$r->set_value("cc_number", "");
} elseif ($cc_number_security > 0) {
$r->set_value("cc_number", va_encrypt($r->get_value("cc_number")));
}
if ($cc_code_security == 0) {
$r->set_value("cc_security_code", "");
} elseif ($cc_code_security > 0) {
$r->set_value("cc_security_code", va_encrypt($cc_security_code));
}
if ($r->update_record()) {
// update order status
$cc_order_status = 2;
update_order_status($order_id, $cc_order_status, true, "", $status_error);
$op = new VA_Record($table_prefix . "orders_properties");
$op->add_textbox("order_id", INTEGER);
$op->set_value("order_id", $order_id);
$op->add_textbox("property_id", INTEGER);
$op->add_textbox("property_order", INTEGER);
$op->add_textbox("property_type", INTEGER);
$op->add_textbox("property_name", TEXT);
$op->add_textbox("property_value_id", INTEGER);
$op->add_textbox("property_value", TEXT);
$op->add_textbox("property_price", FLOAT);
$op->add_textbox("property_weight", FLOAT);
$op->add_textbox("tax_free", INTEGER);
foreach ($custom_options as $property_id => $property_values) {
// delete first all saved values
$sql = " DELETE FROM " . $table_prefix . "orders_properties ";
$sql .= " WHERE order_id=" . $db->tosql($order_id, INTEGER);
$sql .= " AND property_id =" . $db->tosql($property_id, INTEGER);
$db->query($sql);
if (isset($_POST[$delete_param])) {
unset($_POST[$delete_param]);
}
}
set_session("session_settings", "");
// show success message
$t->parse("success_block", false);
}
}
} else {
foreach ($r->parameters as $key => $value) {
$sql = " SELECT setting_value FROM " . $table_prefix . "global_settings ";
$sql .= " WHERE setting_type='products' AND setting_name='" . $key . "'";
$sql .= " AND ( site_id=1 OR site_id=" . $db->tosql($param_site_id, INTEGER) . ") ";
$sql .= " ORDER BY site_id DESC ";
$r->set_value($key, get_db_value($sql));
}
// check data for categories columns
$cc_eg->set_value("category_id", 0);
$cc_eg->change_property("column_id", USE_IN_SELECT, true);
$cc_eg->change_property("column_id", USE_IN_WHERE, false);
$cc_eg->change_property("category_id", USE_IN_WHERE, true);
$cc_eg->change_property("category_id", USE_IN_SELECT, true);
$columns_number = $cc_eg->get_db_values();
}
if ($columns_number == 0) {
$columns_number = 5;
}
// set parameters
$r->set_parameters();
$t->set_var("rp", htmlspecialchars($return_page));
if ($db_type == "mysql") {
$new_template_id = get_db_value(" SELECT LAST_INSERT_ID() ");
$r->set_value("template_id", $new_template_id);
} elseif ($db_type == "access") {
$new_template_id = get_db_value(" SELECT @@IDENTITY ");
$r->set_value("template_id", $new_template_id);
} elseif ($db_type == "db2") {
$new_template_id = get_db_value(" SELECT PREVVAL FOR seq_" . $table_prefix . "export_templates FROM " . $table_prefix . "export_templates");
$r->set_value("template_id", $new_template_id);
}
if (strlen($new_template_id)) {
// start adding fields
$fld = new VA_Record($table_prefix . "export_fields");
$fld->add_where("field_id", INTEGER);
$fld->add_textbox("template_id", INTEGER);
$fld->set_value("template_id", $new_template_id);
$fld->add_textbox("field_order", INTEGER);
$fld->add_textbox("field_title", TEXT);
$fld->add_textbox("field_source", TEXT);
$field_order = 0;
$total_columns = get_param("total_columns");
for ($col = 1; $col <= $total_columns; $col++) {
$field_title = get_param("column_title_" . $col);
$field_source = get_param("field_source_" . $col);
$column_checked = get_param("db_column_" . $col);
if ($column_checked) {
// if there is column title we can save this field even if it source empty
$field_order++;
$fld->set_value("field_order", $field_order);
$fld->set_value("field_title", $field_title);
$fld->set_value("field_source", $field_source);
$sql .= " WHERE setting_type='order_confirmation'";
if (isset($site_id)) {
$sql .= " AND (site_id=1 OR site_id=" . $db->tosql($site_id, INTEGER, true, false) . ")";
$sql .= " ORDER BY site_id ASC ";
} else {
$sql .= " AND site_id=1 ";
}
$db->query($sql);
while ($db->next_record()) {
$order_confirmation[$db->f("setting_name")] = $db->f("setting_value");
}
$confirmed_order_status = 3;
$r = new VA_Record($table_prefix . "orders");
$r->errors = $order_errors;
$r->add_where("order_id", INTEGER);
$r->set_value("order_id", $order_id);
$r->add_textbox("is_confirmed", INTEGER);
$r->change_property("is_confirmed", USE_IN_UPDATE, false);
$r->add_textbox("error_message", TEXT);
$r->add_textbox("pending_message", TEXT);
$r->add_textbox("transaction_id", TEXT);
$r->change_property("transaction_id", USE_IN_UPDATE, false);
$r->add_textbox("authorization_code", TEXT);
// AVS fields
$r->add_textbox("avs_response_code", TEXT);
$r->add_textbox("avs_message", TEXT);
$r->add_textbox("avs_address_match", TEXT);
$r->add_textbox("avs_zip_match", TEXT);
$r->add_textbox("cvv2_match", TEXT);
// 3D fields
$r->add_textbox("secure_3d_check", TEXT);
$r->change_property("same_as_personal", USE_IN_INSERT, false);
$r->change_property("same_as_personal", USE_IN_UPDATE, false);
if ($personal_number < 1 || $delivery_number < 1) {
$r->change_property("same_as_personal", SHOW, false);
}
$r->add_checkbox("subscribe", INTEGER);
$r->change_property("subscribe", USE_IN_SELECT, false);
$r->change_property("subscribe", USE_IN_INSERT, false);
$r->change_property("subscribe", USE_IN_UPDATE, false);
if ($subscribe_block && ($login_field_type == 2 || $r->parameter_exists("email") && $r->get_property_value("email", SHOW) || $r->parameter_exists("delivery_email") && $r->get_property_value("delivery_email", SHOW))) {
$r->change_property("subscribe", SHOW, true);
} else {
$r->change_property("subscribe", SHOW, false);
}
$r->get_form_values();
$r->set_value("user_type_id", $type_id);
$r->set_value("type", $type_id);
$r->set_value("registration_last_step", $registration_last_step);
$r->set_value("registration_total_steps", $registration_total_steps);
$r->set_value("is_sms_allowed", $group_sms_allowed);
if ($r->parameter_exists("birth_date")) {
//$r->change_property("birth_date", REQUIRED, false);
if (!$r->is_empty("birth_month") || !$r->is_empty("birth_day") || !$r->is_empty("birth_year")) {
$r->change_property("birth_month", REQUIRED, true);
$r->change_property("birth_day", REQUIRED, true);
$r->change_property("birth_year", REQUIRED, true);
$birth_month = $r->get_value("birth_month");
$birth_day = $r->get_value("birth_day");
$birth_year = $r->get_value("birth_year");
if ($birth_month && $birth_day > 0 && $birth_day < 32 && $birth_year > 1900 && $birth_year < date("Y")) {
$birth_date = $birth_year . "-" . $birth_month . "-" . $birth_day;
$where .= " o.order_placed_date<" . $db->tosql($day_after_end, DATE);
}
$t->set_var("status_select_style", "");
$t->set_var("status_checkboxes_style", "style='display:none;'");
if (!$r->is_empty("s_os_list")) {
if (strlen($where)) {
$where .= " AND ";
}
$s_os_list = $r->get_value("s_os_list");
if (count($s_os_list) > 1) {
$where .= " o.order_status IN(" . $db->tosql($s_os_list, INTEGERS_LIST) . ")";
$t->set_var("status_select_style", "style='display:none;'");
$t->set_var("status_checkboxes_style", "");
} else {
$s_os = $s_os_list[0];
$r->set_value("s_os", $s_os);
$r->parameters["s_os_list"][3] = array();
$where .= " o.order_status=" . $db->tosql($s_os, INTEGER);
}
} elseif (!$r->is_empty("s_os")) {
$s_os = $r->get_value("s_os");
if (strlen($where)) {
$where .= " AND ";
}
$where .= " o.order_status=" . $db->tosql($s_os, INTEGER);
} else {
if ($r->is_empty("s_on")) {
if (strlen($where)) {
$where .= " AND ";
}
$where .= " (os.is_list=1 OR os.is_list IS NULL) ";
// check if payment system support 3D secure
$secure_3d = false;
// include payment module only if total order value greater than zero
if ($order_total > 0) {
// use php library to validate transaction
$order_step = "final";
if (file_exists($validation_php_lib)) {
include_once $validation_php_lib;
} else {
$error_message = APPROPRIATE_LIBRARY_ERROR_MSG . ": " . $validation_php_lib;
}
}
if ($update_order_data) {
$r = new VA_Record($table_prefix . "orders");
$r->add_where("order_id", INTEGER);
$r->set_value("order_id", $order_id);
$r->add_textbox("error_message", TEXT);
$r->add_textbox("pending_message", TEXT);
$r->add_textbox("transaction_id", TEXT);
$r->change_property("transaction_id", USE_IN_UPDATE, false);
$r->add_textbox("authorization_code", TEXT);
// AVS fields
$r->add_textbox("avs_response_code", TEXT);
$r->add_textbox("avs_message", TEXT);
$r->add_textbox("avs_address_match", TEXT);
$r->add_textbox("avs_zip_match", TEXT);
$r->add_textbox("cvv2_match", TEXT);
// 3D fields
$r->add_textbox("secure_3d_check", TEXT);
$r->add_textbox("secure_3d_status", TEXT);
$r->add_textbox("secure_3d_md", TEXT);
$r_id->set_value("order_id", $order_id);
$r_id->add_textbox("user_id", INTEGER);
$r_id->set_value("user_id", $user_id);
$r_id->add_textbox("order_item_id", INTEGER);
$r_id->add_textbox("item_id", INTEGER);
$r_id->add_textbox("download_path", TEXT);
$r_id->add_textbox("activated", INTEGER);
$r_id->add_textbox("max_downloads", INTEGER);
// how many times from different IPs user can download product during the month
$r_id->add_textbox("download_added", DATETIME);
$r_id->add_textbox("download_expiry", DATETIME);
$r_id->add_textbox("download_limit", INTEGER);
// how many times user can download product
$ois = new VA_Record($table_prefix . "orders_items_serials");
$ois->add_textbox("order_id", INTEGER);
$ois->set_value("order_id", $order_id);
$ois->add_textbox("user_id", INTEGER);
$ois->set_value("user_id", $user_id);
$ois->add_textbox("order_item_id", INTEGER);
$ois->add_textbox("item_id", INTEGER);
$ois->add_textbox("serial_number", TEXT);
$ois->add_textbox("activated", INTEGER);
$ois->add_textbox("activations_number", INTEGER);
$ois->add_textbox("serial_added", DATETIME);
$ois->add_textbox("serial_expiry", DATETIME);
$sql = " SELECT setting_value FROM " . $table_prefix . "global_settings ";
$sql .= " WHERE setting_type='download_info' ";
$sql .= " AND setting_name='max_downloads' ";
if (isset($site_id)) {
$sql .= " AND (site_id=1 OR site_id=" . $db->tosql($site_id, INTEGER, true, false) . ")";
$sql .= " ORDER BY site_id DESC ";
}
$r->validate();
$password_encrypt = get_setting_value($settings, "password_encrypt", 0);
if (!$r->is_empty("current_password")) {
$current_password = $r->get_value("current_password");
if ($password_encrypt == 1) {
$password_match = md5($current_password);
} else {
$password_match = $current_password;
}
$sql = " SELECT password FROM " . $table_prefix . "users WHERE user_id=" . $db->tosql($user_id, INTEGER);
$sql .= " AND password="******"{field_name}", $r->parameters["current_password"][CONTROL_DESC], INCORRECT_VALUE_MESSAGE);
}
}
if (!strlen($r->errors)) {
if ($password_encrypt) {
$r->set_value("password", md5($r->get_value("password")));
}
$r->set_value("user_id", $user_id);
$r->set_value("modified_date", va_time());
$r->update_record();
header("Location: " . $return_page . "?updated=password");
exit;
}
}
$r->set_parameters();
$block_parsed = true;
$t->parse("block_body", false);
