wishlist

<? include "db.php";

function createcode($length = 8, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890')
{
    $chars_length = (strlen($chars) - 1);
    $string = $chars{rand(0, $chars_length)};
    for ($i = 1; $i < $length; $i = strlen($string))
    {
        $r = $chars{rand(0, $chars_length)};
        if ($r != $string{$i - 1}) $string .=  $r;
    }
    return $string;
}

if (!$_SESSION[cartid] AND ($_POST[update_product] OR $_GET[loadcode])) {
    //echo "<script>alert('cart setup!')</script>";
    getmycartcode();
}

function getmycartcode() {

    $mycart = mysql_query("SELECT id,basketcode FROM wishlistsaved WHERE sesid = '$sesid'");
    $cart = mysql_fetch_assoc($mycart);

    $sesid = session_id();

    if (!$cart[id]) {
        while ($usecode == false) {
            $basketcode = createcode();
            $findcode = mysql_query("SELECT id FROM wishlistsaved WHERE basketcode = '$sesid'");
            if (mysql_num_rows($findcode) == 0) { $usecode = true; }
        }
        mysql_query("INSERT INTO wishlistsaved (sesid, expires, basketcode) VALUES ('$sesid', NOW() + INTERVAL 14 DAY, '$basketcode')");
        $_SESSION[cartid] = $basketcode;
    } else {
        $_SESSION[cartid] = $cart[basketcode];
    }


    //delete old wishlists!
    $deletethese = mysql_query("SELECT sesid,id FROM wishlistsaved WHERE expires <= NOW()");
    while ($delete = mysql_fetch_assoc($deletethese)) {
        mysql_query("DELETE FROM wishlistbasket WHERE sesid = '$delete[sesid]'");
        mysql_query("DELETE FROM wishlistsaved WHERE id = '$delete[id]'");
    }
}

if ($_POST[updatebasket]) {

    $mybasket = mysql_query("SELECT * FROM wishlistbasket WHERE sesid = '$sesid' ORDER BY pid,qid,oid ASC");
    while ($item = mysql_fetch_assoc($mybasket)) {
        $postname = $item[pid]."_".$item[qid]."_".$item[oid];
        $thisqty = $_POST[$postname];
        if ($thisqty) {
            mysql_query("UPDATE wishlistbasket SET qty = '$thisqty' WHERE sesid = '$sesid' AND id = '$item[id]'")or die(mysql_error());
        } else {
            mysql_query("DELETE FROM wishlistbasket WHERE id = '$item[id]' AND sesid = '$sesid'")or die(mysql_error());
        }

    }
    header("Location: index.php?id=3&basket=true");
    exit;
}

if ($_GET[clearall]) {
    mysql_query("DELETE FROM wishlistbasket WHERE sesid = '$sesid'");
}

if ($_POST[update_product]) {

    $productid = $_POST[productid];
    $get_product_quantities = mysql_query("SELECT * FROM product_quantities WHERE product_id='$productid' ORDER BY id ASC") or die(mysql_error());
    while ($product_quantity = mysql_fetch_assoc($get_product_quantities)) {

        $get_product_options = mysql_query("SELECT * FROM product_options WHERE quantity_id='$product_quantity[id]' ORDER BY id ASC");
        while ($product_option = mysql_fetch_assoc($get_product_options)) {
            $postname = $productid."_".$product_quantity[id]."_".$product_option[id];
            $thisqty = $_POST[$postname];
                $item = mysql_query("SELECT * FROM wishlistbasket WHERE sesid = '$sesid' AND pid = '$productid' AND qid = '$product_quantity[id]' AND oid = '$product_option[id]'");
                    if (mysql_num_rows($item) == 0) {
                        $noitem = true;
                        echo "no item<br />";
                    } else {
                        $noitem = false;
                        echo "item found<br />";
                    }
                if ($thisqty) {
                    if ($noitem) { //doesnt exist yet so add it to basket
                        echo "insert<br />";
                        mysql_query("INSERT INTO wishlistbasket (sesid, pid, qid, oid, qty) VALUES ('$sesid','$productid','$product_quantity[id]','$product_option[id]','$thisqty')")or die(mysql_error());
                    } else { //already exists so update basket!
                        echo "update<br />";
                        mysql_query("UPDATE wishlistbasket SET qty = '$thisqty' WHERE sesid = '$sesid' AND pid = '$productid' AND qid = '$product_quantity[id]' AND oid = '$product_option[id]'")or die(mysql_error());
                    }
                } else { //no post item found but found in basket so delete from basket!
                    echo "delete<br />";
                    if (!$noitem) { mysql_query("DELETE FROM wishlistbasket WHERE sesid = '$sesid' AND pid = '$productid' AND qid = '$product_quantity[id]' AND oid = '$product_option[id]'")or die(mysql_error()); }
                }
        }
    }

    header("Location: index.php?id=3&productid=$productid");
    exit;
}

if ($_GET[loadcode]) {
    $mycode = $_GET[loadcode];

    if ($mycode == $_SESSION[cartid]) {
          echo "<br />The code you entered is the same as the code already loaded.<br /><input type=\"text\" name=\"loadcode\" id=\"loadcode\" value=\"$mycode\" class=\"loadcode\" />";
          exit;
    }

    $mycart = mysql_query("SELECT sesid,id FROM wishlistsaved WHERE basketcode = '$mycode'");
    $cart = mysql_fetch_assoc($mycart);

    if (mysql_num_rows($mycart) == 0) { //did not find code!
        echo "<br />Sorry the code you entered wasn't found, please check the code and try again...<br /><input type=\"text\" name=\"loadcode\" id=\"loadcode\" value=\"$mycode\" class=\"loadcode\" />";
    } else { //found code and do stuff!
        echo "<br />Code successful, your wish list has been loaded and the code '$mycode'<br />is valid for another 14 days to use again.<br />";
        $getitems = mysql_query("SELECT * FROM wishlistbasket WHERE sesid = '$cart[sesid]'");
        while ($item = mysql_fetch_assoc($getitems)) {
            $searchitems = mysql_query("SELECT * FROM wishlistbasket WHERE sesid = '$sesid' AND pid = '$item[pid]' AND qid = '$item[qid]' AND oid = '$item[oid]'")or die(mysql_error());
            if (mysql_num_rows($searchitems) == 1) {
                $searched = mysql_fetch_assoc($searchitems);
                $newqty = $searched[qty] + $quote[qty] + $sample[qty];
                mysql_query("UPDATE wishlistbasket SET qty = '$newqty' WHERE sesid = '$sesid' AND pid = '$item[pid]' AND qid = '$item[qid]' AND oid = '$item[oid]'")or die(mysql_error());
            } else {
                mysql_query("INSERT INTO wishlistbasket (sesid, pid, qid, oid, qty) VALUES ('$sesid','$item[pid]','$item[qid]','$item[oid]','$quote[qty]','$sample[qty]')")or die(mysql_error());
            }
        }
        mysql_query("UPDATE wishlistsaved SET expires = NOW() + INTERVAL 14 DAY WHERE id = '$cart[id]'");
    }
    exit;

}

if ($_GET[myemail]) {

    $message = "<font face=Tahoma size=2>Your wish list code is: $_SESSION[cartid]<br /><br />For an updated view of whats in your wish list please type your code into our website: http://www.dtrmedical.com/products/ <br /><br />Many Thanks,<br />DTR Medical</font>";
    $headers = "From: [email protected]\r\n" .
           'X-Mailer: PHP/' . phpversion() . "\r\n" .
           "MIME-Version: 1.0\r\n" .
           "Content-Type: text/html; charset=utf-8\r\n" .
           "Content-Transfer-Encoding: 8bit\r\n\r\n";

    mail($_GET[myemail],'Your DTRMedical Wishlist Code',$message,$headers);

    echo "<br />Your code has been sent to: <b>$_GET[myemail]</b>";

    exit;
}

if ($_GET[newcode]) {

if ($_SESSION[cartid]) {
    $mycart = mysql_query("SELECT * FROM wishlistsaved WHERE sesid = '$sesid'");
    $cart = mysql_fetch_assoc($mycart);

    if ($cart[id]) { $currentcart = "<br />
    Your current wish list code is: <strong>$cart[basketcode]</strong>, insert your new code below:
    <br />"; }

}

?>
<div id="msgbox_title">Load Wish List...<div id="closeme" onclick="jQuery(document).trigger('close.facebox')">x</div></div>
<form method="post">
<div id="msgbox_body">Here you can load a previous wish list by using the code that was provided to you,<br />remember these codes expire 14 days after being created.
<br />
<div id="newcode">
<? echo $currentcart; ?>
<input type="text" name="loadcode" id="loadcode" class="loadcode" />
</div></div>
<div id="msgbox_actions"><input type="button" onclick="loadmycode()" value="Load Code" /></div>
</form>
<script>
function loadmycode() {
        var thiscode = $("#loadcode").val();
        $("#newcode").html('<br />loading code...<br />');
            $('#newcode').load('wishlist.php?loadcode='+thiscode, "",
                function(responseText, textStatus, XMLHttpRequest) {
                    if(textStatus == 'error') {
                        var msg = "Error:<br />";
                        $("#newcode").html(msg + xhr.status + " " + xhr.statusText);
                    }
                }
            );
}
</script>
<? } else if ($_GET[addproduct]) {

$productid = $_GET[addproduct];
$get_product_quantities = mysql_query("SELECT * FROM product_quantities WHERE product_id='$productid' ORDER BY id ASC") or die(mysql_error());

?>
<form method="post" action="wishlist.php">
<input type="hidden" name="update_product" value="true" />
<input type="hidden" name="productid" value="<? print $productid; ?>" />
<div id="msgbox_title">Please tick if you would like a quote and/or sample<div id="closeme" onclick="jQuery(document).trigger('close.facebox')">x</div></div>
<div id="msgbox_body">
<table border="0" cellpadding="0" cellspacing="5" align="center" style="border-collapse:separate!IMPORTANT;">
<?php
    while ($product_quantity = mysql_fetch_assoc($get_product_quantities)) {
?>

    <tr>
        <td colspan="4" style="padding:0px 9px">
            <strong><?php echo $product_quantity['quantity_name']; ?>:</strong>
        </td>
    </tr>
<?php
    $get_product_options = mysql_query("SELECT * FROM product_options WHERE quantity_id='$product_quantity[id]' ORDER BY id ASC");
    if (mysql_num_rows($get_product_options)==0) {
        echo "<tr><td colspan='4'>No products in this quantity</td></tr>";
    } else {
?>
        <tr>
        <td style="width: 10px;">&nbsp;</td>
        <td style="width: 50px;"><span style="color: #aaa;">Quote:</span></td>
        <td style="width: 50px;"><span style="color: #aaa;">Sample:</span></td>
        <td style="width: 380px;"><span style="color: #aaa;">Description:</span></td>
        <td>&nbsp;</td>
    </tr>

<?php
    while ($product_option = mysql_fetch_assoc($get_product_options)) {
    $thisitem = mysql_query("SELECT * FROM wishlistbasket WHERE sesid = '$sesid' AND pid = '$productid' AND qid = '$product_quantity[id]' AND oid = '$product_option[id]'");
  $item = mysql_fetch_assoc($thisitem);
  $quote[qty] = 1;
  $sample[qty] = 1;
?>
    <tr>
        <td></td>
        <td align="center" valign="middle" style="background-color:#C3DCCD;">
            <input style="margin:5px;" type="checkbox" name="<? echo $productid."_".$product_quantity[id]."_".$product_option[id]; ?>" value="<? echo $quote[qty]; ?>" />
        </td>
        <td align="center" valign="middle" style="background-color:#D3C4DF;">
            <input style="margin:5px;" type="checkbox" name="<? echo $productid."_".$product_quantity[id]."_".$product_option[id]; ?>" value="<? echo $sample[qty]; ?>" />
        </td>
        <td style="font-size:11px;background-color:#efefef;"><p style="margin:0px 0px 5px 0px;padding:5px;"><span style="color:#663399;font-weight:bold;"><?php echo $product_option['product_code']; ?></span> <?php echo $product_option['description']; ?></p>
        </td>
        <td>&nbsp;</td>
    </tr>
<?php
    } // END while ($product_option = mysql_fetch_assoc( ...

    } // END if (mysql_num_rows($get_product_options)==0) ... else
?>
    <tr colspan="4"><td>&nbsp;</td></tr>
<?php
    } // END while ($product_quantity = mysql_fetch_assoc ...
?>
<script language="JavaScript">
function toggle(source) {
  checkboxes = document.getElementsByName(source.name);
  for(var i in checkboxes)
    checkboxes[i].checked = source.checked;
}
</script>

    <tr>
        <td>&nbsp;</td>
        <td valign="middle" align="center" style="background-color:#efefef;"><input style="margin-top:5px;" type="checkbox" onClick="toggle(this)" name="products-quote" value="" /></td>
        <td valign="middle" align="center" style="background-color:#efefef;"><input style="margin-top:5px;" type="checkbox" onClick="toggle(this)" name="products-sample" value="" /></td>
        <td style="background-color:#efefef;"><p style="margin:0px 0px 5px 0px;padding:5px;"><b>Select all</b></p></td>
        <td>&nbsp;</td>
    </tr>
</table>

</div>
<div id="msgbox_actions"><input type="submit" value="Add To Wish List" /></div>
</form>
<? } else if ($_GET[basket]) { ?>
<div id="msgbox_title">Your Wish List<div id="closeme" onclick="jQuery(document).trigger('close.facebox')">x</div></div>
<form method="post" action="wishlist.php">
<div id="msgbox_body" style="max-height:400px;min-height:100px;overflow-y:auto;overflow-x:hidden;">
<input type="hidden" name="updatebasket" value="1" />
<table border="0" cellpadding="0" cellspacing="5" align="center" style="min-width:390px;border-collapse:separate!IMPORTANT;">
<?

    $mycart = mysql_query("SELECT * FROM wishlistsaved WHERE sesid = '$sesid'");
    $cart = mysql_fetch_assoc($mycart);

    $mybasket = mysql_query("SELECT * FROM wishlistbasket WHERE sesid = '$sesid' ORDER BY pid,qid,oid ASC");
    if (mysql_num_rows($mybasket) == 0) { echo "<tr><td><br /><br /><center>There are no items in your wish list.</center></td></tr>"; $listempty = true; }
    while ($item = mysql_fetch_assoc($mybasket)) {

        if ($thispid <> $item[pid]) {
            $products = mysql_query("SELECT product_name FROM products WHERE id = '$item[pid]'");
            $product = mysql_fetch_assoc($products);

            if ($thispid <> "") { $br = "<br />"; }

            echo "<tr><td colspan=\"5\" style=\"text-align: left;\">$br<strong style=\"font-size:14px;\">$product[product_name]</strong></td></tr>";
            $thispid = $item[pid];
        }

        if ($thisqid <> $item[qid]) {
            $quanities = mysql_query("SELECT quantity_name FROM product_quantities WHERE id = '$item[qid]'");
            $thisqty = mysql_fetch_assoc($quanities);

            echo "<!-- <tr><td colspan=\"5\"><strong style=\"display:block;padding-top:5px;\">$thisqty[quantity_name]</strong></td></tr> -->";
            $thisqid = $item[qid];
        }

        $get_product_options = mysql_query("SELECT * FROM product_options WHERE id = '$item[oid]' ORDER BY id ASC");
        $product_option = mysql_fetch_assoc($get_product_options);

        ?>
      <tr>
          <!-- <td style="padding:0px 2px;"><input type="textbox" class="textbox" value="<? echo $item[qty]; ?>" name="<? echo $item[pid]."_".$item[qid]."_".$item[oid]; ?>" /></td> -->
          <td align="center" valign="middle" style="background-color:#C3DCCD;"><input style="margin:5px;" type="checkbox" name="<? echo $item[pid]."_".$item[qid]."_".$item[oid]; ?>" value="<? echo $quote[qty]; ?>" /></td>
          <td align="center" valign="middle" style="background-color:#D3C4DF;"><input style="margin:5px;" type="checkbox" name="<? echo $item[pid]."_".$item[qid]."_".$item[oid]; ?>" value="<? echo $sample[qty]; ?>" /></td>
          <td style="font-size:11px;background-color:#efefef;"><p style="margin:0px 0px 5px 0px;padding:5px;"><span style="color:#663399;font-weight:bold;"><?php echo $product_option['product_code']; ?></span> <?php echo $product_option['description']; ?></p></td>
          <td style="font-size:11px;background-color:#efefef;"><p style="margin:0px 0px 5px 0px;padding:5px; font-weight:bold;"><?php echo $thisqty[quantity_name]; ?></p></td>
      </tr>
        <?

    }

?>
</table>
</div>
<script>
function quoteme() {
        $("#msgbox_body").html('<div id="contactform"><form class="form" method="POST" action="http://www.dtrmedical.com"><table border="0"><tbody><tr><td><p class="name"><label for="name">Your Name<span style="color:red;">*</span>:</label></p></td><td>&nbsp;</td><td><input type="text" name="name" id="name" /></td></tr><tr><td><p class="hospital"><label for="hospital">Hospital/Institution:</label></p></td><td>&nbsp;</td><td><input type="text" name="hospital" id="hospital" /></td></tr><tr><td><p class="department"><label for="department">Department:</label></p></td><td>&nbsp;</td><td><input type="text" name="department" id="department" /></td></tr><tr><td><p class="email"><label for="email">E-mail<span style="color:red;">*</span>:</label></p></td><td>&nbsp;</td><td><input type="text" name="email" id="email" /></td></tr><tr><td><p class="tel"><label for="tel">Telephone<span style="color:red;">*</span>:</label></p></td><td>&nbsp;</td><td><input type="text" name="tel" id="tel" /></td></tr><tr><td colspan="3" align="center"><p class="submit"><input style=\"margin-left:27px;cursor:pointer;\" onclick="jQuery.facebox({ ajax: (\'wishlist.php?emailme=true&name=\' + this.form.name.value + \'&email=\' + this.form.email.value + \'&tel=\' + this.form.tel.value + \'&hospital=\' + this.form.hospital.value + \'&department=\' + this.form.department.value) }); return false;" type="submit" value="Send enquiry" name="submit" /></p></td><td>&nbsp;</td><td>&nbsp;</td></tr></tbody></table></form></div>');
        $("#msgbox_actions").html('<input onclick="jQuery.facebox({ ajax: \'wishlist.php?basket=true\' })" type="button" value="Back to Wishlist" />');
}
</script>
<? if (!$listempty) { ?>
<div id="msgbox_actions"><input onclick="quoteme()" type="button" value="Request quote" /> <!-- <input onclick="jQuery.facebox({ ajax: 'wishlist.php?emailme=true' })" type="button" value="Save list for later" /> --> <input type="submit" value="Update Qty's" /> <input onclick="jQuery.facebox({ ajax: 'wishlist.php?basket=true&clearall=true' })" type="button" value="Clear list" /></div>
<? } ?>
</form>
</div>
<? } ?>

<?php
// if send email
if(isset($_GET['emailme']) && $_GET['emailme'] == 'true') {
    // to and subject
    $to = "[email protected]";
    $subject = "DTR Medical website - Product enquiry";

    // get these from query string
    $name_field = $_GET['name'];
    $hospital_field = $_GET['hospital'];
    $department_field = $_GET['department'];
    $email_field = $_GET['email'];
    $tel_field = $_GET['tel'];

    // get wishlist
    $query = "SELECT w.*, p.product_name, q.quantity_name, o.product_code, o.description
                FROM wishlistbasket w, products p, product_quantities q, product_options o
                WHERE sesid = '$sesid' AND w.pid = p.id AND w.qid = q.id AND w.oid = o.id ORDER BY w.pid, w.qid, w.oid";
    $res = mysql_query($query);
    $wish_list = '';
    if($res){
        while($row = mysql_fetch_assoc($res))
            $wish_list .= $row['product_name'] . ', ' . $row['quantity_name'] . ', ' . $row['qty'] . ', ' . $row['product_code'] . ', ' . $row['product_options'] . "\n";
    }

    // build mail body
    $body = "DTR Medical,\n\n

    You have an enquiry from the website, please see the details below:\n\n
    Name: $name_field\n
    Hospital/institution: $hospital_field\n
    Department: $department_field\n
    E-Mail: $email_field\n
    Tel: $tel_field\n
    Wishlist:\n $wish_list";
    mail($to, $subject, $body);
    echo "<div style=\"margin:20px;\">Thank you for your enquiry. We will be in touch within 48 hours.<br /> <br />If you would like to get in touch regarding your enquiry then please call us on:<br /> +44 (0) 1792 79 79 10<br /><br /><div onclick=\"location.href='/products\" style=\"margin-left:135px;cursor: pointer; margin-top: 10px; border-top-left-radius: 5px 5px; border-top-right-radius: 5px 5px; border-bottom-right-radius: 5px 5px; border-bottom-left-radius: 5px 5px; background-color:#663399; width: 143px; height: 30px;\"><a style=\"  color:white;display:block;float:right;height:26px;margin-top:4px;padding-left:0px;padding-top:5px;width:120px;\" href=\"/products\" class=\"basket\">Back to products</a></div></div>";}
?>