File Source for order.phpinc

<?php
/** ##################################
*
* project: DOMINO
* class: shop/order.php
*
* (c) 2003 by Landesverlag Unternehmensservice
* p.krebs@lvus.at
*
* ##################################
**/
session_start();
// initialization:
if (!isset($_GET['cmd'])) $_GET['cmd']="";
if (!isset($_SESSION['USER_ID'])) $_SESSION['USER_ID']=0;
if (!isset($_SESSION['BASKET'])) $_SESSION['BASKET']="";
if (!isset($_SESSION['BAS_ID'])) $_SESSION['BAS_ID']=0;
unset($SEC_REQ);
if (intval($_GET['WITHLOGIN'])) {
$SEC_REQ['PUBLIC']=FALSE;
} else {
$SEC_REQ['PUBLIC']=(intval($_SESSION['USER_ID']) ? FALSE :TRUE);
}
$SEC_REQ['DBCONN']=TRUE;
include $PROJECT['PHPINCPATH']."user/checkuser.phpinc";
// if ($_SERVER['REMOTE_ADDR']=="10.8.8.22") $GLOBALS['DEBUGMODE']=TRUE;
if (intval($_SESSION['USER_ID'])) {
if ((!intval($_SESSION['BAS_ID'])) && (intval($_POST['CREATENEWBASKET']) || intval($_GET['CREATENEWBASKET']))) {
$bas_arr = array();
$bas_arr['USR_ID'] = $_SESSION['USER_ID'];
$bas_arr['CLI_ID'] = $client['CLI_ID'];
require_once $GLOBALS['PHPINCPATH']."common/pcf_Date.phpclass";
$aDate = new pcf_Date();
$bas_arr['BAS_NAME'] ="WK ".$aDate->dateStr();
$bas_arr['BAS_CREATEDATE']=$aDate->getMySqlTimeStamp();
$_SESSION['BAS_ID']=$USRDB->insertArray("T_BASKET",$bas_arr);
}
$query="SELECT c.* FROM T_CLI_CLIENT c, T_CLI_USER cu WHERE cu.USR_ID=".intval($_SESSION['USER_ID'])." AND c.CLI_ID=cu.CLI_ID";
if ($client=$USRDB->quickQuery($query)) {
reset($client);
while(list($key,$val)=each($client)) {
if (!isset($_POST['CLIENT'][$key])) {
$_POST['CLIENT'][$key]=$val;
}
}
} else {
$_POST['CLIENT']=array('CLI_ID'=>0);
}
$client=$_POST['CLIENT'];
} else {
if (is_array($_POST['CLIENT'])) {
$query ="SELECT * FROM T_CLI_CLIENT WHERE UPPER(IFNULL(CLI_NUMBER,'')) = UPPER('".str_replace("'","",$_POST['CLIENT']['CLI_NUMBER'])."')";
$query.=" AND SOUNDEX(CLI_NAME1) = SOUNDEX('".str_replace("'","\\'",$_POST['CLIENT']['CLI_NAME1'])."')";
$query.=" AND SOUNDEX(CLI_NAME2) = SOUNDEX('".str_replace("'","\\'",$_POST['CLIENT']['CLI_NAME2'])."')";
if ($client=$USRDB->quickQuery($query)) {
reset($client);
while(list($key,$val)=each($client)) {
if (!isset($_POST['CLIENT'][$key])) {
$_POST['CLIENT'][$key]=$val;
}
}
} else {
$client=$_POST['CLIENT'];
}
} else {
$client=array('CLI_ID'=>0);
}
}
$bas_items=array();$found=FALSE;
if (is_array($_POST['ITEM'])) {
while(list($key,$val)=each($_POST['ITEM'])) {
if (intval($val['BIT_QUANT'])) {
$bas_items[$key]=$val;
$found=TRUE;
}
}
}
if (!$found) {
$message="Keine Daten! - Ihr Warenkorb ist leer oder eine Übertragung der Daten war nicht möglich";
include $PROJECT['PHPINCPATH']."io/message.phpinc";
include $PROJECT['PHPINCPATH']."io/goback.phpinc";
exit();
}
if (intval($_SESSION['BAS_ID'])) {
$cmd="DELETE FROM T_BASKET_ITEM WHERE BAS_ID=".intval($_SESSION['BAS_ID']);
$USRDB->executeCmd($cmd);
reset($bas_items);$insArr=array();
$posNr=1;
while(list($key,$val)=each($bas_items)) {
if ($GLOBALS['DEBUGMODE']) {echo "<pre>Pos.: ".$posNr++."\n";print_r($val);"</pre>";}
$val['BAS_ID']=intval($_SESSION['BAS_ID']);
if (intval($val['BIT_QUANT'])) {
if ($key=$USRDB->insertArray("T_BASKET_ITEM",$val,$GLOBALS['DEBUGMODE'])) {
$insArr[$key]=$val;
}
}
}
$bas_items=$insArr;
if (!empty($_POST['BAS_NAME'])) {
$cmd="UPDATE T_BASKET SET BAS_NAME=".DB_getSlashedValue($_POST['BAS_NAME']);
$USRDB->executeCmd($cmd);
}
}
if (empty($_SESSION['UNIQUEKEY'])) {
$_SESSION['UNIQUEKEY']=substr(base64_encode(time().$_SESSION['UNIQUE_ID']),0,16);
}
if ($bas_items) $_SESSION['BASKET']=base64_encode(serialize($bas_items));
?>

Source for file order.phpinc