function xtc_db_error($query, $errno, $error)
{
// Deliver 503 Error on database error (so crawlers won't index the error page)
if (!defined('DIR_FS_ADMIN')) {
header("HTTP/1.1 503 Service Temporarily Unavailable");
header("Status: 503 Service Temporarily Unavailable");
header("Connection: Close");
}
// Send an email to the shop owner if a sql error occurs
if (defined('EMAIL_SQL_ERRORS') && EMAIL_SQL_ERRORS == 'true') {
$subject = 'DATA BASE ERROR AT - ' . STORE_NAME;
$message = '<font color="#000000"><strong>' . $errno . ' - ' . $error . '<br /><br />' . $query . '<br /><br />Request URL: ' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '<br /><br /><small><font color="#ff0000">[XT SQL Error]</font></small><br /><br /></strong></font>';
xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '', '', STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, '', '', $subject, nl2br($message), $message);
}
// show the full sql error + full query only to logged-in admins or error_reporting() != 0
if (isset($_SESSION['customers_status']['customers_status_id']) && $_SESSION['customers_status']['customers_status_id'] == 0 || error_reporting() != 0) {
die('<font color="#000000"><strong>' . $errno . ' - ' . $error . '<br /><br />' . $query . '<br /><br /><small><font color="#ff0000">[MOD SQL Error]</font></small><br /><br /></strong></font>');
} else {
die('<font color="#ff0000"><strong>Es ist ein Fehler aufgetreten!<br />There was an error!<br />Il y avait une erreur!</strong></font>');
}
}
require_once DIR_FS_INC . 'xtc_validate_email.inc.php';
require_once DIR_FS_INC . 'xtc_image_button.inc.php';
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include the mailer-class
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
// include all for the mails
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
if (!isset($_SESSION['affiliate_id'])) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
}
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'send') {
if (xtc_validate_email(trim($_POST['email']))) {
xtc_php_mail($_POST['email'], $_POST['name'], AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', $_POST['email'], $_POST['name'], '', '', EMAIL_SUBJECT, $_POST['enquiry'], $_POST['enquiry']);
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_CONTACT, 'action=success'));
} else {
echo $mail_error;
}
} else {
$error = true;
}
}
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_CONTACT, xtc_href_link(FILENAME_AFFILIATE_CONTACT));
require DIR_WS_INCLUDES . 'header.php';
if (isset($_GET['action']) && $_GET['action'] == 'success') {
$smarty->assign('SUMMARY_LINK', '<a href="' . xtc_href_link(FILENAME_AFFILIATE_SUMMARY) . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
} else {
function sendAdminErrorMail($importantData = array())
{
$subject = "Error in Payment-Modul";
$message = "Error in Payment-Modul\r\n";
if (isset($importantData['description'])) {
$message .= "\r\nDescription: " . $importantData['description'];
}
if (isset($importantData['transactionId'])) {
$message .= "\r\nTransaction-ID: " . $importantData['transactionId'];
}
if (isset($importantData['paymentmethod'])) {
$message .= "\r\nPaymentmethod: " . $importantData['paymentmethod'];
}
if (isset($importantData['customerId'])) {
$message .= "\r\nCustomer-ID: " . $importantData['customerId'];
}
if (isset($importantData['orderdata'])) {
$message .= "\r\nOrder-Data: " . print_r($importantData['orderdata'], true);
}
$message .= "\r\n\r\nMail is sent by function " . __METHOD__ . " in file " . __FILE__;
xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '', '', STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, '', '', $subject, nl2br($message), $message);
}
// EOF - Tomcraft - 2009-11-05 - Advanced contact form (additional fields)
// BOF - Tomcraft - 2009-11-05 - Advanced contact form (check for USE_CONTACT_EMAIL_ADDRESS)
$use_contact_email_query = xtc_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'USE_CONTACT_EMAIL_ADDRESS'");
$use_contact_email = xtc_db_fetch_array($use_contact_email_query);
if ($use_contact_email['configuration_value'] == 'true') {
$email = trim(CONTACT_US_EMAIL_ADDRESS);
$name = CONTACT_US_NAME;
$notify = EMAIL_NOTIFY . "\n\n";
} else {
$email = trim($_POST['email']);
$name = $_POST['name'];
$notify = '';
}
// EOF - Tomcraft - 2009-11-05 - Advanced contact form (check for USE_CONTACT_EMAIL_ADDRESS)
$email_layout = sprintf(EMAIL_SENT_BY, CONTACT_US_NAME, CONTACT_US_EMAIL_ADDRESS, $datum, $uhrzeit) . "\n" . "--------------------------------------------------------------" . "\n" . $notify . EMAIL_NAME . $_POST['name'] . "\n" . EMAIL_EMAIL . trim($_POST['email']) . "\n" . $additional_fields . "\n" . EMAIL_MESSAGE . "\n " . $_POST['message_body'] . "\n";
xtc_php_mail($email, $name, CONTACT_US_EMAIL_ADDRESS, CONTACT_US_NAME, CONTACT_US_FORWARDING_STRING, $email, $name, '', '', CONTACT_US_EMAIL_SUBJECT, nl2br($email_layout), $email_layout);
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_CONTENT, 'action=success&coID=' . (int) $_GET['coID']));
} else {
$smarty->assign('error_message', $mail_error);
}
}
//EOF - web28 - 2010-04-03 - New error handling for required fileds
}
$smarty->assign('CONTACT_HEADING', $shop_content_data['content_heading']);
if (isset($_GET['action']) && $_GET['action'] == 'success') {
$smarty->assign('success', '1');
$smarty->assign('BUTTON_CONTINUE', '<a href="' . xtc_href_link(FILENAME_DEFAULT) . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
} else {
if ($shop_content_data['content_file'] != '') {
ob_start();
// set dirs manual
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
$smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $check_status['customers_name']);
$smarty->assign('ORDER_NR', $oID);
$smarty->assign('ORDER_LINK', xtc_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, 'order_id=' . $oID, 'SSL'));
$smarty->assign('ORDER_DATE', xtc_date_long($check_status['date_purchased']));
$smarty->assign('NOTIFY_COMMENTS', nl2br($notify_comments));
// Tomcraft - 2009-10-10 - Fixed wordwrap in notify_comments
$smarty->assign('ORDER_STATUS', $orders_status_array[$status]);
$html_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.html');
$txt_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.txt');
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_BILLING_SUBJECT, $html_mail, $txt_mail);
$customer_notified = '1';
}
xtc_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) values ('" . xtc_db_input($oID) . "', '" . xtc_db_input($status) . "', now(), '" . $customer_notified . "', '" . xtc_db_input($comments) . "')");
$order_updated = true;
}
if ($order_updated) {
$messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
}
xtc_redirect(xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'deleteconfirm':
$oID = xtc_db_prepare_input($_GET['oID']);
xtc_remove_order($oID, $_POST['restock']);
$messageStack->add_session(SUCCESS_BILLING, 'success');
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'update_payment':
$pID = xtc_db_prepare_input($_GET['pID']);
$status = xtc_db_prepare_input($_POST['status']);
$payment_updated = false;
$check_status_query = xtc_db_query("select af.affiliate_email_address, ap.affiliate_lastname, ap.affiliate_firstname, ap.affiliate_payment_status, ap.affiliate_payment_date, ap.affiliate_payment_date from " . TABLE_AFFILIATE_PAYMENT . " ap, " . TABLE_AFFILIATE . " af where affiliate_payment_id = '" . xtc_db_input($pID) . "' and af.affiliate_id = ap.affiliate_id ");
$check_status = xtc_db_fetch_array($check_status_query);
if ($check_status['affiliate_payment_status'] != $status) {
xtc_db_query("update " . TABLE_AFFILIATE_PAYMENT . " set affiliate_payment_status = '" . xtc_db_input($status) . "', affiliate_last_modified = now() where affiliate_payment_id = '" . xtc_db_input($pID) . "'");
$affiliate_notified = '0';
// Notify Affiliate
if ($_POST['notify'] == 'on') {
$email = STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_AFFILIATE_PAYMENT_NUMBER . ' ' . $pID . "\n" . EMAIL_TEXT_INVOICE_URL . ' ' . xtc_catalog_href_link(FILENAME_CATALOG_AFFILIATE_PAYMENT_INFO, 'payment_id=' . $pID, 'SSL') . "\n" . EMAIL_TEXT_PAYMENT_BILLED . ' ' . xtc_date_long($check_status['affiliate_payment_date']) . "\n\n" . sprintf(EMAIL_TEXT_STATUS_UPDATE, $payments_status_array[$status]);
xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, EMAIL_SUPPORT_NAME, $check_status['affiliate_email_address'], $check_status['affiliate_firstname'] . ' ' . $check_status['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_TEXT_SUBJECT, nl2br($email), $email);
$affiliate_notified = '1';
}
xtc_db_query("insert into " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " (affiliate_payment_id, affiliate_new_value, affiliate_old_value, affiliate_date_added, affiliate_notified) values ('" . xtc_db_input($pID) . "', '" . xtc_db_input($status) . "', '" . $check_status['affiliate_payment_status'] . "', now(), '" . $affiliate_notified . "')");
$order_updated = true;
}
if ($order_updated) {
$messageStack->add_session(SUCCESS_PAYMENT_UPDATED, 'success');
}
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'deleteconfirm':
$pID = xtc_db_prepare_input($_GET['pID']);
xtc_db_query("delete from " . TABLE_AFFILIATE_PAYMENT . " where affiliate_payment_id = '" . xtc_db_input($pID) . "'");
xtc_db_query("delete from " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " where affiliate_payment_id = '" . xtc_db_input($pID) . "'");
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('pID', 'action'))));
$txt_mail = $smarty->fetch('db:order_mail.txt');
//email attachments
$email_attachments = defined('EMAIL_BILLING_ATTACHMENTS') ? EMAIL_BILLING_ATTACHMENTS : '';
// create subject
$order_subject = str_replace('{$nr}', $insert_id, EMAIL_BILLING_SUBJECT_ORDER);
$order_subject = str_replace('{$date}', xtc_date_long($order->info['date_purchased']), $order_subject);
// Tomcraft - 2011-12-28 - Use date_puchased instead of current date in E-Mail subject
$order_subject = str_replace('{$lastname}', $order->customer['lastname'], $order_subject);
$order_subject = str_replace('{$firstname}', $order->customer['firstname'], $order_subject);
// send mail to admin
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], $email_attachments, '', $order_subject, $html_mail, $txt_mail);
// send mail to customer
if (SEND_EMAILS == 'true' || $send_by_admin) {
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, $email_attachments, '', $order_subject, $html_mail, $txt_mail);
if (isset($sepa_html_mail)) {
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $banktransfer_owner_email, '', '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_BILLING_SUBJECT, $sepa_html_mail, $sepa_txt_mail);
}
}
if (AFTERBUY_ACTIVATED == 'true') {
require_once DIR_WS_CLASSES . 'afterbuy.php';
$aBUY = new xtc_afterbuy_functions($insert_id);
if ($aBUY->order_send()) {
$aBUY->process_order();
}
}
//BOF - web28 - 2010-03-20 - Send Order by Admin
if (isset($send_by_admin)) {
//DokuMan - 2010-09-18 - Undefined variable: send_by_admin
$customer_notified = '1';
$orders_status_id = '1';
//Comment out the next line for setting the $orders_status_id= '1 '- Auskommentieren der nächste Zeile, um die $orders_status_id = '1' zu setzen
function xtcMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)")
{
$output = "Attention site admin of " . STORE_NAME . ",\n";
$output .= "On " . @strftime(DATE_FORMAT_LONG);
$output .= " at " . @strftime(DATE_TIME_FORMAT_SHORT);
$output .= " the xt:C System has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n";
$output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n";
$output .= "Additional information given by the code which detected this: " . $message;
$output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n";
$output .= "\n=====================================\n";
$output .= "Information about this user:\n";
$output .= "=====================================\n";
if (!isset($_SESSION['customer_id'])) {
$output .= "This person is not logged in.\n";
} else {
$output .= "This person is logged in!!\n Customers ID =" . $_SESSION['customer_id'];
}
$output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . $_SERVER['HTTP_CLIENT_IP'] . "\n\t IP according to REMOTE_ADDR: " . $_SERVER['REMOTE_ADDR'] . "\n\t IP according to GetHostByName(" . $_SERVER['REMOTE_ADDR'] . "): " . @GetHostByName($_SERVER['REMOTE_ADDR']) . "\n\n";
$output .= "\n=====================================\n";
$output .= "Information in the \$_REQUEST array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_REQUEST)) {
$output .= "REQUEST * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_GET array\n";
$output .= "This is about variables that may have been ";
$output .= "in the URL string or in a 'GET' type form.\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_GET)) {
$output .= "GET * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_POST array\n";
$output .= "This is about visible and invisible form elements.\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_POST)) {
$output .= "POST * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Browser information\n";
$output .= "=====================================\n";
$output .= "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
$browser = (array) @get_browser();
while (list($key, $value) = @each($browser)) {
$output .= "BROWSER * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_SERVER array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_SERVER)) {
$output .= "SERVER * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_ENV array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_ENV)) {
$output .= "ENV * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_COOKIE array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_COOKIE)) {
$output .= "COOKIE * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_FILES array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_FILES)) {
$output .= "FILES * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_SESSION array\n";
$output .= "This is session info.";
$output .= "=====================================\n";
while (list($key, $value) = @each($_SESSION)) {
$output .= "SESSION * {$key} : {$value}\n";
}
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', 'Attempted hack on your site? (type: ' . $message . ')', nl2br($output), $output);
return;
}
$coupon_query = xtc_db_query("SELECT * FROM " . TABLE_COUPONS . " WHERE coupon_code = '" . $coupon_code . "'");
$coupon = xtc_db_fetch_array($coupon_query);
$coupon_id = $coupon['coupon_id'];
$coupon_desc_query = xtc_db_query("SELECT * FROM " . TABLE_COUPONS_DESCRIPTION . " WHERE coupon_id = '" . $coupon_id . "' and language_id = '" . (int) $_SESSION['languages_id'] . "'");
$coupon_desc = xtc_db_fetch_array($coupon_desc_query);
$insert_query = xtc_db_query("INSERT INTO " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) VALUES ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )");
$smarty->assign('SEND_COUPON', 'true');
$smarty->assign('COUPON_DESC', $coupon_desc['coupon_description']);
$smarty->assign('COUPON_CODE', $coupon['coupon_code']);
}
}
// create templates
$smarty->caching = 0;
$html_mail = $smarty->fetch('db:create_account_mail.html');
$txt_mail = $smarty->fetch('db:create_account_mail.txt');
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $email_address, $name, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
if ($newsletter == 1) {
require_once DIR_WS_CLASSES . 'class.newsletter.php';
$newsletter = new newsletter();
$newsletter->AddUserAuto($email_address);
}
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART, '', 'SSL'));
} else {
$error = true;
$messageStack->add('create_account', $mail_error);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_CREATE_ACCOUNT, xtc_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
//BOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('tpl_path', DIR_WS_BASE . 'templates/' . CURRENT_TEMPLATE . '/');
//$smarty->assign('tpl_path', 'templates/'.CURRENT_TEMPLATE.'/');
//EOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $customers_lastname . ' ' . $customers_firstname);
$smarty->assign('EMAIL', $customers_email_address);
$smarty->assign('COMMENTS', $customers_mail_comments);
$smarty->assign('PASSWORD', $customers_password_encrypted);
$smarty->caching = 0;
$html_mail = $smarty->fetch('db:create_account_mail_admin.html');
$txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $customers_email_address, $customers_lastname . ' ' . $customers_firstname, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
}
xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, 'cID=' . $cc_id, 'SSL'));
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body>
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
<!-- body //-->
<div class="row">
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['affiliate_suburb'] = $a_suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($a_zone_id > 0) {
$sql_data_array['affiliate_zone_id'] = $a_zone_id;
$sql_data_array['affiliate_state'] = '';
} else {
$sql_data_array['affiliate_zone_id'] = '0';
$sql_data_array['affiliate_state'] = $a_state;
}
}
$sql_data_array['affiliate_date_account_created'] = 'now()';
$_SESSION['affiliate_id'] = affiliate_insert($sql_data_array, $_SESSION['affiliate_ref']);
$aemailbody = MAIL_AFFILIATE_HEADER . "\n" . MAIL_AFFILIATE_ID . $_SESSION['affiliate_id'] . "\n" . MAIL_AFFILIATE_USERNAME . $a_email_address . "\n" . MAIL_AFFILIATE_PASSWORD . $a_password . "\n\n" . MAIL_AFFILIATE_LINK . HTTP_SERVER . DIR_WS_CATALOG . FILENAME_AFFILIATE . "\n\n" . MAIL_AFFILIATE_FOOTER;
xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $a_email_address, $a_firstname . ' ' . $a_lastname, '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', MAIL_AFFILIATE_SUBJECT, nl2br($aemailbody), nl2br($aemailbody));
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
} else {
echo $mail_error;
}
$_SESSION['affiliate_email'] = $a_email_address;
$_SESSION['affiliate_name'] = $a_firstname . ' ' . $a_lastname;
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_SIGNUP_OK, '', 'SSL'));
}
}
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_SIGNUP, xtc_href_link(FILENAME_AFFILIATE_SIGNUP, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', xtc_draw_form('affiliate_signup', xtc_href_link(FILENAME_AFFILIATE_SIGNUP, '', 'SSL'), 'post'));
$smarty->assign('HIDDEN_ACTION', xtc_draw_hidden_field('action', 'process'));
$smarty->caching = false;
// set dirs manual
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
$smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('MESSAGE', stripslashes($_POST['message']));
//web28 2011-07-07 - Fix html email
$smarty->assign('COUPON_ID', $coupon_result['coupon_code']);
$smarty->assign('COUPON_AMOUNT', $coupon_amount);
// web28 - 2011-04-13 - ADD Coupon message infos
$smarty->assign('WEBSITE', HTTP_SERVER . DIR_WS_CATALOG);
$html_mail = $smarty->fetch('db:send_coupon.html');
$txt_mail = $smarty->fetch('db:send_coupon.txt');
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $mail['customers_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $subject, $html_mail, $txt_mail);
}
xtc_redirect(xtc_href_link(FILENAME_COUPON_ADMIN, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview_email' && !$_POST['customers_email_address']) {
$_GET['action'] = 'email';
$messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($_GET['mail_sent_to']) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'success');
$_GET['mail_sent_to'] = '';
}
switch ($_GET['action']) {
case 'confirmdelete':
$delete_query = xtc_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id='" . (int) $_GET['cid'] . "'");
break;
* -> parse email text
*/
$mail_text = nl2br(gm_get_content('GM_PDF_EMAIL_TEXT', $_SESSION['languages_id']));
if (strstr($mail_text, '{CUSTOMER}')) {
$mail_text = str_replace('{CUSTOMER}', $order_check['customers_firstname'] . ' ' . $order_check['customers_lastname'], $mail_text);
}
if (strstr($mail_text, '{ORDER_ID}')) {
$mail_text = str_replace('{ORDER_ID}', $_GET['oID'], $mail_text);
}
if (strstr($mail_text, '{INVOICE_ID}')) {
$mail_text = str_replace('{INVOICE_ID}', $order_check['gm_orders_code'], $mail_text);
}
if (strstr($mail_text, '{DATE}')) {
$mail_text = str_replace('{DATE}', xtc_date_short($order->info['date_purchased']), $mail_text);
}
if (!empty($_GET['gm_quick_mail'])) {
$order_check['customers_email_address'] = $_GET['gm_mail'];
$order_check['customers_firstname'] = '';
$order_check['customers_lastname'] = '';
$subject = $_GET['gm_subject'];
}
if (xtc_php_mail(EMAIL_FROM, STORE_NAME, $order_check['customers_email_address'], $order_check['customers_firstname'] . ' ' . $order_check['customers_lastname'], EMAIL_BILLING_FORWARDING_STRING, '', '', DIR_FS_CATALOG . '/export/' . $pdf_filename, '', $subject, $mail_text, '')) {
echo PDF_MAIL_SUCCESS . '<br><br><span class="button" onclick="gm_mail_close(\'INVOICE_MAIL\')" style="cursor:pointer"><strong>' . PDF_MAIL_CLOSE . '</strong></span>';
@unlink(DIR_FS_CATALOG . '/export/' . $pdf_filename);
}
} else {
if ($gm_pdf_use_protection) {
$pdf->SetProtection($gm_pdf_protection);
}
$pdf->Output($pdf_filename, gm_get_conf("GM_PDF_DISPLAY_OUTPUT"));
}
if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
$link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '/gv_no,'.$id1;
} else {
$link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no='.$id1;
}
*/
$link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no=' . $id1;
//-- SEO ShopStat
$smarty->assign('GIFT_LINK', $link);
$html_mail = $smarty->fetch('db:send_gift.html');
$txt_mail = $smarty->fetch('db:send_gift.txt');
if ($subject == '') {
$subject = EMAIL_BILLING_SUBJECT;
}
//web28 - 2011-07-07 - Fix email subject
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $_POST['email_to'], '', '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $subject, $html_mail, $txt_mail);
//web28 - 2011-07-07 - Fix email subject
// Now create the coupon email entry
$insert_query = xtc_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $_POST['amount'] . "', now())");
$insert_id = xtc_db_insert_id();
$insert_query = xtc_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $_POST['email_to'] . "', now() )");
}
xtc_redirect(xtc_href_link(FILENAME_GV_MAIL, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
$error = false;
if ($_GET['action'] == 'preview' && !$_POST['customers_email_address'] && !$_POST['email_to']) {
$messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
$error = true;
}
if ($_GET['action'] == 'preview' && !$_POST['amount']) {
$messageStack->add(ERROR_NO_AMOUNT_SELECTED, 'error');
// break;
// case '**D':
// $mail_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
// $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
// break;
default:
$affiliate_email_address = xtc_db_prepare_input($_POST['affiliate_email_address']);
$mail_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . xtc_db_input($affiliate_email_address) . "'");
$mail_sent_to = $_POST['affiliate_email_address'];
break;
}
$from = xtc_db_prepare_input($_POST['from']);
$subject = xtc_db_prepare_input($_POST['subject']);
$message = xtc_db_prepare_input($_POST['message']);
while ($mail = xtc_db_fetch_array($mail_query)) {
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $mail['affiliate_email_address'], $mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $subject, $message, $message);
}
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_CONTACT, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['affiliate_email_address']) {
$messageStack->add(ERROR_NO_AFFILIATE_SELECTED, 'error');
}
if (xtc_not_null($_GET['mail_sent_to'])) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_email_address = '" . xtc_db_input($check_customer['customers_email_address']) . "'");
//DokuMan - 2011-02-19 - SQL injection fix 16.02.2011
xtc_db_query("update " . TABLE_CUSTOMERS . " set password_request_key = '' where customers_id = '" . $check_customer['customers_id'] . "'");
// assign language to template for caching
$smarty->assign('language', $_SESSION['language']);
$smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
// assign vars
$smarty->assign('EMAIL', $check_customer['customers_email_address']);
$smarty->assign('NEW_PASSWORD', $newpass);
// dont allow cache
$smarty->caching = false;
// create mails
$html_mail = $smarty->fetch('db:new_password_mail.html');
$txt_mail = $smarty->fetch('db:new_password_mail.txt');
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $check_customer['customers_email_address'], '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_PASSWORD_NEW_PASSWORD, $html_mail, $txt_mail);
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_LOGIN, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
}
}
}
$breadcrumb->add(NAVBAR_TITLE_PASSWORD_DOUBLE_OPT, xtc_href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'NONSSL'));
require DIR_WS_INCLUDES . 'header.php';
switch ($case) {
case 'first_opt_in':
$smarty->assign('text_heading', HEADING_PASSWORD_FORGOTTEN);
//$smarty->assign('info_message', $info_message); //DokuMan - 2010-08-26 - unnecessary assign
$smarty->assign('info_message', TEXT_LINK_MAIL_SENDED);
$smarty->assign('language', $_SESSION['language']);
$smarty->caching = 0;
$main_content = $smarty->fetch(CURRENT_TEMPLATE . '/module/password_messages.html');
function CustomersUpdate()
{
global $_POST, $Lang_folder;
$customers_id = -1;
// include PW function
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
if (isset($_POST['cID'])) {
$customers_id = xtc_db_prepare_input($_POST['cID']);
}
// security check, if user = admin, dont allow to perform changes
if ($customers_id != -1) {
$sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'");
$sec_data = xtc_db_fetch_array($sec_query);
if ($sec_data['customers_status'] == 0) {
print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', '');
return;
}
}
$sql_customers_data_array = array();
if (isset($_POST['customers_cid'])) {
$sql_customers_data_array['customers_cid'] = $_POST['customers_cid'];
}
if (isset($_POST['customers_firstname'])) {
$sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_dob'])) {
$sql_customers_data_array['customers_dob'] = $_POST['customers_dob'];
}
if (isset($_POST['customers_email'])) {
$sql_customers_data_array['customers_email_address'] = $_POST['customers_email'];
}
if (isset($_POST['customers_tele'])) {
$sql_customers_data_array['customers_telephone'] = $_POST['customers_tele'];
}
if (isset($_POST['customers_fax'])) {
$sql_customers_data_array['customers_fax'] = $_POST['customers_fax'];
}
if (isset($_POST['customers_gender'])) {
$sql_customers_data_array['customers_gender'] = $_POST['customers_gender'];
}
if (file_exists('cao_custupd_1.php')) {
include 'cao_custupd_1.php';
}
if (isset($_POST['customers_password'])) {
$sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']);
}
$sql_address_data_array = array();
if (isset($_POST['customers_firstname'])) {
$sql_address_data_array['entry_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_address_data_array['entry_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_company'])) {
$sql_address_data_array['entry_company'] = $_POST['customers_company'];
}
if (isset($_POST['customers_street'])) {
$sql_address_data_array['entry_street_address'] = $_POST['customers_street'];
}
if (isset($_POST['customers_city'])) {
$sql_address_data_array['entry_city'] = $_POST['customers_city'];
}
if (isset($_POST['customers_postcode'])) {
$sql_address_data_array['entry_postcode'] = $_POST['customers_postcode'];
}
if (isset($_POST['customers_gender'])) {
$sql_address_data_array['entry_gender'] = $_POST['customers_gender'];
}
if (isset($_POST['customers_country_id'])) {
$country_code = $_POST['customers_country_id'];
}
$country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1";
$country_result = xtc_db_query($country_query);
$row = xtc_db_fetch_array($country_result);
$sql_address_data_array['entry_country_id'] = $row['countries_id'];
$count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1");
$check = xtc_db_fetch_array($count_query);
if ($check['count'] > 0) {
$mode = 'UPDATE';
$address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1");
$customer = xtc_db_fetch_array($address_book_result);
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1");
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1");
xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1");
} else {
$mode = 'APPEND';
if (strlen($_POST['customers_password']) == 0) {
// generate PW if empty
$pw = xtc_RandomString(8);
$sql_customers_data_array['customers_password'] = xtc_create_password($pw);
} else {
$pw = $_POST['customers_password'];
}
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array);
$customers_id = xtc_db_insert_id();
$sql_address_data_array['customers_id'] = $customers_id;
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array);
$address_id = xtc_db_insert_id();
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'");
//JP20080401
if (!isset($_POST['customers_price_level'])) {
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'");
}
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())");
}
if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') {
// generate mail for customer if customer=new
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
require_once DIR_FS_INC . 'xtc_add_tax.inc.php';
require_once DIR_FS_INC . 'xtc_not_null.inc.php';
require_once DIR_FS_INC . 'xtc_href_link.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
require_once DIR_FS_INC . 'xtc_check_agent.inc.php';
require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php';
//JP 20080102
$smarty = new Smarty();
//$smarty->assign('language', $check_status['language']);
$smarty->assign('language', $Lang_folder);
$smarty->caching = false;
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
//BOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/');
//$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/');
//EOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']);
$smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']);
$smarty->assign('PASSWORD', $pw);
//$smarty->assign('language', $Lang_folder);
$smarty->assign('content', $module_content);
$smarty->caching = false;
$html_mail = $smarty->fetch('db:create_account_mail_admin.html');
$txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
// send mail with html/txt template
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
}
print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id);
}
//DokuMan - 2010-09-08 - set undefined index
}
if (isset($_POST['feedbacktext']) && $_POST['feedbacktext'] != '') {
$feedback_text = $_POST['feedbacktext'];
$feedback = '';
$success_message = '';
if (trim($feedback_text) != '') {
$feedback_text = strip_tags($feedback_text);
$feedback .= 'New feedback sent from: ' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '<br />';
$feedback .= 'Shophelfer version: ' . PROJECT_VERSION . '<br />';
$feedback .= 'Database version: ' . DB_VERSION . '<br />';
$feedback .= 'Browser: ' . $_SERVER['HTTP_USER_AGENT'] . '<br /><br />';
$feedback .= 'Feedback: ' . $feedback_text;
require_once DIR_FS_CATALOG . DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_ADDRESS, '*****@*****.**', '*****@*****.**', '', '', '', '', '', 'Feedback Shophelfer', $feedback, $feedback);
$success_message = FEEDBACK_SENT;
}
}
?>
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand" href="<?php
echo xtc_href_link('start.php', '', 'NONSSL');
?>
"><img class="img-responsive" style="height: 40px;" src="images/shophelferlogo.png" /></a>
<button class="navbar-toggle collapsed" aria-controls="navbar" aria-expanded="false" data-target="#navbar" data-toggle="collapse" type="button">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
function shopDbMail($from_email_address, $from_email_name, $to_email_address, $to_name, $forwarding_to, $reply_address, $reply_address_name, $path_to_attachement, $path_to_more_attachements, $email_subject, $message_body_html, $message_body_plain)
{
xtc_php_mail($from_email_address, $from_email_name, $to_email_address, $to_name, $forwarding_to, $reply_address, $reply_address_name, $path_to_attachement, $path_to_more_attachements, $email_subject, $message_body_html, $message_body_plain);
return;
}
$email_data[] = array('id' => $email_query_data['id'], 'firstname' => $email_query_data['customers_firstname'], 'lastname' => $email_query_data['customers_lastname'], 'email' => $email_query_data['customers_email_address'], 'key' => $email_query_data['mail_key']);
}
$break = 0;
if ($limit_data['count'] < $limits) {
$break = 1;
unset($ajax);
}
$newsletters_query = xtc_db_query("SELECT title,\r\n body,\r\n bc,\r\n cc\r\n FROM " . TABLE_MODULE_NEWSLETTER . "\r\n WHERE newsletter_id='" . (int) $_GET['ID'] . "'");
$newsletters_data = xtc_db_fetch_array($newsletters_query);
//Image path correction - absolute path needed
$newsletters_data['body'] = str_replace('src="' . DIR_WS_CATALOG . 'images/', 'src="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . '/images/', $newsletters_data['body']);
for ($i = 1; $i <= NEWSLETTER_EXECUTE_LIMIT; $i++) {
if (!empty($email_data[$i - 1])) {
$link1 = chr(13) . chr(10) . chr(13) . chr(10) . TEXT_NEWSLETTER_REMOVE . chr(13) . chr(10) . chr(13) . chr(10) . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . FILENAME_CATALOG_NEWSLETTER . '?action=remove&email=' . $email_data[$i - 1]['email'] . '&key=' . $email_data[$i - 1]['key'];
$link2 = $link2 = '<br /><br /><hr>' . TEXT_NEWSLETTER_REMOVE . '<br /><a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . FILENAME_CATALOG_NEWSLETTER . '?action=remove&email=' . $email_data[$i - 1]['email'] . '&key=' . $email_data[$i - 1]['key'] . '">' . TEXT_REMOVE_LINK . '</a>';
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $email_data[$i - 1]['email'], $email_data[$i - 1]['lastname'] . ' ' . $email_data[$i - 1]['firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $newsletters_data['title'], $newsletters_data['body'] . $link2, $newsletters_data['body'] . $link1);
xtc_db_query("UPDATE module_newsletter_temp_" . (int) $_GET['ID'] . " SET comment='send' WHERE id='" . $email_data[$i - 1]['id'] . "'");
}
}
if ($break == 1) {
// finished
$limit1_query = xtc_db_query("SELECT count(*) as count\r\n FROM module_newsletter_temp_" . (int) $_GET['ID'] . "\r\n WHERE comment='send'");
$limit1_data = xtc_db_fetch_array($limit1_query);
if ($limit1_data['count'] - $limit_data['count'] <= 0) {
xtc_db_query("UPDATE " . TABLE_MODULE_NEWSLETTER . " SET status='1' WHERE newsletter_id='" . (int) $_GET['ID'] . "'");
xtc_redirect(xtc_href_link(FILENAME_MODULE_NEWSLETTER));
} else {
echo '<b>' . $limit1_data['count'] . '<b> emails send<br />';
echo '<b>' . $limit1_data['count'] - $limit_data['count'] . '<b> emails left';
}
}
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
$smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $check_status['customers_name']);
$smarty->assign('ORDER_NR', $billnr);
$smarty->assign('ORDER_LINK', xtc_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, 'order_id=' . $oID, 'SSL'));
$smarty->assign('ORDER_DATE', xtc_date_long($check_status['date_purchased']));
$smarty->assign('NOTIFY_COMMENTS', $notify_comments);
$smarty->assign('ORDER_STATUS', $orders_status_array[$status]);
$html_mail = $smarty->fetch('db:invoice_mail.html');
$txt_mail = $smarty->fetch('db:invoice_mail.txt');
$pdffile = DIR_FS_ADMIN . get_pdf_invoice_filename($oID);
$pdffile_downloadname = get_pdf_invoice_download_filename($oID);
$order_subject = str_replace('{$nr}', $order->info['ibn_billnr'], EMAIL_BILLING_SUBJECT);
$order_subject = str_replace('{$date}', strftime(DATE_FORMAT_LONG), $order_subject);
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, $pdffile, '', $order_subject, $html_mail, $txt_mail);
// $message_body_plain
xtc_db_query("update " . TABLE_ORDERS . " set ibn_pdfnotifydate = now() where orders_id = '" . $oID . "'");
}
}
// EOF - Fishnet Services - Nicolas Gemsjäger
if ($order_updated) {
$messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
}
xtc_redirect(xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'resendordermail':
break;
case 'deleteconfirm':
$smarty = new Smarty();
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
$order_products = array();
$sendorder = false;
foreach ($_POST["quantity"] as $pid => $products_quantity) {
if ($products_quantity > 0) {
$order_products[$pid] = array("products_name" => $wInfo->products[$pid]["products_name"], "products_quantity" => $products_quantity);
$sendorder = true;
}
}
$smarty->assign('PRODUCTS', $order_products);
$html_mail = $smarty->fetch('db:' . $wInfo->wholesaler_email_template . ".html");
if (SEND_EMAILS == true && $sendorder == true) {
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $wInfo->wholesaler_email, $wInfo->wholesaler_name, '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUBJECT_WHOLESALER, $html_mail, '');
// $message_body_plain
$message_stack = "Bestellung erfolgreich abgeschickt!";
}
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
function _logTrans($data)
{
while (list($key, $value) = each($data)) {
$line .= $key . ':' . $val . '|';
}
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'Rakuten ROPE Invalid Process', $line, $line);
}
$gv_email_subject = sprintf(EMAIL_GV_TEXT_SUBJECT, stripslashes($_POST['send_name']));
$smarty->assign('language', $_SESSION['language']);
$smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('GIFT_LINK', xtc_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $id1, 'NONSSL', false));
$smarty->assign('AMMOUNT', $xtPrice->xtcFormat(str_replace(",", ".", $_POST['amount']), true));
$smarty->assign('GIFT_CODE', $id1);
$smarty->assign('MESSAGE', $_POST['message']);
$smarty->assign('NAME', $_POST['to_name']);
$smarty->assign('FROM_NAME', $_POST['send_name']);
// dont allow cache
$smarty->caching = false;
$html_mail = $smarty->fetch('db:send_gift_to_friend.html');
$txt_mail = $smarty->fetch('db:send_gift_to_friend.txt');
// send mail
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $_POST['email'], $_POST['to_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $gv_email_subject, $html_mail, $txt_mail);
}
}
$breadcrumb->add(NAVBAR_GV_SEND);
require DIR_WS_INCLUDES . 'header.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$smarty->assign('action', 'process');
$smarty->assign('LINK_DEFAULT', '<a href="' . xtc_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
}
if (isset($_GET['action']) && $_GET['action'] == 'send' && !$error) {
$smarty->assign('action', 'send');
// validate entries
$gv_amount = (double) $gv_amount;
$gv_query = xtc_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $_SESSION['customer_id'] . "'");
$gv_result = xtc_db_fetch_array($gv_query);
$send_name = $gv_result['customers_firstname'] . ' ' . $gv_result['customers_lastname'];
function callback_process($data, $charset)
{
// Keine Session da !
// Stand: 29.06.2011
global $_GET;
$this->data = $data;
//$this->_logTrans($data);
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (EMAIL_TRANSPORT == 'smtp') {
require_once DIR_WS_CLASSES . 'class.smtp.php';
}
require_once DIR_FS_INC . 'xtc_Security.inc.php';
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
if (isset($xtc_order_id) && is_numeric($xtc_order_id) && $xtc_order_id > 0) {
// order suchen
$order_query = xtc_db_query("SELECT currency, currency_value\n FROM " . TABLE_ORDERS . "\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
if (xtc_db_num_rows($order_query) > 0) {
// order gefunden
$ipn_charset = xtc_db_prepare_input($this->data['charset']);
$ipn_data = array();
$ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']);
$ipn_data['xtc_order_id'] = xtc_db_prepare_input($xtc_order_id);
$ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']);
$ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']);
$ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']);
$ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']);
$ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']);
$ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'], $ipn_charset, $charset));
$ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'], $ipn_charset, $charset));
$ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'], $ipn_charset, $charset));
$ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'], $ipn_charset, $charset));
$ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'], $ipn_charset, $charset));
$ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'], $ipn_charset, $charset));
$ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']);
$ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'], $ipn_charset, $charset));
$ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']);
$ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']);
$ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']);
$ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']);
$ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date']));
$ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'], $ipn_charset, $charset));
$ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']);
$ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']);
$ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']);
$ipn_data['txn_type'] = $this->ipn_determine_txn_type($this->data['txn_type']);
$ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']);
$ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']);
$ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']);
$ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']);
$ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']);
$ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']);
$ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']);
$ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']);
$ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']);
if ($ipn_data['num_cart_items'] > 1) {
$verspos = $ipn_data['num_cart_items'];
for ($p = 1; $p <= $verspos; $p++) {
if ($this->data['item_name' . $p] == substr(SUB_TITLE_OT_DISCOUNT, 0, 127) || $this->data['item_name' . $p] == substr(PAYPAL_GS, 0, 127) || $this->data['item_name' . $p] == "Handling" || $this->data['item_name' . $p] == substr(PAYPAL_TAX, 0, 127) || $this->data['item_name' . $p] == "Differenz") {
// Artikel Nummer aus den Details für Sonderzeilen
$ipn_data['num_cart_items']--;
}
if ($this->data['item_name' . $p] == substr(SHIPPING_COSTS, 0, 127)) {
// Versandkosten
$ipn_data['mc_shipping'] = $this->data['mc_gross_' . $p];
$ipn_data['num_cart_items']--;
}
}
}
$_transQuery = "SELECT paypal_ipn_id FROM " . TABLE_PAYPAL . " WHERE txn_id = '" . $ipn_data['txn_id'] . "'";
$_transQuery = xtc_db_query($_transQuery);
$_transQuery = xtc_db_fetch_array($_transQuery);
if ($_transQuery['paypal_ipn_id'] != '') {
$insert_id = $_transQuery['paypal_ipn_id'];
$sql_data_array = array('payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'payer_email' => $ipn_data['payer_email'], 'num_cart_items' => $ipn_data['num_cart_items'], 'mc_fee' => $ipn_data['mc_fee'], 'mc_shipping' => $ipn_data['mc_shipping'], 'address_name' => $ipn_data['address_name'], 'address_street' => $ipn_data['address_street'], 'address_city' => $ipn_data['address_city'], 'address_state' => $ipn_data['address_state'], 'address_zip' => $ipn_data['address_zip'], 'address_country' => $ipn_data['address_country'], 'address_status' => $ipn_data['address_status'], 'payer_status' => $ipn_data['payer_status'], 'receiver_email' => $ipn_data['receiver_email'], 'last_modified ' => 'now()');
xtc_db_perform(TABLE_PAYPAL, $sql_data_array, 'update', "paypal_ipn_id = '" . (int) $insert_id . "'");
} else {
$ipn_data['date_added'] = 'now()';
$ipn_data['last_modified'] = 'now()';
xtc_db_perform(TABLE_PAYPAL, $ipn_data);
$insert_id = xtc_db_insert_id();
}
$paypal_order_history = array('paypal_ipn_id' => $insert_id, 'txn_id' => $ipn_data['txn_id'], 'parent_txn_id' => $ipn_data['parent_txn_id'], 'payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'mc_amount' => $ipn_data['mc_gross'], 'date_added' => 'now()');
xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY, $paypal_order_history);
$crlf = "\n";
$comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf;
$comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']);
if (isset($this->data['payer_status'])) {
$comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']);
}
$comment_status .= '.' . $crlf;
if (isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && $_POST['test_ipn'] > 0) {
$comment_status .= '(Sandbox-Test Mode)' . $crlf;
}
$comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']);
if (isset($this->data['pending_reason'])) {
$comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']);
}
if (isset($this->data['reason_code'])) {
$comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']);
}
$comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']);
$comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']);
if (isset($this->data['parent_txn_id'])) {
$comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']);
}
$comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']);
//Set status for default (Pending)
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
$parameters = 'cmd=_notify-validate';
foreach ($this->data as $key => $value) {
$parameters .= '&' . $key . '=' . urlencode(stripslashes($value));
}
//$this->_logTransactions($parameters);
// 08.01.2008 auch ohne cURL
$mit_curl = 0;
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->IPN_URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$result = curl_exec($ch);
if (!curl_errno($ch)) {
$mit_curl = 1;
}
curl_close($ch);
}
// cURL fehlt oder ist fehlgeschlagen
if ($mit_curl == 0) {
$request_post = array('http' => array('method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $parameters));
$request = stream_context_create($request_post);
$result = file_get_contents($this->IPN_URL, false, $request);
}
if (strtoupper($result) == 'VERIFIED' || $result == '1') {
// Steht auf Warten
if (strtolower($this->data['payment_status']) == 'completed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
//Set status for Denied, Failed
} elseif (strtolower($this->data['payment_status']) == 'denied' or strtolower($this->data['payment_status']) == 'failed') {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
//Set status for Reversed
} elseif (strtolower($this->data['payment_status']) == 'reversed') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Canceled-Reversal
} elseif (strtolower($this->data['payment_status']) == 'canceled-reversal') {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
//Set status for Refunded
} elseif (strtolower($this->data['payment_status']) == 'refunded') {
$order_status_id = DEFAULT_ORDERS_STATUS_ID;
//Set status for Pendign - eigentlich nicht nötig?
} elseif (strtolower($this->data['payment_status']) == 'pending') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Processed - wann kommt das ?
} elseif (strtolower($this->data['payment_status']) == 'processed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
}
} else {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
$error_reason = 'Received INVALID responce but invoice and Customer matched.';
}
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
xtc_db_query("UPDATE " . TABLE_ORDERS . "\n SET orders_status = '" . $order_status_id . "', last_modified = now()\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
$sql_data_array = array('orders_id' => xtc_db_prepare_input($xtc_order_id), 'orders_status_id' => $order_status_id, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN ' . $comment_status . '');
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
} else {
$error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.';
}
} else {
$error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.';
}
if (xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) {
$email_body = $error_reason . "\n\n" . '<br>';
$email_body .= $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . " - " . $_SERVER['HTTP_ACCEPT'] . "\n\n" . '<br>';
$email_body .= '$_POST:' . "\n\n" . '<br>';
foreach ($this->data as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
$email_body .= "\n" . '$_GET:' . "\n\n" . '<br>';
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body);
}
}
$customers_lastname = $check_customer['customers_lastname'];
}
}
$sql_data_array = array('customers_email_address' => xtc_db_input($_POST['email']), 'customers_id' => xtc_db_input($customers_id), 'customers_status' => xtc_db_input($customers_status), 'customers_firstname' => xtc_db_input($customers_firstname), 'customers_lastname' => xtc_db_input($customers_lastname), 'mail_status' => '0', 'mail_key' => xtc_db_input($vlcode), 'date_added' => 'now()');
xtc_db_perform(TABLE_NEWSLETTER_RECIPIENTS, $sql_data_array);
$info_message = TEXT_EMAIL_INPUT;
if (SEND_EMAILS == true) {
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($_POST['email']), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail);
}
} else {
$check_mail = xtc_db_fetch_array($check_mail_query);
if ($check_mail['mail_status'] == '0') {
xtc_db_query("UPDATE " . TABLE_NEWSLETTER_RECIPIENTS . " SET mail_key = '" . xtc_db_input($vlcode) . "' WHERE customers_email_address='" . $_POST['email'] . "'");
$info_message = TEXT_EMAIL_EXIST_NO_NEWSLETTER;
if (SEND_EMAILS == true) {
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($_POST['email']), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail);
}
} else {
$info_message = TEXT_EMAIL_EXIST_NEWSLETTER;
}
}
} else {
//BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
//$info_message = TEXT_WRONG_CODE;
if (!xtc_validate_email(trim($_POST['email']))) {
$info_message .= ERROR_EMAIL;
}
//EOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
}
//BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
if (xtc_validate_email(trim($_POST['email'])) && isset($_POST['delete'])) {
function _notifyTransaction($oID, $text)
{
$email_body = "Order ID: " . $oID . "\n" . 'Message: ' . $text . "\n\n";
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (EMAIL_TRANSPORT == 'smtp') {
require_once DIR_WS_CLASSES . 'class.smtp.php';
}
require_once DIR_FS_INC . 'xtc_Security.inc.php';
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, EMAIL_BILLING_ADDRESS, STORE_NAME, '', '', 'Moneybookers Payment Notification', $email_body, $email_body);
}
function sendRequestMail($mail)
{
$smarty = new Smarty();
$link = xtc_href_link(FILENAME_NEWSLETTER, 'action=activate&email=' . xtc_db_input($mail) . '&key=' . $this->vlCode, 'NONSSL');
// assign language to template for caching
$smarty->assign('language', $_SESSION['language']);
$smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
// assign vars
$smarty->assign('EMAIL', xtc_db_input($mail));
$smarty->assign('LINK', $link);
// dont allow cache
$smarty->caching = false;
$html_mail = $smarty->fetch('db:newsletter_mail.html');
$txt_mail = $smarty->fetch('db:newsletter_mail.txt');
$email_subject = $mailer->subject;
if (SEND_EMAILS == true) {
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($mail), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail);
}
}
require_once DIR_FS_INC . 'xtc_draw_input_field.inc.php';
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include the mailer-class
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$check_affiliate_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_password, affiliate_id from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . $_POST['email_address'] . "'");
if (xtc_db_num_rows($check_affiliate_query)) {
$check_affiliate = xtc_db_fetch_array($check_affiliate_query);
// Crypted password mods - create a new password, update the database and mail it to them
$newpass = xtc_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = xtc_encrypt_password($newpass);
xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . $check_affiliate['affiliate_id'] . "'");
xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $_POST['email_address'], $check_affiliate['affiliate_firstname'] . " " . $check_affiliate['affiliate_lastname'], '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', EMAIL_PASSWORD_REMINDER_SUBJECT, nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)), nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)));
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
} else {
echo $mail_error;
}
} else {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'email=nonexistent', 'SSL'));
}
} else {
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_PASSWORD_FORGOTTEN, xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', xtc_draw_form('password_forgotten', xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'action=process', 'SSL')));
$smarty->assign('INPUT_EMAIL', xtc_draw_input_field('email_address', '', 'maxlength="96"'));
$smarty->assign('LINK_AFFILIATE', '<a href="' . xtc_href_link(FILENAME_AFFILIATE, '', 'SSL') . '">' . xtc_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>');
$smarty->assign('ORDER_LINK', xtc_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, 'order_id=' . $oID, 'SSL'));
$smarty->assign('ORDER_DATE', xtc_date_long($check_status['date_purchased']));
$smarty->assign('ORDER_STATUS', $orders_status_array[$status]);
if (defined('EMAIL_SIGNATURE')) {
$smarty->assign('EMAIL_SIGNATURE_HTML', nl2br(EMAIL_SIGNATURE));
$smarty->assign('EMAIL_SIGNATURE_TEXT', EMAIL_SIGNATURE);
}
$smarty->assign('NOTIFY_COMMENTS', nl2br($notify_comments));
$html_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.html');
$smarty->assign('NOTIFY_COMMENTS', $notify_comments);
$txt_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.txt');
// BOF GM_MOD
if ($_SESSION['language'] == 'german') {
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', 'Ihre Bestellung ' . $oID . ', ' . xtc_date_long($check_status['date_purchased']) . ', ' . $check_status['customers_name'], $html_mail, $txt_mail);
} else {
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', 'Your Order ' . $oID . ', ' . xtc_date_long($check_status['date_purchased']) . ', ' . $check_status['customers_name'], $html_mail, $txt_mail);
}
// EOF GM_MOD
$customer_notified = '1';
}
xtc_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) values ('" . xtc_db_input($oID) . "', '" . xtc_db_input($status) . "', now(), '" . $customer_notified . "', '" . xtc_db_input($comments) . "')");
$order_updated = true;
}
if ($order_updated) {
include_once DIR_FS_DOCUMENT_ROOT . '/shopgate/plugins/gambiogx/update_order.php';
setShopgateOrderStatus($oID, $status);
$messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
}
xtc_redirect(xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('action')) . 'action=edit'));
