public function testBoolean()
{
isTrue(true);
isFalse(false);
isNull(null);
isNotNull(false);
isNotNull('');
isNotNull(0);
isNotNull(0.0);
}
if (!isNotNull($txtEmail)) {
$message .= "* Email cannot be empty! <br>";
} else {
if (!isValidEmail($txtEmail)) {
$message .= "* Invalid email! <br>";
}
}
/*---------Selecting the custom fields data if exists---------------*/
$select_custom_update = "SELECT cv.nvalue_id,cf.vrequired_custom_field,vcustom_field_name\n\t\t\t\t\t\t\t FROM " . $tableprefix . "custom_fields cf," . $tableprefix . "custom_fields_value cv\n\t\t\t\t\t\t\t WHERE cf.ncustom_id = cv.ncustom_field_id\n\t\t\t\t\t\t\t\t AND cf.vcustom_field_form_id = 1\n\t\t\t\t\t\t\t\t AND cv.ncustom_table_id = " . addslashes($userid) . "\n\t\t\t\t\t\t\t\t ORDER BY cf.vcustom_sort_order";
//echo $select_custom_data;
$result_custom_update = mysql_query($select_custom_update) or die(mysql_error());
if (mysql_num_rows($result_custom_update) > 0) {
while ($custom_update_row = mysql_fetch_array($result_custom_update)) {
$custom_name = "txtCustom_" . $custom_update_row['nvalue_id'];
if ($custom_update_row['vrequired_custom_field'] == 'Y') {
if (!isNotNull($_POST[$custom_name])) {
$message .= "* " . ucfirst($custom_update_row['vcustom_field_name']) . " cannot be empty ! <br>";
}
}
}
}
$qry2 = "select email from " . $tableprefix . "users where email='" . addslashes($txtEmail) . "' AND user_id <> '" . addslashes($userid) . "' ";
if (mysql_num_rows(mysql_query($qry2)) > 0) {
$message .= "* The email address '" . htmlentities($txtEmail) . "' is already in use!. <br>";
}
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
// no error so insert user details
$sql = "UPDATE " . $tableprefix . "users SET\n\t\t\tfirst_name = '" . addslashes($txtFirstName) . "',\n\t\t\tlast_name = '" . addslashes($txtLastName) . "',\n\t\t\taddress1 = '" . addslashes($txtAddress1) . "',\n\t\t\taddress2 = '" . addslashes($txtAddress2) . "',\n\t\t\tcity = '" . addslashes($txtCity) . "',\n\t\t\tstate = '" . addslashes($txtState) . "',\n\t\t\tcountry = '" . addslashes($ddlCountry) . "',\n\t\t\tphone = '" . addslashes($txtPhone) . "',\n\t\t\tfax = '" . addslashes($txtFAX) . "',\n\t\t\tzip = '" . addslashes($txtZIP) . "',\n\t\t\tnewsLetter = '" . addslashes($check_news) . "',\n\t\t\temail = '" . addslashes($txtEmail) . "'\n\t\t\tWHERE user_id = '" . addslashes($userid) . "'\n\t\t\t";
<?php
if ($_POST["postback"] == "Save Changes") {
$error = false;
$errormessage = "";
if (isNotNull($_POST["ddlCSS"])) {
$newid = $_POST["ddlCSS"];
$ddlCSS = $_POST["ddlCSS"];
$selectedid = $ddlCSS;
} else {
//user name null
$error = true;
$errormessage .= MESSAGE_STYLE_REQUIRED . "<br>";
}
if ($error) {
$errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage;
} else {
//no error so validate
$sql1 = " UPDATE sptbl_users ";
$sql1 .= " SET nCSSId = '" . mysql_real_escape_string($newid) . "' WHERE nUserId = '" . $_SESSION["sess_userid"] . "' ";
$result1 = executeQuery($sql1, $conn);
$message = true;
//update css
$sql = "Select vCSSURL from sptbl_css where nCSSId='" . mysql_real_escape_string($newid) . "'";
$result = executeSelect($sql, $conn);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$_SESSION["sess_cssurl"] = $row["vCSSURL"];
//$_SESSION["sess_cssurl"] = "./styles/AquaBlue/style.css";
}
//update css
<td valign=top align="left">
<textarea name="txtArtistDescription" class="textbox" rows="8" cols="80" ><?php
echo htmlentities(stripslashes($txtArtistDescription));
?>
</textarea>
</td>
</tr>
<tr><td colspan="3"> </td></tr>
<!--<tr><td align="left" valign=top ><?php
echo TEXT_VENDOR;
?>
Photo <span class="required">*</span></td><td > </td>
<td valign=top align="left" class="blackbartextCopy"><input type="file" name="artistphoto" id="artistphoto" size="40" class="textbox" > Best Size 100X100
<div align="left">
<?php
if (isNotNull($txtArtistPhoto)) {
?>
Existing: <img src="<?php
echo SITE_URL;
?>
/portfolios/<?php
echo $txtArtistPhoto;
?>
" height="100" width="100">
<br>
<input type="checkbox" class="checkbox" name="chkDeleteArtistPhoto"> Delete Existing
<br>
<?php
}
?>
$styleplus = $_POST["styleplus"];
}
$userId = $_SESSION['sess_userid'] ? $_SESSION['sess_userid'] : 0;
if ($_POST["ddlCategory"] != "") {
$ddlCategory = $_POST["ddlCategory"];
} else {
$ddlCategory = $_GET["ddlCategory"];
}
if ($_POST["ddlDepartment"] != "") {
$ddlDepartment = $_POST["ddlDepartment"];
} else {
$ddlDepartment = $_GET["ddlDepartment"];
}
$error = false;
$errormessage = "";
if (isNotNull($_GET["id"])) {
$kbid = $_GET["id"];
settype($kbid, integer);
$sql = " SELECT nKBID, vKBTitle, tKBDesc ";
$sql .= " FROM sptbl_kb ";
$sql .= " WHERE nKBID = '{$kbid}' ";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
$row = mysql_fetch_array($rs);
$title = $row["vKBTitle"];
$description = $row["tKBDesc"];
} else {
$error = true;
$errormessage = "";
}
} else {
} else {
header("Location:login.php");
exit;
}
if (isset($_REQUEST['stat']) && $_REQUEST['stat'] == 'Y') {
$message = "Your products and images saved successfully!.";
}
$maximagesizestringinPHP = ini_get("upload_max_filesize");
$maximagesizeinPHP = $maximagesizestringinPHP * (1024 * 1024);
$sql_artists = "select artist_id,artist_name from " . $tableprefix . "artists where vapproved='Y' ";
$rs_id = mysql_query($sql_artists) or die(mysql_error());
$numrows = mysql_num_rows($rs_id);
if (isset($_POST['btnSave']) && $_POST['btnSave'] != '') {
// check button for save
$message = "";
if (!isNotNull($_FILES['txtUploadZip']['name'])) {
$message .= "* Upload a CSV file ! <br>";
}
$sellerid = $_POST['seller'];
$uploadfile = ReplaceArrayImage($_FILES['txtUploadZip']['name']);
$types = array('csv');
preg_match('/\\.([a-zA-Z]+?)$/', $uploadfile, $matches);
if (!in_array(strtolower($matches[1]), $types)) {
// check file format is valid or not
$message .= "* Invalid file format for CSV file ! <br>";
}
// end format check
if (!empty($_FILES['txtUploadZip']['name'])) {
// moving files to folder
$filename = time() . strrchr(strtolower($_FILES['txtUploadZip']['name']), '.');
$tempFile = $_FILES['txtUploadZip']['tmp_name'];
$error = true;
$errormessage .= MESSAGE_COMPANY_REQUIRED . "<br>";
}
if (!isNotNull($var_departmentid)) {
$error = true;
$errormessage .= MESSAGE_DEPARTMENT_REQUIRED . "<br>";
}
if (!isNotNull($var_catid)) {
$error = true;
$errormessage .= MESSAGE_CATEGORY_REQUIRED . "<br>";
}
if (!isNotNull($var_kbtitle)) {
$error = true;
$errormessage .= MESSAGE_TITLE_REQUIRED . "<br>";
}
if (!isNotNull($var_kbdesc)) {
$error = true;
$errormessage .= MESSAGE_DESCRIPTION_REQUIRED . "<br>";
}
if (!$error) {
$sql = "UPDATE sptbl_kb SET nCatId= '" . mysql_real_escape_string($var_catid) . "', nStaffId = '" . mysql_real_escape_string($_SESSION["sess_staffid"]) . "', vKBTitle='" . mysql_real_escape_string($var_kbtitle) . "', ";
$sql .= " tKBDesc = '" . mysql_real_escape_string($var_kbdesc) . "', vStatus = '{$var_status}', vMetaTage_keyword = '" . mysql_real_escape_string($var_kbmetatagkeyword) . "' , vMetaTage_desc = '" . mysql_real_escape_string($var_kbmetatagdescription) . "'";
$sql .= "WHERE nKBID = '" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//updateRoute($var_catid);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Knowledgebase','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$message = true;
function loadCSS($userid)
{
global $conn;
if (isNotNull($userid)) {
$sql = " SELECT c.vCSSURL FROM sptbl_css c INNER JOIN sptbl_users u ON u.nCSSId = c.nCSSId ";
$sql .= " WHERE u.nUserId='" . mysql_real_escape_string($userid) . "'";
$result = executeSelect($sql, $conn);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$cssurl = $row["vCSSURL"];
} else {
$cssurl = "styles/helpdesk.css";
}
} else {
$cssurl = "styles/helpdesk.css";
}
return "<link href=\"{$cssurl}\" rel=\"stylesheet\" type=\"text/css\">";
}
} else {
if (!isValidEmail($txtEmail)) {
$message .= "* Invalid email! <br>";
}
}
$qry2 = "select email from " . $tableprefix . "users where email='" . addslashes($txtEmail) . "'";
if (mysql_num_rows(mysql_query($qry2)) > 0) {
$message .= "* The email address '{$txtEmail}' is already in use!. <br>";
}
/*custom fields null checking starts*/
$select_custom_qry = "SELECT * FROM " . $tableprefix . "custom_fields WHERE vcustom_display_field = 'Y'\n\t\t\t\t\t\t \t AND vcustom_delete_status !='Y' ORDER BY vcustom_sort_order";
$result_custom_qry = mysql_query($select_custom_qry) or die(mysql_error());
while ($custom_qry_row = mysql_fetch_array($result_custom_qry)) {
$field_name = 'custom_field_' . $custom_qry_row['ncustom_id'];
if ($custom_qry_row['vrequired_custom_field'] == 'Y') {
if (!isNotNull($_POST[$field_name])) {
$message .= "* " . ucfirst($custom_qry_row['vcustom_field_name']) . " cannot be empty ! <br>";
}
}
/*$insert_custom_fields = "INSERT INTO ".$tableprefix."custom_fields_value(ncustom_field_id,ncustom_table_id,vfield_name_value)
VALUES(".$custom_qry_row['ncustom_id'].","
.$userid.","
.GetSQLValueString($_POST[$field_name],"text").")";
mysql_query($insert_custom_fields) or die(mysql_error());*/
}
/*custom fields null checking ends*/
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
} else {
$content = "Message :" . stripslashes($txtMessage) . "<br><br>";
}
$content_db = stripslashes($txtMessage);
if (!isNotNull($contact_name)) {
$message .= "* Contact name cannot be empty! <br>";
}
if (!isNotNull($email_address)) {
$message .= "* Email address cannot be empty! <br>";
} elseif (!isValidEmail($email_address)) {
$message .= "* Email address cannot be invalid! <br>";
}
if (!isNotNull($subject)) {
$message .= "* Subject cannot be empty! <br>";
}
if (!isNotNull($txtMessage)) {
$message .= "* Message cannot be empty! <br>";
}
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
// no error so insert user details
//echo "SELECT * FROM artists WHERE artist_id = '".$artistid."'";
////// sent message to seller....
$sql = "SELECT * FROM " . $tableprefix . "artists WHERE artist_id = '" . $sellerid . "'";
$rs = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($rs) > 0) {
$sell = mysql_fetch_array($rs);
$sell_email = $sell['email'];
$sellerName = stripslashes($sell['first_name']) . ' ' . stripslashes($sell['last_name']);
function makeChildList($currid, $count)
{
static $childlist = "";
if (!isNotNull($deptid)) {
$deptid = 0;
}
if (!isset($current_parentcat_id)) {
$current_parentcat_id = 0;
}
$count = $count + 1;
$sql = "select nDeptId as id,vDeptDesc as name from sptbl_depts where nDeptParent={$currid} ";
$get_options = mysql_query($sql);
$num_options = mysql_num_rows($get_options);
if ($num_options > 0) {
while (list($child_id, $child_name) = mysql_fetch_row($get_options)) {
$childlist .= "" . $child_id . ",";
makeChildList($child_id, $count);
}
}
return $childlist;
}
}
}
if (isset($_SESSION["sess_userid"]) && $_SESSION["sess_userid"] != "") {
$userid = $_SESSION["sess_userid"];
} else {
header("Location:login.php?action=postartistfeedback&artistid={$artistid}&productid={$productid}");
exit;
}
if ($artistid == '') {
header("Location:categorydetail.php");
exit;
}
if ($_POST["btnPostFeedback"] == "Post Feedback") {
$txtFeedback = $_POST["txtFeedback"];
$ddlRating = $_POST["ddlRating"];
if (!isNotNull($txtFeedback)) {
$message .= "* Feedback cannot be empty! <br>";
}
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
// no error so insert user details
$sql = "INSERT INTO " . $tableprefix . "artist_feedbacks (\n\t\t\t\tfeedback_content,\n\t\t\t\trating,\n\t\t\t\tuser_id,\n\t\t\t\tartist_id,\n\t\t\t\tdate_added,\n\t\t\t\tpublished\n\n\t\t\t\t) VALUES (\n\t\t\t\t'" . addslashes($txtFeedback) . "',\n\t\t\t\t'" . addslashes($ddlRating) . "',\n\t\t\t\t'" . addslashes($userid) . "',\n\t\t\t\t'" . addslashes($artistid) . "',\n\t\t\t\tnow(),\n\t\t\t\t'N')\n\t\t\t\t";
//echo $sql;
$message = "Thank you for posting your valuable feedback about <b>" . getArtistName($artistid) . "</b>";
$message .= "<br>Your feedback is pending for review and approval by the administrator";
mysql_query($sql);
$txtFeedback = "";
$ddlRating = "";
}
if (isset($_GET["smid"]) and $_GET["smid"] != "") {
$smid = $_GET["smid"];
} else {
if (isset($_POST["smid"]) and $_POST["smid"] != "") {
$smid = $_POST["smid"];
}
}
$txtSMName = $_POST["txtSMName"];
$chkPublished = $_POST["chkPublished"];
if ($chkPublished == "on") {
$chkPublished = "Y";
} else {
$chkPublished = "N";
}
if ($_POST["btnSaveChanges"] == "Save Changes") {
if (!isNotNull($txtSMName)) {
$message = "* Shipping Method Name cannot be empty!<br>";
} else {
$logofilename = $_FILES['txtSMLogo']['name'];
$logofiletype = $_FILES['txtSMLogo']['type'];
$logotempname = $_FILES['txtSMLogo']['tmp_name'];
if ($_FILES['txtSMLogo']['name'] != "") {
if (!isValidWebImageType($logofiletype, $logofilename, $logotempname)) {
$message .= " * Invalid Shipping Logo file ! Upload an image (jpg/gif/bmp/png)" . "<br>";
$error = true;
} else {
$logoimagedest = "../products/" . "sm_" . time() . $logofilename;
if (move_uploaded_file($_FILES['txtSMLogo']['tmp_name'], $logoimagedest)) {
chmod($logoimagedest, 0777);
} else {
$logoimagedest = "";
?>
</div></td>
</tr>
<tr><td colspan="3"> </td></tr>
<tr>
<td width="13%" align="left"> </td>
<td width="26%" align="left" class="toplinks" valign="top"><?php
echo TEXT_TO;
?>
<font style="color:#FF0000; font-size:9px">*</font> </td>
<td width="61%" align="left">
<?php
$staffcompanies = getStaffCompanies($_SESSION["sess_staffid"]);
$ddl = "";
if (isNotNull($staffcompanies)) {
echo "<select name=\"ddlEmails[]\" id=\"ddlEmail\" class=\"comm_input input_width1a\" style=\"width:300px; height:60px!important;\" MULTIPLE size=\"10\">";
$var_listnew = makeEmailList($staffcompanies);
if (count($var_listnew) > 0) {
foreach ($var_listnew as $key => $value) {
$ddl .= "<option value=\"{$key}\"";
if ($ddlEmails == "{$key}") {
$ddl .= " selected=\"selected\"";
}
$ddl .= ">" . $value . "</option>\n";
}
echo $ddl;
}
echo "</select>";
//echo makeDropDownList("ddlEmails[]",makeEmailList($staffcompanies),$ddlEmails,false, "textbox", "\" MULTIPLE size=10 style=\"width:300px;\" id=\"ddlEmail","" );
} else {
}
}
}
if ($picbigtype != "") {
if (!isValidWebImageType($picbigtype, $picbigfilename, $picbigtempname)) {
$message .= " * Invalid product picture (big)! Upload an image (jpg/gif/png)" . "<br>";
$error = true;
} else {
if (file_exists($picbigdest)) {
$message .= " * Product picture (big) with the same name exists! Please rename the product picture (big) and upload! " . "<br>";
$error = true;
}
}
}
/*----Digital Product Block Starts-------*/
if (isNotNull($_FILES['txtProductZip']['name'])) {
$uploadfile = ReplaceArrayImage($_FILES['txtProductZip']['name']);
$types = array('zip', 'pdf', 'rar', 'psd', 'opf', 'azw', 'lit', 'pdb', 'pkg', 'mp3', 'mpeg', 'mp4', 'avi');
preg_match('/\\.([a-zA-Z]+?)$/', $uploadfile, $matches);
if (!in_array(strtolower($matches[1]), $types)) {
// check file format is valid or not
$message .= "* Invalid file format for Digital Product! <br>";
}
// end format check
}
/*----Digital Product Block Ends-------*/
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
// no error so insert user details
}
if ($_POST['ship_state'] == '' && $_POST['bill_state'] == '') {
$message .= "* Shipping State cannot be empty!<br>";
}
if ($_POST['ship_state'] == '') {
if ($_POST['bill_state'] != '') {
$txtShippingState = $_POST['bill_state'];
}
}
if (!isNotNull($ddlShippingCountry)) {
$message .= "* Shipping Country cannot be empty!<br>";
}
if (!isNotNull($txtShippingZIP)) {
$message .= "* Shipping ZIP cannot be empty!<br>";
}
if (!isNotNull($txtShippingEmail)) {
$message .= "* Shipping Email cannot be empty!<br>";
} else {
if (!isValidEmail($txtShippingEmail)) {
$message .= "* Invalid Shipping Email!<br>";
}
}
}
}
$quantitiesadjusted = adjustQuantities($userid);
if ($quantitiesadjusted) {
$message .= "<br>Some items were low on stock/just sold out! Such Item(s) deleted/Quantities adjusted from your cart!";
}
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
function makeEmailList($complist)
{
static $options;
global $conn;
if (isNotNull($complist)) {
$sql = "SELECT nUserId, vEmail";
$sql .= " FROM sptbl_users ";
$sql .= " WHERE nCompId IN (" . $complist . ") ";
//echo $sql;
$resoptions = mysql_query($sql);
$numoptions = mysql_num_rows($resoptions);
if ($numoptions > 0) {
while (list($uid, $uemail) = mysql_fetch_row($resoptions)) {
$options[$uid] = htmlentities($uemail);
}
}
} else {
$options = "";
}
return $options;
}
exit;
}
if (isset($_GET["artistid"]) and $_GET["artistid"] != "") {
$artistid = $_GET["artistid"];
} else {
if (isset($_POST["artistid"]) and $_POST["artistid"] != "") {
$artistid = $_POST["artistid"];
}
}
if (isset($_POST["portfolioid"]) and $_POST["portfolioid"] != "") {
$portfolioid = $_POST["portfolioid"];
}
$txtArtistDescription = trim($_POST["txtArtistDescription"]);
if ($_POST["btnSaveChanges"] == "Save Changes") {
$message = "";
if (!isNotNull($txtArtistDescription)) {
$message .= "* Vendor policies is required! <br>";
}
if ($message == "") {
if (isset($portfolioid) and $portfolioid != "") {
$sql = "UPDATE " . $tableprefix . "artist_portfolios SET \n\t\t\t\tartist_policies = '" . addslashes($txtArtistDescription) . "'\n\t\t\t\t";
$sql .= " WHERE artist_portfolio_id= '" . addslashes($portfolioid) . "' AND artist_id = '" . addslashes($artistid) . "' ";
mysql_query($sql);
$message = "Vendor policies was updated successfully!";
} else {
$sql = "INSERT INTO " . $tableprefix . "artist_portfolios\n\t\t\t\t\t(\n\t\t\t\t\tartist_id,\n\t\t\t\t\tartist_policies\n\t\t\t\t\t)VALUES(\n\t\t\t\t\t'" . addslashes($artistid) . "',\n\t\t\t\t\t'" . addslashes($txtArtistDescription) . "'\n\t\t\t\t\t)";
mysql_query($sql);
$portfolioid = mysql_insert_id();
$message = "Vendor policies was created successfully!";
}
//mysql_query($sql);
} else {
header("Location:login.php");
exit;
}
$txtSubject = trim(stripslashes($_POST["txtSubject"]));
$txtMailContent = trim(stripslashes($_POST["txtMailContent"]));
$ddlArtist = $_POST["ddlArtist"];
if ($_POST["btnSendMail"] == "Send Mail") {
$message = "";
if (!isNotNull($txtSubject)) {
$message .= "* Subject cannot be empty!<br>";
}
if (!isNotNull($txtMailContent)) {
$message .= "* Mail Content cannot be empty!<br>";
}
if (!isNotNull($ddlArtist)) {
$message .= "* Please select the Users to send the mail!<br>";
}
if ($message == "") {
$sellerlist = $_POST['ddlArtist'];
foreach ($_POST['ddlArtist'] as $sellerlist) {
$artistlist[] = $sellerlist;
//$sellerlist[]= $ddlArtist[$count_start] . ",";
}
$artistlist = join(",", $artistlist);
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$headers .= "From: " . SITE_EMAIL . "<" . SITE_EMAIL . ">" . "\r\n";
$headers .= 'Bcc: ';
/*---------Multicart 2.0 Upgradation-----------*/
/*$sqlemails_to = "SELECT email,first_name,last_name
?>
'>Payment Status</a></th>
</tr>
<?php
if (isset($_GET["sort"])) {
$sql = " SELECT sp.*,s.artist_name FROM " . $tableprefix . "artist_payments sp\n\t\tINNER JOIN " . $tableprefix . "artists s ON sp.artist_id = s.artist_id\n INNER JOIN " . $tableprefix . "orders o ON o.order_id = sp.order_id" . $qryopt . "\n\t\tWHERE sp.artist_id = '" . addslashes($artistid) . "' AND o.vpayment_status='C'" . $qrybtw . "order by " . $_GET["sortcol"] . " " . $_GET["sort"];
$sql = $sql . $query_string;
$rs = mysql_query($sql) or die(mysql_error());
}
if (mysql_num_rows($result) > 0) {
$i = 1;
$total = 0;
while ($row = mysql_fetch_array($rs)) {
$link = "<a href='viewpayment.php?paymentid=" . $row["artist_payment_id"] . "'>";
$txtPaymentDate = isNotNull($row["payment_date"] and $row["payment_date"] != "0000-00-00") ? dateFormat($row["payment_date"], "Y-m-d", "m/d/Y") : " Not Yet Settled;";
if ($row['payment_status'] == 'P') {
$Paymentstatus = 'Pending';
} else {
$Paymentstatus = 'Paid';
}
$qryopt1 = " ";
$taxtotal = 0;
$sql1 = "SELECT o.*, u.user_name, u.email, od.product_discount,sum( (od.product_price-(od.product_price*product_discount/100)) * od.product_quantity) as total,sum(od.product_tax)as taxtotal\n\t\tFROM " . $tableprefix . "orders o\n\t\tINNER JOIN " . $tableprefix . "users u ON o.user_id = u.user_id\n\t\tINNER JOIN " . $tableprefix . "order_details od ON o.order_id = od.order_id\n\t\tWHERE od.artist_id = '" . addslashes($artistid) . "'\n AND o.order_id = " . $row['order_id'] . "\n\t\tAND o.vpayment_status != 'P'" . $qryopt1 . " GROUP BY o.order_id ORDER BY o.order_date,o.order_id DESC ";
$sellerCurrency = getSellerCurrencySybol($artistid);
$result1 = mysql_query($sql1);
if (mysql_num_rows($result1) != 0) {
$row1 = mysql_fetch_array($result1);
$ordernumber = $row1["order_id"];
$username = $row1["user_name"];
if ($row1['vorder_currency'] != $sellerCurrency and $row1['vorder_currency'] != "USD") {
}
if (isNotNull($_POST["txtName"])) {
$name = $_POST["txtName"];
} else {
//user name null
$error = true;
$errormessage .= MESSAGE_NAME_REQUIRED . "<br>";
}
if (isNotNull($_POST["ddlCompany"])) {
$company = $_POST["ddlCompany"];
} else {
//user Company null
$error = true;
$errormessage .= MESSAGE_COMPANY_REQUIRED . "<br>";
}
if (isNotNull($_POST["txtEmail"])) {
$email = $_POST["txtEmail"];
if (!isValidEmail($email)) {
$error = true;
$errormessage .= MESSAGE_INVALID_EMAIL . "<br>";
} elseif (!isUniqueEmail($email, 0, $company)) {
$error = true;
$errormessage .= MESSAGE_NONUNIQUE_EMAIL . "<br>";
}
} else {
//user Email null
$error = true;
$errormessage .= MESSAGE_EMAIL_REQUIRED . "<br>";
}
if ($error) {
$errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage;
$ticketerrormessage = MESSAGE_NO_MATCH_FOUND;
}
}
} elseif ($_GET["mt"] == "y") {
if (isNotNull($_GET["email"])) {
$email = trim($_GET["email"]);
if (!isValidEmail($email)) {
$ticketerror = true;
$ticketerrormessage .= MESSAGE_INVALID_EMAIL . "<br>";
}
} else {
//user Email null
$ticketerror = true;
$ticketerrormessage .= MESSAGE_EMAIL_REQUIRED . "<br>";
}
if (isNotNull($_GET["ref"])) {
$ticketref = $_GET["ref"];
} else {
//
$ticketerror = true;
$ticketerrormessage .= MESSAGE_TICKET_REF_REQUIRED . "<br>";
}
if ($ticketerror) {
$ticketerrormessage = MESSAGE_ERRORS_FOUND . "<br>" . $ticketerrormessage;
} else {
//no error so validate
$sql = "SELECT u.nUserId ,u.vEmail ,t.nTicketId, t.vRefNo, t.vTitle\n\t\t FROM sptbl_users u INNER JOIN sptbl_tickets t on u.nUserId = t.nUserId ";
$sql .= " WHERE u.vEmail = '" . mysql_real_escape_string($email) . "' and t.vRefNo ='" . mysql_real_escape_string($ticketref) . "' and t.vDelStatus = '0' ";
$result = executeSelect($sql, $conn);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
echo $total;
?>
</b></font></td></tr>
<tr bgcolor="#FFFFFF"><td align="center" colspan="7"><?php
echo $navigate[2];
?>
</td></tr>
<tr bgcolor="#FFFFFF"><td align="center" colspan="7"> </td></tr>
<tr class=listingband>
<td colspan="7"> </td>
</tr>
<tr bgcolor="#FFFFFF">
<td colspan="7" align="center">
<?php
if (isNotNull($check)) {
?>
<input type="submit" class="button" name="btnSettleSelected" value="Settle Selected" >
<?php
}
?>
<input type="button" name="btnBack" class="button" value="Back" onClick="window.location.href='editaffiliate.php?affiliateid=<?php
echo $aid;
?>
';" >
</td>
</tr>
</table>
</td>
}
if (file_exists($large_image_location)) {
unlink($large_image_location);
}
}
}
}
$message .= $avatarError;
//Avatar End
if (!isset($catid) || $catid == "") {
//at the top level
$parentcatid = "0";
} else {
$parentcatid = $catid;
}
if (!isNotNull($txtCategoryName)) {
$message .= "* Category Name is required! <br>";
} else {
if (categoryExists($txtCategoryName, $catid)) {
$message .= "Category Exists!";
}
}
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
// no error so insert category details
if ($parentcatid == "0") {
//top level category
$sqlinsertcat = "INSERT INTO " . $tableprefix . "categories(category_name,parent_id,route,avatar)\n\t\t\t\t\t\t\t \t\t\t\t\t VALUES ('" . addslashes($txtCategoryName) . "', '" . addslashes($parentcatid) . "','0','" . addslashes($catfilename) . "') ";
$resultinsertcat = mysql_query($sqlinsertcat);
$message = "";
if (!isNotNull($txtOldPassword)) {
$message .= "* Old password is required! <br>";
} else {
$sql = "SELECT password FROM " . $tableprefix . "users WHERE user_id = '" . addslashes($userid) . "' ";
$res = mysql_query($sql);
if (mysql_num_rows($res) != 0) {
$row = mysql_fetch_array($res);
$oldpassmd5 = $row["password"];
if (md5($txtOldPassword) != $oldpassmd5) {
$message .= "* Old password mismatch! <br>";
} else {
if (!isNotNull($txtPassword)) {
$message .= "* New password cannot be empty! <br>";
}
if (!isNotNull($txtConfirmPassword)) {
$message .= "* Confirm Password cannot be empty! <br>";
}
if (strcmp($txtPassword, $txtConfirmPassword) != 0) {
$message .= "* New passwords does not match! <br>";
}
}
}
}
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
// no error so insert user details
$sql = "UPDATE " . $tableprefix . "users SET\n\t\t\tpassword = '******'\n\t\t\tWHERE user_id = '" . addslashes($userid) . "'\n\t\t\t";
mysql_query($sql);
?>
</td></tr>
</table>
<div class="clear"></div>
</div>
</td>
</tr>
<tr><td colspan="3"> </td></tr>
<tr>
<td colspan="3">
<h2 class="subheading_new">Order Part Details</h2>
<table cellpadding="2" cellspacing="2" width="100%" class="cart_listingtbl">
<?php
if (isNotNull($artists)) {
echo "<div class='comic_sans_font'>This order contains " . count($artists) . " sub order(s)</legend>";
for ($i = 0; $i < count($artists); $i++) {
?>
<tr>
<td colspan='3'>
Order Part # <?php
echo $i + 1;
?>
<table width='100%' border='0' cellpadding='0' cellspacing='0' class="cart_listingtbl2" >
<tr class="whitebg">
<td width='100%' colspan='7' align="left" ><b><?php
echo TEXT_VENDOR;
?>
: <font color='RED'><?php
$message .= "* Paypal API Signature Empty<br>";
}
if (!isNotNull($txtPaypalApplicationId)) {
$message .= "* Paypal Application APP Id Empty<br>";
}
}
/* Paypal Pro Payment*/
$proMsg = "";
if ($chkPaypalPro == 'Y') {
if (!isNotNull($txtPaypalProApiUsername)) {
$proMsg .= "* Paypal Pro API Username Empty<br>";
}
if (!isNotNull($txtPaypalProApiPassword)) {
$proMsg .= "* Paypal Pro API Password Empty<br>";
}
if (!isNotNull($txtPaypalProApiSignature)) {
$proMsg .= "* Paypal Pro API Signature Empty<br>";
}
}
/*----------Google Checkout----------------- */
if ($message == "") {
// error
$sql = "UPDATE " . $tableprefix . "settings SET\n paypal_api_username \t\t= '" . mysql_real_escape_string($txtPaypalUsername) . "',\n\t\t\t\t\tpaypal_api_password \t\t= '" . mysql_real_escape_string($txtPaypalPassword) . "',\n\t\t\t\t\tpaypal_api_signature \t\t= '" . mysql_real_escape_string($txtPaypalSignature) . "',\n\t\t\t\t\tpaypal_application_app_id \t= '" . mysql_real_escape_string($txtPaypalApplicationId) . "',\n\t\t\t\t\tenablepaypal = '" . mysql_real_escape_string($chkPaypal) . "',\n\t\t\t\t\tenablepaypalsandbox \t\t= '" . mysql_real_escape_string($chkSandbox) . "',\n\t\t\t\t\tpaypalemail \t\t\t= '" . mysql_real_escape_string($txtPaypalEmail) . "',\n\t\t\t\t\tpaypalidentitytoken \t\t= '" . mysql_real_escape_string($txtPaypalIDTOKEN) . "' ";
mysql_query($sql) or die(mysql_error());
}
//echo $proMsg;exit;
if ($proMsg == "") {
$sql = "UPDATE " . $tableprefix . "settings SET\n paypalpro_username \t\t= '" . mysql_real_escape_string($txtPaypalProApiUsername) . "',\n\t\t\t\t\tpaypalpro_password \t\t= '" . mysql_real_escape_string($txtPaypalProApiPassword) . "',\n\t\t\t\t\tpaypalpro_signature \t\t= '" . mysql_real_escape_string($txtPaypalProApiSignature) . "',\n\t\t\t\t\tenablepaypalpro = '" . mysql_real_escape_string($chkPaypalPro) . "',\n\t\t\t\t\tenablepaypalprosandbox \t\t= '" . mysql_real_escape_string($chkProSandbox) . "'";
mysql_query($sql) or die(mysql_error());
}
if ($message == "" && $proMsg == "") {
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
if (isset($_SESSION["sess_adminname"]) and $_SESSION["sess_adminname"] != "") {
$adminname = $_SESSION["sess_adminname"];
} else {
header("Location:login.php");
exit;
}
$txtSubject = trim($_POST["txtSubject"]);
$txtMailContent = trim(stripslashes($_POST["txtMailContent"]));
if ($_POST["btnSendMail"] == "Send Mail") {
$message = "";
if (!isNotNull($txtSubject)) {
$message .= "* Subject cannot be empty!<br>";
}
if (!isNotNull($txtMailContent)) {
$message .= "* Mail Content cannot be empty!<br>";
}
if ($message == "") {
/*---------Multicart 2.2 Upgradation-----------*/
$message = getNewslettersubscribersList($txtSubject, $txtMailContent);
$txtSubject = "";
$txtMailContent = "";
}
}
if (isset($_GET["msg"]) and $_GET["msg"] != "") {
$msg = $_GET["msg"];
switch ($msg) {
case "deleted":
$message = MSG_USER_DELETED;
break;
<?php
$page = 'forgotpassword';
if (isset($_POST["postback"]) && $_POST["postback"] == "Get Password") {
//echo '<pre>'; print_r($_POST); echo '</pre>'; exit;
$error = false;
$passworderrormessage = "";
if (isNotNull($_POST["txtUserEmail"])) {
$useremail = trim($_POST["txtUserEmail"]);
} else {
//user email null
$error = true;
$passworderrormessage .= MESSAGE_USER_EMAIL_REQUIRED . "<br>";
}
if ($error) {
$passworderrormessage = $passworderrormessage;
} else {
//no error so validate and send the
$sql = "SELECT nUserId , vUserName , vEmail , vLogin , vPassword FROM sptbl_users ";
$sql .= " WHERE vEmail = '" . mysql_real_escape_string($useremail) . "' ";
$result = executeSelect($sql, $conn);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$userid = $row["nUserId"];
$username = $row["vLogin"];
$useremail = $row["vEmail"];
$userfullname = $row["vUserName"];
$code = rand(1, 999999);
$sql = "UPDATE sptbl_users ";
$sql .= " SET vCodeForPass = '******' WHERE nUserId = '" . $userid . "' ";
//echo $sql;
$userinfo['emailAddress'] = addslashes($txtEmail);
$userinfo['firstName'] = addslashes($txtFirstName);
$userinfo['lastName'] = addslashes($txtLastName);
$userinfo['lists'] = Array($constantcontactSettings['constantcontactlistId']);// print_r($userinfo);exit;
$_SESSION['constantparam']['data'] =$userinfo;
$_SESSION['constantparam']['redirecturl'] = SITE_URL . '/index.php';
//header("location:".$constantcontactSettings['verificationURL']);
//exit;
}
}*/
/*---------Multicart 2.0 Upgradation Starts------*/
$message = "Profile updated successfully!";
}
} else {
if ($_POST["btnResetPassword"] == "Reset Password") {
if (!isNotNull($txtNewPassword)) {
$message .= "* New password cannot be empty! <br>";
}
if ($message != "") {
// error
$message = "<br>Please correct the following errors to continue!<br>" . $message;
} else {
// no error so insert user details
$sql = "UPDATE " . $tableprefix . "users SET \n\t\t\tpassword = '******'\n\t\t\tWHERE user_id = '" . addslashes($userid) . "'";
mysql_query($sql);
if ($chkNotify == "on") {
$sql = "SELECT email,first_name,last_name,user_name FROM " . $tableprefix . "users WHERE user_id = '" . addslashes($userid) . "' ";
$result = mysql_query($sql);
if (mysql_num_rows($result) != 0) {
$row = mysql_fetch_array($result);
$email = $row["email"];
