function xos_redirect($url, $change_connection = true) { global $request_type; if (strstr($url, "\n") != false || strstr($url, "\r") != false) { xos_redirect(xos_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); } if (ENABLE_SSL == 'true' && $request_type == 'SSL' && $change_connection == true) { // We are loading an SSL page if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL } } $url = str_replace('&', '&', $url); header_remove(); header('Location: ' . $url); exit; }
xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where languages_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_TAX_RATES_DESCRIPTION . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_CURRENCIES . " where language_id = '" . (int) $lID . "'"); $default_language_id_query = xos_db_query("select languages_id from " . TABLE_LANGUAGES . " where code = '" . DEFAULT_LANGUAGE . "'"); $default_language_id = xos_db_fetch_array($default_language_id_query); xos_db_query("update " . TABLE_CUSTOMERS . " set customers_language_id = '" . (int) $default_language_id['languages_id'] . "' where customers_language_id = '" . (int) $lID . "'"); xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . (int) $default_language_id['languages_id'] . "' where subscriber_language_id = '" . (int) $lID . "'"); if ($_SESSION['languages_id'] == (int) $lID) { unset($_SESSION['language']); } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page'])); break; case 'delete': $lID = xos_db_prepare_input($_GET['lID']); $lng_query = xos_db_query("select code from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'"); $lng = xos_db_fetch_array($lng_query); $remove_language = true; if ($lng['code'] == DEFAULT_LANGUAGE) { $remove_language = false; $messageStack->add('header', ERROR_REMOVE_DEFAULT_LANGUAGE, 'error'); } break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php';
$current_path_array = explode('/', $_SESSION['current_path']); $document_root_array = explode('/', $dir_fs_document_root); $goto_array = array(array('id' => $dir_fs_document_root, 'text' => '/')); for ($i = 0, $n = sizeof($current_path_array); $i < $n; $i++) { if (isset($document_root_array[$i]) && $current_path_array[$i] != $document_root_array[$i] || !isset($document_root_array[$i])) { $goto_array[] = array('id' => implode('/', array_slice($current_path_array, 0, $i + 1)), 'text' => $current_path_array[$i]); } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; if ($action == 'new_file' && $directory_writeable == true || $action == 'edit') { if (isset($_GET['info']) && strstr($_GET['info'], '..')) { xos_redirect(xos_href_link(FILENAME_FILE_MANAGER)); } if (!isset($file_writeable)) { $file_writeable = true; } $file_contents = ''; if ($action == 'new_file') { $filename_input_field = xos_draw_input_field('filename'); } elseif ($action == 'edit') { if ($file_array = file($_SESSION['current_path'] . '/' . $_GET['info'])) { $file_contents = implode('', $file_array); } $filename_input_field = $_GET['info'] . xos_draw_hidden_field('filename', $_GET['info']); } if ($file_writeable == true) { $smarty->assign('file_writeable', true);
<?php if (!isset($_SESSION['customer_id'])) { $_SESSION['navigation']->remove_current_page(); $_SESSION['navigation']->set_snapshot(); xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL')); } class splitPageResultsBootstrap extends splitPageResults { /* class function display_links for Bootstrap pagination */ // display split-page-number-links function display_links($max_page_links, $parameters = '') { global $request_type; $display_links_string = ''; if (xos_not_null($parameters) && substr($parameters, -1) != '&') { $parameters .= '&'; } // previous button if ($this->current_page_number > 1) { $display_links_string .= '<li><a href="' . xos_href_link(basename($_SERVER['PHP_SELF']), $parameters . $this->page_name . '=' . ($this->current_page_number - 1), $request_type) . '" class="page-results" title=" ' . PREVNEXT_TITLE_PREVIOUS_PAGE . ' ">' . PREVNEXT_BUTTON_PREV . '</a></li>'; } elseif ($this->number_of_pages != 1) { $display_links_string .= '<li class="disabled"><span><span aria-hidden="true">' . PREVNEXT_BUTTON_PREV . '</span></span></li>'; } // check if number_of_pages > $max_page_links $cur_window_num = intval($this->current_page_number / $max_page_links); if ($this->current_page_number % $max_page_links) { $cur_window_num++; } $max_window_num = intval($this->number_of_pages / $max_page_links); if ($this->number_of_pages % $max_page_links) {
$error = false; if (isset($_GET['action']) && $_GET['action'] == 'process') { $email_address = xos_db_prepare_input($_POST['email_address']); $password = xos_db_prepare_input($_POST['password']); // Check if email exists $check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_admin_query)) { $error = true; } else { $check_admin = xos_db_fetch_array($check_admin_query); // Check that password is good if (!xos_validate_password($password, $check_admin['login_password'])) { $error = true; } else { $_SESSION['access_allowed'] = true; xos_redirect(xos_href_link(FILENAME_DEFAULT), false); } } } if ($error == true) { unset($_SESSION['access_allowed']); $messageStack->add('offline', TEXT_OFFLINE_ERROR); } $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_OFFLINE, '', 'SSL')); require DIR_WS_INCLUDES . 'html_header.php'; // require(DIR_WS_INCLUDES . 'boxes.php'); // require(DIR_WS_INCLUDES . 'header.php'); // require(DIR_WS_INCLUDES . 'footer.php'); if ($messageStack->size('offline') > 0) { $smarty->assign('message_stack', $messageStack->output('offline')); $smarty->assign('message_stack_error', $messageStack->output('offline', 'error'));
xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname); if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'"); // reset the session variables if (ACCOUNT_GENDER == 'true') { $_SESSION['customer_gender'] = $gender; } $_SESSION['customer_first_name'] = $firstname; $_SESSION['customer_lastname'] = $lastname; $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success'); xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); } } $account_query = xos_db_query("select customers_gender, customers_c_id, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_language_id, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $account = xos_db_fetch_array($account_query); $site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); $site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL')); require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php'; if ($messageStack->size('account_edit') > 0) { $smarty->assign('message_stack', $messageStack->output('account_edit')); $smarty->assign('message_stack_error', $messageStack->output('account_edit', 'error')); $smarty->assign('message_stack_warning', $messageStack->output('account_edit', 'warning')); $smarty->assign('message_stack_success', $messageStack->output('account_edit', 'success'));
$image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image']; @unlink($image_location); } } xos_db_query("delete from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'"); xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $manufacturers_id . "'"); if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') { $products_query = xos_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers_id . "'"); while ($products = xos_db_fetch_array($products_query)) { xos_remove_product($products['products_id']); } } else { xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), manufacturers_id = '' where manufacturers_id = '" . (int) $manufacturers_id . "'"); } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, 'page=' . $_GET['page'])); break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; $manufacturers_query_raw = "select m.manufacturers_id, m.manufacturers_image, m.date_added, m.last_modified, mi.manufacturers_name from " . TABLE_MANUFACTURERS . " m, " . TABLE_MANUFACTURERS_INFO . " mi where m.manufacturers_id = mi.manufacturers_id and mi.languages_id = '" . (int) $_SESSION['used_lng_id'] . "' order by mi.manufacturers_name"; $manufacturers_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $manufacturers_query_raw, $manufacturers_query_numrows); $manufacturers_query = xos_db_query($manufacturers_query_raw); $manufacturers_array = array(); while ($manufacturers = xos_db_fetch_array($manufacturers_query)) { if ((!isset($_GET['mID']) || isset($_GET['mID']) && $_GET['mID'] == $manufacturers['manufacturers_id']) && !isset($mInfo) && substr($action, 0, 3) != 'new') { $manufacturer_products_query = xos_db_query("select count(*) as products_count from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers['manufacturers_id'] . "'");
$reviews_text = xos_db_prepare_input(substr(strip_tags($_POST['reviews_text']), 0, 1000)); xos_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . xos_db_input($reviews_rating) . "', last_modified = now() where reviews_id = '" . (int) $reviews_id . "'"); xos_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . xos_db_input($reviews_text) . "' where reviews_id = '" . (int) $reviews_id . "'"); $smarty_cache_control->clearCache(null, 'L3|cc_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info'); xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id)); break; case 'deleteconfirm': $reviews_id = xos_db_prepare_input($_GET['rID']); xos_db_query("delete from " . TABLE_REVIEWS . " where reviews_id = '" . (int) $reviews_id . "'"); xos_db_query("delete from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . (int) $reviews_id . "'"); $smarty_cache_control->clearCache(null, 'L3|cc_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info'); xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'])); break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; if ($action == 'edit') { $rID = xos_db_prepare_input($_GET['rID']); $reviews_query = xos_db_query("select r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, rd.reviews_text, r.reviews_rating from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd where r.reviews_id = '" . (int) $rID . "' and r.reviews_id = rd.reviews_id"); $reviews = xos_db_fetch_array($reviews_query); $products_query = xos_db_query("select products_image from " . TABLE_PRODUCTS . " where products_id = '" . (int) $reviews['products_id'] . "'"); $products = xos_db_fetch_array($products_query); $products_name_query = xos_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int) $reviews['products_id'] . "' and language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
$rate = $quote_function($currency['code']); if (empty($rate) && xos_not_null(CURRENCY_SERVER_BACKUP)) { $messageStack->add_session('header', sprintf(WARNING_PRIMARY_SERVER_FAILED, CURRENCY_SERVER_PRIMARY, $currency['title'], $currency['code']), 'warning'); $quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency'; $rate = $quote_function($currency['code']); $server_used = CURRENCY_SERVER_BACKUP; } if (xos_not_null($rate)) { xos_db_query("update " . TABLE_CURRENCIES . " set value = '" . $rate . "', last_updated = now() where currencies_id = '" . (int) $currency['currencies_id'] . "'"); $messageStack->add_session('header', sprintf(TEXT_INFO_CURRENCY_UPDATED, $currency['title'], $currency['code'], $server_used), 'success'); } else { $messageStack->add_session('header', sprintf(ERROR_CURRENCY_INVALID, $currency['title'], $currency['code'], $server_used), 'error'); } } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); break; case 'delete': $currencies_id = xos_db_prepare_input($_GET['cID']); $currency_query = xos_db_query("select code from " . TABLE_CURRENCIES . " where currencies_id = '" . (int) $currencies_id . "'"); $currency = xos_db_fetch_array($currency_query); $remove_currency = true; if ($currency['code'] == DEFAULT_CURRENCY) { $remove_currency = false; $messageStack->add('header', ERROR_REMOVE_DEFAULT_CURRENCY, 'error'); } break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php';
$my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . ""); $my_old_account = xos_db_fetch_array($my_old_account_query); $sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()'); $admin_password = xos_db_prepare_input($_POST['admin_password']); if (xos_not_null($admin_password)) { $insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password)); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); } xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\''); if (SEND_EMAILS == 'true') { $email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); if (!$email_to_admin->send()) { $messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error'); } } xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT)); } break; } } $my_account_query = xos_db_query("select a.admin_id, a.admin_firstname, a.admin_lastname, a.admin_email_address, a.admin_created, a.admin_modified, a.admin_logdate, a.admin_lognum, g.admin_groups_name from " . TABLE_ADMIN . " a, " . TABLE_ADMIN_GROUPS . " g where a.admin_id= " . $_SESSION['login_id'] . " and g.admin_groups_id= " . $_SESSION['login_groups_id'] . ""); $myAccount = xos_db_fetch_array($my_account_query); $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require 'includes/account_check.js.php'; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; if ($action == 'edit_process') { $smarty->assign('form_begin_save_account', xos_draw_form('account', FILENAME_ADMIN_ACCOUNT, 'action=save_account', 'post', 'enctype="multipart/form-data"')); } elseif ($action == 'check_account') {
$file = DIR_FS_SMARTY . 'catalog/languages/' . $_GET['lngdir'] . '/modules/shipping/' . $_GET['filename']; } else { $file = DIR_FS_SMARTY . 'catalog/languages/' . $_GET['lngdir'] . '/' . $_GET['filename']; } if (file_exists($file)) { if (file_exists('bak' . $file)) { @unlink('bak' . $file); } @rename($file, 'bak' . $file); $new_file = fopen($file, 'w'); $file_contents = stripslashes($_POST['file_contents']); fwrite($new_file, $file_contents, strlen($file_contents)); fclose($new_file); $messageStack->add_session('header', sprintf(TEXT_FILE_UPDATED, $_GET['filename']), 'success'); } xos_redirect(xos_href_link(FILENAME_DEFINE_LANGUAGE, 'lngdir=' . $_GET['lngdir'])); } break; } } $languages_array = array(); $languages = xos_get_languages(); $lng_exists = false; for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if ($languages[$i]['directory'] == $_GET['lngdir']) { $lng_exists = true; } $languages_array[] = array('id' => $languages[$i]['directory'], 'text' => $languages[$i]['name']); } if (!$lng_exists) { $_GET['lngdir'] = $_SESSION['language'];
function before_process() { if ($_POST['valid'] == 'true') { if ($remote_host = getenv('REMOTE_HOST')) { if ($remote_host != 'secpay.com') { $remote_host = gethostbyaddr($remote_host); } if ($remote_host != 'secpay.com') { xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, xos_session_name() . '=' . $_POST[xos_session_name()] . '&payment_error=' . $this->code, 'SSL', false, false)); } } else { xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, xos_session_name() . '=' . $_POST[xos_session_name()] . '&payment_error=' . $this->code, 'SSL', false, false)); } } }
// next window of pages if ($cur_window_num < $max_window_num) { $display_links_string .= '<li><a href="' . xos_href_link(basename($_SERVER['PHP_SELF']), $parameters . $this->page_name . '=' . ($cur_window_num * $max_page_links + 1), $request_type) . '" class="page-results" title=" ' . sprintf(PREVNEXT_TITLE_NEXT_SET_OF_NO_PAGE, $max_page_links) . ' ">...</a></li>'; } // next button if ($this->current_page_number < $this->number_of_pages) { $display_links_string .= '<li><a href="' . xos_href_link(basename($_SERVER['PHP_SELF']), $parameters . 'page=' . ($this->current_page_number + 1), $request_type) . '" class="page-results" title=" ' . PREVNEXT_TITLE_NEXT_PAGE . ' ">' . PREVNEXT_BUTTON_NEXT . '</a></li>'; } elseif ($this->number_of_pages != 1) { $display_links_string .= '<li class="disabled"><span><span aria-hidden="true">' . PREVNEXT_BUTTON_NEXT . '</span></span></li>'; } return $display_links_string; } } $product_info_query = xos_db_query("select p.products_id, p.products_model, p.products_quantity, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name, pd.products_p_unit from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and p.products_id = '" . (int) $_GET['p'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'"); if (!xos_db_num_rows($product_info_query)) { xos_redirect(xos_href_link(FILENAME_REVIEWS)); } require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS; $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('lnc', 'cur', 'tpl', 'x', 'y')))); require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php'; if (CACHE_LEVEL > 2 && (isset($_COOKIE[session_name()]) && !isset($_GET[session_name()]) || SESSION_FORCE_COOKIE_USE == 'true')) { $smarty->caching = 1; $cache_id = 'L3|cc_product_reviews|' . $_SESSION['language'] . '-' . $_GET['lnc'] . '-' . $_GET[session_name()] . '-' . $session_started . '-' . SELECTED_TPL . '-' . $_SESSION['currency'] . '-' . $_SESSION['sppc_customer_group_id'] . '-' . $_SESSION['sppc_customer_group_show_tax'] . '-' . $_SESSION['sppc_customer_group_tax_exempt'] . '-' . $_GET['c'] . '-' . $_GET['m'] . '-' . $_GET['p']; } if (!$smarty->isCached(SELECTED_TPL . '/product_reviews.tpl', $cache_id)) { $product_info = xos_db_fetch_array($product_info_query); $reviews_query_raw = "select r.reviews_id, left(rd.reviews_text, 100) as reviews_text, r.reviews_rating, r.date_added, r.customers_name from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd where r.products_id = '" . (int) $product_info['products_id'] . "' and r.reviews_id = rd.reviews_id and rd.languages_id = '" . (int) $_SESSION['languages_id'] . "' order by r.reviews_id desc"; $reviews_split = new splitPageResultsBootstrap($reviews_query_raw, MAX_DISPLAY_NEW_REVIEWS);
if ($action == 'preview_email' && !$_POST['customers_email_address']) { $action = 'email'; $messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error'); } if ($_GET['mail_sent_to']) { $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice'); } $coupon_id = isset($_GET['cid']) ? xos_db_prepare_input($_GET['cid']) : ''; switch ($action) { case 'setflag': if ($_GET['flag'] == 'N' || $_GET['flag'] == 'Y') { if (isset($_GET['cid'])) { xos_set_coupon_status($coupon_id, $_GET['flag']); } } xos_redirect(xos_href_link(FILENAME_COUPON_ADMIN, '&cid=' . $_GET['cid'])); break; case 'confirmdelete': xos_db_query("delete from " . TABLE_COUPONS . " where coupon_id='" . (int) $coupon_id . "'"); xos_db_query("delete from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id='" . (int) $coupon_id . "'"); break; case 'update': // get all POST variables and validate $_POST['coupon_code'] = trim($_POST['coupon_code']); $languages = xos_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; if ($_POST['coupon_name'][$language_id]) { $_POST['coupon_name'][$language_id] = trim($_POST['coupon_name'][$language_id]); } if ($_POST['coupon_desc'][$language_id]) {
// Released under the GNU General Public License //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!$is_shop) { xos_redirect(xos_href_link(FILENAME_DEFAULT), false); } elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_PRODUCT_REVIEWS_INFO) == 'overwrite_all')) { if (PRODUCT_REVIEWS_ENABLED != 'true') { xos_redirect(xos_href_link(FILENAME_DEFAULT), false); } if (isset($_GET['r']) && xos_not_null($_GET['r']) && isset($_GET['p']) && xos_not_null($_GET['p'])) { $review_query = xos_db_query("select rd.reviews_text, r.reviews_rating, r.reviews_id, r.customers_name, r.date_added, r.reviews_read, p.products_id, p.products_price, p.products_tax_class_id, p.products_image, p.products_model, p.products_quantity, pd.products_name, pd.products_p_unit from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd, " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and r.reviews_id = '" . (int) $_GET['r'] . "' and r.reviews_id = rd.reviews_id and rd.languages_id = '" . (int) $_SESSION['languages_id'] . "' and r.products_id = p.products_id and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'"); if (!xos_db_num_rows($review_query)) { xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('r')))); } } else { xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('r')))); } require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_INFO; $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS_INFO, xos_get_all_get_params(array('lnc', 'cur', 'tpl', 'x', 'y')))); require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php'; xos_db_query("update " . TABLE_REVIEWS . " set reviews_read = reviews_read+1 where reviews_id = '" . (int) $_GET['r'] . "'"); if (CACHE_LEVEL > 2 && (isset($_COOKIE[session_name()]) && !isset($_GET[session_name()]) || SESSION_FORCE_COOKIE_USE == 'true')) { $smarty->caching = 1; $cache_id = 'L3|cc_product_reviews_info|' . $_SESSION['language'] . '-' . $_GET['lnc'] . '-' . $_GET[session_name()] . '-' . $session_started . '-' . SELECTED_TPL . '-' . $_SESSION['currency'] . '-' . $_SESSION['sppc_customer_group_id'] . '-' . $_SESSION['sppc_customer_group_show_tax'] . '-' . $_SESSION['sppc_customer_group_tax_exempt'] . '-' . $_GET['c'] . '-' . $_GET['m'] . '-' . $_GET['p'] . '-' . $_GET['r']; } if (!$smarty->isCached(SELECTED_TPL . '/product_reviews_info.tpl', $cache_id)) { $review = xos_db_fetch_array($review_query); $products_image_name = xos_get_product_images($review['products_image'], 'all');
@unlink($dir . $subdir . '/' . $file); } closedir($h2); @rmdir($dir . $subdir); } closedir($h1); } header_remove(); // Now send the file with header() magic header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header('Content-Type: application/octet-stream'); header('Content-Length: ' . @filesize(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'])); header('Content-Disposition: attachment; filename="' . $downloads['orders_products_filename'] . '"'); if (DOWNLOAD_BY_REDIRECT == 'true') { // This will work only on Unix/Linux hosts xos_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC); $tempdir = xos_random_name(); @umask(00); @mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777); @symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']); if (@file_exists(DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename'])) { xos_redirect(xos_href_link(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename'], '', 'NONSSL', false)); } } // Fallback to readfile() delivery method. This will work on all systems, but will need considerable resources @readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']); }
} xos_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) values ('" . (int) $oID . "', '" . xos_db_input($status) . "', now(), '" . xos_db_input($customer_notified) . "', '" . xos_db_input($comments) . "')"); $order_updated = true; } if ($order_updated == true) { $messageStack->add_session('header', SUCCESS_ORDER_UPDATED, 'success'); } else { $messageStack->add_session('header', WARNING_ORDER_NOT_UPDATED, 'warning'); } xos_redirect(xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('action')) . 'action=edit')); break; case 'deleteconfirm': $oID = xos_db_prepare_input($_GET['oID']); $oSC = xos_db_prepare_input($_GET['oSC']); xos_remove_order($oID, $_POST['restock'], $oSC); xos_redirect(xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('oID', 'action')))); break; } } if ($action == 'edit' && isset($_GET['oID'])) { $oID = xos_db_prepare_input($_GET['oID']); $orders_query = xos_db_query("select orders_id from " . TABLE_ORDERS . " where orders_id = '" . (int) $oID . "'"); $order_exists = true; if (!xos_db_num_rows($orders_query)) { $order_exists = false; $messageStack->add('header', sprintf(ERROR_ORDER_DOES_NOT_EXIST, $oID), 'error'); } } include DIR_WS_CLASSES . 'order.php'; $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; $javascript .= '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function popupWindow(url) {' . "\n" . ' x = (screen.availWidth - 900) / 2;' . "\n" . ' y = (screen.availHeight - 750) / 2;' . "\n" . ' window.open(url,"popupWindow","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=900,height=750,screenX="+x+",screenY="+y+",top="+y+",left="+x).focus();' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
} $_SESSION['billto'] = $_POST['address']; $check_address_query = xos_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['billto'] . "'"); $check_address = xos_db_fetch_array($check_address_query); if ($check_address['total'] == '1') { if ($reset_payment == true) { unset($_SESSION['payment']); } xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } else { unset($_SESSION['billto']); } // no addresses to select from - customer decided to keep the current assigned address } else { $_SESSION['billto'] = $_SESSION['customer_default_address_id']; xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } } // if no billing destination address was selected, use their own address as default if (!isset($_SESSION['billto'])) { $_SESSION['billto'] = $_SESSION['customer_default_address_id']; } $site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); $site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL')); $addresses_count = xos_count_customer_address_book_entries(); $add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'var selected;' . "\n\n" . 'function selectRowEffect(object, buttonSelect) {' . "\n" . ' if (!selected) {' . "\n" . ' if (document.getElementById) {' . "\n" . ' selected = document.getElementById("default-selected");' . "\n" . ' } else {' . "\n" . ' selected = document.all["default-selected"];' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (selected) selected.className = "module-row";' . "\n" . ' object.className = "module-row-selected";' . "\n" . ' selected = object;' . "\n\n" . '// one button is not an array' . "\n" . ' if (document.checkout_address.address[0]) {' . "\n" . ' document.checkout_address.address[buttonSelect].checked=true;' . "\n" . ' } else {' . "\n" . ' document.checkout_address.address.checked=true;' . "\n" . ' }' . "\n" . '}' . "\n\n" . 'function rowOverEffect(object) {' . "\n" . ' if (object.className == "module-row") object.className = "module-row-over";' . "\n" . '}' . "\n\n" . 'function rowOutEffect(object) {' . "\n" . ' if (object.className == "module-row-over") object.className = "module-row";' . "\n" . '}' . "\n\n" . '/* ]]> */' . "\n" . '</script> ' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php'; require DIR_WS_MODULES . 'checkout_new_address.php';
} } // end while $group_shipment_allowed = substr($group_shipment_allowed, 0, strlen($group_shipment_allowed) - 1); } // end if ($_POST['shipment_allowed']) $new_cg_id = LAST_CUSTOMERS_GROUPS_ID + 1; xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . (int) $new_cg_id . "', last_modified = now() where configuration_key = 'LAST_CUSTOMERS_GROUPS_ID'"); xos_db_query("insert into " . TABLE_CUSTOMERS_GROUPS . " set customers_group_id = '" . $new_cg_id . "', customers_group_name = '" . $customers_group_name . "', customers_group_discount='" . $customers_group_discount . "', customers_group_show_tax = '" . $customers_group_show_tax . "', customers_group_tax_exempt = '" . $customers_group_tax_exempt . "', group_payment_allowed = '" . $group_payment_allowed . "', group_shipment_allowed = '" . $group_shipment_allowed . "'"); $special_prices_query = xos_db_query("select products_id, specials_new_products_price, expires_date, status, error from " . TABLE_SPECIALS . " where customers_group_id = '0'"); while ($special_prices = xos_db_fetch_array($special_prices_query)) { $special_expires_date = $special_prices['expires_date'] == null ? 'null' : xos_db_input($special_prices['expires_date']); xos_db_perform(TABLE_SPECIALS, array('products_id' => xos_db_input($special_prices['products_id']), 'customers_group_id' => $new_cg_id, 'specials_new_products_price' => xos_db_input($special_prices['specials_new_products_price']), 'expires_date' => $special_expires_date, 'status' => xos_db_input($special_prices['status']), 'error' => xos_db_input($special_prices['error']))); } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action')))); break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; if ($action == 'edit' || $action == 'new') { $javascript .= '<script type="text/javascript">' . "\n\n" . '/* <![CDATA[ */' . "\n" . 'function check_form() {' . "\n" . ' var error = 0;' . "\n\n" . ' var customers_group_name = document.customers.customers_group_name.value;' . "\n\n" . ' if (customers_group_name == "") {' . "\n" . ' error_message = "' . ERROR_CUSTOMERS_GROUP_NAME . '";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n\n" . '/* ]]> */' . "\n" . '</script>' . "\n"; } require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; if ($action == 'edit') { $customers_groups_query = xos_db_query("select c.customers_group_id, c.customers_group_name, c.customers_group_discount, c.customers_group_show_tax, c.customers_group_tax_exempt, c.group_payment_allowed, c.group_shipment_allowed from " . TABLE_CUSTOMERS_GROUPS . " c where c.customers_group_id = '" . $_GET['cID'] . "'"); $customers_groups = xos_db_fetch_array($customers_groups_query); $cInfo = new objectInfo($customers_groups);
if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) { $check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'"); if (xos_db_num_rows($check_query) || $countries_name == '') { xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name)); } } xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); break; case 'deleteconfirm': $countries_id = xos_db_prepare_input($_GET['cID']); xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'"); xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'])); break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; $countries_query_raw = "select countries_id, countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id from " . TABLE_COUNTRIES . " order by countries_name"; $countries_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $countries_query_raw, $countries_query_numrows); $countries_query = xos_db_query($countries_query_raw); $countries_array = array(); while ($countries = xos_db_fetch_array($countries_query)) { if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $countries['countries_id']) && !isset($cInfo) && substr($action, 0, 3) != 'new' && substr($action, 0, 13) != 'new_from_list') { $cInfo = new objectInfo($countries);
$module->install(); $modules_installed = explode(';', constant($module_key)); $modules_installed[] = $class . $file_extension; xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $modules_installed) . "' where configuration_key = '" . $module_key . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class)); } elseif ($action == 'remove') { $module->remove(); $modules_installed = explode(';', constant($module_key)); unset($modules_installed[array_search($class . $file_extension, $modules_installed)]); xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $modules_installed) . "' where configuration_key = '" . $module_key . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_MODULES, 'set=' . $set)); } } xos_redirect(xos_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class)); break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; $file_extension = substr(basename($_SERVER['PHP_SELF']), strrpos(basename($_SERVER['PHP_SELF']), '.')); $directory_array = array(); if ($dir = @dir($module_directory)) { while ($file = $dir->read()) { if (!is_dir($module_directory . $file)) { if (substr($file, strrpos($file, '.')) == $file_extension) { $directory_array[] = $file;
$mailer_error = true; $messageStack->add_session('header', sprintf(ERROR_PHP_MAILER, $gv_email->ErrorInfo, $mail['customers_email_address']), 'error'); } else { // Now create the coupon email entry xos_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $amount . "', now())"); $insert_id = xos_db_insert_id(); xos_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $mail['customers_email_address'] . "', now() )"); } $gv_email->clearAddresses(); } $_SESSION['used_lng_id'] = $used_lang_id; } if ($mailer_error == false) { $messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $mail_sent_to), 'success'); } xos_redirect(xos_href_link(FILENAME_GV_MAIL)); } } $email_error = false; $entry_email_to_error = false; $entry_email_to_check_error = false; if ($action == 'preview' && !empty($_POST['email_to'])) { $email_to = xos_db_prepare_input($_POST['email_to']); if (strlen($email_to) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) { $email_error = true; $entry_email_to_error = true; } if (!xos_validate_email($email_to)) { $email_error = true; $entry_email_to_check_error = true; }
$decoded_send_extra_order_emails_to = html_entity_decode($send_extra_order_emails_to, ENT_QUOTES, 'UTF-8'); $recipients = explode(',', $decoded_send_extra_order_emails_to); for ($i = 0, $n = count($recipients); $i < $n; $i++) { $address = ''; $name = ''; $pieces = explode('<', $recipients[$i]); if (count($pieces) == 2) { $address = trim($pieces[1], " >"); $name = trim($pieces[0]); } elseif (count($pieces) == 1) { $pos = stripos($pieces[0], '@'); $address = $pos ? trim($pieces[0], " >") : ''; } $email_to_other_people = new mailer($name, $address, sprintf(EMAIL_TEXT_SUBJECT_OTHER, $insert_id, xos_date_format(DATE_FORMAT_SHORT)), $output_order_email_html, $output_order_email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SHOP_LOGO); if (!$email_to_other_people->send()) { $messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_other_people->ErrorInfo)); } } } } // load the after_process function from the payment modules $payment_modules->after_process(); $_SESSION['cart']->reset(true); // unregister session variables used during checkout unset($_SESSION['sendto']); unset($_SESSION['billto']); unset($_SESSION['shipping']); unset($_SESSION['payment']); unset($_SESSION['comments']); xos_redirect(xos_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')); }
$attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array'])); foreach ($attributes_price_array as $key => $value) { if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) { $_POST['price_prefix_' . $key] = $_POST['price_prefix_' . $key] == '-' && $_POST['value_price_' . $key] > 0 ? '-' : '+'; xos_db_query("update " . TABLE_PRODUCTS_ATTRIBUTES . " set options_values_price = '" . (double) $_POST['value_price_' . $key] . "', price_prefix = '" . xos_db_input($_POST['price_prefix_' . $key]) . "' where products_attributes_id = '" . (int) $key . "'"); } } } $sql_data_array = array('products_price' => serialize($prices_array)); xos_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'"); $smarty_cache_control->clearAllCache(); if ($specials_error) { $messageStack->add_session('price_error', ERROR_NOT_ALL_NECESSARY_PRICES, 'error'); xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'product_ID=' . $products_id . '&categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '') . '&errGr=' . substr($spec_err_gr, 0, -1))); } xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : ''))); } $max_display_update_prices_results_array = array(); $set = false; for ($i = 50; $i <= 500; $i = $i + 50) { if (MAX_DISPLAY_RESULTS <= $i && $set == false) { $max_display_update_prices_results_array[] = array('id' => MAX_DISPLAY_RESULTS, 'text' => MAX_DISPLAY_RESULTS); $set = true; } if (MAX_DISPLAY_RESULTS != $i) { $max_display_update_prices_results_array[] = array('id' => $i, 'text' => $i); } } if ($set == false) { $max_display_update_prices_results_array[] = array('id' => MAX_DISPLAY_RESULTS, 'text' => MAX_DISPLAY_RESULTS); }
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } else { $check_query = xos_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int) $_GET['delete'] . "' and customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $check = xos_db_fetch_array($check_query); if ($check['total'] < 1) { $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY); xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } } } else { $entry = array(); } if (!isset($_GET['delete']) && !isset($_GET['edit'])) { if (xos_count_customer_address_book_entries() >= MAX_ADDRESS_BOOK_ENTRIES) { $messageStack->add_session('addressbook', ERROR_ADDRESS_BOOK_FULL); xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } } $site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); $site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); if (isset($_GET['edit']) && is_numeric($_GET['edit'])) { $site_trail->add(NAVBAR_TITLE_MODIFY_ENTRY, xos_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'edit=' . $_GET['edit'], 'SSL')); } elseif (isset($_GET['delete']) && is_numeric($_GET['delete'])) { $site_trail->add(NAVBAR_TITLE_DELETE_ENTRY, xos_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'delete=' . $_GET['delete'], 'SSL')); } else { $site_trail->add(NAVBAR_TITLE_ADD_ENTRY, xos_href_link(FILENAME_ADDRESS_BOOK_PROCESS, '', 'SSL')); } require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php';
$comb_str .= '|'; xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "', attributes_combinations = '" . xos_db_input($comb_str) . "', " . $not_updated . " where products_id = '" . (int) $products_id . "'"); } else { xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = null, attributes_combinations = null, attributes_not_updated = null where products_id = '" . (int) $products_id . "'"); } $smarty_cache_control->clearAllCache(); } xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_attributes_id = '" . (int) $attribute_id . "'"); // added for DOWNLOAD_ENABLED. Always try to remove attributes, even if downloads are no longer enabled xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " where products_attributes_id = '" . (int) $attribute_id . "'"); if ($qty < 1 && STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') { xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $products_id . "'"); $smarty_cache_control->clearAllCache(); } $smarty_cache_control->clearCache(null, 'L3|cc_product_info'); xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $parameter_string)); break; } } define('MAX_ROW_LISTS_OPTIONS', 15); define('MAX_PRODUCTS_IN_PULLDOWN', 50); $max_display_rows_array = array(); $max_display_rows_array[] = array('id' => MAX_ROW_LISTS_OPTIONS, 'text' => MAX_ROW_LISTS_OPTIONS); for ($i = 20; $i <= 200; $i = $i + 20) { $max_display_rows_array[] = array('id' => $i, 'text' => $i); } $max_display_products_in_pulldown_array = array(); $max_display_products_in_pulldown_array[] = array('id' => MAX_PRODUCTS_IN_PULLDOWN, 'text' => MAX_PRODUCTS_IN_PULLDOWN); for ($i = 100; $i <= 500; $i = $i + 50) { $max_display_products_in_pulldown_array[] = array('id' => $i, 'text' => $i); }
$error = false; if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) { $error = true; $messageStack->add('review', JS_REVIEW_TEXT); } if ($rating < 1 || $rating > 5) { $error = true; $messageStack->add('review', JS_REVIEW_RATING); } if ($error == false) { xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())"); $insert_id = xos_db_insert_id(); xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')"); $smarty->clearCache(null, 'L3|cc_reviews'); $smarty->clearCache(null, 'L3|cc_product_reviews'); xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action', 'rmp')) . 'rmp=0'), false); } } require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_WRITE; $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params())); $add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function checkForm() {' . "\n" . ' var error = 0;' . "\n" . ' var error_message = "' . JS_ERROR . '";' . "\n\n" . ' var review = document.product_reviews_write.review.value;' . "\n\n" . ' if (review.length < ' . REVIEW_TEXT_MIN_LENGTH . ') {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_TEXT . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {' . "\n" . ' } else {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_RATING . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php'; $products_prices = xos_get_product_prices($product_info['products_price']); $products_tax_rate = xos_get_tax_rate($product_info['products_tax_class_id']); $price_breaks_array = array(); if (isset($products_prices[$customer_group_id][0])) { $product_price = $currencies->display_price($products_prices[$customer_group_id][0]['regular'], $products_tax_rate); $products_prices[$customer_group_id]['special_status'] == 1 && $products_prices[$customer_group_id][0]['special'] > 0 ? $product_price_special = $currencies->display_price($products_prices[$customer_group_id][0]['special'], $products_tax_rate) : ($product_price_special = '');
switch ($action) { case 'delete': $error = ERROR_REMOVE_UNLOCKED_NEWSLETTER; break; case 'new': $error = ERROR_EDIT_UNLOCKED_NEWSLETTER; break; case 'send': $error = ERROR_SEND_UNLOCKED_NEWSLETTER; break; case 'confirm_send': $error = ERROR_SEND_UNLOCKED_NEWSLETTER; break; } $messageStack->add_session('header', $error, 'error'); xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page'] . '&nID=' . $_GET['nID'])); } break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; if ($action == 'new' && WYSIWYG_FOR_NEWSLETTER == 'true' && EMAIL_USE_HTML == 'true') { $javascript .= '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/ckeditor/ckeditor.js"></script>' . "\n"; } if ($action == 'confirm_send') { $javascript .= '<script type="text/javascript">' . "\n\n" . '/* <![CDATA[ */' . "\n" . ' var http_request = false;' . "\n\n" . ' function confirmSent(url) {' . "\n\n" . ' http_request = false;' . "\n\n" . ' if (window.XMLHttpRequest) { // Mozilla, Safari,...' . "\n" . ' http_request = new XMLHttpRequest();' . "\n" . ' if (http_request.overrideMimeType) {' . "\n" . ' http_request.overrideMimeType("text/html");' . "\n" . ' }' . "\n" . ' } else if (window.ActiveXObject) { // IE' . "\n" . ' try {' . "\n" . ' http_request = new ActiveXObject("Msxml2.XMLHTTP");' . "\n" . ' } catch (e) {' . "\n" . ' try {' . "\n" . ' http_request = new ActiveXObject("Microsoft.XMLHTTP");' . "\n" . ' } catch (e) {}' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (!http_request) {' . "\n" . ' alert("Ende : Kann keine XMLHTTP-Instanz erzeugen");' . "\n" . ' return false;' . "\n" . ' }' . "\n" . ' http_request.onreadystatechange = response_processing;' . "\n" . ' http_request.open("GET", url, true);' . "\n" . ' http_request.send(null);' . "\n\n" . ' }' . "\n\n" . ' function response_processing() {' . "\n\n" . ' if (http_request.readyState == 4) {' . "\n" . ' if (http_request.status == 200) {' . "\n" . ' document.getElementById("infoSend").innerHTML = http_request.responseText;' . "\n" . ' } else {' . "\n" . ' alert("Bei dem Request ist ein Problem aufgetreten.");' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' }' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n"; } require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php';
function xos_session_start() { $sane_session_id = true; if (isset($_GET[xos_session_name()])) { if (preg_match('/^[a-zA-Z0-9,-]+$/', $_GET[xos_session_name()]) == false) { unset($_GET[xos_session_name()]); $sane_session_id = false; } } elseif (isset($_POST[xos_session_name()])) { if (preg_match('/^[a-zA-Z0-9,-]+$/', $_POST[xos_session_name()]) == false) { unset($_POST[xos_session_name()]); $sane_session_id = false; } } elseif (isset($_COOKIE[xos_session_name()])) { if (preg_match('/^[a-zA-Z0-9,-]+$/', $_COOKIE[xos_session_name()]) == false) { $session_data = session_get_cookie_params(); setcookie(xos_session_name(), '', time() - 42000, $session_data['path'], $session_data['domain']); unset($_COOKIE[xos_session_name()]); $sane_session_id = false; } } if ($sane_session_id == false) { xos_redirect(xos_href_link(FILENAME_DEFAULT, '', 'SSL', false)); } register_shutdown_function('session_write_close'); return session_start(); }
// Copyright (c) 2003 osCommerce // filename: cache.php // // Released under the GNU General Public License //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_CACHE) == 'overwrite_all')) { if (isset($_GET['reset']) && xos_not_null($_GET['reset'])) { if ($_GET['reset'] == 'all_blocks') { $smarty_cache_control->clearAllCache(); } elseif ($_GET['reset'] == 'all_compiled_template_files') { $smarty_cache_control->clearCompiledTemplate(); } else { $smarty_cache_control->clearCache(null, $_GET['reset']); } xos_redirect(xos_href_link(FILENAME_CACHE)); } // check if the cache directory exists if (is_dir(DIR_FS_SMARTY . 'catalog/cache/')) { if (!is_writable(DIR_FS_SMARTY . 'catalog/cache/')) { $messageStack->add('header', ERROR_CACHE_DIRECTORY_NOT_WRITEABLE, 'error'); } } else { $messageStack->add('header', ERROR_CACHE_DIRECTORY_DOES_NOT_EXIST, 'error'); } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; if (is_writable(DIR_FS_SMARTY . 'catalog/cache/')) {