/** * Install module * Should be redefined * In redefinition before call to parent method should be init SettingsFields * */ function install() { db_query("insert into " . MODULES_TABLE . " ( module_name, ModuleClassName ) " . " values( '" . $this->title . "', '" . get_class($this) . "' ) "); $NewModuleConfigID = db_insert_id(); $this->ModuleConfigID = $NewModuleConfigID; $sql = "\n UPDATE " . MODULES_TABLE . "\n SET module_name='" . $this->title . ($this->SingleInstall ? '' : ' (' . $NewModuleConfigID . ")") . "'\n WHERE module_id=" . $NewModuleConfigID . "\n "; db_query($sql); $this->_initSettingFields(); $this->SettingsFields = xEscapeSQLstring($this->SettingsFields); foreach ($this->Settings as $_SettingName) { $sql = "\n INSERT INTO " . SETTINGS_TABLE . "\n (\n settings_groupID, settings_constant_name,\n settings_value,\n settings_title,\n settings_description,\n settings_html_function,\n sort_order\n )\n VALUES (\n " . settingGetFreeGroupId() . ", '" . $_SettingName . ($this->SingleInstall ? '' : '_' . $NewModuleConfigID) . "',\n '" . (isset($this->SettingsFields[$_SettingName]['settings_value']) ? $this->SettingsFields[$_SettingName]['settings_value'] : '') . "',\n '" . (isset($this->SettingsFields[$_SettingName]['settings_title']) ? $this->SettingsFields[$_SettingName]['settings_title'] : '') . "',\n '" . (isset($this->SettingsFields[$_SettingName]['settings_description']) ? $this->SettingsFields[$_SettingName]['settings_description'] : '') . "',\n '" . (isset($this->SettingsFields[$_SettingName]['settings_html_function']) ? $this->SettingsFields[$_SettingName]['settings_html_function'] : '') . "',\n '" . (isset($this->SettingsFields[$_SettingName]['sort_order']) ? $this->SettingsFields[$_SettingName]['sort_order'] : '') . "'\n )"; db_query($sql); } }
function _deleteRate($_Amount) { $sql = ' DELETE FROM ' . $this->DB_TABLE . ' WHERE module_id=' . (int) $this->ModuleConfigID . ' AND orderAmount="' . xEscapeSQLstring($_Amount) . '" '; db_query($sql); }
function regEmailNotification($smarty_mail, $login, $cust_password, $Email, $first_name, $last_name, $subscribed4news, $additional_field_values, $countryID, $zoneID, $state, $city, $address, $updateOperation) { $user = array(); $smarty_mail->assign("login", $login); $smarty_mail->assign("cust_password", $cust_password); $smarty_mail->assign("first_name", $first_name); $smarty_mail->assign("last_name", $last_name); $smarty_mail->assign("Email", $Email); $additional_field_values = GetRegFieldsValues($login); $smarty_mail->assign("additional_field_values", $additional_field_values); $addresses = regGetAllAddressesByLogin($login); for ($i = 0; $i < count($addresses); $i++) { $addresses[$i]["addressStr"] = regGetAddressStr((int) $addresses[$i]["addressID"]); } $smarty_mail->assign("addresses", $addresses); if (CONF_ENABLE_REGCONFIRMATION) { $sql = 'SELECT ActivationCode FROM ' . CUSTOMERS_TABLE . ' WHERE Login="******" AND cust_password="******"'; @(list($ActivationCode) = db_fetch_row(db_query($sql))); $smarty_mail->assign('ActURL', CONF_FULL_SHOP_URL . (substr(CONF_FULL_SHOP_URL, strlen(CONF_FULL_SHOP_URL) - 1, 1) == '/' ? '' : '/') . 'index.php?act_customer=1&act_code=' . $ActivationCode); $smarty_mail->assign('ActCode', $ActivationCode); } $html = $smarty_mail->fetch("register_successful.tpl"); xMailTxtHTMLDATA($Email, EMAIL_REGISTRATION, $html); }
function xEscapeSQLstring($_Data, $_Params = array(), $_Key = array()) { if (!is_array($_Data)) { return mysql_real_escape_string($_Data); } if (!is_array($_Key)) { $_Key = array($_Key); } foreach ($_Data as $__Key => $__Data) { if (count($_Key) && !is_array($__Data)) { if (in_array($__Key, $_Key)) { $_Data[$__Key] = xEscapeSQLstring($__Data, $_Params, $_Key); } } else { $_Data[$__Key] = xEscapeSQLstring($__Data, $_Params, $_Key); } } return $_Data; }
<?php if (isset($_GET['act_customer']) && CONF_ENABLE_REGCONFIRMATION) { $ActErr = false; if (isset($_GET['act_code'])) { if ($_GET['act_code']) { $sql = 'SELECT customerID, Login, cust_password FROM ' . CUSTOMERS_TABLE . ' WHERE ActivationCode="' . xEscapeSQLstring($_GET['act_code']) . '" AND ActivationCode!="" AND ActivationCode IS NOT NULL'; $Result = db_query($sql); $Customer = db_fetch_row($Result); if (isset($Customer['Login']) && $Customer['Login']) { regActivateCustomer($Customer['customerID']); regAuthenticate($Customer['Login'], cryptPasswordDeCrypt($Customer['cust_password'], null)); if (isset($_GET['order2']) && xDataExists('xREGMAILCONF_URLORDER2')) { Redirect(xPopData('xREGMAILCONF_URLORDER2')); } else { Redirect(set_query('&act_code=&act_ok=1')); } } else { $smarty->hassign('ActCode', $_GET['act_code']); $ActErr = true; } } else { $ActErr = true; } } if (isset($_GET['act_ok'])) { $smarty->assign('ActOk', 1); } if (isset($_GET['notact'])) {
/** * @param int $orderID * @param array $shipping_info - ('countryID','zoneID', 'zip') * @param array $billing_info - ('countryID','zoneID', 'zip') */ function saveToOrderedCarts($orderID, $shipping_info, $billing_info, $calculate_tax = true) { $sql = "DELETE FROM ?#ORDERED_CARTS_TABLE WHERE orderID=?"; db_phquery($sql, $orderID); $r_aItem = $this->Items->getChildNodes('item'); $tc = count($r_aItem); for ($i = 0; $i < $tc; $i++) { $aItem =& $r_aItem[$i]; /* @var $aItem xmlNodeX */ $aProduct =& $aItem->getFirstChildByName('product'); $productID = $aProduct->attribute('id'); db_phquery('INSERT ?#SHOPPING_CART_ITEMS_TABLE (productID) VALUES(?)', $productID); $aItem->attribute('id', db_insert_id(SHOPPING_CART_ITEMS_TABLE)); //if(strpos($aItem->attribute('id'), '_') !== false){ // db_phquery('INSERT ?#SHOPPING_CART_ITEMS_TABLE (productID) VALUES(?)',$productID); // $aItem->attribute('id', db_insert_id(SHOPPING_CART_ITEMS_TABLE)); $aVariants =& $aItem->getFirstChildByName('variants'); $r_aVariant = $aVariants->getChildrenByName('variant'); foreach ($r_aVariant as $aVariant) { /* @var $aVariant xmlNodeX */ db_phquery('INSERT ?#SHOPPING_CART_ITEMS_CONTENT_TABLE (itemID, variantID) VALUES(?,?)', $aItem->attribute('id'), $aVariant->attribute('id')); } //} $dbq = ' SELECT ' . LanguagesManager::sql_prepareField('name') . ' AS name, product_code, categoryID FROM ?#PRODUCTS_TABLE WHERE productID=? '; $q_product = db_phquery($dbq, $productID); $product = db_fetch_row($q_product); $productComplexName = ''; $aVariants =& $aItem->getFirstChildByName('variants'); $r_aVariant = $aVariants->getChildrenByName('variant'); $variants = array(); foreach ($r_aVariant as $aVariant) { /* @var $aVariant xmlNodeX */ $variants[] = $aVariant->attribute('id'); } $options = GetStrOptions($variants); if ($options != "") { $productComplexName = $product["name"] . " (" . $options . ")"; } else { $productComplexName = $product["name"]; } if ($product["product_code"]) { $productComplexName = "[" . $product["product_code"] . "] " . $productComplexName; } $price = GetPriceProductWithOption($variants, $productID); if ($aItem->getChildData('sample')) { $productComplexName .= " [SAMPLE]"; $q_sample_price = db_phquery('SELECT sample_price FROM SC_categories WHERE categoryID=(SELECT categoryID FROM SC_products WHERE productID=?)', $productID); $sample_price = db_fetch_assoc($q_sample_price); $price = $sample_price["sample_price"]; $quantity = 1; } else { $quantity = $aItem->getChildData('quantity'); } $tax = $calculate_tax ? taxCalculateTax2($productID, $shipping_info, $billing_info) : 0; $dbq = ' INSERT ?#ORDERED_CARTS_TABLE (itemID, orderID, name, Price, Quantity, tax ) VALUES (?, ?, ?, ?, ?, ?) '; db_phquery($dbq, $aItem->attribute('id'), $orderID, $productComplexName, $price, $quantity, $tax); $q = db_phquery('SELECT statusID FROM ?#ORDERS_TABLE WHERE orderID=?', $orderID); $order = db_fetch_row($q); if ($order["statusID"] != ostGetCanceledStatusId() && CONF_CHECKSTOCK) { $dbq = ' UPDATE ?#PRODUCTS_TABLE SET in_stock=in_stock-' . xEscapeSQLstring($quantity) . ' WHERE productID=? '; db_phquery($dbq, $productID); } } }