function payment_action()
 {
     global $order, $insert_id;
     if (!isset($insert_id) || $insert_id == '') {
         $insert_id = $_SESSION['tmp_oID'];
     }
     $this->payone->log("(pre-)authorizing {$this->code} payment");
     $standard_parameters = parent::_standard_parameters();
     $this->personal_data = new Payone_Api_Request_Parameter_Authorization_PersonalData();
     parent::_set_customers_standard_params();
     $this->delivery_data = new Payone_Api_Request_Parameter_Authorization_DeliveryData();
     parent::_set_customers_shipping_params();
     $this->payment_method = new Payone_Api_Request_Parameter_Authorization_PaymentMethod_Wallet();
     $this->payment_method->setWallettype('PPE');
     $this->payment_method->setSuccessurl((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG . FILENAME_CHECKOUT_PROCESS . '?' . xtc_session_name() . '=' . xtc_session_id());
     $this->payment_method->setBackurl((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG . FILENAME_CHECKOUT_PAYMENT . '?' . xtc_session_name() . '=' . xtc_session_id());
     $this->payment_method->setErrorurl((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG . FILENAME_CHECKOUT_PAYMENT . '?' . xtc_session_name() . '=' . xtc_session_id() . '&payment_error=' . $this->code);
     // set order_id for deleting canceld order
     $_SESSION['tmp_payone_oID'] = $_SESSION['tmp_oID'];
     $request_parameters = parent::_request_parameters('wlt');
     $this->params = array_merge($standard_parameters, $request_parameters);
     $this->builder = new Payone_Builder($this->payone->getPayoneConfig());
     parent::_build_service_authentification('wlt');
     parent::_parse_response_payone_api();
     xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'));
 }
 function __construct($var)
 {
     if (!isset($_var) && !is_array($var)) {
         xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'NONSSL'));
     } else {
         $this->response_string = array();
         $this->response_string['response'] = $var['response'];
         $this->response_string['order_id'] = $var['order_id'];
         $this->response_string['payment_method'] = $var['payment_method'];
         $this->response_string['lang'] = $var['lang'];
         $this->response_string['controlkey'] = $var['controlkey'];
         if ($this->checkResponse()) {
             if (isset($_SESSION['cart_Masterpayment_ID']) && !empty($_SESSION['cart_Masterpayment_ID']) or substr($_SESSION['payment'], 0, strpos($_SESSION['payment'], '_')) == 'masterpayment') {
                 if ($this->response_string['response'] == 'success') {
                     xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PROCESS, '', 'NONSSL'));
                 } elseif ($this->response_string['response'] == 'failed') {
                     xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=masterpayment_' . $this->response_string['payment_method'], 'NONSSL'));
                 } elseif ($this->response_string['response'] == 'cancelled') {
                     xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'NONSSL'));
                 }
             } elseif ($this->response_string['response'] == 'success') {
                 $this->sendMail();
             }
         } else {
             xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'NONSSL'));
         }
     }
 }
function xtc_Security()
{
    // Cross-Site Scripting attack defense - Sent by larsneo
    // some syntax checking against injected javascript
    // extended by Neo
    if (count($_GET) > 0) {
        //        Lets now sanitize the GET vars
        //      echo '<pre>';
        //print_r ($_GET);
        //echo '</pre>';
        foreach ($_GET as $secvalue) {
            if (!is_array($secvalue)) {
                // BOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
                if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue)) {
                    // EOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
                    xtcMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
                    xtc_redirect(FILENAME_DEFAULT);
                }
            }
        }
    }
    //        Lets now sanitize the POST vars
    if (count($_POST) > 0) {
        foreach ($_POST as $secvalue) {
            if (!is_array($secvalue)) {
                // BOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
                if (preg_match("<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue)) {
                    // EOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
                    xtcMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
                    xtc_redirect(FILENAME_DEFAULT);
                }
            }
        }
    }
    //        Lets now sanitize the COOKIE vars
    if (count($_COOKIE) > 0) {
        foreach ($_COOKIE as $secvalue) {
            if (!is_array($secvalue)) {
                // BOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
                if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue)) {
                    // EOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
                    xtcMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
                    xtc_redirect(FILENAME_DEFAULT);
                }
            }
        }
    }
}
 function credit_risk_check()
 {
     $config = $this->_payone->getConfig();
     if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['noconfirm'])) {
         if ($config['credit_risk']['timeofcheck'] == 'before') {
             xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'p1crskip=1', 'SSL'));
         } else {
             $_SESSION['payone_error'] = CREDIT_RISK_FAILED;
             xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
         }
     }
     // A/B testing: only perform scoring every n-th time
     $do_score = true;
     if ($config['credit_risk']['abtest']['active'] == 'true') {
         $ab_value = max(1, (int) $config['credit_risk']['abtest']['value']);
         $score_count = (int) MODULE_PAYMENT_PAYONE_AB_TESTING;
         $do_score = $score_count % $ab_value == 0;
         xtc_db_query("UPDATE " . TABLE_CONFIGURATION . " SET configuration_value='" . ($score_count + 1) . "', last_modified = NOW() where configuration_key='MODULE_PAYMENT_PAYONE_AB_TESTING'");
     }
     if ($do_score) {
         $score = $this->_payone->scoreCustomer($_SESSION['billto']);
     } else {
         $score = false;
     }
     if ($score instanceof Payone_Api_Response_Consumerscore_Valid) {
         switch ((string) $score->getScore()) {
             case 'G':
                 $_SESSION['payone_cr_result'] = 'green';
                 break;
             case 'Y':
                 $_SESSION['payone_cr_result'] = 'yellow';
                 break;
             case 'R':
                 $_SESSION['payone_cr_result'] = 'red';
                 break;
             default:
                 $_SESSION['payone_cr_result'] = $config['credit_risk']['newclientdefault'];
         }
         $_SESSION['payone_cr_hash'] = $this->_payone->getAddressHash($_SESSION['billto']);
     } else {
         // could not get a score value
         $_SESSION['payone_cr_result'] = $config['credit_risk']['newclientdefault'];
         $_SESSION['payone_cr_hash'] = $this->_payone->getAddressHash($_SESSION['billto']);
     }
 }
 function payment_action()
 {
     global $order, $insert_id;
     if (!isset($insert_id) || $insert_id == '') {
         $insert_id = $_SESSION['tmp_oID'];
     }
     $this->payone->log("(pre-)authorizing {$this->code} payment");
     $standard_parameters = parent::_standard_parameters();
     $this->personal_data = new Payone_Api_Request_Parameter_Authorization_PersonalData();
     parent::_set_customers_standard_params();
     $this->delivery_data = new Payone_Api_Request_Parameter_Authorization_DeliveryData();
     parent::_set_customers_shipping_params();
     $this->payment_method = array();
     $request_parameters = parent::_request_parameters('vor');
     unset($request_parameters['payment']);
     $this->params = array_merge($standard_parameters, $request_parameters);
     $this->builder = new Payone_Builder($this->payone->getPayoneConfig());
     parent::_build_service_authentification('vor');
     parent::_parse_response_payone_api();
     xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'));
 }
            }
            $messageStack->add_session(DELETE_CACHE_SUCCESSFUL, 'success');
            xtc_redirect(xtc_href_link(FILENAME_CONFIGURATION, 'gID=' . (int) $_GET['gID']));
            break;
        case 'deltempcache':
            $path = DIR_FS_CATALOG . 'templates_c/';
            if ($dir = opendir($path)) {
                while (($file = readdir($dir)) !== false) {
                    if (is_file($path . $file) && $file != "index.html" && $file != ".htaccess") {
                        unlink($path . $file);
                    }
                }
                closedir($dir);
            }
            $messageStack->add_session(DELETE_TEMP_CACHE_SUCCESSFUL, 'success');
            xtc_redirect(xtc_href_link(FILENAME_CONFIGURATION, 'gID=' . (int) $_GET['gID']));
            break;
    }
}
$cfg_group_query = xtc_db_query("select configuration_group_title, configuration_group_id from " . TABLE_CONFIGURATION_GROUP . " where configuration_group_id = '" . (int) $_GET['gID'] . "'");
// Hetfield - 2010-01-15 - multilanguage title in configuration
$cfg_group = xtc_db_fetch_array($cfg_group_query);
require DIR_WS_INCLUDES . 'head.php';
?>
    
  </head>
  <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onLoad="SetFocus();">
    <!-- header //-->
    <?php 
require DIR_WS_INCLUDES . 'header.php';
?>
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    $check_affiliate_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_password, affiliate_id from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . $_POST['email_address'] . "'");
    if (xtc_db_num_rows($check_affiliate_query)) {
        $check_affiliate = xtc_db_fetch_array($check_affiliate_query);
        // Crypted password mods - create a new password, update the database and mail it to them
        $newpass = xtc_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
        $crypted_password = xtc_encrypt_password($newpass);
        xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . $check_affiliate['affiliate_id'] . "'");
        xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $_POST['email_address'], $check_affiliate['affiliate_firstname'] . " " . $check_affiliate['affiliate_lastname'], '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', EMAIL_PASSWORD_REMINDER_SUBJECT, nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)), nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)));
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
        } else {
            echo $mail_error;
        }
    } else {
        xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'email=nonexistent', 'SSL'));
    }
} else {
    $breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
    $breadcrumb->add(NAVBAR_TITLE_PASSWORD_FORGOTTEN, xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, '', 'SSL'));
    require DIR_WS_INCLUDES . 'header.php';
    $smarty->assign('FORM_ACTION', xtc_draw_form('password_forgotten', xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'action=process', 'SSL')));
    $smarty->assign('INPUT_EMAIL', xtc_draw_input_field('email_address', '', 'maxlength="96"'));
    $smarty->assign('LINK_AFFILIATE', '<a href="' . xtc_href_link(FILENAME_AFFILIATE, '', 'SSL') . '">' . xtc_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>');
    $smarty->assign('BUTTON_SUBMIT', xtc_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE));
    if (isset($_GET['email']) && $_GET['email'] == 'nonexistent') {
        $smarty->assign('email_nonexistent', 'true');
    }
}
$smarty->assign('language', $_SESSION['language']);
$smarty->caching = 0;
   osCommerce, Open Source E-Commerce Solutions
   http://www.oscommerce.com

   Copyright (c) 2002 - 2003 osCommerce

   Released under the GNU General Public License
   ---------------------------------------------------------------------------*/
require 'includes/application_top.php';
// include needed functions
require_once DIR_FS_INC . 'xtc_date_short.inc.php';
// create smarty elements
$smarty = new Smarty();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
if (!isset($_SESSION['affiliate_id'])) {
    xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_PAYMENT, xtc_href_link(FILENAME_AFFILIATE_PAYMENT, '', 'SSL'));
if (!isset($_GET['page'])) {
    $_GET['page'] = 1;
}
$affiliate_payment_raw = "select p.* , s.affiliate_payment_status_name\n           from " . TABLE_AFFILIATE_PAYMENT . " p, " . TABLE_AFFILIATE_PAYMENT_STATUS . " s \n           where p.affiliate_payment_status = s.affiliate_payment_status_id \n           and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "'\n           and p.affiliate_id =  '" . $_SESSION['affiliate_id'] . "'\n           order by p.affiliate_payment_id DESC";
$affiliate_payment_split = new splitPageResults($affiliate_payment_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS);
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('affiliate_payment_split_number', $affiliate_payment_split->number_of_rows);
$affiliate_payment_table = '';
if ($affiliate_payment_split->number_of_rows > 0) {
    $affiliate_payment_values = xtc_db_query($affiliate_payment_split->sql_query);
    $number_of_payment = 0;
    while ($affiliate_payment = xtc_db_fetch_array($affiliate_payment_values)) {
   (c) 2003	 nextcommerce (account_history.php,v 1.13 2003/08/17); www.nextcommerce.org

   Released under the GNU General Public License 
   ---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// create smarty elements
$smarty = new Smarty();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'xtc_count_customer_orders.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
require_once DIR_FS_INC . 'xtc_image_button.inc.php';
require_once DIR_FS_INC . 'xtc_get_all_get_params.inc.php';
if (!isset($_SESSION['customer_id'])) {
    xtc_redirect(xtc_href_link(FILENAME_LOGIN, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_HISTORY, xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_HISTORY, xtc_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$module_content = array();
if (($orders_total = xtc_count_customer_orders()) > 0) {
    $history_query_raw = "select o.orders_id, \n                                 o.date_purchased,\n                                 o.delivery_name,\n                                 o.billing_name,\n                                 ot.text as order_total,\n                                 s.orders_status_name\n                        from " . TABLE_ORDERS . " o,\n                             " . TABLE_ORDERS_TOTAL . " ot,\n                             " . TABLE_ORDERS_STATUS . " s \n                        where o.customers_id = " . (int) $_SESSION['customer_id'] . "\n                        and o.orders_id = ot.orders_id\n                        and ot.class = 'ot_total'\n                        and o.orders_status = s.orders_status_id\n                        and s.language_id = " . (int) $_SESSION['languages_id'] . "\n                        order by orders_id DESC";
    $history_split = new splitPageResults($history_query_raw, isset($_GET['page']) ? $_GET['page'] : 0, MAX_DISPLAY_ORDER_HISTORY);
    $history_query = xtc_db_query($history_split->sql_query);
    while ($history = xtc_db_fetch_array($history_query)) {
        $products_query = xtc_db_query("select count(*) as count from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . $history['orders_id'] . "'");
        $products = xtc_db_fetch_array($products_query);
        if (xtc_not_null($history['delivery_name'])) {
            $order_type = TEXT_ORDER_SHIPPED_TO;
            $order_name = $history['delivery_name'];
    }
    //BOF - web28 - 2011-01-15 - //FIX Neuberechnung aus TABLE_ORDERS_RECALCULATE
    //$total_query = xtc_db_query("select SUM(value) as value from ".TABLE_ORDERS_TOTAL." where orders_id = '".$_POST['oID']."' and class != 'ot_subtotal_no_tax' and class != 'ot_tax' and class != 'ot_total'");
    $total_query = xtc_db_query("select SUM(" . $price . ") as value from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "'");
    //EOF - web28 - 2011-01-15 - //FIX Neuberechnung aus TABLE_ORDERS_RECALCULATE
    $total = xtc_db_fetch_array($total_query);
    $total_final = $total['value'] + $add_tax;
    //Mwst hinzurechnen
    $total_text = '<b>' . $xtPrice->xtcFormat($total_final, true) . '</b>';
    xtc_db_query("update " . TABLE_ORDERS_TOTAL . "\n                   set text = '" . $total_text . "',\n                       value = '" . $total_final . "'\n                 where orders_id = '" . (int) $_POST['oID'] . "'\n                   and class = 'ot_total'");
    //EOF  web28 - 2010-12-04 Errechne neue Gesamtsumme für Artikel
    // Löschen des Zwischenspeichers Anfang
    //EXIT; //DEBUG
    xtc_db_query("delete from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . xtc_db_input($_POST['oID']) . "'");
    // Löschen des Zwischenspeichers Ende
    xtc_redirect(xtc_href_link(FILENAME_ORDERS, 'action=edit&oID=' . (int) $_POST['oID']));
}
// Rückberechnung Ende
//---------------------------------//
function get_customers_taxprice_status()
{
    global $order, $lang;
    $status_query = xtc_db_query("SELECT customers_status_show_price_tax,\n                                       customers_status_add_tax_ot,\n                                       customers_status_discount,\n                                       customers_status_discount_attributes\n                                  FROM " . TABLE_CUSTOMERS_STATUS . "\n                                 WHERE customers_status_id = '" . $order->info['status'] . "'\n                                   AND language_id ='" . (int) $lang['languages_id'] . "'\n                               ");
    return xtc_db_fetch_array($status_query);
}
//BOF - web28 - 2010-01-15 - Steuersatz Coupon/Rabatt neu berechnen
//Der Steuersatz muss anhand der Posten mit unterschiedlichen Steuersätzen anteilig berechnet werden
function calculate_tax($amount)
{
    global $xtPrice, $status;
    $price = 'b_price';
 function after_process()
 {
     global $order, $insert_id;
     unset($_SESSION['discount_value']);
     unset($_SESSION['discount_name']);
     unset($_SESSION['voucher_value']);
     unset($_SESSION['voucher_name']);
     unset($_SESSION['coupon_value']);
     unset($_SESSION['coupon_name']);
     unset($_SESSION['lofee_value']);
     unset($_SESSION['lofee_name']);
     $token = $_GET['token'];
     if ($this->response->ack == 'OK' && $this->response->status == 'ACCEPTED') {
         if ($this->order_status) {
             xtc_db_query('UPDATE ' . TABLE_ORDERS . ' SET orders_status = "' . xtc_db_input($this->order_status) . '" WHERE orders_id = "' . xtc_db_input($insert_id) . '"');
         }
         $customer = $this->response->customer;
         xtc_db_query('INSERT INTO billsafe_orders_2 (id, orderid, transactionid, token, billsafeStatus, type, paymentStatus, date) VALUES (NULL,"' . xtc_db_input($insert_id) . '", "' . xtc_db_input($this->response->transactionId) . '", "' . $token . '", "' . xtc_db_input($this->response->status) . '", "installment", NULL, "' . date('Y-m-d H:i:s') . '")');
         $resultQuery = xtc_db_query('SELECT id FROM billsafe_orders_2 WHERE transactionId = "' . xtc_db_input($this->response->transactionId) . '"');
         $result = xtc_db_fetch_array($resultQuery);
         xtc_db_query('INSERT INTO billsafe_orders_user_2 (id, bsorders_id, gender, company, firstname, lastname, street, housenumber, postcode, city, country, dateofbirth, email, phone) VALUES (NULL, "' . xtc_db_input($result['id']) . '", "' . xtc_db_input($customer->gender) . '", "' . xtc_db_input($customer->firstname) . '", "' . xtc_db_input($customer->company) . '", "' . xtc_db_input($customer->lastname) . '", "' . xtc_db_input($customer->street) . '", "' . xtc_db_input($customer->housenumber) . '", "' . xtc_db_input($customer->postcode) . '", "' . xtc_db_input($customer->city) . '", "' . xtc_db_input($customer->country) . '", "0000-00-00", "' . xtc_db_input($customer->email) . '", "' . xtc_db_input($customer->phone) . '")');
         $bs = new Billsafe_Sdk(DIR_FS_CATALOG . 'includes/external/billsafe/classes/billsafe_2/ini.php');
         //DokuMan - 2012-06-19 - move billsafe to external directory
         if ($_SESSION['language_charset'] == 'iso-8859-1' || $_SESSION['language_charset'] == 'iso-8859-15') {
             $bs->setUtf8Mode(false);
         } else {
             $bs->setUtf8Mode(true);
         }
         if (MODULE_PAYMENT_BILLSAFE_2HP_SERVER == 'Live') {
             $bs->setMode("LIVE");
         } else {
             $bs->setMode("SANDBOX");
         }
         $bs->setCredentials(array('merchantId' => MODULE_PAYMENT_BILLSAFE_2HP_MERCHANT_ID, 'merchantLicenseSandbox' => MODULE_PAYMENT_BILLSAFE_2HP_MERCHANT_LICENSE, 'merchantLicenseLive' => MODULE_PAYMENT_BILLSAFE_2HP_MERCHANT_LICENSE, 'applicationSignature' => $this->applicationSignature, 'applicationVersion' => $this->application_version));
         $params = array('transactionId' => $this->response->transactionId);
         $response = $bs->callMethod('getArticleList', $params);
         $article = $response->articleList;
         for ($i = 0, $n = sizeof($article); $i < $n; $i++) {
             for ($ii = 0, $nn = intval($article[$i]->quantity); $ii < $nn; $ii++) {
                 $article[$i]->name = str_replace("\"", "\\\"", $article[$i]->name);
                 $article[$i]->name = str_replace("\\'", "\\\\'", $article[$i]->name);
                 xtc_db_query('INSERT INTO billsafe_orders_details_2 (ordernumber, product_id, articletype, articlenumber, articlename, articleprice, articletax, bsorders_id) values("' . xtc_db_input($insert_id) . '", "' . xtc_db_input($order->products[$i]['id']) . '", "' . xtc_db_input($article[$i]->type) . '", "' . xtc_db_input($article[$i]->number) . '", "' . xtc_db_input($article[$i]->name) . '", "' . xtc_db_input($article[$i]->grossPrice) . '", "' . xtc_db_input($article[$i]->tax) . '", "' . xtc_db_input($result['id']) . '")');
             }
         }
         $comments = MODULE_PAYMENT_BILLSAFE_2HP_STATUS_TEXT . ': ' . $this->response->status . '; ' . MODULE_PAYMENT_BILLSAFE_2HP_TRANSACTIONID . ': ' . $this->response->transactionId;
         xtc_db_query('INSERT INTO orders_status_history (orders_status_history_id, orders_id, orders_status_id, date_added, customer_notified, comments) VALUES (NULL, "' . xtc_db_input($insert_id) . '", "1", "' . date('Y-m-d H:i:s') . '", "0", "' . xtc_db_input($comments) . '")');
         $params = array('transactionId' => xtc_db_input($this->response->transactionId), 'orderNumber' => xtc_db_input($insert_id));
         $response = $bs->callMethod('setOrderNumber', $params);
         if ($response->ack == 'OK') {
         } else {
         }
     } else {
         $_SESSION['billsafe_status'] = 'declined';
         $message = $this->get_error_message($response);
         xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error_message=' . stripslashes(urlencode(html_entity_decode($message))), 'SSL'));
     }
     return false;
 }
 /**
  * Handle the $_POST variable and return a KlarnaAddr object
  *
  * @param string $option payment option, invoice, part or spec
  *
  * @return KlarnaAddr address object
  */
 public function handlePost($option)
 {
     $addrHandler = new KlarnaAddressXtc();
     $errors = array();
     $lang = self::getLanguageCode();
     $address = new KlarnaAddr();
     if (strtolower($this->_country) == 'se') {
         try {
             $address = $addrHandler->getMatchingAddress($errors, $option);
         } catch (Exception $e) {
             $this->setError(htmlentities($e->getMessage()) . " (#" . $e->getCode() . ")", $option);
             xtc_redirect($this->errorLink(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
         }
     }
     if (strtolower($this->_country) != "se") {
         try {
             $aKlarnaAddress = $addrHandler->addressArrayFromPost($option);
             $address = $addrHandler->buildKlarnaAddressFromArray($aKlarnaAddress, $this->_country);
         } catch (Exception $e) {
             $this->setError(htmlentities($e->getMessage()) . " (#" . $e->getCode() . ")", $option);
             xtc_redirect($this->errorLink(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
         }
         $_SESSION['klarna_data'] = $aKlarnaAddress;
         if (KiTT_CountryLogic::needConsent($this->_country) && $_POST["klarna_{$option}_consent"] != 'consent') {
             $errors[] = "no_consent";
         }
         if (KiTT_CountryLogic::needDateOfBirth($this->_country)) {
             $_SESSION['klarna_data']["pno"] = $_POST["klarna_{$option}_birth_day"] . $_POST["klarna_{$option}_birth_month"] . $_POST["klarna_{$option}_birth_year"];
             $_SESSION['klarna_data']['gender'] = $_POST["klarna_{$option}_gender"];
         }
     }
     if (!empty($errors)) {
         foreach ($errors as $err) {
             $translated[] = $this->translate($err, $lang);
         }
         $this->setError(htmlentities(implode(',', $translated), ENT_COMPAT, 'UTF-8'), $option);
         xtc_redirect($this->errorLink(FILENAME_CHECKOUT_PAYMENT, "", "SSL"));
     }
     return $address;
 }
            xtc_db_query("insert into " . TABLE_CARRIERS . " (carrier_name, carrier_tracking_link, carrier_sort_order, carrier_date_added) values ('" . xtc_db_input($carrier_name) . "', '" . xtc_db_input($carrier_tracking_link) . "', '" . xtc_db_input($carrier_sort_order) . "', now())");
            xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS));
            break;
        case 'save':
            $carrier_id = xtc_db_prepare_input($_GET['carrierID']);
            $carrier_name = xtc_db_prepare_input($_POST['carrier_name']);
            $carrier_tracking_link = xtc_db_prepare_input($_POST['carrier_tracking_link']);
            $carrier_sort_order = xtc_db_prepare_input($_POST['carrier_sort_order']);
            $last_modified = xtc_db_prepare_input($_POST['carrier_last_modified']);
            xtc_db_query("update " . TABLE_CARRIERS . " set carrier_id = '" . (int) $carrier_id . "', carrier_name = '" . xtc_db_input($carrier_name) . "', carrier_tracking_link = '" . xtc_db_input($carrier_tracking_link) . "', carrier_sort_order = '" . xtc_db_input($carrier_sort_order) . "', carrier_last_modified = now() where carrier_id = '" . (int) $carrier_id . "'");
            xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel . '&carrierID=' . $carrier_id));
            break;
        case 'deleteconfirm':
            $carrier_id = xtc_db_prepare_input($_GET['carrierID']);
            xtc_db_query("delete from " . TABLE_CARRIERS . " where carrier_id = '" . (int) $carrier_id . "'");
            xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel));
            break;
    }
}
require DIR_WS_INCLUDES . 'head.php';
?>
  <script type="text/javascript" src="includes/general.js"></script>
</head>
<body>
    <!-- header //-->
    <?php 
require DIR_WS_INCLUDES . 'header.php';
?>
    <!-- header_eof //-->
    <!-- body //-->
	
 function complete_payment_paypal_installment()
 {
     global $insert_id;
     if (isset($_SESSION['paypal']['paymentId']) && isset($_SESSION['paypal']['PayerID'])) {
         // auth
         $apiContext = $this->apiContext();
         try {
             // Get the payment Object by passing paymentId
             $payment = Payment::get($_SESSION['paypal']['paymentId'], $apiContext);
         } catch (Exception $ex) {
             $this->LoggingManager->log(print_r($ex, true), 'DEBUG');
             // redirect
             unset($_SESSION['paypal']);
             xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
         }
         // PaymentExecution
         $execution = new PaymentExecution();
         $execution->setPayerId($_SESSION['paypal']['PayerID']);
         try {
             // Execute the payment
             $payment->execute($execution, $apiContext);
         } catch (Exception $ex) {
             $this->LoggingManager->log(print_r($ex, true), 'DEBUG');
             $this->remove_order($insert_id);
             unset($_SESSION['paypal']);
             xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
         }
         // capture
         if (($this->transaction_type == 'order' || $this->transaction_type == 'authorize') && $this->get_config('PAYPAL_CAPTURE_MANUELL') == '0') {
             $this->capture_payment($payment);
         }
         $sql_data_array = array('orders_id' => $insert_id, 'payment_id' => $_SESSION['paypal']['paymentId'], 'payer_id' => $_SESSION['paypal']['PayerID']);
         xtc_db_perform(TABLE_PAYPAL_PAYMENT, $sql_data_array);
         try {
             // Get the payment Object by passing paymentId
             $payment = Payment::get($_SESSION['paypal']['paymentId'], $apiContext);
         } catch (Exception $ex) {
             $this->LoggingManager->log(print_r($ex, true), 'DEBUG');
             $this->remove_order($insert_id);
             unset($_SESSION['paypal']);
             xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
         }
         $status = $this->get_orders_status($payment);
         $status['status_id'] = $this->get_config('PAYPAL_ORDER_STATUS_ACCEPTED_ID');
         if ($status['status_id'] < 0) {
             $check_query = xtc_db_query("SELECT orders_status\n                                       FROM " . TABLE_ORDERS . " \n                                      WHERE orders_id = '" . (int) $insert_id . "'");
             $check = xtc_db_fetch_array($check_query);
             $status['status_id'] = $check['orders_status'];
         }
         $this->update_order($status['comment'], $status['status_id'], $insert_id);
     } else {
         // redirect
         unset($_SESSION['paypal']);
         xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
     }
 }
// include needed classes
require_once DIR_FS_EXTERNAL . 'paypal/classes/PayPalAdmin.php';
$paypal = new PayPalAdmin();
if (isset($_GET['action'])) {
    switch ($_GET['action']) {
        case 'delete':
            $paypal->delete_webhook($_GET['id']);
            xtc_redirect(xtc_href_link(basename($PHP_SELF)));
            break;
        case 'update':
            $paypal->update_webhook($_POST['config']);
            xtc_redirect(xtc_href_link(basename($PHP_SELF)));
            break;
        case 'insert':
            $paypal->create_webhook($_POST['config']);
            xtc_redirect(xtc_href_link(basename($PHP_SELF)));
            break;
    }
}
$orders_statuses = array(array('id' => '-1', 'text' => TEXT_PAYPAL_NO_STATUS_CHANGE));
$orders_status_array = array('-1' => TEXT_PAYPAL_NO_STATUS_CHANGE);
$orders_status_query = xtc_db_query("SELECT orders_status_id,\n                                            orders_status_name\n                                       FROM " . TABLE_ORDERS_STATUS . "\n                                      WHERE language_id = '" . $_SESSION['languages_id'] . "'\n                                   ORDER BY sort_order");
while ($orders_status = xtc_db_fetch_array($orders_status_query)) {
    $orders_statuses[] = array('id' => $orders_status['orders_status_id'], 'text' => $orders_status['orders_status_name']);
    $orders_status_array[$orders_status['orders_status_id']] = $orders_status['orders_status_name'];
}
$status_array = array(array('id' => '1', 'text' => YES), array('id' => '0', 'text' => NO));
$landingpage_array = array(array('id' => 'Login', 'text' => 'Login'), array('id' => 'Payment', 'text' => 'Payment'));
//$locale_code = array(
require DIR_WS_INCLUDES . 'head.php';
?>
}
// default open navigation box
if (!isset($_SESSION['selected_box'])) {
    $_SESSION['selected_box'] = 'configuration';
} else {
    if (!empty($_GET['selected_box'])) {
        $_SESSION['selected_box'] = $_GET['selected_box'];
    }
}
// the following cache blocks are used in the Tools->Cache section
// ('language' in the filename is automatically replaced by available languages)
$cache_blocks = array(array('title' => TEXT_CACHE_CATEGORIES, 'code' => 'categories', 'file' => 'categories_box-language.cache', 'multiple' => true), array('title' => TEXT_CACHE_MANUFACTURERS, 'code' => 'manufacturers', 'file' => 'manufacturers_box-language.cache', 'multiple' => true), array('title' => TEXT_CACHE_ALSO_PURCHASED, 'code' => 'also_purchased', 'file' => 'also_purchased-language.cache', 'multiple' => true));
// check if a default currency is set
if (!defined('DEFAULT_CURRENCY')) {
    $messageStack->add(ERROR_NO_DEFAULT_CURRENCY_DEFINED, 'error');
}
// check if a default language is set
if (!defined('DEFAULT_LANGUAGE')) {
    $messageStack->add(ERROR_NO_DEFAULT_LANGUAGE_DEFINED, 'error');
}
// for Customers Status
xtc_get_customers_statuses();
$pagename = strtok($current_page, '.');
if (!isset($_SESSION['customer_id'])) {
    xtc_redirect(xtc_href_link(FILENAME_LOGIN));
}
if (xtc_check_permission($pagename) == '0') {
    xtc_redirect(xtc_href_link(FILENAME_LOGIN));
}
// Include Template Engine
require DIR_FS_CATALOG . DIR_WS_CLASSES . 'Smarty_2.6.27/Smarty.class.php';
//fsk18 lock
$fsk_lock = '';
if ($_SESSION['customers_status']['customers_fsk18_display'] == '0') {
    $fsk_lock = ' and p.products_fsk18!=1';
}
if (GROUP_CHECK == 'true') {
    $group_check = " and p.group_permission_" . $_SESSION['customers_status']['customers_status_id'] . "=1 ";
}
//BOF - DokuMan - 2010-01-26 - use Join on TABLE_PRODUCTS_DESCRIPTION & TABLE_SPECIALS
$specials_query_raw = "select p.products_id,\n                              pd.products_name,\n                              p.products_price,\n                              p.products_tax_class_id,\n                              p.products_shippingtime,\n                              p.products_image,\n                              p.products_vpe_status,\n                              p.products_vpe_value,\n                              p.products_vpe,\n                              p.products_fsk18,\n                              s.expires_date,\n                              s.specials_new_products_price\n                             from\n                              " . TABLE_PRODUCTS . " p\n                             left join " . TABLE_PRODUCTS_DESCRIPTION . " pd\n                              on p.products_id = pd.products_id\n                             left join " . TABLE_SPECIALS . " s\n                              on p.products_id = s.products_id\n                             where p.products_status = '1'\n                             and s.products_id = p.products_id\n                             and p.products_id = pd.products_id\n                             " . $group_check . "\n                             " . $fsk_lock . "\n                             and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'\n                             and s.status = '1'\n                             order by s.specials_date_added DESC";
//EOF - DokuMan - 2010-01-26 - use Join on TABLE_PRODUCTS_DESCRIPTION & TABLE_SPECIALS
$specials_split = new splitPageResults($specials_query_raw, isset($_GET['page']) ? $_GET['page'] : 0, MAX_DISPLAY_SPECIAL_PRODUCTS);
$module_content = '';
$row = 0;
if ($specials_split->number_of_rows == 0) {
    xtc_redirect(xtc_href_link(FILENAME_DEFAULT));
}
require DIR_WS_INCLUDES . 'header.php';
$specials_query = xtc_db_query($specials_split->sql_query);
while ($specials = xtc_db_fetch_array($specials_query)) {
    $module_content[] = $product->buildDataArray($specials);
}
if ($specials_split->number_of_rows > 0) {
    //BOF - Dokuman - 2009-06-05 - replace table with div
    /*
      $smarty->assign('NAVBAR', '
      <table border="0" width="100%" cellspacing="0" cellpadding="2">
                <tr>
                  <td class="smallText">'.$specials_split->display_count(TEXT_DISPLAY_NUMBER_OF_SPECIALS).'</td>
                  <td align="right" class="smallText">'.TEXT_RESULT_PAGE.' '.$specials_split->display_links(MAX_DISPLAY_PAGE_LINKS, xtc_get_all_get_params(array ('page', 'info', 'x', 'y'))).'</td>
                </tr>
 /**
  * Is called when the checkout_confirmation.php page is called
  */
 public function confirmation()
 {
     $checking = true;
     if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_total_amount'))) {
         $checking = false;
     } else {
         if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_amount'))) {
             $checking = false;
         } else {
             if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_interest_amount'))) {
                 $checking = false;
             } else {
                 if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_service_charge'))) {
                     $checking = false;
                 } else {
                     if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_annual_percentage_rate'))) {
                         $checking = false;
                     } else {
                         if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_monthly_debit_interest'))) {
                             $checking = false;
                         } else {
                             if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_number_of_rates'))) {
                                 $checking = false;
                             } else {
                                 if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_rate'))) {
                                     $checking = false;
                                 } else {
                                     if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_last_rate'))) {
                                         $checking = false;
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
     if (!$checking) {
         xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=calculation_error', 'SSL'));
     }
 }
        $use_contact_email_query = xtc_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'USE_CONTACT_EMAIL_ADDRESS'");
        $use_contact_email = xtc_db_fetch_array($use_contact_email_query);
        if ($use_contact_email['configuration_value'] == 'true') {
            $email = trim(CONTACT_US_EMAIL_ADDRESS);
            $name = CONTACT_US_NAME;
            $notify = EMAIL_NOTIFY . "\n\n";
        } else {
            $email = trim($_POST['email']);
            $name = $_POST['name'];
            $notify = '';
        }
        // EOF - Tomcraft - 2009-11-05 - Advanced contact form (check for USE_CONTACT_EMAIL_ADDRESS)
        $email_layout = sprintf(EMAIL_SENT_BY, CONTACT_US_NAME, CONTACT_US_EMAIL_ADDRESS, $datum, $uhrzeit) . "\n" . "--------------------------------------------------------------" . "\n" . $notify . EMAIL_NAME . $_POST['name'] . "\n" . EMAIL_EMAIL . trim($_POST['email']) . "\n" . $additional_fields . "\n" . EMAIL_MESSAGE . "\n " . $_POST['message_body'] . "\n";
        xtc_php_mail($email, $name, CONTACT_US_EMAIL_ADDRESS, CONTACT_US_NAME, CONTACT_US_FORWARDING_STRING, $email, $name, '', '', CONTACT_US_EMAIL_SUBJECT, nl2br($email_layout), $email_layout);
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_CONTENT, 'action=success&coID=' . (int) $_GET['coID']));
        } else {
            $smarty->assign('error_message', $mail_error);
        }
    }
    //EOF - web28 - 2010-04-03 - New error handling for required fileds
}
$smarty->assign('CONTACT_HEADING', $shop_content_data['content_heading']);
if (isset($_GET['action']) && $_GET['action'] == 'success') {
    $smarty->assign('success', '1');
    $smarty->assign('BUTTON_CONTINUE', '<a href="' . xtc_href_link(FILENAME_DEFAULT) . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
} else {
    if ($shop_content_data['content_file'] != '') {
        ob_start();
        if (strpos($shop_content_data['content_file'], '.txt')) {
            echo '<pre>';
 *
 * $Id: confirmVorkasse.php 3751 2012-10-10 08:36:20Z gtb-modified $
 */
require_once '../../library/sofortLib.php';
chdir('../../../..');
include 'includes/application_top.php';
require_once DIR_FS_CATALOG . 'callback/sofort/helperFunctions.php';
$language = HelperFunctions::getSofortLanguage($_SESSION['language']);
include DIR_WS_LANGUAGES . $language . '/modules/payment/sofort_sofortvorkasse.php';
// create smarty elements
$smarty = new Smarty();
// include boxes
require_once DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// if the customer is not logged on, redirect them to the shopping cart page
if (!isset($_SESSION['customer_id'])) {
    xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART));
}
$breadcrumb->add(NAVBAR_TITLE_1_CHECKOUT_CONFIRMATION);
$breadcrumb->add(NAVBAR_TITLE_2_CHECKOUT_CONFIRMATION);
require_once DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', xtc_draw_form('order', xtc_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')));
$smarty->assign('BUTTON_CONTINUE', xtc_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE));
$smarty->assign('BUTTON_PRINT', '<img src="' . 'templates/' . CURRENT_TEMPLATE . '/buttons/' . $_SESSION['language'] . '/button_print.gif" style="cursor:hand"
				onclick="window.open(\'' . xtc_href_link(FILENAME_PRINT_ORDER, 'oID=' . $orders['orders_id']) . '\', \'popup\', \'toolbar=0, width=640, height=600\')" />');
$smarty->assign('FORM_END', '</form>');
$smarty->assign('HEADING', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_HEADING_TEXT);
$smarty->assign('TEXT', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_TEXT);
$smarty->assign('HOLDER', HelperFunctions::htmlMask($_GET['holder']));
$smarty->assign('HOLDER_TEXT', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_HOLDER_TEXT);
$smarty->assign('ACCOUNT_NUMBER', HelperFunctions::htmlMask($_GET['account_number']));
$smarty->assign('ACCOUNT_NUMBER_TEXT', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_ACCOUNT_NUMBER_TEXT);
   modified eCommerce Shopsoftware
   http://www.modified-shop.org

   Copyright (c) 2009 - 2013 [www.modified-shop.org]
   -----------------------------------------------------------------------------------------
   Released under the GNU General Public License
   ---------------------------------------------------------------------------------------*/
chdir('../../');
include 'includes/application_top.php';
// include needed classes
require_once DIR_WS_CLASSES . 'order.php';
require_once DIR_FS_EXTERNAL . 'paypal/classes/PayPalPayment.php';
$paypal = new PayPalPayment('paypalcart');
$paypal->validate_payment_paypalcart();
if (!isset($_SESSION['customer_id'])) {
    xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART, '', 'NONSSL'));
}
// shipping
$_SESSION['shipping'] = '';
$order = new order();
if ($order->content_type == 'virtual' || $order->content_type == 'virtual_weight' || $_SESSION['cart']->count_contents_virtual() == 0) {
    $_SESSION['shipping'] = false;
    $_SESSION['sendto'] = false;
}
// payment
$_SESSION['payment'] = 'paypalcart';
// billto
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'conditions=true', 'NONSSL'));
        $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
    } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }
    if ($error == false) {
        $check_customer_query = xtc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
        $check_customer = xtc_db_fetch_array($check_customer_query);
        if (xtc_validate_password($password_current, $check_customer['customers_password'])) {
            xtc_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_password = '******', customers_last_modified=now() WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'");
            xtc_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . " SET customers_info_date_account_last_modified = now() WHERE customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
            $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
            xtc_redirect(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
        } else {
            $error = true;
            $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
if ($messageStack->size('account_password') > 0) {
    $smarty->assign('error', $messageStack->output('account_password'));
}
$smarty->assign('FORM_ACTION', xtc_draw_form('account_password', xtc_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'), 'post', 'onsubmit="return check_form(account_password);"') . xtc_draw_hidden_field('action', 'process'));
$smarty->assign('INPUT_ACTUAL', xtc_draw_password_fieldNote(array('name' => 'password_current', 'text' => '&nbsp;' . (xtc_not_null(ENTRY_PASSWORD_CURRENT_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_CURRENT_TEXT . '</span>' : ''))));
$smarty->assign('INPUT_NEW', xtc_draw_password_fieldNote(array('name' => 'password_new', 'text' => '&nbsp;' . (xtc_not_null(ENTRY_PASSWORD_NEW_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_NEW_TEXT . '</span>' : ''))));
 function payment_action()
 {
     xtc_redirect(xtc_href_link('checkout_payment_iframe.php', '', 'SSL'));
 }
require 'includes/application_top.php';
#MN: Check if $_POST form is submited on this page
if ($_POST) {
    switch ($_POST['action']) {
        case 'widget_active':
            xtc_db_query("update " . TABLE_WIDGETS . " set widgets_active = !widgets_active where widgets_id = '" . xtc_db_input($_POST['widgets']) . "'");
            break;
        case 'widget_save_position':
            foreach ($_POST['widgets_id'] as $key => $widget) {
                $w_x = xtc_db_prepare_input($_POST['widgets_x'][$key]);
                $w_y = xtc_db_prepare_input($_POST['widgets_y'][$key]);
                xtc_db_query("update " . TABLE_WIDGETS . " set widgets_x = '" . $w_x . "', widgets_y = '" . $w_y . "' where widgets_id = '" . $widget . "'");
            }
            break;
    }
    xtc_redirect(xtc_href_link(FILENAME_START));
}
require DIR_WS_INCLUDES . 'head.php';
?>


    <style type="text/css">

      .gridster li header {
        background: #999;
        display: block;
        font-size: 20px;
        line-height: normal;
        padding: 4px 0 6px ;
        margin-bottom: 20px;
        cursor: move;
            } else {
                xtc_db_query("UPDATE " . TABLE_REVIEWS . " SET customers_id = null WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            }
            xtc_db_query("DELETE FROM " . TABLE_ADDRESS_BOOK . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_INFO . " WHERE customers_info_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_BASKET . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_PRODUCTS_NOTIFICATIONS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_WHOS_ONLINE . " WHERE customer_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_STATUS_HISTORY . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_IP . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_ADMIN_ACCESS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            xtc_db_query("DELETE FROM " . TABLE_NEWSLETTER_RECIPIENTS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
            // DokuMan - 2011-04-15 - also delete the newsletter entry of the customer
            xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array('cID', 'action'))));
            break;
        default:
            $customers_query = xtc_db_query("\n      -- admin/customers.php\n      SELECT c.customers_id,\n             c.customers_cid,\n             c.customers_vat_id,\n             c.customers_status, # DokuMan 2011-12-13 - Added missing customers_status\n             c.customers_gender,\n             c.customers_firstname,\n             c.customers_lastname,\n             c.customers_dob,\n             c.customers_email_address,\n             c.customers_default_address_id,\n             c.customers_telephone,\n             c.customers_fax,\n             c.customers_newsletter,\n             c.customers_symbol,\n             c.payment_unallowed, # Tomcraft 2011-03-18 - Added missing payment_unallowed\n             c.shipping_unallowed, # Tomcraft 2011-03-18 - Added missing payment_unallowed\n             a.entry_company,\n             a.entry_street_address,\n             a.entry_suburb,\n             a.entry_postcode,\n             a.entry_city,\n             a.entry_state,\n             a.entry_country_id,\n             a.entry_zone_id\n        FROM " . TABLE_CUSTOMERS . " c\n   LEFT JOIN " . TABLE_ADDRESS_BOOK . " a\n          ON c.customers_default_address_id = a.address_book_id\n       WHERE a.customers_id = c.customers_id\n         AND c.customers_id = " . (int) $_GET['cID']);
            $customers = xtc_db_fetch_array($customers_query);
            $cInfo = new objectInfo($customers);
    }
}
require DIR_WS_INCLUDES . 'head.php';
?>

<?php 
if ($action == 'edit' || $action == 'update') {
    ?>
<script type="text/javascript">
<!--
*/
if (isset($_GET['action']) && $_GET['action'] == 'update') {
    if ($_POST['account_type'] != 1) {
        //if ($_SESSION['account_type'] != 1) {
        //BOF - web28.de - FIX redirect to NONSSL
        //xtc_redirect(xtc_href_link(FILENAME_DEFAULT));
        xtc_redirect(xtc_href_link(FILENAME_DEFAULT), 'NONSSL');
        //EOF - web28.de - FIX redirect to NONSSL
    } else {
        //xtc_redirect(xtc_href_link(FILENAME_LOGOFF));
        xtc_redirect(xtc_href_link(FILENAME_LOGOFF), 'NONSSL');
    }
}
// if the customer is not logged on, redirect them to the shopping cart page
if (!isset($_SESSION['customer_id'])) {
    xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART), 'NONSSL');
}
// EOF - GTB - 2011-04-12 - changes for Guest Account
$breadcrumb->add(NAVBAR_TITLE_1_CHECKOUT_SUCCESS);
$breadcrumb->add(NAVBAR_TITLE_2_CHECKOUT_SUCCESS);
require DIR_WS_INCLUDES . 'header.php';
$orders_query = xtc_db_query("select orders_id,\n                                     orders_status,\n                                     payment_class\n                              from " . TABLE_ORDERS . "\n                              where customers_id = '" . $_SESSION['customer_id'] . "'\n                              order by orders_id desc limit 1");
$orders = xtc_db_fetch_array($orders_query);
$last_order = $orders['orders_id'];
$order_status = $orders['orders_status'];
$payment_class = $orders['payment_class'];
//BOF - GTB - 2012-10-10 - include Vorkasse by Sofort
if (isset($_GET['vorkasse']) && $_GET['vorkasse'] == 'sofort') {
    include DIR_WS_MODULES . 'sofort_vorkasse.php';
}
//EOF - GTB - 2012-10-10 - include Vorkasse by Sofort
            $date_added = xtc_db_prepare_input($_POST['date_added']);
            xtc_db_query("insert into " . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . xtc_db_input($tax_class_title) . "', '" . xtc_db_input($tax_class_description) . "', now())");
            xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES));
            break;
        case 'save':
            $tax_class_id = xtc_db_prepare_input($_GET['tID']);
            $tax_class_title = xtc_db_prepare_input($_POST['tax_class_title']);
            $tax_class_description = xtc_db_prepare_input($_POST['tax_class_description']);
            $last_modified = xtc_db_prepare_input($_POST['last_modified']);
            xtc_db_query("update " . TABLE_TAX_CLASS . " set tax_class_id = '" . xtc_db_input($tax_class_id) . "', tax_class_title = '" . xtc_db_input($tax_class_title) . "', tax_class_description = '" . xtc_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . xtc_db_input($tax_class_id) . "'");
            xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id));
            break;
        case 'deleteconfirm':
            $tax_class_id = xtc_db_prepare_input($_GET['tID']);
            xtc_db_query("delete from " . TABLE_TAX_CLASS . " where tax_class_id = '" . xtc_db_input($tax_class_id) . "'");
            xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page']));
            break;
    }
}
require DIR_WS_INCLUDES . 'head.php';
?>

</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php 
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->

<!-- body //-->
 function giropay_confirm($data = '')
 {
     // Giropay transaction
     // Stand: 29.04.2009
     $tkn = $data['token'] != '' ? $data['token'] : $_SESSION['nvpReqArray']['TOKEN'];
     unset($_SESSION['payment']);
     unset($_SESSION['nvpReqArray']);
     unset($_SESSION['reshash']);
     xtc_redirect($this->GIROPAY_URL . '' . urlencode($tkn));
 }
                }
                if (isset($quote['error'])) {
                    unset($_SESSION['shipping']);
                } else {
                    if (isset($quote[0]['methods'][0]['title']) && isset($quote[0]['methods'][0]['cost'])) {
                        $_SESSION['shipping'] = array('id' => $_SESSION['shipping'], 'title' => $free_shipping == true ? $quote[0]['methods'][0]['title'] : $quote[0]['module'] . ' (' . $quote[0]['methods'][0]['title'] . ')', 'cost' => $quote[0]['methods'][0]['cost']);
                        xtc_redirect(xtc_href_link(FILENAME_PAYPAL_CHECKOUT, '', 'SSL'));
                    }
                }
            } else {
                unset($_SESSION['shipping']);
            }
        }
    } else {
        $_SESSION['shipping'] = false;
        xtc_redirect(xtc_href_link(FILENAME_PAYPAL_CHECKOUT, '', 'SSL'));
    }
}
if ($kein_versand == 1) {
    $_SESSION['shipping'] = false;
}
// get all available shipping quotes
$quotes = $shipping_modules->quote();
// if no shipping method has been selected, automatically select the cheapest method.
// if the modules status was changed when none were available, to save on implementing
// a javascript force-selection method, also automatically select the cheapest shipping
// method if more than one module is now enabled
if (!isset($_SESSION['shipping']) || isset($_SESSION['shipping']) && $_SESSION['shipping'] == false && xtc_count_shipping_modules() > 1) {
    $_SESSION['shipping'] = $shipping_modules->cheapest();
}
if ($kein_versand == 1) {
            $content_file_name = $select_file;
        }
        $accepted_file_upload_files_extensions = array("xls", "xla", "hlp", "chm", "ppt", "ppz", "pps", "pot", "doc", "dot", "pdf", "rtf", "swf", "cab", "tar", "zip", "au", "snd", "mp2", "rpm", "stream", "wav", "gif", "jpeg", "jpg", "jpe", "png", "tiff", "tif", "bmp", "csv", "txt", "rtf", "tsv", "mpeg", "mpg", "mpe", "qt", "mov", "avi", "movie", "rar", "7z");
        $accepted_file_upload_files_mime_types = array("application/msexcel", "application/mshelp", "application/mspowerpoint", "application/msword", "application/pdf", "application/rtf", "application/x-shockwave-flash", "application/x-tar", "application/zip", "audio/basic", "audio/x-mpeg", "audio/x-pn-realaudio-plugin", "audio/x-qt-stream", "audio/x-wav", "image/gif", "image/jpeg", "image/png", "image/tiff", "image/bmp", "text/comma-separated-values", "text/plain", "text/rtf", "text/tab-separated-values", "video/mpeg", "video/quicktime", "video/x-msvideo", "video/x-sgi-movie", "application/x-rar-compressed", "application/x-7z-compressed");
        if ($content_file = xtc_try_upload('file_upload', DIR_FS_CATALOG . 'media/content/', '644', $accepted_file_upload_files_extensions, $accepted_file_upload_files_mime_types)) {
            $content_file_name = $content_file->filename;
        }
        // update data in table
        $sql_data_array = array('languages_id' => $content_language, 'content_title' => $content_title, 'content_heading' => $content_header, 'content_text' => $content_text, 'content_file' => $content_file_name, 'content_status' => $content_status, 'parent_id' => $parent_id, 'group_ids' => $group_ids, 'content_group' => $group_id, 'sort_order' => $sort_order, 'file_flag' => $file_flag, 'content_meta_title' => $content_meta_title, 'content_meta_description' => $content_meta_description, 'content_meta_keywords' => $content_meta_keywords, 'content_meta_index' => $content_meta_index, 'change_date' => $time);
        if ($id == 'update') {
            xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array, 'update', "content_id = '" . $coID . "'");
        } else {
            xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array);
        }
        // if get id
        xtc_redirect(xtc_href_link(FILENAME_CONTENT_MANAGER));
    }
    // if error
}
// if
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body>
    <!-- header //-->
    <?php 
require DIR_WS_INCLUDES . 'header.php';
?>
    <!-- header_eof //-->
    <!-- body //-->