assign("Title", "Login".TITLE_SUFFIX); $smarty->display('top.html'); $Bread = array ("checkout"=>"Checkout"); $smarty->assign("Bread", $Bread); $smarty->display('breadcrumb.html'); $smarty->assign("countries", get_country()); $smarty->assign("states", get_state()); $smarty->display('login.html'); } else { $usr = view_login("en"); if (sizeof($_SESSION[cart])<1) { header ("Location: /"); exit; } if ($_REQUEST['method']) { if (is_array($cart = $_SESSION['cart'])) { $processor = $_REQUEST['method']; $erro = ""; $a = view_login("en"); $user = $_SESSION['user']; $reg = $a['user_row']; switch ($processor) { case "echeck": if (trim($frm['checkfname'])=="") $erro .= "
Enter Check Owner's First Name "; if (trim($frm['checklname'])=="") $erro .= "
Enter Check Owner's Last Name"; if (trim($frm['checkno'])=="") $erro .= "
Enter Check Number"; if (trim($frm['accountno'])=="") $erro .= "
Enter Check Account Number"; if (trim($frm['routeno'])=="") $erro .= "
Enter Check Routing Number"; if (trim($frm['bankname'])=="") $erro .= "
Enter Bank Name"; break; /*case "visamc": if (check_luhn($frm[cc]) != true) $erro .= "
Enter Valid Credit Card Number"; if (trim($frm[cc])=="") $erro .= "
Enter Credit card number"; if (!is_numeric($frm[cc])) $erro .= "
Credit card number should be numeric"; if (trim($frm[cvv])=="") $erro .= "
Enter CVV Value"; if (trim($frm[month])=="") $erro .= "
Enter Card Expiration Month"; if (trim($frm[year])=="") $erro .= "
Enter Card Expiration Year"; break;*/ } if (!$erro) { //$reg = $_SESSION[user]; $billing = $_SESSION[billing]; $ship_country = mysql_fetch_array(mysql_query("select name as country_name, code as country_code FROM country WHERE id = ".$reg[country])); $bill_country = mysql_fetch_array(mysql_query("select name as country_name, code as country_code FROM country WHERE id = ".$_REQUEST[frm][country])); $ship_state = mysql_fetch_array(mysql_query("select code from state where id = ".$reg[state])); $bill_state = mysql_fetch_array(mysql_query("select code from state where id = ".$_REQUEST[frm][state])); foreach($_SESSION['user'] as $k=>$v) $info .= $k.': '.$v."\n"; $info .= 'USER_AGENT: '.$HTTP_USER_AGENT."\n"; $info .= 'REMOTE_ADDR: '.$REMOTE_ADDR."\n"; $ids = '1'; foreach($cart as $k=>$v) $ids.=",$k"; $q1 = mysql_query(" SELECT (ROUND((t1.price*t2.quant*(1-".PERCENT."*(t2.quant/(SELECT MIN(quant) FROM drug t4 WHERE t4.brand = t2.brand AND sv_type = 1)-1)/100)))) as price, COALESCE((SELECT discount FROM discounts WHERE drug = t2.id AND date_off > NOW()),0) as discount, t2.id as drug_id, t2.affid, t2.quant as quant, (t2.quant*t1.price0) as price0 FROM brand t1 INNER JOIN drug t2 ON t2.brand=t1.id INNER JOIN categ t3 ON t1.categ=t3.id WHERE t2.id IN (".$ids.") AND t2.sv_type IN (1) ORDER BY t1.ord, t2.ord "); $i=0;$prods=""; if (mysql_num_rows($q1)>0) { while ($r1 = mysql_fetch_array($q1)) { $i++; $r1["price"] = number_format($r1[price]-$r1[discount],2); $items[] = " "; $prods .= ' SKU'.str_replace("SKU", "", $r1['affid']).' '.$r1[price].' 57 25 '; $amt += $r1['price']; $ship += 25; } $amount = $amt+$ship; $query = " INSERT INTO orders (user, info, data_ord, partner, referer, ship, ref_id, bonus, amt, sv_bonus, sv_type, processor, order_id) VALUES ( '".$reg[id]."', '".addslashes($info)."', NOW(), '".$user['ref']."', '".str_replace("'", "`", $_SESSION[statistic][http_referer])."', '".$ship."', '".$user['ref_log']."', '".$user['bonus']."', '".($amount)."', '".$user['sv_bonus']."', 'I', '".$processor."', '".$reg[order_id]."')"; mysql_query($query); $ins_id = mysql_insert_id(); if (!$ins_id) { header('Location: confirm.php?err='.urlencode('Server is busy, try again in few minutes')); exit; } mysql_data_seek($q1, 0); while ($r1 = mysql_fetch_array($q1)) { $q2 = " INSERT INTO items (orders, drug, quant, price, price0, sv_type) VALUES ('".$ins_id."', '".$r1['drug_id']."', '".$r1['quant']."', '".$r1['price']."', ".$r1['price0'].", 'Q') "; mysql_query($q2); } } if ($err = mysql_error()) { mail ("brazer@gmail.com", "us err", $err); exit; } else { $XML_ARR[site] = ' '.RX_CASH_SHOP_ID.' '.$_REQUEST[turing].' '; $XML_ARR[buyer] = ' '.$_SESSION[user][email].' '.$pass.' '.$_SERVER[REMOTE_ADDR].' '; switch ($_REQUEST[method]) { case "wire": $XML_ARR[buyer] .= ' wire wire '; break; case "echeck": case "check2pay": $XML_ARR[buyer] .= ' echeck telec '.$_REQUEST[frm][checkno].' '.$_REQUEST[frm][routeno].' '.$_REQUEST[frm][accountno].' '.str_replace("&", " and ", $_REQUEST[frm][bankname]).' '.stripcslashes($_REQUEST[output]).' '; break; default: $XML_ARR[buyer] .= ' creditcard '.$_REQUEST[method].' '.clean($frm['cc']).' '.clean($frm['cvv']).' '.clean($frm['year']).' '.clean($frm['month']).' '.str_replace('&', ' ', $_REQUEST[cc_bankname]).' '.'+'.preg_replace("/[^0-9]/","",$_REQUEST[cc_bankphone]).' '.($_REQUEST[method]=="Amex"?"swiss":"globill").' '; break; } $XML_ARR[buyer] .= ' '.$reg[fname].' '.$reg[lname].' '.$reg[country_name].' '.$reg[city].' '.$reg[zip].' '.($ship_state[code]==""?"XX":$ship_state[code]).'
'.$reg[adr]." ".$reg[adr2].'
'.'+'.preg_replace("/[^0-9]/","",$reg[phone]).' '.$_SESSION[user][email].'
'.$reg[fname].' '.$reg[lname].' '.$reg[country_name].' '.$reg[city].' '.$reg[zip].' '.($ship_state[code]==""?"XX":$ship_state[code]).'
'.$reg[adr]." ".$reg[adr2].'
'.'+'.preg_replace("/[^0-9]/","",$reg[phone]).' '.$_SESSION[user][email].'
'; $XML_ARR[products] = ' '.$prods.' '; $xml_data = ' '.$XML_ARR[site].' '.$XML_ARR[buyer].' '.$XML_ARR[products].' '.$XML_ARR[shipment_method].' '; $url = "http://orders.medsmarket.net/payment/gateway3.php"; $user_agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"; $param = $xml_data; $returned_id = $ins_id; $statusID = "I"; $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POSTFIELDS,$param); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_USERAGENT, $user_agent); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $xml_response = curl_exec( $ch ); if ($_REQUEST['method']=="enum") $processor = "enum"; if( $xml_response ) { curl_close( $ch ); } else { $er = curl_error( $ch ); curl_close ( $ch ); $q = mysql_query("update orders set name='".$ins_id."', info = CONCAT(info, '\n\n".addslashes($xml_data)."'), processor = '".$processor."' where id = ".$ins_id); mail ("brazer@gmail.com", "us manual", "order id: ".$ins_id."\nxml:".$xml_response."\n".$param); } if ($xml_response != "") { preg_match('/(.*)<\/order_id>/Uis', $xml_response, $matches); if ($matches[1]) $returned_id = $matches[1]; preg_match('/(.*)<\/status_id>/Uis', $xml_response, $matches); if ($matches[1]) $statusID = $matches[1]; preg_match('/(.*)<\/status_text>/Uis', $xml_response, $matches); $statustext = $matches[1]; $q = mysql_query("update orders set name='".trim($returned_id)."', sv_type = 'I', info = CONCAT(info, '\n\n".addslashes($xml_data)."'), processor = '".($_REQUEST[method]=="WesternUnion"?"wu":($_REQUEST[method]=="Moneygram"?"mg":$processor))."' where id = ".$ins_id); mail ("brazer@gmail.com", "OK ORDER", "order id: ".$ins_id."\nxml:".$xml_response."\n".$param); } else { if ($returned_id == "") { $returned_id = $ins_id; $statusID = "I"; } $q = mysql_query("update orders set name='".trim($returned_id)."', sv_type = 'I', note = '".$statustext."', info = CONCAT(info, '\n\n".addslashes($xml_data)."'), processor = '".($_REQUEST[method]=="WesternUnion"?"wu":($_REQUEST[method]=="Moneygram"?"mg":$processor))."' where id = ".$ins_id); mail ("brazer@gmail.com", "PROBLEM ORDER", "order id: ".$ins_id."\nxml:".$xml_response."\n".$param); } $a = fopen("http://orders.medsmarket.net/payment/update_status.php?status=I&order=".$returned_id, "r"); } $q = mysql_query ("select * from receiver where sv_type in (1,3) order by rand() limit 1"); $drop['wu'] = mysql_fetch_array($q); $q = mysql_query ("select * from receiver where sv_type in (2,3) order by rand() limit 1"); $drop['mg'] = mysql_fetch_array($q); switch ($_REQUEST['method']) { //////////////////////////////////////////////////////////////////////////// case "visamc": /*$post = ' gmginternational passw0rd gu9bakMoLjwP1FOCZhfMD603q4uAKRRF '.$_REQUEST[frm][checkfname].' '.$_REQUEST[frm][checklname].' '.$reg[phone].' '.$addr[0].' '.$addr[1].' '.$reg[frm][city].' '.($state[code]==""?"XX":$state[code]).' '.$reg[frm][zip].' '.$_SESSION[user][email].' '.$_REQUEST[frm][bankname].' '.$_REQUEST[frm][routeno].' '.$_REQUEST[frm][accountno].' '.$_REQUEST[frm][checkno].' '.$amount.' '.stripcslashes($_REQUEST[output]).' '.$returned_id.' ';*/ //print_r($_POST); /* $data = array ( 'business' => '6425361362168793', //merchant identification number given by swap 'email' => $reg['email'], 'amount' => $amount, 'currency' => 'USD', 'unique_id' => $returned_id, 'card_type' => 'Visa', 'card_number' => $frm['cc'], 'expire_year' => '20'.$frm['year'], 'expire_month' => $frm['month'], 'ccv_number' => $frm['cvv'], 'bill_address' => clean($frm['adr'].' '.$frm['adr2']), 'bill_city' => clean($frm['city']), 'bill_state' => ($ship_state['code']==""?'XX':$ship_state['code']), 'bill_code' => clean($frm['zip']), 'bill_country' => $reg['country_code'], 'cust_num' => $frm['phone'], 'ship_address' => clean($reg['adr']), 'ship_city' => clean($reg['city']), 'ship_state' => ($ship_state['code']==""?'XX':$ship_state['code']), 'ship_code' => clean($reg['zip']), 'ship_country' => $reg['country_code'], 'f_name' => clean($frm['fname']), 'l_name' => clean($frm['lname']), 'cust_ip_address' => $_SERVER['REMOTE_ADDR'] ); /*$ch = curl_init(); $site = $_SERVER['HTTP_HOST']; curl_setopt($ch,CURLOPT_REFERER,$site); curl_setopt($ch, CURLOPT_URL, "https://www.swapwallet.com/api/dopayment/paymentnow"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_USERAGENT, "swapwallet.com V1.3"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // this line makes it work under https*/ //$response = curl_exec($ch); /*$response =1; //curl_close($ch); if ($response) { $xml = simplexml_load_string($response); // $xml->status = 1 Transaction Successful // $xml->status = 2 Transaction Failed $xml->status = 2; if ($xml->status == 1) { $query = "update orders set sv_type = 'Q', mtcn = '".$xml->orderid."', post = '".serialize($data)."' where name like '".$returned_id."'"; $q = mysql_query($query); mail ("brazer@gmail.com", "query", serialize($data)); $a = fopen("http://orders.medsmarket.net/payment/update_status.php?status=Q&order=".$returned_id, "r"); $ORDER = trim($returned_id); $FNAME = $reg['fname']; $LNAME = $reg['lname']; $AMOUNT = trim(CURRENCY.number_format($amount, 2, '.', '')); $alias = 'order'; $email = email_template($alias); eval('$msg="'.$email['content'].'";'); sendmail ($alias, stripslashes($msg), $email['subj'], $_SESSION[user][email], $reg['fname'].' '.$reg['lname'], $ORDER); @mail("brazer@gmail.com", $email['subject'], stripslashes($msg), $email['headers']); $_SESSION['cart']=NULL; header ("Location: /account/"); exit; } else { /*$erro = "TRANSACTION IS DECLINED
".nl2br($xml->msg); $q = mysql_query("update orders set sv_type = 'D', err = '".$xml->msg."', post = '".serialize($data)."' where name like '".$returned_id."'"); mail ("brazer@gmail.com", "err us", serialize($data).' '.serialize($response)); $ORDER = trim($returned_id); $FNAME = $reg['fname']; $LNAME = $reg['lname']; $alias = 'decline'; $email = email_template($alias); eval('$msg1="'.$email['content'].'";'); mail ("brazer@gmail.com", "declined", serialize($data)); sendmail ($alias, stripslashes($msg1), $email['subj'], $_SESSION[user][email], $reg['fname'].' '.$reg['lname'], $ORDER); $a = fopen("http://orders.medsmarket.net/payment/update_status.php?status=D&order=".$returned_id, "r"); */ /* $data = array( 'client_orderid' => $returned_id, 'order_desc' => "Order # ".$returned_id, 'card_printed_name' => clean($frm['fname']).' '.clean($frm['lname']), 'first_name' => clean($frm['fname']), 'last_name' => clean($frm['lname']), 'address1' => clean($frm['adr'].' '.$frm['adr2']), 'city' => clean($frm['city']), 'state' => ($ship_state['code']==""?'XX':$ship_state['code']), 'zip_code' => clean($frm['zip']), 'country' => $reg['country_code'], 'phone' => clean($frm['phone']), 'email' => $reg['email'], 'amount' => $amount, 'currency' => 'USD', 'credit_card_number' => clean($frm['cc']), 'expire_month' => clean($frm['month']), 'expire_year' => clean($frm['year']), 'cvv2' => clean($frm['cvv']), 'ipaddress' => $_SERVER["REMOTE_ADDR"], 'control' => sha1('227'.$returned_id.($amount*100).$reg['email'].'4D25D1CF-D105-43A4-9990-E888F247AA49'), 'redirect_url'=>'https://www.usmedclub.com/account/'); $postURL = "https://crystals-pay.biz/paynet/api/v2/sale/227"; foreach ($data as $key=>$val) $str .= $key.'='.$val.'&';*/ /* mail ("brazer@gmail.com", "resend", serialize($data)); $str = trim($str, "&"); /* $ch1 = curl_init(); curl_setopt($ch1, CURLOPT_URL, $postURL); curl_setopt($ch1, CURLOPT_HEADER, false); curl_setopt($ch1, CURLOPT_POST,1); curl_setopt($ch1, CURLOPT_POSTFIELDS, $str); curl_setopt($ch1, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch1, CURLOPT_SSL_VERIFYPEER,0); curl_setopt($ch1, CURLOPT_CONNECTTIMEOUT, 30); $xml_response = curl_exec($ch1); $curl_error = curl_error($ch1); $curl_info = curl_getinfo($ch1); curl_close($ch1);*/ // mail ("brazer@gmail.com","acc", $xml2send."\n\n".$xml_response); //$erro = "TRANSACTION IS DECLINED
".nl2br($xml->msg); /*$q = mysql_query("update orders set sv_type = 'V', err = '".$xml->msg."', post = '".serialize($data)."' where name like '".$returned_id."'"); /*$ORDER = trim($returned_id); $FNAME = $user['fname']; $LNAME = $user['lname']; $alias = 'decline'; $email = email_tmpl($alias); eval('$msg1="'.$email['content'].'";'); mail ("brazer@gmail.com", "declined", serialize($data).serialize($response)); sendmail ($alias, stripslashes($msg1), $email['subj'], $_SESSION[user][email], $user['fname'].' '.$user['lname'], $ORDER); */ /*$a = fopen("http://orders.medsmarket.net/payment/update_status.php?status=V&order=".$returned_id, "r"); $_SESSION['cart']=NULL; header ("Location: /account/"); exit; */ break; //////////////////////////////////////////////////////////////////////////// case "echeck": if (!$erro) { require_once('./lib/nusoap.php'); $addr = explode (" ", $reg[adr], 2); if (trim($addr[0])=="" && trim($addr[1])=="") { $addr[0]="0"; $addr[1]=$reg[adr]; } $post = ' gmginternational passw0rd1 kM1tY5sQ3qegOpIsxmnhJduYbwysYR8J '.$_REQUEST[frm][checkfname].' '.$_REQUEST[frm][checklname].' '.preg_replace('/\D/', '', $reg[phone]).' '.$addr[0].' '.$addr[1].' '.$reg[city].' '.($ship_state[code]==""?"XX":$ship_state[code]).' '.$reg[zip].' '.$_SESSION[user][email].' '.$_REQUEST[frm][bankname].' '.$_REQUEST[frm][routeno].' '.$_REQUEST[frm][accountno].' '.$_REQUEST[frm][checkno].' '.$amount.' '.stripcslashes($_REQUEST[output]).' '.$returned_id.' '; mail ("brazer@gmail.com", "c2p xml", $returned_id."\n\n".$post); $client = new nusoap_client("http://69.94.141.23/SaveTransactions.asmx?wsdl",true); $err = $client->getError(); if ($err) { mail ("brazer@gmail.com", 'soap err', 'Constructor error \n'.$err); exit(); } $client->soap_defencoding = 'utf-8'; $client->useHTTPPersistentConnection(); $client->setUseCurl($useCURL); $bsoapaction = "http://tempuri.org/SendTransactionsAction"; $result = $client->send($post, $bsoapaction); // Check for a fault if ($client->fault) { mail ("brazer@gmail.com", 'soap err', 'Fault error \n'.serialize($result)); } else { // Check for errors $err = $client->getError(); if ($err) { // Display the error mail ("brazer@gmail.com", 'soap err', 'Client error \n'.$err); } else { // Display the result mail ("brazer@gmail.com", 'soap result', serialize($result)); switch ($code = $result['SendTransactionsActionResult']) { case "111": $q = mysql_query("update orders set sv_type = 'V', post = '".addslashes($post)."', processor = 'check2pay' where name like '".$returned_id."'"); $a = fopen("http://orders.medsmarket.net/payment/update_status.php?status=V&order=".$returned_id, "r"); $ORDER = trim($returned_id); $FNAME = $reg['fname']; $LNAME = $reg['lname']; $AMOUNT = trim(CURRENCY.number_format($amount, 2, '.', '')); $alias = 'echeck'; $email = email_template($alias); eval('$msg="'.$email['content'].'";'); sendmail ($alias, stripslashes($msg), $email['subj'], $_SESSION[user][email], $user['fname'].' '.$user['lname'], $ORDER); $_SESSION['cart']=NULL; @mail("brazer@gmail.com", $email['subject'], stripslashes($msg), $email['headers']); header ("Location: /account/order/".$returned_id.'/'); break; default: $errs = array ("112"=>"String Invalid Login Credentials", "113"=>"Invalid Customer First Name", "114"=>"Invalid Customer Last Name", "115"=>"Invalid Customer Phone Number", "116"=>"Invalid Customer Street Number", "117"=>"Invalid Customer Unit Number", "118"=>"Invalid Customer Street Name", "119"=>"Invalid Customer City Address", "200"=>"Invalid Customer State Address", "201"=>"Invalid Customer Zip Code", "202"=>"Invalid Customer Email Address", "203"=>"Invalid Bank Name", "204"=>"Invalid Bank Routing Number", "205"=>"Invalid Bank Account Number", "206"=>"String Invalid Check Number", "207"=>"Invalid Transaction Amount", "208"=>"Invalid Notes", "209"=>"Failed"); foreach($errs as $key=>$value) if ($key == $code) $erro1 = "
(".$errs[$code].")"; $erro = "TRANSACTION IS DECLINED".$erro1; $q = mysql_query("update orders set sv_type = 'D', err = '".$errs[$code]."', post = '".addslashes($xml2send)."' where name like '".$returned_id."'"); // post = ".addslashes($post)." $a = fopen("http://orders.medsmarket.net/payment/update_status.php?status=D&order=".$returned_id, "r"); break; } } } } break; //////////////////////////////////////////////////////////////////////////// case "mg": $q = mysql_query ("update orders set receiver = '".$drop['mg']['id']."' where name like '".$returned_id."' LIMIT 1"); $alias = 'mg'; $ORDER = trim($returned_id); $FNAME = $reg['fname']; $LNAME = $reg['lname']; $AMOUNT = trim(CURRENCY.number_format($amount, 2, '.', '')); $DROP_NAME = $drop[mg][fname]; $DROP_COUNTRY = $drop[mg][country]; $DROP_LNAME = $drop[mg][lname]; $DROP_CITY = $drop[mg][city]; $email = email_template($alias); eval('$msg="'.$email['content'].'";'); sendmail ($alias, stripslashes($msg), $email['subj'], $_SESSION[user][email], $reg['fname'].' '.$reg['lname'], $ORDER); $_SESSION['order_made']=1; header ("Location: /account/order/".$returned_id.'/'); exit; break; case "wu": $q = mysql_query ("update orders set receiver = '".$drop['wu']['id']."' where name like '".$returned_id."' LIMIT 1"); $alias = 'wu'; $ORDER = trim($returned_id); $FNAME = $reg['fname']; $LNAME = $reg['lname']; $AMOUNT = trim(CURRENCY.number_format($amount, 2, '.', '')); $DROP_NAME = $drop[wu][fname]; $DROP_COUNTRY = $drop[wu][country]; $DROP_LNAME = $drop[wu][lname]; $DROP_CITY = $drop[wu][city]; $email = email_template($alias); eval('$msg="'.$email['content'].'";'); sendmail ($alias, stripslashes($msg), $email['subj'], $_SESSION[user][email], $reg['fname'].' '.$reg['lname'], $ORDER); // eval('$msg="'.$email['msg'].'";'); // @mail($_SESSION[user][email], $email['subject'], stripslashes($msg), $email['headers']); // @mail($_SESSION[user][email], $email['subject'], stripslashes($msg), $email['headers']); $_SESSION['order_made']=1; header ("Location: /account/order/".$returned_id.'/'); exit; break; } } } } $script = ' '; $smarty->assign("script", $script); if ($erro) $smarty->assign("errors", $erro); $smarty->assign("Title", "Checkout".TITLE_SUFFIX); $smarty->display('top.html'); $Bread = array ("buy"=>"Shopping Cart", "checkout"=>"Checkout"); $smarty->assign("Bread", $Bread); $smarty->assign("nonreccuring", 1); $smarty->display('breadcrumb.html'); $ids = '0'; if (is_array($cart = $_SESSION['cart'])) { foreach($cart as $k=>$v) $ids.=",$k"; $q1 = mysql_query(" SELECT t1.id as brand_id, t1.img as brand_img, t1.name_en as brand_name, t2.id, (ROUND((t1.price*t2.quant*(1-".PERCENT."*(t2.quant/(SELECT MIN(quant) FROM drug t4 WHERE t4.brand = t2.brand AND sv_type = 1)-1)/100)))) as price, t2.quant, t2.dose, t1.control, COALESCE((SELECT discount FROM discounts WHERE drug = t2.id AND date_off > NOW()),0) as discount, t3.name_en as categ_name FROM brand t1 INNER JOIN drug t2 ON t2.brand=t1.id INNER JOIN categ t3 ON t1.categ=t3.id WHERE t2.id IN (".$ids.") AND t2.sv_type IN (1) ORDER BY t1.ord, t2.ord "); $control = 0; if (mysql_num_rows($q1)>0) { while ($r1 = mysql_fetch_array($q1)) { $r1["ppill"] = number_format(($r1['price']-$r1[discount])/$r1['quant'],2); $r1["price"] = number_format($r1[price]-$r1[discount],2); $r1["uri"] = to_uri("order/buy-".$r1[categ_name]."/".$r1[brand_name].".html"); $prod[] = $r1; $carts[subtotal] += $r1[price]; if ($r1['control']==1) $control = 1; } $carts['quant'] = mysql_num_rows($q1); $carts['shipping'] = number_format($carts['quant']*$SHIPPING[RX_CASH_SHIPPING_ID],2); $carts['subtotal'] = number_format($carts['subtotal'],2,'.', ''); $carts['total'] = number_format($carts['subtotal']+$carts['shipping'],2); } for ($i=date("y");$i<=date("y")+10;$i++) $years[] = $i; $smarty->assign("countries", get_country()); $smarty->assign("method", $_REQUEST['method']); $smarty->assign("states", get_state()); $smarty->assign("years", $years); $smarty->assign("control", $control); $smarty->assign("reg", $usr['user_row']); $smarty->assign("frm", $_POST['frm']); $smarty->assign("prod", $prod); $smarty->assign("cart", $carts); $smarty->display('confirm.html'); } } include_once('bot.php'); ?>