function create_plugin_instance()
{
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
if ($_GET['file'] != $aFilename['info_down_for_maintenance']) {
oos_redirect(oos_href_link($aModules['info'], $aFilename['info_down_for_maintenance'], '', 'NONSSL', true, false));
}
return true;
}
function create_plugin_instance()
{
if (!isset($_SESSION['customer_id'])) {
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
if ($_GET['mp'] != $aModules['user']) {
$_SESSION['navigation']->set_snapshot();
oos_redirect(oos_href_link($aModules['user'], $aFilename['login'], '', 'SSL'));
}
}
return true;
}
if ($check_customer_result->RecordCount()) {
$check_customer = $check_customer_result->fields;
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_newsletter = '0'\n WHERE customers_id = '" . $check_customer['customers_id'] . "'");
oos_redirect(oos_href_link($aModules['newsletters'], $aFilename['newsletters_unsubscribe_success']));
} else {
$maillisttable = $oostable['maillist'];
$sql = "SELECT customers_firstname\n FROM {$maillisttable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'";
$check_mail_customer_result = $dbconn->Execute($sql);
if ($check_mail_customer_result->RecordCount()) {
$maillisttable = $oostable['maillist'];
$dbconn->Execute("UPDATE {$maillisttable}\n SET customers_newsletter = '0'\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'");
oos_redirect(oos_href_link($aModules['newsletters'], $aFilename['newsletters_unsubscribe_success']));
}
}
oos_redirect(oos_href_link($aModules['newsletters'], $aFilename['subscription_center'], 'email=nonexistent', 'SSL'));
} else {
$oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aModules['newsletters'], $aFilename['newsletters']));
$aOption['template_main'] = $sTheme . '/modules/subscription_center.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$nPageType = OOS_PAGE_TYPE_SERVICE;
require 'includes/oos_system.php';
if (!isset($option)) {
require 'includes/info_message.php';
require 'includes/oos_blocks.php';
require 'includes/oos_counter.php';
}
// assign Smarty variables;
$oSmarty->assign(array('oos_breadcrumb' => $oBreadcrumb->trail(BREADCRUMB_SEPARATOR), 'oos_heading_title' => $aLang['heading_title'], 'oos_heading_image' => 'password_forgotten.gif'));
$oSmarty->assign('oosPageHeading', $oSmarty->fetch($aOption['page_heading']));
$oSmarty->assign('contents', $oSmarty->fetch($aOption['template_main']));
}
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '" . intval($orders_status_id) . "' WHERE configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
}
oos_redirect(oos_href_link_admin($aFilename['orders_status'], 'page=' . $_GET['page'] . '&oID=' . $orders_status_id));
break;
case 'deleteconfirm':
$oID = oos_db_prepare_input($_GET['oID']);
$orders_status_result = $dbconn->Execute("SELECT configuration_value FROM " . $oostable['configuration'] . " WHERE configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
$orders_status = $orders_status_result->fields;
if ($orders_status['configuration_value'] == $oID) {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
}
$dbconn->Execute("DELETE FROM " . $oostable['orders_status'] . " WHERE orders_status_id = '" . intval($oID) . "'");
oos_redirect(oos_href_link_admin($aFilename['orders_status'], 'page=' . $_GET['page']));
break;
case 'delete':
$oID = oos_db_prepare_input($_GET['oID']);
$orderstable = $oostable['orders'];
$status_result = $dbconn->Execute("SELECT COUNT(*) AS total FROM {$orderstable} WHERE orders_status = '" . intval($oID) . "'");
$status = $status_result->fields;
$remove_status = true;
if ($oID == DEFAULT_ORDERS_STATUS_ID) {
$remove_status = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_ORDER_STATUS, 'error');
} elseif ($status['total'] > 0) {
$remove_status = false;
$messageStack->add(ERROR_STATUS_USED_IN_ORDERS, 'error');
} else {
$orders_status_historytable = $oostable['orders_status_history'];
function pre_confirmation_check()
{
global $aLang;
include 'includes/classes/class_cc_validation.php';
$cc_validation = new cc_validation();
$result = $cc_validation->validate($_POST['ipayment_cc_number'], $_POST['ipayment_cc_expires_month'], $_POST['ipayment_cc_expires_year']);
$error = '';
switch ($result) {
case -1:
$error = sprintf($aLang['text_ccval_error_unknown_card'], substr($cc_validation->cc_number, 0, 4));
break;
case -2:
case -3:
case -4:
$error = $aLang['text_ccval_error_invalid_date'];
break;
case false:
$error = $aLang['text_ccval_error_invalid_number'];
break;
}
if ($result == false || $result < 1) {
$payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error) . '&ipayment_cc_owner=' . urlencode($_POST['ipayment_cc_owner']) . '&ipayment_cc_expires_month=' . $_POST['ipayment_cc_expires_month'] . '&ipayment_cc_expires_year=' . $_POST['ipayment_cc_expires_year'] . '&ipayment_cc_checkcode=' . $_POST['ipayment_cc_checkcode'];
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], $payment_error_return, 'SSL', true, false));
}
$this->cc_card_type = $cc_validation->cc_type;
$this->cc_card_number = $cc_validation->cc_number;
$this->cc_expiry_month = $cc_validation->cc_expiry_month;
$this->cc_expiry_year = $cc_validation->cc_expiry_year;
}
$_SESSION['sendto'] = $_POST['address'];
$address_booktable = $oostable['address_book'];
$sql = "SELECT COUNT(*) AS total\n FROM {$address_booktable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'\n AND address_book_id = '" . intval($_SESSION['sendto']) . "'";
$check_address_result = $dbconn->Execute($sql);
$check_address = $check_address_result->fields;
if ($check_address['total'] == '1') {
if ($reset_shipping == true) {
unset($_SESSION['shipping']);
}
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_shipping'], '', 'SSL'));
} else {
unset($_SESSION['sendto']);
}
} else {
$_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_shipping'], '', 'SSL'));
}
}
if ($process == '0') {
$address_booktable = $oostable['address_book'];
$sql = "SELECT COUNT(*) AS total\n FROM {$address_booktable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'\n AND address_book_id != '" . intval($_SESSION['sendto']) . "'";
$addresses_count_result = $dbconn->Execute($sql);
$addresses_count = $addresses_count_result->fields['total'];
if ($addresses_count > 0) {
$radio_buttons = 0;
$address_booktable = $oostable['address_book'];
$sql = "SELECT address_book_id, entry_firstname AS firstname, entry_lastname AS lastname,\n entry_company AS company, entry_street_address AS street_address,\n entry_suburb AS suburb, entry_city AS city, entry_postcode AS postcode,\n entry_state AS state, entry_zone_id AS zone_id, entry_country_id AS country_id\n FROM {$address_booktable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'";
$addresses_result = $dbconn->Execute($sql);
$addresses_array = array();
while ($addresses = $addresses_result->fields) {
$format_id = oos_get_address_format_id($address['country_id']);
}
oos_redirect(oos_href_link($aModules['user'], $aFilename['product_notifications'], '', 'SSL'));
} elseif (isset($_GET['action']) && $_GET['action'] == 'global_notify') {
if (isset($_POST['global']) && $_POST['global'] == 'enable') {
$customers_infotable = $oostable['customers_info'];
$dbconn->Execute("UPDATE {$customers_infotable}\n SET global_product_notifications = '1'\n WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'");
} else {
$customers_infotable = $oostable['customers_info'];
$sql = "SELECT COUNT(*) AS total\n FROM {$customers_infotable}\n WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'\n AND global_product_notifications = '1'";
$check_result = $dbconn->Execute($sql);
if ($check_result->fields['total'] > 0) {
$customers_infotable = $oostable['customers_info'];
$dbconn->Execute("UPDATE {$customers_infotable}\n SET global_product_notifications = '0'\n WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'");
}
}
oos_redirect(oos_href_link($aModules['user'], $aFilename['product_notifications'], '', 'SSL'));
}
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title_1'], oos_href_link($aModules['user'], $aFilename['account'], '', 'SSL'));
$oBreadcrumb->add($aLang['navbar_title_2'], oos_href_link($aModules['user'], $aFilename['product_notifications'], '', 'SSL'));
$aOption['template_main'] = $sTheme . '/modules/user_product_notifications.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$nPageType = OOS_PAGE_TYPE_ACCOUNT;
require 'includes/oos_system.php';
if (!isset($option)) {
require 'includes/info_message.php';
require 'includes/oos_blocks.php';
require 'includes/oos_counter.php';
}
// assign Smarty variables;
$oSmarty->assign(array('oos_breadcrumb' => $oBreadcrumb->trail(BREADCRUMB_SEPARATOR), 'oos_heading_title' => $aLang['heading_title'], 'oos_heading_image' => 'account.gif'));
Based on:
File: specials.php,v 1.46 2003/02/13 04:23:23 hpdl
----------------------------------------------------------------------
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
/** ensure this file is being included by a parent file */
defined('OOS_VALID_MOD') or die('Direct Access to this location is not allowed.');
if (!$oEvent->installed_plugin('spezials')) {
$_SESSION['navigation']->remove_current_page();
oos_redirect(oos_href_link($aModules['main'], $aFilename['main'], 'history_back=true'));
}
// split-page-results
MyOOS_CoreApi::requireOnce('classes/class_split_page_results.php');
require 'includes/languages/' . $sLanguage . '/products_specials.php';
$aOption['template_main'] = $sTheme . '/products/specials.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$aOption['page_navigation'] = $sTheme . '/heading/page_navigation.html';
$nPageType = OOS_PAGE_TYPE_CATALOG;
$sGroup = trim($_SESSION['member']->group['text']);
$nPage = isset($_GET[page]) ? $_GET[page] + 0 : 1;
$contents_cache_id = $sTheme . '|info|' . $sGroup . '|spezials|' . $nPage . '|' . $sLanguage;
require 'includes/oos_system.php';
if (!isset($option)) {
require 'includes/info_message.php';
require 'includes/oos_blocks.php';
Copyright (c) 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
/** ensure this file is being included by a parent file */
defined('OOS_VALID_MOD') or die('Direct Access to this location is not allowed.');
require 'includes/languages/' . $sLanguage . '/main_contact_us.php';
$error = '0';
if (isset($_POST['action']) && $_POST['action'] == 'send' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
$name = oos_prepare_input($_POST['name']);
$email = oos_prepare_input($_POST['email']);
$enquiry = oos_prepare_input($_POST['enquiry']);
if (oos_validate_is_email(trim($email))) {
oos_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $aLang['email_subject'], $enquiry, $name, $email);
oos_redirect(oos_href_link($aModules['main'], $aFilename['contact_us'], 'action=success'));
} else {
$error = '1';
}
}
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aModules['main'], $aFilename['contact_us']));
$aOption['template_main'] = $sTheme . '/system/old_contact_us.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$nPageType = OOS_PAGE_TYPE_MAINPAGE;
require 'includes/oos_system.php';
if (!isset($option)) {
require 'includes/info_message.php';
require 'includes/oos_blocks.php';
require 'includes/oos_counter.php';
}
function create_plugin_instance()
{
global $request_type, $spider_flag, $spider_kill_sid;
$user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
$spider_flag = false;
$spider_kill_sid = '0';
// set the top level domains
$http_domain = oos_server_get_top_level_domain(OOS_HTTP_SERVER);
$https_domain = oos_server_get_top_level_domain(OOS_HTTPS_SERVER);
$current_domain = $request_type == 'NONSSL' ? $http_domain : $https_domain;
// set the session cookie parameters
if (function_exists('session_set_cookie_params')) {
session_set_cookie_params(0, '/', oos_is_not_null($current_domain) ? '.' . $current_domain : '');
} elseif (function_exists('ini_set')) {
ini_set('session.cookie_lifetime', '0');
ini_set('session.cookie_path', '/');
ini_set('session.cookie_domain', oos_is_not_null($current_domain) ? '.' . $current_domain : '');
}
// set the session ID if it exists
if (isset($_POST[oos_session_name()]) && ctype_alnum($_POST[oos_session_name()])) {
oos_session_id($_POST[oos_session_name()]);
} elseif (isset($_GET[oos_session_name()]) && ctype_alnum($_GET[oos_session_name()])) {
oos_session_id($_GET[oos_session_name()]);
}
if (empty($user_agent) === false) {
$spider_agent = @parse_ini_file('includes/ini/spiders.ini');
foreach ($spider_agent as $spider) {
if (empty($spider) === false) {
if (strpos($user_agent, trim($spider)) !== false) {
$spider_kill_sid = '1';
$spider_flag = true;
break;
}
}
}
}
if ($spider_flag === false) {
// set the session name and save path
oos_session_name('OOSSID');
// lets start our session
oos_session_start();
}
if (!isset($_SESSION)) {
$_SESSION = array();
}
// create the shopping cart
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = new shoppingCart();
}
// navigation history
if (!isset($_SESSION['navigation'])) {
$_SESSION['navigation'] = new oosNavigationHistory();
}
if (!isset($_SESSION['error_cart_msg'])) {
$_SESSION['error_cart_msg'] = '';
}
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
// verify the browser user agent
$http_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
if (!isset($_SESSION['session_user_agent'])) {
$_SESSION['session_user_agent'] = $http_user_agent;
}
if ($_SESSION['session_user_agent'] != $http_user_agent) {
unset($_SESSION['customer_id']);
unset($_SESSION['session_user_agent']);
$_SESSION['cart']->reset();
$_SESSION['member']->default_member();
oos_redirect(oos_link($aModules['user'], $aFilename['login'], '', 'SSL'));
}
// verify the IP address
if (!isset($_SESSION['session_ip_address'])) {
$_SESSION['session_ip_address'] = MyOOS_Utilities::getRemoteHostAddress();
}
if ($_SESSION['session_ip_address'] != MyOOS_Utilities::getRemoteHostAddress()) {
unset($_SESSION['customer_id']);
unset($_SESSION['session_ip_address']);
$_SESSION['cart']->reset();
$_SESSION['member']->default_member();
oos_redirect(oos_link($aModules['user'], $aFilename['login'], '', 'SSL'));
}
return true;
}
if (ACCOUNT_STATE == '1') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
oos_db_perform($oostable['address_book'], $sql_data_array);
$customers_infotable = $oostable['customers_info'];
$dbconn->Execute("INSERT INTO " . $customers_infotable . "\n (customers_info_id,\n customers_info_number_of_logons,\n customers_info_date_account_created) VALUES ('" . intval($customer_id) . "',\n '0',\n '" . date("Y-m-d H:i:s", time()) . "')");
$_SESSION['customer_id'] = $customer_id;
$_SESSION['customer_wishlist_link_id'] = $wishlist_link_id;
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_default_address_id'] = 1;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id;
$_SESSION['customer_max_order'] = $customer_max_order;
$_SESSION['man_key'] = $keya;
if (ACCOUNT_VAT_ID == '1') {
if (ACCOUNT_COMPANY_VAT_ID_CHECK == '1' && $vatid_check_error === false) {
$_SESSION['customers_vat_id_status'] = 1;
} else {
$_SESSION['customers_vat_id_status'] = 0;
}
}
// restore cart contents
$_SESSION['cart']->restore_contents();
oos_redirect(oos_href_link($aModules['user'], $aFilename['create_account_success'], '', 'SSL'));
}
$email_address = oos_prepare_input($_POST['email_address']);
$customerstable = $oostable['customers'];
$check_customer_sql = "SELECT customers_firstname, customers_lastname, customers_password, customers_id\n FROM {$customerstable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'";
$check_customer_result = $dbconn->Execute($check_customer_sql);
if ($check_customer_result->RecordCount()) {
$check_customer = $check_customer_result->fields;
// Crypted password mods - create a new password, update the database and mail it to them
$newpass = oos_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = oos_encrypt_password($newpass);
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_password = '******'\n WHERE customers_id = '" . $check_customer['customers_id'] . "'");
oos_mail($check_customer['customers_firstname'] . " " . $check_customer['customers_lastname'], $email_address, $aLang['email_password_reminder_subject'], nl2br(sprintf($aLang['email_password_reminder_body'], $newpass)), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$_SESSION['info_message'] = $aLang['text_password_sent'];
oos_redirect(oos_href_link($aModules['user'], $aFilename['login'], '', 'SSL', true, false));
} else {
oos_redirect(oos_href_link($aModules['user'], $aFilename['password_forgotten'], 'email=nonexistent', 'SSL'));
}
} else {
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title_1'], oos_href_link($aModules['user'], $aFilename['login'], '', 'SSL'));
$oBreadcrumb->add($aLang['navbar_title_2'], oos_href_link($aModules['user'], $aFilename['password_forgotten'], '', 'SSL'));
$aOption['template_main'] = $sTheme . '/modules/user_password_forgotten.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$nPageType = OOS_PAGE_TYPE_SERVICE;
require 'includes/oos_system.php';
if (!isset($option)) {
require 'includes/info_message.php';
require 'includes/oos_blocks.php';
require 'includes/oos_counter.php';
}
// assign Smarty variables;
}
}
if (strlen($_GET['pfrom']) > 0 && !(($errorno & 10000) == 10000) && strlen($_GET['pto']) > 0 && !(($errorno & 100000) == 100000)) {
if ($pfrom_to_check > $pto_to_check) {
$errorno += 1000000;
$error = 1;
}
}
if (strlen($_GET['keywords']) > 0) {
if (!oos_parse_search_string(stripslashes($_GET['keywords']), $search_keywords)) {
$errorno += 10000000;
$error = 1;
}
}
if ($error == 1) {
oos_redirect(oos_href_link($aModules['search'], $aFilename['advanced_search'], 'errorno=' . $errorno . '&' . oos_get_all_get_parameters()));
} else {
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title1'], oos_href_link($aModules['search'], $aFilename['advanced_search']));
$oBreadcrumb->add($aLang['navbar_title2'], oos_href_link($aModules['search'], $aFilename['advanced_search_result'], 'keywords=' . $_GET['keywords'] . '&search_in_description=' . $_GET['search_in_description'] . '&categories_id=' . $_GET['categories_id'] . '&inc_subcat=' . $_GET['inc_subcat'] . '&manufacturers_id=' . $_GET['manufacturers_id'] . '&pfrom=' . $_GET['pfrom'] . '&pto=' . $_GET['pto'] . '&dfrom=' . $_GET['dfrom'] . '&dto=' . $_GET['dto']));
// Search enhancement mod start
$search_keywords = oos_var_prep_for_os($_GET['keywords']);
$search_keywords = strip_tags($search_keywords);
$search_keywords = addslashes($search_keywords);
if ($search_keywords != $_SESSION['last_search_insert']) {
$dbconn->Execute("INSERT INTO " . $oostable['search_queries'] . " (search_text) VALUES ('" . oos_db_input($search_keywords) . "')");
$last_search_insert = $search_keywords;
$_SESSION['last_search_insert'] = $last_search_insert;
}
// Search enhancement mod end
// create column list
function collect_posts()
{
global $oCurrencies, $aLang;
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
if ($_POST['gv_redeem_code']) {
// get some info from the coupon table
$couponstable = $oostable['coupons'];
$sql = "SELECT coupon_id, coupon_amount, coupon_type, coupon_minimum_order,\n uses_per_coupon, uses_per_user, restrict_to_products,\n restrict_to_categories\n FROM {$couponstable}\n WHERE coupon_code = '" . oos_db_input($_POST['gv_redeem_code']) . "'\n AND coupon_active = 'Y'";
$coupon_query = $dbconn->Execute($sql);
$coupon_result = $coupon_query->fields;
if ($coupon_result['coupon_type'] != 'G') {
if ($coupon_query->RecordCount() == 0) {
$_SESSION['error_message'] = $aLang['error_no_invalid_redeem_coupon'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
$couponstable = $oostable['coupons'];
$sql = "SELECT coupon_start_date\n FROM {$couponstable}\n WHERE coupon_start_date <= '" . date("Y-m-d H:i:s", time()) . "'\n AND coupon_code= '" . oos_db_input($_POST['gv_redeem_code']) . "'";
$date_query = $dbconn->Execute($sql);
if ($date_query->RecordCount() == 0) {
$_SESSION['error_message'] = $aLang['error_invalid_startdate_coupon'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
$couponstable = $oostable['coupons'];
$sql = "SELECT coupon_expire_date\n FROM {$couponstable}\n WHERE coupon_expire_date >= '" . date("Y-m-d H:i:s", time()) . "'\n AND coupon_code= '" . oos_db_input($_POST['gv_redeem_code']) . "'";
$date_query = $dbconn->Execute($sql);
if ($date_query->RecordCount() == 0) {
$_SESSION['error_message'] = $aLang['error_invalid_finisdate_coupon'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
$coupon_redeem_tracktable = $oostable['coupon_redeem_track'];
$sql = "SELECT coupon_id\n FROM {$coupon_redeem_tracktable}\n WHERE coupon_id = '" . $coupon_result['coupon_id'] . "'";
$coupon_count = $dbconn->Execute($sql);
$coupon_redeem_tracktable = $oostable['coupon_redeem_track'];
$sql = "SELECT coupon_id\n FROM {$coupon_redeem_tracktable}\n WHERE coupon_id = '" . $coupon_result['coupon_id'] . "'\n AND customer_id = '" . intval($_SESSION['customer_id']) . "'";
$coupon_count_customer = $dbconn->Execute($sql);
if ($coupon_count->RecordCount() >= $coupon_result['uses_per_coupon'] && $coupon_result['uses_per_coupon'] > 0) {
$_SESSION['error_message'] = $aLang['error_invalid_uses_coupon'] . $coupon_result['uses_per_coupon'] . $aLang['times'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
if ($coupon_count_customer->RecordCount() >= $coupon_result['uses_per_user'] && $coupon_result['uses_per_user'] > 0) {
$_SESSION['error_message'] = $aLang['error_invalid_uses_user_coupon'] . $coupon_result['uses_per_user'] . $aLang['times'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
if ($coupon_result['coupon_type'] == 'S') {
$coupon_amount = $oOrder->info['shipping_cost'];
} else {
$coupon_amount = $oCurrencies->format($coupon_result['coupon_amount']) . ' ';
}
if ($coupon_result['type'] == 'P') {
$coupon_amount = $coupon_result['coupon_amount'] . '% ';
}
if ($coupon_result['coupon_minimum_order'] > 0) {
$coupon_amount .= 'on orders greater than ' . $coupon_result['coupon_minimum_order'];
}
$_SESSION['cc_id'] = $coupon_result['coupon_id'];
}
if ($_POST['submit_redeem_coupon_x'] && !$_POST['gv_redeem_code']) {
$_SESSION['error_message'] = $aLang['error_no_invalid_redeem_coupon'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
}
}
function before_process()
{
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
if ($_POST['valid'] == '1') {
if ($remote_host = oos_server_get_var('REMOTE_HOST')) {
if ($remote_host != 'secpay.com') {
$remote_host = @gethostbyaddr($remote_host);
}
if ($remote_host != 'secpay.com') {
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], oos_session_name() . '=' . $_POST[oos_session_name()] . '&payment_error=' . $this->code, 'SSL', false, false));
}
} else {
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], oos_session_name() . '=' . $_POST[oos_session_name()] . '&payment_error=' . $this->code, 'SSL', false, false));
}
}
}
}
// Die if remaining count is <=0
if ($downloads['download_count'] <= 0) {
die;
}
// Die if file is not there
if (!file_exists(OOS_DOWNLOAD_PATH . $downloads['orders_products_filename'])) {
die;
}
// Now decrement counter
$dbconn->Execute("UPDATE " . $oostable['orders_products_download'] . "\n SET download_count = download_count-1\n WHERE orders_products_download_id = '" . intval($_GET['id']) . "'");
// Now send the file with header() magic
header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: Application/octet-stream");
header("Content-disposition: attachment; filename=" . $downloads['orders_products_filename']);
if (DOWNLOAD_BY_REDIRECT == '1') {
// This will work only on Unix/Linux hosts
oos_unlink_temp_dir(OOS_DOWNLOAD_PATH_PUBLIC);
$tempdir = oos_random_name();
umask(00);
mkdir(OOS_DOWNLOAD_PATH_PUBLIC . $tempdir, 0777);
symlink(OOS_DOWNLOAD_PATH . $downloads['orders_products_filename'], OOS_DOWNLOAD_PATH_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']);
oos_redirect(OOS_DOWNLOAD . $tempdir . '/' . $downloads['orders_products_filename']);
} else {
// This will work on all systems, but will need considerable resources
// We could also loop with fread($fp, 4096) to save memory
readfile(OOS_DOWNLOAD_PATH . $downloads['orders_products_filename']);
}
if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) {
if ($_SESSION['cart']->cartID != $_SESSION['cartID']) {
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_shipping'], '', 'SSL'));
}
}
// Stock Check
if (STOCK_CHECK == '1' && STOCK_ALLOW_CHECKOUT != '1') {
$products = $_SESSION['cart']->get_products();
$any_out_of_stock = 0;
for ($i = 0, $n = count($products); $i < $n; $i++) {
if (oos_check_stock($products[$i]['id'], $products[$i]['quantity'])) {
$any_out_of_stock = 1;
}
}
if ($any_out_of_stock == 1) {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main_shopping_cart']));
}
}
// if no billing destination address was selected, use the customers own address as default
if (!isset($_SESSION['billto'])) {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
} else {
// verify the selected billing address
$address_booktable = $oostable['address_book'];
$sql = "SELECT COUNT(*) AS total\n FROM {$address_booktable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'\n AND address_book_id = '" . intval($_SESSION['billto']) . "'";
$check_address_result = $dbconn->Execute($sql);
$check_address = $check_address_result->fields;
if ($check_address['total'] != '1') {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
if (isset($_SESSION['payment'])) {
unset($_SESSION['payment']);
$check_customer = $check_customer_result->fields;
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_newsletter = '1'\n WHERE customers_id = '" . $check_customer['customers_id'] . "'");
oos_redirect(oos_href_link($aModules['newsletters'], $aFilename['newsletters_subscribe_success']));
} else {
$maillisttable = $oostable['maillist'];
$sql = "SELECT customers_firstname\n FROM {$maillisttable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'";
$check_mail_customer_result = $dbconn->Execute($sql);
if ($check_mail_customer_result->RecordCount()) {
$maillisttable = $oostable['maillist'];
$dbconn->Execute("UPDATE {$maillisttable}\n SET customers_newsletter = '1'\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'");
oos_redirect(oos_href_link($aModules['newsletters'], $aFilename['newsletters_subscribe_success']));
} else {
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_newsletter' => 1);
oos_db_perform($oostable['maillist'], $sql_data_array);
oos_redirect(oos_href_link($aModules['newsletters'], $aFilename['newsletters_subscribe_success']));
}
}
}
} else {
$oBreadcrumb->add($aLang['navbar_title_1'], oos_href_link($aModules['newsletters'], $aFilename['newsletters'], '', 'SSL'));
$aOption['template_main'] = $sTheme . '/modules/newsletters.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$nPageType = OOS_PAGE_TYPE_SERVICE;
require 'includes/oos_system.php';
if (!isset($option)) {
require 'includes/info_message.php';
require 'includes/oos_blocks.php';
require 'includes/oos_counter.php';
}
// assign Smarty variables;
}
if (isset($quote['error'])) {
unset($_SESSION['shipping']);
} else {
if (isset($quote[0]['methods'][0]['title']) && isset($quote[0]['methods'][0]['cost'])) {
$_SESSION['shipping'] = array('id' => $_SESSION['shipping'], 'title' => $free_shipping == true ? $quote[0]['methods'][0]['title'] : $quote[0]['module'] . ' (' . $quote[0]['methods'][0]['title'] . ')', 'cost' => $quote[0]['methods'][0]['cost']);
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
}
} else {
unset($_SESSION['shipping']);
}
}
} else {
$_SESSION['shipping'] = false;
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
}
// get all available shipping quotes
$quotes = $oShippingModules->quote();
// if no shipping method has been selected, automatically select the cheapest method.
// if the modules status was changed when none were available, to save on implementing
// a javascript force-selection method, also automatically select the cheapest shipping
// method if more than one module is now enabled
if (!isset($_SESSION['shipping']) || isset($_SESSION['shipping']) && $_SESSION['shipping'] == false && oos_count_shipping_modules() > 1) {
$_SESSION['shipping'] = $oShippingModules->cheapest();
}
list($sess_class, $sess_method) = split('_', $_SESSION['shipping']['id']);
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title_1'], oos_href_link($aModules['checkout'], $aFilename['checkout_shipping'], '', 'SSL'));
$oBreadcrumb->add($aLang['navbar_title_2'], oos_href_link($aModules['checkout'], $aFilename['checkout_shipping'], '', 'SSL'));
if (!isset($nProductsId)) {
$nProductsId = oos_get_product_id($_GET['products_id']);
}
} else {
oos_redirect(oos_href_link($aModules['reviews'], $aFilename['reviews_reviews']));
}
require 'includes/languages/' . $sLanguage . '/reviews_product.php';
// lets retrieve all $_GET keys and values..
$get_params = oos_get_all_get_parameters(array('reviews_id'));
$get_params = oos_remove_trailing($get_params);
$productstable = $oostable['products'];
$products_descriptiontable = $oostable['products_description'];
$sql = "SELECT pd.products_name, p.products_model\n FROM {$products_descriptiontable} pd LEFT JOIN\n {$productstable} p ON pd.products_id = p.products_id\n WHERE pd.products_languages_id = '" . intval($nLanguageID) . "'\n AND p.products_status >= '1'\n AND pd.products_id = '" . intval($nProductsId) . "'";
$product_info_result = $dbconn->Execute($sql);
if (!$product_info_result->RecordCount()) {
oos_redirect(oos_href_link($aModules['reviews'], $aFilename['reviews_reviews']));
}
$product_info = $product_info_result->fields;
$reviewstable = $oostable['reviews'];
$sql = "SELECT reviews_rating, reviews_id, customers_name, date_added, reviews_read\n FROM {$reviewstable}\n WHERE products_id = '" . intval($nProductsId) . "'\n ORDER BY reviews_id DESC";
$reviews_result = $dbconn->Execute($sql);
$aReviews = array();
while ($reviews = $reviews_result->fields) {
$aReviews[] = array('rating' => $reviews['reviews_rating'], 'id' => $reviews['reviews_id'], 'customers_name' => $reviews['customers_name'], 'date_added' => oos_date_short($reviews['date_added']), 'read' => $reviews['reviews_read']);
$reviews_result->MoveNext();
}
// links breadcrumb
$oBreadcrumb->add($product_info['products_name'], oos_href_link($aModules['products'], $aFilename['product_info'], 'categories=' . $categories . '&products_id=' . $nProductsId));
$oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aModules['reviews'], $aFilename['product_reviews'], $get_params));
$aOption['template_main'] = $sTheme . '/modules/product_reviews.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
/**
* Protects better diverse attempts of Cross-Site Scripting
* attacks, thanks to webmedic, Timax, larsneo.
*
* Lets validate the current php version and set globals
* accordingly.
* Do not change this value unless you know what you are
* doing you have been warned!
*/
function oos_secure_input()
{
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
# Cross-Site Scripting attack defense - Sent by larsneo
# some syntax checking against injected javascript
# extended by Neo
/**
* Lets now sanitize the GET vars
*/
if (count($_GET) > 0) {
foreach ($_GET as $secvalue) {
if (!is_array($secvalue)) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) || eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $secvalue) || eregi("<[^>]*object*\"?[^>]*>", $secvalue) || eregi("<[^>]*iframe*\"?[^>]*>", $secvalue) || eregi("<[^>]*applet*\"?[^>]*>", $secvalue) || eregi("<[^>]*meta*\"?[^>]*>", $secvalue) || eregi("<[^>]*style*\"?[^>]*>", $secvalue) || eregi("<[^>]*form*\"?[^>]*>", $secvalue) || eregi("<[^>]*window.*\"?[^>]*>", $secvalue) || eregi("<[^>]*alert*\"?[^>]*>", $secvalue) || eregi("<[^>]*img*\"?[^>]*>", $secvalue) || eregi("<[^>]*document.*\"?[^>]*>", $secvalue) || eregi("<[^>]*cookie*\"?[^>]*>", $secvalue) || eregi("\"", $secvalue)) {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
}
}
}
}
/**
* Lets now sanitize the POST vars
*/
if (count($_POST) > 0) {
foreach ($_POST as $secvalue) {
if (!is_array($secvalue)) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) || eregi("<[^>]*object*\"?[^>]*>", $secvalue) || eregi("<[^>]*iframe*\"?[^>]*>", $secvalue) || eregi("<[^>]*applet*\"?[^>]*>", $secvalue) || eregi("<[^>]*window.*\"?[^>]*>", $secvalue) || eregi("<[^>]*alert*\"?[^>]*>", $secvalue) || eregi("<[^>]*document.*\"?[^>]*>", $secvalue) || eregi("<[^>]*cookie*\"?[^>]*>", $secvalue) || eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
}
}
}
}
/**
* Lets now sanitize the COOKIE vars
*/
if (count($_COOKIE) > 0) {
foreach ($_COOKIE as $secvalue) {
if (!is_array($secvalue)) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) || eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $secvalue) || eregi("<[^>]*object*\"?[^>]*>", $secvalue) || eregi("<[^>]*iframe*\"?[^>]*>", $secvalue) || eregi("<[^>]*applet*\"?[^>]*>", $secvalue) || eregi("<[^>]*meta*\"?[^>]*>", $secvalue) || eregi("<[^>]*style*\"?[^>]*>", $secvalue) || eregi("<[^>]*form*\"?[^>]*>", $secvalue) || eregi("<[^>]*window.*\"?[^>]*>", $secvalue) || eregi("<[^>]*alert*\"?[^>]*>", $secvalue) || eregi("<[^>]*document.*\"?[^>]*>", $secvalue) || eregi("<[^>]*cookie*\"?[^>]*>", $secvalue) || eregi("<[^>]*img*\"?[^>]*>", $secvalue)) {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
}
}
}
}
}
$sql_data_array = array('ticket_link_id' => $ticket_link_id, 'ticket_customers_id' => $ticket_customers_id, 'ticket_customers_orders_id' => $ticket_customers_orders_id, 'ticket_customers_email' => $email, 'ticket_customers_name' => $name, 'ticket_subject' => $subject, 'ticket_status_id' => TICKET_DEFAULT_STATUS_ID, 'ticket_department_id' => $department, 'ticket_priority_id' => $priority, 'ticket_login_required' => TICKET_CUSTOMER_LOGIN_REQUIREMENT_DEFAULT, 'ticket_date_last_modified' => 'now()', 'ticket_date_last_customer_modified' => 'now()', 'ticket_date_created' => 'now()');
oos_db_perform($oostable['ticket_ticket'], $sql_data_array);
$insert_id = $dbconn->Insert_ID();
$sql_data_array = array('ticket_id' => $insert_id, 'ticket_status_id' => TICKET_DEFAULT_STATUS_ID, 'ticket_priority_id' => $priority, 'ticket_department_id' => $department, 'ticket_date_modified' => 'now()', 'ticket_customer_notified' => '1', 'ticket_edited_by' => $name, 'ticket_comments' => $enquiry);
oos_db_perform($oostable['ticket_status_history'], $sql_data_array);
// Email Customer doesn't get the Message cause he should use the web
$ticket_email_subject = $aLang['ticket_email_subject'] . $subject;
$ticket_email_message = $aLang['ticket_email_message_header'] . "\n\n" . oos_href_link($aModules['ticket'], $aFilename['ticket_view'], 'tlid=' . $ticket_link_id, 'NONSSL', false, false) . "\n\n" . $aLang['ticket_email_ticket_nr'] . " " . $ticket_link_id . "\n" . $aLang['ticket_email_message_footer'];
$ticket_email_message = decode($ticket_email_message);
oos_mail($name, $email, $ticket_email_subject, nl2br($ticket_email_message), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '3');
// send emails to other people
if (SEND_EXTRA_ORDER_EMAILS_TO != '') {
// $ticket_email_message = $aLang['ticket_email_message_header'] . "\n\n" . oos_href_link($aModules['ticket'], $aFilename['ticket_view'], 'tlid=' . $ticket_link_id, 'NONSSL', false, false) . "\n\n" . $aLang['ticket_email_message_footer'] . "\n\n" . $enquiry;
oos_mail('', SEND_EXTRA_ORDER_EMAILS_TO, $ticket_email_subject, nl2br($ticket_email_message), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '1');
}
oos_redirect(oos_href_link($aModules['ticket'], $aFilename['ticket_create'], 'action=success&tlid=' . $ticket_link_id));
}
}
if (TICKET_USE_ORDER_IDS == '1' && isset($_SESSION['customer_id'])) {
$orders_id = array();
$orders_values = array();
$orderstable = $oostable['orders'];
$sql = "SELECT orders_id, date_purchased\n FROM {$orderstable}\n WHERE customers_id= '" . intval($_SESSION['customer_id']) . "'";
$customers_orders_result = $dbconn->Execute($sql);
if (isset($_GET['ticket_order_id'])) {
$ticket_preselected_order_id = oos_var_prep_for_os($_GET['ticket_order_id']);
}
$orders_id[] = '';
$orders_values[] = ' --- ';
while ($customers_orders = $customers_orders_result->fields) {
$orders_id[] = $customers_orders['orders_id'];
Copyright (c) 2003 - 2009 by the OOS Development Team.
----------------------------------------------------------------------
Based on:
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2001 - 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
define('OOS_VALID_MOD', 'yes');
// MyOOS requires PHP 5.2+
version_compare(PHP_VERSION, '5.2', '<') and exit('MyOOS requires PHP 5.2 or newer.');
require dirname(__FILE__) . '/includes/oos_main.php';
$sMp = oos_var_prep_for_os($sMp);
$sFile = oos_var_prep_for_os($sFile);
$sLanguage = oos_var_prep_for_os($_SESSION['language']);
$sTheme = oos_var_prep_for_os($_SESSION['theme']);
if (is_readable('includes/pages/' . $sMp . '/' . $sFile . '.php')) {
if (isset($_GET['history_back'])) {
$_SESSION['navigation']->remove_last_page();
} else {
$_SESSION['navigation']->add_current_page();
}
require dirname(__FILE__) . '/includes/pages/' . $sMp . '/' . $sFile . '.php';
} else {
oos_redirect(oos_href_link($aModules['error'], $aFilename['error404']));
}
require dirname(__FILE__) . '/includes/oos_nice_exit.php';
}
}
if ($_POST['action'] == 'update') {
oos_db_perform($oostable['address_book'], $sql_data_array, 'update', "address_book_id = '" . oos_db_input($entry_id) . "' AND customers_id ='" . intval($_SESSION['customer_id']) . "'");
} else {
$sql_data_array['customers_id'] = $_SESSION['customer_id'];
$sql_data_array['address_book_id'] = $entry_id;
oos_db_perform($oostable['address_book'], $sql_data_array);
if (count($_SESSION['navigation']->snapshot) > 0) {
$origin_href = oos_href_link($_SESSION['navigation']->snapshot['modules'], $_SESSION['navigation']->snapshot['file'], $_SESSION['navigation']->snapshot['get'], $_SESSION['navigation']->snapshot['mode']);
$_SESSION['navigation']->clear_snapshot();
oos_redirect($origin_href);
}
}
}
oos_redirect(oos_href_link($aModules['account'], $aFilename['account_address_book'], '', 'SSL'));
}
}
if (isset($_GET['action']) && $_GET['action'] == 'modify' && oos_is_not_null($_GET['entry_id'])) {
$address_booktable = $oostable['address_book'];
$sql = "SELECT entry_gender, entry_company, entry_firstname, entry_lastname,\n entry_street_address, entry_suburb, entry_postcode, entry_city,\n entry_state, entry_zone_id, entry_country_id\n FROM {$address_booktable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'\n AND address_book_id = '" . intval($_GET['entry_id']) . "'";
$entry = $dbconn->GetRow($sql);
} else {
$entry = array('entry_country_id' => STORE_COUNTRY);
}
if (!isset($process)) {
$process = '0';
}
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title_1'], oos_href_link($aModules['user'], $aFilename['account'], '', 'SSL'));
$oBreadcrumb->add($aLang['navbar_title_2'], oos_href_link($aModules['account'], $aFilename['account_address_book'], '', 'SSL'));
$new_encrypted_password = oos_encrypt_password($password);
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_password' => $new_encrypted_password);
if (ACCOUNT_GENDER == '1') {
$sql_data_array['customers_gender'] = $gender;
}
oos_db_perform($oostable['customers'], $sql_data_array, 'update', "customers_id = '" . intval($_SESSION['customer_id']) . "'");
if (oos_is_not_null($_COOKIE['password'])) {
$cookie_url_array = parse_url((ENABLE_SSL == true ? OOS_HTTPS_SERVER : OOS_HTTP_SERVER) . substr(OOS_SHOP, 0, -1));
$cookie_path = $cookie_url_array['path'];
setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
setcookie('password', $new_encrypted_password, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
}
$update_info_sql = "UPDATE " . $oostable['customers_info'] . "\n SET customers_info_date_account_last_modified = '" . date("Y-m-d H:i:s", time()) . "'\n WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'";
$dbconn->Execute($update_info_sql);
if (SEND_CUSTOMER_EDIT_EMAILS == '1') {
$email_owner = $aLang['owner_email_subject'] . "\n" . $aLang['email_separator'] . "\n" . $aLang['owner_email_date'] . ' ' . strftime(DATE_FORMAT_LONG) . "\n\n" . $aLang['email_separator'] . "\n";
if (ACCOUNT_NUMBER == '1') {
$email_owner .= $aLang['owner_email_number'] . ' ' . $number . "\n" . $aLang['email_separator'] . "\n\n";
}
if (ACCOUNT_GENDER == '1') {
if ($gender == 'm') {
$email_owner .= $aLang['entry_gender'] . ' ' . $aLang['male'] . "\n";
} else {
$email_owner .= $aLang['entry_gender'] . ' ' . $aLang['female'] . "\n";
}
}
$email_owner .= $aLang['owner_email_first_name'] . ' ' . $firstname . "\n" . $aLang['owner_email_last_name'] . ' ' . $lastname . "\n\n" . $aLang['email_separator'] . "\n\n" . $aLang['owner_email_contact'] . "\n" . $aLang['owner_email_address'] . ' ' . $email_address . "\n" . $aLang['email_separator'] . "\n\n" . $aLang['owner_email_options'] . "\n";
oos_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $aLang['owner_email_subject'], nl2br($email_owner), $name, $email_address);
}
oos_redirect(oos_href_link($aModules['user'], $aFilename['account'], '', 'SSL'));
}
function collect_posts()
{
global $oCurrencies, $coupon_no, $aLang;
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
if ($_POST['gv_redeem_code']) {
$couponstable = $oostable['coupons'];
$gv_query = $dbconn->Execute("SELECT coupon_id, coupon_type, coupon_amount FROM {$couponstable} WHERE coupon_code = '" . oos_db_input($_POST['gv_redeem_code']) . "'");
$gv_result = $gv_query->fields;
if ($gv_query->RecordCount() != 0) {
$coupon_redeem_tracktable = $oostable['coupon_redeem_track'];
$redeem_query = $dbconn->Execute("SELECT * FROM {$coupon_redeem_tracktable} WHERE coupon_id = '" . $gv_result['coupon_id'] . "'");
if ($redeem_query->RecordCount() != 0 && $gv_result['coupon_type'] == 'G') {
$_SESSION['error_message'] = $aLang['error_no_invalid_redeem_gv'];
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
}
if ($gv_result['coupon_type'] == 'G') {
$gv_amount = $gv_result['coupon_amount'];
// Things to set
// ip address of claimant
// customer id of claimant
// date
// redemption flag
// now update customer account with gv_amount
$coupon_gv_customertable = $oostable['coupon_gv_customer'];
$gv_amount_query = $dbconn->Execute("SELECT amount FROM {$coupon_gv_customertable} WHERE customer_id = '" . intval($_SESSION['customer_id']) . "'");
$customer_gv = false;
$total_gv_amount = $gv_amount;
if ($gv_amount_result = $gv_amount_query->fields) {
$total_gv_amount = $gv_amount_result['amount'] + $gv_amount;
$customer_gv = true;
}
$couponstable = $oostable['coupons'];
$gv_update = $dbconn->Execute("UPDATE {$couponstable}\n SET coupon_active = 'N'\n WHERE coupon_id = '" . $gv_result['coupon_id'] . "'");
$remote_addr = $_SESSION['session_ip_address'];
$coupon_redeem_tracktable = $oostable['coupon_redeem_track'];
$gv_redeem = $dbconn->Execute("INSERT INTO {$coupon_redeem_tracktable}\n (coupon_id,\n customer_id,\n redeem_date,\n redeem_ip) VALUES ('" . $gv_result['coupon_id'] . "',\n '" . intval($_SESSION['customer_id']) . "',\n '" . date("Y-m-d H:i:s", time()) . "',\n '" . oos_db_input($remote_addr) . "')");
if ($customer_gv) {
$coupon_gv_customertable = $oostable['coupon_gv_customer'];
// already has gv_amount so update
$gv_update = $dbconn->Execute("UPDATE {$coupon_gv_customertable}\n SET amount = '" . $total_gv_amount . "'\n WHERE customer_id = '" . intval($_SESSION['customer_id']) . "'");
} else {
// no gv_amount so insert
$coupon_gv_customertable = $oostable['coupon_gv_customer'];
$gv_insert = $dbconn->Execute("INSERT INTO {$coupon_gv_customertable}\n (customer_id,\n amount) VALUES ('" . intval($_SESSION['customer_id']) . "',\n '" . $total_gv_amount . "')");
}
$_SESSION['error_message'] = $aLang['error_redeemed_amount'] . $oCurrencies->format($gv_amount);
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], '', 'SSL'));
}
}
if ($_POST['submit_redeem_x'] && $gv['coupon_type'] == 'G') {
oos_redirect(oos_href_link($aModules['checkout'], $aFilename['checkout_payment'], 'error_message=' . urlencode(decode($aLang['error_no_redeem_code'])), 'SSL'));
}
}
if ($file == '.' || $file == '..' || $file == 'CVS' || $file == '.svn' || $file == 'default' || filetype($sLocaleDir . $file) == 'file') {
continue;
}
if (filetype(realpath($sLocaleDir . $file)) == 'dir') {
$aSkins[] = $file;
}
}
closedir($dh);
}
}
sort($aSkins);
foreach ($aSkins as $sName) {
$oSmarty->clear_cache(null, $sName . '|products|reviews');
}
}
oos_redirect(oos_href_link($aModules['reviews'], $aFilename['product_reviews'], $get_parameters));
}
$oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aModules['reviews'], $aFilename['product_reviews'], $get_parameters));
$customerstable = $oostable['customers'];
$sql = "SELECT customers_firstname, customers_lastname\n FROM {$customerstable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'";
$customer_info_result = $dbconn->Execute($sql);
$customer_info = $customer_info_result->fields;
ob_start();
require 'js/product_reviews_write.js.php';
$javascript = ob_get_contents();
ob_end_clean();
$aOption['template_main'] = $sTheme . '/modules/product_reviews_write.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$nPageType = OOS_PAGE_TYPE_REVIEWS;
require 'includes/oos_system.php';
if (!isset($option)) {
if (isset($_GET['wlid'])) {
$wlid = oos_db_prepare_input($_GET['wlid']);
}
if (strlen($wlid) < 10) {
unset($wlid);
}
$wishlist_result_raw = "SELECT products_id, customers_wishlist_date_added\n FROM " . $oostable['customers_wishlist'] . "\n WHERE customers_wishlist_link_id = '" . oos_db_input($wlid) . "'\n ORDER BY customers_wishlist_date_added";
$wishlist_split = new splitPageResults($_GET['page'], MAX_DISPLAY_WISHLIST_PRODUCTS, $wishlist_result_raw, $wishlist_numrows);
$wishlist_result = $dbconn->Execute($wishlist_result_raw);
if (!$wishlist_result->RecordCount()) {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main'], '', 'NONSSL'));
}
$sql = "SELECT customers_firstname, customers_lastname\n FROM " . $oostable['customers'] . "\n WHERE customers_wishlist_link_id = '" . oos_db_input($wlid) . "'";
$customer_result = $dbconn->Execute($sql);
if (!$customer_result->RecordCount()) {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main'], '', 'NONSSL'));
}
$customer_info = $customer_result->fields;
$customer = $customer_info['customers_firstname'] . ' ' . $customer_info['customers_lastname'] . ': ';
$aWishlist = array();
while ($wishlist = $wishlist_result->fields) {
$wl_products_id = oos_get_product_id($wishlist['products_id']);
$sql = "SELECT p.products_id, pd.products_name, pd.products_description, p.products_model,\n p.products_image, p.products_price, p.products_base_price, p.products_base_unit,\n p.products_discount_allowed, p.products_tax_class_id, p.products_units_id\n FROM " . $oostable['products'] . " p,\n " . $oostable['products_description'] . " pd\n WHERE p.products_id = '" . intval($wl_products_id) . "'\n AND pd.products_id = p.products_id\n AND pd.products_languages_id = '" . intval($nLanguageID) . "'";
$wishlist_product = $dbconn->GetRow($sql);
$wishlist_product_price = '';
$wishlist_product_special_price = '';
$wishlist_product_discount = 0;
$wishlist_product_discount_price = '';
$wishlist_base_product_price = '';
$wishlist_base_product_special_price = '';
$wishlist_special_price = '';
$sql = "SELECT manufacturers_url\n FROM {$manufacturers_infotable}\n WHERE manufacturers_id = '" . intval($manufacturers_id) . "'\n AND manufacturers_languages_id = '" . intval($nLanguageID) . "'";
$manufacturer_result = $dbconn->Execute($sql);
if (!$manufacturer_result->RecordCount()) {
// no url exists for the selected language, lets use the default language then
$manufacturers_infotable = $oostable['manufacturers_info'];
$languagestable = $oostable['languages'];
$sql = "SELECT mi.manufacturers_languages_id, mi.manufacturers_url\n FROM {$manufacturers_infotable} mi,\n {$languagestable} l\n WHERE mi.manufacturers_id = '" . intval($manufacturers_id) . "'\n AND mi.manufacturers_languages_id = l.iso_639_2\n AND l.iso_639_2 = '" . DEFAULT_LANGUAGE . "'";
$manufacturer_result = $dbconn->Execute($sql);
if (!$manufacturer_result->RecordCount()) {
// no url exists, return to the site
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
} else {
$manufacturer = $manufacturer_result->fields;
$manufacturers_infotable = $oostable['manufacturers_info'];
$dbconn->Execute("UPDATE {$manufacturers_infotable} SET url_clicked = url_clicked+1, date_last_click = '" . date("Y-m-d H:i:s", time()) . "' WHERE manufacturers_id = '" . intval($manufacturers_id) . "' AND manufacturers_languages_id = '" . $manufacturer['manufacturers_languages_id'] . "'");
}
} else {
// url exists in selected language
$manufacturer = $manufacturer_result->fields;
$manufacturers_infotable = $oostable['manufacturers_info'];
$dbconn->Execute("UPDATE {$manufacturers_infotable} SET url_clicked = url_clicked+1, date_last_click = '" . date("Y-m-d H:i:s", time()) . "' WHERE manufacturers_id = '" . intval($manufacturers_id) . "' AND manufacturers_languages_id = '" . intval($nLanguageID) . "'");
}
oos_redirect($manufacturer['manufacturers_url']);
} else {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
}
break;
default:
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
break;
}
}
if ($_SESSION['error_cart_msg'] == '') {
oos_redirect(oos_href_link($goto_mp, $goto_file, oos_get_all_get_parameters($parameters), 'NONSSL'));
} else {
oos_redirect(oos_href_link($aModules['products'], $aFilename['product_info'], 'products_id=' . $_POST['products_id']));
}
}
break;
case 'frend_wishlist_add_product':
if (isset($_POST['products_id']) && is_numeric($_POST['cart_quantity'])) {
$cart_qty = $_SESSION['cart']->get_quantity(oos_get_uprid($_POST['products_id'], $_POST['id']));
$news_qty = $cart_qty + $cart_quantity;
$products_order_min = oos_get_products_quantity_order_min($_POST['products_id']);
$products_order_units = oos_get_products_quantity_order_units($_POST['products_id']);
if ($cart_quantity >= $products_order_min or $cart_qty >= $products_order_min) {
if ($cart_quantity % $products_order_units == 0 and $news_qty >= $products_order_min) {
$_SESSION['cart']->add_cart($_POST['products_id'], intval($news_qty), $_POST['id'], true, $_POST['to_wl_id']);
} else {
$_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_units_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_unit_text_info'] . ' ' . $products_order_units;
}
} else {
$_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_quantity_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_min_text_info'] . ' ' . $products_order_min;
}
if ($_SESSION['error_cart_msg'] == '') {
oos_redirect(oos_href_link($goto_mp, $goto_file, oos_get_all_get_parameters($parameters), 'NONSSL'));
} else {
oos_redirect(oos_href_link($aModules['products'], $aFilename['product_info'], 'products_id=' . $_POST['products_id']));
}
}
break;
}
