<?phpinclude('db.php');define('SESSION_TIMEOUT_LENGTH',216000); //set t

1. <?php
2. include('db.php');
3.  
4.  
5. define('SESSION_TIMEOUT_LENGTH',216000); //set to 1 hour
6. define('MYSQL_DATE_FORMAT',"'%b %d, %Y'");
7.  
8.  
9. //echo current(explode(".",basename($SCRIPT_NAME)));
10.  
11.  
12. if(current(explode(".",basename($SCRIPT_NAME))) != 'product_details' && current(explode(".",basename($SCRIPT_NAME))) != 'login' && current(explode(".",basename($SCRIPT_NAME))) != 'show_inventory' && current(explode(".",basename($SCRIPT_NAME))) != 'reset_password' && current(explode(".",basename($SCRIPT_NAME))) != 'new_arrivals' && current(explode(".",basename($SCRIPT_NAME))) != 'new_arrivalsX' && current(explode(".",basename($SCRIPT_NAME))) != 'search'){
13.  
14. session_start(); //calling session
15.  
16. chk_sess();
17.  
18.  
19. }
20.  
21. class objSession {
22. var $uName;
23. var $fName;
24. var $uType;
25. var $uLevel;
26. var $uID;
27. var $authenticated;
28. var $exp_time;
29.  
30. function objSession() {
31.  
32.  
33. }
34.  
35. function get_uName() {
36. return $this->uName;
37. }
38.  
39. function set_uName($value) {
40. $this->uName = $value;
41. }
42.  
43. function get_fName() {
44. return $this->fName;
45. }
46.  
47. function set_fName($value) {
48. $this->fName = $value;
49. }
50.  
51.  
52. function get_uLevel() {
53. return $this->uLevel;
54. }
55.  
56.  
57. function set_uID($value) {
58. $this->uID = $value;
59. }
60.  
61. function get_uID() {
62. return $this->uID;
63. }
64.  
65.  
66. function set_uLevel($value) {
67. $this->uLevel = $value;
68. }
69.  
70.  
71. function authenticated() {
72. return $this->authenticated;
73. }
74.  
75. function authenticate($value) {
76. $this->authenticated = $value;
77. }
78.  
79. function expired() {
80. return (time()>$this->exp_time);
81. }
82.  
83. function get_expTime() {
84. return $this->exp_time;
85. }
86.  
87. function set_exp_time() {
88. $this->exp_time = time() + SESSION_TIMEOUT_LENGTH;
89. }
90.  
91. }
92.  
93.  
94.  
95. function login($uName, $pswd) {
96. //global $sess; //use the globally defined session var
97.  
98. //check user name & password
99. $objDB = new Database();
100. $objDB->query("SELECT users.* FROM users WHERE users.user_name='$uName' AND users.user_pass = PASSWORD('$pswd') AND active = 'Y'");
101.  
102.  
103.  
104. if ($objDB->numRows()) {//user found set uLevel and uType Return true
105. session_start();
106. $sess = new objSession();
107. $_SESSION['sess'] = $sess; //add sess to the session
108. //$sess = new sess(); //spawn the class
109. $_SESSION['sess']->authenticate(1); //authorize
110. $_SESSION['sess']->set_exp_time(); //set login timeout
111. $_SESSION['sess']->set_uName($objDB->getField(0,"user_name"));
112. $_SESSION['sess']->set_uID($objDB->getField(0,"id"));
113. $_SESSION['sess']->set_uLevel($objDB->getField(0,"user_level"));
114.  
115. $objDB->query( "UPDATE users SET last_login = NOW() WHERE id =".$_SESSION["sess"]->get_uID() );
116. header("Location:inventory.php");
117. }
118. else
119. header("Location:index.php?msg=Bad+Login");
120. return 0; //no record returned
121.  
122. }
123.  
124. function chk_sess() {
125. //global $sess; //use the globally defined session var
126.  
127.  
128. if (!isset($_SESSION['sess'])) { //is the session open?
129. unset($_SESSION['sess']);
130. session_destroy();
131. header("Location:index.php?msg=Session+not+found");
132. echo "error code no session";
133. do_login("Please Login");
134. showError(3);
135. return 0;
136. }
137. else
138. if (!$_SESSION['sess']->authenticated()) { //has the session been authenticated? (not really needed)
139. unset($_SESSION['sess']);
140. session_destroy();
141. echo "auth fail";
142. header("Location:index.php?msg=Failed+to+authorize+session");
143. showError(2);
144. return 0;
145. }
146. else
147. if ($_SESSION['sess']->expired()) { //has the session expired?
148. unset($_SESSION['sess']);
149. session_destroy();
150. header("Location:index.php?msg=Session+Expired");
151. showError(3);
152. echo "error code session expired<br>".time()."<br>".$sess->get_expTime();
153. do_login("Session Expired");
154. return 0;
155. }
156. else {
157. $_SESSION['sess']->set_exp_time(); //session is ok and update expire time.
158. return 1;
159. }
160.  
161. }
162.  
163.  
164. function showError($id) {
165.  
166. switch($id) {
167.  
168. case 1: $errStr = 'Error Connecting to Database';
169.  
170. case 2: $errStr = 'Error Querying Database';
171.  
172. }
173.  
174.  
175. echo $errStr;
176. //there's an error so kill the session
177.  
178. @$old_user = $_SESSION['sess']->get_uName();
179. @$_SESSION['sess']->authenticate(0);
180. @$res_unreg = session_unregister("sess");
181. @session_unset();
182. @$res_dest = session_destroy();
183.  
184.  
185.  
186. }
187.  
188. function chkFrm(&$err,&$pValues) {
189. $errColor= 'error';
190. foreach( $_POST as $key => $value) {
191.  
192. switch ($key[0]) {
193. case 't':
194. $value=trim($value);
195. if (empty($value)) { $errStr.= 'fill in the form!!<br>';
196. $err[$key]=$errColor;
197. } //else $err[$i]='';
198. $pValues[$key] = $value;
199. break;
200. case 'p':
201. $value=trim($value);
202. if (empty($value)) { $errStr.= 'fill in the form!!<br>';
203. $err[$key]=$errColor;
204. } //else $err[$i]='';
205. $tmp = 'r_'.substr($key,2);
206. if (trim($_POST[$tmp])!=$value) {$errStr.= 'fill in the form!!<br>';
207. $err[$tmp]=$errColor;$err[$key]=$errColor;
208. }
209. $pValues[$key] = $value;
210. break;
211. case 'r':
212. $value=trim($value);
213. if (empty($value)) { $errStr.= 'fill in the form!!<br>';
214. $err[$key]=$errColor;
215. } //else $err[$i]='';
216. $pValues[$key] = $value;
217. break;
218. case 'f':
219. if (!is_numeric($value)) { $errStr.= 'fill in the form with a number<br>';
220. $err[$key]=$errColor;}
221. //else $err[$i]='';
222. $pValues[$key] = stripslashes($value);
223. break;
224. case 'i':
225. if (!is_numeric($value)){ $errStr.= 'fill in the form with an integer<br>';
226. $err[$key]=$errColor;}
227. //else $err[$i]='';
228. $pValues[$key] = stripslashes($value);
229. break;
230. default:
231. //$err[$i]='';
232. $pValues[$key] = stripslashes($value);
233. }
234. //echo $key .' = '.$value.' '.$i.' = '.$err[$i].'<br>';
235. }
236.  
237. if (empty($err)) {
238.  
239. return 1;
240.  
241. } else {
242.  
243. return 0;
244.  
245. }
246. }
247.  
248. function createQueryFromArray(&$arrayValues) {
249.  
250. foreach($arrayValues as $key=>$value) {
251.  
252. $query .= $query ? ' , ':'';
253.  
254. if(substr($key,1,1)=='_') {
255.  
256. $query.=substr($key,2);
257.  
258. }
259.  
260. $query .= " = '".addslashes($value)."'";
261.  
262. }
263.  
264. return $query;
265.  
266. }
267.  
268.  
269. function make_password($length,$strength=0) {
270. $vowels = 'aeiouy';
271. $consonants = 'bdghjlmnpqrstvwxz';
272. if ($strength & 1) {
273. $consonants .= 'BDGHJLMNPQRSTVWXZ';
274. }
275. if ($strength & 2) {
276. $vowels .= "AEIOUY";
277. }
278. if ($strength & 4) {
279. $consonants .= '0123456789';
280. }
281. if ($strength & 8) {
282. $consonants .= '@#$%^';
283. }
284. $password = '';
285. $alt = time() % 2;
286. srand(time());
287. for ($i = 0; $i < $length; $i++) {
288. if ($alt == 1) {
289. $password .= $consonants[(rand() % strlen($consonants))];
290. $alt = 0;
291. } else {
292. $password .= $vowels[(rand() % strlen($vowels))];
293. $alt = 1;
294. }
295. }
296. return $password;
297. }
298.  
299.  
300.  
301. function determinePrice($price,$por,$fullText=0) {
302.  
303. if($por=='Y') {
304.  
305. $field = $fullText?'Price on request':'POR';
306.  
307. } else {
308.  
309. $field = '$'.number_format(stripslashes($price), 2, '.', ',');
310.  
311. }
312.  
313.  
314. return $field;
315. }
316.  
317.  
318. function getCallout($catID,&$objDB) {
319. if(is_numeric($catID)) {
320.  
321. $query = "SELECT call_out FROM categories WHERE id = $catID LIMIT 1";
322. $objDB->query($query);
323. $output = $objDB->getField();
324.  
325. } else {
326.  
327. $query = "SELECT * FROM new_arrival_callout";
328. $objDB->query($query);
329. $output = $objDB->getField();
330.  
331.  
332. }
333.  
334. $output = empty($output) ? '':$output;
335.  
336. return stripslashes($output);
337. }
338.  
339. function getCategories(&$objDB) {
340.  
341.  
342. $query = "SELECT id,name,call_out FROM categories ORDER BY display_order";
343.  
344. $objDB->query($query);
345.  
346. return $objDB->getRows();
347.  
348. }
349.  
350. function createCategoriesPulldown($fieldName,$fieldValue,&$objDB) {
351.  
352.  
353. $query="SELECT id,name FROM categories ORDER BY id";
354.  
355. $objDB->query($query);
356.  
357. $output='';
358.  
359. while($row = $objDB->getRow()) {
360.  
361. $output.='<option value="'.$row['id'].'"';
362.  
363. if($row['id'] == $fieldValue) {
364.  
365. $output.=' selected ';
366.  
367. }
368.  
369. $output.='>'.stripslashes($row['name']).'</option>';
370.  
371. }
372.  
373. return '<select name="'.$fieldName.'" onchange="loadForm(this.form)"><option></option>'.$output.'</select>';
374. }
375.  
376.  
377.  
378.  
379. function createSubNav($catID,&$objDB) {
380.  
381. $query = "SELECT id,name,display_order FROM subcategories WHERE catID = $catID ORDER BY display_order";
382.  
383. $objDB->query($query);
384.  
385. if($objDB->numRows()) {
386.  
387. while($row = $objDB->getRow()) {
388.  
389. $output .='<div><a href="show_inventory.php?catID='.$catID.'&subcatID='.$row['id'].'" '.((!isset($_GET['subcatID']) && $row['display_order']==1)?' class="subnavcurrent" ':($_GET['subcatID']==$row['id']?' class="subnavcurrent"':'')).'>'.stripslashes($row['name']).'</a></div>';
390.  
391. }
392.  
393. }
394.  
395. return $output;
396. }
397.  
398. function getSubCatName($id,$subCatID='',&$objDB) {
399.  
400. if(is_numeric($id)) {
401.  
402. if(is_numeric($subCatID)) {
403.  
404. $query = "SELECT name FROM subcategories WHERE id = $subCatID";
405. $objDB->query($query);
406.  
407. } else {
408.  
409. $query = "SELECT name FROM subcategories WHERE catID = $id AND display_order=1";
410. $objDB->query($query);
411.  
412. }
413.  
414. return stripslashes($objDB->getField());
415. }
416.  
417. }
418.  
419. function handleSortClause() {
420.  
421. switch($_GET['sort']) {
422.  
423.  
424.  
425. case 'mo':
426. $sort = 'model,author';
427. break;
428.  
429. case 'x':
430. $sort = 'gauge,caliber';
431. break;
432.  
433. default:
434. $sort = 'manufacturer,title';
435. break;
436.  
437. }
438. return $sort;
439.  
440. }
441.  
442.  
443.  
444. function isTableClosed($text) {
445.  
446. $temp = substr($text,-2,1);
447.  
448. //echo $temp;
449.  
450. if($temp) {
451. switch($temp) {
452.  
453. case '3':
454. case '4':
455. case 'e':
456. case '"':
457. return 1;
458. break;
459.  
460. default:
461. return 0;
462. break;
463.  
464. }
465. } else {
466.  
467. return 1;
468.  
469. }
470.  
471. }
472.  
473.  
474. function createArrivalItemList($items,$full=1,$new=0,$prefix='',$images='',$showtable=0) {
475.  
476.  
477. $displayFields = array(1=>array('*manufacturer','*model','gauge','note','barrel_length','choke1','choke2','condition'),
478. 2=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
479. 3=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
480. 4=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
481. 5=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
482. 6=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
483. 7=>array('*manufacturer','*model','caliber','note','contents','condition'),
484. 8=>array('*manufacturer','*model','note','condition'),
485. 9=>array('*manufacturer','*model','note','condition'),
486. 10=>array('*title','author','pages','binding','notes','condition'),
487. 11=>array('*manufacturer','*model','note','condition'),
488. 12=>array('*manufacturer','*model','note','condition'),
489. 13=>array('*manufacturer','*model','caliber','note','barrel_length','condition','ffl'),
490. 14=>array('*manufacturer','*model','caliber','note','barrel_length','condition','ffl'));
491.  
492. $currentSubCategory ='';
493. $currentCat = '';
494. $currentDate ='';
495.  
496. if (is_array($items)) {
497. //print_r($items);
498. $currentSubCategory = $items[0]['sub_cat'];
499. $currentCat = '';
500. $currentDate = '';
501. $newDate ='';
502.  
503. //$output = '<table border="'.$showtable.'" width="740">';
504. foreach($items as $row) {
505.  
506.  
507. if($new) {
508.  
509. if(($currentDate != $row['add_date']) && !$prefix) {
510.  
511. $output.=!isTableClosed($output)?'</table>':'';
512.  
513. $output.='<h3 align="center" style="clear:both;">'.$row['add_date'].'</h3>';
514.  
515. $currentDate = $row['add_date'];
516. $output.='<h4 align="center" style="clear:both;">'.$row['category'].'</h4>';
517. $output.='<table border="'.$showtable.'" width="740">';
518.  
519. $currentCat = $row['category'];
520.  
521. }
522.  
523. if($currentCat != $row['category']) {
524.  
525. $output.=!isTableClosed($output)?'</table>':'';
526.  
527. $output.='<h4 align="center" style="clear:both;">'.$prefix.$row['category'].'</h4>';
528. $output.='<table border="'.$showtable.'" width="740">';
529.  
530. $currentCat = $row['category'];
531.  
532.  
533.  
534. }
535.  
536. }
537.  
538. if(stripslashes($row['subcategory']) != $currentSubCategory) {
539.  
540.  
541. $output.='<a name="'.$currentSubCategory.'"></a><h4 style="clear:both;"><font face="Arial, Helvetica, sans-serif" size="3"><b><u>'.$currentSubCategory.'</u></b></font></h4>';
542. $output.='<table border="'.$showtable.'" width="740">'.$tmp.'</table>';
543. $currentSubCategory = stripslashes($row['sub_cat']);
544.  
545. $tmp='';
546.  
547. }
548.  
549. //$tmp ='';
550. $output.='<tr>';
551. if($new && $row['has_images']=='Y'&& is_array($images)) {
552.  
553. $output.='<td><a href="product_details.php?itemID='.$row['itemID'].'"><img src="../'.$images[$row['itemID']].'" border="0"/></a></td>';
554.  
555. }
556.  
557. $output.='<td>';
558. for($i=0;$i<count($displayFields[$row['catID']]);$i++) {
559.  
560.  
561. if($displayFields[$row['catID']][$i]{0}=='*') {
562.  
563. $output.='<strong>'.$row[substr($displayFields[$row['catID']][$i],1)].'</strong> ';
564.  
565. } else {
566.  
567. $output.=$row[$displayFields[$row['catID']][$i]].' ';
568.  
569. }
570.  
571. }
572.  
573.  
574.  
575.  
576.  
577. $output.=determinePrice($row['retail'],$row['por'],1);
578. $output.=' ';
579.  
580.  
581.  
582. if($row['has_images']=='Y' && $full) {
583.  
584. $output.='<br><a href="product_details.php?itemID='.$row['itemID'].'">see photos</a> ' ;
585.  
586. }
587.  
588. $output.='Item# '.$row['item_num'].' <a href="mailto:info@collectorsfirearms.com?subject='.$row['item_num'].'">Request Info</a><br/>';
589.  
590. $output.='</td></tr>';
591. //$output .= '<p style="clear:both;">'.$tmp.'</p>';
592.  
593. }
594.  
595.  
596. }
597.  
598. if(!empty($tmp)) {
599.  
600. $output.='<h4 align="center" style="clear:both;">'.$prefix.$currentCat.'</h4>';
601. $output.='<table border="'.$showtable.'" width="740">'.$tmp.'</table>';
602.  
603. }
604. if($new) {
605.  
606. // $output='<h3 align="center" style="clear:both;">'.$newDate.'</h3>'."\n$output";
607.  
608. }
609. return $output.'</table>';
610.  
611.  
612. }
613.  
614. function createItemList($items,$full=1,$new=0,$prefix='',$images='',$showtable=0) {
615.  
616.  
617. $displayFields = array(1=>array('*manufacturer','*model','gauge','note','barrel_length','choke1','choke2','condition'),
618. 2=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
619. 3=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
620. 4=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
621. 5=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
622. 6=>array('*manufacturer','*model','caliber','note','barrel_length','condition'),
623. 7=>array('*manufacturer','*model','caliber','note','contents','condition'),
624. 8=>array('*manufacturer','*model','note','condition'),
625. 9=>array('*manufacturer','*model','note','condition'),
626. 10=>array('*title','author','pages','binding','notes','condition'),
627. 11=>array('*manufacturer','*model','note','condition'),
628. 12=>array('*manufacturer','*model','note','condition'),
629. 13=>array('*manufacturer','*model','caliber','note','barrel_length','condition','ffl'),
630. 14=>array('*manufacturer','*model','caliber','note','barrel_length','condition','ffl'));
631.  
632. $currentSubCategory ='';
633. $currentCat = '';
634. $currentDate ='';
635.  
636. if (is_array($items)) {
637. // print_r($items);
638. $currentSubCategory = $items[0]['sub_cat'];
639. $currentCat = $items[0]['category'];
640. $currentDate = '';
641. $newDate = $currentDate;
642. foreach($items as $row) {
643.  
644.  
645. if($new) {
646.  
647. if(($currentDate != $row['add_date']) && !$prefix) {
648.  
649. $output.='<h3 align="center" style="clear:both;">'.$currentDate.'</h3>';
650. if(!empty($tmp)) {
651.  
652. $output.='<h4 align="center" style="clear:both;">'.$prefix.$currentCat.'</h4>';
653. $output.='<table border="'.$showtable.'" width="740">'.$tmp.'</table>';
654. $currentCat = $row['category'];
655. $tmp='';
656. }
657. $currentDate = $row['add_date'];
658. //$currentCat='';
659. }
660.  
661. if($currentCat != $row['category']) {
662.  
663.  
664. $output.='<h4 align="center" style="clear:both;">'.$prefix.$currentCat.'</h4>';
665. $output.='<table border="'.$showtable.'" width="740">'.$tmp.'</table>';
666. $tmp='';
667. $currentCat = $row['category'];
668.  
669. }
670.  
671. }
672.  
673. if(stripslashes($row['subcategory']) != $currentSubCategory) {
674.  
675.  
676. $output.='<a name="'.$currentSubCategory.'"></a><h4 style="clear:both;"><font face="Arial, Helvetica, sans-serif" size="3"><b><u>'.$currentSubCategory.'</u></b></font></h4>';
677. $output.='<table border="'.$showtable.'" width="740">'.$tmp.'</table>';
678. $currentSubCategory = stripslashes($row['sub_cat']);
679.  
680. $tmp='';
681.  
682. }
683.  
684. //$tmp ='';
685. $tmp.='<tr>';
686. if($new && $row['has_images']=='Y'&& is_array($images)) {
687.  
688. $tmp.='<td><a href="product_details.php?itemID='.$row['itemID'].'"><img src="../'.$images[$row['itemID']].'" border="0"/></a></td>';
689.  
690. }
691.  
692. $tmp.='<td>';
693. for($i=0;$i<count($displayFields[$row['catID']]);$i++) {
694.  
695.  
696. if($displayFields[$row['catID']][$i]{0}=='*') {
697.  
698. $tmp.='<strong>'.$row[substr($displayFields[$row['catID']][$i],1)].'</strong> ';
699.  
700. } else {
701.  
702. $tmp.=$row[$displayFields[$row['catID']][$i]].' ';
703.  
704. }
705.  
706. }
707.  
708.  
709.  
710.  
711.  
712. $tmp.=determinePrice($row['retail'],$row['por'],1);
713. $tmp.=' ';
714.  
715.  
716.  
717. if($row['has_images']=='Y' && $full) {
718.  
719. $tmp.='<br><a href="product_details.php?itemID='.$row['itemID'].'">see photos</a> ' ;
720.  
721. }
722.  
723. $tmp.='Item# '.$row['item_num'].' <a href="mailto:info@collectorsfirearms.com?subject='.$row['item_num'].'">Request Info</a><br/>';
724.  
725. $tmp.='</td></tr>';
726. //$output .= '<p style="clear:both;">'.$tmp.'</p>';
727.  
728. }
729.  
730.  
731. }
732.  
733. if(!empty($tmp)) {
734.  
735. $output.='<h4 align="center" style="clear:both;">'.$prefix.$currentCat.'</h4>';
736. $output.='<table border="'.$showtable.'" width="740">'.$tmp.'</table>';
737.  
738. }
739. if($new) {
740.  
741. // $output='<h3 align="center" style="clear:both;">'.$newDate.'</h3>'."\n$output";
742.  
743. }
744. return $output;
745.  
746.  
747. }
748.  
749. function getImageList($itemID,&$objDB) {
750.  
751. if(is_array($itemID)) {
752.  
753.  
754. $whereClause = implode(',',$itemID);
755.  
756. } else {
757.  
758. $whereClause = $itemID;
759.  
760. }
761.  
762. $query = "SELECT
763. itemID,
764. REPLACE(path,'/','/tn_') AS image
765. FROM images
766. WHERE itemID in ($whereClause)
767. ORDER BY itemID,id";
768.  
769. $objDB->query($query);
770.  
771. if($objDB->numRows()) {
772. $currentID = -1;
773. while($row=$objDB->getRow()) {
774.  
775. if($row['itemID']!= $currentID) {
776.  
777. $images[$row['itemID']] = $row['image'];
778. $currentID = $row['itemID'];
779. }
780.  
781. }
782.  
783. }
784.  
785. //$images = $objDB->getRows();
786.  
787. return $images;
788.  
789. }
790.  
791.  
792. function createArrivalsList(&$objDB,$showImage=1) {
793.  
794.  
795. //get the featured items
796. $query = " SELECT i.id AS itemID,
797. c.name as `category`,
798. i.*,
799. IFNULL(i.notes,'') AS note,
800. DATE_FORMAT(i.creation_date,".MYSQL_DATE_FORMAT.") AS add_date
801. FROM items i
802. LEFT JOIN categories c ON c.id = i.catID
803. LEFT JOIN subcategories s ON s.id = i.subcatID
804. WHERE (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(i.creation_date) < 1814400) AND s.display_order = 1
805. ORDER BY c.display_order,i.creation_date DESC";
806.  
807. $objDB->query($query);
808.  
809. $items = $objDB->getRows();
810.  
811. if($objDB->numRows()) {
812.  
813.  
814. if($showImage) {
815.  
816. for($i=0; $i<count($items); $i++) {
817.  
818. $imageID[] = $items[$i]['itemID'];
819.  
820. }
821.  
822.  
823.  
824. $imageList = getImageList($imageID,$objDB);
825.  
826. } else {
827.  
828. $imageList ='';
829. }
830.  
831. $display = createArrivalItemList($items,1,1,'Featured ',$imageList,1);
832.  
833. }
834.  
835. //get the rest
836. $query = " SELECT i.id AS itemID,
837. c.name as `category`,
838. i.*,
839. IFNULL(i.notes,'') AS note,
840. DATE_FORMAT(i.creation_date,".MYSQL_DATE_FORMAT.") AS add_date,
841. DATE_FORMAT(i.creation_date,'%Y%m%d') as `sort_date`
842. FROM items i
843. LEFT JOIN categories c ON c.id = i.catID
844. LEFT JOIN subcategories s ON s.id = i.subcatID
845. WHERE (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(i.creation_date) < 1814400) AND s.display_order != 1
846. ORDER BY sort_date DESC, c.display_order";
847.  
848. $objDB->query($query);
849.  
850. $items = $objDB->getRows();
851.  
852. if($objDB->numRows()) {
853.  
854. if($showImage) {
855.  
856. for($i=0;$i<count($items);$i++) {
857.  
858. $imageID[] = $items[$i]['itemID'];
859.  
860. }
861. $imageList = getImageList($imageID,$objDB);
862.  
863. } else {
864.  
865. $imageList ='';
866. }
867.  
868. $display .= createArrivalItemList($items,1,1,'',$imageList,1);
869.  
870. }
871. //$display='<h3 align="center" style="clear:both;">'.$items[0]['add_date'].'</h3>'."\n$display";
872. return $display;
873.  
874. }
875.  
876. function findItems(&$objDB,$searchString) {
877.  
878. $searchString = '%'.mysql_escape_string($searchString).'%';
879.  
880. $query = "SELECT c.name,
881. s.name,
882. i.*,
883. i.id AS itemID,
884. IFNULL(i.notes,'') AS note
885. FROM items i
886. LEFT JOIN categories c ON c.id = i.catID
887. LEFT JOIN subcategories s ON s.id = i.subcatID
888. WHERE
889. c.name LIKE '$searchString' OR
890. s.name LIKE '$searchString' OR
891. i.item_num LIKE '$searchString' OR
892. i.serial_num LIKE '$searchString' OR
893. i.manufacturer LIKE '$searchString' OR
894. i.model LIKE '$searchString' OR
895. i.gauge LIKE '$searchString' OR
896. i.caliber LIKE '$searchString' OR
897. i.barrel_length LIKE '$searchString' OR
898. i.choke1 LIKE '$searchString' OR
899. i.choke2 LIKE '$searchString' OR
900. i.ffl LIKE '$searchString' OR
901. i.contents LIKE '$searchString' OR
902. i.title LIKE '$searchString' OR
903. i.author LIKE '$searchString' OR
904. i.pages LIKE '$searchString' OR
905. i.binding LIKE '$searchString' OR
906. i.condition LIKE '$searchString' OR
907. i.notes LIKE '$searchString'";
908.  
909. $objDB->query($query);
910.  
911. $items = $objDB->getRows();
912.  
913. return createItemList($items);
914.  
915.  
916.  
917. }
918.  
919.  
920. function getItemDisplayDetails(&$objDB,$itemID) {
921.  
922. if(is_numeric($itemID)) {
923.  
924. $query = "SELECT i.*,
925. IFNULL(i.notes,'') AS note
926. FROM items i
927.  
928. WHERE i.id = $itemID";
929. $objDB->query($query);
930.  
931. $i = $objDB->getRows();
932. $itemDetails = createItemList($i,0);
933.  
934. return $itemDetails;
935.  
936. }
937.  
938. }
939.  
940. function createInventoryList(&$objDB,$catID,$subCat=0) {
941.  
942. if($subCat ==0) {
943.  
944. $subCatClause = ' AND subcategories.display_order = 1';
945.  
946. } else {
947.  
948. $subCatClause =" AND i.subcatID = $subCat";
949.  
950. }
951.  
952. $query = "SELECT
953. i.catID,
954. i.id as itemID,
955. subcategories.name AS subcategory,
956. i.*,
957. IFNULL(i.notes,'') AS note
958.  
959.  
960. FROM items i
961. LEFT JOIN subcategories ON subcategories.id = i.subcatID
962. WHERE
963. i.catID = $catID $subCatClause
964. ORDER BY subcategories.display_order,".handleSortClause().", i.manufacturer,i.model,i.gauge,i.caliber";
965.  
966.  
967.  
968. $objDB->query($query);
969.  
970. $items = $objDB->getRows();
971.  
972. $displayList = createItemList($items);
973.  
974. return $displayList;
975. }
976.  
977.  
978.  
979.  
980. function getLastUpdateDate($catID,&$objDB) {
981.  
982. $query = "SELECT DATE_FORMAT(creation_date,'%W %M %D %Y') AS item_date FROM items i WHERE i.catID = $catID ORDER BY creation_date DESC LIMIT 1";
983.  
984. $objDB->query($query);
985.  
986. if($objDB->numRows()) {
987.  
988. return '<p align="center">Last updated on '.$objDB->getField().'</p>';
989.  
990. }
991.  
992. }
993.  
994.  
995. function getProductDetails($itemID,&$objDB) {
996.  
997. $query = "SELECT * FROM items WHERE id = $itemID";
998.  
999. $objDB->query($query);
1000.  
1001. $items = $objDB->getRows();
1002.  
1003. return createItemList($items,0);
1004.  
1005. }
1006.  
1007.  
1008.  
1009.  
1010. ?>