Файл: Luxe-Shop v6.0/application/views/views.php
Строк: 94
<? error_reporting(0); ?>
<? if($_GET['type'] == 'search'): ?>
<? $query = mysql_query("SELECT * FROM `orders` WHERE `id` = '".$_GET['id']."'");
$order = mysql_fetch_assoc($query);
if($order['paid'] == 1) {
echo "<script>location.replace('/views/?id=".$_GET['id']."&email=".$order['email']."&".$order['session_key']."');</script>";
}
else {
echo "<script>alert('Платеж не найден');</script>";
echo "<script>location.replace('/pay/?id=".$_GET['id']."');</script>";
}
?>
<? else: ?>
<?
$query = mysql_query("SELECT * FROM `orders` WHERE `id` = '".$_GET['id']."' AND `email` = '".$_GET['email']."'");
$order = mysql_fetch_assoc($query);
$review_goods = $order['review'];
?>
<? if($order['paid'] == 1):?>
<html><head>
<meta charset="utf-8" />
<title>Успешная покупка!</title>
<link rel="icon" type="image/png" href="http://i.imgur.com/rzqvfHh.png">
<link href="<? echo site_url('/templates/admin/login/css2/buttons.css'); ?>" rel="stylesheet" media="screen">
<link href="<? echo site_url('/templates/admin/login/css2/style.default.css'); ?>" rel="stylesheet" media="screen">
<link href="<? echo site_url('/templates/admin/login/css2/bootstrap-override.css'); ?>" rel="stylesheet" media="screen">
<meta name="viewport" content="width=device-width">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<style>
.review {
background: #fff;
width: 555px;
border: 1px solid #10DE15;
border-radius: 20px;
display: block;
}
.down {
background: #fff;
width: 555px;
border: 1px solid #10DE15;
border-radius: 20px;
display: block;
padding: 25px;
margin-top: 100px;
}
.style-review{
background: #10DE15;
border-bottom: 1px solid #10DE15;
padding: 7px;
border-top-left-radius: 20px;
border-top-right-radius: 20px;
color: #fff;
}
.style-down{
background: #10DE15;
border-bottom: 1px solid #10DE15;
padding: 7px;
border-top-left-radius: 20px;
border-top-right-radius: 20px;
color: #fff;
width: 553px;
margin-left: -25px;
margin-top: -25px;
}
</style></head><body>
<center>
<div class="down"><div id="infoname" class="style-down">
Спасибо за покупку!</div><br>
Скачать купивший товар: <a download="" href="/pay/<?=$order['goods'];?>">Скачать</a><br><br>
<a class="btn btn-primary" href="/">Вернуться в магазин</a>
</div>
<br>
<br>
<?
if(1 == config_item('reviews')) {
if(1 == $review_goods) {
}
else {
if(1 == $order['paid']) {
echo '<div class="review"><div id="infoname" class="style-review">Оставить отзыв о товаре:</div><br>
<form method="POST" name="send" style="display:block;" >
<label><table style="background-color: rgba(16,222,21,0.3);width: 470px;border-radius: 5px;"><tbody><tr><td style="padding-left: 12px;">Отзыв:</td><td>
<select class="form-control" name="ball" >
<option value="1">Положительный</option>
<option value="0">Отрицательный</option>
</select></td></tr></tbody></table></label><br>
<input type="text" name="name" placeholder="Ваше имя" style="margin-top:5px;width:470px;" class="form-control" id="name" value="" required /><br>
<textarea name="review" placeholder="Комментарий..." style="margin-top:5px;width:470px;height:70px;" class="form-control" id="review" value="" required /></textarea>
<br><input type="submit" name="send" class="btn btn-primary" value="Оставить отзыв"></form>';
echo '</div><br>';
}}}
?>
<?
$name = strip_tags($_POST['name']);
$review = strip_tags($_POST['review']);
$ball = strip_tags($_POST['ball']);
$date = date('Y.m.d');
$time = date('H:i:s');
if(isset($_POST['send'])) {
$query = mysql_query("UPDATE `orders` SET `review` = '1' WHERE `id` = '".$_GET['id']."'");
$query = mysql_query("INSERT INTO `review` (`name`,`text`,`domain`,`review`,`item_id`,`date`,`time`,`spam`, `subdomain`) VALUES ('".$name."','".$review."','".$domain."','".$ball."','".$order['item_id']."','".$date."','".$time."','0','".$subdomain."')");
echo '<meta http-equiv="Refresh" content="1; URL=/views/?id='.$_GET['id'].'&email='.$_GET['email'].'&'.$order['session_key'].'">';
}
?>
</center></body></html>
<?else:?>
<script>location.replace('/pay_order/?id=<?=$_GET['id'];?>');</script>
<?endif;?>
<?endif;?>