* virtual pages depending on the "action" varialble passed in the URL. It's
* the processing page which processes form data being submitted to paypal, it
* is the page paypal returns a user to upon success, it's the page paypal
* returns a user to upon canceling an order, and finally, it's the page that
* handles the IPN request from Paypal.
*
* I tried to comment this file, aswell as the acutall class file, as well as
* I possibly could. Please email me with questions, comments, and suggestions.
* See the header of eshop-paypal.class.php for additional resources and information.
*/
global $wpdb, $wp_query, $wp_rewrite, $blog_id, $eshopoptions;
$detailstable = $wpdb->prefix . 'eshop_orders';
$derror = __('There appears to have been an error, please contact the site admin', 'eshop');
//sanitise
include_once WP_PLUGIN_DIR . '/eshop/cart-functions.php';
$_POST = sanitise_array($_POST);
include_once WP_PLUGIN_DIR . '/eshop/paypal/index.php';
// Setup class
require_once WP_PLUGIN_DIR . '/eshop/paypal/eshop-paypal.class.php';
// include the class file
$p = new eshop_paypal_class();
// initiate an instance of the class
if ($eshopoptions['status'] == 'live') {
$p->paypal_url = 'https://www.paypal.com/cgi-bin/webscr';
// paypal url
} else {
$p->paypal_url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
// testing paypal url
}
// setup a variable for this script (ie: 'http://www.micahcarrick.com/paypal.php')
//e.g. $this_script = 'http://'.$_SERVER['HTTP_HOST'].htmlentities($_SERVER['PHP_SELF']);
function eshop_base_manager()
{
global $wpdb, $eshopoptions;
include 'eshop-base-functions.php';
if (!isset($_GET['change'])) {
?>
<div class="wrap">
<div id="eshopicon" class="icon32"></div><h2><?php
_e('eShop Base Products', 'eshop');
?>
</h2>
<?php
eshop_admin_mode();
?>
<ul>
<?php
$dlpage = '?page=' . $_GET['page'] . '&eshopbasedl=yes';
?>
<li><a href="<?php
echo $dlpage;
?>
&d=1"><?php
_e('Download the xml file', 'eshop');
?>
</a></li>
<li><a href="<?php
echo $dlpage;
?>
&d=1&os=mac"><?php
_e('Mac - Download the xml file', 'eshop');
?>
</a></li>
<li><a href="<?php
echo $dlpage;
?>
"><?php
_e('View xml file', 'eshop');
?>
</a></li>
<li><?php
echo sprintf(__('Direct link to file for Google Base: <a href="%1$s">%1$s</a>', 'eshop'), trim(site_url(), '/') . '/?eshopbasefeed');
?>
</li>
</ul>
<?php
//sort by switch statement
$csa = $csb = $csc = $csd = $cse = $csf = '';
if (isset($_GET['by'])) {
switch ($_GET['by']) {
case 'sa':
//date descending
$sortby = 'sku';
$csa = ' class="current"';
break;
case 'sb':
//description alphabetically
$sortby = 'description';
$csb = ' class="current"';
break;
/*
case'sd'://stock availability
$sortby='_eshop_stock';
$csd=' class="current"';
break;
*/
/*
case'sd'://stock availability
$sortby='_eshop_stock';
$csd=' class="current"';
break;
*/
case 'sf':
//date ascending
//date ascending
default:
$sortby = 'id';
$csf = ' class="current"';
}
} else {
$csf = ' class="current"';
$sortby = 'id';
}
$numoptions = $eshopoptions['options_num'];
$metatable = $wpdb->prefix . 'postmeta';
$poststable = $wpdb->prefix . 'posts';
$stocktable = $wpdb->prefix . "eshop_stock";
$range = 10;
$max = $wpdb->get_var("SELECT COUNT(meta.post_id) FROM {$metatable} as meta, \n\t{$poststable} as posts where meta.meta_key='_eshop_product' \n\tAND posts.ID = meta.post_id\t\n\tAND posts.post_status != 'trash' AND posts.post_status != 'revision'");
if ($eshopoptions['records'] != '' && is_numeric($eshopoptions['records'])) {
$records = $eshopoptions['records'];
} else {
$records = '10';
}
if (isset($_GET['_p']) && is_numeric($_GET['_p'])) {
$epage = $_GET['_p'];
} else {
$epage = '1';
}
if (!isset($_GET['eshopall'])) {
$page_links = paginate_links(array('base' => add_query_arg('_p', '%#%'), 'format' => '', 'total' => ceil($max / $records), 'current' => $epage, 'type' => 'array'));
$offset = $epage * $records - $records;
} else {
$page_links = paginate_links(array('base' => add_query_arg('_p', '%#%'), 'format' => '', 'total' => ceil($max / $records), 'current' => $epage, 'type' => 'array', 'show_all' => true));
$offset = '0';
$records = $max;
}
if ($max > 0) {
$apge = get_admin_url() . 'admin.php?page=eshop-base.php';
echo '<ul id="eshopsubmenu" class="stuffbox">';
echo '<li><span>' . __('Sort Orders by »', 'eshop') . '</span></li>';
echo '<li><a href="' . $apge . '&by=sf"' . $csf . '>' . __('ID Number', 'eshop') . '</a></li>';
echo '<li><a href="' . $apge . '&by=sa"' . $csa . '>' . __('Sku', 'eshop') . '</a></li>';
echo '<li><a href="' . $apge . '&by=sb"' . $csb . '>' . __('Product', 'eshop') . '</a></li>';
// echo '<li><a href="'.$apge.'&by=sd"'.$csd.'>'.__('Stock','eshop').'</a></li>';
echo '</ul>';
$myrowres = $wpdb->get_results("\n\t\tSELECT DISTINCT meta.post_id\n\t\tFROM {$metatable} as meta, {$poststable} as posts\n\t\tWHERE meta.meta_key = '_eshop_product'\n\t\tAND posts.ID = meta.post_id\n\t\tAND posts.post_status != 'trash' AND posts.post_status != 'revision'\n\t\tORDER BY meta.post_id");
$calt = 0;
$currsymbol = $eshopoptions['currency_symbol'];
$x = 0;
//add in post id( doh! )
foreach ($myrowres as $row) {
$grabit[$x] = maybe_unserialize(get_post_meta($row->post_id, '_eshop_product', true));
//get_post_custom($row->post_id);
$grabit[$x]['_eshop_stock'] = get_post_meta($row->post_id, '_eshop_stock', true);
//get_post_custom($row->post_id);
$grabit[$x]['id'] = $row->post_id;
$grabit[$x]['_featured'] = '1';
$grabit[$x]['_stock'] = '1';
if (strtolower($grabit[$x]['featured']) == 'yes') {
$grabit[$x]['_featured'] = '0';
}
if (strtolower($grabit[$x]['_eshop_stock']) == '1') {
$grabit[$x]['_stock'] = '0';
}
$x++;
}
$array = $grabit;
$grab = eshop_subval_sort($array, $sortby);
?>
<table class="widefat">
<caption><?php
_e('Product Quick reference table', 'eshop');
?>
</caption>
<thead>
<tr>
<th id="sku"><?php
_e('Sku', 'eshop');
?>
</th>
<th id="page"><?php
_e('Page', 'eshop');
?>
</th>
<th id="desc"><?php
_e('Description', 'eshop');
?>
</th>
<th id="down"><?php
_e('Download', 'eshop');
?>
</th>
<th id="stkavail"><abbr title="<?php
_e('Stock Available', 'eshop');
?>
"><?php
_e('Stk avail.', 'eshop');
?>
</abbr></th>
<th id="stk"><?php
_e('Stock', 'eshop');
?>
</th>
<th id="opt"><?php
_e('Option/Price', 'eshop');
?>
</th>
<th id="imga"><?php
_e('Image', 'eshop');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$start = $epage * $records - $records;
if (isset($_GET['eshopall'])) {
$start = 0;
}
$grab = array_slice($grab, $start, $records);
foreach ($grab as $foo => $grabit) {
$eshop_product = $grabit;
if (isset($grabit['_eshop_stock'])) {
$stkav = $grabit['_eshop_stock'];
} else {
$stkav = 0;
}
if (isset($eshop_product['products']['1']['price']) && $eshop_product['products']['1']['price'] != '') {
//get page title
$ptitle = get_post($grabit['id']);
$pdown = '';
//check if downloadable product
for ($i = 1; $i <= $eshopoptions['options_num']; $i++) {
if ($eshop_product['products'][$i]['option'] != '') {
if (isset($eshop_product['products'][$i]['download']) && $eshop_product['products'][$i]['download'] != '') {
$dltable = $wpdb->prefix . 'eshop_downloads';
$fileid = $eshop_product['products'][$i]['download'];
$filetitle = $wpdb->get_var("SELECT title FROM {$dltable} WHERE id='{$fileid}'");
$pdown .= '<a href="admin.php?page=eshop-downloads.php&edit=' . $fileid . '">' . $filetitle . '</a>';
$pdownloads = 'yes';
} else {
$pdown .= '<br />';
}
}
}
if ($ptitle->post_title == '') {
$posttitle = __('(no title)', 'eshop');
} else {
$posttitle = $ptitle->post_title;
}
$calt++;
$alt = $calt % 2 ? '' : ' class="alternate"';
echo '<tr' . $alt . '>';
echo '<td id="sku' . $calt . '" headers="sku"><a href="admin.php?page=eshop-base.php&change=' . $grabit['id'] . '" title="' . __('Change details', 'eshop') . '">' . $eshop_product['sku'] . '</a></td>';
echo '<td headers="page sku' . $calt . '"><a href="post.php?action=edit&post=' . $grabit['id'] . '">' . $posttitle . '</a></td>';
echo '<td headers="desc sku' . $calt . '">' . stripslashes(esc_attr($eshop_product['description'])) . '</td>';
echo '<td headers="down sku' . $calt . '">' . $pdown . '</td>';
if ($stkav == '1') {
$stkchk = __('Yes', 'eshop');
} else {
$stkchk = __('No', 'eshop');
}
echo '<td headers="stkavail sku' . $calt . '">' . $stkchk . '</td>';
$pid = $grabit['id'];
if ($eshopoptions['stock_control'] == 'yes') {
$pravailable = '';
$getid = $grabit['id'];
for ($i = 1; $i <= $numoptions; $i++) {
if ($eshop_product['products'][$i]['option'] != '') {
$available = $wpdb->get_var("select available from {$stocktable} where post_id={$getid} && option_id={$i} limit 1");
if ($available == '' || $available < 0) {
$available = '0';
}
if (is_numeric($available) && $eshopoptions['stock_control'] == 'yes') {
$pravailable .= $available . '<br />' . "\n";
}
}
}
} else {
$pravailable = __('n/a', 'eshop') . '<br />';
}
echo '<td headers="stk sku' . $calt . '">' . $pravailable . '</td>';
echo '<td headers="opt sku' . $calt . '">';
for ($i = 1; $i <= $numoptions; $i++) {
if ($eshop_product['products'][$i]['option'] != '') {
echo sprintf(__('%1$s @ %2$s%3$s', 'eshop'), stripslashes(esc_attr($eshop_product['products'][$i]['option'])), $currsymbol, number_format_i18n($eshop_product['products'][$i]['price'], __('2', 'eshop'))) . '<br />';
}
}
echo '</td>';
echo '<td>';
$getid = $grabit['id'];
$w = get_option('thumbnail_size_w');
$h = get_option('thumbnail_size_h');
$imgsize = '50';
$w = round($w * $imgsize / 100);
$h = round($h * $imgsize / 100);
if (has_post_thumbnail($getid)) {
echo '<a class="itemref" href="' . get_permalink($getid) . '">' . get_the_post_thumbnail($getid, array($w, $h)) . '</a>' . "\n";
} else {
$eimage = eshop_files_directory();
$eshopnoimage = apply_filters('eshop_no_image', $eimage['1'] . 'noimage.png');
echo '<a class="itemref" href="' . get_permalink($getid) . '"><img src="' . $eshopnoimage . '" height="' . $h . '" width="' . $w . '" alt="" /></a>' . "\n";
}
echo '</td>';
echo '</tr>';
}
}
?>
</tbody>
</table>
<?php
//paginate
echo '<div class="paginate tablenav-pages stuffbox">';
if ($records != $max) {
$eecho = $page_links;
}
if (isset($_GET['eshopall'])) {
$eshopdisp = number_format_i18n(1);
} else {
$eshopdisp = number_format_i18n(($epage - 1) * $records + 1);
}
echo sprintf('<span class="displaying-num">' . __('Displaying %s–%s of %s', 'eshop') . '</span>', $eshopdisp, number_format_i18n(min($epage * $records, $max)), number_format_i18n($max));
if (isset($eecho)) {
$thispage = esc_url(add_query_arg('eshopall', 'yes', $_SERVER['REQUEST_URI']));
echo "<ul class='page-numbers'>\n\t<li>" . join("</li>\n\t<li>", $eecho) . "</li>\n<li>" . '<a href="' . $thispage . '">' . __('View All', 'eshop') . '</a>' . "</li>\n</ul>\n";
}
echo '<br /></div>';
//end
} else {
echo '<p>' . __('There are no products available.', 'eshop') . '</p>';
}
echo '</div>';
} else {
//////////change one.
//form checks:
$basetable = $wpdb->prefix . "eshop_base_products";
$change = $_GET['change'];
if (is_numeric($change)) {
if (isset($_POST['submit'])) {
include 'cart-functions.php';
if (get_magic_quotes_gpc() == 0) {
$_POST = stripslashes_array($_POST);
}
$_POST = sanitise_array($_POST);
$err = '';
if (isset($_POST['baseimg'])) {
$baseimg = esc_sql($_POST['baseimg']);
} else {
$baseimg = '';
}
$basebrand = esc_sql($_POST['basebrand']);
$baseean = esc_sql($_POST['baseean']);
$baseisbn = esc_sql($_POST['baseisbn']);
$basempn = esc_sql($_POST['basempn']);
$baseptype = esc_sql($_POST['baseptype']);
$baseqty = esc_sql($_POST['baseqty']);
$basecondition = esc_sql($_POST['basecondition']);
$baseexpiration_year = $_POST['baseexpiration_year'];
$baseexpiration_month = $_POST['baseexpiration_month'];
$baseexpiration_day = $_POST['baseexpiration_day'];
if (!is_numeric($baseqty)) {
$baseqty = '25';
$err .= '<li>' . __('Quantity was not numeric, a default of 25 has been applied.', 'eshop') . '</li>';
}
$baseexpiration = esc_sql($baseexpiration_year . '-' . $baseexpiration_month . '-' . $baseexpiration_day);
//enter in db - delete old record first,
//then it will always be an insert and easier than checking for update.
$wpdb->query("DELETE FROM {$basetable} WHERE post_id = {$change} limit 1");
$wpdb->query("INSERT INTO {$basetable} (\n\t\t\tpost_id,img,brand,ptype,thecondition,expiry,ean,isbn,mpn,qty\n\t\t\t)VALUES(\n\t\t\t'{$change}','{$baseimg}','{$basebrand}','{$baseptype}','{$basecondition}','{$baseexpiration}',\n\t\t\t'{$baseean}','{$baseisbn}','{$basempn}','{$baseqty}'\n\t\t\t)");
if ($err != '') {
echo '<div id="message" class="error fade"><p>' . __('<strong>Error</strong> the following were not valid:', 'eshop') . '</p><ul>' . $err . '</ul></div>' . "\n";
} else {
echo '<div id="message" class="updated fade"><p>' . __('eshop Base details for this product have been updated.', 'eshop') . '</p></div>' . "\n";
}
}
$basedata = $wpdb->get_row("SELECT * FROM {$basetable} WHERE post_id = {$change}");
if ($basedata == '') {
$basedata->post_id = $basedata->img = $basedata->brand = $basedata->ptype = $basedata->thecondition = $basedata->expiry = $basedata->ean = $basedata->isbn = $basedata->mpn = $basedata->qty = '';
}
?>
<div class="wrap">
<div id="eshopicon" class="icon32"></div><h2><?php
_e('eShop Base Product', 'eshop');
?>
</h2>
<?php
eshop_admin_mode();
?>
<?php
//sort by switch statement
$sortby = 'id';
$csf = ' class="current"';
$numoptions = $eshopoptions['options_num'];
$metatable = $wpdb->prefix . 'postmeta';
$calt = 0;
$currsymbol = $eshopoptions['currency_symbol'];
$x = 0;
//add in post id( doh! )
$grabit[$x] = get_post_custom($change);
$grabit[$x]['id'] = array($change);
$x++;
/*
* remove the bottom array to try and flatten
* could be rather slow, but easier than trying to create
* a different method, at least for now!
*/
foreach ($grabit as $foo => $k) {
foreach ($k as $bar => $v) {
if ($bar == '_eshop_product') {
$y = unserialize($v[0]);
foreach ($y as $nowt => $val) {
$grab[$foo][$nowt] = $val;
}
}
foreach ($v as $nowt => $val) {
$grab[$foo][$bar] = $val;
}
}
}
?>
<table class="widefat">
<caption><?php
_e('Product Quick reference table', 'eshop');
?>
</caption>
<thead>
<tr>
<th id="sku"><?php
_e('Sku', 'eshop');
?>
</th>
<th id="page"><?php
_e('Page', 'eshop');
?>
</th>
<th id="desc"><?php
_e('Description', 'eshop');
?>
</th>
<th id="down"><?php
_e('Download', 'eshop');
?>
</th>
<th id="stk"><?php
_e('Stock', 'eshop');
?>
</th>
<th id="opt"><?php
_e('Option/Price', 'eshop');
?>
</th>
<th id="imga"><?php
_e('Image', 'eshop');
?>
</th>
</tr>
</thead>
<tbody>
<?php
foreach ($grab as $foo => $grabit) {
$pdownloads = 'no';
if ($grabit['products']['1']['price'] != '') {
if (isset($grabit['_eshop_stock'])) {
$stkav = $grabit['_eshop_stock'];
} else {
$stkav = 0;
}
//get page title
$ptitle = get_post($grabit['id']);
$pdown = '';
//check if downloadable product
for ($i = 1; $i <= $eshopoptions['options_num']; $i++) {
if (isset($grabit['products'][$i]['option']) && $grabit['products'][$i]['option'] != '') {
if (isset($grabit['products'][$i]['download']) && $grabit['products'][$i]['download'] != '') {
$dltable = $wpdb->prefix . 'eshop_downloads';
$fileid = $grabit['products'][$i]['download'];
$filetitle = $wpdb->get_var("SELECT title FROM {$dltable} WHERE id='{$fileid}'");
$pdown .= '<a href="admin.php?page=eshop-downloads.php&edit=' . $fileid . '">' . $filetitle . '</a>';
$pdownloads = 'yes';
} else {
$pdown .= '<br />';
}
}
}
$calt++;
$alt = $calt % 2 ? '' : ' class="alternate"';
echo '<tr' . $alt . '>';
echo '<td id="sku' . $calt . '" headers="sku">' . $grabit['sku'] . '</td>';
echo '<td headers="page sku' . $calt . '"><a href="page.php?action=edit&post=' . $grabit['id'] . '">' . $ptitle->post_title . '</a></td>';
echo '<td headers="desc sku' . $calt . '">' . stripslashes(esc_attr($grabit['description'])) . '</td>';
echo '<td headers="down sku' . $calt . '">' . $pdown . '</td>';
$pid = $grabit['id'];
$stocktable = $wpdb->prefix . "eshop_stock";
$pravailable = '';
if ($eshopoptions['stock_control'] == 'yes') {
for ($i = 1; $i <= $numoptions; $i++) {
if ($grabit['products'][$i]['option'] != '') {
$available = $wpdb->get_var("select available from {$stocktable} where post_id={$pid} && option_id={$i} limit 1");
if ($available == '' || $available < 0) {
$available = '0';
}
if (is_numeric($available) && $eshopoptions['stock_control'] == 'yes') {
$pravailable .= $available . '<br />' . "\n";
}
}
}
} else {
$pravailable .= __('n/a', 'eshop') . '<br />';
}
echo '<td headers="stk sku' . $calt . '">' . $pravailable . '</td>';
echo '<td headers="opt sku' . $calt . '">';
for ($i = 1; $i <= $numoptions; $i++) {
if (isset($grabit['products'][$i]['option']) && $grabit['products'][$i]['option'] != '') {
echo sprintf(__('%1$s @ %2$s%3$s', 'eshop'), stripslashes(esc_attr($grabit['products'][$i]['option'])), $currsymbol, number_format_i18n($grabit['products'][$i]['price'], __('2', 'eshop'))) . '<br />';
}
}
echo '</td>';
echo '<td>';
$w = get_option('thumbnail_size_w');
$h = get_option('thumbnail_size_h');
$imgsize = '50';
if ($imgsize != '') {
$w = round($w * $imgsize / 100);
$h = round($h * $imgsize / 100);
}
if (has_post_thumbnail($change)) {
echo '<a class="itemref" href="' . get_permalink($change) . '">' . get_the_post_thumbnail($change, array($w, $h)) . '</a>' . "\n";
} else {
$eimage = eshop_files_directory();
$eshopnoimage = apply_filters('eshop_no_image', $eimage['1'] . 'noimage.png');
echo '<a class="itemref" href="' . get_permalink($change) . '"><img src="' . $eshopnoimage . '" height="' . $h . '" width="' . $w . '" alt="" /></a>' . "\n";
}
echo '</td>' . "\n";
echo '</tr>' . "\n";
}
?>
</tbody>
</table>
<?php
}
echo '<h3>' . __('Additional settings', 'eshop') . '</h3>' . "\n";
$id = $grabit['id'];
?>
<form method="post" action="" id="eshop-gbase-alt">
<fieldset id="baseothers"><legend><?php
_e('Others', 'eshop');
?>
</legend>
<?php
if (has_post_thumbnail($id)) {
$grabimg = get_post_thumbnail_id($id);
$src = wp_get_attachment_image_src($grabimg);
?>
<input type="hidden" name="baseimg" value="<?php
echo $src['0'];
?>
" />
<?php
}
?>
<label for="basebrand"><?php
_e('Brand <small>The brand name of the product</small>', 'eshop');
?>
</label>
<input type="text" name="basebrand" id="basebrand" value="<?php
echo esc_html($basedata->brand);
?>
" />
<label for="baseean"><?php
_e('EAN <small>European Article Number is a 13 digit number often below the bar code of the item.</small>', 'eshop');
?>
</label>
<input type="text" name="baseean" id="baseean" value="<?php
echo esc_html($basedata->ean);
?>
" />
<label for="baseisbn"><?php
_e('ISBN <small>The unique 10- or 13-digit number assigned to every printed book.</small>', 'eshop');
?>
</label>
<input type="text" name="baseisbn" id="baseisbn" value="<?php
echo esc_html($basedata->isbn);
?>
" />
<label for="basempn"><?php
_e('MPN <small>Manufacturer\'s Part Number is a unique code determined by the manufacturer for that product.</small>', 'eshop');
?>
</label>
<input type="text" name="basempn" id="basempn" value="<?php
echo esc_html($basedata->mpn);
?>
" />
<label for="baseptype"><?php
_e('Product type <small>The type of product being offered.</small>', 'eshop');
?>
</label>
<input type="text" name="baseptype" id="baseptype" value="<?php
echo esc_html($basedata->ptype);
?>
" />
<label for="baseqty"><?php
_e('Quantity', 'eshop');
?>
</label>
<input type="text" name="baseqty" id="baseqty" value="<?php
echo esc_html($basedata->qty);
?>
" />
<label for="basecondition"><?php
_e('Condition <small>the condition of this product</small>', 'eshop');
?>
</label>
<select name="basecondition" id="basecondition">
<?php
//'
foreach ($currentconditions as $code) {
if ($basedata->thecondition == '') {
if ($code == $eshopoptions['base_condition']) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
} elseif ($code == $eshopoptions['base_condition']) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
echo '<option value="' . $code . '"' . $sel . '>' . $code . '</option>' . "\n";
}
?>
</select>
<fieldset><legend><?php
_e('Expiration date <small>(or how long a product will be available.)</small>', 'eshop');
?>
</legend>
<label for="baseexpiration_year"><?php
_e('Year', 'eshop');
?>
</label>
<select name="baseexpiration_year" id="baseexpiration_year">
<?php
// work this out!!!
if ($basedata->expiry == '') {
$baseexpiry = $eshopoptions['base_expiry'];
$basedate = date('Y-m-d', mktime(0, 0, 0, date("m"), date("d") + $baseexpiry, date("Y")));
list($baseexpiration_year, $baseexpiration_month, $baseexpiration_day) = explode('-', $basedate);
} else {
list($baseexpiration_year, $baseexpiration_month, $baseexpiration_day) = explode('-', $basedata->expiry);
}
for ($i = date('Y'); $i <= date('Y') + 5; $i++) {
if ($i == $baseexpiration_year) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
echo '<option value="' . $i . '"' . $sel . '>' . $i . '</option>' . "\n";
}
?>
</select>
<label for="baseexpiration_month"><?php
_e('Month', 'eshop');
?>
</label>
<select name="baseexpiration_month" id="baseexpiration_month">
<?php
for ($i = 1; $i <= 12; $i++) {
if ($i == $baseexpiration_month) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
echo '<option value="' . $i . '"' . $sel . '>' . $i . '</option>' . "\n";
}
?>
</select>
<label for="baseexpiration_day"><?php
_e('Day', 'eshop');
?>
</label>
<select name="baseexpiration_day" id="baseexpiration_day">
<?php
for ($i = 1; $i <= 31; $i++) {
if ($i == $baseexpiration_day) {
$sel = ' selected="selected"';
} else {
$sel = '';
}
echo '<option value="' . $i . '"' . $sel . '>' . $i . '</option>' . "\n";
}
?>
</select>
</fieldset>
</fieldset>
<p class="submit">
<input type="submit" name="submit" class="button-primary" value="<?php
_e('Update');
?>
" />
</p>
<?php
echo '</form></div>';
} else {
?>
<div class="wrap">
<div id="eshopicon" class="icon32"></div><h2><?php
_e('Error', 'eshop');
?>
</h2>
<p><?php
_e('That product does not exist!', 'eshop');
?>
</p>
</div>
<?php
}
}
}
<?php
/* based on:
* PHP Payson IPN Integration Class Demonstration File
* 4.16.2005 - Micah Carrick, email@micahcarrick.com
* help file: https://www.mokejimai.lt/new/en/pay_specifications/popup/1.3/macro
*/
global $wpdb, $wp_query, $wp_rewrite, $blog_id, $eshopoptions;
$detailstable = $wpdb->prefix . 'eshop_orders';
$derror = __('There appears to have been an error, please contact the site admin', 'eshop');
//sanitise
include_once ESHOP_PATH . 'cart-functions.php';
$espost = sanitise_array($espost);
include_once ESHOP_PATH . 'webtopay/index.php';
// Setup class
require_once ESHOP_PATH . 'webtopay/webtopay.class.php';
// include the class file
$p = new webtopay_class();
// initiate an instance of the class
$p->webtopay_url = 'https://www.webtopay.com/pay/';
// webtopay url
$this_script = site_url();
if ($eshopoptions['checkout'] != '') {
$p->autoredirect = add_query_arg('eshopaction', 'redirect', get_permalink($eshopoptions['checkout']));
} else {
die('<p>' . $derror . '</p>');
}
// if there is no action variable, set the default action of 'process'
if (!isset($wp_query->query_vars['eshopaction'])) {
$eshopaction = 'process';
} else {
function eshop_cart_process($data = '')
{
global $wpdb, $blog_id, $wp_query, $eshopoptions, $_POST;
if ($data != '') {
$_POST = $data;
}
if (!isset($_POST['eshopnon'])) {
return;
}
wp_verify_nonce('eshop_add_product_cart');
unset($_POST['eshopnon']);
//setup variables:
$option = $qty = $pclas = $productid = $pid = $pname = $iprice = '';
$echo = '';
//cache
eshop_cache();
//delete the session, empties the cart
if (isset($_POST['unset']) || calculate_items() == 0 && isset($_SESSION['eshopcart' . $blog_id]) && sizeof($_SESSION['eshopcart' . $blog_id]) > 0) {
unset($_SESSION['eshopcart' . $blog_id]);
unset($_SESSION['final_price' . $blog_id]);
unset($_SESSION['items' . $blog_id]);
$_POST['save'] = 'false';
}
if (isset($eshopoptions['min_qty']) && $eshopoptions['min_qty'] != '') {
$min = $eshopoptions['min_qty'];
}
if (isset($eshopoptions['max_qty']) && $eshopoptions['max_qty'] != '') {
$max = $eshopoptions['max_qty'];
}
if (!isset($_POST['save'])) {
//on windows this check isn't working correctly, so I've added ==0
if (get_magic_quotes_gpc()) {
$_COOKIE = stripslashes_array($_COOKIE);
$_FILES = stripslashes_array($_FILES);
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
$_REQUEST = stripslashes_array($_REQUEST);
}
$_POST = sanitise_array($_POST);
//if adding a product to the cart
if (isset($_POST['qty']) && !isset($_POST['save']) && (!is_numeric(trim($_POST['qty'])) || strlen($_POST['qty']) > 3)) {
$qty = $_POST['qty'] = 1;
$v = '999';
if (isset($max)) {
$v = $max;
}
$error = '<p><strong class="eshoperror error">' . sprintf(__('Error: The quantity must contain numbers only, with a maximum of %s.', 'eshop'), $v) . '</strong></p>';
}
if (isset($min) && isset($_POST['qty']) && $_POST['qty'] < $min) {
$qty = $_POST['qty'] = $min;
$v = '999';
if (isset($max)) {
$v = $max;
}
$k = $min;
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
}
if (isset($max) && isset($_POST['qty']) && $_POST['qty'] > $max) {
$qty = $_POST['qty'] = $max;
$v = $max;
$k = 1;
if (isset($min)) {
$k = $min;
}
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
}
if (isset($_POST['postid'])) {
$stkav = get_post_meta($_POST['postid'], '_eshop_stock', true);
$eshop_product = maybe_unserialize(get_post_meta($_POST['postid'], '_eshop_product', true));
}
if (isset($_POST['option']) && !isset($_POST['save'])) {
$edown = $getprice = $option = $_POST['option'];
if (!isset($_POST['qty'])) {
$enote = '<p><strong class="eshoperror error">' . __('Warning: you must supply a quantity.', 'eshop') . '</strong></p>';
}
$qty = $_POST['qty'];
$plcas = '';
if (isset($_POST['pclas'])) {
$pclas = $_POST['pclas'];
}
$productid = $pid = $_POST['pid'];
$pname = $_POST['pname'];
/* if download option then it must be free shipping */
$postid = $wpdb->escape($_POST['postid']);
$eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
$dlchk = '';
if (isset($eshop_product['products'][$option]['download'])) {
$dlchk = $eshop_product['products'][$option]['download'];
}
if ($dlchk != '') {
$pclas = 'F';
}
$iprice = $eshop_product['products'][$option]['price'];
if (isset($eshopoptions['sale_prices']) && $eshopoptions['sale_prices'] == 1 && isset($eshopoptions['sale']) && 'yes' == $eshopoptions['sale'] && isset($eshop_product['products'][$option]['saleprice']) && $eshop_product['products'][$option]['saleprice'] != '' && isset($eshop_product['sale']) && $eshop_product['sale'] == 'yes') {
$iprice = $eshop_product['products'][$option]['saleprice'];
}
if ($iprice == '') {
$error = '<p><strong class="eshoperror error">' . __('Error: That product is currently not available.', 'eshop') . '</strong></p>';
$option = $_POST['option'] = '';
$qty = $_POST['qty'] = '';
$pclas = $_POST['pclas'] = '';
$productid = $pid = $_POST['pid'] = '';
$pname = $_POST['pname'] = '';
$iprice = '';
}
}
//unique identifier
$optset = '';
if (isset($_POST['optset'])) {
$xx = 0;
foreach ($_POST['optset'] as $opts) {
$optset .= 'os' . $xx . implode('os' . $xx, $opts);
$xx++;
}
}
if (!isset($pid)) {
$pid = '';
}
if (!isset($option)) {
$option = '';
}
if (!isset($postid)) {
$postid = '';
}
$identifier = $pid . $option . $postid . $optset;
//$needle=array(" ","-","$","\r","\r\n","\n","\\","&","#",";");
$identifier = md5($identifier);
//str_replace($needle,"",$identifier);
$stocktable = $wpdb->prefix . "eshop_stock";
if (isset($_SESSION['eshopcart' . $blog_id][$identifier])) {
$testqty = $_SESSION['eshopcart' . $blog_id][$identifier]['qty'] + $qty;
$eshopid = $_SESSION['eshopcart' . $blog_id][$identifier]['postid'];
$eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
$optnum = $_SESSION['eshopcart' . $blog_id][$identifier]['option'];
$item = $eshop_product['products'][$_SESSION['eshopcart' . $blog_id][$identifier]['option']]['option'];
if (isset($min) && $testqty < $min) {
$qty = 0;
$v = '999';
if (isset($max)) {
$v = $max;
}
$k = $min;
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
}
if (isset($max) && $testqty > $max) {
$qty = 0;
$v = $max;
$k = 1;
if (isset($min)) {
$k = $min;
}
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
}
if ('yes' == $eshopoptions['stock_control']) {
$stkqty = $eshop_product['products'][$optnum]['stkqty'];
//recheck stkqty
$stktableqty = $wpdb->get_var("SELECT available FROM {$stocktable} where post_id={$eshopid} && option_id={$optnum}");
if (isset($stktableqty) && is_numeric($stktableqty)) {
$stkqty = $stktableqty;
}
if (!ctype_digit(trim($testqty)) || strlen($testqty) > 3) {
$error = '<p><strong class="eshoperror error">' . __('Error: The quantity must contain numbers only, with a 999 maximum.', 'eshop') . '</strong></p>';
} elseif ('yes' == $eshopoptions['stock_control'] && ($stkav != '1' || $stkqty < $testqty)) {
$error = '<p><strong class="eshoperror error">' . __('Error: That quantity is not available for that product.', 'eshop') . '</strong></p>';
} else {
$_SESSION['eshopcart' . $blog_id][$identifier]['qty'] += $qty;
}
} else {
$_SESSION['eshopcart' . $blog_id][$identifier]['qty'] += $qty;
}
$_SESSION['lastproduct' . $blog_id] = $postid;
do_action('eshop_product_updated_cart', $_SESSION['eshopcart' . $blog_id][$identifier]);
} elseif ($identifier != '') {
$weight = 0;
if (isset($_POST['save']) && $_POST['save'] == 'true') {
$postid = $_SESSION['eshopcart' . $blog_id][$identifier]['postid'];
$optid = $_SESSION['eshopcart' . $blog_id][$identifier]['option'];
$optnum = $optid;
$testqty = $qty;
} else {
$postid = $wpdb->escape($_POST['postid']);
$optid = $wpdb->escape($_POST['option']);
$optnum = $optid;
$_SESSION['eshopcart' . $blog_id][$identifier]['postid'] = $postid;
$testqty = $qty;
}
$eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
$item = $eshop_product['products'][$optnum]['option'];
if ('yes' == $eshopoptions['stock_control']) {
$stkqty = $eshop_product['products'][$optnum]['stkqty'];
//recheck stkqty
$stktableqty = $wpdb->get_var("SELECT available FROM {$stocktable} where post_id={$postid} && option_id={$optid}");
if (isset($stktableqty) && is_numeric($stktableqty)) {
$stkqty = $stktableqty;
}
if (!ctype_digit(trim($testqty)) || strlen($testqty) > 3) {
$error = '<p><strong class="eshoperror error">' . __('Error: The quantity must contain numbers only, with a 999 maximum.', 'eshop') . '</strong></p>';
} elseif ('yes' == $eshopoptions['stock_control'] && ($stkav != '1' || $stkqty < $testqty)) {
$error = '<p><strong class="eshoperror error">' . __('Error: That quantity is not available for that product.', 'eshop') . '</strong></p>';
//$_SESSION['eshopcart'.$blog_id][$identifier]['qty']=$stkqty;
} else {
$_SESSION['eshopcart' . $blog_id][$identifier]['qty'] = $qty;
}
} else {
$_SESSION['eshopcart' . $blog_id][$identifier]['qty'] = $qty;
}
$_SESSION['lastproduct' . $blog_id] = $postid;
$_SESSION['eshopcart' . $blog_id][$identifier]['item'] = $item;
$_SESSION['eshopcart' . $blog_id][$identifier]['option'] = stripslashes($option);
$_SESSION['eshopcart' . $blog_id][$identifier]['pclas'] = stripslashes($pclas);
$_SESSION['eshopcart' . $blog_id][$identifier]['pid'] = $pid;
$_SESSION['eshopcart' . $blog_id][$identifier]['pname'] = stripslashes($pname);
$_SESSION['eshopcart' . $blog_id][$identifier]['price'] = $iprice;
if (isset($_POST['optset'])) {
foreach ($_POST['optset'] as $k => $v) {
$newoptset[] = $v;
}
$_SESSION['eshopcart' . $blog_id][$identifier]['optset'] = serialize($newoptset);
$oset = $qb = array();
$optings = $newoptset;
//$opttable=$wpdb->prefix.'eshop_option_sets';
foreach ($optings as $foo => $opst) {
$qb[] = "id={$opst['id']}";
}
$qbs = implode(" OR ", $qb);
$otable = $wpdb->prefix . 'eshop_option_sets';
$orowres = $wpdb->get_results("select weight from {$otable} where {$qbs} ORDER BY id ASC");
$x = 0;
foreach ($orowres as $orow) {
$weight += $orow->weight;
$x++;
}
}
//weights?
if (isset($eshop_product['products'][$option]['weight'])) {
$weight += $eshop_product['products'][$option]['weight'];
}
$_SESSION['eshopcart' . $blog_id][$identifier]['weight'] = $weight;
if (isset($error)) {
unset($_SESSION['eshopcart' . $blog_id][$identifier]);
}
do_action('eshop_product_added_to_cart', $_SESSION['eshopcart' . $blog_id][$identifier]);
}
}
if (!isset($error)) {
//save? not sure why I used that, but its working so why make trouble for myself.
if (isset($_POST['save'])) {
$save = $_POST['save'];
}
//this bit is possibly not required
if (isset($productid)) {
//new item selected ******* may need checking
$_SESSION['final_price' . $blog_id] = calculate_price();
$_SESSION['items' . $blog_id] = calculate_items();
}
if (isset($_POST['eshopdeleteitem'])) {
foreach ($_POST['eshopdeleteitem'] as $chkey => $chkval) {
$tochkkey = $chkey;
$tochkqty = $_SESSION['eshopcart' . $blog_id][$chkey]['qty'];
}
}
if (isset($eshopoptions['min_qty']) && $eshopoptions['min_qty'] != '') {
$min = $eshopoptions['min_qty'];
}
if (isset($eshopoptions['max_qty']) && $eshopoptions['max_qty'] != '') {
$max = $eshopoptions['max_qty'];
}
if (isset($min) && isset($_POST['qty']) && $_POST['qty'] < $min) {
$qty = $_POST['qty'] = $min;
$v = '999';
if (isset($max)) {
$v = $max;
}
$k = $min;
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
}
if (isset($max) && isset($_POST['qty']) && $_POST['qty'] > $max) {
$qty = $_POST['qty'] = $max;
$v = $max;
$k = 1;
if (isset($min)) {
$k = $min;
}
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
}
//update products in the cart
if (isset($_POST['save']) && $_POST['save'] == 'true' && isset($_SESSION['eshopcart' . $blog_id])) {
$eshopcartarray = $_SESSION['eshopcart' . $blog_id];
foreach ($eshopcartarray as $productid => $opt) {
$needle = array(" ", ".");
$sessproductid = str_replace($needle, "_", $productid);
foreach ($_POST as $key => $value) {
if ($key == $sessproductid) {
foreach ($value as $notused => $qty) {
if (isset($tochkkey) && $tochkkey == $key && $tochkqty == $qty) {
$qty = 0;
}
if ($qty == "0") {
unset($_SESSION['eshopcart' . $blog_id][$productid]);
} else {
$postid = $eshopid = $_SESSION['eshopcart' . $blog_id][$productid]['postid'];
$eshop_product = maybe_unserialize(get_post_meta($postid, '_eshop_product', true));
$optnum = $_SESSION['eshopcart' . $blog_id][$productid]['option'];
if (isset($eshop_product['products'][$_SESSION['eshopcart' . $blog_id][$productid]['option']]['stkqty'])) {
$stkqty = $eshop_product['products'][$_SESSION['eshopcart' . $blog_id][$productid]['option']]['stkqty'];
}
//recheck stkqty
$stocktable = $wpdb->prefix . "eshop_stock";
$stktableqty = $wpdb->get_var("SELECT available FROM {$stocktable} where post_id={$eshopid} AND option_id={$optnum}");
if (isset($stktableqty) && is_numeric($stktableqty)) {
$stkqty = $stktableqty;
}
if (!ctype_digit(trim($qty)) || strlen($qty) > 3) {
$v = '999';
if (isset($max)) {
$v = $max;
}
$error = '<p><strong class="eshoperror error">' . sprintf(__('Error: The quantity must contain numbers only, with a maximum of %s.', 'eshop'), $v) . '</strong></p>';
} elseif ('yes' == $eshopoptions['stock_control'] && $stkqty < $qty) {
$error = '<p><strong class="eshoperror error">' . __('Error: That quantity is not available for that product.', 'eshop') . '</strong></p>';
} elseif (isset($min) && isset($qty) && $qty < $min) {
$qty = $min;
$v = '999';
if (isset($max)) {
$v = $max;
}
$k = $min;
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
} elseif (isset($max) && isset($qty) && $qty > $max) {
$qty = $max;
$v = $max;
$k = 1;
if (isset($min)) {
$k = $min;
}
$enote = '<p><strong class="eshoperror error">' . sprintf(__('Warning: The quantity must equal or be greater than %s, with a maximum of %s.', 'eshop'), $k, $v) . '</strong></p>';
} else {
$_SESSION['eshopcart' . $blog_id][$productid]['qty'] = $qty;
}
}
}
}
}
}
$_SESSION['final_price' . $blog_id] = calculate_price();
//$_SESSION['items'.$blog_id] = calculate_items();
}
}
//any errors will print here.
if (isset($error)) {
$_SESSION['eshopcart' . $blog_id]['error'] = $error;
}
if (isset($enote)) {
$_SESSION['eshopcart' . $blog_id]['enote'] = $enote;
}
if (isset($_SESSION['eshopcart' . $blog_id]) && sizeof($_SESSION['eshopcart' . $blog_id]) == '0') {
unset($_SESSION['eshopcart' . $blog_id]);
unset($_SESSION['final_price' . $blog_id]);
unset($_SESSION['items' . $blog_id]);
}
}
function sanitise_array ($data = array()) {
if (!is_array($data) || !count($data)) {
return array();
}
foreach ($data as $k => $v) {
if (!is_array($v) && !is_object($v)) {
if($k != 'content_text'){
$data[$k] = esc_attr(stripslashes(trim($v)));
}
else{
$data[$k] = stripslashes(trim($v));
}
}
if (is_array($v)) {
$data[$k] = sanitise_array($v);
}
}
return $data;
}