MOON
Server: Apache
System: Linux ip-208-109-13-31.ip.secureserver.net 3.10.0-1160.119.1.el7.tuxcare.els4.x86_64 #1 SMP Sat Aug 31 06:58:57 UTC 2024 x86_64
User: durgeshpandey215 (1013)
PHP: 8.1.29
Disabled: NONE
$ pwd: /home/durgeshpandey215/www/zeeroprice.skilladders.com/
Upload Files
File: /home/durgeshpandey215/www/zeeroprice.skilladders.com/addtocart.php
<? require_once "application_top.php"; 
require "protect.php";
//add item in shopping cart
//request coming from product.php page form and ajax_showprice.php form
if(isset($_POST["type"]) && $_POST["type"]=='add')
{
	$pid = filter_var(decode($_POST["pid"]), FILTER_SANITIZE_NUMBER_INT); //product pid
	if(isset($_POST["qty"])){
	$qty = 1; //product qty
	}else{
	$qty=1;
	}
	$return_url = isset($_POST["return_url"])? decode($_POST["return_url"]):""; //return url
	//if customer has clicked zeeroprice special discounted buttton
	$orderid = isset($_POST['orderid'])? $_POST['orderid']:"";
	
	//Get details of item from db using product pid
	$db->where('pid',$pid);
	$db->where('isSold',0);
	$db->where('istatus',1);
	$rowp = $db->getOne('products');
	if($rowp){ //we have the product info 
		if(($rowp['qty']< $qty)||(!$qty)){
			if($rowp['qty']){
			$_SESSION['msg'] = "Could not added. Total quantity available is ".$rowp['qty'];
			}else{
			$_SESSION['msg'] = "Could not added selected item. It's out of stock. ".$rowp['qty'];
			}
			header('location:'.$_SERVER['HTTP_REFERER']);exit;
		}
		
	//customer cost check
	//if customer has clicked default MRP rate button 
	$customercost = $rowp['mrp'];
		
	if($orderid){ //check in pointstransaction table
		$db->where('userid',$_SESSION['useridsess']);
		$db->where('orderid',$orderid);
		$rowptr = $db->getOne('pointstransaction');
		if($rowptr){
		$customercost = $rowptr['reducedPrice'];
		}else{
			$_SESSION['msg'] = "Invalid access";
			header('location:'.$_SERVER['HTTP_REFERER']); exit;
		}
	}else{
		//this is when "Order @ original price" button
		
		$orderid = $rowp['sellerid'].date('YHis');
	}
	
	//Get user details
	$db->where('userid',$_SESSION['useridsess']);
	$rowu = $db->getOne('register');
	//if free coins user then show message only
	if(!$rowu['isPaid']){
		$_SESSION['msg'] = "To Order Products, you need to Purchase ZeeroPrice Points.";
		header('location:'.$_SERVER['HTTP_REFERER']); exit;
	}
	
	//sell product to gold coin user here after
	//check user balance 
	
	$usersgoldCoin = $rowu['points'];
	if($usersgoldCoin < $customercost ){
		$_SESSION['msg'] = "You have insufficient 'Zeeroprice Gold Coins' to complete the transaction. Please buy coins and try again.";
		header('location:wallet.php'); exit;
	}

//cut points from users wallet
$pointsRemain = $usersgoldCoin - $customercost;
$updateaArr = array(
'points' => $pointsRemain
);
$db->where('userid',$_SESSION['useridsess']);
if($db->update('register',$updateaArr)){
	//create Session
	$_SESSION['walletSess'] = $pointsRemain;
}

//change isSold to 1 where pid = this
	$updateArr = array('qty'=> 0,'isSold'=> 1);
	$db->where('pid',$pid);
	$db->update('products',$updateArr);
		
	//generate delivery code
	$otp = rand(00001,99999);

	//insert this transaction details with orderid
		$insertdata = array('otp'=>$otp,
		'orderid'=>$orderid, 
		'userid'=>$_SESSION['useridsess'], 
		'sellerid'=>$rowp['sellerid'], 
		'ititle'=>$rowp['ititle'], 
		'pid'=>$pid, 
		'qty'=>$qty, 
		'mrp'=>$rowp['mrp'],
		'minprice'=>$rowp['minprice'],
		'collectedprice'=>$rowp['collectedprice'],
		'customercost'=>$customercost,
		'returndays'=>$rowp['returndays'],
		'postedon'=>CURDATETIME,
		);
		$db->insert('orders_detail',$insertdata);
	
	//get seller details
	$db->where('userid',$rowp['sellerid']);
	$rowseller = $db->getOne('register');
	
	//email seller 
	$toemailid = $rowseller['emailid'];
	$subjecttosend = "Purchased product";
	$sendtoname = $rowseller['emailid'];
	$messagetosent = "Dear Seller.<br/>
	Customer have purchased (on ".CURDATETIME.") one of your products <br/>. <br/>
	Product Name: <b>".$rowp['ititle']."</b><br/>
	Selling price: <b>".currSign($rowp['currency']). $rowp['mrp']."</b><br/>
	Customer Cost: <b>".currSign($rowp['currency']). $customercost."</b><br/>	
	<br/>
	<a href='".HTTP_SERVER."emaillogin.php?id=".encode($rowseller['userid']."|".$rowseller['emailid'])."'>Click here to get in to your account </a>
	";
	if($toemailid){
	sendemail($toemailid,$subjecttosend,$messagetosent,$sendtoname,$successmesage="");
	}//echo $_SESSION['msg'];exit;
	
	$_SESSION['msg'] = "Thank you for purchase. We have emailed you the order details.";
	
	}else{
		$_SESSION['msg'] = "Product is not available.";
	}
	
	header('Location:myorders.php');
	exit;
}
header('location:'.$_SERVER['HTTP_REFERER']); exit;
?>
@ Telegram