/**
 * Reverse IP filter
 */
function fn_settings_actions_addons_access_restrictions_admin_reverse_ip_access(&$new_value, $old_value)
{
    $ip = fn_get_ip(true);
    if ($new_value == 'Y') {
        $ip_data = db_get_row("SELECT item_id, status FROM ?:access_restriction WHERE ip_from = ?i AND ip_to = ?i AND type IN ('aas', 'aab', 'aar')", $ip['host'], $ip['host']);
        if (empty($ip_data) || empty($ip_data['item_id'])) {
            // Add IP
            $restrict_ip = array('ip_from' => $ip['host'], 'ip_to' => $ip['host'], 'type' => 'aas', 'timestamp' => TIME, 'expires' => '0', 'status' => 'A');
            $__data = array();
            $__data['item_id'] = db_query("REPLACE INTO ?:access_restriction ?e", $restrict_ip);
            $__data['type'] = 'aas';
            foreach (fn_get_translation_languages() as $__data['lang_code'] => $_v) {
                $__data['reason'] = __('store_admin', '', $__data['lang_code']);
                db_query("REPLACE INTO ?:access_restriction_reason_descriptions ?e", $__data);
            }
            fn_set_notification('W', __('warning'), __('your_ip_added', array('[ip]' => long2ip($ip['host']))));
        } elseif (empty($ip_data['status']) || $ip_data['status'] != 'A') {
            // Change IP status to available
            db_query("UPDATE ?:access_restriction SET ?u WHERE item_id = ?i", array('status' => 'A'), $ip_data['item_id']);
            fn_set_notification('W', __('warning'), __('your_ip_enabled', array('[ip]' => long2ip($ip['host']))));
        }
    } else {
        // Delete IP
        $ips_data = db_get_array("SELECT item_id, type FROM ?:access_restriction WHERE ip_from <= ?i AND ip_to >= ?i AND type IN ('aas', 'aab', 'aar')", $ip['host'], $ip['host']);
        if (!empty($ips_data)) {
            foreach ($ips_data as $ip_data) {
                db_query("DELETE FROM ?:access_restriction WHERE item_id = ?i", $ip_data['item_id']);
                db_query("DELETE FROM ?:access_restriction_reason_descriptions WHERE item_id = ?i AND type = ?s", $ip_data['item_id'], $ip_data['type']);
            }
            fn_set_notification('W', __('warning'), __('your_ip_removed', array('[ip]' => long2ip($ip['host']))));
        }
    }
    return true;
}
Beispiel #2
0
function fn_em_update_subscriber($subscriber_data, $subscriber_id = 0, $sync = true, $lang_code = CART_LANGUAGE)
{
    $invalid_emails = array();
    if (empty($subscriber_id)) {
        if (!empty($subscriber_data['email'])) {
            $company_condition = fn_em_get_company_condition();
            if (db_get_field("SELECT email FROM ?:em_subscribers WHERE email = ?s ?p", $subscriber_data['email'], $company_condition) == '') {
                if (fn_validate_email($subscriber_data['email']) == false) {
                    $invalid_emails[] = $subscriber_data['email'];
                } else {
                    if (empty($subscriber_data['name'])) {
                        $subscriber_data['name'] = '';
                    }
                    if (empty($subscriber_data['timestamp'])) {
                        $subscriber_data['timestamp'] = time();
                    }
                    if (empty($subscriber_data['ip_address'])) {
                        $ip = fn_get_ip();
                        $subscriber_data['ip_address'] = fn_ip_to_db($ip['host']);
                    }
                    if (empty($subscriber_data['unsubscribe_key'])) {
                        $subscriber_data['unsubscribe_key'] = md5(uniqid());
                    }
                    $subscriber_data['company_id'] = Registry::get('runtime.company_id');
                    $subscriber_data['lang_code'] = $lang_code;
                    $subscriber_id = db_query("INSERT INTO ?:em_subscribers ?e", $subscriber_data);
                }
            } else {
                fn_set_notification('W', __('warning'), __('email_marketing.warning_email_exists', array('[email]' => $subscriber_data['email'])));
            }
        }
    } else {
        db_query("UPDATE ?:em_subscribers SET ?u WHERE subscriber_id = ?i", $subscriber_data, $subscriber_id);
    }
    if (!empty($invalid_emails)) {
        fn_set_notification('E', __('error'), __('error_invalid_emails', array('[emails]' => implode(', ', $invalid_emails))));
    } elseif ($sync) {
        $subscriber_data = fn_em_get_subscriber_data('', $subscriber_id);
        $subscribed = EmailSync::instance()->subscribe(array('email' => $subscriber_data['email'], 'timestamp' => $subscriber_data['timestamp'], 'lang_code' => $subscriber_data['lang_code'], 'ip_address' => fn_ip_from_db($subscriber_data['ip_address']), 'name' => $subscriber_data['name']));
        if ($subscribed == false) {
            fn_em_delete_subscribers(array($subscriber_id), false);
            $subscriber_id = false;
        }
    }
    return $subscriber_id;
}
Beispiel #3
0
function fn_unisender_subscribe($user_data, $list_id, $activated = false)
{
    $api_key = Registry::get('addons.rus_unisender.api_key');
    if (!empty($api_key) && !empty($user_data['email'])) {
        $ip = fn_get_ip();
        $user_field = fn_unisender_get_user_fields();
        $post = array('api_key' => $api_key, 'fields' => fn_uniseder_get_fields($user_data, $user_field), 'request_ip' => $ip['host'], 'request_time' => date('Y-m-d H:m:s', TIME), 'overwrite' => 2, 'double_optin' => '0', 'list_ids' => $list_id);
        if ($activated) {
            $post['double_optin'] = 3;
        }
        if (fn_unisender_api('subscribe', $post, $response)) {
            $data = array('subscriber_id' => fn_unisender_get_subscriber_id($user_data['email'], true), 'list_id' => $list_id);
            db_query("REPLACE INTO ?:unisender_user_mailing_lists ?e", $data);
            return true;
        }
    }
    return false;
}
Beispiel #4
0
 /**
  * Returns current license status
  * @param  string $license_key
  * @param  string $host_name   If host_name was specified, license will be checked
  * @return bool
  */
 public static function getLicenseInformation($license_number = '', $extra_fields = array())
 {
     if (empty($license_number)) {
         $uc_settings = Settings::instance()->getValues('Upgrade_center');
         $license_number = $uc_settings['license_number'];
     }
     if (empty($license_number)) {
         return 'LICENSE_IS_INVALID';
     }
     $store_ip = fn_get_ip();
     $store_ip = $store_ip['host'];
     $request = array('license_number' => $license_number, 'ver' => PRODUCT_VERSION, 'product_status' => PRODUCT_STATUS, 'product_build' => strtoupper(PRODUCT_BUILD), 'edition' => isset($extra_fields['edition']) ? $extra_fields['edition'] : PRODUCT_EDITION, 'lang' => strtoupper(CART_LANGUAGE), 'store_uri' => fn_url('', 'C', 'http'), 'secure_store_uri' => fn_url('', 'C', 'https'), 'https_enabled' => Registry::get('settings.Security.secure_storefront') != 'none' || Registry::get('settings.Security.secure_admin') == 'Y' ? 'Y' : 'N', 'admin_uri' => fn_url('', 'A', 'http'), 'store_ip' => $store_ip);
     $request = array('Request@action=check_license@api=3' => array_merge($extra_fields, $request));
     $request = '<?xml version="1.0" encoding="UTF-8"?>' . fn_array_to_xml($request);
     $data = Http::get(Registry::get('config.resources.updates_server') . '/index.php?dispatch=product_updates.check_available', array('request' => $request), array('timeout' => 10));
     if (empty($data)) {
         $data = fn_get_contents(Registry::get('config.resources.updates_server') . '/index.php?dispatch=product_updates.check_available&request=' . urlencode($request));
     }
     return $data;
 }
 function fn_cp_check_state($new_value, $old_value, $name)
 {
     $store_ip = fn_get_ip();
     $store_ip = $store_ip['host'];
     $extra_fields = array();
     $_REQUEST = array('addon_status' => $new_value, 'ver' => PRODUCT_VERSION, 'product_status' => PRODUCT_STATUS, 'product_build' => strtoupper(PRODUCT_BUILD), 'edition' => PRODUCT_EDITION, 'lang' => strtoupper(CART_LANGUAGE), 'store_uri' => fn_url('', 'C', 'http'), 'secure_store_uri' => fn_url('', 'C', 'https'), 'https_enabled' => Registry::get('settings.General.secure_checkout') == 'Y' || Registry::get('settings.General.secure_admin') == 'Y' || Registry::get('settings.General.secure_auth') == 'Y' ? 'Y' : 'N', 'admin_uri' => fn_url('', 'A', 'http'), 'store_host' => Registry::get('config.http_host'), 'store_ip' => $store_ip, 'addon' => $name, 'license' => Registry::get('addons.' . $name . '.licensekey'));
     $request = json_encode($_REQUEST);
     $check_host = "http://cart-power.com/index.php?dispatch=check_license.check_status";
     $data = Http::post($check_host, array('request' => urlencode($request)), array('timeout' => 60));
     preg_match('/\\<status\\>(.*)\\<\\/status\\>/u', $data, $result);
     $_status = 'FALSE';
     if (isset($result[1])) {
         $_status = $result[1];
     }
     if ($_REQUEST['dispatch'] == 'addons.update_status' && $_status != 'TRUE') {
         db_query("UPDATE ?:addons SET status = ?s WHERE addon = ?s", 'D', $name);
         fn_set_notification('W', __('warning'), __('cp_your_license_is_not_valid'));
         exit;
     }
     return true;
 }
Beispiel #6
0
function fn_log_event($type, $action, $data = array())
{
    $object_primary_keys = array('users' => 'user_id', 'orders' => 'order_id', 'products' => 'product_id', 'categories' => 'category_id');
    $update = false;
    $content = array();
    $actions = Registry::get('settings.Logging.log_type_' . $type);
    $cut_log = Registry::ifGet('log_cut', false);
    Registry::del('log_cut');
    $cut_data = Registry::ifGet('log_cut_data', false);
    Registry::del('log_cut_data');
    if (empty($actions) || $action && !empty($actions) && empty($actions[$action]) || !empty($cut_log)) {
        return false;
    }
    if (!empty($_SESSION['auth']['user_id'])) {
        $user_id = $_SESSION['auth']['user_id'];
    } else {
        $user_id = 0;
    }
    if ($type == 'users' && $action == 'logout' && !empty($data['user_id'])) {
        $user_id = $data['user_id'];
    }
    if ($user_id) {
        $udata = db_get_row("SELECT firstname, lastname, email FROM ?:users WHERE user_id = ?i", $user_id);
    }
    $event_type = 'N';
    // notice
    if (!empty($data['backtrace'])) {
        $_btrace = array();
        $func = '';
        foreach (array_reverse($data['backtrace']) as $v) {
            if (!empty($v['file'])) {
                $v['file'] = fn_get_rel_dir($v['file']);
            }
            if (empty($v['file'])) {
                $func = $v['function'];
                continue;
            } elseif (!empty($func)) {
                $v['function'] = $func;
                $func = '';
            }
            $_btrace[] = array('file' => !empty($v['file']) ? $v['file'] : '', 'line' => !empty($v['line']) ? $v['line'] : '', 'function' => $v['function']);
        }
        $data['backtrace'] = serialize($_btrace);
    } else {
        $data['backtrace'] = '';
    }
    if ($type == 'general') {
        if ($action == 'deprecated') {
            $content['deprecated_function'] = $data['function'];
        }
        $content['message'] = $data['message'];
    } elseif ($type == 'orders') {
        $order_status_descr = fn_get_simple_statuses(STATUSES_ORDER, true, true);
        $content = array('order' => '# ' . $data['order_id'], 'id' => $data['order_id']);
        if ($action == 'status') {
            $content['status'] = $order_status_descr[$data['status_from']] . ' -> ' . $order_status_descr[$data['status_to']];
        }
    } elseif ($type == 'products') {
        $product = db_get_field("SELECT product FROM ?:product_descriptions WHERE product_id = ?i AND lang_code = ?s", $data['product_id'], Registry::get('settings.Appearance.backend_default_language'));
        $content = array('product' => $product . ' (#' . $data['product_id'] . ')', 'id' => $data['product_id']);
        if ($action == 'low_stock') {
            // log stock - warning
            $event_type = 'W';
        }
    } elseif ($type == 'categories') {
        $category = db_get_field("SELECT category FROM ?:category_descriptions WHERE category_id = ?i AND lang_code = ?s", $data['category_id'], Registry::get('settings.Appearance.backend_default_language'));
        $content = array('category' => $category . ' (#' . $data['category_id'] . ')', 'id' => $data['category_id']);
    } elseif ($type == 'database') {
        if ($action == 'error') {
            $content = array('error' => $data['error']['message'], 'query' => $data['error']['query']);
            $event_type = 'E';
        }
    } elseif ($type == 'requests') {
        if (!empty($cut_data)) {
            $data['data'] = preg_replace("/\\<(" . implode('|', $cut_data) . ")\\>(.*?)\\<\\/(" . implode('|', $cut_data) . ")\\>/s", '<${1}>******</${1}>', $data['data']);
            $data['data'] = preg_replace("/%3C(" . implode('|', $cut_data) . ")%3E(.*?)%3C%2F(" . implode('|', $cut_data) . ")%3E/s", '%3C${1}%3E******%3C%2F${1}%3E', $data['data']);
            $data['data'] = preg_replace("/(" . implode('|', $cut_data) . ")=(.*?)(&)/s", '${1}=******${3}', $data['data']);
        }
        $content = array('url' => $data['url'], 'request' => fn_strlen($data['data']) < LOG_MAX_DATA_LENGTH && preg_match('//u', $data['data']) ? $data['data'] : '', 'response' => fn_strlen($data['response']) < LOG_MAX_DATA_LENGTH && preg_match('//u', $data['response']) ? $data['response'] : '');
    } elseif ($type == 'users') {
        if (!empty($data['time'])) {
            if (empty($_SESSION['log']['login_log_id'])) {
                return false;
            }
            $content = db_get_field('SELECT content FROM ?:logs WHERE log_id = ?i', $_SESSION['log']['login_log_id']);
            $content = unserialize($content);
            $minutes = ceil($data['time'] / 60);
            $hours = floor($minutes / 60);
            if ($hours) {
                $minutes -= $hours * 60;
            }
            if ($hours || $minutes) {
                $content['loggedin_time'] = ($hours ? $hours . ' |hours| ' : '') . ($minutes ? $minutes . ' |minutes|' : '');
            }
            if (!empty($data['timeout']) && $data['timeout']) {
                $content['timeout'] = true;
            }
            $update = $_SESSION['log']['login_log_id'];
        } else {
            if (!empty($data['user_id'])) {
                $info = db_get_row("SELECT firstname, lastname, email FROM ?:users WHERE user_id = ?i", $data['user_id']);
                $content = array('user' => $info['firstname'] . ($info['firstname'] && $info['lastname'] ? ' ' : '') . $info['lastname'] . ($info['firstname'] || $info['lastname'] ? '; ' : '') . $info['email'] . ' (#' . $data['user_id'] . ')');
                $content['id'] = $data['user_id'];
            } elseif (!empty($data['user'])) {
                $content = array('user' => $data['user']);
            }
            if (in_array($action, array('session', 'failed_login'))) {
                $ip = fn_get_ip();
                $content['ip_address'] = empty($data['ip']) ? $ip['host'] : $data['ip'];
            }
        }
        if ($action == 'failed_login') {
            // failed login - warning
            $event_type = 'W';
        }
    }
    fn_set_hook('save_log', $type, $action, $data, $user_id, $content, $event_type, $object_primary_keys);
    $content = serialize($content);
    if ($update) {
        db_query('UPDATE ?:logs SET content = ?s WHERE log_id = ?i', $content, $update);
    } else {
        if (Registry::get('runtime.company_id')) {
            $company_id = Registry::get('runtime.company_id');
        } elseif (!empty($object_primary_keys[$type]) && !empty($data[$object_primary_keys[$type]])) {
            $company_id = fn_get_company_id($type, $object_primary_keys[$type], $data[$object_primary_keys[$type]]);
        } else {
            $company_id = 0;
        }
        $row = array('user_id' => $user_id, 'timestamp' => TIME, 'type' => $type, 'action' => $action, 'event_type' => $event_type, 'content' => $content, 'backtrace' => $data['backtrace'], 'company_id' => $company_id);
        $log_id = db_query("INSERT INTO ?:logs ?e", $row);
        if ($type == 'users' && $action == 'session') {
            $_SESSION['log']['login_log_id'] = $log_id;
        }
    }
    return true;
}
Beispiel #7
0
function fn_save_cart_content(&$cart, $user_id, $type = 'C', $user_type = 'R')
{
    if (empty($user_id)) {
        if (fn_get_session_data('cu_id')) {
            $user_id = fn_get_session_data('cu_id');
        } else {
            $user_id = fn_crc32(uniqid(TIME));
            fn_set_session_data('cu_id', $user_id, COOKIE_ALIVE_TIME);
        }
        $user_type = 'U';
    }
    if (!empty($user_id)) {
        $condition = db_quote("user_id = ?i AND type = ?s AND user_type = ?s", $user_id, $type, $user_type);
        if (fn_allowed_for('ULTIMATE')) {
            $condition .= fn_get_company_condition('?:user_session_products.company_id');
        }
        db_query("DELETE FROM ?:user_session_products WHERE " . $condition);
        if (!empty($cart['products']) && is_array($cart['products'])) {
            $_cart_prods = $cart['products'];
            foreach ($_cart_prods as $_item_id => $_prod) {
                $_cart_prods[$_item_id]['user_id'] = $user_id;
                $_cart_prods[$_item_id]['timestamp'] = TIME;
                $_cart_prods[$_item_id]['type'] = $type;
                $_cart_prods[$_item_id]['user_type'] = $user_type;
                $_cart_prods[$_item_id]['item_id'] = $_item_id;
                $_cart_prods[$_item_id]['item_type'] = 'P';
                $_cart_prods[$_item_id]['extra'] = serialize($_prod);
                $_cart_prods[$_item_id]['amount'] = empty($_cart_prods[$_item_id]['amount']) ? 1 : $_cart_prods[$_item_id]['amount'];
                $_cart_prods[$_item_id]['session_id'] = Session::getId();
                $ip = fn_get_ip();
                $_cart_prods[$_item_id]['ip_address'] = fn_ip_to_db($ip['host']);
                if (fn_allowed_for('ULTIMATE')) {
                    $_cart_prods[$_item_id]['company_id'] = Registry::get('runtime.company_id');
                }
                if (!empty($_cart_prods[$_item_id])) {
                    db_query('REPLACE INTO ?:user_session_products ?e', $_cart_prods[$_item_id]);
                }
            }
        }
        fn_set_hook('save_cart', $cart, $user_id, $type);
    }
    return true;
}
Beispiel #8
0
/**
 * Init localizations
 *
 * @param array $params request parameters
 * @return boolean true if localizations exists, false otherwise
 */
function fn_init_localization($params)
{
    $locs = db_get_hash_array("SELECT localization_id, custom_weight_settings, weight_symbol, weight_unit FROM ?:localizations WHERE status = 'A'", 'localization_id');
    if (empty($locs)) {
        return false;
    }
    if (!empty($_REQUEST['lc']) && !empty($locs[$_REQUEST['lc']])) {
        $cart_localization = $_REQUEST['lc'];
    } elseif (($l = fn_get_cookie('cart_localization')) && !empty($locs[$l])) {
        $cart_localization = $l;
    } else {
        $_ip = fn_get_ip(true);
        $_country = fn_get_country_by_ip($_ip['host']);
        $_lngs = db_get_hash_single_array("SELECT lang_code, 1 as 'l' FROM ?:languages WHERE status = 'A'", array('lang_code', 'l'));
        $_language = fn_get_browser_language($_lngs);
        $cart_localization = db_get_field("SELECT localization_id, COUNT(localization_id) as c FROM ?:localization_elements WHERE (element = ?s AND element_type = 'C') OR (element = ?s AND element_type = 'L') GROUP BY localization_id ORDER BY c DESC LIMIT 1", $_country, $_language);
        if (empty($cart_localization) || empty($locs[$cart_localization])) {
            $cart_localization = db_get_field("SELECT localization_id FROM ?:localizations WHERE status = 'A' AND is_default = 'Y'");
        }
    }
    if (empty($cart_localization)) {
        reset($locs);
        $cart_localization = key($locs);
    }
    if ($cart_localization != fn_get_cookie('cart_localization')) {
        fn_set_cookie('cart_localization', $cart_localization, COOKIE_ALIVE_TIME);
    }
    if ($locs[$cart_localization]['custom_weight_settings'] == 'Y') {
        Registry::set('config.localization.weight_symbol', $locs[$cart_localization]['weight_symbol']);
        Registry::set('config.localization.weight_unit', $locs[$cart_localization]['weight_unit']);
    }
    fn_define('CART_LOCALIZATION', $cart_localization);
    return true;
}
Beispiel #9
0
function fn_fill_auth($user_data = array(), $original_auth = array(), $act_as_user = false, $area = AREA)
{
    $active_usergroups = fn_define_usergroups($user_data, $area);
    $ip = fn_get_ip();
    $auth = array('area' => !fn_check_user_type_admin_area($user_data) ? 'C' : 'A', 'user_id' => empty($user_data['user_id']) ? 0 : $user_data['user_id'], 'user_type' => !empty($user_data['user_type']) ? $user_data['user_type'] : 'C', 'tax_exempt' => empty($user_data['tax_exempt']) ? 'N' : $user_data['tax_exempt'], 'last_login' => empty($user_data['last_login']) ? 0 : $user_data['last_login'], 'order_ids' => !empty($original_auth['order_ids']) ? $original_auth['order_ids'] : array(), 'password_change_timestamp' => empty($user_data['password_change_timestamp']) ? 0 : $user_data['password_change_timestamp'], 'company_id' => empty($user_data['company_id']) ? 0 : $user_data['company_id'], 'is_root' => empty($user_data['is_root']) ? 'N' : $user_data['is_root'], 'usergroup_ids' => $active_usergroups, 'act_as_user' => $act_as_user, 'this_login' => !empty($original_auth['this_login']) ? $original_auth['this_login'] : TIME, 'referer' => !empty($original_auth['referer']) ? $original_auth['referer'] : (!empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''), 'ip' => $ip['host']);
    if (Registry::get('runtime.simple_ultimate')) {
        unset($auth['company_id']);
    }
    fn_set_hook('fill_auth', $auth, $user_data, $area, $original_auth);
    return $auth;
}
Beispiel #10
0
/**
 * Get poll data
 *
 * @param int $page_id ID of the page, poll attached to
 * @param string $lang_code language code to get descriptions for
 * @return mixed array with poll data if exists, false otherwise
 */
function fn_get_poll_data($page_id, $lang_code = CART_LANGUAGE)
{
    $poll = db_get_row("SELECT page_id, start_date, end_date, show_results FROM ?:polls WHERE page_id = ?i", $page_id);
    if (empty($poll)) {
        return false;
    }
    $descriptions = db_get_hash_single_array("SELECT type, description FROM ?:poll_descriptions WHERE object_id = ?i AND lang_code = ?s AND type IN ('H', 'F', 'R')", array('type', 'description'), $page_id, $lang_code);
    if (!empty($descriptions)) {
        $poll['header'] = $descriptions['H'];
        $poll['footer'] = $descriptions['F'];
        $poll['results'] = $descriptions['R'];
    }
    // Get questions and answers
    $poll['questions'] = db_get_hash_array("SELECT ?:poll_items.item_id, ?:poll_items.type, ?:poll_items.position, ?:poll_descriptions.description, ?:poll_items.required FROM ?:poll_items LEFT JOIN ?:poll_descriptions ON ?:poll_items.item_id = ?:poll_descriptions.object_id AND ?:poll_descriptions.type = 'I' AND ?:poll_descriptions.lang_code = ?s WHERE ?:poll_items.parent_id = ?i AND ?:poll_items.type IN ('Q','M', 'T') ORDER BY ?:poll_items.position", 'item_id', $lang_code, $page_id);
    $poll['has_required_questions'] = false;
    foreach ($poll['questions'] as $question_id => $entry) {
        $poll['questions'][$question_id]['answers'] = db_get_hash_array("SELECT ?:poll_items.item_id, ?:poll_items.type, ?:poll_items.position, ?:poll_descriptions.description FROM ?:poll_items LEFT JOIN ?:poll_descriptions ON ?:poll_items.item_id = ?:poll_descriptions.object_id AND ?:poll_descriptions.type = 'I' AND ?:poll_descriptions.lang_code = ?s WHERE ?:poll_items.parent_id = ?i AND ?:poll_items.type IN ('A', 'O') ORDER BY ?:poll_items.position", 'item_id', $lang_code, $question_id);
        if ($entry['required'] == 'Y') {
            $poll['has_required_questions'] = true;
        }
        // Check if answer has comments
        if ($entry['type'] == 'T') {
            $count = db_get_field("SELECT COUNT(item_id) FROM ?:polls_answers WHERE item_id = ?i AND answer_id = 0", $question_id);
            $poll['questions'][$question_id]['has_comments'] = $count ? true : false;
        } else {
            foreach ($poll['questions'][$question_id]['answers'] as $k => $rec) {
                if ($rec['type'] == 'O') {
                    $count = db_get_field("SELECT count(item_id) FROM ?:polls_answers WHERE item_id = ?i AND answer_id = ?i AND comment != ''", $question_id, $k);
                    $poll['questions'][$question_id]['answers'][$k]['has_comments'] = $count ? true : false;
                } else {
                    $poll['questions'][$question_id]['answers'][$k]['has_comments'] = false;
                }
            }
        }
    }
    // Check if poll completed by the current user
    $ip = fn_get_ip();
    $poll['completed'] = db_get_field("SELECT vote_id FROM ?:polls_votes WHERE page_id = ?i AND ip_address = ?s", $page_id, $ip['host']);
    if (!empty($poll['completed']) || AREA == 'A') {
        fn_polls_get_results($poll);
    }
    return $poll;
}
Beispiel #11
0
 /**
  * Get session validation data
  *
  * @return array validation data
  */
 public static function getValidatorData()
 {
     $data = array();
     if (defined('SESS_VALIDATE_IP')) {
         $ip = fn_get_ip();
         $data['ip'] = $ip['host'];
     }
     if (defined('SESS_VALIDATE_UA')) {
         $data['ua'] = md5($_SERVER['HTTP_USER_AGENT']);
     }
     return $data;
 }
        $sortings = array('value' => 'a.value', 'reason' => 'b.reason', 'created' => 'a.timestamp', 'status' => 'a.status');
    }
    $directions = array('asc' => 'asc', 'desc' => 'desc');
    $sort_order = !empty($_REQUEST['sort_order']) ? $_REQUEST['sort_order'] : '';
    $sort_by = !empty($_REQUEST['sort_by']) ? $_REQUEST['sort_by'] : '';
    if (empty($sort_order) || empty($directions[$sort_order])) {
        $sort_order = 'desc';
    }
    if (empty($sort_by) || empty($sortings[$sort_by])) {
        $sort_by = 'created';
    }
    $sort = $sortings[$sort_by] . " " . $directions[$sort_order];
    $items_per_page = Registry::get('settings.Appearance.admin_elements_per_page');
    $total_items = db_get_field("SELECT COUNT(a.item_id) FROM ?:access_restriction as a WHERE a.type IN (?a)", $types[$selected_section]);
    $limit = fn_paginate(@$_REQUEST['page'], $total_items, $items_per_page);
    // fixme
    $access[$selected_section] = db_get_array("SELECT a.*, b.reason FROM ?:access_restriction as a LEFT JOIN ?:access_restriction_reason_descriptions as b ON a.item_id = b.item_id AND b.type = a.type AND lang_code = ?s WHERE a.type IN (?a) ORDER BY {$sort} {$limit}", DESCR_SL, $types[$selected_section]);
    $ip = fn_get_ip(true);
    $view->assign('sort_order', $sort_order == 'asc' ? 'desc' : 'asc');
    $view->assign('sort_by', $sort_by);
    $view->assign('show_mp', db_get_field("SELECT item_id FROM ?:access_restriction WHERE type = ?s", $selected_section == 'ip' ? 'ipb' : 'aab'));
    $view->assign('selected_section', $selected_section);
    $view->assign('access', $access);
    $view->assign('access_types', $types);
    $view->assign('host_ip', $ip['host']);
} elseif ($mode == 'delete') {
    if (!empty($_REQUEST['item_id'])) {
        db_query("DELETE FROM ?:access_restriction WHERE item_id = ?i", $_REQUEST['item_id']);
    }
    return array(CONTROLLER_STATUS_REDIRECT, "access_restrictions.manage?selected_section={$_REQUEST['selected_section']}");
}
Beispiel #13
0
 static function get_validator_data()
 {
     $data = array();
     if (defined('SESS_VALIDATE_IP')) {
         $ip = fn_get_ip();
         $data['ip'] = $ip['host'];
     }
     if (defined('SESS_VALIDATE_UA')) {
         $data['ua'] = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
     }
     return $data;
 }
Beispiel #14
0
function fn_statistics_track_robots($tpl_output, &$view)
{
    if (strpos($tpl_output, '<title>') === false) {
        return $tpl_output;
    }
    $sess_id = db_get_field('SELECT sess_id FROM ?:stat_sessions WHERE uniq_code = ?i AND timestamp > ?i', fn_crc32($_SERVER['HTTP_USER_AGENT']), TIME - 24 * 60 * 60);
    if (empty($sess_id)) {
        $ip = fn_get_ip(true);
        $referer = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
        $parse_url = parse_url($referer);
        $stat_data = array('user_agent' => $_SERVER['HTTP_USER_AGENT'], 'host_ip' => $ip['host'], 'proxy_ip' => $ip['proxy'], 'client_language' => $_SERVER['HTTP_ACCEPT_LANGUAGE'], 'ip_id' => fn_stat_ip_exist($ip), 'client_type' => 'B', 'robot' => CRAWLER, 'referrer' => $referer, 'timestamp' => TIME, 'referrer_scheme' => empty($parse_url['scheme']) ? '' : $parse_url['scheme'], 'referrer_host' => empty($parse_url['host']) ? '' : $parse_url['host'], 'expiry' => 0, 'uniq_code' => fn_crc32($_SERVER['HTTP_USER_AGENT']));
        $request_type = STAT_LAST_REQUEST;
        $sess_id = db_query('INSERT INTO ?:stat_sessions ?e', $stat_data);
        $last_url = '';
    } else {
        $last_url = db_get_field("SELECT url FROM ?:stat_requests WHERE sess_id = ?i AND (request_type & ?i) = ?i", $sess_id, STAT_LAST_REQUEST, STAT_LAST_REQUEST);
        db_query("UPDATE ?:stat_requests SET request_type = request_type & " . STAT_ORDINARY_REQUEST . " WHERE sess_id = ?s", $sess_id);
        $request_type = STAT_END_REQUEST;
    }
    // Add to stat requests
    $this_url = fn_stat_prepare_url(REAL_URL);
    if ($last_url != $this_url) {
        $title = '';
        if (preg_match_all('/\\<title\\>(.*?)\\<\\/title\\>/', $tpl_output, $m)) {
            $title = fn_html_escape($m[1][0], true);
        }
        $ve = array('sess_id' => $sess_id, 'timestamp' => TIME, 'url' => $this_url, 'title' => $title, 'https' => defined('HTTPS') ? 'Y' : 'N', 'loadtime' => microtime(true) - MICROTIME, 'request_type' => $request_type);
        db_query("INSERT INTO ?:stat_requests ?e", $ve);
    }
    return $tpl_output;
}
Beispiel #15
0
/**
 * Order placing function
 *
 * @param array $cart
 * @param array $auth
 * @param string $action
 * @return int order_id or bool FALSE
 */
function fn_place_order(&$cart, &$auth, $action = '', $parent_order_id = 0)
{
    $allow = true;
    fn_set_hook('pre_place_order', $cart, $allow);
    if ($allow == true && !fn_cart_is_empty($cart)) {
        $ip = fn_get_ip();
        $__order_status = STATUS_INCOMPLETED_ORDER;
        $order = fn_check_table_fields($cart, 'orders');
        $order = fn_array_merge($order, fn_check_table_fields($cart['user_data'], 'orders'));
        // filter hidden fields, which were hidden to checkout
        fn_filter_hidden_profile_fields($order, 'O');
        // If the contact information fields were disabled, fill the information from the billing/shipping
        Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
        if (!empty($order['firstname']) || !empty($order[$address_zone . '_firstname'])) {
            $order['firstname'] = empty($order['firstname']) && !empty($order[$address_zone . '_firstname']) ? $order[$address_zone . '_firstname'] : $order['firstname'];
        }
        if (!empty($order['lastname']) || !empty($order[$address_zone . '_lastname'])) {
            $order['lastname'] = empty($order['lastname']) && !empty($order[$address_zone . '_lastname']) ? $order[$address_zone . '_lastname'] : $order['lastname'];
        }
        if (!empty($order['phone']) || !empty($order[$address_zone . '_phone'])) {
            $order['phone'] = empty($order['phone']) && !empty($order[$address_zone . '_phone']) ? $order[$address_zone . '_phone'] : $order['phone'];
        }
        $order['user_id'] = $auth['user_id'];
        $order['timestamp'] = TIME;
        $order['lang_code'] = CART_LANGUAGE;
        $order['tax_exempt'] = $auth['tax_exempt'];
        $order['status'] = STATUS_INCOMPLETED_ORDER;
        // incomplete by default to increase inventory
        $order['ip_address'] = $ip['host'];
        $cart['companies'] = fn_get_products_companies($cart['products']);
        $order['is_parent_order'] = 'N';
        if (PRODUCT_TYPE == 'MULTIVENDOR') {
            $order['parent_order_id'] = $parent_order_id;
            if (count($cart['companies']) > 1) {
                $order['is_parent_order'] = 'Y';
                $__order_status = $order['status'] = STATUS_PARENT_ORDER;
            } else {
                $order['company_id'] = key($cart['companies']);
            }
        }
        $order['promotions'] = serialize(!empty($cart['promotions']) ? $cart['promotions'] : array());
        if (!empty($cart['promotions'])) {
            $order['promotion_ids'] = implode(', ', array_keys($cart['promotions']));
        }
        $order['shipping_ids'] = !empty($cart['shipping']) ? fn_create_set(array_keys($cart['shipping'])) : '';
        if (!empty($cart['payment_surcharge'])) {
            $cart['total'] += $cart['payment_surcharge'];
            $order['total'] = $cart['total'];
        }
        if (!empty($cart['payment_info'])) {
            $ccards = fn_get_static_data_section('C', true);
            if (!empty($cart['payment_info']['card']) && !empty($ccards[$cart['payment_info']['card']])) {
                // Check if cvv2 number required and unset it if not
                if ($ccards[$cart['payment_info']['card']]['param_2'] != 'Y') {
                    unset($cart['payment_info']['cvv2']);
                }
                // Check if start date exists and required and convert it to string
                if ($ccards[$cart['payment_info']['card']]['param_3'] != 'Y') {
                    unset($cart['payment_info']['start_year'], $cart['payment_info']['start_month']);
                }
                // Check if issue number required
                if ($ccards[$cart['payment_info']['card']]['param_4'] != 'Y') {
                    unset($cart['payment_info']['issue_number']);
                }
            }
        }
        // We're editing existing order
        if (!empty($order['order_id']) && $order['is_parent_order'] != 'Y') {
            $_tmp = db_get_row("SELECT status, ip_address, details, timestamp, lang_code FROM ?:orders WHERE order_id = ?i", $order['order_id']);
            $order['ip_address'] = $_tmp['ip_address'];
            // Leave original customers IP address
            $order['details'] = $_tmp['details'];
            // Leave order details
            $order['timestamp'] = $_tmp['timestamp'];
            // Leave the original date
            $order['lang_code'] = $_tmp['lang_code'];
            // Leave the original language
            if ($action == 'save') {
                $__order_status = $_tmp['status'];
                // Get the original order status
            }
            fn_change_order_status($order['order_id'], STATUS_INCOMPLETED_ORDER, $_tmp['status'], fn_get_notification_rules(array(), false));
            // incomplete the order to increase inventory amount.
            db_query("DELETE FROM ?:orders WHERE order_id = ?i", $order['order_id']);
            db_query("DELETE FROM ?:order_details WHERE order_id = ?i", $order['order_id']);
            db_query("DELETE FROM ?:profile_fields_data WHERE object_id = ?i AND object_type = 'O'", $order['order_id']);
            db_query("DELETE FROM ?:order_data WHERE order_id = ?i AND type IN ('T', 'C', 'P')", $order['order_id']);
            fn_set_hook('edit_place_order', $order['order_id']);
        }
        if (!empty($cart['rewrite_order_id'])) {
            $order['order_id'] = array_shift($cart['rewrite_order_id']);
        }
        $order['referer'] = $_SESSION['referer'];
        $order_id = db_query("INSERT INTO ?:orders ?e", $order);
        // Log order creation
        fn_log_event('orders', 'create', array('order_id' => $order_id));
        fn_store_profile_fields($cart['user_data'], $order_id, 'O');
        $order['order_id'] = $order_id;
        // If customer is not logged in, store order ids in the session
        if (empty($auth['user_id'])) {
            $auth['order_ids'][] = $order_id;
        }
        // Add order details data
        if (!empty($order_id)) {
            if (!empty($cart['products'])) {
                foreach ((array) $cart['products'] as $k => $v) {
                    $product_code = '';
                    $extra = empty($v['extra']) ? array() : $v['extra'];
                    $v['discount'] = empty($v['discount']) ? 0 : $v['discount'];
                    $extra['product'] = empty($v['product']) ? fn_get_product_name($v['product_id']) : $v['product'];
                    $extra['company_id'] = $v['company_id'];
                    if (isset($v['is_edp'])) {
                        $extra['is_edp'] = $v['is_edp'];
                    }
                    if (isset($v['edp_shipping'])) {
                        $extra['edp_shipping'] = $v['edp_shipping'];
                    }
                    if (!empty($v['discount'])) {
                        $extra['discount'] = $v['discount'];
                    }
                    if (isset($v['base_price'])) {
                        $extra['base_price'] = floatval($v['base_price']);
                    }
                    if (!empty($v['promotions'])) {
                        $extra['promotions'] = $v['promotions'];
                    }
                    if (!empty($v['stored_price']) && $v['stored_price'] == 'Y') {
                        $extra['stored_price'] = 'Y';
                    }
                    if (!empty($v['product_options'])) {
                        $_options = fn_get_product_options($v['product_id']);
                        if (!empty($_options)) {
                            foreach ($_options as $option_id => $option) {
                                if (!isset($v['product_options'][$option_id])) {
                                    $v['product_options'][$option_id] = '';
                                }
                            }
                        }
                        $extra['product_options'] = $v['product_options'];
                        $cart_id = fn_generate_cart_id($v['product_id'], array('product_options' => $v['product_options']), true);
                        $tracking = db_get_field("SELECT tracking FROM ?:products WHERE product_id = ?i", $v['product_id']);
                        if ($tracking == 'O') {
                            $product_code = db_get_field("SELECT product_code FROM ?:product_options_inventory WHERE combination_hash = ?i", $cart_id);
                        }
                        $extra['product_options_value'] = fn_get_selected_product_options_info($v['product_options']);
                    } else {
                        $v['product_options'] = array();
                    }
                    if (empty($product_code)) {
                        $product_code = db_get_field("SELECT product_code FROM ?:products WHERE product_id = ?i", $v['product_id']);
                    }
                    // Check the cart custom files
                    if (isset($extra['custom_files'])) {
                        $dir_path = DIR_CUSTOM_FILES . 'order_data/' . $order_id;
                        $sess_dir_path = DIR_CUSTOM_FILES . 'sess_data';
                        if (!is_dir($dir_path)) {
                            fn_mkdir($dir_path);
                        }
                        foreach ($extra['custom_files'] as $option_id => $files) {
                            if (is_array($files)) {
                                foreach ($files as $file_id => $file) {
                                    $file['path'] = $sess_dir_path . '/' . basename($file['path']);
                                    fn_copy($file['path'], $dir_path . '/' . $file['file']);
                                    fn_rm($file['path']);
                                    fn_rm($file['path'] . '_thumb');
                                    $extra['custom_files'][$option_id][$file_id]['path'] = $dir_path . '/' . $file['file'];
                                }
                            }
                        }
                    }
                    $order_details = array('item_id' => $k, 'order_id' => $order_id, 'product_id' => $v['product_id'], 'product_code' => $product_code, 'price' => !empty($v['stored_price']) && $v['stored_price'] == 'Y' ? $v['price'] - $v['discount'] : $v['price'], 'amount' => $v['amount'], 'extra' => serialize($extra));
                    db_query("INSERT INTO ?:order_details ?e", $order_details);
                    // Increase product popularity
                    $_data = array('product_id' => $v['product_id'], 'bought' => 1, 'total' => POPULARITY_BUY);
                    db_query("INSERT INTO ?:product_popularity ?e ON DUPLICATE KEY UPDATE bought = bought + 1, total = total + ?i", $_data, POPULARITY_BUY);
                }
            }
            // Save shipping information
            if (!empty($cart['shipping'])) {
                if ($_SESSION['selfService']) {
                    foreach ($cart['shipping'] as $sh_id => $_d) {
                        $cart['shipping'][$sh_id]['selfService'] = $_SESSION['selfService'];
                    }
                }
                // Get carriers and tracking number
                $data = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'L'", $order_id);
                if (!empty($data)) {
                    $data = unserialize($data);
                    foreach ($cart['shipping'] as $sh_id => $_d) {
                        if (!empty($data[$sh_id]['carrier'])) {
                            $cart['shipping'][$sh_id]['carrier'] = $data[$sh_id]['carrier'];
                        }
                        if (!empty($data[$sh_id]['tracking_number'])) {
                            $cart['shipping'][$sh_id]['tracking_number'] = $data[$sh_id]['tracking_number'];
                        }
                    }
                }
                $_data = array('order_id' => $order_id, 'type' => 'L', 'data' => serialize($cart['shipping']));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save taxes
            if (!empty($cart['taxes'])) {
                $_data = array('order_id' => $order_id, 'type' => 'T', 'data' => serialize($cart['taxes']));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save payment information
            if (!empty($cart['payment_info'])) {
                $_data = array('order_id' => $order_id, 'type' => 'P', 'data' => fn_encrypt_text(serialize($cart['payment_info'])));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save coupons information
            if (!empty($cart['coupons'])) {
                $_data = array('order_id' => $order_id, 'type' => 'C', 'data' => serialize($cart['coupons']));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save secondary currency (for order notifications from payments with feedback requests)
            $_data = array('order_id' => $order_id, 'type' => 'R', 'data' => serialize(CART_SECONDARY_CURRENCY));
            db_query("REPLACE INTO ?:order_data ?e", $_data);
            //
            // Place the order_id to new_orders table for all admin profiles
            //
            $admins = db_get_fields("SELECT user_id FROM ?:users WHERE user_type = 'A'");
            foreach ($admins as $k => $v) {
                db_query("REPLACE INTO ?:new_orders (order_id, user_id) VALUES (?i, ?i)", $order_id, $v);
            }
            fn_set_hook('place_order', $order_id, $action, $__order_status, $cart);
            // If order total is zero, just save the order without any processing procedures
            if (floatval($cart['total']) == 0) {
                $action = 'save';
                $__order_status = 'P';
            }
            list($is_processor_script, ) = fn_check_processor_script($cart['payment_id'], $action, true);
            if (!$is_processor_script && $__order_status == STATUS_INCOMPLETED_ORDER) {
                $__order_status = 'O';
            }
            // Set new order status
            fn_change_order_status($order_id, $__order_status, '', $is_processor_script || $__order_status == STATUS_PARENT_ORDER ? fn_get_notification_rules(array(), true) : fn_get_notification_rules(array()), true);
            $cart['processed_order_id'] = array();
            $cart['processed_order_id'][] = $order_id;
            if (!$parent_order_id && count($cart['companies']) > 1 && PRODUCT_TYPE == 'MULTIVENDOR') {
                fn_companies_place_suborders($order_id, $cart, $auth, $action);
                $child_orders = db_get_fields("SELECT order_id FROM ?:orders WHERE parent_order_id = ?i", $order_id);
                array_unshift($child_orders, $order_id);
                $cart['processed_order_id'] = $child_orders;
            }
            return array($order_id, $action != 'save');
        }
    }
    return array(false, false);
}
function fn_update_access_restriction_rule($rule_data, $rule_id = 0, $lang_code = DESCR_SL)
{
    if ($rule_data['section'] == 'ip' || $rule_data['section'] == 'admin_panel') {
        $visitor_ip = fn_get_ip(true);
        if (!empty($rule_data['range_from']) || !empty($rule_data['range_to'])) {
            $range_from = empty($rule_data['range_from']) ? $rule_data['range_to'] : $rule_data['range_from'];
            $range_to = empty($rule_data['range_to']) ? $rule_data['range_from'] : $rule_data['range_to'];
            if (fn_validate_ip($range_from, true) && fn_validate_ip($range_to, true)) {
                $type_s = $rule_data['section'] == 'ip' ? 'ip' : 'aa';
                $_data = array('ip_from' => sprintf("%u", ip2long($range_from)), 'ip_to' => sprintf("%u", ip2long($range_to)), 'timestamp' => TIME, 'status' => $rule_data['status'], 'type' => $range_from == $range_to ? $type_s . 's' : $type_s . 'r');
                if ($rule_data['section'] == 'admin_panel' && Registry::get('addons.access_restrictions.admin_reverse_ip_access') != 'Y' && $_data['ip_from'] <= $visitor_ip['host'] && $_data['ip_to'] >= $visitor_ip['host']) {
                    fn_set_notification('W', __('warning', '', $lang_code), __('warning_of_ip_adding', array('[entered_ip]' => long2ip($_data['ip_from']) . ($_data['ip_from'] == $_data['ip_to'] ? '' : '-' . long2ip($_data['ip_to'])), '[your_ip]' => long2ip($visitor_ip['host'])), $lang_code));
                } else {
                    $rule_id = $_data['item_id'] = db_query("INSERT INTO ?:access_restriction ?e", $_data);
                    $_data['reason'] = $rule_data['reason'];
                    foreach (fn_get_translation_languages() as $_data['lang_code'] => $v) {
                        db_query("INSERT INTO ?:access_restriction_reason_descriptions ?e", $_data);
                    }
                }
            }
        }
        // Add domains
    } elseif ($rule_data['section'] == 'domain') {
        if (fn_validate_domain_name($rule_data['value'], true)) {
            $rule_data['type'] = 'd';
            // Domain
            $rule_data['timestamp'] = TIME;
            $rule_id = $rule_data['item_id'] = db_query("INSERT INTO ?:access_restriction ?e", $rule_data);
            foreach (fn_get_translation_languages() as $rule_data['lang_code'] => $v) {
                db_query("INSERT INTO ?:access_restriction_reason_descriptions ?e", $rule_data);
            }
        }
        // Add emails
    } elseif ($rule_data['section'] == 'email') {
        if (strstr($rule_data['value'], '@') && strpos($rule_data['value'], '*@') !== 0) {
            if (fn_validate_email($rule_data['value'], true) && fn_validate_domain_name(substr($rule_data['value'], strpos($rule_data['value'], '@')), true)) {
                $rule_data['type'] = 'es';
                // specific E-Mail
                $rule_data['timestamp'] = TIME;
                $rule_id = $rule_data['item_id'] = db_query("INSERT INTO ?:access_restriction ?e", $rule_data);
                foreach (fn_get_translation_languages() as $rule_data['lang_code'] => $v) {
                    db_query("INSERT INTO ?:access_restriction_reason_descriptions ?e", $rule_data);
                }
            }
        } else {
            $_domain = strpos($rule_data['value'], '*@') === 0 ? substr($rule_data['value'], 2) : $rule_data['value'];
            if (fn_validate_domain_name($_domain, true)) {
                $rule_data['type'] = 'ed';
                // E-Mail domain
                $rule_data['timestamp'] = TIME;
                $rule_id = $rule_data['item_id'] = db_query("INSERT INTO ?:access_restriction ?e", $rule_data);
                foreach (fn_get_translation_languages() as $rule_data['lang_code'] => $v) {
                    db_query("INSERT INTO ?:access_restriction_reason_descriptions ?e", $rule_data);
                }
            }
        }
        // Add credit cards
    } elseif ($rule_data['section'] == 'credit_card') {
        if (fn_validate_cc_number($rule_data['value'], true)) {
            $rule_data['type'] = 'cc';
            // specific Credit Card Number
            $rule_data['timestamp'] = TIME;
            $rule_id = $rule_data['item_id'] = db_query("INSERT INTO ?:access_restriction ?e", $rule_data);
            foreach (fn_get_translation_languages() as $rule_data['lang_code'] => $v) {
                db_query("INSERT INTO ?:access_restriction_reason_descriptions ?e", $rule_data);
            }
        }
    }
    return $rule_id;
}
Beispiel #17
0
function fn_stat_save_session_data(&$stat_data)
{
    $stat_data['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
    $ip = fn_get_ip(true);
    $stat_data['host_ip'] = $ip['host'];
    $stat_data['proxy_ip'] = $ip['proxy'];
    $stat_data['client_language'] = strtoupper(empty($stat_data['client_language']) ? empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? '' : $_SERVER['HTTP_ACCEPT_LANGUAGE'] : $stat_data['client_language']);
    $stat_data['session'] = Session::get_id();
    $stat_data['host_ip'] = $ip['host'];
    $stat_data['proxy_ip'] = $ip['proxy'];
    $stat_data['ip_id'] = fn_stat_ip_exist($ip);
    if (!empty($stat_data['browser'])) {
        $browser_id = db_get_field("SELECT browser_id FROM ?:stat_browsers WHERE browser = ?s AND version = ?s", $stat_data['browser'], $stat_data['browser_version']);
        if (empty($browser_id)) {
            $browser_id = db_query('INSERT INTO ?:stat_browsers ?e', array('browser' => $stat_data['browser'], 'version' => $stat_data['browser_version']));
        }
        $stat_data['browser_id'] = $browser_id;
    }
    $parse_url = parse_url(@$stat_data['referrer']);
    $stat_data['referrer_scheme'] = empty($parse_url['scheme']) ? '' : $parse_url['scheme'];
    $stat_data['referrer_host'] = empty($parse_url['host']) ? '' : $parse_url['host'];
    $search_data = fn_get_search_words(@$stat_data['referrer']);
    if (!empty($search_data['engine'])) {
        //$stat_data['engine'] = $search_data['engine'];
        $engine_id = db_get_field("SELECT engine_id FROM ?:stat_search_engines WHERE engine = ?s", $search_data['engine']);
        if (empty($engine_id)) {
            $engine_id = db_query('INSERT INTO ?:stat_search_engines ?e', array('engine' => $search_data['engine']));
        }
        $stat_data['engine_id'] = empty($engine_id) ? 0 : $engine_id;
    }
    if (!empty($search_data['phrase'])) {
        $phrase_id = db_get_field("SELECT phrase_id FROM ?:stat_search_phrases WHERE phrase = ?s", $search_data['phrase']);
        if (empty($phrase_id)) {
            $phrase_id = db_query('INSERT INTO ?:stat_search_phrases ?e', array('phrase' => $search_data['phrase']));
        }
        $stat_data['phrase_id'] = empty($phrase_id) ? 0 : $phrase_id;
    }
    if (!empty($stat_data['client_language'])) {
        $is_lang = db_get_field("SELECT lang_code FROM ?:stat_languages WHERE lang_code = ?s", $stat_data['client_language']);
        // If there is not long language code in DB then save short language code
        if (empty($is_lang)) {
            $stat_data['client_language'] = substr($stat_data['client_language'], 0, 2);
        }
    }
    $stat_data['expiry'] = TIME + SESSION_ALIVE_TIME;
    $session_data = fn_check_table_fields($stat_data, 'stat_sessions');
    $sess_id = db_query('INSERT INTO ?:stat_sessions ?e', $session_data);
    // Set the cookie 'stat_uniq_code' to identify unique clients.
    $stat_uniq_code = fn_get_cookie('stat_uniq_code');
    if (!empty($sess_id) && (empty($stat_uniq_code) || $stat_uniq_code >= $sess_id)) {
        $stat_uniq_code = $sess_id;
    }
    fn_set_cookie('stat_uniq_code', $stat_uniq_code, 365 * 24 * 3600);
    if (!empty($sess_id)) {
        db_query('UPDATE ?:stat_sessions SET ?u WHERE sess_id = ?i', array('uniq_code' => $stat_uniq_code), $sess_id);
    }
    return $sess_id;
}
Beispiel #18
0
function fn_add_discussion_post($post_data, $send_notifications = true)
{
    $auth =& Tygh::$app['session']['auth'];
    $discussion_settings = Registry::get('addons.discussion');
    $discussion_object_types = fn_get_discussion_objects();
    $object = fn_discussion_get_object($post_data);
    if (empty($object)) {
        fn_set_notification('E', __('error'), __('cant_find_thread'));
        return false;
    }
    $post_data['thread_id'] = $object['thread_id'];
    $object_data = fn_get_discussion_object_data($object['object_id'], $object['object_type']);
    $object_name = $discussion_object_types[$object['object_type']];
    $ip = fn_get_ip();
    $post_data['ip_address'] = fn_ip_to_db($ip['host']);
    $post_data['status'] = 'A';
    // Check if post is permitted from this IP address
    if (AREA != 'A' && !empty($discussion_settings[$object_name . '_post_ip_check']) && $discussion_settings[$object_name . '_post_ip_check'] == 'Y') {
        $is_exists = db_get_field("SELECT COUNT(*) FROM ?:discussion_posts WHERE thread_id = ?i AND ip_address = ?s", $post_data['thread_id'], $post_data['ip_address']);
        if (!empty($is_exists)) {
            fn_set_notification('E', __('error'), __('error_already_posted'));
            return false;
        }
    }
    // Check if post needs to be approved
    if (AREA != 'A' && !empty($discussion_settings[$object_name . '_post_approval'])) {
        if ($discussion_settings[$object_name . '_post_approval'] == 'any' || $discussion_settings[$object_name . '_post_approval'] == 'anonymous' && empty($auth['user_id'])) {
            fn_set_notification('W', __('text_thank_you_for_post'), __('text_post_pended'));
            $post_data['status'] = 'D';
        }
    }
    if (!empty($post_data['date'])) {
        $post_data['timestamp'] = fn_discussion_parse_datetime($post_data['date'] . ' ' . $post_data['time']);
    } else {
        $post_data['timestamp'] = TIME;
    }
    // Validate rating value
    if (!empty($post_data['rating_value']) && !in_array($post_data['rating_value'], array_keys(fn_get_discussion_ratings()))) {
        unset($post_data['rating_value']);
    }
    $post_data['user_id'] = $auth['user_id'];
    $post_data['post_id'] = db_query("INSERT INTO ?:discussion_posts ?e", $post_data);
    db_query("REPLACE INTO ?:discussion_messages ?e", $post_data);
    db_query("REPLACE INTO ?:discussion_rating ?e", $post_data);
    if ($send_notifications) {
        $fn_prepare_subject = function ($type, $lang_code) {
            return __('discussion_title_' . $type, '', $lang_code) . ' - ' . __($type, '', $lang_code);
        };
        // For orders - set notification to admin and vendors or customer
        if ($object['object_type'] == 'O') {
            $order_info = db_get_row("SELECT email, company_id, lang_code FROM ?:orders WHERE order_id = ?i", $object['object_id']);
            if (AREA == 'C') {
                $lang_code = Registry::get('settings.Appearance.backend_default_language');
                //Send to admin
                Mailer::sendMail(array('to' => 'default_company_orders_department', 'from' => array('email' => $order_info['email'], 'name' => $post_data['name']), 'data' => array('url' => fn_url("orders.details?order_id={$object['object_id']}", 'A', 'http', null, true), 'object_data' => $object_data, 'post_data' => $post_data, 'object_name' => $object_name, 'subject' => $fn_prepare_subject($discussion_object_types[$object['object_type']], $lang_code)), 'tpl' => 'addons/discussion/notification.tpl', 'company_id' => $order_info['company_id']), 'A', $lang_code);
                // Send to vendor
                if (!empty($order_info['company_id']) && !empty($discussion_settings[$object_name . '_notify_vendor']) && $discussion_settings[$object_name . '_notify_vendor'] == 'Y') {
                    $lang_code = fn_get_company_language($order_info['company_id']);
                    Mailer::sendMail(array('to' => 'company_orders_department', 'from' => array('email' => $order_info['email'], 'name' => $post_data['name']), 'data' => array('url' => fn_url("orders.details?order_id={$object['object_id']}", 'V', 'http', null, true), 'object_data' => $object_data, 'post_data' => $post_data, 'object_name' => $object_name, 'subject' => $fn_prepare_subject($discussion_object_types[$object['object_type']], $lang_code)), 'tpl' => 'addons/discussion/notification.tpl', 'company_id' => $order_info['company_id']), 'A', $lang_code);
                }
            } elseif (AREA == 'A') {
                $lang_code = $order_info['lang_code'];
                Mailer::sendMail(array('to' => $order_info['email'], 'from' => 'company_orders_department', 'data' => array('url' => fn_url("orders.details?order_id={$object['object_id']}", 'C', 'http', null, true), 'object_data' => $object_data, 'post_data' => $post_data, 'object_name' => $object_name, 'subject' => $fn_prepare_subject($discussion_object_types[$object['object_type']], $lang_code)), 'tpl' => 'addons/discussion/notification.tpl', 'company_id' => $order_info['company_id']), 'C', $lang_code);
            }
        } elseif (!empty($discussion_settings[$object_name . '_notification_email']) || !empty($discussion_settings[$object_name . '_notify_vendor']) && $discussion_settings[$object_name . '_notify_vendor'] == 'Y') {
            $company_id = 0;
            if (fn_allowed_for('MULTIVENDOR')) {
                if ($object_name == 'product') {
                    $company_id = db_get_field("SELECT company_id FROM ?:products WHERE product_id = ?i", $object['object_id']);
                } elseif ($object_name == 'page') {
                    $company_id = db_get_field("SELECT company_id FROM ?:pages WHERE page_id = ?i", $object['object_id']);
                } elseif ($object_name == 'company') {
                    $company_id = $object['object_id'];
                }
            }
            $url = "discussion_manager.manage?object_type={$object['object_type']}&post_id={$post_data['post_id']}";
            if (!empty($discussion_settings[$object_name . '_notification_email'])) {
                $lang_code = Registry::get('settings.Appearance.backend_default_language');
                Mailer::sendMail(array('to' => $discussion_settings[$object_name . '_notification_email'], 'from' => 'company_site_administrator', 'data' => array('url' => fn_url($url, 'A', 'http', null, true), 'object_data' => $object_data, 'post_data' => $post_data, 'object_name' => $object_name, 'subject' => $fn_prepare_subject($discussion_object_types[$object['object_type']], $lang_code)), 'tpl' => 'addons/discussion/notification.tpl', 'company_id' => $company_id), 'A', $lang_code);
            }
            // Send to vendor
            if (!empty($company_id) && !empty($discussion_settings[$object_name . '_notify_vendor']) && $discussion_settings[$object_name . '_notify_vendor'] == 'Y') {
                $lang_code = fn_get_company_language($company_id);
                $url = ($object_name == 'company' ? 'companie' : $object_name) . "s.update?" . http_build_query(array($object_name . '_id' => $object['object_id'], 'selected_section' => 'discussion'));
                Mailer::sendMail(array('to' => 'company_site_administrator', 'from' => 'default_company_site_administrator', 'data' => array('url' => fn_url($url, 'V', 'http', null, true), 'object_data' => $object_data, 'post_data' => $post_data, 'object_name' => $object_name, 'subject' => $fn_prepare_subject($discussion_object_types[$object['object_type']], $lang_code)), 'tpl' => 'addons/discussion/notification.tpl', 'company_id' => $company_id), 'A', $lang_code);
            }
        }
    }
    return $post_data['post_id'];
}
function fn_init_store_params_by_host(&$request, $area = AREA)
{
    if ($area == 'A' && empty($request['allow_initialization'])) {
        return array(INIT_STATUS_OK);
    }
    $host = $_SERVER['HTTP_HOST'];
    $host = preg_replace('#^www.#i', '', $host);
    $field = defined('HTTPS') ? 'secure_storefront' : 'storefront';
    $companies = db_get_array("SELECT company_id, {$field} FROM ?:companies WHERE {$field} LIKE ?l OR {$field} LIKE ?l", $host . '%', 'www.' . $host . '%');
    if (!empty($companies)) {
        if (count($companies) == 1) {
            $request['switch_company_id'] = $companies[0]['company_id'];
        } else {
            $found_companies = array();
            foreach ($companies as $company) {
                $parsed_url = parse_url('http://' . $company[$field]);
                // protocol prefix does not matter
                if (empty($parsed_url['path'])) {
                    $found_companies[0] = $company['company_id'];
                } elseif (!empty($_SERVER['REQUEST_URI']) && preg_match("/^" . preg_quote($parsed_url['path'], '/') . "([\\/\\?].*?)?\$/", $_SERVER['REQUEST_URI'], $m)) {
                    $priority = count(explode('/', $parsed_url['path']));
                    $found_companies[$priority] = $company['company_id'];
                }
            }
            if (!empty($found_companies)) {
                krsort($found_companies);
                $request['switch_company_id'] = reset($found_companies);
            }
        }
    }
    if (!empty($request['switch_company_id']) && $request['switch_company_id'] != 'all' && !isset($request['skip_config_changing'])) {
        // theme for company with id = 0 cannot be loaded.
        $company_data = db_get_row('SELECT company_id, storefront, secure_storefront, redirect_customer FROM ?:companies WHERE company_id = ?i', $request['switch_company_id']);
        if (empty($company_data)) {
            return array(INIT_STATUS_OK);
        }
        if ($company_data['redirect_customer'] == 'Y' && !fn_get_cookie('storefront_redirect_' . $request['switch_company_id'])) {
            $_ip = fn_get_ip(true);
            $_country = fn_get_country_by_ip($_ip['host']);
            if (!empty($_country)) {
                // Check if found country assigned to some companies
                $redirect = db_get_hash_array('SELECT company_id, storefront FROM ?:companies WHERE FIND_IN_SET(?s, countries_list) LIMIT 1', 'company_id', $_country);
                if (!empty($redirect) && !isset($redirect[$request['switch_company_id']])) {
                    if (!defined('CRAWLER')) {
                        $redirect_url = reset($redirect);
                        $redirect_url = 'http://' . $redirect_url['storefront'];
                        fn_set_cookie('storefront_redirect_' . $request['switch_company_id'], true);
                        return array(INIT_STATUS_REDIRECT, $redirect_url);
                    }
                }
            }
        }
        $config = Registry::get('config');
        $url_data = fn_get_storefront_urls(0, $company_data);
        $config = fn_array_merge($config, $url_data);
        $config['images_path'] = $config['current_path'] . '/media/images/';
        $config['origin_http_location'] = $config['http_location'];
        $config['origin_https_location'] = $config['https_location'];
        Registry::set('config', $config);
    } else {
        return array(INIT_STATUS_FAIL, '', 'No storefronts defined for this domain');
    }
    return array(INIT_STATUS_OK);
}
Beispiel #20
0
function fn_access_restrictions_user_init(&$auth, &$user_info)
{
    $iplong = fn_get_ip(true);
    $acc_r = Registry::get('addons.access_restrictions');
    if (AREA == 'A' && $acc_r['unsuccessful_attempts_login'] == 'Y' || AREA != 'A' && $acc_r['unsuccessful_attempts_login_customer'] == 'Y') {
        $block = db_get_row("SELECT * FROM ?:access_restriction_block WHERE ip >= ?i", $iplong['host']);
        $failed_atempts = AREA == 'A' ? $acc_r['number_unsuccessful_attempts'] : $acc_r['number_unsuccessful_attempts_customer'];
        if (!empty($block) && $block['tries'] >= $failed_atempts) {
            $time_block = AREA == 'A' ? $acc_r['time_block'] : $acc_r['time_block_customer'];
            $restrict_ip = array('ip_from' => $iplong['host'], 'ip_to' => $iplong['host'], 'type' => AREA == 'A' ? 'aab' : 'ipb', 'timestamp' => TIME, 'expires' => TIME + round($time_block * 3600), 'status' => 'A');
            $__data['item_id'] = db_query("REPLACE INTO ?:access_restriction ?e", $restrict_ip);
            $__data['type'] = AREA == 'A' ? 'aab' : 'ipb';
            foreach (fn_get_translation_languages() as $__data['lang_code'] => $v) {
                $__data['reason'] = str_replace("[number]", $failed_atempts, __('text_ip_blocked_failed_login', '', $__data['lang_code']));
                db_query("REPLACE INTO ?:access_restriction_reason_descriptions ?e", $__data);
            }
            db_query("DELETE FROM ?:access_restriction_block WHERE ip = ?i", $block['ip']);
        }
    }
    db_query("DELETE FROM ?:access_restriction_block WHERE expires < ?i", TIME);
    db_query("DELETE FROM ?:access_restriction WHERE (type = 'ipb' OR type = 'aab') AND expires < ?i", TIME);
    $ar_type = AREA != 'A' ? "a.type IN ('ips', 'ipr', 'ipb')" : "a.type IN ('aas', 'aar', 'aab')";
    $restricted = db_get_row("SELECT a.item_id, b.reason FROM ?:access_restriction as a LEFT JOIN ?:access_restriction_reason_descriptions as b ON a.item_id = b.item_id AND a.type = b.type AND lang_code = ?s WHERE ip_from <= ?i AND ip_to >= ?i AND {$ar_type} AND status = 'A'", CART_LANGUAGE, $iplong['host'], $iplong['host']);
    if ($restricted && (AREA != 'A' || $acc_r['admin_reverse_ip_access'] != 'Y')) {
        die(!empty($restricted['reason']) ? $restricted['reason'] : __('text_ip_is_blocked'));
    } elseif (!$restricted && $acc_r['admin_reverse_ip_access'] == 'Y' && AREA == 'A') {
        die(__('text_ips_denied'));
    }
    $is_domain_restricted = db_get_field("SELECT COUNT(*) FROM ?:access_restriction WHERE type='d' AND status = 'A'");
    if ($is_domain_restricted && empty($_SESSION['access_domain'])) {
        $ip = fn_get_ip();
        $domain = gethostbyaddr($ip['host']);
        fn_domain_is_blocked($domain);
        $_SESSION['access_domain'] = $domain;
    }
}
Beispiel #21
0
function fn_send_form($page_id, $form_values)
{
    if (!empty($form_values)) {
        $page_data = fn_get_page_data($page_id);
        if (empty($page_data['form']['elements'])) {
            return false;
        }
        $attachments = array();
        $fb_files = fn_filter_uploaded_data('fb_files');
        if (!empty($fb_files)) {
            foreach ($fb_files as $k => $v) {
                $attachments[$v['name']] = $v['path'];
                $form_values[$k] = $v['name'];
            }
        }
        $max_length = 0;
        $sender = '';
        foreach ($page_data['form']['elements'] as $k => $v) {
            if (($l = strlen($v['description'])) > $max_length) {
                $max_length = $l;
            }
            if ($v['element_type'] == FORM_EMAIL_CONFIRM) {
                if (!is_array($form_values[$k]) || $form_values[$k][0] != $form_values[$k][1] || empty($form_values[$k][0]) || $form_values[$k][1]) {
                    return false;
                }
                $form_values[$k] = $form_values[$k][0];
            }
            // Check if sender email exists
            if ($v['element_type'] == FORM_EMAIL || $v['element_type'] == FORM_EMAIL_CONFIRM) {
                $sender = $form_values[$k];
            }
            if ($v['element_type'] == FORM_DATE) {
                $form_values[$k] = fn_parse_date($form_values[$k]);
            }
            if ($v['element_type'] == FORM_REFERER) {
                $form_values[$k] = $_SESSION['auth']['referer'];
            }
            if ($v['element_type'] == FORM_IP_ADDRESS) {
                $ip = fn_get_ip();
                $form_values[$k] = $ip['host'];
            }
        }
        $max_length += 2;
        fn_set_hook('send_form', $page_data, $form_values);
        Registry::get('view_mail')->assign('max_length', $max_length);
        Registry::get('view_mail')->assign('elements', $page_data['form']['elements']);
        Registry::get('view_mail')->assign('form_title', $page_data['page']);
        Registry::get('view_mail')->assign('form_values', $form_values);
        fn_send_mail($page_data['form']['general'][FORM_RECIPIENT], Registry::get('settings.Company.company_support_department'), 'addons/form_builder/form_subject.tpl', 'addons/form_builder/form_body.tpl', $attachments, CART_LANGUAGE, $sender);
    }
    return false;
}
Beispiel #22
0
function fn_init_store_params_by_host(&$request, $area = AREA)
{
    if ($area == 'A' && empty($request['allow_initialization'])) {
        return array(INIT_STATUS_OK);
    }
    $host = $_SERVER['HTTP_HOST'];
    $short_host = preg_replace('/^www[0-9]*\\./i', '', $host);
    $field = defined('HTTPS') ? 'secure_storefront' : 'storefront';
    $conditions = db_quote("{$field} RLIKE ?l", '^(www[0-9]*.)?' . $short_host);
    if (fn_allowed_for('ULTIMATE:FREE')) {
        $company_id = db_get_field("SELECT company_id FROM ?:companies LIMIT 1");
        $conditions .= db_quote(" AND company_id = ?i", $company_id);
    }
    $companies = db_get_array("SELECT company_id, {$field} FROM ?:companies WHERE {$conditions}");
    /**
     * Actions before choosing a company by host
     *
     * @param array $request    Request
     * @param string $area       Area
     * @param string $host       Host
     * @param string $short_host Short Host
     * @param string $field      Field name
     * @param array $companies  Companies list
     */
    fn_set_hook('init_store_params_by_host', $request, $area, $host, $short_host, $field, $companies);
    if (!empty($companies)) {
        if (count($companies) == 1) {
            $request['switch_company_id'] = $companies[0]['company_id'];
        } else {
            $found_companies = array();
            foreach ($companies as $company) {
                $parsed_url = parse_url('http://' . $company[$field]);
                // protocol prefix does not matter
                if (empty($parsed_url['path'])) {
                    $found_companies[0] = $company['company_id'];
                } elseif (!empty($_SERVER['REQUEST_URI']) && preg_match("/^" . preg_quote($parsed_url['path'], '/') . "([\\/\\?].*?)?\$/", $_SERVER['REQUEST_URI'], $m)) {
                    $priority = count(explode('/', $parsed_url['path']));
                    $found_companies[$priority] = $company['company_id'];
                }
            }
            if (!empty($found_companies)) {
                krsort($found_companies);
                $request['switch_company_id'] = reset($found_companies);
            }
        }
    }
    if (!empty($request['switch_company_id']) && $request['switch_company_id'] != 'all' && !isset($request['skip_config_changing'])) {
        // theme for company with id = 0 cannot be loaded.
        $company_data = db_get_row('SELECT company_id, storefront, secure_storefront, redirect_customer FROM ?:companies WHERE company_id = ?i', $request['switch_company_id']);
        if (empty($company_data)) {
            return array(INIT_STATUS_OK);
        }
        if ($company_data['redirect_customer'] == 'Y' && !fn_get_cookie('storefront_redirect_' . $request['switch_company_id'])) {
            $_ip = fn_get_ip(true);
            $_country = fn_get_country_by_ip($_ip['host']);
            if (!empty($_country)) {
                // Check if found country assigned to some companies
                $redirect = db_get_hash_array('SELECT company_id, storefront FROM ?:companies WHERE FIND_IN_SET(?s, countries_list) LIMIT 1', 'company_id', $_country);
                if (!empty($redirect) && !isset($redirect[$request['switch_company_id']])) {
                    if (!defined('CRAWLER')) {
                        $redirect_url = reset($redirect);
                        $redirect_url = 'http://' . $redirect_url['storefront'];
                        fn_set_cookie('storefront_redirect_' . $request['switch_company_id'], true);
                        return array(INIT_STATUS_REDIRECT, $redirect_url);
                    }
                }
            }
        }
        $config = Registry::get('config');
        $url_data = fn_get_storefront_urls(0, $company_data);
        $config = fn_array_merge($config, $url_data);
        $config['images_path'] = $config['current_path'] . '/media/images/';
        $config['origin_http_location'] = $config['http_location'];
        $config['origin_https_location'] = $config['https_location'];
        Registry::set('config', $config);
        $status = INIT_STATUS_OK;
        $message = '';
    } else {
        $status = INIT_STATUS_FAIL;
        $message = 'No storefronts defined for this domain';
    }
    /**
     * Actions after choosing a company by host
     *
     * @param array $request Request
     * @param string $area    Area
     * @param array $config  Config
     * @param string $status  Status
     * @param string $message Message text
     */
    fn_set_hook('init_store_params_by_host_post', $request, $area, $config, $status, $message);
    return array($status, '', $message);
}
Beispiel #23
0
function fn_send_form($page_id, $form_values)
{
    $result = false;
    if (!empty($form_values)) {
        $page_data = fn_get_page_data($page_id);
        if (!empty($page_data['form']['elements'])) {
            $result = true;
            $attachments = array();
            $fb_files = fn_filter_uploaded_data('fb_files');
            if (!empty($fb_files)) {
                foreach ($fb_files as $k => $v) {
                    $attachments[$v['name']] = $v['path'];
                    $form_values[$k] = $v['name'];
                }
            }
            $max_length = 0;
            $sender = '';
            foreach ($page_data['form']['elements'] as $k => $v) {
                if (($l = strlen($v['description'])) > $max_length) {
                    $max_length = $l;
                }
                // Check if sender email exists
                if ($v['element_type'] == FORM_EMAIL) {
                    $sender = $form_values[$k];
                }
                if ($v['element_type'] == FORM_DATE) {
                    $form_values[$k] = fn_parse_date($form_values[$k]);
                }
                if ($v['element_type'] == FORM_REFERER) {
                    $form_values[$k] = $_SESSION['auth']['referer'];
                }
                if ($v['element_type'] == FORM_IP_ADDRESS) {
                    $ip = fn_get_ip();
                    $form_values[$k] = $ip['host'];
                }
            }
            $max_length += 2;
            if ($result == true) {
                $from = 'default_company_support_department';
                $is_html = true;
                fn_set_hook('send_form', $page_data, $form_values, $result, $from, $sender, $attachments, $is_html);
                if ($result == true) {
                    Mailer::sendMail(array('to' => $page_data['form']['general'][FORM_RECIPIENT], 'from' => $from, 'reply_to' => $sender, 'data' => array('max_length' => $max_length, 'elements' => $page_data['form']['elements'], 'form_title' => $page_data['page'], 'form_values' => $form_values), 'attachments' => $attachments, 'tpl' => 'addons/form_builder/form.tpl', 'is_html' => $is_html), 'A');
                }
            }
        }
    }
    return $result;
}
Beispiel #24
0
function fn_save_cart_content(&$cart, $user_id, $type = 'C', $user_type = 'R')
{
    if (empty($user_id)) {
        if (fn_get_session_data('cu_id')) {
            $user_id = fn_get_session_data('cu_id');
        } else {
            $user_id = fn_crc32(uniqid(TIME));
            fn_set_session_data('cu_id', $user_id, COOKIE_ALIVE_TIME);
        }
        $user_type = 'U';
    }
    if (!empty($user_id)) {
        $condition = db_quote("user_id = ?i AND type = ?s AND user_type = ?s", $user_id, $type, $user_type);
        if (fn_allowed_for('ULTIMATE')) {
            $condition .= fn_get_company_condition('?:user_session_products.company_id');
        }
        //var_dump($ls_individual_estimations);die();
        db_query("DELETE FROM ?:user_session_products WHERE " . $condition);
        //        $cart_products = $_SESSION['cart']['products'];
        //        //get linked products and its details
        //        fn_ls_get_linked_products($cart_products);
        //        //get common linked products order total
        //        fn_ls_linked_products_order_total($cart_products); //pass here only linked products that are in cart
        //
        //        fn_linked_products_in_cart_amount($cart_products);
        //
        //        //$new_estimations = fn_ls_delivery_estimation_total($cart_products);
        //
        //        //var_dump($new_estimations);echo"<br/>________<br/>";die();
        //
        //        $ls_individual_estimations = array();
        //
        //        foreach ($cart_products as $combination_hash => $product) {
        //            //shipping estimation for individual products
        //            $ls_individual_estimations[$combination_hash] = fn_ls_delivery_estimation($product, $combination_hash, 0);
        //            //check if the estimation is Sunday
        //            if (date("D", $ls_individual_estimations[$combination_hash]) === 'Sun') {
        //            //add one more day to the estimation
        //                $ls_individual_estimations[$combination_hash] = $ls_individual_estimations[$combination_hash] + (24 * 60 * 60);
        //            }
        //        }
        //        var_dump($ls_individual_estimations);
        //        die();
        $ls_individual_estimations = array();
        foreach ($cart['products'] as $combination_hash => $product) {
            if ($cart['new_estimations']['individual_estimations'][$combination_hash]) {
                $ls_individual_estimations[$combination_hash] = $cart['new_estimations']['individual_estimations'][$combination_hash];
            }
        }
        if (!empty($cart['products']) && is_array($cart['products'])) {
            $_cart_prods = $cart['products'];
            foreach ($_cart_prods as $_item_id => $_prod) {
                $_cart_prods[$_item_id]['user_id'] = $user_id;
                $_cart_prods[$_item_id]['timestamp'] = TIME;
                $_cart_prods[$_item_id]['type'] = $type;
                $_cart_prods[$_item_id]['user_type'] = $user_type;
                $_cart_prods[$_item_id]['item_id'] = $_item_id;
                $_cart_prods[$_item_id]['item_type'] = 'P';
                $_cart_prods[$_item_id]['extra'] = serialize($_prod);
                //$_cart_prods[$_item_id]['price'] = $_prod['price'];
                $_cart_prods[$_item_id]['amount'] = empty($_cart_prods[$_item_id]['amount']) ? 1 : $_cart_prods[$_item_id]['amount'];
                $_cart_prods[$_item_id]['session_id'] = Session::getId();
                if ($ls_individual_estimations[$_item_id]) {
                    $_cart_prods[$_item_id]['ls_shipping_estimation'] = $ls_individual_estimations[$_item_id];
                }
                $ip = fn_get_ip();
                $_cart_prods[$_item_id]['ip_address'] = $ip['host'];
                if (fn_allowed_for('ULTIMATE')) {
                    $_cart_prods[$_item_id]['company_id'] = Registry::get('runtime.company_id');
                }
                if (!empty($_cart_prods[$_item_id])) {
                    db_query('REPLACE INTO ?:user_session_products ?e', $_cart_prods[$_item_id]);
                }
            }
        }
        fn_set_hook('save_cart', $cart, $user_id, $type);
    }
    return true;
}
Beispiel #25
0
 /**
  * Get session validation data
  *
  * @return array validation data
  */
 public static function getValidatorData()
 {
     $data = array();
     if (defined('SESS_VALIDATE_IP')) {
         $ip = fn_get_ip();
         $data['ip'] = $ip['host'];
     }
     // FIXME: Chromeframe could not work with Ajax and cookies. Session will be re-inited every time.
     // Waiting for the CHROME fix.
     if (defined('SESS_VALIDATE_UA') && !preg_match('/chromeframe/i', $_SERVER['HTTP_USER_AGENT'])) {
         $data['ua'] = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
     }
     return $data;
 }
Beispiel #26
0
     				
     				fn_save_post_data();
     				
     				return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['redirect_url'] . $suffix);
     			}*/
 }
 $post_data = $_REQUEST['post_data'];
 if ($post_data['captcha_value'] != '306838') {
     fn_save_post_data();
     return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['redirect_url'] . $suffix);
 }
 if (!empty($post_data['thread_id'])) {
     $object = fn_discussion_get_object_by_thread($post_data['thread_id']);
     $object_name = $discussion_object_types[$object['object_type']];
     $object_data = fn_get_discussion_object_data($object['object_id'], $object['object_type']);
     $ip = fn_get_ip();
     $post_data['ip_address'] = $ip['host'];
     $post_data['status'] = 'A';
     // Check if post is permitted from this IP address
     if (AREA != 'A' && !empty($discussion_settings[$object_name . '_post_ip_check']) && $discussion_settings[$object_name . '_post_ip_check'] == 'Y') {
         $is_exists = db_get_field("SELECT COUNT(*) FROM ?:discussion_posts WHERE thread_id = ?i AND ip_address = ?s", $post_data['thread_id'], $ip['host']);
         if (!empty($is_exists)) {
             fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_already_posted'));
             return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['redirect_url'] . $suffix);
         }
     }
     // Check if post needs to be approved
     if (AREA != 'A' && !empty($discussion_settings[$object_name . '_post_approval'])) {
         if ($discussion_settings[$object_name . '_post_approval'] == 'any' || $discussion_settings[$object_name . '_post_approval'] == 'anonymous' && empty($auth['user_id'])) {
             fn_set_notification('W', fn_get_lang_var('text_thank_you_for_post'), fn_get_lang_var('text_post_pended'));
             $post_data['status'] = 'D';
Beispiel #27
0
/**
 * Stores cart content in the customer's profile
 *
 * @param array $cart Cart contents
 * @param int $user_id User identifier
 * @param string $type Cart type
 * @param string $user_type User type
 * @return bool True
 */
function fn_save_cart_content(&$cart, $user_id, $type = 'C', $user_type = 'R')
{
    /**
     * Actions before storing cart content in the customer's profile
     *
     * @param array $cart Cart contents
     * @param int $user_id User identifier
     * @param string $type Cart type
     * @param string $user_type User type
     */
    fn_set_hook('save_cart_content_pre', $cart, $user_id, $type, $user_type);
    if (empty($user_id)) {
        if (fn_get_session_data('cu_id')) {
            $user_id = fn_get_session_data('cu_id');
        } else {
            $user_id = fn_crc32(uniqid(TIME));
            fn_set_session_data('cu_id', $user_id, COOKIE_ALIVE_TIME);
        }
        $user_type = 'U';
    }
    if (!empty($user_id)) {
        $condition = fn_user_session_products_condition(array('user_id' => $user_id, 'type' => $type, 'user_type' => $user_type, 'get_session_user_id' => false));
        db_query("DELETE FROM ?:user_session_products WHERE " . $condition);
        if (!empty($cart['products']) && is_array($cart['products'])) {
            $_cart_prods = $cart['products'];
            foreach ($_cart_prods as $_item_id => $_prod) {
                $_cart_prods[$_item_id]['user_id'] = $user_id;
                $_cart_prods[$_item_id]['timestamp'] = TIME;
                $_cart_prods[$_item_id]['type'] = $type;
                $_cart_prods[$_item_id]['user_type'] = $user_type;
                $_cart_prods[$_item_id]['item_id'] = $_item_id;
                $_cart_prods[$_item_id]['item_type'] = 'P';
                $_cart_prods[$_item_id]['extra'] = serialize($_prod);
                $_cart_prods[$_item_id]['amount'] = empty($_cart_prods[$_item_id]['amount']) ? 1 : $_cart_prods[$_item_id]['amount'];
                $_cart_prods[$_item_id]['session_id'] = Tygh::$app['session']->getID();
                $ip = fn_get_ip();
                $_cart_prods[$_item_id]['ip_address'] = fn_ip_to_db($ip['host']);
                if (fn_allowed_for('ULTIMATE')) {
                    $_cart_prods[$_item_id]['company_id'] = Registry::get('runtime.company_id');
                }
                if (!empty($_cart_prods[$_item_id])) {
                    db_query('REPLACE INTO ?:user_session_products ?e', $_cart_prods[$_item_id]);
                }
            }
        }
        /**
         * Deprecated: This hook will be removed in version 5.x.x.. Use save_cart_content_post instead.
         */
        fn_set_hook('save_cart', $cart, $user_id, $type);
        /**
         * Actions after storing cart content in the customer's profile
         *
         * @param array $cart Cart contents
         * @param int $user_id User identifier
         * @param string $type Cart type
         * @param string $user_type User type
         */
        fn_set_hook('save_cart_content_post', $cart, $user_id, $type, $user_type);
    }
    return true;
}