Beispiel #1
0
function stAddCustomerLog($log)
{
    $customerID = regGetIdByLogin($log);
    if ($customerID != null) {
        $ipAddress = stGetCustomerIP_Address();
        db_query(" insert into " . CUSTOMER_LOG_TABLE . "  (customerID, customer_ip, customer_logtime) " . "  values( " . (int) $customerID . ", '" . xEscSQL($ipAddress) . "', '" . xEscSQL(get_current_time()) . "' ) ");
    }
}
Beispiel #2
0
function ordOrderProcessing($shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $customers_comment, $cc_number, $cc_holdername, $cc_expires, $cc_cvv, $log, $smarty_mail, $shServiceID = 0)
{
    $customerID = $log != null ? regGetIdByLogin($log) : NULL;
    if ($log != null) {
        $customerInfo = regGetCustomerInfo2($log);
    } else {
        $customerInfo['first_name'] = $_SESSION['first_name'];
        $customerInfo['last_name'] = $_SESSION['last_name'];
        $customerInfo['Email'] = $_SESSION['email'];
        $customerInfo['affiliationLogin'] = $_SESSION['affiliationLogin'];
    }
    $order_time = get_current_time();
    $frandl = mt_rand(3, 999);
    $order_active_link = md5($order_time) . $frandl;
    $customer_ip = stGetCustomerIP_Address();
    $statusID = CONF_ACTIVE_ORDER == 1 ? 0 : ostGetNewOrderStatus();
    $customer_affiliationLogin = isset($customerInfo['affiliationLogin']) ? $customerInfo['affiliationLogin'] : '';
    $customer_email = $customerInfo['Email'];
    $currencyID = currGetCurrentCurrencyUnitID();
    if ($currencyID != 0) {
        $currentCurrency = currGetCurrencyByID($currencyID);
        $currency_code = $currentCurrency['currency_iso_3'];
        $currency_value = $currentCurrency['currency_value'];
        $currency_round = $currentCurrency['roundval'];
    } else {
        $currency_code = '';
        $currency_value = 1;
        $currency_round = 2;
    }
    // get shipping address
    if ($shippingAddressID != 0) {
        $shippingAddress = regGetAddress($shippingAddressID);
        $shippingAddressCountry = cnGetCountryById($shippingAddress['countryID']);
        $shippingAddress['country_name'] = $shippingAddressCountry['country_name'];
    } else {
        $shippingCountryName = cnGetCountryById($_SESSION['receiver_countryID']);
        $shippingCountryName = $shippingCountryName['country_name'];
        $shippingAddress['first_name'] = $_SESSION['receiver_first_name'];
        $shippingAddress['last_name'] = $_SESSION['receiver_last_name'];
        $shippingAddress['country_name'] = $shippingCountryName;
        $shippingAddress['state'] = $_SESSION['receiver_state'];
        $shippingAddress['city'] = $_SESSION['receiver_city'];
        $shippingAddress['address'] = $_SESSION['receiver_address'];
        $shippingAddress['zoneID'] = $_SESSION['receiver_zoneID'];
    }
    if (is_null($shippingAddress['state']) || trim($shippingAddress['state']) == '') {
        $zone = znGetSingleZoneById($shippingAddress['zoneID']);
        $shippingAddress['state'] = $zone['zone_name'];
    }
    // get billing address
    if ($billingAddressID != 0) {
        $billingAddress = regGetAddress($billingAddressID);
        $billingAddressCountry = cnGetCountryById($billingAddress['countryID']);
        $billingAddress['country_name'] = $billingAddressCountry['country_name'];
    } else {
        $billingCountryName = cnGetCountryById($_SESSION['billing_countryID']);
        $billingCountryName = $billingCountryName['country_name'];
        $billingAddress['first_name'] = $_SESSION['billing_first_name'];
        $billingAddress['last_name'] = $_SESSION['billing_last_name'];
        $billingAddress['country_name'] = $billingCountryName;
        $billingAddress['state'] = $_SESSION['billing_state'];
        $billingAddress['city'] = $_SESSION['billing_city'];
        $billingAddress['address'] = $_SESSION['billing_address'];
        $billingAddress['zoneID'] = $_SESSION['billing_zoneID'];
    }
    if (is_null($billingAddress['state']) || trim($billingAddress['state']) == '') {
        $zone = znGetSingleZoneById($billingAddress['zoneID']);
        $billingAddress['state'] = $zone['zone_name'];
    }
    $cartContent = cartGetCartContent();
    foreach ($cartContent['cart_content'] as $key => $cartItem) {
        if (!empty($cartItem['opt_margin']) && $paymentMethodID == 2) {
            $cost = $cartItem['costUC'];
            $margin = $cost / 100 * CONF_PERCENT_MARGIN;
            $cost += $margin;
            $costShow = show_price($cost * $cartItem['quantity']);
            $cartContent['cart_content'][$key]['costUC'] = $cost;
            $cartContent['cart_content'][$key]['cost'] = $costShow;
        }
    }
    if ($log != null) {
        $addresses = array($shippingAddressID, $billingAddressID);
    } else {
        $addresses = array(array('countryID' => $_SESSION['receiver_countryID'], 'zoneID' => $_SESSION['receiver_zoneID']), array('countryID' => $_SESSION['billing_countryID'], 'zoneID' => $_SESSION['billing_zoneID']));
    }
    $orderDetails = array('first_name' => $shippingAddress['first_name'], 'last_name' => $shippingAddress['last_name'], 'email' => $customerInfo['Email'], 'order_amount' => oaGetOrderAmountExShippingRate($cartContent, $addresses, $log, FALSE));
    $shippingMethod = shGetShippingMethodById($shippingMethodID);
    $shipping_email_comments_text = $shippingMethod['email_comments_text'];
    $shippingName = $shippingMethod['Name'];
    $paymentMethod = payGetPaymentMethodById($paymentMethodID);
    $paymentName = $paymentMethod['Name'];
    $payment_email_comments_text = $paymentMethod['email_comments_text'];
    if (isset($paymentMethod['calculate_tax']) && (int) $paymentMethod['calculate_tax'] == 0) {
        $order_amount = oaGetOrderAmount($cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID);
        $d = oaGetDiscountPercent($cartContent, $log);
        $tax = 0;
        $shipping_costUC = oaGetShippingCostTakingIntoTax($cartContent, $shippingMethodID, $addresses, $orderDetails, FALSE, $shServiceID, TRUE);
        $discount_percent = oaGetDiscountPercent($cartContent, $log);
    } else {
        $order_amount = oaGetOrderAmount($cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID);
        $d = oaGetDiscountPercent($cartContent, $log);
        $tax = oaGetProductTax($cartContent, $d, $addresses);
        $shipping_costUC = oaGetShippingCostTakingIntoTax($cartContent, $shippingMethodID, $addresses, $orderDetails, TRUE, $shServiceID, TRUE);
        $discount_percent = oaGetDiscountPercent($cartContent, $log);
    }
    $shServiceInfo = '';
    if (is_array($shipping_costUC)) {
        list($shipping_costUC) = $shipping_costUC;
        $shServiceInfo = $shipping_costUC['name'];
        $shipping_costUC = $shipping_costUC['rate'];
    }
    $paymentMethod = payGetPaymentMethodById($paymentMethodID);
    if ($paymentMethod) {
        $currentPaymentModule = modGetModuleObj($paymentMethod['module_id'], PAYMENT_MODULE);
    } else {
        $currentPaymentModule = null;
    }
    if ($currentPaymentModule != null) {
        //define order details for payment module
        $order_payment_details = array('customer_email' => $customer_email, 'customer_ip' => $customer_ip, 'order_amount' => $order_amount, 'currency_code' => $currency_code, 'currency_value' => $currency_value, 'shipping_cost' => $shipping_costUC, 'order_tax' => $tax, 'shipping_info' => $shippingAddress, 'billing_info' => $billingAddress);
        $process_payment_result = $currentPaymentModule->payment_process($order_payment_details);
        //gets payment processing result
        if (!($process_payment_result == 1)) {
            //die ($process_payment_result);
            if (isset($_POST)) {
                $_SESSION['order4confirmation_post'] = $_POST;
            }
            xSaveData('PaymentError', $process_payment_result);
            if (!$customerID) {
                RedirectProtected('index.php?order4_confirmation_quick=yes' . '&shippingMethodID=' . $_GET['shippingMethodID'] . '&paymentMethodID=' . $_GET['paymentMethodID'] . '&shServiceID=' . $shServiceID);
            } else {
                RedirectProtected('index.php?order4_confirmation=yes' . '&shippingAddressID=' . $_GET['shippingAddressID'] . '&shippingMethodID=' . $_GET['shippingMethodID'] . '&billingAddressID=' . $_GET['billingAddressID'] . '&paymentMethodID=' . $_GET['paymentMethodID'] . '&shServiceID=' . $shServiceID);
            }
            return false;
        }
    }
    $customerID = (int) $customerID;
    //    debug($cartContent['cart_content']);
    //
    //    exit;
    $sql = 'INSERT INTO ' . ORDERS_TABLE . '
    SET
    customerID =  ' . (int) $customerID . ',
    order_time = "' . xEscSQL($order_time) . '",
    customer_ip = "' . xToText($customer_ip) . '",
    shipping_type = "' . xToText($shippingName) . '",
    payment_type = "' . xToText($paymentName) . '",
    customers_comment = "' . xToText($customers_comment) . '",
    statusID = ' . (int) $statusID . ',
    shipping_cost = "' . (double) $shipping_costUC . '",
    order_discount = "' . (double) $discount_percent . '",
    order_amount= "' . (double) $order_amount . '",
    currency_code = "' . xEscSQL($currency_code) . '",
    currency_value = "' . (double) $currency_value . '",
    customer_firstname = "' . xToText($customerInfo['first_name']) . '",
    customer_lastname = "' . xToText($customerInfo['last_name']) . '",
    customer_email = "' . xToText($customer_email) . '",
    shipping_firstname = "' . xToText($shippingAddress['first_name']) . '",
    shipping_lastname = "' . xToText($shippingAddress['last_name']) . '",
    shipping_country= "' . xToText($shippingAddress['country_name']) . '",
    shipping_state= "' . xToText($shippingAddress['state']) . '",
    shipping_city= "' . xToText($shippingAddress['city']) . '",
    shipping_address= "' . xToText($shippingAddress['address']) . '",
    billing_firstname= "' . xToText($billingAddress['first_name']) . '",
    billing_lastname= "' . xToText($billingAddress['last_name']) . '",
    billing_country= "' . xToText($billingAddress['country_name']) . '",
    billing_state= "' . xToText($billingAddress['state']) . '",
    billing_city= "' . xToText($billingAddress['city']) . '",
    billing_address= "' . xToText($billingAddress['address']) . '",
    cc_number= "' . xEscSQL($cc_number) . '",
    cc_holdername= "' . xToText($cc_holdername) . '",
    cc_expires= "' . xEscSQL($cc_expires) . '",
    cc_cvv= "' . xEscSQL($cc_cvv) . '",
    affiliateID= "' . (isset($_SESSION['refid']) ? $_SESSION['refid'] : regGetIdByLogin($customer_affiliationLogin)) . '",
    shippingServiceInfo= "' . $shServiceInfo . '",
    custlink= "' . xEscSQL($order_active_link) . '",
    currency_round= "' . (int) $currency_round . '",
    paymethod= ' . (int) $paymentMethodID;
    db_query($sql);
    $orderID = db_insert_id(ORDERS_TABLE);
    if (!CONF_ACTIVE_ORDER) {
        stChangeOrderStatus($orderID, $statusID);
    }
    $paymentMethod = payGetPaymentMethodById($paymentMethodID);
    if ($paymentMethod) {
        $currentPaymentModule = modGetModuleObj($paymentMethod['module_id'], PAYMENT_MODULE);
        //                $currentPaymentModule = payGetPaymentModuleById( $paymentMethod['module_id'], $paymentModulesFiles );
    } else {
        $currentPaymentModule = null;
    }
    //save shopping cart content to database and update in-stock information
    if ($log != null) {
        cartMoveContentFromShoppingCartsToOrderedCarts($orderID, $shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $smarty_mail);
    } else {
        _moveSessionCartContentToOrderedCart($orderID, $paymentMethodID);
        //update in-stock information
        if ($statusID != ostGetCanceledStatusId() && CONF_CHECKSTOCK) {
            $q1 = db_query('select itemID, Quantity FROM ' . ORDERED_CARTS_TABLE . ' WHERE orderID=' . (int) $orderID);
            while ($item = db_fetch_row($q1)) {
                $q2 = db_query('select productID FROM ' . SHOPPING_CART_ITEMS_TABLE . ' WHERE itemID=' . (int) $item['itemID']);
                $pr = db_fetch_row($q2);
                if ($pr) {
                    db_query('update ' . PRODUCTS_TABLE . ' set in_stock = in_stock - ' . (int) $item['Quantity'] . ' where productID=' . (int) $pr[0]);
                    $q = db_query('select name, in_stock FROM ' . PRODUCTS_TABLE . ' WHERE productID=' . (int) $pr[0]);
                    $productsta = db_fetch_row($q);
                    if ($productsta[1] == 0) {
                        if (CONF_AUTOOFF_STOCKADMIN) {
                            db_query('update ' . PRODUCTS_TABLE . ' set enabled=0 where productID=' . (int) $pr[0]);
                        }
                        if (CONF_NOTIFY_STOCKADMIN) {
                            $smarty_mail->assign('productstaname', $productsta[0]);
                            $smarty_mail->assign('productstid', $pr[0]);
                            $stockadmin = $smarty_mail->fetch('notify_stockadmin.tpl');
                            $ressta = xMailTxtHTMLDATA(CONF_ORDERS_EMAIL, CUSTOMER_ACTIVATE_99 . ' - ' . CONF_SHOP_NAME, $stockadmin);
                        }
                    }
                }
            }
        }
        //now save registration form aux fields into CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG
        //for quick checkout orders these fields are stored separately than for registered customer (SS_customers)
        db_query('delete from ' . CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG . ' where orderID=' . (int) $orderID);
        foreach ($_SESSION as $key => $val) {
            if (strstr($key, 'additional_field_') && strlen(trim($val)) > 0) {
                $id = (int) str_replace('additional_field_', '', $key);
                if ($id > 0) {
                    db_query('insert into ' . CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG . ' (orderID, reg_field_ID, reg_field_value) values (' . (int) $orderID . ', ' . (int) $id . ', "' . xToText(trim($val)) . '");');
                }
            }
        }
    }
    if ($currentPaymentModule != null) {
        $currentPaymentModule->after_processing_php($orderID);
    }
    _sendOrderNotifycationToAdmin($orderID, $smarty_mail, $tax);
    _sendOrderNotifycationToCustomer($orderID, $smarty_mail, $customerInfo['Email'], $log, $payment_email_comments_text, $shipping_email_comments_text, $tax, $order_active_link);
    if ($log == null) {
        _quickOrderUnsetSession();
    }
    unset($_SESSION['order4confirmation_post']);
    return $orderID;
}
Beispiel #3
0
$user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? strtolower(htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT'])) : '';
$accept_language = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? strtolower(htmlspecialchars((string) $_SERVER['HTTP_ACCEPT_LANGUAGE'])) : '';
$today = date('d.m.Y', time());
$q = db_query("select today from " . COUNTER_TABLE . " WHERE tbid=1");
$n = db_fetch_row($q);
$date = $n[0];
$past = time() - CONF_ONLINE_EXPIRE * 60;
$ctime = time();
if ($today != $date) {
    db_query("UPDATE " . COUNTER_TABLE . " SET todayp=0, todayv=0, today='" . $today . "' WHERE tbid=1");
    db_query("DELETE FROM " . ONLINE_TABLE);
    db_query("DELETE FROM " . SESSION_TABLE . " where expire < UNIX_TIMESTAMP()");
}
$todayp = 0;
$allp = 0;
$ip = stGetCustomerIP_Address();
if ($ip) {
    $uniqhash = md5($ip . $user_agent);
    db_query("replace into " . ONLINE_TABLE . " values ('" . $uniqhash . "', '" . $ctime . "')");
    $matches = mysql_affected_rows();
    if ($matches == 1) {
        $todayp = 1;
        $allp = 1;
    }
    $allieb = 0;
    $allmozb = 0;
    $allopb = 0;
    $allozb = 0;
    $allrusl = 0;
    $allenl = 0;
    $allozl = 0;
Beispiel #4
0
// customer survey processing
if ((isset($_GET["save_voting_results"]) || isset($_GET["view_voting_results"])) && isset($_SESSION)) {
    $result = db_query("select poll_id, poll_title, poll_ans, ans_0, ans_1, ans_2, ans_3, ans_4,\n                ans_5, ans_6, ans_7, ans_8, ans_9, iplog, tdate FROM " . SURVEY_TABLE . " WHERE active=1");
    $data = db_fetch_row($result);
    if ($data["tdate"] != date('Y-m-d', time())) {
        db_query("UPDATE " . SURVEY_TABLE . " SET iplog='', tdate='" . xEscSQL(get_current_time()) . "'  WHERE active=1");
        $data["iplog"] = "";
    }
    $answers_results = unserialize($data["poll_ans"]);
    if ($data["iplog"] != "") {
        $iplogs = unserialize($data["iplog"]);
    } else {
        $iplogs = array();
    }
    $ipaddr = stGetCustomerIP_Address();
    if (!isset($iplogs[$ipaddr])) {
        $iplogs[$ipaddr] = 0;
    }
    //increase voters count for current option
    if ((!isset($_SESSION["vote_completed"][$data[0]]) || $_SESSION["vote_completed"][$data[0]] != 1) && isset($_GET["answer"]) && isset($answers_results[$_GET["answer"]]) && $iplogs[$ipaddr] < 3) {
        $anscol = (int) $_GET["answer"];
        $iplogs[$ipaddr]++;
        $iplogs = serialize($iplogs);
        db_query("UPDATE " . SURVEY_TABLE . " SET ans_" . $anscol . "=ans_" . $anscol . "+1, all_poll=all_poll+1, iplog='" . xEscSQL($iplogs) . "'  WHERE active=1");
        $data["ans_" . $anscol]++;
        //don't allow user to vote more than 1 time
        $_SESSION["vote_completed"][$data[0]] = 1;
    } else {
        if (!isset($_GET["view_voting_results"])) {
            $smarty->assign("user_voted", 1);
Beispiel #5
0
function sess_write($key, $val)
{
    db_query("replace into " . SESSION_TABLE . " values ('" . mysql_real_escape_string($key) . "', '" . mysql_real_escape_string($val) . "', UNIX_TIMESTAMP() + " . SECURITY_EXPIRE . ", '" . mysql_real_escape_string(stGetCustomerIP_Address()) . "', '" . mysql_real_escape_string($_SERVER["HTTP_REFERER"]) . "', '" . mysql_real_escape_string($_SERVER["HTTP_USER_AGENT"]) . "', '" . mysql_real_escape_string($_SERVER["REQUEST_URI"]) . "')");
}