$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax);
         if (ACCOUNT_GENDER == 'true') {
             $sql_data_array['customers_gender'] = $gender;
         }
         if (ACCOUNT_DOB == 'true') {
             $sql_data_array['customers_dob'] = xos_date_raw($dob);
         }
         xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
         xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'");
         xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
         xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
         $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname);
         if (ACCOUNT_GENDER == 'true') {
             $sql_data_array['entry_gender'] = $gender;
         }
         xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'");
         // reset the session variables
         if (ACCOUNT_GENDER == 'true') {
             $_SESSION['customer_gender'] = $gender;
         }
         $_SESSION['customer_first_name'] = $firstname;
         $_SESSION['customer_lastname'] = $lastname;
         $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success');
         xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
     }
 }
 $account_query = xos_db_query("select customers_gender, customers_c_id, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_language_id, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
 $account = xos_db_fetch_array($account_query);
 $site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
 $site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'));
 require DIR_WS_INCLUDES . 'html_header.php';
                 while (list($key, $val) = each($_POST['shipping_allowed'])) {
                     if ($val == true) {
                         $group_shipment_allowed .= xos_db_prepare_input($val) . ';';
                     }
                 }
                 // end while
                 $group_shipment_allowed = substr($group_shipment_allowed, 0, strlen($group_shipment_allowed) - 1);
             }
             // end if ($_POST['shipment_allowed'])
             $new_cg_id = LAST_CUSTOMERS_GROUPS_ID + 1;
             xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . (int) $new_cg_id . "', last_modified = now() where configuration_key = 'LAST_CUSTOMERS_GROUPS_ID'");
             xos_db_query("insert into " . TABLE_CUSTOMERS_GROUPS . " set customers_group_id = '" . $new_cg_id . "', customers_group_name = '" . $customers_group_name . "', customers_group_discount='" . $customers_group_discount . "', customers_group_show_tax = '" . $customers_group_show_tax . "', customers_group_tax_exempt = '" . $customers_group_tax_exempt . "', group_payment_allowed = '" . $group_payment_allowed . "', group_shipment_allowed = '" . $group_shipment_allowed . "'");
             $special_prices_query = xos_db_query("select products_id, specials_new_products_price, expires_date, status, error from " . TABLE_SPECIALS . " where customers_group_id = '0'");
             while ($special_prices = xos_db_fetch_array($special_prices_query)) {
                 $special_expires_date = $special_prices['expires_date'] == null ? 'null' : xos_db_input($special_prices['expires_date']);
                 xos_db_perform(TABLE_SPECIALS, array('products_id' => xos_db_input($special_prices['products_id']), 'customers_group_id' => $new_cg_id, 'specials_new_products_price' => xos_db_input($special_prices['specials_new_products_price']), 'expires_date' => $special_expires_date, 'status' => xos_db_input($special_prices['status']), 'error' => xos_db_input($special_prices['error'])));
             }
             $smarty_cache_control->clearAllCache();
             xos_redirect(xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action'))));
             break;
     }
 }
 $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
 if ($action == 'edit' || $action == 'new') {
     $javascript .= '<script type="text/javascript">' . "\n\n" . '/* <![CDATA[ */' . "\n" . 'function check_form() {' . "\n" . '  var error = 0;' . "\n\n" . '  var customers_group_name = document.customers.customers_group_name.value;' . "\n\n" . '  if (customers_group_name == "") {' . "\n" . '    error_message = "' . ERROR_CUSTOMERS_GROUP_NAME . '";' . "\n" . '    error = 1;' . "\n" . '  }' . "\n\n" . '  if (error == 1) {' . "\n" . '    alert(error_message);' . "\n" . '    return false;' . "\n" . '  } else {' . "\n" . '    return true;' . "\n" . '  }' . "\n" . '}' . "\n\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
 }
 require DIR_WS_INCLUDES . 'html_header.php';
 require DIR_WS_INCLUDES . 'header.php';
 require DIR_WS_INCLUDES . 'column_left.php';
 require DIR_WS_INCLUDES . 'footer.php';
 if ($action == 'edit') {
             @unlink(DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $_POST['current_manufacturer_image']);
         }
         xos_db_query("update " . TABLE_MANUFACTURERS . " set manufacturers_image = '' where manufacturers_id = '" . (int) $manufacturers_id . "'");
     }
     $languages = xos_get_languages();
     for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
         $manufacturers_name_array = $_POST['manufacturers_name'];
         $manufacturers_url_array = $_POST['manufacturers_url'];
         $language_id = $languages[$i]['id'];
         $sql_data_array = array('manufacturers_name' => xos_db_prepare_input($manufacturers_name_array[$language_id]), 'manufacturers_url' => xos_db_prepare_input($manufacturers_url_array[$language_id]));
         if ($action == 'insert') {
             $insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id);
             $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
             xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array);
         } elseif ($action == 'save') {
             xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'");
         }
     }
     $smarty_cache_control->clearAllCache();
     xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'mID=' . $manufacturers_id));
     break;
 case 'deleteconfirm':
     $manufacturers_id = xos_db_prepare_input($_GET['mID']);
     if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') {
         $manufacturer_query = xos_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
         $manufacturer = xos_db_fetch_array($manufacturer_query);
         $duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($manufacturer['manufacturers_image']) . "'");
         $duplicate_image = xos_db_fetch_array($duplicate_image_query);
         if ($duplicate_image['total'] < 2) {
             $image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image'];
             @unlink($image_location);
             if ($special_price > 0) {
                 xos_db_perform(TABLE_SPECIALS, array('products_id' => (int) $products_id, 'customers_group_id' => $customers_group['customers_group_id'], 'specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'));
             }
         }
     }
     if (isset($_POST['attributes_price_array'])) {
         $attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array']));
         foreach ($attributes_price_array as $key => $value) {
             if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) {
                 $_POST['price_prefix_' . $key] = $_POST['price_prefix_' . $key] == '-' && $_POST['value_price_' . $key] > 0 ? '-' : '+';
                 xos_db_query("update " . TABLE_PRODUCTS_ATTRIBUTES . " set options_values_price = '" . (double) $_POST['value_price_' . $key] . "', price_prefix = '" . xos_db_input($_POST['price_prefix_' . $key]) . "' where products_attributes_id = '" . (int) $key . "'");
             }
         }
     }
     $sql_data_array = array('products_price' => serialize($prices_array));
     xos_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'");
     $smarty_cache_control->clearAllCache();
     if ($specials_error) {
         $messageStack->add_session('price_error', ERROR_NOT_ALL_NECESSARY_PRICES, 'error');
         xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'product_ID=' . $products_id . '&categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '') . '&errGr=' . substr($spec_err_gr, 0, -1)));
     }
     xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '')));
 }
 $max_display_update_prices_results_array = array();
 $set = false;
 for ($i = 50; $i <= 500; $i = $i + 50) {
     if (MAX_DISPLAY_RESULTS <= $i && $set == false) {
         $max_display_update_prices_results_array[] = array('id' => MAX_DISPLAY_RESULTS, 'text' => MAX_DISPLAY_RESULTS);
         $set = true;
     }
     if (MAX_DISPLAY_RESULTS != $i) {
Beispiel #5
0
         $messageStack->add('header', ERROR_NEWSLETTER_MODULE, 'error');
         $newsletter_error = true;
     }
     if ($newsletter_error == false) {
         $sql_data_array = array('title' => $title, 'language_id' => $language_id, 'content_text_plain' => $content_text_plain, 'module' => $newsletter_module);
         if (isset($content_text_htlm)) {
             $sql_data_array['content_text_htlm'] = $content_text_htlm;
         }
         if ($action == 'insert') {
             $sql_data_array['date_added'] = 'now()';
             $sql_data_array['status'] = '0';
             $sql_data_array['locked'] = '0';
             xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array);
             $newsletter_id = xos_db_insert_id();
         } elseif ($action == 'update') {
             xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array, 'update', "newsletters_id = '" . (int) $newsletter_id . "'");
         }
         xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'nID=' . $newsletter_id));
     } else {
         $action = 'new';
     }
     break;
 case 'deleteconfirm':
     $newsletter_id = xos_db_prepare_input($_GET['nID']);
     xos_db_query("delete from " . TABLE_NEWSLETTERS . " where newsletters_id = '" . (int) $newsletter_id . "'");
     xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page']));
     break;
 case 'send':
 case 'confirm_send':
     if (SEND_EMAILS != 'true') {
         xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page'] . '&nID=' . $_GET['nID']));
Beispiel #6
0
             $sql_data_array['date_added'] = 'now()';
             xos_db_perform(TABLE_CONTENTS, $sql_data_array);
             $content_id = xos_db_insert_id();
         } elseif ($action == 'update') {
             xos_set_content_status($content_id, $status, $type);
             $sql_data_array['last_modified'] = 'now()';
             xos_db_perform(TABLE_CONTENTS, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "'");
         }
         for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
             $sql_data_array = array('name' => xos_db_prepare_input(htmlspecialchars_decode($_POST['name'][$languages[$i]['id']])), 'heading_title' => xos_db_prepare_input(htmlspecialchars($_POST['heading_title'][$languages[$i]['id']])), 'content' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace('&#160;', '', strip_tags(xos_db_prepare_input($_POST['content'][$languages[$i]['id']]), '<img>'))) != '' ? xos_db_prepare_input($_POST['content'][$languages[$i]['id']]) : ''), 'php_source' => xos_db_prepare_input($_POST['php_source'][$languages[$i]['id']]));
             if ($action == 'insert') {
                 $sql_data_array['content_id'] = $content_id;
                 $sql_data_array['language_id'] = $languages[$i]['id'];
                 xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array);
             } elseif ($action == 'update') {
                 xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "' and language_id = '" . (int) $languages[$i]['id'] . "'");
             }
         }
         $smarty_cache_control->clearCache(null, 'L2|box_information');
         $smarty_cache_control->clearCache(null, 'L3|cc_index_default');
         xos_redirect(xos_href_link(FILENAME_INFO_PAGES, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'cID=' . $content_id));
     } else {
         $reload = true;
         $action = 'new';
     }
     break;
 case 'deleteconfirm':
     $content_id = xos_db_prepare_input($_GET['cID']);
     xos_db_query("delete from " . TABLE_CONTENTS . " where content_id = '" . (int) $content_id . "'");
     xos_db_query("delete from " . TABLE_CONTENTS_DATA . " where content_id = '" . (int) $content_id . "'");
     $smarty_cache_control->clearCache(null, 'L2|box_information');
         if (ACCOUNT_COMPANY == 'true') {
             $sql_data_array['entry_company'] = $company;
         }
         if (ACCOUNT_SUBURB == 'true') {
             $sql_data_array['entry_suburb'] = $suburb;
         }
         if (ACCOUNT_STATE == 'true') {
             if ($zone_id > 0) {
                 $sql_data_array['entry_zone_id'] = $zone_id;
                 $sql_data_array['entry_state'] = '';
             } else {
                 $sql_data_array['entry_zone_id'] = '0';
                 $sql_data_array['entry_state'] = $state;
             }
         }
         xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
         $_SESSION['billto'] = xos_db_insert_id();
         if (isset($_SESSION['payment'])) {
             unset($_SESSION['payment']);
         }
         xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
     }
     // process the selected billing destination
 } elseif (isset($_POST['address'])) {
     $reset_payment = false;
     if (isset($_SESSION['billto'])) {
         if ($_SESSION['billto'] != $_POST['address']) {
             if (isset($_SESSION['payment'])) {
                 $reset_payment = true;
             }
         }
                 $stored_email[] = $check_email['admin_email_address'];
             }
             if (xos_validate_email($admin_email_address) == false) {
                 xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_not_valid'));
             } elseif (in_array($admin_email_address, $stored_email)) {
                 xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_used'));
             } else {
                 $my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . "");
                 $my_old_account = xos_db_fetch_array($my_old_account_query);
                 $sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()');
                 $admin_password = xos_db_prepare_input($_POST['admin_password']);
                 if (xos_not_null($admin_password)) {
                     $insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password));
                     $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
                 }
                 xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
                 if (SEND_EMAILS == 'true') {
                     $email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
                     if (!$email_to_admin->send()) {
                         $messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error');
                     }
                 }
                 xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT));
             }
             break;
     }
 }
 $my_account_query = xos_db_query("select a.admin_id, a.admin_firstname, a.admin_lastname, a.admin_email_address, a.admin_created, a.admin_modified, a.admin_logdate, a.admin_lognum, g.admin_groups_name from " . TABLE_ADMIN . " a, " . TABLE_ADMIN_GROUPS . " g where a.admin_id= " . $_SESSION['login_id'] . " and g.admin_groups_id= " . $_SESSION['login_groups_id'] . "");
 $myAccount = xos_db_fetch_array($my_account_query);
 $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
 require 'includes/account_check.js.php';
Beispiel #9
0
     $decimal_point_array = $_POST['decimal_point'];
     $thousands_point_array = $_POST['thousands_point'];
     $code = xos_db_prepare_input($_POST['code']);
     $decimal_places = xos_db_prepare_input($_POST['decimal_places']);
     $value = xos_db_prepare_input($_POST['value']);
     $languages = xos_get_languages();
     for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
         $language_id = $languages[$i]['id'];
         $sql_data_array = array('title' => xos_db_prepare_input(htmlspecialchars($title_array[$language_id])), 'code' => $code, 'symbol_left' => xos_db_prepare_input(htmlspecialchars($symbol_left_array[$language_id])), 'symbol_right' => xos_db_prepare_input(htmlspecialchars($symbol_right_array[$language_id])), 'decimal_point' => xos_db_prepare_input($decimal_point_array[$language_id]), 'thousands_point' => xos_db_prepare_input($thousands_point_array[$language_id]), 'decimal_places' => $decimal_places, 'value' => $value, 'last_updated' => 'now()');
         if ($action == 'insert') {
             $insert_sql_data = array('currencies_id' => (int) $currency_id, 'language_id' => (int) $language_id);
             $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
             xos_db_perform(TABLE_CURRENCIES, $sql_data_array);
             $currency_id = xos_db_insert_id();
         } elseif ($action == 'save') {
             xos_db_perform(TABLE_CURRENCIES, $sql_data_array, 'update', "currencies_id = '" . (int) $currency_id . "' and language_id = '" . (int) $language_id . "'");
         }
     }
     if (isset($_POST['default']) && $_POST['default'] == 'on') {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($code) . "' where configuration_key = 'DEFAULT_CURRENCY'");
     }
     $smarty_cache_control->clearAllCache();
     xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id));
     break;
 case 'deleteconfirm':
     $currencies_id = xos_db_prepare_input($_GET['cID']);
     $currency_query = xos_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . DEFAULT_CURRENCY . "'");
     $currency = xos_db_fetch_array($currency_query);
     if ($currency['currencies_id'] == $currencies_id) {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_CURRENCY'");
     }
     $orders_status_name_array = $_POST['orders_status_name'];
     $languages = xos_get_languages();
     for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
         $language_id = $languages[$i]['id'];
         $sql_data_array = array('orders_status_name' => xos_db_prepare_input(htmlspecialchars($orders_status_name_array[$language_id])), 'public_flag' => isset($_POST['public_flag']) && $_POST['public_flag'] == '1' ? '1' : '0', 'downloads_flag' => isset($_POST['downloads_flag']) && $_POST['downloads_flag'] == '1' ? '1' : '0');
         if ($action == 'insert') {
             if (empty($orders_status_id)) {
                 $next_id_query = xos_db_query("select max(orders_status_id) as orders_status_id from " . TABLE_ORDERS_STATUS . "");
                 $next_id = xos_db_fetch_array($next_id_query);
                 $orders_status_id = $next_id['orders_status_id'] + 1;
             }
             $insert_sql_data = array('orders_status_id' => $orders_status_id, 'language_id' => $language_id);
             $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
             xos_db_perform(TABLE_ORDERS_STATUS, $sql_data_array);
         } elseif ($action == 'save') {
             xos_db_perform(TABLE_ORDERS_STATUS, $sql_data_array, 'update', "orders_status_id = '" . (int) $orders_status_id . "' and language_id = '" . (int) $language_id . "'");
         }
     }
     if (isset($_POST['default']) && $_POST['default'] == 'on') {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($orders_status_id) . "' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
     }
     xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page'] . '&oID=' . $orders_status_id));
     break;
 case 'deleteconfirm':
     $oID = xos_db_prepare_input($_GET['oID']);
     $orders_status_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
     $orders_status = xos_db_fetch_array($orders_status_query);
     if ($orders_status['configuration_value'] == $oID) {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
     }
     xos_db_query("delete from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . xos_db_input($oID) . "'");
Beispiel #11
0
             if ($oldaction == 'voucheredit') {
                 xos_db_perform(TABLE_COUPONS, $sql_data_array, 'update', "coupon_id='" . (int) $coupon_id . "'");
                 for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
                     $language_id = $languages[$i]['id'];
                     xos_db_query("update " . TABLE_COUPONS_DESCRIPTION . " set coupon_name = '" . xos_db_prepare_input($_POST['coupon_name'][$language_id]) . "', coupon_description = '" . xos_db_prepare_input($_POST['coupon_desc'][$language_id]) . "' where coupon_id = '" . (int) $coupon_id . "' and language_id = '" . $language_id . "'");
                     //            xos_db_perform(TABLE_COUPONS_DESCRIPTION, $sql_data_marray[$i], 'update', "coupon_id='" . $_GET['cid']."'");
                 }
             } else {
                 xos_db_perform(TABLE_COUPONS, $sql_data_array);
                 // to fix bug to prevent errors when adding a new voucher. This will also fix when there is no name or description in final voucher
                 $insert_id = xos_db_insert_id();
                 for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
                     $language_id = $languages[$i]['id'];
                     $sql_data_marray[$i]['coupon_id'] = $insert_id;
                     $sql_data_marray[$i]['language_id'] = $language_id;
                     xos_db_perform(TABLE_COUPONS_DESCRIPTION, $sql_data_marray[$i]);
                 }
                 //        }
             }
         }
 }
 $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
 if ($action == 'new') {
     $javascript .= '<script type="text/javascript" src="' . DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/' . $_SESSION['language'] . '/jquery.ui.datepicker-language.min.js"></script>' . "\n" . '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n\n" . '$(function() {' . "\n" . '  $( "#coupon_startdate" ).datepicker({' . "\n" . '    changeMonth: true,' . "\n" . '    changeYear: true' . "\n" . '  });' . "\n\n" . '  $( "#coupon_finishdate" ).datepicker({' . "\n" . '    changeMonth: true,' . "\n" . '    changeYear: true' . "\n" . '  });' . "\n\n" . '});' . "\n\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
 }
 $javascript .= '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function popupImageWindow(url) {' . "\n" . '  window.open(url,"popupImageWindow","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes,copyhistory=no,width=100,height=100,screenX=150,screenY=150,top=150,left=150").focus();' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
 require DIR_WS_INCLUDES . 'html_header.php';
 require DIR_WS_INCLUDES . 'header.php';
 require DIR_WS_INCLUDES . 'column_left.php';
 require DIR_WS_INCLUDES . 'footer.php';
 switch ($action) {
Beispiel #12
0
                 }
             }
         }
         $categories_or_pages_name_array = $_POST['categories_or_pages_name'];
         $categories_or_pages_heading_title_array = $_POST['categories_or_pages_heading_title'];
         $categories_or_pages_content_array = $_POST['categories_or_pages_content'];
         $categories_or_pages_php_source_array = $_POST['categories_or_pages_php_source'];
         for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
             $language_id = $languages[$i]['id'];
             $sql_data_array = array('categories_or_pages_name' => xos_db_prepare_input(htmlspecialchars_decode($categories_or_pages_name_array[$language_id])), 'categories_or_pages_heading_title' => xos_db_prepare_input(htmlspecialchars($categories_or_pages_heading_title_array[$language_id])), 'categories_or_pages_content' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace('&#160;', '', strip_tags(xos_db_prepare_input($categories_or_pages_content_array[$language_id]), '<img>'))) != '' ? xos_db_prepare_input($categories_or_pages_content_array[$language_id]) : ''), 'categories_or_pages_php_source' => xos_db_prepare_input($categories_or_pages_php_source_array[$language_id]));
             if ($action == 'insert_page') {
                 $insert_sql_data = array('categories_or_pages_id' => $categories_or_pages_id, 'language_id' => $language_id);
                 $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
                 xos_db_perform(TABLE_CATEGORIES_OR_PAGES_DATA, $sql_data_array);
             } elseif ($action == 'update_page') {
                 xos_db_perform(TABLE_CATEGORIES_OR_PAGES_DATA, $sql_data_array, 'update', "categories_or_pages_id = '" . (int) $categories_or_pages_id . "' and language_id = '" . (int) $language_id . "'");
             }
         }
         $smarty_cache_control->clearAllCache();
         xos_redirect(xos_href_link(FILENAME_PAGES, 'cPath=' . $cPath . '&cpID=' . $categories_or_pages_id));
     } else {
         $reload = true;
         $action = 'new_page';
     }
     break;
 case 'delete_page_confirm':
     if (isset($_POST['categories_or_pages_id'])) {
         $categories_or_pages_id = xos_db_prepare_input($_POST['categories_or_pages_id']);
         $pages = xos_get_page_tree($categories_or_pages_id, '', '0', '', true);
         for ($i = 0, $n = sizeof($pages); $i < $n; $i++) {
             xos_remove_page($pages[$i]['id']);
                 }
             }
             break;
         case 'group_new':
             $admin_groups_name = ucwords(strtolower(xos_db_prepare_input($_POST['admin_groups_name'])));
             $name_replace = preg_replace("/ /", "%", $admin_groups_name);
             if ($admin_groups_name == '' || NULL || strlen($admin_groups_name) <= 5) {
                 xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET[gID] . '&gName=false&action=new_group'));
             } else {
                 $check_groups_name_query = xos_db_query("select admin_groups_name as group_name_new from " . TABLE_ADMIN_GROUPS . " where admin_groups_name like '%" . $name_replace . "%'");
                 $check_duplicate = xos_db_num_rows($check_groups_name_query);
                 if ($check_duplicate > 0) {
                     xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET['gID'] . '&gName=used&action=new_group'));
                 } else {
                     $sql_data_array = array('admin_groups_name' => $admin_groups_name);
                     xos_db_perform(TABLE_ADMIN_GROUPS, $sql_data_array);
                     $admin_groups_id = xos_db_insert_id();
                     $set_groups_id = xos_db_prepare_input($_POST['set_groups_id']);
                     $add_group_id = $set_groups_id . ',\'' . $admin_groups_id . '\'';
                     xos_db_query("alter table " . TABLE_ADMIN_FILES . " change admin_groups_id admin_groups_id set( " . $add_group_id . ") NOT NULL DEFAULT '1' ");
                     xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $admin_groups_id));
                 }
             }
             break;
     }
 }
 $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
 require 'includes/account_check.js.php';
 require DIR_WS_INCLUDES . 'html_header.php';
 require DIR_WS_INCLUDES . 'header.php';
 require DIR_WS_INCLUDES . 'column_left.php';
         $duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_BANNERS_CONTENT . " where banners_image = '" . xos_db_input($current_banners_image[$languages[$i]['id']]) . "'");
         $duplicate_image = xos_db_fetch_array($duplicate_image_query);
         if ($duplicate_image['total'] < 2) {
             @unlink(DIR_FS_CATALOG_IMAGES . 'banners/' . $current_banners_image[$languages[$i]['id']]);
         }
         $current_banners_image[$languages[$i]['id']] = '';
     }
     $db_image = xos_not_null($banners_image->filename) ? $banners_image->filename : $current_banners_image[$languages[$i]['id']];
     $sql_data_array = array('banners_title' => $banners_title[$languages[$i]['id']], 'banners_url' => $banners_url[$languages[$i]['id']], 'banners_image' => $db_image, 'banners_html_text' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace('&#160;', '', strip_tags($banners_html_text[$languages[$i]['id']], '<img>'))) != '' ? $banners_html_text[$languages[$i]['id']] : ''), 'banners_php_source' => $banners_php_source[$languages[$i]['id']]);
     unset($banners_image->filename);
     if ($action == 'insert') {
         $sql_data_array['banners_id'] = $banners_id;
         $sql_data_array['language_id'] = $languages[$i]['id'];
         xos_db_perform(TABLE_BANNERS_CONTENT, $sql_data_array);
     } elseif ($action == 'update') {
         xos_db_perform(TABLE_BANNERS_CONTENT, $sql_data_array, 'update', "banners_id = '" . (int) $banners_id . "' and language_id = '" . (int) $languages[$i]['id'] . "'");
     }
 }
 if (date('Ymd') < $expires_date) {
     xos_db_query("update " . TABLE_BANNERS . " set expires_date = '" . xos_db_input($expires_date) . "', expires_impressions = NULL where banners_id = '" . (int) $banners_id . "'");
 } else {
     $expires_impressions < 1 ? $db_input_expires_impressions = 'expires_impressions = NULL,' : ($db_input_expires_impressions = 'expires_impressions = ' . (int) $expires_impressions . ',');
     xos_db_query("update " . TABLE_BANNERS . " set " . $db_input_expires_impressions . " expires_date = NULL where banners_id = '" . (int) $banners_id . "'");
 }
 if (xos_not_null($date_scheduled) || xos_not_null($current_date_scheduled)) {
     if (date('Ymd') >= $date_scheduled) {
         //              xos_db_query("update " . TABLE_BANNERS . " set date_scheduled = NULL where banners_id = '" . (int)$banners_id . "'");
         xos_db_query("update " . TABLE_BANNERS . " set status = '1', date_scheduled = NULL where banners_id = '" . (int) $banners_id . "'");
     } else {
         xos_db_query("update " . TABLE_BANNERS . " set status = '0', date_scheduled = '" . xos_db_input($date_scheduled) . "' where banners_id = '" . (int) $banners_id . "'");
     }
 if (isset($order->products[$i]['attributes'])) {
     $attributes_exist = '1';
     $order_attributes_array = array();
     for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
         if (DOWNLOAD_ENABLED == 'true') {
             $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename \n                               from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa \n                               left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n                                on pa.products_attributes_id=pad.products_attributes_id\n                               where pa.products_id = '" . $order->products[$i]['id'] . "' \n                                and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' \n                                and pa.options_id = popt.products_options_id \n                                and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' \n                                and pa.options_values_id = poval.products_options_values_id \n                                and popt.language_id = '" . $_SESSION['languages_id'] . "' \n                                and poval.language_id = '" . $_SESSION['languages_id'] . "'";
             $attributes = xos_db_query($attributes_query);
         } else {
             $attributes = xos_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'");
         }
         $attributes_values = xos_db_fetch_array($attributes);
         $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $order->products[$i]['attributes'][$j]['price'], 'options_values_price_text' => $order->products[$i]['attributes'][$j]['price'] != 0 ? $order->products[$i]['attributes'][$j]['price_formated'] : '', 'price_prefix' => $attributes_values['price_prefix']);
         xos_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
         if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && xos_not_null($attributes_values['products_attributes_filename'])) {
             $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']);
             xos_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
         }
         $options_values_price = '';
         if ($attributes_values['options_values_price'] != 0) {
             $attributes_options_values_price = true;
             $options_values_price = $order->products[$i]['attributes'][$j]['price_formated'];
         }
         $order_attributes_array[] = array('option_name' => $attributes_values['products_options_name'], 'option_value_name' => $attributes_values['products_options_values_name'], 'option_price' => $options_values_price, 'option_price_prefix' => $attributes_values['price_prefix']);
     }
 }
 //------insert customer choosen option eof ----
 $tax_rate = xos_display_tax_value($order->products[$i]['tax']);
 $order_products_array[] = array('qty' => $order->products[$i]['qty'], 'model' => $order->products[$i]['model'], 'name' => $order->products[$i]['name'], 'packaging_unit' => $order->products[$i]['packaging_unit'], 'tax_value' => $tax_rate, 'price' => $order->products[$i]['price_formated'], 'final_single_price' => $order->products[$i]['final_price_formated'], 'final_price' => $order->products[$i]['total_price_formated'], 'products_attributes_option_price' => $attributes_options_values_price, 'product_attributes' => $order_attributes_array);
 if (isset($tax_rate)) {
     $tax_rates[$tax_rate] = '1';
 }
Beispiel #16
0
    }
} else {
    if (SEND_EMAILS == 'true' && xos_not_null(MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL)) {
        $email_body = '$_POST:' . "\n\n";
        reset($_POST);
        while (list($key, $value) = each($_POST)) {
            $email_body .= $key . '=' . $value . "\n";
        }
        $email_body .= "\n" . '$_GET:' . "\n\n";
        reset($_GET);
        while (list($key, $value) = each($_GET)) {
            $email_body .= $key . '=' . $value . "\n";
        }
        $debug_email_to_store_owner = new mailer('', MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL, 'PayPal IPN Invalid Process', '', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
        $debug_email_to_store_owner->send();
    }
    if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) {
        $check_query = xos_db_query("select orders_id from " . TABLE_ORDERS . " where orders_id = '" . $_POST['invoice'] . "' and customers_id = '" . (int) $_POST['custom'] . "'");
        if (xos_db_num_rows($check_query) > 0) {
            $comment_status = $_POST['payment_status'];
            if ($_POST['payment_status'] == 'Pending') {
                $comment_status .= '; ' . $_POST['pending_reason'];
            } elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') {
                $comment_status .= '; ' . $_POST['reason_code'];
            }
            xos_db_query("update " . TABLE_ORDERS . " set orders_status = '" . (MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID > 0 ? MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID : DEFAULT_ORDERS_STATUS_ID) . "', last_modified = now() where orders_id = '" . $_POST['invoice'] . "'");
            $sql_data_array = array('orders_id' => $_POST['invoice'], 'orders_status_id' => MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID > 0 ? MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID : DEFAULT_ORDERS_STATUS_ID, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN Invalid [' . $comment_status . ']');
            xos_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
        }
    }
}
                 // reregister session variables
                 if (isset($_POST['primary']) && $_POST['primary'] == 'on') {
                     if (ACCOUNT_GENDER == 'true') {
                         $_SESSION['customer_gender'] = $gender;
                     }
                     $_SESSION['customer_first_name'] = $firstname;
                     $_SESSION['customer_lastname'] = $lastname;
                     $_SESSION['customer_country_id'] = $country;
                     $_SESSION['customer_zone_id'] = $zone_id > 0 ? (int) $zone_id : '0';
                     $_SESSION['customer_default_address_id'] = $new_address_book_id;
                     $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname);
                     if (ACCOUNT_GENDER == 'true') {
                         $sql_data_array['customers_gender'] = $gender;
                     }
                     $sql_data_array['customers_default_address_id'] = $new_address_book_id;
                     xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
                     $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success');
                 }
             }
         }
         if (isset($_POST['primary']) && $_POST['primary'] == 'on') {
             $smarty->clearAllCache();
         }
         xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
     }
 }
 if (isset($_GET['edit']) && is_numeric($_GET['edit'])) {
     $entry_query = xos_db_query("select entry_gender, entry_company, entry_company_tax_id, entry_firstname, entry_lastname, entry_street_address, entry_suburb, entry_postcode, entry_city, entry_state, entry_zone_id, entry_country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_GET['edit'] . "'");
     if (!xos_db_num_rows($entry_query)) {
         $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);
         xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
     $delivery_times_text_array = $_POST['delivery_times_text'];
     $languages = xos_get_languages();
     for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
         $language_id = $languages[$i]['id'];
         $sql_data_array = array('delivery_times_text' => xos_db_prepare_input(htmlspecialchars($delivery_times_text_array[$language_id])), 'popup_content_id' => isset($_POST['popup_content_id']) && (int) $_POST['popup_content_id'] > 0 ? (int) $_POST['popup_content_id'] : 0);
         if ($action == 'insert') {
             if (empty($delivery_times_id)) {
                 $next_id_query = xos_db_query("select max(delivery_times_id) as delivery_times_id from " . TABLE_DELIVERY_TIMES . "");
                 $next_id = xos_db_fetch_array($next_id_query);
                 $delivery_times_id = $next_id['delivery_times_id'] + 1;
             }
             $insert_sql_data = array('delivery_times_id' => $delivery_times_id, 'language_id' => $language_id);
             $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
             xos_db_perform(TABLE_DELIVERY_TIMES, $sql_data_array);
         } elseif ($action == 'save') {
             xos_db_perform(TABLE_DELIVERY_TIMES, $sql_data_array, 'update', "delivery_times_id = '" . (int) $delivery_times_id . "' and language_id = '" . (int) $language_id . "'");
         }
     }
     if (isset($_POST['default']) && $_POST['default'] == 'on') {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($delivery_times_id) . "' where configuration_key = 'DEFAULT_DELIVERY_TIMES_ID'");
     }
     $smarty_cache_control->clearAllCache();
     xos_redirect(xos_href_link(FILENAME_DELIVERY_TIMES, 'page=' . $_GET['page'] . '&dID=' . $delivery_times_id));
     break;
 case 'deleteconfirm':
     $dID = xos_db_prepare_input($_GET['dID']);
     $delivery_time_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_DELIVERY_TIMES_ID'");
     $delivery_time = xos_db_fetch_array($delivery_time_query);
     if ($delivery_time['configuration_value'] == $dID) {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_DELIVERY_TIMES_ID'");
     }