}'");
if ($db->recordcount() > 0){
$db->next_record();
$_SESSION[forename] = $db->field("Forename");
$_SESSION[username] = $_SAFE[username];
$_SESSION[password] = $_SAFE[password];
$_SESSION[userid] = $db->field("ID");
if ($db->field("Enabled") == "YES"){
$db->query("UPDATE Users SET LastActive = '".gmmktime()."' WHERE ID = '{$_SESSION[userid]}'");
$_SESSION[lastactive] = gmmktime();
$_SESSION[loggedin] = $siteid;
$action = "step3";
} else {
$userid = $db->field("ID");
$db->query("UPDATE Users SET LastActive = '".gmmktime()."' WHERE ID = '{$_SESSION[userid]}'");
$_SESSION[loggedin] = $siteid;
$_SESSION[lastactive] = gmmktime();
$action = "disallowed";
}
} else {
$db->query("SELECT * FROM Users WHERE EmailAddress = '{$_SAFE[username]}'");
if ($db->recordcount() > 0){
$error = "".lang(1).".";
} else {
$error = "".lang(2).".";
}
}
$pagetitle = lang(65);
$content = $error == "" ? "" : "".$error."
".lang(57)." ".lang(61).".
";
}
if ($action == "step2"){
$sql = "SELECT * FROM Users WHERE EmailAddress = '{$_SAFE[fld_email]}'";
$db->query($sql);
if ($db->recordcount() > 0){
$error = lang(62).",
".lang(57)." ".lang(59).".";
$action = "step1";
} else {
if (isvalidemail($_SAFE[fld_email])){
if ($_SAFE[fld_password] == $_SAFE[fld_confirmpassword]){
if ($_SAFE[fld_countryid] != "" && $_SAFE[fld_countryid] != 0){
$countryid = $_SAFE[fld_bcountryid];
$sql = "INSERT INTO Users (Title, Forename, Surname, EmailAddress, Telephone, Fax, Password, Country, Enabled, HowHeard, IfOther) ".
" VALUES ('".$_SAFE[fld_title]."','".$_SAFE[fld_forename]."','".$_SAFE[fld_surname]."'".
",'".$_SAFE[fld_email]."','".$_SAFE[fld_telephone]."','".$_SAFE[fld_fax]."','".$_SAFE[fld_password]."','".$_SAFE[fld_countryid]."','YES','".$_SAFE[fld_howheard]."','".$_SAFE[fld_ifother]."')";
$db->query($sql);
$_SESSION[userid] = $db->lastid();
$sql = "INSERT INTO UserAddresses (UserID, Address1, Address2, Address3, TownCity".
", Postcode, County, Type) VALUES ('".$_SESSION[userid]."','".$_SAFE[fld_baddress1]."','".$_SAFE[fld_baddress2]."',".
"'".$_SAFE[fld_baddress3]."','".$_SAFE[fld_btowncity]."','".$_SAFE[fld_bpostcode]."','".$_SAFE[fld_bcounty]."','Billing')";
$db->query($sql);
if ($_SAFE[fld_address1] == ""){
$fld_address1 = $_SAFE[fld_baddress1];
$fld_address2 = $_SAFE[fld_baddress2];
$fld_address3 = $_SAFE[fld_baddress3];
$fld_towncity = $_SAFE[fld_btowncity];
$fld_postcode = $_SAFE[fld_bpostcode];
$fld_county = $_SAFE[fld_bcounty];
} else {
$fld_address1 = $_SAFE[fld_address1];
$fld_address2 = $_SAFE[fld_address2];
$fld_address3 = $_SAFE[fld_address3];
$fld_towncity = $_SAFE[fld_towncity];
$fld_postcode = $_SAFE[fld_postcode];
$fld_county = $_SAFE[fld_county];
}
$sql = "INSERT INTO UserAddresses (UserID, Address1, Address2, Address3, TownCity".
", Postcode, County, Type) VALUES ('".$_SESSION[userid]."','".$fld_address1."','".$fld_address2."',".
"'".$fld_address3."','".$fld_towncity."','".$fld_postcode."','".$fld_county."','Delivery')";
$db->query($sql);
$action = "step3";
$_SESSION[loggedin] = true;
} else {
$error = "".lang(3).".";
$action = "step1";
}
} else {
$error = "".lang(4).".";
$action = "step1";
}
} else {
$error = "".lang(5).".";
$action = "step1";
}
}
}
if ($action == "step3"){
if ($_SESSION[loggedin]){
$db->query("SELECT * FROM Users WHERE ID = '".$_SESSION[userid]."'");
$db->next_record();
$fld_username = $db->field("EmailAddress");
$fld_title = $db->field("Title");
$fld_forename = $db->field("Forename");
$fld_surname = $db->field("Surname");
$fld_tel = $db->field("Telephone");
$fld_fax = $db->field("Fax");
$fld_country = $db->field("Country");
if ($fld_country != "" && $fld_country != 0){
$db->query("SELECT * FROM UserAddresses WHERE UserID = '".$_SESSION[userid]."' AND Type = 'Billing'");
$db->next_record();
$fld_address1 = $db->field("Address1");
$fld_address2 = $db->field("Address2");
$fld_address3 = $db->field("Address3");
$fld_towncity = $db->field("TownCity");
$fld_county = $db->field("County");
$fld_postcode = $db->field("Postcode");
$db->query("SELECT * FROM UserAddresses WHERE UserID = '".$_SESSION[userid]."' AND Type = 'Delivery'");
$db->next_record();
$fld_daddress1 = $db->field("Address1");
$fld_daddress2 = $db->field("Address2");
$fld_daddress3 = $db->field("Address3");
$fld_dtowncity = $db->field("TownCity");
$fld_dcounty = $db->field("County");
$fld_dpostcode = $db->field("Postcode");
$db->query("UPDATE Basket SET UserID = '".$_SESSION[userid]."', CountryID = '".$fld_country."' WHERE SessionID = '".$sessionid."'");
$db->query("SELECT * FROM Basket WHERE SessionID = '".$sessionid."' AND UserID = '".$_SESSION[userid]."'");
$db->next_record();
$t_basketid = $db->field("ID");
$orderid = $db->field("OrderID");
$discountid = $db->field("DiscountID");
$countryid = $db->field("CountryID");
$db->query("SELECT Regions.CDBase$cid, Regions.CDPerItem$cid, Regions.VinylBase$cid, Regions.VinylPerItem$cid FROM Countries LEFT JOIN Regions ON Countries.RegionID = Regions.ID WHERE Countries.ID = '".$countryid."'");
$db->next_record();
/*
$dcost = $db->field("ShippingBase$cid");
$dcost_peritem = $db->field("ShippingPerItem$cid");
*/
$d_cost['CD'] = $db->field("CDBase$cid");
$d_cost_peritem['CD'] = $db->field("CDPerItem$cid");
$d_cost['Vinyl'] = $db->field("VinylBase$cid");
$d_cost_peritem['Vinyl'] = $db->field("VinylPerItem$cid");
// $dcost[CD]
// $dcost[Vinyl]
// echo $countryid;
if ($orderid == 0){
$sql = "INSERT INTO Orders (UserID, Status, DateTime, SessionID, BasketID, DiscountID, CountryID, CurrencyID) VALUES ".
"('".$_SESSION[userid]."','INPROGRESS','".gmmktime()."','".$sessionid."','".$t_basketid."','".$discountid."','".$countryid."','$cid')";
$db->query($sql);
$orderid = $db->lastid();
$db->query("UPDATE Basket SET OrderID = '".$orderid."' WHERE ID = '".$t_basketid."'");
}
$db->query("UPDATE Orders SET DiscountID = '$discountid' WHERE ID = '$orderid'");
if ($discountid <> 0){
$db->query("SELECT * FROM Discounts WHERE ID = '".$discountid."'");
$db->next_record();
$d_value = $db->field("Value");
$d_valuelabel = 100 * $d_value;
$d_code = $db->field("Code");
$d_sections = explode(",",$db->field("SectionID"));
$d_label = $db->field("Label");
}
$dcost = 0;
$count['CD'] = 0;
$count['Vinyl'] = 0;
$db->query("SELECT * FROM Orders WHERE ID = '".$orderid."'");
$db->next_record();
if ($db->field("Status") != "Sent"){
$totalamount = 0;
$db->query("DELETE FROM OrderLines WHERE OrderParent = '".$orderid."'");
$db->query("SELECT * FROM BasketLines WHERE BasketID = '".$t_basketid."'");
while ($db->next_record()){
$productid = $db->field("ProductID");
if ($productid > 0){
$db3->query("SELECT Price1, Price2, Licensing, Format, SectionID FROM Products WHERE Products.ID = '$productid'");
$db3->next_record();
// $p_price = $db3->field("Price") - $bundlediscount;
$p_price = ($db3->field("Licensing") == "UK") ? $db3->field("Price1") : $db3->field("Price2");
$p_csign = ($db3->field("Licensing") == "UK") ? "£" : '$';
$p_format = $db3->field("Format");
$gbpprice = $db3->field("Price1") > 0 ? $db3->field("Price1") : cex($db3->field("Price2"));
$usdprice = $db3->field("Price2") > 0 ? $db3->field("Price2") : cex($db3->field("Price1"),"USD");
if (count($d_sections) == 0 || in_array($db3->field("SectionID"),$d_sections)){
// if ($d_sectionid == $db3->field("SectionID") || $d_sectionid == 0){ // if the current product section matches the discount section, OR if the discount section is 0 (ie: all sections)
if ($cid == 1){
$d_saving = round($gbpprice * $d_value,2);
} else {
$d_saving = round($usdprice * $d_value,2);
}
} else {
$d_saving = 0;
}
$b_price = $gbpprice;
// check format here.
$d_savingtotal += $d_saving;
$count[$p_format]++;
if ($count[$p_format] == 1) $dcost += $d_cost[$p_format]; // append 'per item' base cost, only if first item.
$dcost += $d_cost_peritem[$p_format]; // append dynamic 'per item' cost.
$totalamount += ($cid == 1) ? $gbpprice : $usdprice;
}
$sql = "INSERT INTO OrderLines (SessionID,OrderParent,ProductID,Price,Licensing) VALUES ".
"('".$sessionid."','".$orderid."','".$db->field("ProductID")."','".$p_price."','".$db3->field("Licensing")."');";
$db2->query($sql);
}
// $dcost = 0;
$db->query("UPDATE Orders SET OrderValue = '".$totalamount."', DiscountValue = '".$d_savingtotal."', DeliveryCost = '".$dcost."', DeliveryInstructions = '".$fld_instructions."', DeliveryOption = '".$fld_deliveryoption."', CurrencyID = '$cid' WHERE ID = '".$orderid."'"); //shippingmod
$totalamount += $dcost; //shippingmod
$pagetitle = "Checkout";
$selected[1] = $fld_deliveryoption == 1 ? " selected" : "";
$selected[2] = $fld_deliveryoption == 2 ? " selected" : "";
$selected[3] = $fld_deliveryoption == 3 ? " selected" : "";
$selected[4] = $fld_deliveryoption == 4 ? " selected" : "";
$content = "
".lang(67)." ".lang(66)."
";
$sql = "SELECT * FROM Orders WHERE ID = '$orderid'";
$db->query($sql);
$db->next_record();
$discountid = $db->field("DiscountID");
$ordervalue = $db->field("OrderValue");
$discountvalue = $db->field("DiscountValue");
$deliverycost = $db->field("DeliveryCost");
$totalvalue = $ordervalue - $discountvalue + $deliverycost;
$db->query("SELECT * FROM Discounts WHERE ID = '$discountid'");
if ($db->recordcount() > 0){
$discountrow = "
Discount : -$csign".number_format($discountvalue,2,'.','');
};
$sql = "SELECT * FROM OrderLines WHERE OrderParent = '$orderid'";
$db2->query($sql);
$deliveryaddress = "
Delivery Address :
$fld_daddress1
$fld_daddress2
$fld_dtowncity
$fld_dcounty
$fld_dpostcode";
$orderdetail = "
Order Details :";
while ($db2->next_record()){
$productid = $db2->field("ProductID");
$vcodeid = $db2->field("CodeID");
$ol_price = $db2->field("Price");
$ol_csign = ($db2->field("Licensing") == "UK") ? "£" : '$';
if ($productid > 0){
$db3->query("SELECT Products.ID, Products.Price1, Products.Price2, Products.Licensing, Products.Format, Artists.Forename, Artists.Surname, Artists.Band, Products.Title, Products.CatalogueNumber FROM Products
INNER JOIN Artists WHERE Products.ArtistID = Artists.ID AND Products.ID = '$productid'");
$db3->next_record();
$p_artist = $db3->field("Band") == "" ? $db3->field("Forename")." ".$db3->field("Surname") : $db3->field("Band");
$p_title = $db3->field("Title");
$p_format = $db3->field("Format");
// $p_price = $db3->field("Price") + $bundlediscount;
$p_catalogueno = $db3->field("CatalogueNumber");
$orderdetail .= "
Product : $p_artist - $p_title ($p_catalogueno) - $p_format
Price : $ol_csign$ol_price
";
}
}
$callback = "http://www.funkytowngrooves.com/callback.php";
$subject = lang(9).": #$orderid";
// Temporarily Disabled
$lang_6.
$lang_7.
".lang(9)."
============================================================
$subject
============================================================
Your Order ID : $orderid
Name : $fld_title $fld_forename $fld_surname
Email Address : $fld_username
Address 1 : $fld_address1
Address 2 : $fld_address2
Town / City : $fld_towncity
County : $fld_county
Postcode : $fld_postcode
$deliveryaddress
Telephone : $fld_tel
Mobile : $fld_fax
Cost in GBP : ".$csign.number_format($ordervalue,2,'.','')."$discountrow
Shipping : ".$csign.number_format($deliverycost,2,'.','')."
Total Amount : ".$csign.number_format($totalvalue,2,'.','')."
$giftwrapping2
$orderdetail
============================================================
".lang(27)."
$actionform
";
} else {
$content = "".lang(28)." ".lang(29)." ".lang(30)." ".lang(69).".
".lang(70)." '".ucwords(lang(55))." '.
".lang(71).".$userid
";
}
if ($action == ""){
$errormsg = $error == "" ? "" : "".$error."
$s_name
$content
";
include ("template.php");
?> 
