Projekt

Allgemein

Profil

GX-Bug #60762 » orders_edit.php

Moritz Bunjes, 09.01.2019 19:26

 
1
<?php
2
/* --------------------------------------------------------------
3
  orders_edit.php 2019-01-09
4
  Gambio GmbH
5
  http://www.gambio.de
6
  Copyright (c) 2019 Gambio GmbH
7
  Released under the GNU General Public License (Version 2)
8
  [http://www.gnu.org/licenses/gpl-2.0.html]
9

    
10
   IMPORTANT! THIS FILE IS DEPRECATED AND WILL BE REPLACED IN THE FUTURE. 
11
   MODIFY IT ONLY FOR FIXES. DO NOT APPEND IT WITH NEW FEATURES, USE THE
12
   NEW GX-ENGINE LIBRARIES INSTEAD.
13
  --------------------------------------------------------------
14

    
15
  based on:
16
  (c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
17
  (c) 2002-2003 osCommerce(orders.php,v 1.27 2003/02/16); www.oscommerce.com
18
  (c) 2003	 nextcommerce (orders.php,v 1.7 2003/08/14); www.nextcommerce.org
19
  (c) 2003 XT-Commerce - community made shopping http://www.xt-commerce.com ($Id: orders_edit.php,v 1.1)
20

    
21
  Released under the GNU General Public License
22
  ----------------------------------------------------------------------------------------- */
23

    
24
require('includes/application_top.php');
25

    
26
require_once(DIR_FS_CATALOG . 'gm/inc/set_shipping_status.php');
27

    
28
// Benoetigte Funktionen und Klassen Anfang:
29
require_once(DIR_WS_CLASSES . 'order.php');
30
require_once(DIR_FS_CATALOG . DIR_WS_CLASSES . 'xtcPrice.php');
31
require_once(DIR_FS_INC . 'xtc_get_tax_class_id.inc.php');
32
require_once(DIR_FS_INC . 'xtc_get_tax_rate.inc.php');
33
require_once(DIR_FS_INC . 'xtc_oe_get_options_name.inc.php');
34
require_once(DIR_FS_INC . 'xtc_oe_get_options_values_name.inc.php');
35
require_once(DIR_FS_INC . 'xtc_oe_customer_infos.inc.php');
36
// Benoetigte Funktionen und Klassen Ende
37

    
38
if(!$_GET['oID'])
39
{
40
	$_GET['oID'] = $_POST['oID'];
41
}
42

    
43
$order = new order($_GET['oID']);
44
$xtPrice = new xtcPrice($order->info['currency'], $order->info['status']);
45

    
46
/** @var OrderWriteService $orderWriteService */
47
$orderWriteService = StaticGXCoreLoader::getService('OrderWrite');
48

    
49
// Adressbearbeitung Anfang
50
if($_GET['action'] == "address_edit")
51
{
52
	// Since mandatory_state feature it is possible, that state dropdown doesn't exist or doesn't be displayed.
53
	// Therefor we need to check if the post data exists and initialize them, if not.
54
	if(!isset($_POST['customers_state']))
55
	{
56
		$_POST['customers_state'] = '';
57
	}
58
	if(!isset($_POST['delivery_state']))
59
	{
60
		$_POST['delivery_state'] = '';
61
	}
62
	if(!isset($_POST['billing_state']))
63
	{
64
		$_POST['billing_state'] = '';
65
	}
66
	
67
	$languageTextManager = MainFactory::create_object('LanguageTextManager', ['messages', $_SESSION['languages_id']]);
68
	$error               = false;
69
	
70
	/** @var CountryService $countryService */
71
	$countryService = StaticGXCoreLoader::getService('Country');
72
	$country 		= $countryService->findCountryByName(xtc_db_prepare_input($_POST['customers_country']));
73
	$zone 			= $countryService->getUnknownCountryZoneByName(xtc_db_prepare_input($_POST['customers_state']));
74
	
75
	if($countryService->countryHasCountryZones($country)
76
		&& $countryService->countryZoneExistsInCountry($zone, $country))
77
	{
78
		$zone = $countryService->getCountryZoneByNameAndCountry(xtc_db_prepare_input($_POST['customers_state']), $country);
79
	}
80
	
81
	try
82
	{
83
		$newCustomerAddress = MainFactory::create('AddressBlock', MainFactory::create('CustomerGender',
84
		                                                                              xtc_db_prepare_input($_POST['customers_gender'])),
85
		                                          MainFactory::create('CustomerFirstname',
86
		                                                              xtc_db_prepare_input($_POST['customers_firstname'])),
87
		                                          MainFactory::create('CustomerLastname',
88
		                                                              xtc_db_prepare_input($_POST['customers_lastname'])),
89
		                                          MainFactory::create('CustomerCompany',
90
		                                                              xtc_db_prepare_input($_POST['customers_company'])),
91
		                                          MainFactory::create('CustomerB2BStatus', false),
92
		                                          MainFactory::create('CustomerStreet',
93
		                                                              xtc_db_prepare_input($_POST['customers_street_address'])),
94
		                                          MainFactory::create('CustomerHouseNumber',
95
		                                                              xtc_db_prepare_input((string)$_POST['customers_house_number'])),
96
		                                          MainFactory::create('CustomerAdditionalAddressInfo',
97
		                                                              xtc_db_prepare_input((string)$_POST['customers_additional_info'])),
98
		                                          MainFactory::create('CustomerSuburb',
99
		                                                              xtc_db_prepare_input($_POST['customers_suburb'])),
100
		                                          MainFactory::create('CustomerPostcode',
101
		                                                              xtc_db_prepare_input($_POST['customers_postcode'])),
102
		                                          MainFactory::create('CustomerCity',
103
		                                                              xtc_db_prepare_input($_POST['customers_city'])),
104
		                                          $country, $zone);
105
	}
106
	catch(LengthException $e)
107
	{
108
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
109
		                              . $languageTextManager->get_text('TEXT_INVOICE_ADDRESS', 'orders_edit') . ': '
110
		                              . $languageTextManager->get_text('ERROR_LENGTH_EXCEPTION', 'orders_edit'));
111
		$error = true;
112
	}
113
	catch(InvalidArgumentException $e)
114
	{
115
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
116
		                              . $languageTextManager->get_text('TEXT_INVOICE_ADDRESS', 'orders_edit') . ': '
117
		                              . $languageTextManager->get_text('ERROR_ARGUMENT_EXCEPTION', 'orders_edit'));
118
		$error = true;
119
	}
120
	catch(UnexpectedValueException $e)
121
	{
122
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
123
		                              . $languageTextManager->get_text('TEXT_INVOICE_ADDRESS', 'orders_edit') . ': '
124
		                              . $languageTextManager->get_text('ERROR_VALUE_EXCEPTION', 'orders_edit'));
125
		$error = true;
126
	}
127
	
128
	try
129
	{
130
		$newDeliveryAddress = MainFactory::create('AddressBlock', MainFactory::create('CustomerGender',
131
		                                                                              xtc_db_prepare_input($_POST['delivery_gender'])),
132
		                                          MainFactory::create('CustomerFirstname',
133
		                                                              xtc_db_prepare_input($_POST['delivery_firstname'])),
134
		                                          MainFactory::create('CustomerLastname',
135
		                                                              xtc_db_prepare_input($_POST['delivery_lastname'])),
136
		                                          MainFactory::create('CustomerCompany',
137
		                                                              xtc_db_prepare_input($_POST['delivery_company'])),
138
		                                          MainFactory::create('CustomerB2BStatus', false),
139
		                                          MainFactory::create('CustomerStreet',
140
		                                                              xtc_db_prepare_input($_POST['delivery_street_address'])),
141
		                                          MainFactory::create('CustomerHouseNumber',
142
		                                                              xtc_db_prepare_input((string)$_POST['delivery_house_number'])),
143
		                                          MainFactory::create('CustomerAdditionalAddressInfo',
144
		                                                              xtc_db_prepare_input((string)$_POST['delivery_additional_info'])),
145
		                                          MainFactory::create('CustomerSuburb',
146
		                                                              xtc_db_prepare_input($_POST['delivery_suburb'])),
147
		                                          MainFactory::create('CustomerPostcode',
148
		                                                              xtc_db_prepare_input($_POST['delivery_postcode'])),
149
		                                          MainFactory::create('CustomerCity',
150
		                                                              xtc_db_prepare_input($_POST['delivery_city'])),
151
		                                          $countryService->findCountryByName(xtc_db_prepare_input($_POST['delivery_country'])),
152
		                                          $countryService->getUnknownCountryZoneByName(xtc_db_prepare_input($_POST['delivery_state'])));
153
	}
154
	catch(LengthException $e)
155
	{
156
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
157
		                              . $languageTextManager->get_text('TEXT_SHIPPING_ADDRESS', 'orders_edit') . ': '
158
		                              . $languageTextManager->get_text('ERROR_LENGTH_EXCEPTION', 'orders_edit'));
159
		$error = true;
160
	}
161
	catch(InvalidArgumentException $e)
162
	{
163
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
164
		                              . $languageTextManager->get_text('TEXT_SHIPPING_ADDRESS', 'orders_edit') . ': '
165
		                              . $languageTextManager->get_text('ERROR_ARGUMENT_EXCEPTION', 'orders_edit'));
166
		$error = true;
167
	}
168
	catch(UnexpectedValueException $e)
169
	{
170
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
171
		                              . $languageTextManager->get_text('TEXT_SHIPPING_ADDRESS', 'orders_edit') . ': '
172
		                              . $languageTextManager->get_text('ERROR_ARGUMENT_EXCEPTION', 'orders_edit'));
173
		$error = true;
174
	}
175
	
176
	try
177
	{
178
		$newBillingAddress = MainFactory::create('AddressBlock', MainFactory::create('CustomerGender',
179
		                                                                             xtc_db_prepare_input($_POST['billing_gender'])),
180
		                                         MainFactory::create('CustomerFirstname',
181
		                                                             xtc_db_prepare_input($_POST['billing_firstname'])),
182
		                                         MainFactory::create('CustomerLastname',
183
		                                                             xtc_db_prepare_input($_POST['billing_lastname'])),
184
		                                         MainFactory::create('CustomerCompany',
185
		                                                             xtc_db_prepare_input($_POST['billing_company'])),
186
		                                         MainFactory::create('CustomerB2BStatus', false),
187
		                                         MainFactory::create('CustomerStreet',
188
		                                                             xtc_db_prepare_input($_POST['billing_street_address'])),
189
		                                         MainFactory::create('CustomerHouseNumber',
190
		                                                             xtc_db_prepare_input((string)$_POST['billing_house_number'])),
191
		                                         MainFactory::create('CustomerAdditionalAddressInfo',
192
		                                                             xtc_db_prepare_input((string)$_POST['billing_additional_info'])),
193
		                                         MainFactory::create('CustomerSuburb',
194
		                                                             xtc_db_prepare_input($_POST['billing_suburb'])),
195
		                                         MainFactory::create('CustomerPostcode',
196
		                                                             xtc_db_prepare_input($_POST['billing_postcode'])),
197
		                                         MainFactory::create('CustomerCity',
198
		                                                             xtc_db_prepare_input($_POST['billing_city'])),
199
		                                         $countryService->findCountryByName(xtc_db_prepare_input($_POST['billing_country'])),
200
		                                         $countryService->getUnknownCountryZoneByName(xtc_db_prepare_input($_POST['billing_state'])));
201
	}
202
	catch(LengthException $e)
203
	{
204
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
205
		                              . $languageTextManager->get_text('TEXT_BILLING_ADDRESS', 'orders_edit') . ': '
206
		                              . $languageTextManager->get_text('ERROR_LENGTH_EXCEPTION', 'orders_edit'));
207
		$error = true;
208
	}
209
	catch(InvalidArgumentException $e)
210
	{
211
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
212
		                              . $languageTextManager->get_text('TEXT_BILLING_ADDRESS', 'orders_edit') . ': '
213
		                              . $languageTextManager->get_text('ERROR_ARGUMENT_EXCEPTION', 'orders_edit'));
214
		$error = true;
215
	}
216
	catch(UnexpectedValueException $e)
217
	{
218
		$GLOBALS['messageStack']->add($languageTextManager->get_text('ERROR_PRAEFIX', 'orders_edit') . ' '
219
		                              . $languageTextManager->get_text('TEXT_BILLING_ADDRESS', 'orders_edit') . ': '
220
		                              . $languageTextManager->get_text('ERROR_ARGUMENT_EXCEPTION', 'orders_edit'));
221
		$error = true;
222
	}
223
	
224
	if(!$error)
225
	{
226
		$orderWriteService->updateCustomerAddress(new IdType($_POST['oID']), $newCustomerAddress);
227
		$orderWriteService->updateDeliveryAddress(new IdType(xtc_db_prepare_input($_POST['oID'])), $newDeliveryAddress);
228
		$orderWriteService->updateBillingAddress(new IdType(xtc_db_prepare_input($_POST['oID'])), $newBillingAddress);
229
		
230
		$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
231
		                                               new StringType(EDIT_CHANGED_ADDRESS),
232
		                                               new IdType($_SESSION['customer_id']));
233
		
234
		$lang_query = xtc_db_query("SELECT languages_id FROM " . TABLE_LANGUAGES . " WHERE directory = '"
235
		                           . xtc_db_input($order->info['language']) . "'");
236
		$lang       = xtc_db_fetch_array($lang_query);
237
		
238
		$status_query = xtc_db_query("SELECT customers_status_name 
239
									FROM " . TABLE_CUSTOMERS_STATUS . " 
240
									WHERE 
241
										customers_status_id = '" . (int)$_POST['customers_status'] . "' AND 
242
										language_id = '" . (int)$lang['languages_id'] . "'");
243
		$status       = xtc_db_fetch_array($status_query);
244
		
245
		// Validate email address and show error message if its wrong.
246
		if(!filter_var($_POST['customers_email_address'], FILTER_VALIDATE_EMAIL))
247
		{
248
			$GLOBALS['messageStack']->add($languageTextManager->get_text('ENTRY_EMAIL_ADDRESS_CHECK_ERROR', 'general'));
249
			
250
			$_GET['edit_action'] = 'address';
251
		}
252
		else
253
		{
254
			$sql_data_array = array(
255
				'customers_vat_id'        => xtc_db_prepare_input($_POST['customers_vat_id']),
256
				'customers_status'        => xtc_db_prepare_input($_POST['customers_status']),
257
				'customers_status_name'   => xtc_db_prepare_input($status['customers_status_name']),
258
				'customers_telephone'     => xtc_db_prepare_input($_POST['customers_telephone']),
259
				'customers_email_address' => xtc_db_prepare_input($_POST['customers_email_address'])
260
			);
261
			
262
			$update_sql_data = array('last_modified' => 'now()');
263
			$sql_data_array  = xtc_array_merge($sql_data_array, $update_sql_data);
264
			xtc_db_perform(TABLE_ORDERS, $sql_data_array, 'update', 'orders_id = \'' . (int)$_POST['oID'] . '\'');
265
			xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=address&oID=' . (int)$_POST['oID']));
266
		}
267
	}
268
	else
269
	{
270
		$_GET['edit_action'] = 'address';
271
	}
272
}
273
// Adressbearbeitung Ende
274

    
275
// Artikeldaten einfuegen / bearbeiten Anfang
276

    
277
if(isset($_POST['update_stock']) && $_POST['update_stock'] === '1')
278
{
279
	switch($_GET['action'])
280
	{
281
		case 'product_edit':
282
		case 'product_ins':
283
		case 'product_delete':
284
			$t_old_products_quantity = 0;
285
			if(isset($_POST['old_products_quantity']))
286
			{
287
				$t_old_products_quantity = (double)$_POST['old_products_quantity'];
288
			}
289

    
290
			$t_new_stock = (double)$_POST['products_quantity'] - $t_old_products_quantity;
291

    
292
			$t_product_data = $order->get_product_array($_POST['opID']);
293
			
294
			$t_use_properties_combis_quantity = 0;
295
			if(isset($t_product_data['properties']))
296
			{
297
				$t_sql = 'SELECT use_properties_combis_quantity FROM ' . TABLE_PRODUCTS . ' WHERE products_id = "' . (int)$_POST['products_id'] . '"';
298
				$t_result = xtc_db_query($t_sql);
299
				if(xtc_db_num_rows($t_result) == 1)
300
				{
301
					$t_result_array = xtc_db_fetch_array($t_result);
302
					$t_use_properties_combis_quantity = $t_result_array['use_properties_combis_quantity'];
303
				}
304
				
305
				if($t_use_properties_combis_quantity == 0 || $t_use_properties_combis_quantity == 2)
306
				{
307
					$t_sql = 'UPDATE products_properties_combis 
308
								SET combi_quantity = (combi_quantity - ' . $t_new_stock . ') 
309
								WHERE products_properties_combis_id = "' . (int)$t_product_data['properties_combis_id'] . '"';
310
					xtc_db_query($t_sql);
311
					
312
					// set combi_shippingtime:
313
					set_shipping_status((int)$_POST['products_id'], (int)$t_product_data['properties_combis_id']);
314
				}
315
			}
316
			
317
			if($t_use_properties_combis_quantity == 0 || $t_use_properties_combis_quantity == 1)
318
			{
319
				// update product
320
				$t_sql = 'UPDATE ' . TABLE_PRODUCTS . ' SET products_quantity = (products_quantity - ' . $t_new_stock . ') WHERE products_id = "' . (int)$_POST['products_id'] . '"';
321
				xtc_db_query($t_sql);
322
				
323
				// set products_shippingtime:
324
				set_shipping_status((int)$_POST['products_id']);
325
				
326
				// update attributes
327
				$t_sql = 'SELECT a.products_attributes_id
328
							FROM
329
								' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' o,
330
								' . TABLE_PRODUCTS_ATTRIBUTES . ' a
331
							WHERE
332
								o.options_id = a.options_id AND
333
								o.options_values_id = a.options_values_id AND
334
								a.products_id = "' . (int)$_POST['products_id'] . '"
335
								AND o.orders_id="' . (int)$_POST['oID'] . '"';
336
				$t_result = xtc_db_query($t_sql);
337
				while($t_result_array = xtc_db_fetch_array($t_result))
338
				{
339
					$t_sql = 'UPDATE ' . TABLE_PRODUCTS_ATTRIBUTES . ' SET attributes_stock = (attributes_stock - ' . $t_new_stock . ') WHERE products_attributes_id = "' . $t_result_array['products_attributes_id'] . '"';
340
					xtc_db_query($t_sql);
341
				}
342
			}			
343

    
344
			break;
345
	}
346
}
347

    
348
// Artikel bearbeiten Anfang
349
if($_GET['action'] == "product_edit")
350
{
351
	$status_query = xtc_db_query("SELECT customers_status_show_price_tax FROM " . TABLE_CUSTOMERS_STATUS . " WHERE customers_status_id = '" . (int)$order->info['status'] . "'");
352
	$status = xtc_db_fetch_array($status_query);
353

    
354
	$final_price = $_POST['products_price'] * $_POST['products_quantity'];
355

    
356
	// Fetch old product's quantity value in order from database.
357
	$oldProductsQuantityQuery  = xtc_db_query("
358
		SELECT
359
			products_quantity
360
		FROM
361
			" . TABLE_ORDERS_PRODUCTS . "
362
		WHERE
363
			products_id = '" . (int)$_POST['products_id'] . "'
364
		AND
365
			orders_id = '". (int)$_POST['oID'] . "'
366
	");
367
	$oldProductsQuantityResult = xtc_db_fetch_array($oldProductsQuantityQuery);
368
	$oldProductsQuantityValue  = (int)$oldProductsQuantityResult['products_quantity'];
369

    
370
	// Fetch old product's ordered count value from database.
371
	$oldProductsOrderedQuery  = xtc_db_query("
372
		SELECT
373
			products_ordered
374
		FROM
375
			" . TABLE_PRODUCTS . "
376
		WHERE
377
			products_id = '" . (int)$_POST['products_id'] . "'
378
	");
379
	$oldProductsOrderedResult = xtc_db_fetch_array($oldProductsOrderedQuery);
380
	$oldProductsOrderedValue = (int)$oldProductsOrderedResult['products_ordered'];
381

    
382
	// New order's product quantity value.
383
	$newProductsQuantityValue = (int)$_POST['products_quantity'];
384

    
385
	// Difference of old and new products quantity value.
386
	$productsQuantityDifference = $oldProductsQuantityValue - $newProductsQuantityValue;
387

    
388
	// Assign new product ordered count value.
389
	if ($productsQuantityDifference < 0) {
390
		$newProductsOrderedValue = $oldProductsOrderedValue + abs($productsQuantityDifference);
391
	} else {
392
		$newProductsOrderedValue = $oldProductsOrderedValue - $productsQuantityDifference;
393
	}
394

    
395
	// Update new product ordered count value to database.
396
	$productsOrderedDataArray = array(
397
		'products_ordered' => $newProductsOrderedValue
398
	);
399
	xtc_db_perform(TABLE_PRODUCTS, $productsOrderedDataArray, 'update', 'products_id = \'' . (int)$_POST['products_id'] . '\'');
400

    
401
	// Update order products.
402
	$sql_data_array = array('orders_id' => xtc_db_prepare_input($_POST['oID']), 
403
							'products_id' => xtc_db_prepare_input($_POST['products_id']), 
404
							'products_name' => xtc_db_prepare_input($_POST['products_name']), 
405
							'products_price' => xtc_db_prepare_input($_POST['products_price']), 
406
							'products_discount_made' => '', 
407
							'final_price' => xtc_db_prepare_input($final_price), 
408
							'products_tax' => xtc_db_prepare_input($_POST['products_tax']), 
409
							'products_quantity' => xtc_db_prepare_input($_POST['products_quantity']), 
410
							'allow_tax' => xtc_db_prepare_input($status['customers_status_show_price_tax']));
411

    
412
	$update_sql_data = array('products_model' => xtc_db_prepare_input($_POST['products_model']));
413
	$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
414
	xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array, 'update', 'orders_products_id = \'' . (int)$_POST['opID'] . '\'');
415
	
416
	$query = 'SELECT unit_name FROM orders_products_quantity_units WHERE orders_products_id = ' . (int)$_POST['opID'];
417
	$result = xtc_db_query($query);
418
	if(xtc_db_num_rows($result))
419
	{
420
		$row = xtc_db_fetch_array($result);
421
		
422
		if($row['unit_name'] !== $_POST['products_quantity_unit'])
423
		{
424
			xtc_db_query('UPDATE orders_products_quantity_units 
425
							SET 
426
								quantity_unit_id = 0, 
427
								unit_name = "' . xtc_db_input($_POST['products_quantity_unit']) .'"
428
							WHERE orders_products_id = ' . (int)$_POST['opID']);
429
		}
430
	}
431
	else
432
	{
433
		xtc_db_query('INSERT INTO orders_products_quantity_units 
434
							SET 
435
								orders_products_id = ' . (int)$_POST['opID'] . ',
436
								quantity_unit_id = 0, 
437
								unit_name = "' . xtc_db_input($_POST['products_quantity_unit']) .'"');
438
	}
439
	
440
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
441
	                                               new StringType(EDIT_CHANGED_PRODUCT),
442
	                                               new IdType($_SESSION['customer_id']));
443
	
444
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&oID=' . (int)$_POST['oID']));
445
}
446
// Artikel bearbeiten Ende
447

    
448
// Artikel einfuegen Anfang
449
if($_GET['action'] == "product_ins")
450
{
451
	$status_query = xtc_db_query("SELECT customers_status_show_price_tax FROM " . TABLE_CUSTOMERS_STATUS . " WHERE customers_status_id = '" . (int)$order->info['status'] . "'");
452
	$status = xtc_db_fetch_array($status_query);
453

    
454
	$product_query = xtc_db_query("SELECT 
455
										p.products_model, 
456
										p.products_tax_class_id, 
457
										pd.products_name,
458
										pd.checkout_information,
459
										p.product_type,
460
										p.products_ordered,
461
										u.quantity_unit_id,
462
										ud.unit_name
463
									FROM 
464
										" . TABLE_PRODUCTS . " p, 
465
										" . TABLE_PRODUCTS_DESCRIPTION . " pd 
466
										LEFT OUTER JOIN products_quantity_unit AS u ON (u.products_id = " . (int)$_POST['products_id'] . ")
467
										LEFT OUTER JOIN quantity_unit_description AS ud ON (u.quantity_unit_id = ud.quantity_unit_id AND ud.language_id = " . (int)$_SESSION['languages_id'] . ")
468
									WHERE 
469
										p.products_id = '" . (int)$_POST['products_id'] . "' AND 
470
										pd.products_id = p.products_id AND 
471
										pd.language_id = '" . (int)$_SESSION['languages_id'] . "'");
472
	$product = xtc_db_fetch_array($product_query);
473

    
474
	$t_sql = 'SELECT
475
					ss.shipping_status_name
476
				FROM
477
					' . TABLE_PRODUCTS . ' p,
478
					' . TABLE_SHIPPING_STATUS . ' ss
479
				WHERE
480
					p.products_id = ' . $_POST['products_id'] . '
481
				AND
482
					p.products_shippingtime = ss.shipping_status_id
483
				AND
484
					ss.language_id = ' . $_SESSION['languages_id']
485
	;
486
	$t_result = xtc_db_query($t_sql);
487
	$t_shipping_time = xtc_db_fetch_array($t_result);
488

    
489
	$c_info = xtc_oe_customer_infos($order->customer['ID']);
490
	$tax_rate = xtc_get_tax_rate($product['products_tax_class_id'], $c_info['country_id'], $c_info['zone_id']);
491

    
492
	$xtPrice->setShowHiddenPrice(true);
493
	$price = $xtPrice->xtcGetPrice($_POST['products_id'], $format = false, $_POST['products_quantity'], $product['products_tax_class_id'], '', '', $order->customer['ID']);
494
	$xtPrice->setShowHiddenPrice(false);
495

    
496
	$orderItem = MainFactory::create('OrderItem', new StringType(xtc_db_prepare_input($product['products_name'])));
497
	
498
	$orderItem->setPrice(new DecimalType($price));
499
	$orderItem->setQuantity(new DecimalType(xtc_db_prepare_input($_POST['products_quantity'])));
500
	$orderItem->setTax(new DecimalType($tax_rate));
501
	$orderItem->setTaxAllowed(new BoolType((bool)(int)$status['customers_status_show_price_tax']));
502
	$orderItem->setProductModel(new StringType(xtc_db_prepare_input($product['products_model'])));
503
	$orderItem->setCheckoutInformation(new StringType(xtc_db_prepare_input($product['checkout_information'])));
504
	$orderItem->setShippingTimeInfo(new StringType(xtc_db_prepare_input((string)$t_shipping_time['shipping_status_name'])));
505
	$orderItem->setAddonValue(new StringType('productId'), new StringType(xtc_db_prepare_input($_POST['products_id'])));
506
	
507
	if(!empty($product['quantity_unit_id']))
508
	{
509
		$orderItem->setQuantityUnitName(new StringType($product['unit_name']));
510
		$orderItem->setAddonValue(new StringType('quantityUnitId'), new StringType((string)(int)$product['quantity_unit_id']));
511
	}
512
	
513
	$orderWriteService->addOrderItem(new IdType(xtc_db_prepare_input($_POST['oID'])), $orderItem);
514
	
515
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
516
	                                               new StringType(EDIT_ADDED_PRODUCT),
517
	                                               new IdType($_SESSION['customer_id']));
518

    
519
	// Update products ordered count.
520
	$newTotalCount = (int)$product['products_ordered'] + (int)$_POST['products_quantity'];
521
	$productsOrderedDataArray = array(
522
		'products_ordered' => $newTotalCount
523
	);
524
	xtc_db_perform(TABLE_PRODUCTS, $productsOrderedDataArray, 'update', 'products_id = \'' . (int)$_POST['products_id'] . '\'');
525
	
526
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&oID=' . (int)$_POST['oID']));
527
}
528
// Artikel einfuegen Ende
529
// Produkt Optionen bearbeiten Anfang
530
if($_GET['action'] == "product_option_edit")
531
{
532
	$sql_data_array = array('products_options' => xtc_db_prepare_input($_POST['products_options']), 
533
							'products_options_values' => xtc_db_prepare_input($_POST['products_options_values']), 
534
							'options_values_price' => (double)$_POST['options_values_price']);
535

    
536
	$update_sql_data = array('price_prefix' => xtc_db_prepare_input($_POST['prefix']));
537
	$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
538
	xtc_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array, 'update', 'orders_products_attributes_id = \'' . (int)$_POST['opAID'] . '\'');
539

    
540
	$products_query = xtc_db_query("SELECT 
541
										op.products_id, 
542
										op.products_quantity, 
543
										op.products_price, 
544
										op.allow_tax, 
545
										op.products_tax, 
546
										p.products_tax_class_id 
547
									FROM 
548
										" . TABLE_ORDERS_PRODUCTS . " op, 
549
										" . TABLE_PRODUCTS . " p 
550
									WHERE 
551
										op.orders_products_id = '" . (int)$_POST['opID'] . "' AND 
552
										op.products_id = p.products_id");
553
	$products = xtc_db_fetch_array($products_query);
554
	
555
	$products_old_price = $products['products_price'];
556
	
557
	$t_products_attributes_old_price = $_POST['options_values_old_price'];
558
	$t_products_attributes_new_price = $_POST['options_values_price'];
559
	
560
	if($products['allow_tax'] == 1)
561
	{
562
		$t_products_attributes_old_price = $xtPrice->xtcAddTax($t_products_attributes_old_price, $products['products_tax']);
563
		$t_products_attributes_new_price = $xtPrice->xtcAddTax($t_products_attributes_new_price, $products['products_tax']);
564
	}
565
	
566
	if($_POST['old_prefix'] == '-')
567
	{
568
		$t_products_attributes_old_price *= -1;
569
	}
570
	if($_POST['prefix'] == '-')
571
	{
572
		$t_products_attributes_new_price *= -1;
573
	}
574
	
575
	$price = $products_old_price - $t_products_attributes_old_price + $t_products_attributes_new_price;
576

    
577
	$final_price = $price * $products['products_quantity'];
578

    
579
	$sql_data_array = array('products_price' => xtc_db_prepare_input($price));
580
	$update_sql_data = array('final_price' => xtc_db_prepare_input($final_price));
581
	$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
582
	xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array, 'update', 'orders_products_id = \'' . (int)$_POST['opID'] . '\'');
583
	
584
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
585
	                                               new StringType(EDIT_CHANGED_PRODUCT_OPTION),
586
	                                               new IdType($_SESSION['customer_id']));
587
	
588
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=options&oID=' . (int)$_POST['oID'] . '&pID=' . (int)$products['products_id'] . '&opID=' . (int)$_POST['opID']));
589
}
590
// Produkt Optionen bearbeiten Ende
591

    
592
// Produkt Optionen einfuegen Anfang
593
if($_GET['action'] == "product_option_ins")
594
{
595
	$products_attributes_query = xtc_db_query("SELECT 
596
													options_id, 
597
													options_values_id, 
598
													options_values_price, 
599
													price_prefix 
600
												FROM " . TABLE_PRODUCTS_ATTRIBUTES . " 
601
												WHERE products_attributes_id = '" . (int)$_POST['aID'] . "'");
602
	$products_attributes = xtc_db_fetch_array($products_attributes_query);
603

    
604
	$products_options_query = xtc_db_query("SELECT products_options_name 
605
											FROM " . TABLE_PRODUCTS_OPTIONS . " 
606
											WHERE 
607
												products_options_id = '" . (int)$products_attributes['options_id'] . "' AND 
608
												language_id = '" . (int)$_SESSION['languages_id'] . "'");
609
	$products_options = xtc_db_fetch_array($products_options_query);
610

    
611
	$products_options_values_query = xtc_db_query("SELECT products_options_values_name 
612
													FROM " . TABLE_PRODUCTS_OPTIONS_VALUES . " 
613
													WHERE 
614
														products_options_values_id = '" . (int)$products_attributes['options_values_id'] . "' AND 
615
														language_id = '" . (int)$_SESSION['languages_id'] . "'");
616
	$products_options_values = xtc_db_fetch_array($products_options_values_query);
617

    
618
	$orderItemAttribute = MainFactory::create('OrderItemAttribute', 
619
	                                          new StringType(xtc_db_prepare_input($products_options['products_options_name'])),
620
	                                          new StringType(xtc_db_prepare_input($products_options_values['products_options_values_name'])));
621
	$orderItemAttribute->setPrice(new DecimalType($products_attributes['options_values_price']));
622
	$orderItemAttribute->setPriceType(new StringType($products_attributes['price_prefix']));
623
	$orderItemAttribute->setOptionId(new IdType($products_attributes['options_id']));
624
	$orderItemAttribute->setOptionValueId(new IdType($products_attributes['options_values_id']));
625
	
626
	$orderWriteService->addOrderItemAttribute(new IdType(xtc_db_prepare_input($_POST['opID'])), $orderItemAttribute);
627
	
628
	$products_query = xtc_db_query("SELECT 
629
										op.products_id, 
630
										op.products_quantity,
631
										op.products_price, 
632
										op.allow_tax, 
633
										op.products_tax,
634
										p.products_tax_class_id 
635
									FROM 
636
										" . TABLE_ORDERS_PRODUCTS . " op, 
637
										" . TABLE_PRODUCTS . " p 
638
									WHERE 
639
										op.orders_products_id = '" . (int)$_POST['opID'] . "' AND 
640
										op.products_id = p.products_id");
641
	$products = xtc_db_fetch_array($products_query);
642

    
643
	$products_a_query = xtc_db_query("SELECT 
644
											options_values_price, 
645
											price_prefix 
646
										FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " 
647
										WHERE orders_products_id = '" . (int)$_POST['opID'] . "' AND
648
											products_options LIKE '" . xtc_db_prepare_input($products_options['products_options_name']) . "' AND
649
											products_options_values LIKE '" . xtc_db_prepare_input($products_options_values['products_options_values_name']) . "'");
650
	$products_a = xtc_db_fetch_array($products_a_query);
651

    
652
	if(DOWNLOAD_ENABLED == 'true')
653
	{
654
		$attributes_query = "SELECT 
655
									popt.products_options_name,
656
									poval.products_options_values_name,
657
									pa.options_values_price,
658
									pa.price_prefix,
659
									pad.products_attributes_maxdays,
660
									pad.products_attributes_maxcount,
661
									pad.products_attributes_filename
662
								FROM 
663
									" . TABLE_PRODUCTS_OPTIONS . " popt, 
664
									" . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, 
665
									" . TABLE_PRODUCTS_ATTRIBUTES . " pa
666
									LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad ON (pa.products_attributes_id = pad.products_attributes_id)
667
								WHERE 
668
									pa.products_id = '" . (int)$products['products_id'] . "' AND 
669
									pa.options_id = '" . (int)$products_attributes['options_id'] . "' AND 
670
									pa.options_id = popt.products_options_id AND 
671
									pa.options_values_id = '" . (int)$products_attributes['options_values_id'] . "' AND 
672
									pa.options_values_id = poval.products_options_values_id AND 
673
									popt.language_id = '" . (int)$_SESSION['languages_id'] . "' AND 
674
									poval.language_id = '" . (int)$_SESSION['languages_id'] . "'";
675
		$attributes = xtc_db_query($attributes_query);
676

    
677
		$attributes_values = xtc_db_fetch_array($attributes);
678

    
679
		if(isset($attributes_values['products_attributes_filename']) && xtc_not_null($attributes_values['products_attributes_filename']))
680
		{
681
			$sql_data_array = array('orders_id' => (int)$_POST['oID'],
682
									'orders_products_id' => (int)$_POST['opID'], 
683
									'orders_products_filename' => $attributes_values['products_attributes_filename'], 
684
									'download_maxdays' => $attributes_values['products_attributes_maxdays'], 
685
									'download_count' => $attributes_values['products_attributes_maxcount']);
686

    
687
			xtc_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
688
		}
689
	}
690
	
691
	$products_old_price = $products['products_price'];
692
	
693
	$t_products_attributes_new_price = $products_a['options_values_price'];
694
	
695
	if($products['allow_tax'] == 1)
696
	{
697
		$t_products_attributes_new_price = $xtPrice->xtcAddTax($t_products_attributes_new_price, $products['products_tax']);
698
	}
699
	
700
	if($products_a['price_prefix'] == '-')
701
	{
702
		$t_products_attributes_new_price *= -1;
703
	}
704
	
705
	$price = $products_old_price + $t_products_attributes_new_price;
706

    
707
	$final_price = $price * $products['products_quantity'];
708

    
709
	$sql_data_array = array('products_price' => (double)$price);
710
	$update_sql_data = array('final_price' => (double)$final_price);
711
	$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
712
	xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array, 'update', 'orders_products_id = \'' . (int)$_POST['opID'] . '\'');
713

    
714
	if(isset($_POST['update_stock']))
715
	{
716
		$t_product_data = $order->get_product_array($_POST['opID']);
717
			
718
		$t_sql = 'UPDATE ' . TABLE_PRODUCTS_ATTRIBUTES . ' 
719
					SET attributes_stock = (attributes_stock - ' . (double)$t_product_data['qty'] . ') 
720
					WHERE products_attributes_id = "' . (int)$_POST['aID'] . '"';
721
		xtc_db_query($t_sql);
722
	}
723
	
724
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
725
	                                               new StringType(EDIT_ADDED_PRODUCT_OPTION),
726
	                                               new IdType($_SESSION['customer_id']));
727
	
728
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=options&oID=' . (int)$_POST['oID'] . '&pID=' . (int)$products['products_id'] . '&opID=' . (int)$_POST['opID']));
729
}
730
// Produkt Optionen einfuegen Ende
731
// Artikeldaten einfuegen / bearbeiten Ende:
732

    
733
// Zahlung Anfang
734
if($_GET['action'] == "payment_edit")
735
{
736
	$orderWriteService->updatePaymentType(new IdType($_POST['oID']), 
737
	                                      MainFactory::create('OrderPaymentType', 
738
	                                                          new StringType(xtc_db_prepare_input($_POST['payment'])),
739
	                                                          new StringType(xtc_db_prepare_input($_POST['payment']))));
740
	
741
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
742
	                                               new StringType(EDIT_CHANGED_PAYMENT_METHOD),
743
	                                               new IdType($_SESSION['customer_id']));
744
	
745
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=other&oID=' . (int)$_POST['oID']));
746
}
747
// Zahlung Ende
748

    
749
// Versandkosten Anfang
750
if($_GET['action'] == "shipping_edit")
751
{
752
	if(isset($_POST['shipping']) && empty($_POST['shipping']) == false)
753
	{
754
		if($_POST['shipping'] != 'no_shipping')
755
		{
756
			require_once DIR_FS_INC . 'get_shipping_title.inc.php';
757
			
758
			$shipping_text = get_shipping_title($_POST['shipping']);
759
			$shipping_class = $_POST['shipping'] . '_' . $_POST['shipping'];
760

    
761
			$text = $xtPrice->xtcFormat($_POST['value'], true);
762

    
763
			$sql_data_array = array('orders_id' => (int)$_POST['oID'], 
764
									'title' => xtc_db_prepare_input($shipping_text), 
765
									'text' => xtc_db_prepare_input($text), 
766
									'value' => (double)$_POST['value'],
767
									'class' => 'ot_shipping', 
768
									'sort_order' => MODULE_ORDER_TOTAL_SHIPPING_SORT_ORDER);
769

    
770
			$check_shipping_query = xtc_db_query("SELECT class 
771
													FROM " . TABLE_ORDERS_TOTAL . " 
772
													WHERE 
773
														orders_id = '" . (int)$_POST['oID'] . "' AND 
774
														class = 'ot_shipping'");
775
			if(xtc_db_num_rows($check_shipping_query))
776
			{
777
				xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array, 'update', 'orders_id = \'' . (int)$_POST['oID'] . '\' AND class="ot_shipping"');
778
			}
779
			else
780
			{
781
				xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
782
			}
783
				
784
			$orderWriteService->updateShippingType(new IdType(xtc_db_prepare_input($_POST['oID'])),
785
			                                      MainFactory::create('OrderShippingType',
786
			                                                          new StringType($shipping_text),
787
			                                                          new StringType($shipping_class)));
788
		}
789
		else
790
		{
791
			xtc_db_query("DELETE FROM " . TABLE_ORDERS_TOTAL . " 
792
							WHERE 
793
								orders_id = '" . (int)$_POST['oID'] . "' AND 
794
								class = 'ot_shipping'");
795
			
796
			$orderWriteService->updateShippingType(new IdType(xtc_db_prepare_input($_POST['oID'])),
797
			                                       MainFactory::create('OrderShippingType',
798
			                                                           new StringType(''),
799
			                                                           new StringType('')));
800
		}
801
		
802
		$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
803
		                                               new StringType(EDIT_CHANGED_SHIPPING_METHOD),
804
		                                               new IdType($_SESSION['customer_id']));
805
		
806
		xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=other&oID=' . (int)$_POST['oID']));
807
	}
808
}
809
// Versandkosten Ende
810

    
811
// OT Module Anfang
812
if($_GET['action'] == "ot_edit")
813
{
814
	if(isset($_POST['coupon_code']))
815
	{
816
		$coo_coupon_control = MainFactory::create_object('CouponControl', array($_POST['coupon_code'], $_POST['oID'], $order->info['currency_value']));
817
		$t_coupon_value = $coo_coupon_control->calculate_discount();
818
		
819
		if($t_coupon_value > 0)
820
		{
821
			$coo_lang_file_master->init_from_lang_file('lang/' . $order->info['language'] . '/modules/order_total/ot_coupon.php');
822
			require_once(DIR_FS_CATALOG . 'includes/modules/order_total/ot_coupon.php');
823

    
824
			$coo_ot_coupon = new ot_coupon();
825
			$t_title = $coo_ot_coupon->title . ': ' . xtc_db_input($_POST['coupon_code']) . ':';
826
			$t_text = '- ' . $xtPrice->xtcFormat($t_coupon_value, true);
827
			$t_value = round($t_coupon_value * -1, 4);
828

    
829
			$t_sql = 'SELECT * FROM ' . TABLE_ORDERS_TOTAL . ' WHERE orders_id = "' . (int)$_POST['oID'] . '" AND class = "ot_coupon"';
830
			$t_result = xtc_db_query($t_sql);
831

    
832
			if(xtc_db_num_rows($t_result) > 0)
833
			{
834
				$t_sql = 'UPDATE ' . TABLE_ORDERS_TOTAL . ' 
835
							SET
836
								title = "' . $t_title . '",
837
								text = "' . $t_text . '",
838
								value = "' . $t_value . '"
839
							WHERE 
840
								orders_id = "' . (int)$_POST['oID'] . '" AND 
841
								class = "ot_coupon"';
842
			}
843
			else
844
			{
845
				$t_sql = 'INSERT INTO ' . TABLE_ORDERS_TOTAL . ' 
846
							SET
847
								orders_id = "' . (int)$_POST['oID'] . '",
848
								title = "' . $t_title . '",
849
								text = "' . $t_text . '",
850
								value = "' . $t_value . '",
851
								class = "ot_coupon",
852
								sort_order = "' . (int)$coo_ot_coupon->sort_order . '"';
853
			}
854

    
855
			xtc_db_query($t_sql);
856

    
857
			if($coo_coupon_control->get_('shipping_free'))
858
			{
859
				$t_sql = 'UPDATE ' . TABLE_ORDERS_TOTAL . ' 
860
							SET 
861
								text = "' . $xtPrice->xtcFormat(0, true) . '",
862
								value = 0
863
							WHERE 
864
								orders_id = "' . (int)$_POST['oID'] . '" AND 
865
								class = "ot_shipping"';
866
				xtc_db_query($t_sql);
867
			}
868
			
869
			// redeem coupon
870
			$coo_coupon_control->redeem($order->customer['ID']);
871
		}
872
	}
873
	else
874
	{
875
		$t_value = (double)$_POST['value'];
876
		
877
		if($_POST['class'] == 'ot_gv')
878
		{
879
			if($t_value > 0)
880
			{
881
				$t_value *= -1;
882
			}
883
			
884
			$t_value /= (double)$order->info['currency_value'];
885
			
886
			if(isset($_POST['cut_credit_balance']) && $t_value < 0)
887
			{
888
				xtc_db_query('UPDATE ' . TABLE_COUPON_GV_CUSTOMER . ' SET amount = (amount' . $t_value . ') WHERE customer_id = "' . (int)$order->customer['ID'] . '"');
889
			}
890
		}
891
		
892
		$check_total_query = xtc_db_query("SELECT orders_total_id 
893
											FROM " . TABLE_ORDERS_TOTAL . " 
894
											WHERE 
895
												orders_id = '" . (int)$_POST['oID'] . "' AND 
896
												orders_total_id = '" . (int)$_POST['otID'] . "' AND 
897
												class = '" . xtc_db_input($_POST['class']) . "'");
898
		
899
		if(xtc_db_num_rows($check_total_query))
900
		{
901
			$check_total = xtc_db_fetch_array($check_total_query);
902
			$text = $xtPrice->xtcFormat($_POST['value'], true);
903

    
904
			if($_POST['class'] == 'ot_total' || $_POST['class'] == 'ot_subtotal_no_tax')
905
			{
906
				$text = '<b>' . $text . '</b>';
907
			}
908
			
909
			$sql_data_array = array('title' => xtc_db_prepare_input($_POST['title']), 
910
									'text' => xtc_db_prepare_input($text), 
911
									'value' => $t_value);
912
			xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array, 'update', 'orders_total_id = \'' . (int)$check_total['orders_total_id'] . '\'');
913
		}
914
		else
915
		{
916
			$text = $xtPrice->xtcFormat($_POST['value'], true);
917

    
918
			if($_POST['class'] == 'ot_total' || $_POST['class'] == 'ot_subtotal_no_tax')
919
			{
920
				$text = '<b>' . $text . '</b>';
921
			}
922
			
923
			$sql_data_array = array('orders_id' => (int)$_POST['oID'], 
924
									'title' => xtc_db_prepare_input($_POST['title']), 
925
									'text' => xtc_db_prepare_input($text), 
926
									'value' => $t_value, 
927
									'class' => xtc_db_prepare_input($_POST['class']), 
928
									'sort_order' => (int)$_POST['sort_order']);
929

    
930
			xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
931
		}
932
	}
933
	
934
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
935
	                                               new StringType(EDIT_CHANGED_OT_ENTRY),
936
	                                               new IdType($_SESSION['customer_id']));
937

    
938
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=other&oID=' . (int)$_POST['oID']));
939
}
940
// OT Module Ende
941

    
942
// Sprachupdate Anfang
943
if($_GET['action'] == "lang_edit")
944
{
945
	// Daten fuer Sprache waehlen
946
	$lang_query = xtc_db_query("SELECT 
947
									languages_id, 
948
									name, 
949
									directory 
950
								FROM " . TABLE_LANGUAGES . " 
951
								WHERE languages_id = '" . (int)$_POST['lang'] . "'");
952
	$lang = xtc_db_fetch_array($lang_query);
953
	// Daten fuer Sprache waehlen Ende	
954
	
955
	// Produkte
956
	$order_products_query = xtc_db_query("SELECT 
957
												orders_products_id, 
958
												products_id 
959
											FROM " . TABLE_ORDERS_PRODUCTS . " 
960
											WHERE orders_id = '" . (int)$_POST['oID'] . "'");
961
	while($order_products = xtc_db_fetch_array($order_products_query))
962
	{
963
		$products_query = xtc_db_query("SELECT products_name 
964
										FROM " . TABLE_PRODUCTS_DESCRIPTION . " 
965
										WHERE 
966
											products_id = '" . (int)$order_products['products_id'] . "' AND 
967
											language_id = '" . (int)$_POST['lang'] . "' ");
968
		$products = xtc_db_fetch_array($products_query);
969

    
970
		$sql_data_array = array('products_name' => xtc_db_prepare_input($products['products_name']));
971
		xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array, 'update', 'orders_products_id  = \'' . (int)$order_products['orders_products_id'] . '\'');
972
	};
973
	// Produkte Ende
974
	
975
	// OT Module
976
	$order_total_query = xtc_db_query("SELECT 
977
											orders_total_id, 
978
											title, 
979
											class
980
										FROM " . TABLE_ORDERS_TOTAL . " 
981
										WHERE orders_id = '" . (int)$_POST['oID'] . "'");
982
	while($order_total = xtc_db_fetch_array($order_total_query))
983
	{
984
		if(isset($order_total['class']) && empty($order_total['class']) == false)
985
		{
986
			$coo_lang_file_master->init_from_lang_file('lang/' . $lang['directory'] . '/modules/order_total/' . $order_total['class'] . ' .php');
987
			$name = str_replace('ot_', '', $order_total['class']);
988
			
989
			if(defined('MODULE_ORDER_TOTAL_' . strtoupper($name) . '_TITLE'))
990
			{
991
				$text = constant('MODULE_ORDER_TOTAL_' . strtoupper($name) . '_TITLE');
992

    
993
				$sql_data_array = array('title' => xtc_db_prepare_input($text));
994
				xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array, 'update', 'orders_total_id  = \'' . (int)$order_total['orders_total_id'] . '\'');
995
			}
996
		}
997
	}
998
	// OT Module
999

    
1000
	$sql_data_array = array('language' => xtc_db_prepare_input($lang['directory']));
1001
	xtc_db_perform(TABLE_ORDERS, $sql_data_array, 'update', 'orders_id  = \'' . (int)$_POST['oID'] . '\'');
1002
	
1003
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
1004
	                                               new StringType(EDIT_CHANGED_LANGUAGE),
1005
	                                               new IdType($_SESSION['customer_id']));
1006
	
1007
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=other&oID=' . (int)$_POST['oID']));
1008
}
1009
// Sprachupdate Ende
1010

    
1011
// Loeschfunktionen Anfang
1012
// Loeschen eines Artikels aus der Bestellung Anfang
1013
if($_GET['action'] == "product_delete")
1014
{
1015
	xtc_db_query("DELETE FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " WHERE orders_products_id = '" . (int)$_POST['opID'] . "'");
1016
	xtc_db_query('DELETE FROM orders_products_properties WHERE orders_products_id = "' . (int)$_POST['opID'] . '"');
1017
	xtc_db_query("DELETE FROM orders_products_quantity_units WHERE orders_products_id = '" . (int)$_POST['opID'] . "'");
1018
	xtc_db_query('DELETE FROM ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' WHERE orders_products_id = "' . (int)$_POST['opID'] . '"');
1019
	
1020
	// DELETE from gm_gprint_orders_*, and gm_gprint_uploads
1021
	$coo_gm_gprint_order_manager = MainFactory::create_object('GMGPrintOrderManager');
1022
	$coo_gm_gprint_order_manager->delete((int)$_POST['opID']);
1023

    
1024
	xtc_db_query("DELETE FROM " . TABLE_ORDERS_PRODUCTS . " 
1025
					WHERE 
1026
						orders_id = '" . (int)$_POST['oID'] . "' AND 
1027
						orders_products_id = '" . (int)$_POST['opID'] . "'");
1028
	
1029
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
1030
	                                               new StringType(EDIT_DELETED_PRODUCT),
1031
	                                               new IdType($_SESSION['customer_id']));
1032
	
1033
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&oID=' . (int)$_POST['oID']));
1034
}
1035
// Loeschen eines Artikels aus der Bestellung Ende
1036

    
1037
// Loeschen einer Artikeloption aus der Bestellung Anfang
1038
if($_GET['action'] == "product_option_delete")
1039
{
1040
	if(isset($_POST['update_stock']))
1041
	{
1042
		$t_attributes_array = $order->get_attributes_array($_POST['opID'], $_POST['opAID']);
1043
		if(!empty($t_attributes_array))
1044
		{
1045
			$t_product_data = $order->get_product_array($_POST['opID']);
1046
			
1047
			$t_sql = 'UPDATE ' . TABLE_PRODUCTS_ATTRIBUTES . ' 
1048
						SET attributes_stock = (attributes_stock + ' . (double)$t_product_data['qty'] . ') 
1049
						WHERE 
1050
							products_id = "' . (int)$t_product_data['id'] . '" AND
1051
							options_id = "' . (int)$t_attributes_array['options_id'] . '" AND
1052
							options_values_id = "' . (int)$t_attributes_array['options_values_id'] . '"';
1053
			xtc_db_query($t_sql);
1054
		}
1055
	}
1056
	
1057
	xtc_db_query("DELETE FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " WHERE orders_products_attributes_id = '" . (int)$_POST['opAID'] . "'");
1058

    
1059
	$products_query = xtc_db_query("SELECT 
1060
										op.products_id, 
1061
										op.products_quantity,
1062
										op.products_price, 
1063
										op.allow_tax, 
1064
										op.products_tax,
1065
										p.products_tax_class_id 
1066
									FROM 
1067
										" . TABLE_ORDERS_PRODUCTS . " op, 
1068
										" . TABLE_PRODUCTS . " p 
1069
									WHERE 
1070
										op.orders_products_id = '" . (int)$_POST['opID'] . "' AND 
1071
										op.products_id = p.products_id");
1072
	$products = xtc_db_fetch_array($products_query);
1073

    
1074
	$products_old_price = $products['products_price'];
1075
	
1076
	$t_products_attributes_old_price = $_POST['options_values_old_price'];
1077
	
1078
	if($products['allow_tax'] == 1)
1079
	{
1080
		$t_products_attributes_old_price = $xtPrice->xtcAddTax($t_products_attributes_old_price, $products['products_tax']);
1081
	}
1082
	
1083
	if($_POST['old_prefix'] == '-')
1084
	{
1085
		$t_products_attributes_old_price *= -1;
1086
	}
1087
	
1088
	$price = $products_old_price - $t_products_attributes_old_price;
1089
	
1090
//	$products_old_price = $xtPrice->xtcGetPrice($products['products_id'], $format = false, $products['products_quantity'], '', '', '', $order->customer['ID']);
1091
//	$products_price = $products_old_price + $options_values_price;
1092
//	$price = $xtPrice->xtcGetPrice($products['products_id'], $format = false, $products['products_quantity'], $products['products_tax_class_id'], $products_price, '', $order->customer['ID']);
1093
	
1094
	$final_price = $price * $products['products_quantity'];
1095

    
1096
	$sql_data_array = array('products_price' => xtc_db_prepare_input($price));
1097
	$update_sql_data = array('final_price' => xtc_db_prepare_input($final_price));
1098
	$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
1099
	xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array, 'update', 'orders_products_id = \'' . (int)$_POST['opID'] . '\'');
1100
	
1101
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
1102
	                                               new StringType(EDIT_DELETED_PRODUCT_OPTION),
1103
	                                               new IdType($_SESSION['customer_id']));
1104
	
1105
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=options&oID=' . (int)$_POST['oID'] . '&pID=' . (int)$products['products_id'] . '&opID=' . (int)$_POST['opID']));
1106
}
1107
// Loeschen einer Artikeloptions aus der Bestellung Ende
1108

    
1109
// Loeschen eines OT Moduls aus der Bestellung Anfang
1110
if($_GET['action'] == "ot_delete")
1111
{
1112
	$otClassQuery = xtc_db_query("SELECT class, value FROM " . TABLE_ORDERS_TOTAL . " WHERE orders_total_id = '" . (int)$_POST['otID'] . "'");
1113
	
1114
	$otClass = xtc_db_fetch_array($otClassQuery);
1115
	
1116
	if($otClass['class'] === 'ot_total')
1117
	{
1118
		$sql_data_array = array('value' => '0.0000', 'text' => '<b>' . $xtPrice->xtcFormat('0.0000', true) . '</b>');
1119
        xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array, 'update', 'orders_total_id = \'' . (int)$_POST['otID'] . '\'');
1120
        $orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
1121
            new StringType(EDIT_CHANGED_OT_ENTRY),
1122
            new IdType($_SESSION['customer_id']));
1123
	}
1124
	else
1125
	{
1126
        xtc_db_query("DELETE FROM " . TABLE_ORDERS_TOTAL . " WHERE orders_total_id = '" . (int)$_POST['otID'] . "'");
1127
        $orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
1128
            new StringType(EDIT_DELETED_OT_ENTRY),
1129
            new IdType($_SESSION['customer_id']));
1130
	}
1131
    
1132
	xtc_redirect(xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=other&oID=' . (int)$_POST['oID']));
1133
}
1134
// Loeschen eines OT Moduls aus der Bestellung Ende
1135
// Loeschfunktionen Ende
1136

    
1137
// Rueckberechnung Anfang
1138
if($_GET['action'] == "save_order")
1139
{
1140
	// exit recalculation
1141
	if(!isset($_POST['recalculate']))
1142
	{
1143
		xtc_redirect(xtc_href_link(FILENAME_ORDERS, 'action=edit&oID=' . (int)$_POST['oID']));
1144
	}
1145

    
1146
	// Errechne neue MwSt. fuer die Bestellung Anfang
1147
	// Produkte
1148
	$products_query = xtc_db_query("SELECT 
1149
										final_price, 
1150
										products_tax, 
1151
										allow_tax 
1152
									FROM " . TABLE_ORDERS_PRODUCTS . " 
1153
									WHERE orders_id = '" . (int)$_POST['oID'] . "' ");
1154
	while($products = xtc_db_fetch_array($products_query))
1155
	{
1156
		$tax_rate = $products['products_tax'];
1157
		$multi = (($products['products_tax'] / 100) + 1);
1158

    
1159
		if($products['allow_tax'] == '1')
1160
		{
1161
			$bprice = $products['final_price'];
1162
			$nprice = $xtPrice->xtcRemoveTax($bprice, $tax_rate);
1163
			$tax = $xtPrice->calcTax($nprice, $tax_rate);
1164
		}
1165
		else
1166
		{
1167
			$nprice = $products['final_price'];
1168
			$bprice = $xtPrice->xtcAddTax($nprice, $tax_rate);
1169
			$tax = $xtPrice->calcTax($nprice, $tax_rate);
1170
		}
1171

    
1172
		$sql_data_array = array('orders_id' => (int)$_POST['oID'],
1173
								'n_price' => (double)$nprice, 
1174
								'b_price' => (double)$bprice, 
1175
								'tax' => (double)$tax, 
1176
								'tax_rate' => (double)$products['products_tax']);
1177

    
1178
		$insert_sql_data = array('class' => 'products');
1179
		$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
1180
		xtc_db_perform(TABLE_ORDERS_RECALCULATE, $sql_data_array);
1181
	}
1182
	// Produkte Ende
1183

    
1184
	// set order total weight
1185
	$recalculate = MainFactory::create('OrderRecalculate');
1186
	$query       = xtc_db_query('UPDATE orders SET order_total_weight = '
1187
	                                  . $recalculate->recalculateOrderWeight((int)$_POST['oID']) . ' WHERE orders_id = '
1188
	                                  . (int)$_POST['oID']);
1189
	
1190

    
1191
	$status_query = xtc_db_query("SELECT customers_status_show_price_tax, customers_status_add_tax_ot FROM " . TABLE_CUSTOMERS_STATUS . " WHERE customers_status_id = '" . (int)$order->info['status'] . "'");
1192
	$status = xtc_db_fetch_array($status_query);
1193

    
1194
	// Module Anfang
1195
	$module_query = xtc_db_query("SELECT 
1196
										value, 
1197
										class 
1198
									FROM " . TABLE_ORDERS_TOTAL . " 
1199
									WHERE 
1200
										orders_id = '" . (int)$_POST['oID'] . "' AND 
1201
										class NOT IN ('ot_subtotal', 'ot_subtotal_no_tax', 'ot_tax', 'ot_total', 'ot_total_netto')");
1202
	while($module_value = xtc_db_fetch_array($module_query))
1203
	{
1204
		$module_name = str_replace('ot_', '', $module_value['class']);
1205

    
1206
		if($module_name != 'discount')
1207
		{
1208
			if($module_name != 'shipping')
1209
			{
1210
				if(defined('MODULE_ORDER_TOTAL_' . strtoupper($module_name) . '_TAX_CLASS'))
1211
				{
1212
					$module_tax_class = constant('MODULE_ORDER_TOTAL_' . strtoupper($module_name) . '_TAX_CLASS');
1213
				}
1214
				else
1215
				{
1216
					$module_tax_class = '';
1217
				}
1218
			}
1219
			else
1220
			{
1221
				$module_tmp_name = explode('_', $order->info['shipping_class']);
1222
				$module_tmp_name = $module_tmp_name[0];
1223
				
1224
				if($module_tmp_name != 'selfpickup' && defined('MODULE_SHIPPING_' . strtoupper($module_tmp_name) . '_TAX_CLASS'))
1225
				{
1226
					$module_tax_class = constant('MODULE_SHIPPING_' . strtoupper($module_tmp_name) . '_TAX_CLASS');
1227
				}
1228
				else
1229
				{
1230
					$module_tax_class = '';
1231
				}
1232
			}
1233
		}
1234
		else
1235
		{
1236
			$module_tax_class = '0';
1237
		}
1238

    
1239
		$cinfo = xtc_oe_customer_infos($order->customer['ID']);
1240
		$module_tax_rate = xtc_get_tax_rate($module_tax_class, $cinfo['country_id'], $cinfo['zone_id']);
1241

    
1242
		if($status['customers_status_show_price_tax'] == 1)
1243
		{
1244
			$module_b_price = $module_value['value'];
1245
			
1246
			if($module_tax_rate == '0')
1247
			{
1248
				$module_n_price = $module_value['value'];
1249
			}
1250
			else
1251
			{
1252
				$module_n_price = $xtPrice->xtcRemoveTax($module_b_price, $module_tax_rate);
1253
			}
1254
			
1255
			$module_tax = $xtPrice->calcTax($module_n_price, $module_tax_rate);
1256
		}
1257
		else
1258
		{
1259
			$module_n_price = $module_value['value'];
1260
			$module_b_price = $xtPrice->xtcAddTax($module_n_price, $module_tax_rate);
1261
			$module_tax = $xtPrice->calcTax($module_n_price, $module_tax_rate);
1262
		}
1263

    
1264
		$sql_data_array = array('orders_id' => (int)$_POST['oID'], 
1265
								'n_price' => (double)$module_n_price, 
1266
								'b_price' => (double)$module_b_price, 
1267
								'tax' => (double)$module_tax, 
1268
								'tax_rate' => (double)$module_tax_rate);
1269

    
1270
		$insert_sql_data = array('class' => $module_value['class']);
1271
		$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
1272
		xtc_db_perform(TABLE_ORDERS_RECALCULATE, $sql_data_array);
1273
	}
1274
	// Module Ende  
1275
	
1276
	// Kupon ANFANG
1277
	$t_sql = 'SELECT c.coupon_code 
1278
				FROM 
1279
					' . TABLE_COUPONS . ' c,
1280
					' . TABLE_COUPON_REDEEM_TRACK . ' r
1281
				WHERE
1282
					c.coupon_id = r.coupon_id AND
1283
					r.order_id = "' . (double)$_POST['oID'] . '"
1284
				ORDER BY redeem_date DESC
1285
				LIMIT 1';
1286
	$t_result = xtc_db_query($t_sql);
1287

    
1288
	if(xtc_db_num_rows($t_result) == 1)
1289
	{
1290
		$t_result_array = xtc_db_fetch_array($t_result);
1291

    
1292
		$coo_coupon_control = MainFactory::create_object('CouponControl', array($t_result_array['coupon_code'], $_POST['oID'], $order->info['currency_value']));
1293

    
1294
		$t_sql = 'SELECT value 
1295
					FROM ' . TABLE_ORDERS_TOTAL . ' 
1296
					WHERE
1297
						orders_id = "' . (double)$_POST['oID'] . '" AND
1298
						class = "ot_coupon"';
1299
		$t_result = xtc_db_query($t_sql);
1300
		if(xtc_db_num_rows($t_result) == 1)
1301
		{
1302
			$t_result_array = xtc_db_fetch_array($t_result);
1303
			$t_coupon_value = (double)$t_result_array['value'];
1304

    
1305
			if($t_coupon_value < 0)
1306
			{
1307
				$t_coupon_value *= -1;
1308
			}
1309

    
1310
			$t_sql = 'DELETE FROM ' . TABLE_ORDERS_RECALCULATE . ' 
1311
						WHERE 
1312
							orders_id = "' . (double)$_POST['oID'] . '" AND 
1313
							class = "ot_coupon"';
1314
			xtc_db_query($t_sql);
1315

    
1316
			$t_taxes_discount_array = $coo_coupon_control->calculate_taxes_discount($t_coupon_value);
1317
			foreach($t_taxes_discount_array as $t_tax_rate => $t_tax_value)
1318
			{
1319
				if($t_tax_rate === 0)
1320
				{
1321
					$t_n_price = $t_coupon_value * -1;
1322
					$t_b_price = $t_n_price;
1323
				}
1324
				else
1325
				{
1326
					$t_n_price = $t_tax_value / ($t_tax_rate / 100) * -1;
1327
					$t_b_price = $t_n_price * (1 + $t_tax_rate / 100);
1328
				}
1329
				$t_tax = $t_tax_value * -1;
1330

    
1331
				$t_sql = 'INSERT INTO ' . TABLE_ORDERS_RECALCULATE . ' 
1332
							SET
1333
								orders_id = "' . (int)$_POST['oID'] . '",
1334
								n_price = "' . $t_n_price . '",
1335
								b_price = "' . $t_b_price . '",
1336
								tax = "' . $t_tax . '",
1337
								tax_rate = "' . $t_tax_rate . '",
1338
								class = "ot_coupon"';
1339
				xtc_db_query($t_sql);
1340
			}
1341
		}
1342
	}
1343
	// Kupon ENDE
1344
	
1345
	// Neue Mwst. zusammenrechnen Anfang
1346
	if(gm_get_conf('TAX_INFO_TAX_FREE') == 'false' && $status['customers_status_add_tax_ot'] == 1)
1347
	{
1348
		// Alte UST Loeschen ANFANG
1349
		if(gm_get_conf('TAX_INFO_TAX_FREE') == 'false')
1350
		{
1351
			xtc_db_query("DELETE FROM " . TABLE_ORDERS_TOTAL . " 
1352
							WHERE 
1353
								orders_id = '" . (int)($_POST['oID']) . "' AND 
1354
								class = 'ot_tax'");
1355
		}
1356
		// Alte UST Loeschen ENDE
1357
		require(DIR_FS_LANGUAGES . $order->info['language'] . '/init.inc.php');
1358

    
1359
		$t_customers_status_add_tax_ot = '1';
1360
		$t_customers_status_show_price_tax = '1';
1361

    
1362
		$t_sql = 'SELECT DISTINCT 
1363
						customers_status_show_price_tax,
1364
						customers_status_add_tax_ot 
1365
					FROM ' . TABLE_CUSTOMERS_STATUS . ' 
1366
					WHERE customers_status_id = "' . (int)$order->info['status'] . '"';
1367
		$t_result = xtc_db_query($t_sql);
1368
		if(xtc_db_num_rows($t_result) == 1)
1369
		{
1370
			$t_result_array = xtc_db_fetch_array($t_result);
1371
			$t_customers_status_show_price_tax = $t_result_array['customers_status_show_price_tax'];
1372
			$t_customers_status_add_tax_ot = $t_result_array['customers_status_add_tax_ot'];
1373
		}
1374

    
1375

    
1376
		$t_sql = 'SELECT allow_tax FROM ' . TABLE_ORDERS_PRODUCTS . ' WHERE orders_id = "' . (int)$_POST['oID'] . '"';
1377
		$t_result = xtc_db_query($t_sql);
1378
		if(xtc_db_num_rows($t_result) == 1)
1379
		{
1380
			$t_result_array = xtc_db_fetch_array($t_result);
1381
			$t_customers_status_show_price_tax = $t_result_array['allow_tax'];
1382
		}
1383

    
1384
		$ust_query = xtc_db_query("SELECT 
1385
										tax_rate, 
1386
										SUM(tax) AS tax_value_new 
1387
									FROM " . TABLE_ORDERS_RECALCULATE . " 
1388
									WHERE 
1389
										orders_id = '" . (int)$_POST['oID'] . "' AND 
1390
										tax != '0' 
1391
									GROUP by tax_rate ");
1392
		while($ust = xtc_db_fetch_array($ust_query))
1393
		{
1394
			if($ust['tax_value_new'])
1395
			{
1396
				if($t_customers_status_show_price_tax == '1')
1397
				{
1398
					$title = sprintf(TAX_INFO_INCL, (double)$ust['tax_rate'] . '%') . ':';
1399
				}
1400
				// excl tax + tax at checkout
1401
				elseif($t_customers_status_show_price_tax == '0' && $t_customers_status_add_tax_ot == '1')
1402
				{
1403
					$title = sprintf(TAX_INFO_ADD, (double)$ust['tax_rate'] . '%') . ':';
1404
				}
1405
				// excl tax
1406
				else
1407
				{
1408
					$title = sprintf(TAX_INFO_EXCL, (double)$ust['tax_rate'] . '%') . ':';
1409
				}
1410

    
1411
				$text = $xtPrice->xtcFormat($ust['tax_value_new'], true);
1412

    
1413
				$sql_data_array = array('orders_id' => (int)$_POST['oID'], 
1414
										'title' => xtc_db_prepare_input($title),
1415
										'text' => xtc_db_prepare_input($text), 
1416
										'value' => (double)$ust['tax_value_new'], 
1417
										'class' => 'ot_tax');
1418

    
1419
				$insert_sql_data = array('sort_order' => MODULE_ORDER_TOTAL_TAX_SORT_ORDER);
1420
				$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
1421
				xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
1422
			}
1423
		}
1424
	}
1425
	// Neue Mwst. zusammenrechnen Ende
1426
	
1427
	// Errechne neue Zwischensumme fuer Artikel Anfang
1428
	$products_query = xtc_db_query("SELECT 
1429
										SUM(final_price) AS subtotal_final, 
1430
										allow_tax 
1431
									FROM " . TABLE_ORDERS_PRODUCTS . " 
1432
									WHERE orders_id = '" . (int)$_POST['oID'] . "' 
1433
									GROUP BY orders_id");
1434
	$products = xtc_db_fetch_array($products_query);
1435
	$subtotal_final = $products['subtotal_final'];
1436
	$subtotal_text = $xtPrice->xtcFormat($subtotal_final, true);
1437

    
1438
	xtc_db_query("UPDATE " . TABLE_ORDERS_TOTAL . " 
1439
					SET 
1440
						text = '" . xtc_db_input($subtotal_text) . "', 
1441
						value = '" . xtc_db_input($subtotal_final) . "' 
1442
					WHERE 
1443
						orders_id = '" . (int)$_POST['oID'] . "' AND 
1444
						class = 'ot_subtotal' ");
1445
	// Errechne neue Zwischensumme fuer Artikel Ende
1446
	
1447
	// Errechne neue Netto Zwischensumme fuer Artikel Anfang
1448
	$check_no_tax_value_query = xtc_db_query("SELECT COUNT(*) AS count 
1449
												FROM " . TABLE_ORDERS_TOTAL . " 
1450
												WHERE 
1451
													orders_id = '" . (int)$_POST['oID'] . "' AND 
1452
													class IN ('ot_subtotal_no_tax', 'ot_total_netto')");
1453
	$check_no_tax_value = xtc_db_fetch_array($check_no_tax_value_query);
1454

    
1455
	if($check_no_tax_value['count'] != '0')
1456
	{
1457
		$subtotal_no_tax_value_query = xtc_db_query("SELECT SUM(n_price) AS subtotal_no_tax_value 
1458
														FROM " . TABLE_ORDERS_RECALCULATE . " 
1459
														WHERE orders_id = '" . (int)$_POST['oID'] . "'");
1460
		$subtotal_no_tax_value = xtc_db_fetch_array($subtotal_no_tax_value_query);
1461
		$subtotal_no_tax_final = $subtotal_no_tax_value['subtotal_no_tax_value'];
1462
		$subtotal_no_tax_text = $xtPrice->xtcFormat($subtotal_no_tax_final, true);
1463
		
1464
		xtc_db_query("UPDATE " . TABLE_ORDERS_TOTAL . " 
1465
						SET 
1466
							text = '" . xtc_db_input($subtotal_no_tax_text) . "', 
1467
							value = '" . xtc_db_input($subtotal_no_tax_final) . "' 
1468
						WHERE 
1469
							orders_id = '" . (int)$_POST['oID'] . "' AND 
1470
							class IN ('ot_subtotal_no_tax', 'ot_total_netto')");
1471
	}
1472

    
1473
	// Errechne neue Netto Zwischensumme fuer Artikel Anfang
1474
	// Errechne neue Bruttosumme Anfang
1475
	$t_sql = "SELECT SUM(value) AS value 
1476
				FROM " . TABLE_ORDERS_TOTAL . " 
1477
				WHERE 
1478
					orders_id = '" . (int)$_POST['oID'] . "' AND 
1479
					class NOT IN ('ot_subtotal_no_tax', 'ot_tax', 'ot_total', 'ot_total_netto')";
1480

    
1481
	if($products['allow_tax'] == '0')
1482
	{
1483
		$t_sql = "SELECT SUM(value) AS value 
1484
					FROM " . TABLE_ORDERS_TOTAL . " 
1485
					WHERE 
1486
						orders_id = '" . (int)$_POST['oID'] . "' AND 
1487
						class NOT IN ('ot_subtotal_no_tax', 'ot_total', 'ot_total_netto')";
1488
	}
1489

    
1490
	$subtotal_query = xtc_db_query($t_sql);
1491
	$subtotal = xtc_db_fetch_array($subtotal_query);
1492

    
1493
	$subtotal_final = $subtotal['value'];
1494
	$subtotal_text = '<b>' . $xtPrice->xtcFormat($subtotal_final, true) . '</b>';
1495
	
1496
	xtc_db_query("UPDATE " . TABLE_ORDERS_TOTAL . " 
1497
					SET 
1498
						text = '" . xtc_db_input($subtotal_text) . "', 
1499
						value = '" . xtc_db_input($subtotal_final) . "' 
1500
					WHERE 
1501
						orders_id = '" . (int)$_POST['oID'] . "' AND 
1502
						class = 'ot_total'");
1503
	// Errechne neue Bruttosumme Ende
1504
	
1505
	// Loeschen des Zwischenspeichers Anfang
1506
	xtc_db_query("DELETE FROM " . TABLE_ORDERS_RECALCULATE . " WHERE orders_id = '" . (int)$_POST['oID'] . "'");
1507
	// Loeschen des Zwischenspeichers Ende
1508
	
1509
	$orderWriteService->addOrderStatusHistoryEntry(new IdType((int)$_POST['oID']),
1510
	                                               new StringType(EDIT_RECALCULATED_ORDER),
1511
	                                               new IdType($_SESSION['customer_id']));
1512

    
1513
	xtc_redirect(xtc_href_link(FILENAME_ORDERS, 'action=edit&oID=' . (int)$_POST['oID']));
1514
}
1515
// Rueckberechnung Ende
1516
//--------------------------------------------------------------------------------------------------------------------------------------
1517

    
1518
if($_GET['text'] == 'address')
1519
{
1520
	$messageStack->add(TEXT_EDIT_ADDRESS_SUCCESS, 'success');
1521
}
1522
$messageStack->add(HEADING_CANCELLATION_WARNING, 'error');
1523
$messageStack->add(HEADING_WARNING, 'warning');
1524
?>
1525
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
1526
<html <?php echo HTML_PARAMS; ?>>
1527
	<head>
1528
		<meta http-equiv="x-ua-compatible" content="IE=edge">
1529
		<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $_SESSION['language_charset']; ?>">
1530
		<title><?php echo TITLE; ?></title>
1531
		<link rel="stylesheet" type="text/css" href="html/assets/styles/legacy/stylesheet.css">
1532
	</head>
1533
	<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF">
1534
		<!-- header //-->
1535
		<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
1536
		<!-- header_eof //-->
1537

    
1538
		<!-- body //-->
1539
		<table border="0" width="100%" cellspacing="2" cellpadding="2">
1540
			<tr>
1541
				<td width="<?php echo BOX_WIDTH; ?>" valign="top">
1542
					<table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
1543
						<!-- left_navigation //-->
1544
						<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
1545
						<!-- left_navigation_eof //-->
1546
					</table>
1547
				</td>
1548
				<!-- body_text //-->
1549
				<td class="orders-edit-page-wrapper" width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
1550
					<tr>
1551
						<td width="100%" colspan="2">
1552
							<div class="pageHeading" style="background-image:url(html/assets/images/legacy/gm_icons/kunden.png)"><?php echo TABLE_HEADING; ?>
1553

    
1554
								<div class="main">
1555
									<table border="0" cellpadding="0" cellspacing="0" width="100%">
1556
										<tr class="dataTableHeadingRow">
1557
											<td class="dataTableHeadingContentText" style="width:1%; padding-right:20px; white-space: nowrap">
1558
												<?php
1559
												echo ($_GET['edit_action'] !== 'address') ? '<a href="' . xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=address&oID=' . $_GET['oID']) . '">' . MENU_CUSTOMER_DATA . '</a>' : MENU_CUSTOMER_DATA;
1560
												?>
1561
											</td>
1562
											<td class="dataTableHeadingContentText" style="width:1%; padding-right:20px; white-space: nowrap">
1563
												<?php
1564
												if($_GET['edit_action'] !== 'products' && $_GET['edit_action'] !== 'options' && $_GET['edit_action'] !== 'properties') 
1565
												{
1566
													echo '<a href="' . xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&oID=' . $_GET['oID']) . '">' . MENU_PRODUCT_DATA . '</a>' ;
1567
												}
1568
												else 
1569
												{
1570
													echo MENU_PRODUCT_DATA;
1571
												}
1572
												?>
1573
											</td>
1574
											<td class="dataTableHeadingContentText" style="width:1%; padding-right:20px; white-space: nowrap">
1575
												<?php
1576
												echo ($_GET['edit_action'] !== 'other') ? '<a href="' . xtc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=other&oID=' . $_GET['oID']) . '">' . MENU_ORDER_DATA . '</a>' : MENU_ORDER_DATA;
1577
												?>
1578
											</td>
1579
										</tr>
1580
									</table>
1581
								</div>
1582
								
1583
						</td>
1584
					</tr>
1585
					<tr>
1586
						<td class="order-edit-content">
1587
							<!-- Meldungen Ende //-->
1588
							<?php
1589
							if($_GET['edit_action'] == 'address')
1590
							{
1591
								include ('orders_edit_address.php');
1592
							}
1593
							elseif($_GET['edit_action'] == 'products')
1594
							{
1595
								include ('orders_edit_products.php');
1596
							}
1597
							elseif($_GET['edit_action'] == 'other')
1598
							{
1599
								include ('orders_edit_other.php');
1600
							}
1601
							elseif($_GET['edit_action'] == 'options')
1602
							{
1603
								include ('orders_edit_options.php');
1604
							}
1605
							elseif($_GET['edit_action'] == 'properties')
1606
							{
1607
								include(DIR_FS_ADMIN . DIR_WS_MODULES . 'orders_edit_properties.inc.php');
1608
							}
1609
							?>
1610

    
1611
							<!-- Bestellung Sichern Anfang //-->
1612
							<br /><br />
1613
							<form name="save_order" action="<?php echo xtc_href_link(FILENAME_ORDERS_EDIT, 'action=save_order') ?>" method="post" style="display: none;">
1614
								<table border="0" width="100%" height="60" class="gx-container paginator" data-gx-widget="checkbox">
1615
									<tr>
1616
										<td>
1617
											<div class="pull-right">
1618
												<?php
1619
												echo xtc_draw_hidden_field('customers_status_id', $address['customers_status']);
1620
												echo xtc_draw_hidden_field('oID', $_GET['oID']);
1621
												echo xtc_draw_hidden_field('cID', $_GET['cID']);
1622
												?>
1623
											</div>
1624
										</td>
1625
										<td style="width: 75px" class="bottom-save-bar-content">
1626
											<span>
1627
												<?php
1628
												echo TEXT_SAVE_ORDER;
1629
												?>
1630
											</span>
1631
											<?php
1632
											echo '<input type="checkbox" name="recalculate" value="1" data-single_checkbox/>';
1633
											?>
1634
										</td>
1635
										<td style="width: 75px" class="bottom-save-bar-content">
1636
											<?php
1637
											echo '<input type="submit" class="btn btn-primary pull-right" onClick="this.blur();" value="' . BUTTON_CLOSE . '" />';
1638
											?>
1639
										</td>
1640
									</tr>
1641
								</table>
1642
							</form>
1643
							<!-- Bestellung Sichern Ende //-->
1644

    
1645
							<!-- Ende //-->
1646
						</td>
1647
						</tr>
1648
					</table>
1649
					<!-- body_text_eof //-->
1650
				</td>
1651
			</tr>
1652
		</table>
1653
	<!-- body_eof //-->
1654

    
1655
	<!-- footer //-->
1656
	<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
1657
	<!-- footer_eof //-->
1658
	<br />
1659
	</body>
1660
</html>
1661
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>
    (1-1/1)