case 'insert': case 'update': if (isset($_POST['banners_id'])) { $banners_id = zen_db_prepare_input($_POST['banners_id']); } $banners_title = zen_db_prepare_input($_POST['banners_title']); $banners_url = zen_db_prepare_input($_POST['banners_url']); $new_banners_group = zen_db_prepare_input($_POST['new_banners_group']); $banners_group = empty($new_banners_group) ? zen_db_prepare_input($_POST['banners_group']) : $new_banners_group; $banners_html_text = zen_db_prepare_input($_POST['banners_html_text']); $banners_image_local = zen_db_prepare_input($_POST['banners_image_local']); $banners_image_target = zen_db_prepare_input($_POST['banners_image_target']); $db_image_location = ''; $expires_date = zen_db_prepare_input($_POST['expires_date']) == '' ? 'null' : zen_date_raw($_POST['expires_date']); $expires_impressions = zen_db_prepare_input($_POST['expires_impressions']); $date_scheduled = zen_db_prepare_input($_POST['date_scheduled']) == '' ? 'null' : zen_date_raw($_POST['date_scheduled']); $status = zen_db_prepare_input($_POST['status']); $banners_open_new_windows = zen_db_prepare_input($_POST['banners_open_new_windows']); $banners_on_ssl = zen_db_prepare_input($_POST['banners_on_ssl']); $banners_sort_order = zen_db_prepare_input($_POST['banners_sort_order']); $banner_error = false; if (empty($banners_title)) { $messageStack->add(ERROR_BANNER_TITLE_REQUIRED, 'error'); $banner_error = true; } if (empty($banners_group)) { $messageStack->add(ERROR_BANNER_GROUP_REQUIRED, 'error'); $banner_error = true; } if (empty($banners_html_text)) { if (empty($banners_image_local)) {
$sql_data_array = array(array('fieldName' => 'customers_firstname', 'value' => $firstname, 'type' => 'string'), array('fieldName' => 'customers_lastname', 'value' => $lastname, 'type' => 'string'), array('fieldName' => 'customers_firstname_kana', 'value' => $firstname_kana, 'type' => 'string'), array('fieldName' => 'customers_lastname_kana', 'value' => $lastname_kana, 'type' => 'string'), array('fieldName' => 'customers_email_address', 'value' => $email_address, 'type' => 'string'), array('fieldName' => 'customers_telephone', 'value' => $telephone, 'type' => 'string'), array('fieldName' => 'customers_fax', 'value' => $fax, 'type' => 'string'), array('fieldName' => 'customers_email_format', 'value' => $email_format, 'type' => 'string')); } else { $sql_data_array = array(array('fieldName' => 'customers_firstname', 'value' => $firstname, 'type' => 'string'), array('fieldName' => 'customers_lastname', 'value' => $lastname, 'type' => 'string'), array('fieldName' => 'customers_email_address', 'value' => $email_address, 'type' => 'string'), array('fieldName' => 'customers_telephone', 'value' => $telephone, 'type' => 'string'), array('fieldName' => 'customers_fax', 'value' => $fax, 'type' => 'string'), array('fieldName' => 'customers_email_format', 'value' => $email_format, 'type' => 'string')); } // <-furikana if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') { $sql_data_array[] = array('fieldName' => 'customers_referral', 'value' => $customers_referral, 'type' => 'string'); } if (ACCOUNT_GENDER == 'true') { $sql_data_array[] = array('fieldName' => 'customers_gender', 'value' => $gender, 'type' => 'string'); } if (ACCOUNT_DOB == 'true') { if ($dob == '0001-01-01 00:00:00' or $_POST['dob'] == '') { $sql_data_array[] = array('fieldName' => 'customers_dob', 'value' => '0001-01-01 00:00:00', 'type' => 'date'); } else { $sql_data_array[] = array('fieldName' => 'customers_dob', 'value' => zen_date_raw($_POST['dob']), 'type' => 'date'); } } $where_clause = "customers_id = :customersID"; $where_clause = $db->bindVars($where_clause, ':customersID', $_SESSION['customer_id'], 'integer'); $db->perform(TABLE_CUSTOMERS, $sql_data_array, 'update', $where_clause); $sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\r\n SET customers_info_date_account_last_modified = now()\r\n WHERE customers_info_id = :customersID"; $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer'); $db->Execute($sql); $where_clause = "customers_id = :customersID AND address_book_id = :customerDefaultAddressID"; $where_clause = $db->bindVars($where_clause, ':customersID', $_SESSION['customer_id'], 'integer'); $where_clause = $db->bindVars($where_clause, ':customerDefaultAddressID', $_SESSION['customer_default_address_id'], 'integer'); // ->furikana if (FURIKANA_NESESSARY) { $sql_data_array = array(array('fieldName' => 'entry_firstname', 'value' => $firstname, 'type' => 'string'), array('fieldName' => 'entry_lastname', 'value' => $lastname, 'type' => 'string'), array('fieldName' => 'entry_firstname_kana', 'value' => $firstname_kana, 'type' => 'string'), array('fieldName' => 'entry_lastname_kana', 'value' => $lastname_kana, 'type' => 'string')); } else {
$error = true; $messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING); } if ($error == true) { // hook notifier class $zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT'); } else { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_nick' => $nick, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_default_address_id' => 0, 'customers_password' => zen_encrypt_password($password), 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION); if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') { $sql_data_array['customers_referral'] = $customers_referral; } if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = empty($_POST['dob']) || $dob_entered == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']); } zen_db_perform(TABLE_CUSTOMERS, $sql_data_array); $_SESSION['customer_id'] = $db->Insert_ID(); $zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD', array_merge(array('customer_id' => $_SESSION['customer_id']), $sql_data_array)); $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country); if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } if (ACCOUNT_COMPANY == 'true') { $sql_data_array['entry_company'] = $company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') {
////////////////////////////////////////////////////////////////////////// // DESCRIPTION: Report that displays all income for the given date // // range. Report results come solely from the Super Orders payment // // system. // ////////////////////////////////////////////////////////////////////////// // $Id: super_batch_forms.php v 2010-10-24 $ */ require 'includes/application_top.php'; $target = isset($_GET['target']) ? $_GET['target'] : false; $is_for_display = $_GET['print_format'] == 1 ? false : true; if ($target) { require DIR_WS_CLASSES . 'currencies.php'; $currencies = new currencies(); require DIR_WS_CLASSES . 'super_order.php'; $sd = zen_date_raw(!isset($_GET['start_date']) ? date("m-d-Y", time()) : $_GET['start_date']); $ed = zen_date_raw(!isset($_GET['end_date']) ? date("m-d-Y", time()) : $_GET['end_date']); } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?> "> <title><?php echo TITLE; ?>
} if (isset($_GET['alpha_filter_id']) && (int) $_GET['alpha_filter_id'] > 0) { $alpha_sort = " and (pd.products_name LIKE '" . chr((int) $_GET['alpha_filter_id']) . "%') "; $where_str .= $alpha_sort; } else { $alpha_sort = ''; $where_str .= $alpha_sort; } //die('I SEE ' . $where_str); if (isset($_GET['dfrom']) && zen_not_null($_GET['dfrom']) && $_GET['dfrom'] != DOB_FORMAT_STRING) { $where_str .= " AND p.products_date_added >= :dateAdded"; $where_str = $db->bindVars($where_str, ':dateAdded', zen_date_raw($dfrom), 'date'); } if (isset($_GET['dto']) && zen_not_null($_GET['dto']) && $_GET['dto'] != DOB_FORMAT_STRING) { $where_str .= " and p.products_date_added <= :dateAdded"; $where_str = $db->bindVars($where_str, ':dateAdded', zen_date_raw($dto), 'date'); } $rate = $currencies->get_value($_SESSION['currency']); if ($rate) { $pfrom = $_GET['pfrom'] / $rate; $pto = $_GET['pto'] / $rate; } if (DISPLAY_PRICE_WITH_TAX == 'true') { if ($pfrom) { $where_str .= " AND (p.products_price_sorter * IF(gz.geo_zone_id IS null, 1, 1 + (tr.tax_rate / 100)) >= :price)"; $where_str = $db->bindVars($where_str, ':price', $pfrom, 'float'); } if ($pto) { $where_str .= " AND (p.products_price_sorter * IF(gz.geo_zone_id IS null, 1, 1 + (tr.tax_rate / 100)) <= :price)"; $where_str = $db->bindVars($where_str, ':price', $pto, 'float'); }
} } if ($skip_special == false) { $sql = "select specials_id from " . TABLE_SPECIALS . " where products_id='" . (int) $_POST['pre_add_products_id'] . "'"; $check_special = $db->Execute($sql); if ($check_special->RecordCount() > 0) { $skip_special = true; $messageStack->add_session(WARNING_SPECIALS_PRE_ADD_DUPLICATE, 'caution'); } } if ($skip_special == true) { zen_redirect(zen_href_link(FILENAME_SPECIALS, isset($_GET['page']) && $_GET['page'] > 0 ? 'page=' . $_GET['page'] : '')); } // add empty special $specials_date_available = zen_db_prepare_input($_POST['start']) == '' ? '0001-01-01' : zen_date_raw($_POST['start']); $expires_date = zen_db_prepare_input($_POST['end']) == '' ? '0001-01-01' : zen_date_raw($_POST['end']); $products_id = zen_db_prepare_input($_POST['pre_add_products_id']); $db->Execute("insert into " . TABLE_SPECIALS . "\n (products_id, specials_new_products_price, specials_date_added, expires_date, status, specials_date_available)\n values ('" . (int) $products_id . "',\n '" . zen_db_input($specials_price) . "',\n now(),\n '" . zen_db_input($expires_date) . "', '0', '" . zen_db_input($specials_date_available) . "')"); $new_special = $db->Execute("select specials_id from " . TABLE_SPECIALS . " where products_id='" . (int) $products_id . "'"); $messageStack->add_session(SUCCESS_SPECIALS_PRE_ADD, 'success'); zen_redirect(zen_href_link(FILENAME_SPECIALS, 'action=edit' . '&sID=' . $new_special->fields['specials_id'])); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head>
function get_search_query($select_str, $add_where = "", $force_price_with_tax = false) { global $db, $currencies; $price_with_tax = false; if ($force_price_with_tax) { $price_with_tax = true; } else { if (DISPLAY_PRICE_WITH_TAX == 'true' && (isset($this->search_params['price_from']) && $this->search_params['price_from'] !== '' || isset($this->search_params['price_to']) && $this->search_params['price_to'] !== '')) { $price_with_tax = true; } } /* from */ $from_str = " FROM (" . TABLE_PRODUCTS . " p\n LEFT JOIN " . TABLE_MANUFACTURERS . " m\n USING(manufacturers_id), " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c\n LEFT JOIN " . TABLE_META_TAGS_PRODUCTS_DESCRIPTION . " mtpd\n ON mtpd.products_id= p2c.products_id\n AND mtpd.language_id = :languagesID )"; $from_str = $db->bindVars($from_str, ':languagesID', $_SESSION['languages_id'], 'integer'); if (MODULE_PRODUCTS_WITH_ATTRIBUTES_STOCK_STATUS == 'true') { $from_str .= " LEFT JOIN " . TABLE_PRODUCTS_WITH_ATTRIBUTES_STOCK . " AS pwas\n ON p.products_id = pwas.products_id"; } if ($price_with_tax) { if (!$_SESSION['customer_country_id']) { $_SESSION['customer_country_id'] = STORE_COUNTRY; $_SESSION['customer_zone_id'] = STORE_ZONE; } $from_str .= " LEFT JOIN " . TABLE_TAX_RATES . " tr\n ON p.products_tax_class_id = tr.tax_class_id\n LEFT JOIN " . TABLE_ZONES_TO_GEO_ZONES . " gz\n ON tr.tax_zone_id = gz.geo_zone_id\n AND (gz.zone_country_id IS null OR gz.zone_country_id = 0 OR gz.zone_country_id = :zoneCountryID)\n AND (gz.zone_id IS null OR gz.zone_id = 0 OR gz.zone_id = :zoneID)"; $from_str = $db->bindVars($from_str, ':zoneCountryID', $_SESSION['customer_country_id'], 'integer'); $from_str = $db->bindVars($from_str, ':zoneID', $_SESSION['customer_zone_id'], 'integer'); } if ($this->search_params['featured']) { $from_str .= " INNER JOIN " . TABLE_FEATURED . " f\n ON p.products_id = f.products_id\n AND f.status = 1"; } if ($this->search_params['specials']) { $from_str .= " INNER JOIN " . TABLE_SPECIALS . " sp\n ON p.products_id = sp.products_id\n AND sp.status = 1"; } /* where */ $where_str = " WHERE p.products_status = 1\n AND p.products_id = pd.products_id\n AND pd.language_id = :languagesID\n AND p.products_id = p2c.products_id\n AND p2c.categories_id = c.categories_id "; $where_str = $db->bindVars($where_str, ':languagesID', $_SESSION['languages_id'], 'integer'); // keywords if (!empty($this->search_params['keywords_array'])) { $target_columns = array("pd.products_name", "pd.products_description"); if (MODULE_PRODUCTS_WITH_ATTRIBUTES_STOCK_STATUS == 'true') { // $target_columns[] = "pwas.skumodel"; } $tmp = array(); foreach ($this->search_params['keywords_array'] as $keywords) { $keywords = zen_db_input($keywords); if (MODULE_SUPER_PRODUCTS_LIST_SENNA_STATUS == 'true') { $tmp[] = "MATCH(" . join(",", $target_columns) . ") AGAINST('" . $keywords . "')"; } else { $ors = array(); foreach ($target_columns as $target_column) { $ors[] = $target_column . " LIKE '%" . $keywords . "%'"; } $tmp[] = '(' . join(' OR ', $ors) . ')'; } } $where_str .= " AND (" . join(" AND ", $tmp) . ")"; } // categories_id if ($this->search_params['categories_id']) { $subcategories = array($this->search_params['categories_id']); zen_get_subcategories($subcategories, $this->search_params['categories_id']); $where_str .= " AND p2c.categories_id IN (" . join(',', $subcategories) . ")"; } // manufacturers_id if ($this->search_params['manufacturers_id']) { $where_str .= " AND p.manufacturers_id = " . (int) $this->search_params['manufacturers_id']; } // price $pfrom = $this->search_params['price_from']; $pto = $this->search_params['price_to']; $rate = $currencies->get_value($_SESSION['currency']); if ($rate) { $pfrom = $pfrom / $rate; $pto = $pto / $rate; } if (DISPLAY_PRICE_WITH_TAX == 'true') { if ($this->search_params['price_from'] !== '') { $where_str .= " AND (p.products_price_sorter * IF(gz.geo_zone_id IS null, 1, 1 + (tr.tax_rate / 100)) >= :price)"; $where_str = $db->bindVars($where_str, ':price', $pfrom, 'float'); } if ($this->search_params['price_to'] !== '') { $where_str .= " AND (p.products_price_sorter * IF(gz.geo_zone_id IS null, 1, 1 + (tr.tax_rate / 100)) <= :price)"; $where_str = $db->bindVars($where_str, ':price', $pto, 'float'); } } else { if ($this->search_params['price_from'] !== '') { $where_str .= " and (p.products_price_sorter >= :price)"; $where_str = $db->bindVars($where_str, ':price', $pfrom, 'float'); } if ($this->search_params['price_to'] !== '') { $where_str .= " and (p.products_price_sorter <= :price)"; $where_str = $db->bindVars($where_str, ':price', $pto, 'float'); } } // date if ($this->search_params['date_from']) { $where_str .= " AND p.products_date_available >= :dateAvailable"; $where_str = $db->bindVars($where_str, ':dateAvailable', zen_date_raw($this->search_params['date_from']), 'date'); } if ($this->search_params['date_to']) { $where_str .= " AND p.products_date_available <= :dateAvailable"; $where_str = $db->bindVars($where_str, ':dateAvailable', zen_date_raw($this->search_params['date_to']), 'date'); } $where_str .= $add_where; return $select_str . $from_str . $where_str; }
$categories_all[] = $category; foreach (zen_get_category_tree($category) as $subcategory) { if ($subcategory['id'] != '0') { $categories_all[] = $subcategory['id']; } } } asort($categories_selected); $categories_selected_string = implode(',', array_unique($categories_selected)); asort($categories_all); $categories_all_string = ',' . implode(',', array_unique($categories_all)) . ','; } else { $categories_selected_string = 'null'; $categories_all_string = 'null'; } $salemaker_sales_data_array = array('sale_name' => zen_db_prepare_input($_POST['name']), 'sale_deduction_value' => zen_db_prepare_input((double) $_POST['deduction']), 'sale_deduction_type' => zen_db_prepare_input($_POST['type']), 'sale_pricerange_from' => zen_db_prepare_input((double) $_POST['from']), 'sale_pricerange_to' => zen_db_prepare_input((double) $_POST['to']), 'sale_specials_condition' => zen_db_prepare_input($_POST['condition']), 'sale_categories_selected' => $categories_selected_string, 'sale_categories_all' => $categories_all_string, 'sale_date_start' => zen_db_prepare_input($_POST['start']) == '' ? '0001-01-01' : zen_date_raw($_POST['start']), 'sale_date_end' => zen_db_prepare_input($_POST['end']) == '' ? '0001-01-01' : zen_date_raw($_POST['end'])); if ($action == 'insert') { $salemaker_sales_data_array['sale_status'] = 1; $salemaker_sales_data_array['sale_date_added'] = 'now()'; $salemaker_sales_data_array['sale_date_last_modified'] = '0001-01-01'; $salemaker_sales_data_array['sale_date_status_change'] = '0001-01-01'; zen_db_perform(TABLE_SALEMAKER_SALES, $salemaker_sales_data_array, 'insert'); $_POST['sID'] = $db->Insert_ID(); } else { $salemaker_sales_data_array['sale_date_last_modified'] = 'now()'; zen_db_perform(TABLE_SALEMAKER_SALES, $salemaker_sales_data_array, 'update', "sale_id = '" . zen_db_input($_POST['sID']) . "'"); } // update prices for products in sale zen_update_salemaker_product_prices($_POST['sID']); zen_redirect(zen_href_link(FILENAME_SALEMAKER, 'page=' . $_GET['page'] . '&sID=' . $_POST['sID'])); break;
// we only need to check one variable since all are passed with the form if (isset($_GET['start_date'])) { // create query based on filter crieria $orders_query_raw = "SELECT o.orders_id, o.customers_id, o.customers_name,\n o.payment_method, o.date_purchased, o.order_total, s.orders_status_name\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN " . TABLE_ORDERS_STATUS . " s ON o.orders_status = s.orders_status_id"; if (isset($_GET['products']) && zen_not_null($_GET['products'])) { $orders_query_raw .= " LEFT JOIN " . TABLE_ORDERS_PRODUCTS . " op ON o.orders_id = op.orders_id"; } $orders_query_raw .= " WHERE s.language_id = '" . (int) $_SESSION['languages_id'] . "'"; $search = ''; if (isset($_GET['search']) && zen_not_null($_GET['search'])) { $keywords = zen_db_prepare_input($_GET['search'], true); $search = " and (o.customers_city like '%" . $keywords . "%' or o.customers_postcode like '%" . $keywords . "%' or o.date_purchased like '%" . $keywords . "%' or o.billing_name like '%" . $keywords . "%' or o.billing_company like '%" . $keywords . "%' or o.billing_street_address like '%" . $keywords . "%' or o.delivery_city like '%" . $keywords . "%' or o.delivery_postcode like '%" . $keywords . "%' or o.delivery_name like '%" . $keywords . "%' or o.delivery_company like '%" . $keywords . "%' or o.delivery_street_address like '%" . $keywords . "%' or o.billing_city like '%" . $keywords . "%' or o.billing_postcode like '%" . $keywords . "%' or o.customers_email_address like '%" . $keywords . "%' or o.customers_name like '%" . $keywords . "%' or o.customers_company like '%" . $keywords . "%' or o.customers_street_address like '%" . $keywords . "%' or o.customers_telephone like '%" . $keywords . "%')"; $orders_query_raw .= $search; } $sd = zen_date_raw(isset($_GET['start_date']) ? $_GET['start_date'] : ''); $ed = zen_date_raw(isset($_GET['end_date']) ? $_GET['end_date'] : ''); if ($sd != '' && $ed != '') { $orders_query_raw .= " AND o.date_purchased BETWEEN '" . $sd . "' AND DATE_ADD('" . $ed . "', INTERVAL 1 DAY)"; } if (isset($_GET['status']) && zen_not_null($_GET['status'])) { $orders_query_raw .= " AND o.orders_status = '" . $_GET['status'] . "'"; } if (isset($_GET['products']) && zen_not_null($_GET['products'])) { $orders_query_raw .= " AND op.products_id = '" . $_GET['products'] . "'"; } if (isset($_GET['customers']) && zen_not_null($_GET['customers'])) { $orders_query_raw .= " AND o.customers_id = '" . $_GET['customers'] . "'"; } if (isset($_GET['payments']) && zen_not_null($_GET['payments'])) { $orders_query_raw .= " AND o.payment_module_code = '" . $_GET['payments'] . "'"; }
$entry_telephone_error = false; } $check_email = $db->Execute("select customers_email_address\n from " . TABLE_CUSTOMERS . "\n where customers_email_address = '" . zen_db_input($customers_email_address) . "'\n and customers_id != '" . (int) $customers_id . "'"); if ($check_email->RecordCount() > 0) { $error = true; $entry_email_address_exists = true; } else { $entry_email_address_exists = false; } if ($error == false) { $sql_data_array = array('customers_firstname' => $customers_firstname, 'customers_lastname' => $customers_lastname, 'customers_email_address' => $customers_email_address, 'customers_telephone' => $customers_telephone, 'customers_fax' => $customers_fax, 'customers_group_pricing' => $customers_group_pricing, 'customers_newsletter' => $customers_newsletter, 'customers_email_format' => $customers_email_format, 'customers_authorization' => $customers_authorization, 'customers_referral' => $customers_referral); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $customers_gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = $customers_dob == '0001-01-01 00:00:00' ? '0001-01-01 00:00:00' : zen_date_raw($customers_dob); } zen_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $customers_id . "'"); $db->Execute("update " . TABLE_CUSTOMERS_INFO . "\n set customers_info_date_account_last_modified = now()\n where customers_info_id = '" . (int) $customers_id . "'"); if ($entry_zone_id > 0) { $entry_state = ''; } $sql_data_array = array('entry_firstname' => $customers_firstname, 'entry_lastname' => $customers_lastname, 'entry_street_address' => $entry_street_address, 'entry_postcode' => $entry_postcode, 'entry_city' => $entry_city, 'entry_country_id' => $entry_country_id); if (ACCOUNT_COMPANY == 'true') { $sql_data_array['entry_company'] = $entry_company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $entry_suburb; } if (ACCOUNT_STATE == 'true') { if ($entry_zone_id > 0) {
$db->Execute("OPTIMIZE TABLE " . TABLE_EMAIL_ARCHIVE); $messageStack->add_session(sprintf(SUCCESS_TRIM_ARCHIVE, $cutoff_date), 'success'); zen_redirect(zen_href_link(FILENAME_EMAIL_HISTORY, '', 'NONSSL')); } $email_module = $db->Execute("SELECT DISTINCT module\n FROM " . TABLE_EMAIL_ARCHIVE . "\n ORDER BY module ASC"); $email_module_array[] = array('id' => 1, 'text' => TEXT_ALL_MODULES); while (!$email_module->EOF) { $email_module_array[] = array('id' => $email_module->fields['module'], 'text' => $email_module->fields['module']); $email_module->MoveNext(); } $search_sd = isset($_GET['start_date']) && zen_not_null($_GET['start_date']) ? true : false; $search_ed = isset($_GET['end_date']) && zen_not_null($_GET['end_date']) ? true : false; $search_text = isset($_GET['text']) && zen_not_null($_GET['text']) ? true : false; $search_module = isset($_GET['module']) && zen_not_null($_GET['module']) && $_GET['module'] != 1 ? true : false; $sd_raw = zen_date_raw($_GET['start_date']); $ed_raw = zen_date_raw($_GET['end_date']); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?> "> <title><?php echo TITLE; ?> </title>
$messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS); } if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) { $error = true; $messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR); } if ($error == false) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_email_format' => $email_format); if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') { $sql_data_array['customers_referral'] = $customers_referral; } if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = zen_date_raw($dob); } $gBitDb->associateInsert(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $sql = "update " . TABLE_CUSTOMERS_INFO . "\n set `date_account_last_modified` = " . $gBitDb->mDb->sysTimeStamp . "\n where `customers_info_id` = '" . (int) $_SESSION['customer_id'] . "'"; $gBitDb->Execute($sql); $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname); $gBitDb->associateInsert(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "`customers_id` = '" . (int) $_SESSION['customer_id'] . "' and `address_book_id` = '" . (int) $_SESSION['customer_default_address_id'] . "'"); // reset the session variables $_SESSION['customer_first_name'] = $firstname; $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success'); zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL')); } } $account_query = "select `customers_gender`, `customers_firstname`, `customers_lastname`,\n `customers_dob`, `customers_email_address`, `customers_telephone`,\n `customers_fax`, `customers_email_format`, `customers_referral`\n from " . TABLE_CUSTOMERS . "\n where `customers_id` = '" . (int) $_SESSION['customer_id'] . "'"; $account = $gBitDb->Execute($account_query); if (ACCOUNT_GENDER == 'true') {
$where_str .= " or (mtpd.metatags_description like '%" . addslashes($search_keywords[$i]) . "%' and mtpd.metatags_description !='')"; if (isset($_GET['search_in_description']) && $_GET['search_in_description'] == '1') { $where_str .= " or pd.products_description like '%" . addslashes($search_keywords[$i]) . "%'"; } $where_str .= ')'; break; } } $where_str .= " )"; } } if (isset($_GET['dfrom']) && zen_not_null($_GET['dfrom']) && $_GET['dfrom'] != DOB_FORMAT_STRING) { $where_str .= " and p.products_date_added >= '" . zen_date_raw($dfrom) . "'"; } if (isset($_GET['dto']) && zen_not_null($_GET['dto']) && $_GET['dto'] != DOB_FORMAT_STRING) { $where_str .= " and p.products_date_added <= '" . zen_date_raw($dto) . "'"; } $rate = $currencies->get_value($_SESSION['currency']); if ($rate) { $pfrom = $_GET['pfrom'] / $rate; $pto = $_GET['pto'] / $rate; } if (DISPLAY_PRICE_WITH_TAX == 'true') { // if ($pfrom) $where_str .= " and (IF(s.status = '1', s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100)) >= " . $pfrom . ")"; // if ($pto) $where_str .= " and (IF(s.status = '1', s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100)) <= " . $pto . ")"; if ($pfrom) { $where_str .= " and (p.products_price_sorter * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100)) >= " . $pfrom . ")"; } if ($pto) { $where_str .= " and (p.products_price_sorter * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100)) <= " . $pto . ")"; }
function module_visitor_to_account($return = array()) { global $db, $messageStack, $zco_notifier; $return = $this->zoneOptions($return); $process = false; /** * Process form contents */ if (isset($_POST['action']) && $_POST['action'] == 'process') { $process = true; $return['error'] = false; $return['error_messages'] = array(); $return = $this->prosessPrivacyConditions($return); $return = $this->processGender($return); $return = $this->processNames($return); $return = $this->processNick($return); $return = $this->processDOB($return); $return = $this->processEmailAddress($return); $return = $this->processAddress($return); $return = $this->processEmailFormat($return); $return = $this->processCustomersAuthorization($return); $return = $this->processCustomersReferral($return); $return = $this->processNewsletter($return); $return = $this->processPassword($return); if (count($return['error_messages']) > 0) { foreach ($return['error_messages'] as $error_message) { $messageStack->add('create_account', $error_message['message'], $error_message['type']); } } if ($return['error'] == true) { // hook notifier class $zco_notifier->notify('NOTIFY_FAILURE_DURING_VISITOR_TO_ACCOUNT'); } else { extract($return); $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_nick' => $nick, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_password' => zen_encrypt_password($password), 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION); // ->furikana if (FURIKANA_NESESSARY) { $sql_data_array['customers_firstname_kana'] = $firstname_kana; $sql_data_array['customers_lastname_kana'] = $lastname_kana; } // <-furikana if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') { $sql_data_array['customers_referral'] = $customers_referral; } if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } // if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = zen_date_raw($dob); if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']); } zen_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'"); // delete a visitor $db->Execute("delete from " . TABLE_VISITORS . "\r\n where visitors_id = '" . (int) $_SESSION['visitors_id'] . "'"); unset($_SESSION['visitors_id']); $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_telephone' => $telephone, 'entry_fax' => $fax, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country); // ->furikana if (FURIKANA_NESESSARY) { $sql_data_array['entry_firstname_kana'] = $firstname_kana; $sql_data_array['entry_lastname_kana'] = $lastname_kana; } // <-furikana if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } if (ACCOUNT_COMPANY == 'true') { $sql_data_array['entry_company'] = $company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = $zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'"); $sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\r\n SET customers_info_date_account_last_modified = now()\r\n WHERE customers_info_id = :customersID"; $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer'); // phpBB create account if ($phpBB->phpBB['installed'] == true) { $phpBB->phpbb_create_account($nick, $password, $email_address); } // End phppBB create account $_SESSION['customer_first_name'] = $firstname; $_SESSION['customer_last_name'] = $lastname; // ->furikana if (FURIKANA_NESESSARY) { $_SESSION['customer_first_name_kana'] = $firstname_kana; $_SESSION['customer_last_name_kana'] = $lastname_kana; } // <-furikana $_SESSION['customer_country_id'] = $country; $_SESSION['customer_zone_id'] = $zone_id; // restore cart contents $_SESSION['cart']->restore_contents(); // hook notifier class $zco_notifier->notify('NOTIFY_LOGIN_SUCCESS_VIA_VISITOR_TO_ACCOUNT'); // build the message content $name = $firstname . ' ' . $lastname; if (ACCOUNT_GENDER == 'true') { if ($gender == 'm') { $email_text = sprintf(EMAIL_GREET_MR, $name); } else { $email_text = sprintf(EMAIL_GREET_MS, $name); } } else { $email_text = sprintf(EMAIL_GREET_NONE, $name); } $html_msg['EMAIL_GREETING'] = str_replace('\\n', '', $email_text); $html_msg['EMAIL_FIRST_NAME'] = $firstname; $html_msg['EMAIL_LAST_NAME'] = $lastname; // initial welcome $email_text .= EMAIL_WELCOME; $html_msg['EMAIL_WELCOME'] = str_replace('\\n', '', EMAIL_WELCOME); if (NEW_SIGNUP_DISCOUNT_COUPON != '' and NEW_SIGNUP_DISCOUNT_COUPON != '0') { $coupon_id = NEW_SIGNUP_DISCOUNT_COUPON; $coupon = $db->Execute("select * from " . TABLE_COUPONS . " where coupon_id = '" . $coupon_id . "'"); $coupon_desc = $db->Execute("select coupon_description from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $coupon_id . "' and language_id = '" . $_SESSION['languages_id'] . "'"); $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )"); // if on, add in Discount Coupon explanation // $email_text .= EMAIL_COUPON_INCENTIVE_HEADER . $email_text .= "\n" . EMAIL_COUPON_INCENTIVE_HEADER . (!empty($coupon_desc->fields['coupon_description']) ? $coupon_desc->fields['coupon_description'] . "\n\n" : '') . strip_tags(sprintf(EMAIL_COUPON_REDEEM, ' ' . $coupon->fields['coupon_code'])) . EMAIL_SEPARATOR; $html_msg['COUPON_TEXT_VOUCHER_IS'] = EMAIL_COUPON_INCENTIVE_HEADER; $html_msg['COUPON_DESCRIPTION'] = !empty($coupon_desc->fields['coupon_description']) ? '<strong>' . $coupon_desc->fields['coupon_description'] . '</strong>' : ''; $html_msg['COUPON_TEXT_TO_REDEEM'] = str_replace("\n", '', sprintf(EMAIL_COUPON_REDEEM, '')); $html_msg['COUPON_CODE'] = $coupon->fields['coupon_code']; } //endif coupon if (NEW_SIGNUP_GIFT_VOUCHER_AMOUNT > 0) { $coupon_code = zen_create_coupon_code(); $insert_query = $db->Execute("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $coupon_code . "', 'G', '" . NEW_SIGNUP_GIFT_VOUCHER_AMOUNT . "', now())"); $insert_id = $db->Insert_ID(); $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $email_address . "', now() )"); // if on, add in GV explanation $email_text .= "\n\n" . sprintf(EMAIL_GV_INCENTIVE_HEADER, $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT)) . sprintf(EMAIL_GV_REDEEM, $coupon_code) . EMAIL_GV_LINK . zen_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false) . "\n\n" . EMAIL_GV_LINK_OTHER . EMAIL_SEPARATOR; $html_msg['GV_WORTH'] = str_replace('\\n', '', sprintf(EMAIL_GV_INCENTIVE_HEADER, $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT))); $html_msg['GV_REDEEM'] = str_replace('\\n', '', str_replace('\\n\\n', '<br />', sprintf(EMAIL_GV_REDEEM, '<strong>' . $coupon_code . '</strong>'))); $html_msg['GV_CODE_NUM'] = $coupon_code; $html_msg['GV_CODE_URL'] = str_replace('\\n', '', EMAIL_GV_LINK . '<a href="' . zen_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false) . '">' . TEXT_GV_NAME . ': ' . $coupon_code . '</a>'); $html_msg['GV_LINK_OTHER'] = EMAIL_GV_LINK_OTHER; } // endif voucher // add in regular email welcome text $email_text .= "\n\n" . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_GV_CLOSURE; $html_msg['EMAIL_MESSAGE_HTML'] = str_replace('\\n', '', EMAIL_TEXT); $html_msg['EMAIL_CONTACT_OWNER'] = str_replace('\\n', '', EMAIL_CONTACT); $html_msg['EMAIL_CLOSURE'] = nl2br(EMAIL_GV_CLOSURE); // include create-account-specific disclaimer $email_text .= "\n\n" . sprintf(EMAIL_DISCLAIMER_NEW_CUSTOMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n"; $html_msg['EMAIL_DISCLAIMER'] = sprintf(EMAIL_DISCLAIMER_NEW_CUSTOMER, '<a href="mailto:' . STORE_OWNER_EMAIL_ADDRESS . '">' . STORE_OWNER_EMAIL_ADDRESS . ' </a>'); // send welcome email zen_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_NAME, EMAIL_FROM, $html_msg, 'welcome'); // send additional emails if (SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO_STATUS == '1' and SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO != '') { if ($_SESSION['customer_id']) { $account_query = "select customers_firstname, customers_lastname, customers_email_address\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'"; $account = $db->Execute($account_query); } $extra_info = email_collect_extra_info($name, $email_address, $account->fields['customers_firstname'] . ' ' . $account->fields['customers_lastname'], $account->fields['customers_email_address']); $html_msg['EXTRA_INFO'] = $extra_info['HTML']; zen_mail('', SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO, SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO_SUBJECT . ' ' . EMAIL_SUBJECT, $email_text . $extra_info['TEXT'], STORE_NAME, EMAIL_FROM, $html_msg, 'welcome_extra'); } //endif send extra emails $_SESSION['navigation']->clear_snapshot(); zen_redirect(zen_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL')); } //endif !error } else { $return = $this->getFormDefault($return); } return $return; }
break; case 'insert': case 'update': if (isset($_POST['banners_id'])) { $banners_id = zen_db_prepare_input($_POST['banners_id']); } $banners_title = zen_db_prepare_input($_POST['banners_title']); $banners_url = zen_db_prepare_input($_POST['banners_url']); $new_banners_group = zen_db_prepare_input($_POST['new_banners_group']); $banners_group = empty($new_banners_group) ? zen_db_prepare_input($_POST['banners_group']) : $new_banners_group; $banners_html_text = zen_db_prepare_input($_POST['banners_html_text']); $banners_image_local = zen_db_prepare_input($_POST['banners_image_local']); $banners_image_target = zen_db_prepare_input($_POST['banners_image_target']); $db_image_location = ''; $expires_date = zen_db_prepare_input($_POST['expires_date']) == '' ? 'null' : zen_date_raw($_POST['expires_date']); $expires_impressions = zen_db_prepare_input($_POST['expires_impressions']) == '' ? 'null' : zen_date_raw($_POST['date_scheduled']); $date_scheduled = zen_db_prepare_input($_POST['date_scheduled']); $status = zen_db_prepare_input($_POST['status']); $banners_open_new_windows = zen_db_prepare_input($_POST['banners_open_new_windows']); $banners_on_ssl = zen_db_prepare_input($_POST['banners_on_ssl']); $banners_sort_order = zen_db_prepare_input($_POST['banners_sort_order']); $banner_error = false; if (empty($banners_title)) { $messageStack->add(ERROR_BANNER_TITLE_REQUIRED, 'error'); $banner_error = true; } if (empty($banners_group)) { $messageStack->add(ERROR_BANNER_GROUP_REQUIRED, 'error'); $banner_error = true; } if (empty($banners_html_text)) {