function zen_draw_hidden_field($name, $value = '', $parameters = '')
{
$field = '<input type="hidden" name="' . zen_sanitize_string(zen_output_string($name)) . '"';
if (zen_not_null($value)) {
$field .= ' value="' . zen_output_string($value) . '"';
} elseif (isset($GLOBALS[$name]) && is_string($GLOBALS[$name])) {
$field .= ' value="' . zen_output_string(stripslashes($GLOBALS[$name])) . '"';
}
if (zen_not_null($parameters)) {
$field .= ' ' . $parameters;
}
$field .= ' />';
return $field;
}
$process = true;
if (ACCOUNT_GENDER == 'true') {
if (isset($_POST['gender'])) {
$gender = zen_db_prepare_input($_POST['gender']);
} else {
$gender = false;
}
}
if (isset($_POST['email_format'])) {
$email_format = zen_db_prepare_input($_POST['email_format']);
}
if (ACCOUNT_COMPANY == 'true') {
$company = zen_db_prepare_input($_POST['company']);
}
$firstname = zen_db_prepare_input(zen_sanitize_string($_POST['firstname']));
$lastname = zen_db_prepare_input(zen_sanitize_string($_POST['lastname']));
$nick = zen_db_prepare_input($_POST['nick']);
if (ACCOUNT_DOB == 'true') {
$dob = zen_db_prepare_input($_POST['dob']);
}
$email_address = zen_db_prepare_input($_POST['email_address']);
$street_address = zen_db_prepare_input($_POST['street_address']);
if (ACCOUNT_SUBURB == 'true') {
$suburb = zen_db_prepare_input($_POST['suburb']);
}
$postcode = zen_db_prepare_input($_POST['postcode']);
$city = zen_db_prepare_input($_POST['city']);
if (ACCOUNT_STATE == 'true') {
$state = zen_db_prepare_input($_POST['state']);
if (isset($_POST['zone_id'])) {
$zone_id = zen_db_prepare_input($_POST['zone_id']);
function zen_db_prepare_input($string)
{
if (is_string($string)) {
return trim(zen_sanitize_string(stripslashes($string)));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = zen_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
zen_mail($custinfo->fields['customers_firstname'] . ' ' . $custinfo->fields['customers_lastname'], $custinfo->fields['customers_email_address'], EMAIL_CUSTOMER_STATUS_CHANGE_SUBJECT, $message, STORE_NAME, EMAIL_FROM, $html_msg, 'default');
}
zen_record_admin_activity('Customer-approval-authorization set customer auth status to 0 for customer ID ' . (int) $customers_id, 'info');
} else {
$sql = "update " . TABLE_CUSTOMERS . " set customers_authorization='" . CUSTOMERS_APPROVAL_AUTHORIZATION . "' where customers_id='" . (int) $customers_id . "'";
zen_record_admin_activity('Customer-approval-authorization set customer auth status to ' . CUSTOMERS_APPROVAL_AUTHORIZATION . ' for customer ID ' . (int) $customers_id, 'info');
}
$db->Execute($sql);
$action = '';
zen_redirect(zen_href_link(FILENAME_CUSTOMERS, 'cID=' . (int) $customers_id . '&page=' . $_GET['page'], 'NONSSL'));
}
$action = '';
break;
case 'update':
$customers_firstname = zen_db_prepare_input(zen_sanitize_string($_POST['customers_firstname']));
$customers_lastname = zen_db_prepare_input(zen_sanitize_string($_POST['customers_lastname']));
$customers_email_address = zen_db_prepare_input($_POST['customers_email_address']);
$customers_telephone = zen_db_prepare_input($_POST['customers_telephone']);
$customers_fax = zen_db_prepare_input($_POST['customers_fax']);
$customers_newsletter = zen_db_prepare_input($_POST['customers_newsletter']);
$customers_group_pricing = (int) zen_db_prepare_input($_POST['customers_group_pricing']);
$customers_email_format = zen_db_prepare_input($_POST['customers_email_format']);
$customers_gender = zen_db_prepare_input($_POST['customers_gender']);
$customers_dob = empty($_POST['customers_dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_db_prepare_input($_POST['customers_dob']);
$customers_authorization = zen_db_prepare_input($_POST['customers_authorization']);
$customers_referral = zen_db_prepare_input($_POST['customers_referral']);
if (CUSTOMERS_APPROVAL_AUTHORIZATION == 2 and $customers_authorization == 1) {
$customers_authorization = 2;
$messageStack->add_session(ERROR_CUSTOMER_APPROVAL_CORRECTION2, 'caution');
}
if (CUSTOMERS_APPROVAL_AUTHORIZATION == 1 and $customers_authorization == 2) {
/**
* discount coupon info
*
* @package page
* @copyright Copyright 2003-2011 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: header_php.php 19517 2011-09-14 21:28:12Z wilt $
*/
require DIR_WS_MODULES . zen_get_module_directory('require_languages.php');
$text_coupon_help = '';
if (isset($_POST['lookup_discount_coupon']) and $_POST['lookup_discount_coupon'] != '') {
// lookup requested discount coupon
$coupon = $db->Execute("select * from " . TABLE_COUPONS . " where coupon_code = '" . zen_db_input($_POST['lookup_discount_coupon']) . "' and coupon_type != 'G'");
$_POST['lookup_discount_coupon'] = zen_sanitize_string($_POST['lookup_discount_coupon']);
if ($coupon->RecordCount() < 1) {
// invalid discount coupon code
$text_coupon_help = sprintf(TEXT_COUPON_FAILED, zen_output_string_protected($_POST['lookup_discount_coupon']));
} else {
// valid discount coupon code
$lookup_coupon_id = $coupon->fields['coupon_id'];
$coupon_desc = $db->Execute("select * from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . (int) $lookup_coupon_id . "' and language_id = '" . (int) $_SESSION['languages_id'] . "'");
$text_coupon_help = TEXT_COUPON_HELP_HEADER;
$text_coupon_help .= sprintf(TEXT_COUPON_HELP_NAME, $coupon_desc->fields['coupon_name']);
if (zen_not_null($coupon_desc->fields['coupon_description'])) {
$text_coupon_help .= sprintf(TEXT_COUPON_HELP_DESC, $coupon_desc->fields['coupon_description']);
}
$coupon_amount = $coupon->fields['coupon_amount'];
switch ($coupon->fields['coupon_type']) {
case 'F':
function zen_get_all_get_params($exclude_array = '')
{
global $_GET;
if ($exclude_array == '') {
$exclude_array = array();
}
$get_url = '';
reset($_GET);
while (list($key, $value) = each($_GET)) {
if ($key != zen_session_name() && $key != 'error' && !in_array($key, $exclude_array)) {
$get_url .= zen_sanitize_string($key) . '=' . rawurlencode(stripslashes($value)) . '&';
}
}
return $get_url;
}
function zen_db_prepare_input($string)
{
global $gBitUser;
if (empty($string)) {
return NULL;
} elseif (is_string($string) && !$gBitUser->hasPermission('p_bitcommerce_admin')) {
return trim(zen_sanitize_string(stripslashes($string)));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = zen_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
<?php
include 'tiosafe_config.php';
if (postNotEmpty('title')) {
$products_name = $_POST['title'];
$products_sale_price = 0;
$language_id = getDefaultLanguageID($db);
$products_date_added = date('Y/m/d h:i:s');
// Setting the products_status as '1' ie available
$sql_array = array('products_price' => $products_sale_price, 'products_status' => '1', 'products_date_added' => $products_date_added);
zen_db_perform(TABLE_PRODUCTS, $sql_array);
$products_id = zen_db_insert_id();
$sql_array = array('products_id' => $products_id, 'language_id' => $language_id, 'products_name' => zen_sanitize_string($products_name));
zen_db_perform(TABLE_PRODUCTS_DESCRIPTION, $sql_array);
} else {
echo '\\nInvalid query: The parameter title is required!';
}
$db->close();
//Get the option ID
$query1 = 'SELECT po.products_options_id,
po.products_options_name
FROM ' . TABLE_PRODUCTS_OPTIONS . ' AS po
WHERE po.language_id = "' . $language_id . '"
AND po.products_options_name = "' . $product_base_category . '"';
$result1 = $db->Execute($query1);
if (!$result1->EOF) {
$products_options_id = $result1->fields['products_options_id'];
}
//Get the option value id
$query2 = 'SELECT pov.products_options_values_id,
pov.products_options_values_name
FROM ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' AS pov
WHERE pov.language_id = ' . $language_id . '
AND pov.products_options_values_name = "' . zen_sanitize_string($product_variation) . '"';
//echo $query2;
$result2 = $db->Execute($query2);
if (!$result2->EOF) {
$products_options_values_id = $result2->fields['products_options_values_id'];
}
//delete the attribute
if ($products_options_id != "" and $products_options_values_id != "") {
$query = 'DELETE FROM ' . TABLE_PRODUCTS_ATTRIBUTES . '
WHERE products_id = ' . $products_id . '
AND options_id = ' . $products_options_id . '
AND options_values_id = ' . $products_options_values_id;
//echo $query;
$result = $db->Execute($query);
}
} else {
//Check if value exists
$query2 = 'SELECT pov.products_options_values_id,
pov.products_options_values_name
FROM ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' AS pov
WHERE pov.language_id = ' . $language_id . '
AND pov.products_options_values_name = "' . zen_sanitize_string($product_variation) . '"';
//echo $query2;
$result2 = $db->Execute($query2);
if (!$result2->EOF) {
$products_options_values_id = $result2->fields['products_options_values_id'];
} else {
$new_option_value = true;
//Get the next id as done in zencart
$max_values_id_values = $db->Execute("select max(products_options_values_id) + 1\n as next_id from " . TABLE_PRODUCTS_OPTIONS_VALUES);
$products_options_values_id = $max_values_id_values->fields['next_id'];
$sql_array = array('products_options_values_id' => $products_options_values_id, 'language_id' => $language_id, 'products_options_values_name' => zen_sanitize_string($product_variation));
zen_db_perform(TABLE_PRODUCTS_OPTIONS_VALUES, $sql_array);
}
//Check if the option is used buy the product
$query3 = 'SELECT pa.products_attributes_id AS id,
po.products_options_name,
pov.products_options_values_name
FROM ' . TABLE_PRODUCTS_ATTRIBUTES . ' AS pa
LEFT JOIN ' . TABLE_PRODUCTS_OPTIONS . ' AS po
ON pa.options_id = po.products_options_id
LEFT JOIN ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' AS pov
ON pa.options_values_id = pov.products_options_values_id
WHERE pa.products_id = "' . $products_id . '"
AND pa.options_id = "' . $products_options_id . '"
AND pa.options_values_id = "' . $products_options_values_id . '"
AND po.language_id = "' . $language_id . '"
