Sindbad~EG File Manager
<?php
session_start();
require_once('DB.php');
require_once('query.php');
require_once('dates.php');
if(is_null($_GET['OrderID']))
{ $OrderID = 0;
}
else
{ $OrderID = $_GET['OrderID'];
}
include ('include/head.php');
function display_address($FirstName,$LastName,$Address,$City, $State, $Zip, $Country)
{ if($Country == "US")
{ echo "$FirstName $LastName<br> $Address <br> $City, $State $Zip";
}
else
{ echo "$FirstName $LastName<br> $Address <br>$Zip $City $State <br> $Country";
}
}
function cleanup_database()
// delete all records pertaining to customers with no first/last name
{ $sql = "SELECT CustomerID FROM Customers WHERE ContactFirstName='' AND ContactLastName='';";
$q = query($sql);
while($q->fetchInto($row3))
{ $CustomerID = $row3[0];
$sql = "DELETE FROM Customers WHERE CustomerID = '$CustomerID';";
query($sql);
$sql = "SELECT OrderID FROM Orders WHERE CustomerID='$CustomerID';";
$q3 = query($sql);
while($q3->fetchInto($row4))
{ $sql = "DELETE FROM `Order Details` WHERE OrderID='$OrderID';";
query($sql);
}
$sql = "DELETE FROM Orders WHERE CustomerID='$CustomerID';";
query($sql);
}
}
function delete_beeson()
// delete all customers with email beeson@cruzio.com
{ $sql = "SELECT CustomerID FROM Customers WHERE Email='beeson@cruzio.com';";
$q = query($sql);
while($q->fetchInto($row3))
{ $CustomerID = $row3[0];
$sql = "DELETE FROM Customers WHERE CustomerID = '$CustomerID';";
query($sql);
$sql = "SELECT OrderID FROM Orders WHERE CustomerID='$CustomerID';";
$q3 = query($sql);
while($q3->fetchInto($row4))
{ $sql = "DELETE FROM `Order Details` WHERE OrderID='$OrderID';";
query($sql);
}
$sql = "DELETE FROM Orders WHERE CustomerID='$CustomerID';";
query($sql);
}
}
function display_order($row)
// called inside a <tr> to display an order in one row of a table
/* Database structure of the Orders table is as follows:
`OrderID` INT NOT NULL AUTO_INCREMENT,
`CustomerID` INT NOT NULL,
`EmployeeID` INT NOT NULL,
`OrderDate` DATE NOT NULL,
`PurchaseOrderNumber` VARCHAR(30),
`ShipFirstName` VARCHAR(50) NOT NULL,
`ShipLastName` VARCHAR(50) NOT NULL,
`ShipAddress` VARCHAR(255),
`ShipCity` VARCHAR(50),
`ShipStateOrProvince` VARCHAR(50),
`ShipPostalCode` VARCHAR(20) NOT NULL,
`ShipCountry` VARCHAR(50),
`ShipPhoneNumber` VARCHAR(30),
`ShipDate` DATE,
`ShippingMethodID` INT NOT NULL,
`FreightCharge` DECIMAL(19,2),
`SalesTaxRate` DOUBLE DEFAULT 0.000000000000000e+000,
`Status` VARCHAR(20),
# status can be "fresh", "authorized", "downloaded", "to be shipped", or "shipped"
*/
{ $OrderID = $row[0];
$CustomerID = $row[1];
$OrderDate = $row[3];
$PurchaseOrderNumber = $row[4];
$ShipFirstName = $row[5];
$ShipLastName = $row[6];
$ShipAddress = $row[7];
$ShipCity = $row[8];
$ShipStateOrProvince = $row[9];
$ShipPostalCode = $row[10];
$ShipCountry = $row[11];
$ShipPhoneNumber = $row[12];
$ShippingMethodID = $row[14];
$FreightCharge = $row[15];
$Status = $row[17];
cleanup_database();
delete_beeson();
$sql = "SELECT Products.ShortName, Quantity, ShippingMethod FROM `Order Details`, Orders, Products,`Shipping Methods` WHERE `Order Details`.OrderID='$OrderID' AND `Order Details`.ProductID = Products.ProductID AND Orders.ShippingMethodID=`Shipping Methods`.ShippingMethodID;";
$q = query($sql);
$q->fetchInto($row2);
$Product = $row2[0];
$Quantity = $row2[1];
$ShippingMethod = $row2[2];
echo "<td> $OrderDate </td>";
echo "<td> $ShippingMethod </td>";
echo "<td> $Quantity $Product </td>";
$sql = "SELECT * FROM Customers WHERE CustomerID='$CustomerID';";
$q = query($sql);
$q->fetchInto($row2);
$CompanyName = $row2[1];
$ContactFirstName = $row2[2];
$ContactLastName = $row2[3];
$BillingAddress=$row2[4];
$City = $row2[5];
$StateOrProvince=$row2[6];
$PostalCode=$row2[7];
$Country = $row2[8];
$ContactTitle = $row2[9];
$PhoneNumber = $row2[10];
$FaxNumber = $row2[11];
$Email = $row2[12];
$Nojunkmail = $row2[13];
echo "<td>";
display_address($ContactFirstName , $ContactLastName, $BillingAddress, $City, $StateOrProvince, $PostalCode, $Country);
if($PhoneNumber != "")
{ echo "<br>";
echo "$PhoneNumber <br>";
}
echo "</td><td>";
display_address($ShipFirstName , $ShipLastName, $ShipAddress, $ShipCity, $ShipStateOrProvince, $ShipPostalCode,$Country);
echo "<td>$Email</td>";
echo "<td>$Status </td";
}
?>
<body onmousemove="closesubnav(event);">
<?php include ('include/body.php'); ?>
<?php $_SESSION['ReferringPage'] = $_SERVER['HTTP_REFERER'];
?>
<div class="style1" id="pageName">
<p></p>
<h2>Vendita </h2>
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/>
</div>
<div class="style1" id="content">
<table border="1" cellpadding="1" cellspacing="1" bordercolor="#111111" width="96%" id="AutoNumber1">
<tr>
<th scope="col" >Data dell'ordine</th>
<th scope="col" >Metodo di pagamento</th>
<th scope="col" >Prodotto </th>
<th scope="col" >Fattura a </th>
<th scope="col" >Spedisci a </th>
<th scope="col" >Posta elettronica </th>
<th scope="col" >Stato </th>
</tr>
<?php
if($OrderID == 0)
{ $sql = "SELECT * FROM Orders;";
$q = query($sql);
echo "<tr>";
while($q->fetchInto($row))
{ echo "<tr>";
display_order($row);
echo "</tr>";
}
}
else
{ $sql = "$SELECT * FROM Orders WHERE OrderID = '$OrderID';";
$q = query($sql);
$q->fetchInto($row);
display_order($row);
}
?>
</table>
</div>
<?php include ('include/footer.php'); ?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists