0

I am trying to add pricing to an existing website database, but when I enter a price for an item, it removes it on its own.
Please assist me in finding the error? All the files and coding is that of a previous developer..

This is the only file with the price code i can find... The disp.php file...

<?php
   if (!isset($_GET['lim'])) {
      $_GET['lim'] = 0;
   } // end if

   if (isset($_GET['crit'])) {
      echo "<h2>Searching: ".stripslashes($_GET['crit'])."</h2>\n";
   } else {
      echo "<h2>".stripslashes(get_cate($_GET['Category']))."</h2>\n";
   } // end if

   if (isset($_GET['Item'])) {
      echo "<div style='background-color: #FFFFFF; position:relative;'>\n";

      $query = "SELECT * FROM prod WHERE plink='".$_GET['Category']."' AND ptitl='".$_GET['Item']."'";
      $result = mysql_query($query) 
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      if ($myrow = mysql_fetch_array($result)) {
         $path = "scripts/upload/img/";
         $file = "prod_".$myrow['pseqn'].".jpg";
         if (file_exists($path.$file)) {
            $img = "<a href='".$path.$file."' rel='prettyPhoto'><img src='".$path."tn_".$file."' border='0' alt='' /></a>";
         } else {
            $img = "<div style='background-color: #FFFFFF; height: 110px; margin-left: 10px; width: 110px;'></div>";
         } // end if

         if (isset($_SESSION['web_user_id'])) {
            $price = "R ".number_format($myrow['preta'], 6, '.', '')."<br />";
         }

         if (!empty($myrow['ppack'])) {
            $pp = $myrow['ppack']." per pack";
         } else {
            $pp = "";
         } // end if
         echo "
         <table border='0' cellpadding='0' cellspacing='0' width='100%'>
            <tr>
               <td align='center' height='130px' width='130px'>
                  ".$img."
               </td>
               <td valign='top'>
                  <div style='height: 130px; position:relative; text-align:left;'>
                     <h3>".$myrow['ptitl']."</h3>
                     <br />
                     ".$myrow['pdesc']."<br />
                     ".$price."
                     ".$pp."<br />
                     <div id='disp' style='bottom:10px; position:absolute; left: 10px;'>
                        Qty: <input id='i_qty' maxlength='3' name='i_qty' size='2' type='text' value='1' />
                        <a onclick=\"load_cart('Add',".$myrow['pseqn'].",document.getElementById('i_qty').value)\" style='cursor: pointer;'><img alt='' border='0' height='17px' src='images/add-to-cart.jpg' width='93px' /></a>
                     </div>
                     <div style='bottom:10px; position:absolute; right: 10px;'>
                        <a href='?page=Products&amp;Category=".urlencode($myrow['plink'])."' title=''>&gt; Back<!-- <img src='images/btn_back_acti.jpg' border='0' alt='' /> --></a>
                     </div>
                  </div>
               </td>
            </tr>
         </table>\n";
      } // end if

      echo "
      </div>\n";
   } else {
      if (isset($_GET['crit'])) {
         $where_sql = "ptitl LIKE '%".$_GET['crit']."%' OR pdesc LIKE '%".$_GET['crit']."%'";
      } else {
         $where_sql = "plink='".$_GET['Category']."'";
      } // end if

      $querys = "SELECT * FROM prod WHERE ".$where_sql;
      $results = mysql_query($querys)
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$querys</i>");
      $max_rec = mysql_num_rows($results);

      $query = "SELECT * FROM prod WHERE ".$where_sql." LIMIT ".$_GET['lim'].",5";
      $result = mysql_query($query) 
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      if ($myrow = mysql_fetch_array($result)) {
         $f = true;
         echo "<div style='background-color: #FFFFFF; position:relative;'>
         <table border='0' cellpadding='20' cellspacing='20' width='100%'>\n";
         do {
            if ($f) {
               $f=false;
            } else {
               echo "            <tr><td colspan='2'><hr style='margin: 10px;' /></td></tr>\n";
            } // end if

            $path = "scripts/upload/img/";
            $file = "prod_".$myrow['pseqn'].".jpg";
            if (file_exists($path.$file)) {
               $img = "<a href='".$path.$file."' rel='prettyPhoto'><img src='".$path."tn_".$file."' border='0' alt='' /></a>";
            } else {
               $img = "<div style='background-color: #FFFFFF; height: 110px; margin-left: 10px; width: 110px;'></div>";
            } // end if

            if (isset($_SESSION['web_user_id'])) {
               $price = "R".number_format($myrow['preta'], 6, '.', '')."<br />";
            }

            if (!empty($myrow['ppack'])) {
               $pp = $myrow['ppack']." per pack";
            } else {
               $pp = "";
            } // end if
            echo "
               <tr>
                  <td align='center' height='130px' width='130px'>
                     ".$img."
                  </td>
                  <td valign='top'>
                     <div style='height: 130px; position:relative; text-align:left;'>
                        <h3>".$myrow['ptitl']."</h3>
                        <br />
                        ".$myrow['pdesc']."<br />
                        ".$price."
                        ".$pp."<br />
                        <div style='bottom:10px; position:absolute; right: 10px;'>
                           <a href='?page=Products&amp;Category=".urlencode($myrow['plink'])."&amp;Item=".urlencode($myrow['ptitl'])."' title=''><img src='images/details.jpg' border='0' alt=''></a>
                        </div>
                     </div>
                  </td>
               </tr>\n";
         } while($myrow = mysql_fetch_array($result));

         echo "</table>
         </div>\n";
      } // end if

      // ---------------------- page nav -- start
      $nav = "            <div style='clear: both; text-align: center; width: 100%;'>\n";

      $calc = 0;
      $rec_num = 5;

      if (!empty($_GET['crit'])) {
         $nav_disp = "page=Products&amp;crit=".urlencode($_GET['crit']);
      } else {
         $nav_disp = "page=Products&amp;Category=".urlencode(stripslashes($_GET['Category']));
      } // end if

      if ($_GET['lim']!=0) {
         $_GET['lim'] = $_GET['lim'] - $rec_num;
         $nav.= "<a href=\"?".$nav_disp."&amp;lim=".$_GET['lim']."\" class='arrowLeft'>&lt; prev page</a> | ";
         $_GET['lim'] = $_GET['lim'] + $rec_num;
      } else {
         $nav.= " | ";
      } // end if

      $aot = 5;
      for ($nav_cnt=0;$nav_cnt<$aot;$nav_cnt++) {  // run $aot = {amount of times} only

         $calc = (($_GET['lim']/$rec_num)+($rec_num/2))-$aot;  // calculate if number is less than 0 default to 0
         $calc = ceil($calc);
         if ($calc<0)
            $calc = 0;

         $nav_dis = $nav_cnt + 1 + $calc;

         if ($_GET['lim']==(($nav_dis*$rec_num)-$rec_num)) {
            $nav.= "<a href=\"?".$nav_disp."&amp;lim=".(($nav_dis*$rec_num)-$rec_num)."\"> <font color='red'>".$nav_dis." Page </font></a> | ";
         } else {
            $nav.= "<a href=\"?".$nav_disp."&amp;lim=".(($nav_dis*$rec_num)-$rec_num)."\"> ".$nav_dis." Page </a> | ";
         } // end if

         if ($max_rec<=($rec_num*$nav_dis)) {
            break;
         } // end if
      } // end for

      $_GET['lim'] = $_GET['lim'] + $rec_num;
      if ($max_rec>$_GET['lim']) {
         $nav.= "<a href=\"?".$nav_disp."&amp;lim=".$_GET['lim']."\" class='arrowRight'>next page &gt;</a>";
      } // end if
      $_GET['lim'] = $_GET['lim'] - $rec_num;

      $nav.= "\n            </div>\n";
      // ---------------------- page nav -- end

      echo "<p style='padding: 10px;'>".$nav."</p>\n";
   } // end if
?>

Edited by Nick Evan: Fixed formatting

3
Contributors
16
Replies
17
Views
5 Years
Discussion Span
Last Post by INF-P
Featured Replies
  • 2

    Hi, jUst a friendly advice.. next time, enclose your codes with the [B][COLOR="Red"]code[/COLOR][/B] tag located on top of the editor. It is a lot easier to red codes this way.. Read More

2

Hi,

jUst a friendly advice.. next time, enclose your codes with the code tag located on top of the editor.

It is a lot easier to red codes this way..

Edited by veedeoo: n/a

Votes + Comments
0

HI

Noted, Thanks :). Will do in future..

Can anyone assist me with the pricing problem? Please? :)

<?php
if (!isset($_GET['lim'])) {
$_GET['lim'] = 0;
} // end if

if (isset($_GET['crit'])) {
echo "<h2>Searching: ".stripslashes($_GET['crit'])."</h2>\n";
} else {
echo "<h2>".stripslashes(get_cate($_GET['Category']))."</h2>\n";
} // end if

if (isset($_GET['Item'])) {
echo "<div style='background-color: #FFFFFF; position:relative;'>\n";

$query = "SELECT * FROM prod WHERE plink='".$_GET['Category']."' AND ptitl='".$_GET['Item']."'";
$result = mysql_query($query)
or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
if ($myrow = mysql_fetch_array($result)) {
$path = "scripts/upload/img/";
$file = "prod_".$myrow['pseqn'].".jpg";
if (file_exists($path.$file)) {
$img = "<a href='".$path.$file."' rel='prettyPhoto'><img src='".$path."tn_".$file."' border='0' alt='' /></a>";
} else {
$img = "<div style='background-color: #FFFFFF; height: 110px; margin-left: 10px; width: 110px;'></div>";
} // end if

if (isset($_SESSION['web_user_id'])) {
$price = "R ".number_format($myrow['preta'], 6, '.', '')."<br />";
}

if (!empty($myrow['ppack'])) {
$pp = $myrow['ppack']." per pack";
} else {
$pp = "";
} // end if
echo "
<table border='0' cellpadding='0' cellspacing='0' width='100%'>
<tr>
<td align='center' height='130px' width='130px'>
".$img."
</td>
<td valign='top'>
<div style='height: 130px; position:relative; text-align:left;'>
<h3>".$myrow['ptitl']."</h3>
<br />
".$myrow['pdesc']."<br />
".$price."
".$pp."<br />
<div id='disp' style='bottom:10px; position:absolute; left: 10px;'>
Qty: <input id='i_qty' maxlength='3' name='i_qty' size='2' type='text' value='1' />
<a onclick=\"load_cart('Add',".$myrow['pseqn'].",document.getElementById('i_qty').value)\" style='cursor: pointer;'><img alt='' border='0' height='17px' src='images/add-to-cart.jpg' width='93px' /></a>
</div>
<div style='bottom:10px; position:absolute; right: 10px;'>
<a href='?page=Products&amp;Category=".urlencode($myrow['plink'])."' title=''>&gt; Back<!-- <img src='images/btn_back_acti.jpg' border='0' alt='' /> --></a>
</div>
</div>
</td>
</tr>
</table>\n";
} // end if

echo "
</div>\n";
} else {
if (isset($_GET['crit'])) {
$where_sql = "ptitl LIKE '%".$_GET['crit']."%' OR pdesc LIKE '%".$_GET['crit']."%'";
} else {
$where_sql = "plink='".$_GET['Category']."'";
} // end if

$querys = "SELECT * FROM prod WHERE ".$where_sql;
$results = mysql_query($querys)
or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$querys</i>");
$max_rec = mysql_num_rows($results);

$query = "SELECT * FROM prod WHERE ".$where_sql." LIMIT ".$_GET['lim'].",5";
$result = mysql_query($query)
or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
if ($myrow = mysql_fetch_array($result)) {
$f = true;
echo "<div style='background-color: #FFFFFF; position:relative;'>
<table border='0' cellpadding='20' cellspacing='20' width='100%'>\n";
do {
if ($f) {
$f=false;
} else {
echo " <tr><td colspan='2'><hr style='margin: 10px;' /></td></tr>\n";
} // end if

$path = "scripts/upload/img/";
$file = "prod_".$myrow['pseqn'].".jpg";
if (file_exists($path.$file)) {
$img = "<a href='".$path.$file."' rel='prettyPhoto'><img src='".$path."tn_".$file."' border='0' alt='' /></a>";
} else {
$img = "<div style='background-color: #FFFFFF; height: 110px; margin-left: 10px; width: 110px;'></div>";
} // end if

if (isset($_SESSION['web_user_id'])) {
$price = "R".number_format($myrow['preta'], 6, '.', '')."<br />";
}

if (!empty($myrow['ppack'])) {
$pp = $myrow['ppack']." per pack";
} else {
$pp = "";
} // end if
echo "
<tr>
<td align='center' height='130px' width='130px'>
".$img."
</td>
<td valign='top'>
<div style='height: 130px; position:relative; text-align:left;'>
<h3>".$myrow['ptitl']."</h3>
<br />
".$myrow['pdesc']."<br />
".$price."
".$pp."<br />
<div style='bottom:10px; position:absolute; right: 10px;'>
<a href='?page=Products&amp;Category=".urlencode($myrow['plink'])."&amp;Item=".urlencode($myrow['ptitl'])."' title=''><img src='images/details.jpg' border='0' alt=''></a>
</div>
</div>
</td>
</tr>\n";
} while($myrow = mysql_fetch_array($result));

echo "</table>
</div>\n";
} // end if

// ---------------------- page nav -- start
$nav = " <div style='clear: both; text-align: center; width: 100%;'>\n";

$calc = 0;
$rec_num = 5;

if (!empty($_GET['crit'])) {
$nav_disp = "page=Products&amp;crit=".urlencode($_GET['crit']);
} else {
$nav_disp = "page=Products&amp;Category=".urlencode(stripslashes($_GET['Category']));
} // end if

if ($_GET['lim']!=0) {
$_GET['lim'] = $_GET['lim'] - $rec_num;
$nav.= "<a href=\"?".$nav_disp."&amp;lim=".$_GET['lim']."\" class='arrowLeft'>&lt; prev page</a> | ";
$_GET['lim'] = $_GET['lim'] + $rec_num;
} else {
$nav.= " | ";
} // end if

$aot = 5;
for ($nav_cnt=0;$nav_cnt<$aot;$nav_cnt++) { // run $aot = {amount of times} only

$calc = (($_GET['lim']/$rec_num)+($rec_num/2))-$aot; // calculate if number is less than 0 default to 0
$calc = ceil($calc);
if ($calc<0)
$calc = 0;

$nav_dis = $nav_cnt + 1 + $calc;

if ($_GET['lim']==(($nav_dis*$rec_num)-$rec_num)) {
$nav.= "<a href=\"?".$nav_disp."&amp;lim=".(($nav_dis*$rec_num)-$rec_num)."\"> <font color='red'>".$nav_dis." Page </font></a> | ";
} else {
$nav.= "<a href=\"?".$nav_disp."&amp;lim=".(($nav_dis*$rec_num)-$rec_num)."\"> ".$nav_dis." Page </a> | ";
} // end if

if ($max_rec<=($rec_num*$nav_dis)) {
break;
} // end if
} // end for

$_GET['lim'] = $_GET['lim'] + $rec_num;
if ($max_rec>$_GET['lim']) {
$nav.= "<a href=\"?".$nav_disp."&amp;lim=".$_GET['lim']."\" class='arrowRight'>next page &gt;</a>";
} // end if
$_GET['lim'] = $_GET['lim'] - $rec_num;

$nav.= "\n </div>\n";
// ---------------------- page nav -- end

echo "<p style='padding: 10px;'>".$nav."</p>\n";
} // end if
?> 

Edited by Dani: Fixed formatting

0

Now for the answer to your question. Your codes above is for product search query.. You need to look for something like INSERT , or UPDATE ..

Looking at the previous developer's coding pattern, it is more likely that his insert query would be something like this

$query = "INSERT *              ";

## or
$query = "UPDATE *              ";

scan your script files and find for those entries or better yet search for the database table's column for the price.

To make your life a lot easier, use NetBeans IDE, and then load your entire scripts as new project.., and then use the search function of the NetBeans while your script is loaded as project.

Edited by veedeoo: n/a

0

Hi..Could it be this page? Basket.php...

<h2>Shopping Cart</h2>
<?php
if (!isset($_SESSION['web_user_id'])) {
   include "scripts/user/login.php";
} else {
   $x = 0;
   $f = true;
   $tota = 0;
   echo "<div style='background-color: #EAEAEA; position:relative;'>
   <table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
   foreach ($_SESSION['aBasket'] as $val => $key) {
      $x++;
      $query = "SELECT * FROM prod WHERE pseqn='".$val."' ORDER BY ptitl";
      $result = mysql_query($query)
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      if ($myrow = mysql_fetch_array($result)) {
         if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
            if ($f) {
               $f=false;
            } else {
               echo "            <tr><td colspan='2'><hr style='margin: 10px;' /></td></tr>\n";
            } // end if
         } // end if

         $path = "scripts/upload/img/";
         $file = "tn_prod_".$myrow['pseqn'].".jpg";
         if (file_exists($path.$file)) {
            $img = "<img src='".$path.$file."' border='0' alt='' />";
         } else {
            $img = "<div style='background-color: #FFFFFF; height: 110px; margin-left: 10px; width: 110px;'></div>";
         } // end if

         if (!empty($myrow['ppack'])) {
            $pp = $myrow['ppack']." per pack";
         } else {
            $pp = "";
         } // end if
         $cost = explode("R",$myrow['ppric']);
         $cost = explode(",",trim($cost[1]));
         $cost = $cost[0].$cost[1].$cost[2];
         $cost = ($cost * $key);
         $tota = $tota + $cost;

         if (isset($_GET['Check'])) {
            $query = "INSERT INTO orders (ouser,oitem,o_qty,opric,oc_dt,oacti) VALUES ('".$_SESSION['web_user_id']."','".$val."','".$key."','".$cost."','".date("Y-m-d H:i:s")."',1)";
            $result = mysql_query($query) 
                       or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
         } // end if
         
         if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
            echo "
               <tr>
                  <td height='130px' width='130px'>
                     ".$img."
                  </td>
                  <td valign='top'>
                     <div style='height: 130px; position:relative;'>
                        <h3>".$myrow['ptitl']."</h3>
                        <br />
                        ".$myrow['pdesc']."<br />
                        ".$myrow['ppric']."<br />
                        ".$pp."<br />
                        <div style='bottom:10px; position:absolute; left: 10px;'>
                           Qty: <input maxlength='3' id='i_qty_".$x."' name='i_qty_".$x."' size='2' type='text' value='".$key."' />
                           <a href='#' onclick=\"edit_cart(".$myrow['pseqn'].",document.getElementById('i_qty_".$x."').value)\" style='cursor: pointer;'>Update</a>
                           &nbsp; <a href='?page=Basket&amp;del_item=".$myrow['pseqn']."' title=''>Del</a>
                        </div>
                     </div>
                  </td>
               </tr>\n";
         } // end if
      } // end if
   } // end foreach

   $d_tot = $tota;
   if (eregi("/.",$tota)) {
      $tota = explode(".",$tota);
      $tota = $tota[0].$tota[1];
   } else {
      $tota = $tota."00";
   } // end if

   echo "</table>\n";
   if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
      echo "<div style='bottom: -3px; position:absolute;'>
         <img alt='' border='0' height='8px' src='images/info_bl.jpg' width='8px' />
      </div>
      <div style='bottom: -3px; position:absolute; right: 0px;'>
         <img alt='' border='0' height='8px' src='images/info_br.jpg' width='8px' />
      </div>\n";
   } // end if
   echo "</div>\n";
?>
<center>
<?php
   if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
      $query = "SELECT * FROM users WHERE useqn=".$_SESSION['web_user_id'];
      $result = mysql_query($query)
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      if ($myrow = mysql_fetch_array($result)) {
         $querys = "SELECT MAX(oseqn) FROM orders WHERE ouser=".$_SESSION['web_user_id'];
         $results = mysql_query($querys) 
                    or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$querys</i>");
         if ($myrows = mysql_fetch_array($results)) {
            $max = $myrows['MAX(oseqn)'];
         } // end if
?>
   <form method='post' action='?page=Basket&amp;Check=true'>

      <input type='hidden' name='PAYGATE_ID' value='10011013800' />
      <input type='hidden' name='REFERENCE' value='<?php echo "INV_".$_SESSION['web_user_id']."_".++$max;?>' />
      <input type='hidden' name='AMOUNT' value='<?php echo $tota;?>' />
      <input type='hidden' name='CURRENCY' value='ZAR' />
      <input type='hidden' name='RETURN_URL' value='http://www.northdakota.co.za/sample/?page=Basket&amp;Payed=true' />
      <input type='hidden' name='TRANSACTION_DATE' value='<?php echo gmstrftime("%Y-%m-%d %H:%M");?>' />
      <input type='hidden' name='encryption_key' value='secret' />

      <fieldset style='padding: 10px; text-align: left; width: 200px;'>
         <legend>Delivery Details</legend>

         <label>Street Address</label><br />
         <input type='text' name='street' value='<?php echo $myrow['ustre'];?>' /><br />

         <label>City</label><br />
         <input type='text' name='city' value='<?php echo $myrow['ucity'];?>' /><br />

         <label>Province</label><br />
         <input type='text' name='province' value='<?php echo $myrow['uprov'];?>' /><br />

         <label>Code</label><br />
         <input type='text' name='code' value='<?php echo $myrow['ucode'];?>' /><br />

         <label>Email</label><br />
         <input type='text' name='EMAIL' value='<?php echo $myrow['umail'];?>' /><br />

         <p align='center'>
            <br /><input type='submit' name='submit' value='Calculate Checksum' />
         </p>
      </fieldset>
   </form>
<?php
      } // end if
   } elseif (isset($_GET['Check'])) {
      /*
         Read values from previous form.
         These variables and the checksum calculated below are used to
         populate the hidden fields further down this page.
      */
      $PAYGATE_ID=$_POST['PAYGATE_ID'];
      $REFERENCE=$_POST['REFERENCE'];
      $AMOUNT=$tota;
      $CURRENCY=$_POST['CURRENCY'];
      $RETURN_URL=$_POST['RETURN_URL'];
      $TRANSACTION_DATE=$_POST['TRANSACTION_DATE'];
      $EMAIL = $_POST['EMAIL'];

      $encryption_key = $_POST['encryption_key'];

      $checksum_source = $PAYGATE_ID."|".$REFERENCE."|".$AMOUNT."|".$CURRENCY."|".$RETURN_URL."|".$TRANSACTION_DATE."|";
      if ($EMAIL) $checksum_source .= $EMAIL."|";
      $checksum_source .= $encryption_key;

      $CHECKSUM = md5($checksum_source);
/*
      echo $PAYGATE_ID;
      echo $REFERENCE;
      echo $AMOUNT;
      echo $CURRENCY;
      echo $RETURN_URL;
      echo $TRANSACTION_DATE;
      echo $CHECKSUM;
      echo $encryption_key;
      echo $checksum_source;
*/
?>
   <form action="https://www.paygate.co.za/paywebv2/process.trans" method="post">
         <br />Order is generated, Please proceed to the Payment Gateway to finalise the transaction.<br />
         Your order Total is R <?php echo number_format($d_tot, 2, '.', '');?><br />

         <input type="hidden" name="PAYGATE_ID" value="<?php echo $PAYGATE_ID;?>">
         <input type="hidden" name="REFERENCE" value="<?php echo $REFERENCE;?>">
         <input type="hidden" name="AMOUNT" value="<?php echo $AMOUNT;?>">
         <input type="hidden" name="CURRENCY" value="<?php echo $CURRENCY;?>">
         <input type="hidden" name="RETURN_URL" value="<?php echo $RETURN_URL;?>">
         <input type="hidden" name="TRANSACTION_DATE" value="<?php echo $TRANSACTION_DATE;?>">
         <input type="hidden" name="EMAIL" value="<?php echo $EMAIL;?>">
         <input type="hidden" name="CHECKSUM" value="<?php echo $CHECKSUM;?>">
         <input type="submit" name="btnSubmit" value="Submit">
   </form>
<?php
   } elseif (isset($_GET['Payed'])) {
      /*
         Set the secret key below; it should be the same value that was
         entered in the 'Secret Key' field on 'pg_paywebv2_php_input.php'
      */
      $encryption_key = "secret";

      /*
         Read values from the PayWeb payment form.
         They will be used to calculate the checksum to ensure that the
         data we've got back is valid.
      */

      $PAYGATE_ID=$_POST['PAYGATE_ID'];
      $REFERENCE=$_POST['REFERENCE'];
      $AMOUNT=$_POST['AMOUNT'];
      $TRANSACTION_STATUS=$_POST['TRANSACTION_STATUS'];
      $RESULT_CODE=$_POST['RESULT_CODE'];
      $RESULT_DESC=$_POST['RESULT_DESC'];
      $AUTH_CODE=$_POST['AUTH_CODE'];
      $TRANSACTION_ID=$_POST['TRANSACTION_ID'];
      $CHECKSUM=$_POST['CHECKSUM'];
      $RISK_INDICATOR=$_POST['RISK_INDICATOR'];

      $checksum_source = $PAYGATE_ID."|".$REFERENCE."|".$TRANSACTION_STATUS."|".$RESULT_CODE."|".$AUTH_CODE."|".$AMOUNT."|".$RESULT_DESC."|".$TRANSACTION_ID."|";
      if ($RISK_INDICATOR) $checksum_source .= $RISK_INDICATOR."|";
      $checksum_source .= $encryption_key;

      $test_checksum = md5($checksum_source);

      if ($TRANSACTION_STATUS==2) {
         $order_seqn = explode("INV_".$_SESSION['web_user_id']."_",$REFERENCE);
         $query = "UPDATE orders SET oacti=2, ocode='".$RESULT_CODE."', odesc='".$RESULT_DESC."', oe_dt='".date("Y-m-d H:i:s")."' WHERE ouser=".$_SESSION['web_user_id']." AND oseqn=".$order_seqn[1];
         $result = mysql_query($query) 
                    or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      } else {
         $order_seqn = explode("INV_".$_SESSION['web_user_id']."_",$REFERENCE);
         $query = "UPDATE orders SET oacti=0, ocode='".$RESULT_CODE."', odesc='".$RESULT_DESC."', oe_dt='".date("Y-m-d H:i:s")."' WHERE ouser=".$_SESSION['web_user_id']." AND oseqn=".$order_seqn[1];
         $result = mysql_query($query) 
                    or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      } // end if

      echo "<p>".$RESULT_DESC."</p>";
/*
   if ($test_checksum != $CHECKSUM) {
             The checksums do not match: the calculated checksum is:<br>
             echo $test_checksum;<br />
   } else {
             Checksums match OK<br />
   }
   echo $PAYGATE_ID;<br />
   echo $REFERENCE;<br />
   echo $TRANSACTION_STATUS;<br />
   echo $RESULT_CODE;<br />
   echo $RESULT_DESC;<br />
   echo $AUTH_CODE;<br />
   echo $AMOUNT;<br />
   echo $TRANSACTION_ID;<br />
   if ($RISK_INDICATOR) {
             echo $RISK_INDICATOR;<br />
   } else {
             Risk Indicator Not Returned<br />
   }
   echo $CHECKSUM;<br />
   echo $encryption_key;<br />
   echo $checksum_source;<br />
*/
?>
<?php
   } // end if
} // end if
?>
</center>
0

Hi,

Basket is the shopping cart itself. Look for the admin directory if there is one, and then maybe just maybe inside that directory look for product.php, or edit.php, addproduct.php something that is related to product editing..


All we need to know is the price format the previous developer used. Normally, people would use 4.00 for $4.00 dollars, but then again some would not go for that format because of the currency of the default country.

I am pretty sure the file is just being tucked away... I am definitely sure it is located in the administrator or store owner directory only.

0

Hi This is what i found.. prod.php under admin/modules....

<?php
include "field_list.php";

/* Replace the following */
$db_name    = "ndt";         // Database name
$db_table   = "prod";         // Database table name

// fields
$db_seqn    = "pseqn";   // Database sequence field
$db_cate    = "plink";   // Database category field
$db_titl    = "ptitl";   // Database title field
$db_c_dt    = "pc_dt";   // Database date created field
$db_e_dt    = "pe_dt";   // Database date changed field
$db_acti    = "pacti";   // Database active field
$db_stat    = "pstat";   // Database visits field
$db_hits    = "phits";   // Database hits field
$db_rank    = "";   // Database rank field
$db_link    = "plink";   // Database link field

$comp_arr = array("Audio Direct","Fire Audio","Northdekota","VTREK");

   // custome functions
   function get_full_cate($id,$full_cate) {
      $q = "SELECT * FROM prod_cate WHERE pseqn = ".$id;
      $r = mysql_query($q);
      if ($m = mysql_fetch_array($r)) {
         do {
            $full_cate = get_full_cate($m['plink'],$full_cate)." | ".$m['ptitl'];
         } while($m = mysql_fetch_array($r));
      } // end if         
      return $full_cate;
   } // end function

   // commands
   if (isset($_GET['com'])) {
      if ($_GET['com']=="act") {
            $result = mysql_query("UPDATE ".$db_table." SET ".$db_e_dt."='".date("Y-m-d H:i:s")."' WHERE ".$db_seqn."=".$_GET['id']);
            $result = mysql_query("UPDATE ".$db_table." SET ".$db_acti."=".$_GET['val']." WHERE ".$db_seqn."=".$_GET['id']);
            echo "<meta http-equiv='refresh' content='0;URL=?pg=".$_GET['pg']."&lim=".$lim."&where=".$where."'>\n";
            exit;
      } elseif ($_GET['com']=="feat") {
         if ($_GET['val']==1) {
            $result = mysql_query("UPDATE ".$db_table." SET pfeat=1 WHERE ".$db_seqn."=".$_GET['id']);
         } else {
            $result = mysql_query("UPDATE ".$db_table." SET pfeat=0 WHERE ".$db_seqn."=".$_GET['id']);
         } // end if
      } elseif ($_GET['com']=="rank") {
            $result = mysql_query("UPDATE ".$db_table." SET ".$db_rank."=0 WHERE ".$db_rank."=".$_GET['new']." AND ".$db_link."=".$_GET['link']);                                                        // update new with spare
            $result = mysql_query("UPDATE ".$db_table." SET ".$db_rank."=".$_GET['new'].", ".$db_e_dt."='".date("Y-m-d H:i:s")."' WHERE ".$db_rank."=".$_GET['old']." AND ".$db_link."=".$_GET['link']); // update old with new
            $result = mysql_query("UPDATE ".$db_table." SET ".$db_rank."=".$_GET['old'].", ".$db_e_dt."='".date("Y-m-d H:i:s")."' WHERE ".$db_rank."=0 AND ".$db_link."=".$_GET['link']);                // update spare with old
            echo "<meta http-equiv='refresh' content='0;URL=?pg=".$_GET['pg']."&lim=".$lim."&where=".$where."'>\n";
            exit;
      } elseif ($_GET['com']=="rem_img") {
         if (file_exists($_GET['file'])) {
            unlink($_GET['file']);
         } // end if
         if (file_exists(ereg_replace("tn_","",$_GET['file']))) {
            unlink(ereg_replace("tn_","",$_GET['file']));
         } // end if
      } // end if
   } // end if

   if (isset($com_add)) {
         if ($result = mysql_query("INSERT INTO ".$db_table." ".
            "(plink,pcode,ptitl,pdesc,ppric,preta,ppack,pweig,pdime,".
            "pacti,pc_dt,pe_dt,prank,pstat,phits) VALUES ".
            "('".$_POST['plink']."','".$_POST['pcode']."','".$_POST['ptitl']."','".$_POST['pdesc']."','".$_POST['ppric']."','".$_POST['preta']."','".$_POST['ppack']."','".$_POST['pweig']."','".$_POST['pdime']."',".
            "2,'".date("Y-m-d H:i:s")."','0000-00-00 00:00:00','".$_POST['max']."',0,0)") or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>")) {

            $ins_id = mysql_insert_id();

            foreach ($_POST['pcomp'] AS $val) {
               $query = "INSERT INTO bridge (bcomp, bprod) VALUES ('".$val."','".$ins_id."')";
               $result = mysql_query($query);
            } // end foreach

            if ($_FILES["p_img".$x]["size"]>0) {
               upload_image("p_img", 'img', "prod_".$ins_id, 210, 210, 'yes');
            } // end if

            $msg = "Successfully Inserted!";
            echo "<meta http-equiv='refresh' content='0;URL=?pg=".$_POST['pg']."&msg=".$msg."&lim=".$lim."&where=".$where."'>\n";
            exit;
         } else {
            $sql = "add";
            $msg = "Error Inserting!";
         } // end if
   } // end if

   if (isset($com_del)) {
         if ($result = mysql_query("DELETE FROM ".$db_table." WHERE ".$db_seqn."=".$_GET['com_del'])) {
            $msg = "Successfully Deleted!";
         } else {
            $msg = "Error Deleting!";
         } // end if
   } // end if

   if (isset($com_edi)) {

         if ($result = mysql_query("UPDATE ".$db_table." SET ".
            "plink='".$_POST['plink']."',pcode='".$_POST['pcode']."',ptitl='".$_POST['ptitl']."',pdesc='".$_POST['pdesc']."',ppric='".$_POST['ppric']."',preta='".$_POST['preta']."',ppack='".$_POST['ppack']."',pweig='".$POST['pweig']."',pdime='".$_POST['pdime']."',".
            "pe_dt='".date("Y-m-d H:i:s")."' WHERE ".$db_seqn."=".$_POST['id']) or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>")) {

            if ($_FILES["p_img".$x]["size"]>0) {
               upload_image("p_img", 'img', "prod_".$_POST['id'], 210, 210, 'yes');
            } // end if

            $results = mysql_query("DELETE FROM bridge WHERE bprod=".$_POST['id']);
            foreach ($_POST['pcomp'] AS $val) {
               $query = "INSERT INTO bridge (bcomp, bprod) VALUES ('".$val."','".$_POST['id']."')";
               $result = mysql_query($query);
            } // end foreach

            $msg = "Successfully Edited!";
            echo "<meta http-equiv='refresh' content='0;URL=?pg=".$_POST['pg']."&msg=".$msg."&lim=".$lim."&where=".$where."'>\n";
            exit;
         } else {
            $msg = "Error Editing!";
            echo "<meta http-equiv='refresh' content='0;URL=?pg=".$_POST['pg']."&sql=edit&id=".$_POST['id']."&msg=".$msg."&lim=".$lim."&where=".$where."'>\n";
            exit;
         } // end if
   } // end if

   if (isset($sql)) {
      if ($sql=="add") {
         $disp.="      <table border='0' cellpadding='2' cellspacing='2' width='100%'>\n";

         $disp.="         <tr>
            <td valign='top'>Company</td>
            <td></td>
            <td valign='top'>
			   <select name='pcomp[]' multiple size='4'>";
         foreach ($comp_arr as $val) {
            $disp.="                  <option value='".$val."'>".$val."</option>";
         } // end foreach
         $disp.="
               </select>
            </td>
         </tr>";

//         $disp.=field_list ('Company','pcomp','','text','','','','','','');
//         $disp.=field_list ('Category','plink','','select','','','','prod_cate','pseqn','ptitl');
         $disp.= "      <tr>\n";
         $disp.= "         <td>Category</td>\n";
         $disp.= "         <td></td>\n";
         $disp.= "         <td>\n";
         $disp.= "            <select name='plink'>\n";
         $disp.= "               <option value=''>-- Make Selection --</option>\n";

         $r = mysql_query("SELECT * FROM prod_cate ORDER BY ptitl");
         if ($m = mysql_fetch_array($r)) {
            do {
               $disp.= "               <option value='".$m['pseqn']."'>".get_full_cate($m['pseqn'],"")."</option>\n";
            } while($m = mysql_fetch_array($r));
         } // end if

         $disp.= "            </select>\n";
         $disp.= "         <td>\n";
         $disp.= "      <tr>\n";

         $disp.=field_list ('Code','pcode','','text','','','','','','');
         $disp.=field_list ('Title','ptitl','','text','','','','','','');
         $disp.=field_list ('Description','pdesc','','textarea','','','','','','');
         $disp.=field_list ('Retail Price','preta','','text','','','','','','');
         $disp.=field_list ('Price','ppric','','text','','','','','','');
         $disp.=field_list ('Pack','ppack','','text','','','','','','');
         $disp.=field_list ('Weight','pweig','','text','','','','','','');
         $disp.=field_list ('Dimentions','pdime','','text','','','','','','');

         $disp.=field_list ('Main Image','p_img','','image','','','','','','');

         $disp.="         <tr>\n";
         $disp.="            <td align='center' colspan='3'>\n";
         $disp.="               <input type='submit' name='com_add' value='Insert'> <input type='reset' value='Clear'><br>\n";
         $disp.="               <a href='?pg=".$_GET['pg']."&lim=".$lim."&where=".$where."'>Back</a>\n";
         $disp.="               <input type='hidden' name='lim' value='".$_GET['lim']."'>\n";
         $disp.="               <input type='hidden' name='where' value='".$_GET['where']."'>\n";
         $disp.="               <input type='hidden' name='pg' value='".$_GET['pg']."'>\n";
         $disp.="               <input type='hidden' name='max' value='".$_GET['max']."'>\n";
         $disp.="            </td>\n";
         $disp.="         </tr>\n";
         $disp.="      </table>\n";
      } elseif ($sql=="edit") {
         $disp.="      <table border='0' cellpadding='2' cellspacing='2' width='100%'>\n";
            $result = mysql_query("SELECT * FROM ".$db_table." WHERE ".$db_seqn."=".$_GET['id']);
            if ($myrow = mysql_fetch_array($result)) {

               $disp.="         <tr>
                  <td valign='top'>Company</td>
                  <td></td>
                  <td valign='top'>
                     <select name='pcomp[]' multiple size='4'>";
               foreach ($comp_arr as $val) {
               	$querys = "SELECT * FROM bridge WHERE bcomp='".$val."' AND bprod=".$_GET['id'];
               	$results = mysql_query($querys);
                  if ($myrows = mysql_fetch_array($results)) {
                     $disp.="                  <option value='".$val."' selected>".$val."</option>\n";
                  } else {
                     $disp.="                  <option value='".$val."'>".$val."</option>\n";
                  } // end if
               } // end foreach
               $disp.="
                     </select>
                  </td>
               </tr>";

//               $disp.=field_list ('Company','pcomp',$myrow['pcomp'],'text','','','','','','');
//               $disp.=field_list ('Category','plink',$myrow['plink'],'select','','','','prod_cate','pseqn','ptitl');
               $disp.= "      <tr>\n";
               $disp.= "         <td>Category</td>\n";
               $disp.= "         <td></td>\n";
               $disp.= "         <td>\n";
               $disp.= "            <select name='plink'>\n";
               $disp.= "               <option value=''>-- Make Selection --</option>\n";

               $r = mysql_query("SELECT * FROM prod_cate ORDER BY ptitl");
               if ($m = mysql_fetch_array($r)) {
                  do {
                     if ($myrow['plink'] == $m['pseqn']) {
                        $disp.= "               <option value='".$m['pseqn']."' selected>".get_full_cate($m['pseqn'],"")."</option>\n";
                     } else {
                        $disp.= "               <option value='".$m['pseqn']."'>".get_full_cate($m['pseqn'],"")."</option>\n";
                     } // end if
                  } while($m = mysql_fetch_array($r));
               } // end if

               $disp.= "            </select>\n";
               $disp.= "         <td>\n";
               $disp.= "      <tr>\n";
               $disp.=field_list ('Code','pcode',$myrow['pcode'],'text','','','','','','');
               $disp.=field_list ('Title','ptitl',$myrow['ptitl'],'text','','','','','','');
               $disp.=field_list ('Description','pdesc',$myrow['pdesc'],'textarea','','','','','','');
               $disp.=field_list ('Retail Price','pretal',$myrow['pretal'],'text','','','','','','');
               $disp.=field_list ('Price','ppric',$myrow['ppric'],'text','','','','','','');
               $disp.=field_list ('Pack','ppack',$myrow['ppack'],'text','','','','','','');
               $disp.=field_list ('Weight','pweig',$myrow['pweig'],'text','','','','','','');
               $disp.=field_list ('Dimentions','pdime',$myrow['pdime'],'text','','','','','','');

               $disp.=field_list ('Main Image','p_img','../scripts/upload/img/tn_prod_'.$myrow['pseqn'].'.jpg','image','','','','','','');

               $disp.="         <tr>\n";
               $disp.="            <td align='center' colspan='3'>\n";
               $disp.="               <input type='submit' name='com_edi' value='Update'> <input type='reset' value='Clear'><br>\n";
               $disp.="               <a href='?pg=".$_GET['pg']."&lim=".$lim."&where=".$where."'>Back</a>\n";
               $disp.="               <input type='hidden' name='lim' value='".$_GET['lim']."'>\n";
               $disp.="               <input type='hidden' name='where' value='".$_GET['where']."'>\n";
               $disp.="               <input type='hidden' name='id' value='".$_GET['id']."'>\n";
               $disp.="               <input type='hidden' name='pg' value='".$_GET['pg']."'>\n";
               $disp.="            </td>\n";
               $disp.="         </tr>\n";
            } // end if
         $disp.="      </table>\n";
      } elseif ($sql=="sta") {
         $disp.="      <table border='0' cellpadding='2' cellspacing='2' width='100%'>\n";
            $result = mysql_query("SELECT * FROM ".$db_table." ORDER BY ".$db_stat." DESC");
            if($myrow = mysql_fetch_array($result)) {
               $disp.="         <tr>\n";
               $disp.="            <th><b>Title <small>(Category)</small></b></th>\n";
               $disp.="            <th width='150'><b>Date <small>(Created - Changed)</small></b></th>\n";
               $disp.="            <th width='150'><b>Visits - Hits</b></th>\n";
               $disp.="         </tr>\n";
               do {
                  $disp.="         <tr>\n";
                  $disp.="            <td>".$myrow[$db_titl]."</td>\n";
                  $disp.="            <td align='center'>".$myrow[$db_c_dt]." - ".$myrow[$db_e_dt]."</td>\n";
                  $disp.="            <td align='center'>".$myrow[$db_stat]." - ".$myrow[$db_hits]."</td>\n";
                  $disp.="         </tr>\n";
               } while($myrow = mysql_fetch_array($result));
            } // end if
         $disp.="      </table>\n";
      } // end if
   } else {
      // int set
      if (!isset($_GET['lim']) || empty($_GET['lim']))
         $_GET['lim']=0;

      $disp.="      <table border='0' cellpadding='2' cellspacing='2' width='100%'>\n";
         $rec_num = 20;

         if (isset($where) && !empty($where))
            $sql_where = "AND pcomp LIKE '%".$where."%'";

         if (isset($_GET['alfa']))
            $sql_where.= " AND (ptitl LIKE '".$_GET['alfa']."%' OR ptitl LIKE '".strtolower($_GET['alfa'])."%')";
         
         if ($db_rank!="") {
            $results = mysql_query("SELECT COUNT(".$db_rank."),MAX(".$db_rank."),MIN(".$db_rank.") FROM ".$db_table." WHERE 1 ".$sql_where);
            if ($myrows = mysql_fetch_array($results)) {
               $rec_tot = $myrows['COUNT('.$db_rank.')'];
               $rec_max = $myrows['MAX('.$db_rank.')'];
               $rec_min = $myrows['MIN('.$db_rank.')'];
            } // end if
         } else {
            $results = mysql_query("SELECT COUNT(".$db_titl.") FROM ".$db_table." WHERE 1 ".$sql_where);
            if ($myrows = mysql_fetch_array($results)) {
               $rec_tot = $myrows['COUNT('.$db_titl.')'];
            } // end if
         } // end if

         if ($db_rank!="") {
            $query = "SELECT * FROM ".$db_table." WHERE 1 AND ".$db_link."=0 ".$sql_where." ORDER BY ".$db_rank." DESC LIMIT ".$_GET['lim'].",".$rec_num;
         } else {
            $query = "SELECT * FROM ".$db_table." WHERE 1 ".$sql_where." ORDER BY ".$db_titl." LIMIT ".$_GET['lim'].",".$rec_num;
         } // end if

         $result = mysql_query($query);
         if ($myrow = mysql_fetch_array($result)) {
            $disp.="         <tr>
                                 <th colspan='3'>
                                    Company : <select name='pcomp' onchange=\"window.location='?pg=".$pg."&where='+this.value;\">
                                       <option value=''>-- Make Selection --</option>";
            foreach ($comp_arr as $val) {
               $disp.="                  <option value='".$val."'>".$val."</option>";
            } // end foreach
            $disp.="
                                    </select>
                                 </th>
                             </tr>";
            
            $disp.="         <tr>\n";
            $disp.="            <th>Title</th>\n";
            $disp.="            <th width='150'>Date <small>(Created - Changed)</small></th>\n";
            $disp.="            <th width='150'>Maintenance</th>\n";
            $disp.="         </tr>\n";
            if ($msg!="") {
               $disp.="         <tr>\n";
               $disp.="            <td align='center' colspan='3'>".$msg."</td>\n";
               $disp.="         </tr>\n";
            } // end if
            do {
               $disp.="         <tr>\n";
               $disp.="            <td align='left'>".$myrow[$db_titl]."</td>\n";
               $disp.="            <td align='center'>".$myrow[$db_c_dt]." - ".$myrow[$db_e_dt]."</td>\n";
               $disp.="            <td align='center'>\n";
               $disp.="                <a href='?pg=".$_GET['pg']."&sql=edit&id=".$myrow[$db_seqn]."&lim=".$lim."&where=".$where."'><img src='img/edit.png' border='0' alt='Edit' title='Edit'></a>\n";
               $disp.="                <a href='?pg=".$_GET['pg']."&com_del=".$myrow[$db_seqn]."&lim=".$lim."&where=".$where."' onclick='return conf();'><img src='img/del.png' border='0' alt='Delete' title='Delete'></a> &nbsp; &nbsp;\n";
               if ($myrow[$db_acti]==0) {
                  $disp.="                <a href='?pg=".$_GET['pg']."&com=act&val=1&id=".$myrow[$db_seqn]."&lim=".$lim."&where=".$where."'><img src='img/act_0.png' border='0' alt='Record is visible' title='Record is visible'></a>\n";
               } elseif ($myrow[$db_acti]==1) {
                  $disp.="                <a href='?pg=".$_GET['pg']."&com=act&val=2&id=".$myrow[$db_seqn]."&lim=".$lim."&where=".$where."'><img src='img/act_1.png' border='0' alt='Record is invisible' title='Record is invisible'></a>\n";
               } elseif ($myrow[$db_acti]==2) {
                  $disp.="                <a href='?pg=".$_GET['pg']."&com=act&val=0&id=".$myrow[$db_seqn]."&lim=".$lim."&where=".$where."'><img src='img/act_2.png' border='0' alt='Record is inactive' title='Record is inactive'></a>\n";
               } // end if

               if ($myrow['pfeat']==0) {
                  $disp.="                <a href='?pg=".$_GET['pg']."&com=feat&val=1&id=".$myrow[$db_seqn]."&lim=".$lim."&where=".$where."'><img src='img/deactive.png' border='0' alt='Feature' title='Feature'></a>&nbsp;\n";
               } else {
                  $disp.="                <a href='?pg=".$_GET['pg']."&com=feat&val=0&id=".$myrow[$db_seqn]."&lim=".$lim."&where=".$where."'><img src='img/active.png' border='0' alt='Feature' title='Feature'></a>&nbsp;\n";
               } // end if

               if ($db_rank!="") {
                  if ($rec_max!=$myrow[$db_rank]) {
                     $new_rank = $myrow[$db_rank];
                     $disp.= "<a href='?pg=".$_GET['pg']."&com=rank&link=".$myrow[$db_link]."&old=".$myrow[$db_rank]."&new=".++$new_rank."' title='move page up'><img src='img/up.png' border='0' alt='move page up'></a>";
                  } else {
                     $disp.= "<img src='img/blank.png' border='0' alt='spacer'>";
                  } // end if

                  if ($rec_min!=$myrow[$db_rank]) {
                     $new_rank = $myrow[$db_rank];
                     $disp.= "<a href='?pg=".$_GET['pg']."&com=rank&link=".$myrow[$db_link]."&old=".$myrow[$db_rank]."&new=".--$new_rank."' title='move page down'><img src='img/down.png' border='0' alt='move page down'></a>";
                  } else {
                     $disp.= "<img src='img/blank.png' border='0' alt='spacer'>";
                  } // end if
               } // end if

               $disp.="            </td>\n";
               $disp.="         </tr>\n";
            } while($myrow = mysql_fetch_array($result));
         } else {
            $disp.="         <tr>\n";
            $disp.="            <td align='center' colspan='3'>No records for this criteria! (<a href='?pg=".$_GET['pg']."' title='Reset filter criteria'>Reset</a>)</td>\n";
            $disp.="         </tr>\n";
         } // end if
      $disp.="         <tr>\n";
      $disp.="            <td colspan='3' align='center'><a href='?pg=".$_GET['pg']."&max=".++$rec_max."&sql=add'><img src='img/add.png' border='0' alt='Insert new recod' title='Insert new record'></a><br>\n";

      for ($x='A';$x<'Z';$x++) {
         $disp.= "<a href='?pg=".$_GET['pg']."&lim=".($x*$rec_num)."&where=".$where."&alfa=".$x."' title='Navigate to page ".$x."'>".$x."</a>\n";
      }
      $disp.= "<a href='?pg=".$_GET['pg']."&lim=".($x*$rec_num)."&where=".$where."&alfa=Z' title='Navigate to page Z'>Z</a>\n";
      $disp.= "<br />";
      
      $pages = $rec_tot / $rec_num;
      for ($x=0;$x<=floor($pages);$x++) {
         $y++;
         if ($_GET['lim']==($x*$rec_num)) {
            $disp.= "<a href='?pg=".$_GET['pg']."&lim=".($x*$rec_num)."&alfa=".$alfa."&where=".$where."' title='Navigate to page ".$y."'><b>Page ".$y."</b></a>\n";
         } else {
            $disp.= "<a href='?pg=".$_GET['pg']."&lim=".($x*$rec_num)."&alfa=".$alfa."&where=".$where."' title='Navigate to page ".$y."'>Page ".$y."</a>\n";
         } // end if
      } // end for

      $disp.="            </td>\n";
      $disp.="         </tr>\n";
   } // end if
   $disp.="</table>\n";
?>
0

Hi,

Can we take a look at the field_list.php, this file may contain some function. I think you already find part of the file you are looking for.


I need to take a look at it tomorrow though.. It is now pretty late in my time zone... need to hit the bunk...

SIDE NOTES:

The price is this -> ppric='".$_POST

Edited by veedeoo: n/a

0

HI.. Here is field list.php.....

Okay, that is cool. When you have time.... I really need to fix this 1 thing then we can go live.. your assitance is highly appreciated!!:)

<?php
   // text, textarea, select
   function field_list (
         $fld_disp, $fld_name, $fld_val, $fld_type,
         $table, $tab_fld, $tab_disp,
         $lnk_tbl, $lnk_fld, $lnk_disp) {

      $field = "
         <tr>
            <td valign='top'>".$fld_disp."</td>
            <td></td>
      ";

      if ($fld_type=='text') {
         $field.= "<td valign='top'><input type='text' name='".$fld_name."' value='".htmlspecialchars($fld_val, ENT_QUOTES)."' size='100'></td>\n";
      } elseif ($fld_type=='fck_area') {
         $list = array("\r\n", "\n", "\r");

         $field.= "
            <td valign='top'>
               <script type='text/javascript' src='fckeditor/fckeditor.js'></script>
               <script type='text/javascript'>
                  <!--
                     var oFCKeditor = new FCKeditor( '".$fld_name."' ) ;
                     oFCKeditor.BasePath	= 'fckeditor/' ;
                     oFCKeditor.Value	= '".str_replace($list, "",addslashes($fld_val))."' ;
                     oFCKeditor.Create() ;
                  //-->
               </script>
            </td>
         \n";
      } elseif ($fld_type=='document') {
         $field.= "<td valign='top'><input type='file' name='".$fld_name."'>\n";
         if (file_exists($fld_val)) {
            $field.= "<a href='".$fld_val."' target='_blank'>View</a> <a href='?pg=".$_GET['pg']."&sql=".$_GET['sql']."&id=".$_GET['id']."&com=rem_img&file=".$fld_val."' onclick='return conf();' title='Remove Image'>remove</a>\n";
         } // end if
         $field.= "</td>\n";
      } elseif ($fld_type=='image') {
         $field.= "<td valign='top'><input type='file' name='".$fld_name."'>\n";
         if (file_exists($fld_val)) {
            $field.= "<img src='".$fld_val."' border='0'> <a href='?pg=".$_GET['pg']."&sql=".$_GET['sql']."&id=".$_GET['id']."&com=rem_img&file=".$fld_val."' onclick='return conf();' title='Remove Image'>remove</a>\n";
         } // end if
         $field.= "</td>\n";
      } elseif ($fld_type=='date') {
         $field.= "<td valign='top'><input type='text' name='".$fld_name."_y' maxlength='4' size='3' value='".substr($fld_val,0,4)."'> - <input type='text' name='".$fld_name."_m' maxlength='2' size='2' value='".substr($fld_val,5,2)."'> - <input type='text' name='".$fld_name."_d' maxlength='2' size='2' value='".substr($fld_val,8,2)."'> CCYY-mm-dd</td>";
      } elseif ($fld_type=='textarea') {
         $field.= "<td valign='top'><textarea cols='65' name='".$fld_name."' rows='4'>".$fld_val."</textarea></td>\n";
      } elseif ($fld_type=='select') {
         $field.= "
            <td valign='top'>
               <select name='".$fld_name."'>
                  <option value=''>-- options --</option>
         \n";
         $result = mysql_query("SELECT ".$lnk_fld.",".$lnk_disp." FROM ".$lnk_tbl." ORDER BY ".$lnk_disp);
         if ($myrow = mysql_fetch_array($result)) {
            do {
               if ($fld_val==$myrow[$lnk_fld]) {
                  $field.= "<option value='".htmlspecialchars($myrow[$lnk_fld], ENT_QUOTES)."' selected>".$myrow[$lnk_disp]."</option>\n";
               } else {
                  $field.= "<option value='".htmlspecialchars($myrow[$lnk_fld], ENT_QUOTES)."'>".$myrow[$lnk_disp]."</option>\n";
               } // end if
            } while($myrow = mysql_fetch_array($result));
         } // end if
         $field.= "
               </select>
            </td>\n";
      } // end if
      $field.= "
         </tr>";
      return $field;
   } // end function
?>
0

i would get a program to search through all the sites files looking for a case-insensitive "ppric" . Will likely be a lot you need to look for places that "UPDATE `table` set `ppric` = ''" is being called.

It could literally be anywhere, to find it you need to set it manually in the database and hope it remains that price briefly and open pages on the site until it sets back to 0 - once its set back you've found the page that's doing it - next is scouring through all its script & includes to find the update.


It's likely to be on a page related to editing products.

that line 101 in prod.php looks a good lead:
"plink='".$_POST."',pcode='".$_POST."',ptitl='".$_POST."',pdesc='".$_POST."',ppric='".$_POST."',preta='".$_POST."',ppack='".$_POST."',pweig='".$POST."',pdime='".$_POST."',".

print out that query, it's the only thing i can see on the page that could say SET `ppric` = '' , if $_POST is empty it would do exactly that

0

there are only 2 files in all the folders that contain ..ppric='".$_POST..
the public/admin/modules/prod.php...lines 65-67, 101, 165, 234
and public/scripts/prod/basket.php..lines 38, 61

Both I shared with you above....
They seem fine and I am not sure how to fix the pricing problem?
Any ideas?
Thanks again!

0

there are only 2 files in all the folders that contain ..ppric='".$_POST..
the public/admin/modules/prod.php...lines 65-67, 101, 165, 234
and public/scripts/prod/basket.php..lines 38, 61

Both I shared with you above....
They seem fine and I am not sure how to fix the pricing problem?
Any ideas?
Thanks again!

Yes

that line 101 in prod.php looks a good lead:
"plink='".$_POST."',pcode='".$_POST."',ptitl='".$_POST."',pdesc='".$_POST."',ppric='".$_POST."',preta='".$_POST."',ppack='".$_POST."',pweig='".$POST."',pdime='".$_POST."',".

print out that query, it's the only thing i can see on the page that could say SET `ppric` = '' , if $_POST is empty it would do exactly that

0

YEs...? What

I am confused?

What am I supposed to do? I am new to php, so explicit assistance would be really really appreciated!

0

That sort of work is really complex and takes a lot of time for any php coder to work out what needs changing - it can take hours learning what the code does. You need to find anything that can cause the update and find out what is causing that code to run.

That page called prod.php whenever it is ran is being told if the variable $com_edi has been set - to any value at all it will run a query that will set `ppric` = '$_POST'

if $_POST is empty or set to an invalid value, in mysql it will be set back to 0

if (isset($com_edi)) {
  if ($result = mysql_query("UPDATE ".$db_table." SET ".
            "plink='".$_POST['plink']."',pcode='".$_POST['pcode']."',ptitl='".$_POST['ptitl']."',pdesc='".$_POST['pdesc']."',ppric='".$_POST['ppric']."',preta='".$_POST['preta']."',ppack='".$_POST['ppack']."',pweig='".$POST['pweig']."',pdime='".$_POST['pdime']."',".
            "pe_dt='".date("Y-m-d H:i:s")."' WHERE ".$db_seqn."=".$_POST['id'])

you can update this to:

if (isset($com_edi)) {
var_dump($com_edi);//see what $com_edi is
$Q = "UPDATE ".$db_table." SET ".            "plink='".$_POST['plink']."',pcode='".$_POST['pcode']."',ptitl='".$_POST['ptitl']."',pdesc='".$_POST['pdesc']."',ppric='".$_POST['ppric']."',preta='".$_POST['preta']."',ppack='".$_POST['ppack']."',pweig='".$POST['pweig']."',pdime='".$_POST['pdime']."',".
            "pe_dt='".date("Y-m-d H:i:s")."' WHERE ".$db_seqn."=".$_POST['id'];
echo $Q;//print out query being run on the screen

 if ($result = mysql_query($Q)
0

@INF-P,

Biiim is correct.. The work of other developers needs to be analyze, and then study their script progression. This is even complex and takes a lot of time if procedural programming is used, because the php codes are all over the place.

While in the object oriented programming, the majority of the core script is located in fewer class files. So, finding whatever we are looking for is less tedious than finding it from the procedural.

Ok the next one is to make sure there are no other associated files to the files you have presented us. What I meant by associated files are the files in template directory if ever exist, admin/index.php or whatever file responsible for showing the page to the browser.

PLease Ignore my comments below! Just my own humble opinion and should be considered as such.

For all aspiring coders who want to become a developer later on, this is the environment where the OOP, PDO, and templating system is needed and can easily thrive. Most people would disagree and will continue to stand by the reasoning of "Why learn OOP and templating language if they already know procedural programming pretty well".

I do understand the logic behind it, why learn another language if php alone can somehow mimic the same templating system results? However, carriers and believers of this logic, should also consider the scenario of running a much complex script such as shopping cart like the subject we have in this thread. Modifying these type of codes takes a lot of time and effort. While in the OOP programming, most of the main core of this script can be easily isolated in just one directory; thus making the modifications and upgrades a brisk.

0

HI there

Thank you so much for all your assistance!! i will try ehat Biiim suggested. I just got to work. lol. its almost 11am here in south africa. Where about are you peeps?

There is an admin/index.php.....listed below:

Also I have tried consulting with the previous developer and he say that it has been about 3 years since he did these sites he cannot even recall what is what. I have yet to discuss the pricing issue with him. Will do on Monday, but most of the snags I hit I managed to figure out.... He has 4 websites running of 1 database, but I have made changes to the look and feel and functionality of the sites, but thanks again!! :-D

<?php
include "../scripts/inc/lib.inc.php";

   if (phpversion() >= "4.2.1") {
      extract($_POST);
      extract($_GET);
      extract($_SERVER);
//      if ($_SESSION !=""){
//         extract($_SESSION);
//      }
      extract($_COOKIE);
      extract($_FILES);
      extract($_ENV);
      extract($_REQUEST);
      if ($_GLOBALS !=""){
         extract($_GLOBALS);
      }
   }

session_start();

   // ########################################################################### submit
   if (isset($login)) {                                                                                        // Login
      $query = "SELECT aseqn,auser,apass FROM admin WHERE auser='".$pro_name."' AND apass='".$pro_pass."'";
      $result = mysql_query($query) 
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      if ($myrow = mysql_fetch_array($result)) {
         $_SESSION['cont_admin'] = $myrow['aseqn'];
      } else {
         $err = "<font color='red'>Invalid Login</font>\n";
      } // end if
   } elseif ($log=="off") {
      session_destroy();
      header("Location: index.php");
      exit;
   } // end if

// ########################################################################### login
   if (!isset($_SESSION['cont_admin'])) {
      $disp="<table border='0' cellpadding='2' cellspacing='0' width='400'>\n";
      $disp.="   <tr>\n";
      $disp.="      <th colspan='2' class='h'><font color='#818CAA' size='4'>Admin</font> <font color='#818CAA'  size='4'>Module</font><br>This section is designed to facilitate the administration of your website. Please insert your allocated Username and Password.</th>\n";
      $disp.="   </tr>\n";
      $disp.="   <tr>\n";
      $disp.="      <td class='e'>User Name</td>\n";
      $disp.="      <td class='v'><input type='text' name='pro_name'></td>\n";
      $disp.="   </tr>\n";
      $disp.="   <tr>\n";
      $disp.="      <td class='e'>Password</td>\n";
      $disp.="      <td class='v'><input type='password' name='pro_pass'></td>\n";
      $disp.="   </tr>\n";
      $disp.="   <tr>\n";
      $disp.="      <td colspan='2' align='center' class='v'>".$err."<br>\n";
      $disp.="         <input type='submit' name='login' value='login' class='sear'>\n";
      $disp.="      </td>\n";
      $disp.="   </tr>\n";
      $disp.="</table>\n";
   } else {
      $disp="<table border='0' cellpadding='2' cellspacing='2' width='780px'>\n";
      $disp.="   <tr>\n";
      $disp.="      <th width='80px' valign='top' class='h'>Menu</th>\n";
      $disp.="      <th width='700px' valign='top' class='h'>Admin</th>\n";
      $disp.="   </tr>\n";
      $disp.="   <tr>\n";
      $disp.="      <td valign='top' class='v'>\n";
      $disp.="         <div class='topItem'>&nbsp;<a href='?' class='menu'>Home</a></div><br />\n";

      $disp.="         <div class='topItem'>&nbsp;<a href='?pg=c' class='menu'>Content</a></div><br />\n";

      $disp.="         <div class='topItem'>&nbsp;<a href='?pg=o' class='menu'>Orders</a></div><br />\n";

      $disp.="         <div class='mainDiv' state='0'>\n";
      $disp.="            <div class='topItem' classOut='topItem' classOver='topItemOver' onMouseOver='Init(this);' >&nbsp;Product Manager</div>\n";
      $disp.="               <div class='dropMenu' >\n";
      $disp.="                  <div class='subMenu' state='0'>\n";
      $disp.="                     <span class='subItem' classOut='subItem' classOver='subItemOver'><a href='?pg=pc'>Category</a></span><br />\n";
      $disp.="                     <span class='subItem' classOut='subItem' classOver='subItemOver'><a href='?pg=p'>Product</a></span>\n";
      $disp.="                  </div></div></div><br />\n";

      $disp.="         <div class='topItem'>&nbsp;<a href='?pg=u' class='menu'>Users</a></div><br />\n";

      $disp.="         <br/><div class='topItem'>&nbsp;<a href='?pg=off' class='menu'>Log off</a></div><br>\n";
      $disp.="      </td>\n";
      $disp.="      <td valign='top' align='center' class='v'>\n";
      if (isset($pg)) {
         if ($pg=="c") {
            include "modules/content.php";
         } elseif ($pg=="o") {
            include "modules/order.php";
         } elseif ($pg=="pc") {
            include "modules/prod_cate.php";
         } elseif ($pg=="p") {
            include "modules/prod.php";
         } elseif ($pg=="u") {
            include "modules/user.php";
         } elseif ($pg=="off") {
            session_destroy();
            header("Location: index.php");
            exit;
         } // end if
      } // end if
      $disp.="      </td>\n";
      $disp.="   </tr>\n";
      $disp.="</table>\n";
   } // end if
?>
<html>
   <head>
      <title>Admin</title>
      <link rel="stylesheet" type="text/css" href="sddm.css" />
      <script language="JavaScript" type="text/javascript" src="menu.js"></script>
      <script language='JavaScript'>
      <!--
         function conf() {
            if (confirm('Are you sure you want to Delete!')) {
               return true;
            } else {
               return false;
            } // end if
         } // end function

         function catChange(chosenCat) {
            document.all['menu'].value = chosenCat;
         }

         function cng_fnt(varr) {
            document.all.display.face=varr;
         } // end function
      //-->
      </script>
   </head>
   <body bgcolor='#FFFFFF'>
      <form name="frm_admin" method="post" enctype="multipart/form-data">
         <center>
<?php
echo $disp;
?>
         </center>
      </form>
   </body>
</html>
0

HI Guys

Thanks for your help...

I changed line 233 in admin/mod/prod.php...

$disp.=field_list ('Code','pcode',$myrow['pcode'],'text','','','','','','');
               $disp.=field_list ('Title','ptitl',$myrow['ptitl'],'text','','','','','','');
               $disp.=field_list ('Description','pdesc',$myrow['pdesc'],'textarea','','','','','','');
               $disp.=field_list ('Retail Price','preta',$myrow['preta'],'text','','','','','','');                   this line had pretal instead of preta.
               $disp.=field_list ('Price','ppric',$myrow['ppric'],'text','','','','','','');
               $disp.=field_list ('Pack','ppack',$myrow['ppack'],'text','','','','','','');
               $disp.=field_list ('Weight','pweig',$myrow['pweig'],'text','','','','','','');
               $disp.=field_list ('Dimentions','pdime',$myrow['pdime'],'text','','','','','','');

The price is displaying now when I enter it under retail price.

But now I have the next problem..
When you hit ad to cart, it says added to cart,
and when u click on the cart it goes to the calculate checksum page,
but you Cannot view the items in the cart..
And also on the checksum page it is not picking up the items added to the cart...


I have also attached the public/scripts/prod/basket.php file:

<h2>Shopping Cart</h2>
<?php
if (!isset($_SESSION['web_user_id'])) {
   include "scripts/user/login.php";
} else {
   $x = 0;
   $f = true;
   $tota = 0;
   echo "<div style='background-color: #EAEAEA; position:relative;'>
   <table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
   foreach ($_SESSION['aBasket'] as $val => $key) {
      $x++;
      $query = "SELECT * FROM prod WHERE pseqn='".$val."' ORDER BY ptitl";
      $result = mysql_query($query)
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      if ($myrow = mysql_fetch_array($result)) {
         if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
            if ($f) {
               $f=false;
            } else {
               echo "            <tr><td colspan='2'><hr style='margin: 10px;' /></td></tr>\n";
            } // end if
         } // end if

         $path = "scripts/upload/img/";
         $file = "tn_prod_".$myrow['pseqn'].".jpg";
         if (file_exists($path.$file)) {
            $img = "<img src='".$path.$file."' border='0' alt='' />";
         } else {
            $img = "<div style='background-color: #FFFFFF; height: 110px; margin-left: 10px; width: 110px;'></div>";
         } // end if

         if (!empty($myrow['ppack'])) {
            $pp = $myrow['ppack']." per pack";
         } else {
            $pp = "";
         } // end if
         $cost = explode("R",$myrow['ppric']);
         $cost = explode(",",trim($cost[1]));
         $cost = $cost[0].$cost[1].$cost[2];
         $cost = ($cost * $key);
         $tota = $tota + $cost;

         if (isset($_GET['Check'])) {
            $query = "INSERT INTO orders (ouser,oitem,o_qty,opric,oc_dt,oacti) VALUES ('".$_SESSION['web_user_id']."','".$val."','".$key."','".$cost."','".date("Y-m-d H:i:s")."',1)";
            $result = mysql_query($query) 
                       or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
         } // end if
         
         if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
            echo "
               <tr>
                  <td height='130px' width='130px'>
                     ".$img."
                  </td>
                  <td valign='top'>
                     <div style='height: 130px; position:relative;'>
                        <h3>".$myrow['ptitl']."</h3>
                        <br />
                        ".$myrow['pdesc']."<br />
                        ".$myrow['ppric']."<br />
                        ".$pp."<br />
                        <div style='bottom:10px; position:absolute; left: 10px;'>
                           Qty: <input maxlength='3' id='i_qty_".$x."' name='i_qty_".$x."' size='2' type='text' value='".$key."' />
                           <a href='#' onclick=\"edit_cart(".$myrow['pseqn'].",document.getElementById('i_qty_".$x."').value)\" style='cursor: pointer;'>Update</a>
                           &nbsp; <a href='?page=Basket&amp;del_item=".$myrow['pseqn']."' title=''>Del</a>
                        </div>
                     </div>
                  </td>
               </tr>\n";
         } // end if
      } // end if
   } // end foreach

   $d_tot = $tota;
   if (eregi("/.",$tota)) {
      $tota = explode(".",$tota);
      $tota = $tota[0].$tota[1];
   } else {
      $tota = $tota."00";
   } // end if

   echo "</table>\n";
   if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
      echo "<div style='bottom: -3px; position:absolute;'>
         <img alt='' border='0' height='8px' src='images/info_bl.jpg' width='8px' />
      </div>
      <div style='bottom: -3px; position:absolute; right: 0px;'>
         <img alt='' border='0' height='8px' src='images/info_br.jpg' width='8px' />
      </div>\n";
   } // end if
   echo "</div>\n";
?>
<center>
<?php
   if (!isset($_GET['Check']) && !isset($_GET['Payed'])) {
      $query = "SELECT * FROM users WHERE useqn=".$_SESSION['web_user_id'];
      $result = mysql_query($query)
                 or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      if ($myrow = mysql_fetch_array($result)) {
         $querys = "SELECT MAX(oseqn) FROM orders WHERE ouser=".$_SESSION['web_user_id'];
         $results = mysql_query($querys) 
                    or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$querys</i>");
         if ($myrows = mysql_fetch_array($results)) {
            $max = $myrows['MAX(oseqn)'];
         } // end if
?>
   <form method='post' action='?page=Basket&amp;Check=true'>

      <input type='hidden' name='PAYGATE_ID' value='10011013800' />
      <input type='hidden' name='REFERENCE' value='<?php echo "INV_".$_SESSION['web_user_id']."_".++$max;?>' />
      <input type='hidden' name='AMOUNT' value='<?php echo $tota;?>' />
      <input type='hidden' name='CURRENCY' value='ZAR' />
      <input type='hidden' name='RETURN_URL' value='http://www.northdakota.co.za/sample/?page=Basket&amp;Payed=true' />
      <input type='hidden' name='TRANSACTION_DATE' value='<?php echo gmstrftime("%Y-%m-%d %H:%M");?>' />
      <input type='hidden' name='encryption_key' value='secret' />

      <fieldset style='padding: 10px; text-align: left; width: 200px;'>
         <legend>Delivery Details</legend>

         <label>Street Address</label><br />
         <input type='text' name='street' value='<?php echo $myrow['ustre'];?>' /><br />

         <label>City</label><br />
         <input type='text' name='city' value='<?php echo $myrow['ucity'];?>' /><br />

         <label>Province</label><br />
         <input type='text' name='province' value='<?php echo $myrow['uprov'];?>' /><br />

         <label>Code</label><br />
         <input type='text' name='code' value='<?php echo $myrow['ucode'];?>' /><br />

         <label>Email</label><br />
         <input type='text' name='EMAIL' value='<?php echo $myrow['umail'];?>' /><br />

         <p align='center'>
            <br /><input type='submit' name='submit' value='Calculate Checksum' />
         </p>
      </fieldset>
   </form>
<?php
      } // end if
   } elseif (isset($_GET['Check'])) {
      /*
         Read values from previous form.
         These variables and the checksum calculated below are used to
         populate the hidden fields further down this page.
      */
      $PAYGATE_ID=$_POST['PAYGATE_ID'];
      $REFERENCE=$_POST['REFERENCE'];
      $AMOUNT=$tota;
      $CURRENCY=$_POST['CURRENCY'];
      $RETURN_URL=$_POST['RETURN_URL'];
      $TRANSACTION_DATE=$_POST['TRANSACTION_DATE'];
      $EMAIL = $_POST['EMAIL'];

      $encryption_key = $_POST['encryption_key'];

      $checksum_source = $PAYGATE_ID."|".$REFERENCE."|".$AMOUNT."|".$CURRENCY."|".$RETURN_URL."|".$TRANSACTION_DATE."|";
      if ($EMAIL) $checksum_source .= $EMAIL."|";
      $checksum_source .= $encryption_key;

      $CHECKSUM = md5($checksum_source);
/*
      echo $PAYGATE_ID;
      echo $REFERENCE;
      echo $AMOUNT;
      echo $CURRENCY;
      echo $RETURN_URL;
      echo $TRANSACTION_DATE;
      echo $CHECKSUM;
      echo $encryption_key;
      echo $checksum_source;
*/
?>
   <form action="https://www.paygate.co.za/paywebv2/process.trans" method="post">
         <br />Order is generated, Please proceed to the Payment Gateway to finalise the transaction.<br />
         Your order Total is R <?php echo number_format($d_tot, 2, '.', '');?><br />

         <input type="hidden" name="PAYGATE_ID" value="<?php echo $PAYGATE_ID;?>">
         <input type="hidden" name="REFERENCE" value="<?php echo $REFERENCE;?>">
         <input type="hidden" name="AMOUNT" value="<?php echo $AMOUNT;?>">
         <input type="hidden" name="CURRENCY" value="<?php echo $CURRENCY;?>">
         <input type="hidden" name="RETURN_URL" value="<?php echo $RETURN_URL;?>">
         <input type="hidden" name="TRANSACTION_DATE" value="<?php echo $TRANSACTION_DATE;?>">
         <input type="hidden" name="EMAIL" value="<?php echo $EMAIL;?>">
         <input type="hidden" name="CHECKSUM" value="<?php echo $CHECKSUM;?>">
         <input type="submit" name="btnSubmit" value="Submit">
   </form>
<?php
   } elseif (isset($_GET['Payed'])) {
      /*
         Set the secret key below; it should be the same value that was
         entered in the 'Secret Key' field on 'pg_paywebv2_php_input.php'
      */
      $encryption_key = "secret";

      /*
         Read values from the PayWeb payment form.
         They will be used to calculate the checksum to ensure that the
         data we've got back is valid.
      */

      $PAYGATE_ID=$_POST['PAYGATE_ID'];
      $REFERENCE=$_POST['REFERENCE'];
      $AMOUNT=$_POST['AMOUNT'];
      $TRANSACTION_STATUS=$_POST['TRANSACTION_STATUS'];
      $RESULT_CODE=$_POST['RESULT_CODE'];
      $RESULT_DESC=$_POST['RESULT_DESC'];
      $AUTH_CODE=$_POST['AUTH_CODE'];
      $TRANSACTION_ID=$_POST['TRANSACTION_ID'];
      $CHECKSUM=$_POST['CHECKSUM'];
      $RISK_INDICATOR=$_POST['RISK_INDICATOR'];

      $checksum_source = $PAYGATE_ID."|".$REFERENCE."|".$TRANSACTION_STATUS."|".$RESULT_CODE."|".$AUTH_CODE."|".$AMOUNT."|".$RESULT_DESC."|".$TRANSACTION_ID."|";
      if ($RISK_INDICATOR) $checksum_source .= $RISK_INDICATOR."|";
      $checksum_source .= $encryption_key;

      $test_checksum = md5($checksum_source);

      if ($TRANSACTION_STATUS==2) {
         $order_seqn = explode("INV_".$_SESSION['web_user_id']."_",$REFERENCE);
         $query = "UPDATE orders SET oacti=2, ocode='".$RESULT_CODE."', odesc='".$RESULT_DESC."', oe_dt='".date("Y-m-d H:i:s")."' WHERE ouser=".$_SESSION['web_user_id']." AND oseqn=".$order_seqn[1];
         $result = mysql_query($query) 
                    or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      } else {
         $order_seqn = explode("INV_".$_SESSION['web_user_id']."_",$REFERENCE);
         $query = "UPDATE orders SET oacti=0, ocode='".$RESULT_CODE."', odesc='".$RESULT_DESC."', oe_dt='".date("Y-m-d H:i:s")."' WHERE ouser=".$_SESSION['web_user_id']." AND oseqn=".$order_seqn[1];
         $result = mysql_query($query) 
                    or die(mysql_error()."<br><b>error</b>: failed to execute query <i>$query</i>");
      } // end if

      echo "<p>".$RESULT_DESC."</p>";
/*
   if ($test_checksum != $CHECKSUM) {
             The checksums do not match: the calculated checksum is:<br>
             echo $test_checksum;<br />
   } else {
             Checksums match OK<br />
   }
   echo $PAYGATE_ID;<br />
   echo $REFERENCE;<br />
   echo $TRANSACTION_STATUS;<br />
   echo $RESULT_CODE;<br />
   echo $RESULT_DESC;<br />
   echo $AUTH_CODE;<br />
   echo $AMOUNT;<br />
   echo $TRANSACTION_ID;<br />
   if ($RISK_INDICATOR) {
             echo $RISK_INDICATOR;<br />
   } else {
             Risk Indicator Not Returned<br />
   }
   echo $CHECKSUM;<br />
   echo $encryption_key;<br />
   echo $checksum_source;<br />
*/
?>
<?php
   } // end if
} // end if
?>
</center>

Edited by INF-P: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.