/** * Validates the Input Parameters onBeforeModuleUpdate * * @param array $d * @return boolean */ function validate_update(&$d) { global $vmLogger, $VM_LANG; if (empty($d['module_name'])) { $vmLogger->err($VM_LANG->_('VM_MODULE_ERR_NAME')); return False; } else { $db = new ps_DB(); $q = "SELECT COUNT(*) AS rowcnt FROM #__{vm}_module WHERE module_name='" . $db->getEscaped($d['module_name']) . "' AND module_id <> " . (int) $d['module_id']; $db->query($q); $db->next_record(); if ($db->f("rowcnt") > 0) { $vmLogger->err($VM_LANG->_('VM_MODULE_ERR_EXISTS')); return False; } } if (empty($d['module_perms'])) { $vmLogger->err($VM_LANG->_('VM_MODULE_ERR_PERMS')); return false; } if (empty($d['list_order'])) { $d['list_order'] = "99"; } return True; }
/** * Validates the Input Parameters onBeforeShopperGroupAdd * * @param array $d * @return boolean */ function validate_add(&$d) { global $VM_LANG; $db = new ps_DB(); $ps_vendor_id = $_SESSION["ps_vendor_id"]; if (empty($d["shopper_group_name"])) { $GLOBALS['vmLogger']->err($VM_LANG->_('SHOPPER_GROUP_MISSING_NAME')); return False; } else { $q = "SELECT COUNT(*) as num_rows FROM #__{vm}_shopper_group"; $q .= " WHERE shopper_group_name='" . $db->getEscaped(vmGet($d, 'shopper_group_name')) . "'"; $q .= " AND vendor_id='" . $ps_vendor_id . "'"; $db->query($q); $db->next_record(); if ($db->f("num_rows") > 0) { $GLOBALS['vmLogger']->err($VM_LANG->_('SHOPPER_GROUP_ALREADY_EXISTS')); return False; } } if (empty($d["shopper_group_discount"])) { $d["shopper_group_discount"] = 0; } $d["show_price_including_tax"] = isset($d["show_price_including_tax"]) ? $d["show_price_including_tax"] : 0; return True; }
function validate_update(&$d) { global $VM_LANG; if (!$this->validate($d)) { return false; } $db = $this->get(intval($d["order_status_id"])); if ($db->f('order_status_code')) { $order_status_code = $db->f('order_status_code'); // Check if the Order Status Code of protected Order Statuses is to be changed if (in_array($order_status_code, $this->_protected_status_codes) && $order_status_code != $d["order_status_code"]) { $vmLogger->err($VM_LANG->_('VM_ORDERSTATUS_CHANGE_ERR_CORE')); return False; } if ($order_status_code != $d["order_status_code"]) { // If the order Status Code has changed, we need to update all orders with this order status to use the new Status Code $dbo = new ps_DB(); $dbo->query('UPDATE #__{vm}_orders SET order_status=\'' . $dbo->getEscaped($d["order_status_code"]) . '\' WHERE order_status=\'' . $order_status_code . '\''); } return true; } else { return false; } }
/** * Validates the input parameters onCountryAdd * * @param array $d * @return boolean */ function validate_add($d) { global $vmLogger; $db = new ps_DB(); if (!$d["country_name"]) { $vmLogger->err("You must enter a name for the country."); return False; } if (!$d["country_2_code"]) { $vmLogger->err("You must enter a 2 symbol code for the country."); return False; } if (!$d["country_3_code"]) { $vmLogger->err('You must enter a 3 symbol code for the country.'); return False; } if ($d["country_name"]) { $q = "SELECT count(*) as rowcnt from #__{vm}_country where"; $q .= " country_name='" . $db->getEscaped($d["country_name"]) . "'"; $db->query($q); $db->next_record(); if ($db->f("rowcnt") > 0) { $vmLogger->err("The given country name already exists."); return False; } } return True; }
function validateOnSave(&$d) { global $vmLogger, $VM_LANG; /* if( !$this->validate($d)) { return false; }*/ switch ($d['type']) { case 'date': $d['cType'] = 'DATE'; break; case 'editorta': case 'textarea': case 'multiselect': case 'multicheckbox': $d['cType'] = 'MEDIUMTEXT'; break; case 'letterman_subscription': case 'yanc_subscription': case 'anjel_subscription': case 'ccnewsletter_subscription': // Set params = $d['params'] = 'newsletter=' . substr($d['type'], 0, strpos($d['type'], '_')) . "\n"; $d['type'] = 'checkbox'; case 'checkbox': $d['cType'] = 'TINYINT'; break; case 'euvatid': $d['params'] = 'shopper_group_id=' . $d['shopper_group_id'] . "\n"; $d['cType'] = 'VARCHAR(255)'; break; case 'age_verification': $d['params'] = 'minimum_age=' . (int) $d['minimum_age'] . "\n"; default: $d['cType'] = 'VARCHAR(255)'; break; } $db = new ps_DB(); $sql = "SELECT COUNT(*) as num_rows FROM `#__{vm}_userfield` WHERE name='" . $db->getEscaped($d['name']) . "'"; if (!empty($d['fieldid'])) { $sql .= ' AND fieldid != ' . intval($d['fieldid']); } $db->query($sql); $db->next_record(); if ($db->f('num_rows')) { $vmLogger->err(sprintf($VM_LANG->_('VM_USERFIELD_ERR_ALREADY'), $d['name'])); return false; } return true; }
/** * Validates the input parameters onBeforeCreditCardAdd * * @param array $d * @return boolean */ function validate_add($d) { global $vmLogger, $VM_LANG; $db = new ps_DB(); if (!$d["creditcard_name"]) { $vmLogger->err($VM_LANG->_('VM_CREDITCARD_ERR_NAME')); return False; } if (!$d["creditcard_code"]) { $vmLogger->err($VM_LANG->_('VM_CREDITCARD_ERR_CODE')); return False; } $q = "SELECT count(*) as rowcnt FROM `#__{vm}_creditcard` WHERE"; $q .= " creditcard_name='" . $db->getEscaped($d["creditcard_name"]) . "' OR "; $q .= " creditcard_code='" . $db->getEscaped($d["creditcard_code"]) . "'"; $db->query($q); $db->next_record(); if ($db->f("rowcnt") > 0) { $vmLogger->err($VM_LANG->_('VM_CREDITCARD_EXISTS')); return False; } return True; }
/** * Retrieves a record with the specified ID from the table associated with this entitiy type * In case of success, returns a ps_DB object with a prepared recordset * In case of failure returns false * @param mixed $id * @return mixed */ function get($id) { $key = $this->getKey(); $table = $this->getTable(); $db = new ps_DB(); if (!empty($id)) { $query = 'SELECT * FROM `' . $table . '` WHERE `' . $key . '`='; if (is_numeric($id)) { $query .= (int) $id; } else { $query .= '\'' . $db->getEscaped($id) . '\''; } $db->query($query); $db->next_record(); } return $db; }
/** * Validate the Input Parameters onBeforeManufacturerCategoryAdd * * @param array $d * @return boolean */ function validate_add($d) { global $VM_LANG; $db = new ps_DB(); if (!$d["mf_category_name"]) { $GLOBALS['vmLogger']->err($VM_LANG->_('VM_MANUF_CAT_ERR_NAME')); return False; } else { $q = "SELECT count(*) as rowcnt from #__{vm}_manufacturer_category where"; $q .= " mf_category_name='" . $db->getEscaped($d["mf_category_name"]) . "'"; $db->query($q); $db->next_record(); if ($db->f("rowcnt") > 0) { $GLOBALS['vmLogger']->err($VM_LANG->_('VM_MANUF_CAT_ERR_EXISTS')); return False; } } return True; }
/** * Validates the Input Parameters onBeforeShopperGroupAdd * * @param array $d * @return boolean */ function validate_add(&$d) { $db = new ps_DB(); $ps_vendor_id = $_SESSION["ps_vendor_id"]; if (empty($d["shopper_group_name"])) { $GLOBALS['vmLogger']->err('You must enter a shopper group name.'); return False; } else { $q = "SELECT COUNT(*) as num_rows FROM #__{vm}_shopper_group"; $q .= " WHERE shopper_group_name='" . $db->getEscaped(vmGet($d, 'shopper_group_name')) . "'"; $q .= " AND vendor_id='" . $ps_vendor_id . "'"; $db->query($q); $db->next_record(); if ($db->f("num_rows") > 0) { $GLOBALS['vmLogger']->err('Shopper group already exists for this vendor.'); return False; } } if (empty($d["shopper_group_discount"])) { $d["shopper_group_discount"] = 0; } $d["show_price_including_tax"] = isset($d["show_price_including_tax"]) ? $d["show_price_including_tax"] : 0; return True; }
/** * Gets the username from joomla if there is one associated to the paypal express payerID * @param string $payerID * @return string, False on failure */ function ppex_getUsername($payerID) { global $vmLogger; if (empty($payerID)) { $vmLogger->debug("Error: No PayerID Given"); return false; } $db = new ps_DB(); $dbb = new ps_DB(); $q = "SELECT * FROM #__{vm}_user_info WHERE extra_field_3 = '" . $db->getEscaped($payerID) . "' ORDER by mdate DESC"; $db->query($q); if ($db->num_rows() > 0) { while ($db->next_record()) { $uid = $db->f('user_id'); //Now lets try and see if the uid has a real username with joomla $q2 = "SELECT * FROM #__users WHERE `id` = '" . $db->getEscaped($uid) . "'"; $dbb->query($q2); if ($dbb->num_rows() > 0) { $dbb->next_record(); $username = $dbb->f('username'); if (!empty($username)) { return $username; } } } } return false; }
/** * Updates a Shipping Adress for the specified user info ID * * @param array $d * @return boolean */ function update(&$d) { global $perm, $VM_LANG; require_once CLASSPATH . 'ps_userfield.php'; $db = new ps_DB(); $timestamp = time(); if (!$this->validate_update($d)) { return false; } // Get all fields which where shown to the user $shippingFields = ps_userfield::getUserFields('shipping', false, '', true); $skip_fields = ps_userfield::getSkipFields(); foreach ($shippingFields as $userField) { if (!in_array($userField->name, $skip_fields)) { $fields[$userField->name] = ps_userfield::prepareFieldDataSave($userField->type, $userField->name, vmGet($d, $userField->name, strtoupper($userField->name))); } } // These are pre-defined fields. $fields['user_id'] = !$perm->check("admin,storeadmin") ? $_SESSION['auth']['user_id'] : (int) $d["user_id"]; $fields['address_type'] = 'ST'; $fields['mdate'] = time(); $db->buildQuery('UPDATE', '#__{vm}_user_info', $fields, "WHERE user_info_id='" . $db->getEscaped($d["user_info_id"]) . "'" . (!$perm->check("admin,storeadmin") ? " AND user_id=" . $_SESSION['auth']['user_id'] : '')); if ($db->query() === false) { $GLOBALS['vmLogger']->err($VM_LANG->_('VM_USERADDRESS_UPDATED_FAILED')); return false; } $GLOBALS['vmLogger']->info($VM_LANG->_('VM_USERADDRESS_UPDATED')); vmRequest::setVar('ship_to_info_id', $d['user_info_id']); return true; }
/** * Handles a download Request * * @param array $d * @return boolean */ function download_request(&$d) { global $download_id, $VM_LANG, $vmLogger; $db = new ps_DB(); $download_id = $db->getEscaped(vmGet($d, "download_id")); $q = "SELECT * FROM #__{vm}_product_download WHERE"; $q .= " download_id = '{$download_id}'"; $db->query($q); $db->next_record(); $download_id = $db->f("download_id"); $file_name = $db->f("file_name"); if (strncmp($file_name, 'http', 4) !== 0) { $datei = DOWNLOADROOT . $file_name; } else { $datei = $file_name; } $download_max = $db->f("download_max"); $end_date = $db->f("end_date"); $zeit = time(); if (!$download_id) { $vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_INV', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } elseif ($download_max == "0") { $q = "DELETE FROM #__{vm}_product_download"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); $vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_MAX', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } elseif ($end_date != "0" && $zeit > $end_date) { $q = "DELETE FROM #__{vm}_product_download"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); $vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_EXP', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } require_once CLASSPATH . 'connectionTools.class.php'; $download_count = true; if (@file_exists($datei)) { // Check if this is a request for a special range of the file (=Resume Download) $range_request = vmConnector::http_rangeRequest(filesize($datei), false); if ($range_request[0] == 0) { // this is not a request to resume a download, $download_count = true; } else { $download_count = false; } } else { $download_count = false; } // Parameter to check if the file should be removed after download, which is only true, // if we have a remote file, which was transferred to this server into a temporary file $unlink = false; if (strncmp($datei, 'http', 4) === 0) { require_once CLASSPATH . 'ps_product_files.php'; $datei_local = ps_product_files::getRemoteFile($datei); if ($datei_local !== false) { $datei = $datei_local; $unlink = true; } else { $vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false)); return false; } } else { // Check, if file path is correct // and file is if (!@file_exists($datei)) { $vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } if (!@is_readable($datei)) { $vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTREADABLE', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } } if ($download_count) { // decrement the download_max to limit the number of downloads $q = "UPDATE `#__{vm}_product_download` SET"; $q .= " `download_max`=`download_max` - 1"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); } if ($end_date == "0") { // Set the Download Expiry Date, so the download can expire after DOWNLOAD_EXPIRE seconds $end_date = time('u') + DOWNLOAD_EXPIRE; $q = "UPDATE #__{vm}_product_download SET"; $q .= " end_date={$end_date}"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); } if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) { $UserBrowser = "Opera"; } elseif (ereg('MSIE ([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) { $UserBrowser = "IE"; } else { $UserBrowser = ''; } $mime_type = $UserBrowser == 'IE' || $UserBrowser == 'Opera' ? 'application/octetstream' : 'application/octet-stream'; // dump anything in the buffer while (@ob_end_clean()) { } vmConnector::sendFile($datei, $mime_type, basename($file_name)); if ($unlink) { // remove the temporarily downloaded remote file @unlink($datei); } $GLOBALS['vm_mainframe']->close(true); }
function list_rates(&$d) { global $VM_LANG, $CURRENCY_DISPLAY, $mosConfig_absolute_path; $db = new ps_DB(); $dbv = new ps_DB(); $dbc = new ps_DB(); /** Read current Configuration ***/ require_once CLASSPATH . "shipping/" . __CLASS__ . ".cfg.php"; $q = "SELECT * FROM `#__{vm}_user_info`, `#__{vm}_country` WHERE user_info_id='" . $db->getEscaped($d["ship_to_info_id"]) . "' AND ( country=country_2_code OR country=country_3_code)"; $db->query($q); $db->next_record(); $q = "SELECT * FROM #__{vm}_vendor WHERE vendor_id='" . $_SESSION['ps_vendor_id'] . "'"; $dbv->query($q); $dbv->next_record(); $order_weight = $d['weight']; if ($order_weight > 0) { //USPS Username $usps_username = USPS_USERNAME; //USPS Password $usps_password = USPS_PASSWORD; //USPS Server $usps_server = USPS_SERVER; //USPS Path $usps_path = USPS_PATH; //USPS package size $usps_packagesize = USPS_PACKAGESIZE; //USPS Package ID $usps_packageid = 0; //USPS International Per Pound Rate $usps_intllbrate = USPS_INTLLBRATE; //USPS International handling fee $usps_intlhandlingfee = USPS_INTLHANDLINGFEE; //Pad the shipping weight to allow weight for shipping materials $usps_padding = USPS_PADDING; $usps_padding = $usps_padding * 0.01; $order_weight = $order_weight * $usps_padding + $order_weight; //USPS Machinable for Parcel Post $usps_machinable = USPS_MACHINABLE; if ($usps_machinable == '1') { $usps_machinable = 'TRUE'; } else { $usps_machinable = 'FALSE'; } //USPS Shipping Options to display $usps_ship[0] = USPS_SHIP0; $usps_ship[1] = USPS_SHIP1; $usps_ship[2] = USPS_SHIP2; $usps_ship[3] = USPS_SHIP3; $usps_ship[4] = USPS_SHIP4; $usps_ship[5] = USPS_SHIP5; $usps_ship[6] = USPS_SHIP6; $usps_ship[7] = USPS_SHIP7; $usps_ship[8] = USPS_SHIP8; $usps_ship[9] = USPS_SHIP9; $usps_ship[10] = USPS_SHIP10; foreach ($usps_ship as $key => $value) { if ($value == '1') { $usps_ship[$key] = 'TRUE'; } else { $usps_ship[$key] = 'FALSE'; } } $usps_intl[0] = USPS_INTL0; $usps_intl[1] = USPS_INTL1; $usps_intl[2] = USPS_INTL2; $usps_intl[3] = USPS_INTL3; $usps_intl[4] = USPS_INTL4; $usps_intl[5] = USPS_INTL5; $usps_intl[6] = USPS_INTL6; $usps_intl[7] = USPS_INTL7; $usps_intl[8] = USPS_INTL8; // $usps_intl[9] = USPS_INTL9; foreach ($usps_intl as $key => $value) { if ($value == '1') { $usps_intl[$key] = 'TRUE'; } else { $usps_intl[$key] = 'FALSE'; } } //Title for your request $request_title = "Shipping Estimate"; //The zip that you are shipping from $source_zip = substr($dbv->f("vendor_zip"), 0, 5); $shpService = 'All'; //"Priority"; //The zip that you are shipping to $dest_country = $db->f("country_2_code"); if ($dest_country == "GB") { $q = "SELECT state_name FROM #__{vm}_state WHERE state_2_code='" . $db->f("state") . "'"; $dbc->query($q); $dbc->next_record(); $dest_country_name = $dbc->f("state_name"); } else { $dest_country_name = $db->f("country_name"); } $dest_state = $db->f("state"); $dest_zip = substr($db->f("zip"), 0, 5); //$weight_measure if ($order_weight < 1) { $shipping_pounds_intl = 0; } else { $shipping_pounds_intl = ceil($order_weight); } if ($order_weight < 0.88) { $shipping_pounds = 0; $shipping_ounces = round(16 * ($order_weight - floor($order_weight))); } else { $shipping_pounds = ceil($order_weight); $shipping_ounces = 0; } $os = array("Mac", "NT", "Irix", "Linux"); $states = array("AL", "AK", "AR", "AZ", "CA", "CO", "CT", "DC", "DE", "FL", "GA", "HI", "IA", "ID", "IL", "IN", "KS", "KY", "LA", "MA", "MD", "ME", "MI", "MN", "MO", "MS", "MT", "NC", "ND", "NE", "NH", "NJ", "NM", "NV", "NY", "OH", "OK", "OR", "PA", "RI", "SC", "SD", "TN", "TX", "UT", "VT", "VA", "WA", "WI", "WV", "WY"); //If weight is over 70 pounds, round down to 70 for now. //Will update in the future to be able to split the package or something? if ($order_weight > 70.0) { echo "We are unable to ship USPS as the package weight exceeds the 70 pound limit,<br>please select another shipping method."; } else { if ($dest_country == "US" && in_array($dest_state, $states)) { /******START OF DOMESTIC RATE******/ //the xml that will be posted to usps $xmlPost = 'API=RateV2&XML=<RateV2Request USERID="' . $usps_username . '" PASSWORD="******">'; $xmlPost .= '<Package ID="' . $usps_packageid . '">'; $xmlPost .= "<Service>" . $shpService . "</Service>"; $xmlPost .= "<ZipOrigination>" . $source_zip . "</ZipOrigination>"; $xmlPost .= "<ZipDestination>" . $dest_zip . "</ZipDestination>"; $xmlPost .= "<Pounds>" . $shipping_pounds . "</Pounds>"; $xmlPost .= "<Ounces>" . $shipping_ounces . "</Ounces>"; $xmlPost .= "<Size>" . $usps_packagesize . "</Size>"; $xmlPost .= "<Machinable>" . $usps_machinable . "</Machinable>"; $xmlPost .= "</Package></RateV2Request>"; // echo htmlentities( $xmlPost ); $host = $usps_server; //$host = "production.shippingapis.com"; $path = $usps_path; //"/ups.app/xml/Rate"; //$path = "/ShippingAPI.dll"; $port = 80; $protocol = "http"; $html = ""; //echo "<textarea>".$protocol."://".$host.$path."?API=Rate&XML=".$xmlPost."</textarea>"; // Using cURL is Up-To-Date and easier!! if (function_exists("curl_init")) { $CR = curl_init(); curl_setopt($CR, CURLOPT_URL, $protocol . "://" . $host . $path); //"?API=RateV2&XML=".$xmlPost); curl_setopt($CR, CURLOPT_POST, 1); curl_setopt($CR, CURLOPT_FAILONERROR, true); curl_setopt($CR, CURLOPT_POSTFIELDS, $xmlPost); curl_setopt($CR, CURLOPT_RETURNTRANSFER, 1); $xmlResult = curl_exec($CR); $error = curl_error($CR); if (!empty($error)) { $GLOBALS['vmLogger']->err(curl_error($CR)); $html = "<br/><span class=\"message\">" . $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . " USPS.com</span>"; $error = true; } else { /* XML Parsing */ require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php'; $xmlDoc = new DOMIT_Lite_Document(); $xmlDoc->parseXML($xmlResult, false, true); /* Let's check wether the response from USPS is Success or Failure ! */ if (strstr($xmlResult, "Error")) { $error = true; $html = "<span class=\"message\">" . $VM_LANG->_('PHPSHOP_USPS_RESPONSE_ERROR') . "</span><br/>"; $error_code = $xmlDoc->getElementsByTagName("Number"); $error_code = $error_code->item(0); $error_code = $error_code->getText(); $html .= $VM_LANG->_('PHPSHOP_ERROR_CODE') . ": " . $error_code . "<br/>"; $error_desc = $xmlDoc->getElementsByTagName("Description"); $error_desc = $error_desc->item(0); $error_desc = $error_desc->getText(); $html .= $VM_LANG->_('PHPSHOP_ERROR_DESC') . ": " . $error_desc . "<br/>"; } } curl_close($CR); } else { $protocol = "http"; $fp = fsockopen($protocol . "://" . $host, $errno, $errstr, $timeout = 60); if (!$fp) { $error = true; $html = $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . ": {$errstr} ({$errno})"; } else { //send the server request fputs($fp, "POST {$path} HTTP/1.1\r\n"); fputs($fp, "Host: {$host}\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Content-length: " . strlen($xmlPost) . "\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $xmlPost . "\r\n\r\n"); $xmlResult = ''; while (!feof($fp)) { $xmlResult .= fgets($fp, 4096); } if (stristr($xmlResult, "Success")) { /* XML Parsing */ require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php'; $xmlDoc = new DOMIT_Lite_Document(); $xmlDoc->parseXML($xmlResult, false, true); $error = false; } else { $html = "Error processing the Request to USPS.com"; $error = true; } } } if (DEBUG) { echo "XML Post: <br>"; echo "<textarea cols='80'>" . $protocol . "://" . $host . $path . "?" . $xmlPost . "</textarea>"; echo "<br>"; echo "XML Result: <br>"; echo "<textarea cols='80' rows='10'>" . $xmlResult . "</textarea>"; echo "<br>"; echo "Cart Contents: " . $order_weight . " " . $weight_measure . "<br><br>\n"; } if ($error) { // comment out, if you don't want the Errors to be shown!! //$vmLogger->err( $html ); // Switch to StandardShipping on Error !!! //require_once( CLASSPATH . 'shipping/standard_shipping.php' ); //$shipping = new standard_shipping(); //$shipping->list_rates( $d ); echo "We are unable to ship USPS as the there was an error,<br> please select another shipping method."; return; } // Domestic shipping - add how long it might take $ship_commit[0] = "1 - 2 Days"; $ship_commit[1] = "1 - 2 Days"; $ship_commit[2] = "1 - 2 Days"; $ship_commit[3] = "1 - 3 Days"; $ship_commit[4] = "1 - 3 Days"; $ship_commit[5] = "1 - 3 Days"; $ship_commit[6] = "2 - 9 Days"; $ship_commit[7] = "2 - 9 Days"; $ship_commit[8] = "2 - 9 Days"; $ship_commit[9] = "2 - 9 Days"; $ship_commit[10] = "2 Days or More"; // retrieve the service and postage items $i = 0; if ($order_weight > 15) { $count = 8; $usps_ship[6] = $usps_ship[7]; $usps_ship[7] = $usps_ship[9]; $usps_ship[8] = $usps_ship[10]; } else { if ($order_weight >= 0.86) { $count = 9; $usps_ship[6] = $usps_ship[7]; $usps_ship[7] = $usps_ship[8]; $usps_ship[8] = $usps_ship[9]; $usps_ship[9] = $usps_ship[10]; } else { $count = 10; } } while ($i <= $count) { if (isset($xmlDoc)) { $ship_service[$i] = $xmlDoc->getElementsByTagName('MailService'); $ship_service[$i] = $ship_service[$i]->item($i); $ship_service[$i] = $ship_service[$i]->getText(); $ship_postage[$i] = $xmlDoc->getElementsByTagName('Rate'); $ship_postage[$i] = $ship_postage[$i]->item($i); $ship_postage[$i] = $ship_postage[$i]->getText(); if (preg_match('/%$/', USPS_HANDLINGFEE)) { $ship_postage[$i] = $ship_postage[$i] * (1 + substr(USPS_HANDLINGFEE, 0, -1) / 100); } else { $ship_postage[$i] = $ship_postage[$i] + USPS_HANDLINGFEE; } $i++; } } /******END OF DOMESTIC RATE******/ } else { /******START INTERNATIONAL RATE******/ //the xml that will be posted to usps $xmlPost = 'API=IntlRate&XML=<IntlRateRequest USERID="' . $usps_username . '" PASSWORD="******">'; $xmlPost .= '<Package ID="' . $usps_packageid . '">'; $xmlPost .= "<Pounds>" . $shipping_pounds_intl . "</Pounds>"; $xmlPost .= "<Ounces>" . $shipping_ounces . "</Ounces>"; $xmlPost .= "<MailType>Package</MailType>"; $xmlPost .= "<Country>" . $dest_country_name . "</Country>"; $xmlPost .= "</Package></IntlRateRequest>"; // echo htmlentities( $xmlPost ); $host = $usps_server; //$host = "production.shippingapis.com"; $path = $usps_path; //"/ups.app/xml/Rate"; //$path = "/ShippingAPI.dll"; $port = 80; $protocol = "http"; //echo "<textarea>".$protocol."://".$host.$path."?API=Rate&XML=".$xmlPost."</textarea>"; // Using cURL is Up-To-Date and easier!! if (function_exists("curl_init")) { $CR = curl_init(); curl_setopt($CR, CURLOPT_URL, $protocol . "://" . $host . $path); //"?API=RateV2&XML=".$xmlPost); curl_setopt($CR, CURLOPT_POST, 1); curl_setopt($CR, CURLOPT_FAILONERROR, true); curl_setopt($CR, CURLOPT_POSTFIELDS, $xmlPost); curl_setopt($CR, CURLOPT_RETURNTRANSFER, 1); $xmlResult = curl_exec($CR); //echo "<textarea>".$xmlResult."</textarea>"; $error = curl_error($CR); if (!empty($error)) { $GLOBALS['vmLogger']->err(curl_error($CR)); $html = "<br/><span class=\"message\">" . $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . " USPS.com</span>"; $error = true; } else { /* XML Parsing */ require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php'; $xmlDoc = new DOMIT_Lite_Document(); $xmlDoc->parseXML($xmlResult, false, true); /* Let's check wether the response from USPS is Success or Failure ! */ if (strstr($xmlResult, "Error")) { $error = true; $html = "<span class=\"message\">" . $VM_LANG->_('PHPSHOP_USPS_RESPONSE_ERROR') . "</span><br/>"; $error_code = $xmlDoc->getElementsByTagName("Number"); $error_code = $error_code->item(0); $error_code = $error_code->getText(); $html .= $VM_LANG->_('PHPSHOP_ERROR_CODE') . ": " . $error_code . "<br/>"; $error_desc = $xmlDoc->getElementsByTagName("Description"); $error_desc = $error_desc->item(0); $error_desc = $error_desc->getText(); $html .= $VM_LANG->_('PHPSHOP_ERROR_DESC') . ": " . $error_desc . "<br/>"; } } curl_close($CR); } else { $protocol = "http"; $fp = fsockopen($protocol . "://" . $host, $errno, $errstr, $timeout = 60); if (!$fp) { $error = true; $html = $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . ": {$errstr} ({$errno})"; } else { //send the server request fputs($fp, "POST {$path} HTTP/1.1\r\n"); fputs($fp, "Host: {$host}\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Content-length: " . strlen($xmlPost) . "\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $xmlPost . "\r\n\r\n"); $xmlResult = ''; while (!feof($fp)) { $xmlResult .= fgets($fp, 4096); } if (stristr($xmlResult, "Success")) { /* XML Parsing */ require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php'; $xmlDoc = new DOMIT_Lite_Document(); $xmlDoc->parseXML($xmlResult, false, true); $error = false; } else { $html = "Error processing the Request to USPS.com"; $error = true; } } } if (DEBUG) { echo "XML Post: <br>"; echo "<textarea cols='80'>" . $protocol . "://" . $host . $path . "?" . $xmlPost . "</textarea>"; echo "<br>"; echo "XML Result: <br>"; echo "<textarea cols='80' rows='10'>" . $xmlResult . "</textarea>"; echo "<br>"; echo "Cart Contents: " . $order_weight . " " . $weight_measure . "<br><br>\n"; } if ($error) { // comment out, if you don't want the Errors to be shown!! //$vmLogger->err( $html ); // Switch to StandardShipping on Error !!! //require_once( CLASSPATH . 'shipping/standard_shipping.php' ); //$shipping = new standard_shipping(); //$shipping->list_rates( $d ); //return; echo "We are unable to ship USPS as there was an error,<br> please select another shipping method."; } // retrieve the service and postage items $i = 0; $numChildren = 0; $numChildren = $xmlDoc->documentElement->firstChild->childCount; $numChildren = $numChildren - 7; // this line removes the preceeding 6 lines of crap not needed plus 1 to make up for the $i starting at 0 while ($i <= $numChildren) { if (isset($xmlDoc)) { $ship_service[$i] = $xmlDoc->getElementsByTagName("SvcDescription"); $ship_service[$i] = $ship_service[$i]->item($i); $ship_service[$i] = $ship_service[$i]->getText(); $ship_weight[$i] = $xmlDoc->getElementsByTagName("MaxWeight"); $ship_weight[$i] = $ship_weight[$i]->item($i); $ship_weight[$i] = $ship_weight[$i]->getText($i); } $i++; } // retrieve postage for countries that support all nine shipping methods and weights $ship_weight[8] = $ship_weight[8] / 16; if ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5] && $ship_weight[6] && $ship_weight[7] && $ship_weight[8]) { $count = 8; } elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5] && $ship_weight[6] && $ship_weight[7]) { $count = 7; // $usps_intl[6] = $usps_intl[7]; } elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5] && $ship_weight[6]) { $count = 6; } elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5]) { $count = 5; } elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4]) { $count = 4; } elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3]) { $count = 3; } elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2]) { $count = 2; } elseif ($order_weight <= $ship_weight[0] && $ship_weight[1]) { $count = 1; } elseif ($order_weight <= $ship_weight[0]) { $count = 0; } else { echo "We are unable to ship USPS as the package weight exceeds what your<br>country allows, please select another shipping method."; } $i = 0; while ($i <= $numChildren) { if (isset($xmlDoc)) { $ship_service[$i] = $xmlDoc->getElementsByTagName("SvcDescription"); $ship_service[$i] = $ship_service[$i]->item($i); $ship_service[$i] = $ship_service[$i]->getText(); $ship_commit[$i] = $xmlDoc->getElementsByTagName("SvcCommitments"); $ship_commit[$i] = $ship_commit[$i]->item($i); $ship_commit[$i] = $ship_commit[$i]->getText(); $ship_postage[$i] = $xmlDoc->getElementsByTagName("Postage"); $ship_postage[$i] = $ship_postage[$i]->item($i); $ship_postage[$i] = $ship_postage[$i]->getText($i); $ship_postage[$i] = $ship_postage[$i] + USPS_INTLHANDLINGFEE; $i++; } /******END INTERNATIONAL RATE******/ } } $i = 0; while ($i <= $count) { $html = ""; // USPS returns Charges in USD. $charge[$i] = $ship_postage[$i]; $ship_postage[$i] = $CURRENCY_DISPLAY->getFullValue($charge[$i]); $shipping_rate_id = urlencode(__CLASS__ . "|USPS|" . $ship_service[$i] . "|" . $charge[$i]); //$checked = (@$d["shipping_rate_id"] == $value) ? "checked=\"checked\"" : ""; $html .= "\n<input type=\"radio\" name=\"shipping_rate_id\" checked=\"checked\" value=\"{$shipping_rate_id}\" id=\"{$shipping_rate_id}\" />\n"; $_SESSION[$shipping_rate_id] = 1; $html .= "<label for=\"{$shipping_rate_id}\">"; $html .= "USPS " . $ship_service[$i] . " "; $html .= "<strong>(" . $ship_postage[$i] . ")</strong>"; if (USPS_SHOW_DELIVERY_QUOTE == 1) { $html .= " - " . $ship_commit[$i]; } $html .= "</label>"; $html .= "<br />"; if ($dest_country_name == "United States" && $usps_ship[$i] == "TRUE") { echo $html; } else { if ($dest_country_name != "United States" && $usps_intl[$i] == "TRUE") { echo $html; } } $i++; } } } return true; }
function process_coupon_code($d) { global $VM_LANG, $vmLogger; /* init the database */ $coupon_db = new ps_DB(); /* we need some functions from the checkout module */ require_once CLASSPATH . "ps_checkout.php"; $checkout = new ps_checkout(); if (empty($d['total'])) { $totals = $checkout->calc_order_totals($d); $d['total'] = $totals['order_subtotal'] + $totals['order_tax'] + $totals['order_shipping'] + $totals['order_shipping_tax'] - $totals['payment_discount']; } $d['coupon_code'] = trim(vmGet($_REQUEST, 'coupon_code')); $coupon_id = vmGet($_SESSION, 'coupon_id', null); $q = 'SELECT coupon_id, coupon_code, percent_or_total, coupon_value, coupon_type FROM #__{vm}_coupons WHERE '; if ($coupon_id) { /* the query to select the coupon coupon_code */ $q .= 'coupon_id = ' . intval($coupon_id); } else { /* the query to select the coupon coupon_code */ $q .= 'coupon_code = \'' . $coupon_db->getEscaped($d['coupon_code']) . '\''; } /* make the query */ $coupon_db->query($q); /* see if we have any fields returned */ if ($coupon_db->num_rows() > 0) { /* we have a record */ /* see if we are calculating percent or dollar discount */ if ($coupon_db->f("percent_or_total") == "percent") { /* percent */ //$subtotal = $checkout->calc_order_subtotal( $d ); /* take the subtotal for calculation of the discount */ //$_SESSION['coupon_discount'] = round( ($subtotal * $coupon_db->f("coupon_value") / 100), 2); $coupon_value = round($d["total"] * $coupon_db->f("coupon_value") / 100, 2); if ($d["total"] < $coupon_value) { $coupon_value = (double) $d['total'] + (double) $d['order_tax']; $vmLogger->info(str_replace('{value}', $GLOBALS['CURRENCY_DISPLAY']->getFullValue($coupon_value), $VM_LANG->_('VM_COUPON_GREATER_TOTAL_SETTO'))); } $_SESSION['coupon_discount'] = $coupon_value; } else { $coupon_value = $coupon_db->f("coupon_value"); /* Total Amount */ if ($d["total"] < $coupon_value) { $coupon_value = (double) $d['total'] + (double) $d['order_tax']; $vmLogger->info(str_replace('{value}', $GLOBALS['CURRENCY_DISPLAY']->getFullValue($coupon_value), $VM_LANG->_('VM_COUPON_GREATER_TOTAL_SETTO'))); } $_SESSION['coupon_discount'] = $GLOBALS['CURRENCY']->convert($coupon_value); } /* mark this order as having used a coupon so people cant go and use coupons over and over */ $_SESSION['coupon_redeemed'] = true; $_SESSION['coupon_id'] = $coupon_db->f("coupon_id"); $_SESSION['coupon_code'] = $coupon_db->f("coupon_code"); $_SESSION['coupon_type'] = $coupon_db->f("coupon_type"); } else { /* no record, so coupon_code entered was not valid */ $GLOBALS['coupon_error'] = $VM_LANG->_('PHPSHOP_COUPON_CODE_INVALID'); return false; } }
/** * Changes the parameter List Order * @author Zdenek Dvorak * @param unknown_type $d */ function reorder_parameter(&$d) { $cb = vmGet($_POST, 'parameter_name', array(0)); $product_type_id = vmGet($_POST, 'product_type_id', 0); $db = new ps_DB(); switch ($d["task"]) { case "orderup": $q = "SELECT parameter_list_order FROM #__{vm}_product_type_parameter "; $q .= "WHERE product_type_id='" . $product_type_id . "' "; $q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'"; $db->query($q); $db->next_record(); $currentpos = $db->f("parameter_list_order"); // Get the (former) predecessor and update it $q = "SELECT parameter_list_order,parameter_name FROM #__{vm}_product_type_parameter WHERE "; $q .= "parameter_list_order<'" . $currentpos . "' "; $q .= "ORDER BY parameter_list_order DESC"; $db->query($q); $db->next_record(); $pred = $db->f("parameter_name"); $pred_pos = $db->f("parameter_list_order"); // Update the product_type and decrease the list_order $q = "UPDATE #__{vm}_product_type_parameter "; $q .= "SET parameter_list_order='" . $pred_pos . "' "; $q .= "WHERE product_type_id='" . $product_type_id . "' "; $q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'"; $db->query($q); $q = "UPDATE #__{vm}_product_type_parameter "; $q .= "SET parameter_list_order='" . intval($pred_pos + 1) . "' "; $q .= "WHERE product_type_id='" . $product_type_id . "' "; $q .= "AND parameter_name='" . $db->getEscaped($pred) . "'"; $db->query($q); break; case "orderdown": $q = "SELECT parameter_list_order FROM #__{vm}_product_type_parameter "; $q .= "WHERE product_type_id='" . $product_type_id . "' "; $q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'"; $db->query($q); $db->next_record(); $currentpos = $db->f("parameter_list_order"); // Get the (former) successor and update it $q = "SELECT parameter_list_order,parameter_name FROM #__{vm}_product_type_parameter WHERE "; $q .= "parameter_list_order>'" . $currentpos . "' "; $q .= "ORDER BY parameter_list_order"; $db->query($q); $db->next_record(); $succ = $db->f("parameter_name"); $succ_pos = $db->f("parameter_list_order"); $q = "UPDATE #__{vm}_product_type_parameter "; $q .= "SET parameter_list_order='" . $succ_pos . "' "; $q .= "WHERE product_type_id='" . $product_type_id . "' "; $q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'"; $db->query($q); $q = "UPDATE #__{vm}_product_type_parameter "; $q .= "SET parameter_list_order='" . intval($succ_pos - 1) . "' "; $q .= "WHERE product_type_id='" . $product_type_id . "' "; $q .= "AND parameter_name='" . $db->getEscaped($succ) . "'"; $db->query($q); break; } }
// Constructor initializes the session! $sess = new ps_session(); /*** END VirtueMart part ***/ // Finished Initialization of the hidden_trigger script // Check for valid ipayment Server if (!preg_match('/\\.ipayment\\.de$/', gethostbyaddr($_SERVER["REMOTE_ADDR"]))) { $mailsubject = "iPayment Transaction on your site: Possible fraud"; $mailbody = "Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = " . $_SERVER['REMOTE_ADDR'] . ". \r\n The remote address of the script posting to this notify script does not match a valid iPayment Server IP Address\n\r\n \r\n The Order ID received was: " . vmRequest::getVar('shopper_id'); vmMail($mosConfig_mailfrom, $mosConfig_fromname, $debug_email_address, $mailsubject, $mailbody); exit; } $order_number = vmRequest::getString('shopper_id'); if (!empty($order_number)) { $db = new ps_DB(); // Get the Order Details from the database $qv = "SELECT `order_id`, `order_number`, `user_id`, `order_subtotal`,\r\n `order_total`, `order_currency`, `order_tax`, \r\n `order_shipping_tax`, `coupon_discount`, `order_discount`\r\n FROM `#__{vm}_orders` \r\n WHERE `order_number`='" . $db->getEscaped($order_number) . "'"; $db->query($qv); if (!$db->next_record()) { exit; } // Now check, if everything's alright here $ret_param_checksum = vmRequest::getVar('ret_param_checksum'); $ret_param_checksum_computed = md5(IPAYMENT_APPID . round($db->f('order_total') * 100, 0) . $db->f('order_currency') . vmRequest::getVar('ret_authcode') . vmRequest::getVar('ret_booknr') . IPAYMENT_SECRET); if ($ret_param_checksum != $ret_param_checksum_computed) { $mailsubject = "iPayment Transaction on your site: Checksum mismatch!"; $mailbody = "When receiving a request from an iPayment Server we found that no correct checksum was submitted.\r\n \r\n The Order ID received was: " . vmRequest::getVar('shopper_id'); vmMail($mosConfig_mailfrom, $mosConfig_fromname, $debug_email_address, $mailsubject, $mailbody); exit; } $order_id = $db->f("order_id"); $d['order_id'] = $order_id;
/** * Notify Affiliates with their stats * * @param array $d */ function email(&$d) { global $email_status, $ps_vendor_id; $db = new ps_DB(); $dbv = new ps_DB(); $qt = "SELECT * from #__{vm}_vendor WHERE vendor_id = {$ps_vendor_id}"; $dbv->query($qt); $dbv->next_record(); $q = "SELECT * from #__{vm}_affiliate "; $q .= " WHERE active ='Y' "; if ($d["affiliate_id"] != "*") { $q .= "AND affiliate_id = '" . $db->getEscaped($d["affiliate_id"]) . "'"; } $db->query($q); while ($db->next_record()) { $i++; if ($d["send_stats"] == "stats_on") { $d["email"] .= "\n\n\n" . $this->get_stats(time(), $db->f("affiliate_id")); } $affiliate = $this->get_affiliate_details(0, $db->f("affiliate_id")); if (!mail($affiliate["email"], $d["subject"], $d["email"], $dbv->f("contact_email"))) { $email_status = "Failed"; } else { $j++; } } if ($i == $j) { $email_status = "Emailed {$i} affiliates successfully - Email more ...."; } }
/** * Validate a selected Shipping Rate * * @param array $d * @return boolean */ function validate(&$d) { global $VM_LANG, $vmLogger; $cart = $_SESSION['cart']; $d['shipping_rate_id'] = vmGet($_REQUEST, 'shipping_rate_id'); $d['ship_to_info_id'] = vmGet($_REQUEST, 'ship_to_info_id'); if (empty($_SESSION[$d['shipping_rate_id']])) { return false; } $details = explode("|", urldecode($d['shipping_rate_id'])); $rate_id = intval($details[4]); $totalweight = 0; require_once CLASSPATH . 'ps_shipping_method.php'; for ($i = 0; $i < $cart["idx"]; $i++) { $weight_subtotal = ps_shipping_method::get_weight($cart[$i]["product_id"]) * $cart[$i]['quantity']; $totalweight += $weight_subtotal; } $dbu = new ps_DB(); //DB User $q = "SELECT country,zip FROM #__{vm}_user_info WHERE user_info_id = '" . $dbu->getEscaped($d["ship_to_info_id"]) . "'"; $dbu = new ps_DB(); //DB User $dbu->query($q); if (!$dbu->next_record()) { /*$vmLogger->err( $VM_LANG->_('PHPSHOP_CHECKOUT_ERR_SHIPTO_NOT_FOUND',false) ); return False;*/ } $zip = $dbu->f("zip"); $country = $dbu->f("country"); $q = "SELECT shipping_rate_id FROM #__{vm}_shipping_rate WHERE shipping_rate_id = '{$rate_id}'"; $dbs = new ps_DB(); // DB Shiping_rate $dbs->query($q); if (!$dbs->next_record()) { $vmLogger->err($VM_LANG->_('PHPSHOP_CHECKOUT_ERR_RATE_NOT_FOUND', false)); return False; } return $this->rate_id_valid($rate_id, $country, $zip, $totalweight); }
$response['products'][] = array('product_id' => $db->f("product_id"), 'category' => htmlspecialchars($db->f("category_name")), 'product' => htmlspecialchars($db->f("product_name"))); } $db->query('SELECT FOUND_ROWS() as num_rows'); $db->next_record(); $response['totalCount'] = $db->f('num_rows'); error_reporting(0); while (@ob_end_clean()) { } $json = new Services_JSON(); echo $json->encode($response); $vm_mainframe->close(true); break; case 'getcategories': require_once CLASSPATH . 'JSON.php'; $db = new ps_DB(); $keyword = $db->getEscaped(vmGet($_REQUEST, 'query')); $q = "SELECT SQL_CALC_FOUND_ROWS #__{vm}_category.category_id,category_name\r\n\t\t\tFROM `#__{vm}_category` "; if ($keyword) { $q .= ' WHERE category_name LIKE \'%' . $keyword . '%\''; } $q .= ' ORDER BY category_name,#__{vm}_category.category_id'; $q .= ' LIMIT ' . (int) $_REQUEST['start'] . ', ' . (int) $_REQUEST['limit']; $db->query($q); while ($db->next_record()) { $response['categories'][] = array('category_id' => $db->f("category_id"), 'category' => htmlspecialchars($db->f("category_name"))); } $db->query('SELECT FOUND_ROWS() as num_rows'); $db->next_record(); $response['totalCount'] = $db->f('num_rows'); error_reporting(0); while (@ob_end_clean()) {
/** * Updates an attribute record * * @param array $d * @return boolean True when successful, false when not */ function update(&$d) { global $VM_LANG; if (!$this->validate($d)) { return false; } $db = new ps_DB(); $fields = array('attribute_name' => $d["attribute_name"], 'attribute_list' => $d["attribute_list"]); $db->buildQuery('UPDATE', '#__{vm}_product_attribute_sku', $fields, "WHERE product_id='" . (int) $d["product_id"] . "' AND attribute_name='" . $db->getEscaped($d["old_attribute_name"]) . "'"); if ($db->query() === false) { $GLOBALS['vmLogger']->err($VM_LANG->_('VM_PRODUCT_ATTRIBUTE_ERR_UPDATING')); return false; } if ($d["old_attribute_name"] != $d["attribute_name"]) { $ps_product = new ps_product(); $child_pid = $ps_product->get_child_product_ids($d["product_id"]); for ($i = 0; $i < count($child_pid); $i++) { $fields = array('attribute_name' => $d["attribute_name"]); $db->buildQuery('UPDATE', '#__{vm}_product_attribute', $fields, "WHERE product_id='" . $child_pid[$i] . "' AND attribute_name='" . $db->getEscaped($d["old_attribute_name"]) . "' "); $db->query(); } } $GLOBALS['vmLogger']->info($VM_LANG->_('VM_PRODUCT_ATTRIBUTE_UPDATED')); return true; }
/** * Updates a file record * * @param array $d * @return boolean */ function update(&$d) { global $VM_LANG, $vmLogger; $db = new ps_DB(); $timestamp = time(); if (!$this->validate_update($d)) { return False; } if (empty($d["file_published"])) { $d["file_published"] = 0; } $is_download_attribute = false; $q_dl = "SELECT attribute_name,attribute_value,file_id \r\n\t\t\t\t\t\tFROM #__{vm}_product_attribute,#__{vm}_product_files \r\n\t\t\t\t\t\tWHERE product_id='" . $d["product_id"] . "' AND attribute_name='download' \r\n\t\t\t\t\t\tAND file_id='" . $d["file_id"] . "' AND attribute_value=file_title"; $db->query($q_dl); if ($db->next_record()) { // We have found an existing downloadable file entry $old_attribute = $db->f('attribute_value', false); $is_download_attribute = true; if (!empty($_FILES['file_upload']['name']) && $d['file_type'] == 'downloadable_file') { // new file uploaded $qu = "UPDATE #__{vm}_product_attribute "; $qu .= "SET attribute_value = '" . $_FILES['file_upload']['name'] . "' "; $qu .= "WHERE product_id='" . $d["product_id"] . "' AND attribute_name='download' AND attribute_value='" . $old_attribute . "'"; $db->query($qu); } elseif ($d['file_type'] != 'downloadable_file') { // File Type was changed, so remove the entry in the product attribute table $qu = "DELETE FROM #__{vm}_product_attribute "; $qu .= "WHERE attribute_value = '{$old_attribute}' "; $qu .= "AND product_id='" . $d["product_id"] . "' AND attribute_name='download'"; $db->query($qu); } } elseif ($d['file_type'] == 'downloadable_file') { if (!empty($d['file_url'])) { $filename = vmGet($d, 'file_url'); } else { $filename = vmGet($d, 'downloadable_file'); } // Insert an attribute called "download", attribute_value: filename $fields = array('product_id' => $d["product_id"], 'attribute_name' => 'download', 'attribute_value' => $db->getEscaped($filename)); $db->buildQuery('INSERT', '#__{vm}_product_attribute', $fields); $db->query(); } if (empty($d["file_create_thumbnail"])) { $d["file_create_thumbnail"] = 0; } if (!empty($_FILES['file_upload']['name'])) { // If we have a new uploaded file, we delete the old one and add the new file $this->delete($d); return $this->add($d); } else { // No File Upload $is_image = $d['file_type'] == "image" ? '1' : '0'; if (!empty($d['file_url'])) { $filename = ''; } elseif ($d['file_type'] == 'downloadable_file' && !empty($old_attribute)) { if (!empty($d['file_url'])) { $filename = vmGet($d, 'file_url'); $d["file_title"] = $db->getEscaped(vmGet($d, 'file_url')); } else { $filename = DOWNLOADROOT . @$d['downloadable_file']; $d["file_title"] = $db->getEscaped(vmGet($d, 'downloadable_file')); } $qu = "UPDATE #__{vm}_product_attribute "; $qu .= "SET attribute_value = '" . $d["file_title"] . "' "; $qu .= "WHERE product_id='" . $d["product_id"] . "' AND attribute_name='download' AND attribute_value='" . $old_attribute . "'"; $db->query($qu); } $ext = ""; $upload_success = true; $file_image_height = $file_image_width = $file_image_thumb_height = $file_image_thumb_width = ""; } $fields = array('file_title' => $db->getEscaped($d["file_title"]), 'file_url' => $d['file_url'], 'file_published' => $d["file_published"]); if (!empty($filename)) { $fields['file_name'] = $db->getEscaped($filename); } $db->buildQuery('UPDATE', '#__{vm}_product_files', $fields, "WHERE file_id=" . (int) $d["file_id"] . " AND file_product_id=" . (int) $d["product_id"]); $db->query(); return True; }
/** * Returns an information array about the function $func * * @param string $func * @return mixed */ function get_function($func) { $db = new ps_DB(); $result = array(); $q = "SELECT `function_perms`, `function_class`, `function_method` \r\n\t\t\t\tFROM `#__{vm}_function` \r\n\t\t\t\tWHERE LOWER(`function_name`)='" . $db->getEscaped(strtolower($func)) . "'"; $db->query($q); if ($db->next_record()) { $result["perms"] = $db->f("function_perms"); $result["class"] = $db->f("function_class"); $result["method"] = $db->f("function_method"); return $result; } else { return False; } }
/** * Returns an information array about the function $func * * @param string $func * @return mixed */ function get_group($group) { $db = new ps_DB(); $result = array(); $query = 'SELECT group_id,group_name,group_level FROM `' . $this->_table_name . '`'; if (is_int($group)) { $query .= ' WHERE group_id=' . $group; } else { $query .= ' WHERE group_name=\'' . $db->getEscaped($group) . '\''; } $db->query($query); $db->next_record(); return $db; }
/** * This reformats an URL, appends "option=com_virtuemart" and "Itemid=XX" * where XX is the Id of an entry in the table mos_menu with "link: option=com_virtuemart" * It also calls sefRelToAbs to apply SEF formatting * * @param string $text THE URL * @param boolean False: Create a URI like /joomla/index.php?....; True: Create a URI like http://www.domain.com/index.php?.... * @return string The reformatted URL */ function url($text, $createAbsoluteURI = false, $encodeAmpersands = true, $ignoreSEF = false) { global $mm_action_url, $page, $mainframe; if (!defined('_VM_IS_BACKEND')) { // Strip the parameters from the $text variable and parse to a temporary array $tmp_text = str_replace('amp;', '', substr($text, strpos($text, '?'))); if (substr($tmp_text, 0, 1) == '?') { $tmp_text = substr($tmp_text, 1); } parse_str($tmp_text, $ii_arr); // Init the temp. Itemid $tmp_Itemid = ''; $db = new ps_DB(); // Check if there is a menuitem for a product_id (highest priority) if (!empty($ii_arr['product_id'])) { if ($ii_product_id = intval($ii_arr['product_id'])) { $db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%product_id={$ii_product_id}%' AND published=1"); if ($db->next_record()) { $tmp_Itemid = $db->f("id"); } } } // Check if there is a menuitem for a category_id // This only checks for the exact category ID, it might be good to check for parents also. But at the moment, this would produce a lot of queries if (!empty($ii_arr['category_id'])) { $ii_cat_id = intval($ii_arr['category_id']); if ($ii_cat_id && $tmp_Itemid == '') { $db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%category_id={$ii_cat_id}%' AND published=1"); if ($db->next_record()) { $tmp_Itemid = $db->f("id"); } } } // Check if there is a menuitem for a flypage if (!empty($ii_arr['flypage'])) { $ii_flypage = $db->getEscaped(vmget($ii_arr, 'flypage')); if ($ii_flypage && $tmp_Itemid == '') { $db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%flypage={$ii_flypage}%' AND published=1"); if ($db->next_record()) { $tmp_Itemid = $db->f("id"); } } } // Check if there is a menuitem for a page if (!empty($ii_arr['page'])) { $ii_page = $db->getEscaped(vmget($ii_arr, 'page')); if ($ii_page && $tmp_Itemid == '') { $db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%page={$ii_page}%' AND published=1"); if ($db->next_record()) { $tmp_Itemid = $db->f("id"); } } } // If we haven't found an Itemid, use the standard VM-Itemid $Itemid = "&Itemid=" . ($tmp_Itemid ? $tmp_Itemid : $this->getShopItemid()); } else { $Itemid = NULL; } // split url into base ? path $limiter = strpos($text, '?'); if ($limiter === false) { if (!strstr($text, "=")) { // $text recognized to be parameter-list (bug?) $base = NULL; $params = $text; } else { // text recognized to be url without parameters $base = $mm_action_url; $params = $text; } } else { // base?params $base = substr($text, 0, $limiter); $params = substr($text, $limiter + 1); } // normalize base (cut off multislashes) $base = str_replace("//", "/", $base); $base = str_replace(":/", "://", $base); // add script name to naked base url // TODO: Improve if ($base == URL || $base == SECUREURL) { $base .= basename($_SERVER['SCRIPT_NAME']); } if (!basename($base)) { $base .= basename($_SERVER['SCRIPT_NAME']); } // append "&option=com_virtuemart&Itemid=XX" $params .= !strstr($params, $this->component_name) ? ($params ? "&" : NULL) . $this->component_name : NULL; $params .= $Itemid; if (vmIsAdminMode() && strstr($text, 'func') !== false) { $params .= ($params ? "&" : NULL) . 'vmtoken=' . vmSpoofValue($this->getSessionId()); } if (!defined('_VM_IS_BACKEND')) { // index3.php is not available in the frontend! $base = str_replace("index3.php", "index2.php", $base); $url = basename($base) . "?" . $params; // make url absolute if ($createAbsoluteURI && !substr($url, 0, 4) != "http") { $url = (stristr($text, SECUREURL) ? SECUREURL : URL) . substr($url, $url[0] == '/' ? 1 : 0); } if (class_exists('JRoute') && !$ignoreSEF && $mainframe->getCfg('sef')) { $url = JRoute::_($url); } else { if (function_exists('sefRelToAbs') && !$ignoreSEF && !defined('_JLEGACY')) { $url = sefRelToAbs($url); } } } else { // backend $url = ($_SERVER['SERVER_PORT'] == 443 ? SECUREURL : URL) . "administrator/" . basename($base) . "?" . $params; } $url = $encodeAmpersands ? vmAmpReplace($url) : str_replace('&', '&', $url); return $url; }
/** * Handles adding or updating parameter values for a product an its product types * @since VirtueMart 1.1.0 * @param array $d */ function handleParameters(&$d) { global $db; $product_id = intval($d["product_id"]); $q = "SELECT `product_type_id` FROM `#__{vm}_product_product_type_xref` WHERE "; $q .= "`product_id`={$product_id}"; $db->query($q); $dbpt = new ps_DB(); $dbp = new ps_DB(); // For every Product Type while ($db->next_record()) { $product_type_id = $db->f("product_type_id"); $q = "SELECT * FROM #__{vm}_product_type_parameter WHERE "; $q .= "product_type_id='{$product_type_id}' "; $q .= "ORDER BY parameter_list_order"; $dbpt->query($q); $q = "SELECT COUNT(`product_id`) as num_rows FROM `#__{vm}_product_type_{$product_type_id}` WHERE "; $q .= "product_id='{$product_id}'"; $dbp->query($q); $dbp->next_record(); if ($dbp->f('num_rows') == 0) { // Add record if not exist (Items) $q = "INSERT INTO #__{vm}_product_type_{$product_type_id} (product_id) "; $q .= "VALUES ('{$product_id}')"; $dbp->query($q); } // Update record $q = "UPDATE #__{vm}_product_type_{$product_type_id} SET "; $q .= "product_id='{$product_id}'"; while ($dbpt->next_record()) { if ($dbpt->f("parameter_type") != "B") { // if it is not breaker $value = $d["product_type_" . $product_type_id . "_" . $dbpt->f("parameter_name")]; if ($dbpt->f("parameter_type") == "V" && is_array($value)) { $value = join(';', $value); } if ($value == "") { $value = 'NULL'; } else { $value = "'" . $dbpt->getEscaped($value) . "'"; } $q .= ',`' . $dbpt->f('parameter_name', false) . '`=' . $value; } } $q .= ' WHERE product_id = ' . $d['product_id']; $dbp->query($q); } }
function add_product() { global $VM_LANG, $vmLogger, $mosConfig_offset; require_once CLASSPATH . 'ps_product_attribute.php'; require_once CLASSPATH . 'ps_product.php'; $ps_product_attribute = new ps_product_attribute(); $ps_product = new vm_ps_product(); $product_id = vmGet($_REQUEST, 'product_id'); $order_item_id = vmGet($_REQUEST, 'order_item_id'); $add_product_validate = vmGet($_REQUEST, 'add_product_validate'); $d = $_REQUEST; // Check if quantity is a numeric value if ($add_product_validate == 1) { $quantity = trim(vmGet($_REQUEST, 'product_quantity')); if (!is_numeric($quantity) || $quantity < 1) { $vmLogger->err($VM_LANG->_('PHPSHOP_ORDER_EDIT_ERROR_QUANTITY_MUST_BE_HIGHER_THAN_0')); $add_product_validate = 0; } } if ($add_product_validate == 1) { $result_attributes = $ps_product_attribute->cartGetAttributes($d); $dbp = new ps_DB(); $q = "SELECT vendor_id, product_in_stock,product_sales,product_parent_id, product_sku, product_name FROM #__{vm}_product WHERE product_id='{$product_id}'"; $dbp->query($q); $dbp->next_record(); $vendor_id = $dbp->f("vendor_id"); $product_sku = $dbp->f("product_sku"); $product_name = $dbp->f("product_name"); $product_parent_id = $dbp->f("product_parent_id"); // Read user_info_id from db $prod_weight = $ps_product->get_weight($product_id); $dbu = new ps_DB(); $q = "SELECT user_info_id FROM #__{vm}_orders WHERE order_id = '" . $this->order_id . "' "; $dbu->query($q); $dbu->next_record(); $user_info_id = $dbu->f("user_info_id"); // On r�cup�re le prix exact du produit $my_taxrate = $ps_product->get_product_taxrate($product_id, $prod_weight, $user_info_id); $product_price_arr = $this->get_adjusted_attribute_price($product_id, $quantity, $d["description"], $result_attributes); //Inf Получение стоимости товара с дочернего сайта откуда заказ $odb = new ps_DB(); $oq = "SELECT shop_id FROM #__{vm}_orders WHERE order_id = '" . $this->order_id . "'"; $odb->query($oq); $shop_id = $odb->f("shop_id"); //Inf Информация о магазине require_once CLASSPATH . 'ps_multishop.php'; $ps_multishop = new ps_multishop($this->order_id); if ($shop_id > 1) { $_product_price_arr = file_get_contents($ps_multishop->getShop_url() . "/api/productinfo.php?sku=" . $product_sku . "&order_id=" . $this->order_id); if ($_product_price_arr != -1) { $product_price_arr = unserialize($_product_price_arr); } } $product_price_arr["product_price"] = $GLOBALS['CURRENCY']->convert($product_price_arr["product_price"], $product_price_arr["product_currency"]); $product_price = $product_price_arr["product_price"]; $description = $d["description"]; $description = $this->getDescriptionWithTax($description, $product_id); // Don´t show attribute prices in descripton $product_final_price = round($product_price * ($my_taxrate + 1), 2); $product_currency = $product_price_arr["product_currency"]; $db = new ps_DB(); if ($product_parent_id > 0) { $q = "SELECT attribute_name, attribute_value, product_id "; $q .= "FROM #__{vm}_product_attribute WHERE "; $q .= "product_id='" . $product_id . "'"; $db->setQuery($q); $db->query(); while ($db->next_record()) { $description .= $db->f("attribute_name") . ": " . $db->f("attribute_value") . "; "; } } $q = "SELECT * FROM #__{vm}_order_item "; $q .= " WHERE order_id=" . $this->order_id; $db->query($q); $db->next_record(); $user_info_id = $db->f("user_info_id"); $order_status = $db->f("order_status"); $timestamp = time() + $mosConfig_offset * 60 * 60; $q = "SELECT order_item_id, product_quantity "; $q .= "FROM #__{vm}_order_item WHERE order_id = '" . $this->order_id . "' "; $q .= "AND product_id = '" . $product_id . "' "; $q .= "AND product_attribute = '" . addslashes($description) . "'"; $db->query($q); if ($db->next_record()) { $this->change_item_quantity($this->order_id, $db->f('order_item_id'), $quantity + (int) $db->f('product_quantity')); } else { $q = "INSERT INTO #__{vm}_order_item "; $q .= "(order_id, user_info_id, vendor_id, product_id, order_item_sku, order_item_name, "; $q .= "product_quantity, product_item_price, product_final_price, "; $q .= "order_item_currency, order_status, product_attribute, cdate, mdate) "; $q .= "VALUES ('"; $q .= $this->order_id . "', '"; $q .= $user_info_id . "', '"; $q .= $vendor_id . "', '"; $q .= $product_id . "', '"; $q .= $product_sku . "', '"; $q .= $db->getEscaped($product_name) . "', '"; $q .= $quantity . "', '"; $q .= $product_price . "', '"; $q .= $product_final_price . "', '"; $q .= $product_currency . "', '"; $q .= $order_status . "', '"; // added for advanced attribute storage $q .= $db->getEscaped($description) . "', '"; // END advanced attribute modifications $q .= $timestamp . "','"; $q .= $timestamp . "'"; $q .= ")"; $db->query($q); $db->next_record(); // Update Stock Level and Product Sales $q = "UPDATE #__{vm}_product "; $q .= "SET product_in_stock = product_in_stock - " . $quantity . ",\n\t\t\t\t\t\t\t\tproduct_sales= product_sales + " . $quantity; $q .= " WHERE product_id='" . $product_id . "'"; $db->query($q); } $this->recalc_order($this->order_id); $this->reload_from_db = 1; $vmLogger->info($VM_LANG->_('PHPSHOP_ORDER_EDIT_PRODUCT_ADDED')); $this->orderlog->saveLog($this->order_id, 'Добавление позиции', $product_name, 0, $quantity); } }
/** * Отправка письма грузополучателю * * @param type $order_id * @return boolean */ function sendEmail($order_id, $status = null) { return; global $sess, $VM_LANG, $vmLogger; $url = SECUREURL . "index.php?option=com_virtuemart&page=account.order_details&order_id=" . $order_id . '&order_key=' . md5('AIR' . $order_id . 'SOFT' . $order_id . 'RETAIL') . '&Itemid=' . $sess->getShopItemid(); $db = new ps_DB(); $dbv = new ps_DB(); $q = "SELECT vendor_name,contact_email FROM #__{vm}_vendor "; $q .= "WHERE vendor_id='" . $_SESSION['ps_vendor_id'] . "'"; $dbv->query($q); $dbv->next_record(); $q = "SELECT first_name,last_name,user_email,order_status_name FROM #__{vm}_order_user_info,#__{vm}_orders,#__{vm}_order_status "; $q .= "WHERE #__{vm}_orders.order_id = '" . $db->getEscaped($order_id) . "' "; $q .= "AND #__{vm}_orders.user_id = #__{vm}_order_user_info.user_id "; $q .= "AND #__{vm}_orders.order_id = #__{vm}_order_user_info.order_id "; $q .= "AND order_status = order_status_code "; $db->query($q); $db->next_record(); $providerlist = $this->getProviderlist(); $tracking = $this->getTracking($order_id); if ($tracking->provider) { $provider = $this->getProvider($tracking->provider); $provider->setData($tracking); } $siteTrackingUrl = $provider->getSiteUrlTracking(); $provider = $tracking->provider; $tracknumber = $tracking->tracknumber; $date = $tracking->date; if (!$tracknumber) { return false; } $statusText = ''; $statusText = 'Следующие заказы были доставлены:'; ob_start(); require CLASSPATH . 'sc_trackingpost/tmpl/email/user_email_tracking.php'; $message = ob_get_contents(); ob_end_clean(); $mail_Body = $message; // $mail_Body = html_entity_decode($message); $result = vmMail($dbv->f("contact_email"), $dbv->f("vendor_name"), $db->f("user_email"), $status, $mail_Body, '', true); return $result; }
/** * Validate form values prior to delete * * @param int $order_id * @return boolean */ function validate_delete($order_id) { global $VM_LANG; $db = new ps_DB(); if (empty($order_id)) { $GLOBALS['vmLogger']->err($VM_LANG->_('VM_ORDER_DELETE_ERR_ID')); return False; } // Get the order items and update the stock level // to the number before the order was placed $q = "SELECT product_id, product_quantity FROM #__{vm}_order_item WHERE order_id='" . $db->getEscaped($order_id) . "'"; $db->query($q); $dbu = new ps_DB(); // Now update each ordered product while ($db->next_record()) { $q = "UPDATE #__{vm}_product SET product_in_stock=product_in_stock+" . $db->f("product_quantity") . ",product_sales=product_sales-" . $db->f("product_quantity") . " WHERE product_id='" . $db->f("product_id") . "'"; $dbu->query($q); } return True; }