function objectInfo($object_array)
{
reset($object_array);
while (list($key, $value) = each($object_array)) {
$this->{$key} = xtc_db_prepare_input($value);
}
}
function xtc_db_prepare_input($string)
{
if (is_string($string)) {
return trim(stripslashes($string));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = xtc_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
function xtc_get_categories($categories_array = '', $parent_id = '0', $indent = '')
{
$parent_id = xtc_db_prepare_input($parent_id);
if (!is_array($categories_array)) {
$categories_array = array();
}
$categories_query = "select\n c.categories_id,\n cd.categories_name\n from " . TABLE_CATEGORIES . " c,\n " . TABLE_CATEGORIES_DESCRIPTION . " cd\n where parent_id = '" . xtc_db_input((int) $parent_id) . "'\n and c.categories_id = cd.categories_id\n and c.categories_status != 0\n and cd.language_id = '" . xtc_db_input((int) $_SESSION['languages_id']) . "'\n order by sort_order, cd.categories_name";
$categories_query = xtDBquery($categories_query);
while ($categories = xtc_db_fetch_array($categories_query, true)) {
$categories_array[] = array('id' => $categories['categories_id'], 'text' => $indent . $categories['categories_name']);
if ($categories['categories_id'] != $parent_id) {
$categories_array = xtc_get_categories($categories_array, $categories['categories_id'], $indent . ' ');
}
}
return $categories_array;
}
function xtc_update_whos_online()
{
$crawler = 0;
if (isset($_SESSION['customer_id'])) {
$wo_customer_id = (int) $_SESSION['customer_id'];
$customer_query = xtc_db_query("select\n customers_firstname,\n customers_lastname\n from " . TABLE_CUSTOMERS . "\n where customers_id = '" . $wo_customer_id . "'");
$customer = xtc_db_fetch_array($customer_query);
$wo_full_name = xtc_db_prepare_input($customer['customers_firstname'] . ' ' . $customer['customers_lastname']);
} else {
$wo_customer_id = '';
$crawler = xtc_check_agent();
if ($crawler !== 0) {
$wo_full_name = '[' . TEXT_SEARCH_ENGINE_AGENT . ']';
} else {
$wo_full_name = TEXT_GUEST;
}
}
if ($crawler !== 0) {
$wo_session_id = '';
} else {
$wo_session_id = xtc_session_id();
}
$wo_ip_address = xtc_db_prepare_input($_SESSION['tracking']['ip']);
$wo_last_page_url = xtc_db_prepare_input(strip_tags($_SERVER['REQUEST_URI']));
$wo_referer = xtc_db_prepare_input(isset($_SERVER['HTTP_REFERER']) ? strip_tags($_SERVER['HTTP_REFERER']) : '---');
$current_time = time();
$time_last_click = 900;
if (defined('WHOS_ONLINE_TIME_LAST_CLICK')) {
$time_last_click = (int) WHOS_ONLINE_TIME_LAST_CLICK;
}
$xx_mins_ago = time() - $time_last_click;
// remove entries that have expired
xtc_db_query("delete from " . TABLE_WHOS_ONLINE . " where time_last_click < '" . $xx_mins_ago . "'");
$stored_customer_query = xtc_db_query("select count(*) as count from " . TABLE_WHOS_ONLINE . " where session_id = '" . $wo_session_id . "'");
$stored_customer = xtc_db_fetch_array($stored_customer_query);
$sql_data_array = array('customer_id' => $wo_customer_id, 'full_name' => xtc_db_prepare_input($wo_full_name), 'ip_address' => $wo_ip_address, 'time_last_click' => $current_time, 'last_page_url' => $wo_last_page_url);
if ($stored_customer['count'] > 0) {
xtc_db_perform(TABLE_WHOS_ONLINE, $sql_data_array, 'update', "session_id = '" . $wo_session_id . "'");
} else {
$sql_data_array['time_entry'] = $current_time;
$sql_data_array['session_id'] = $wo_session_id;
$sql_data_array['http_referer'] = $wo_referer;
xtc_db_perform(TABLE_WHOS_ONLINE, $sql_data_array);
}
}
function xtc_cfg_save_max_display_results($cfg_key)
{
if (isset($_POST[$cfg_key])) {
$configuration_value = preg_replace('/[^0-9-]/', '', $_POST[$cfg_key]);
$configuration_value = xtc_db_prepare_input($configuration_value);
$configuration_query = xtc_db_query("SELECT configuration_key,\n configuration_value\n FROM " . TABLE_CONFIGURATION . "\n WHERE configuration_key = '" . xtc_db_input($cfg_key) . "'\n ");
if (xtc_db_num_rows($configuration_query) > 0) {
//update
xtc_db_query("UPDATE " . TABLE_CONFIGURATION . "\n SET configuration_value ='" . xtc_db_input($configuration_value) . "',\n last_modified = NOW()\n WHERE configuration_key='" . xtc_db_input($cfg_key) . "'");
} else {
//new entry
$sql_data_array = array('configuration_key' => $cfg_key, 'configuration_value' => $configuration_value, 'configuration_group_id' => '1000', 'sort_order' => '-1', 'last_modified' => 'now()', 'date_added' => 'now()');
xtc_db_perform(TABLE_CONFIGURATION, $sql_data_array);
}
return $configuration_value;
}
return defined($cfg_key) && (int) constant($cfg_key) > 0 ? constant($cfg_key) : 20;
}
function xtc_address_summary($customers_id, $address_id)
{
$customers_id = xtc_db_prepare_input($customers_id);
$address_id = xtc_db_prepare_input($address_id);
$address_query = xtc_db_query("select ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_state, ab.entry_country_id, ab.entry_zone_id, c.countries_name, c.address_format_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_COUNTRIES . " c where ab.address_book_id = '" . xtc_db_input((int) $address_id) . "' and ab.customers_id = '" . xtc_db_input((int) $customers_id) . "' and ab.entry_country_id = c.countries_id");
$address = xtc_db_fetch_array($address_query);
$street_address = $address['entry_street_address'];
$suburb = $address['entry_suburb'];
$postcode = $address['entry_postcode'];
$city = $address['entry_city'];
$state = xtc_get_zone_code($address['entry_country_id'], $address['entry_zone_id'], $address['entry_state']);
$country = $address['countries_name'];
$address_format_query = xtc_db_query("select address_summary from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . (int) $address['address_format_id'] . "'");
$address_format = xtc_db_fetch_array($address_format_query);
// eval("\$address = \"{$address_format['address_summary']}\";");
$address_summary = $address_format['address_summary'];
eval("\$address = \"{$address_summary}\";");
return $address;
}
function query($order_id)
{
$order_id = xtc_db_prepare_input($order_id);
$order_query = xtc_db_query("SELECT\r\n *\r\n FROM " . TABLE_ORDERS . " WHERE\r\n orders_id = '" . xtc_db_input($order_id) . "'");
$order = xtc_db_fetch_array($order_query);
$totals_query = xtc_db_query("SELECT * FROM " . TABLE_ORDERS_TOTAL . " where orders_id = '" . xtc_db_input($order_id) . "' order by sort_order");
while ($totals = xtc_db_fetch_array($totals_query)) {
$this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'value' => $totals['value']);
}
$order_total_query = xtc_db_query("select text from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_total'");
$order_total = xtc_db_fetch_array($order_total_query);
$shipping_method_query = xtc_db_query("select title from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_shipping'");
$shipping_method = xtc_db_fetch_array($shipping_method_query);
$order_status_query = xtc_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . $_SESSION['languages_id'] . "'");
$order_status = xtc_db_fetch_array($order_status_query);
//echo "ord query:<pre>"; print_r($order); echo "</pre>";
$this->info = array('currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'date_purchased' => $order['date_purchased'], 'orders_invoice_date' => $order['orders_invoice_date'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total['text']), 'shipping_method' => substr($shipping_method['title'], -1) == ':' ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title']), 'comments' => $order['comments'], 'ibn_billdate' => $order['ibn_billdate'], 'ibn_billnr' => $order['ibn_billnr'], 'ibn_pdfnotifydate' => $order['ibn_pdfnotifydate']);
$this->customer = array('id' => $order['customers_id'], 'vat_id' => $order['customers_vat_id'], 'name' => $order['customers_name'], 'firstname' => $order['customers_firstname'], 'lastname' => $order['customers_lastname'], 'csID' => $order['customers_cid'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']);
$this->delivery = array('name' => $order['delivery_name'], 'firstname' => $order['delivery_firstname'], 'lastname' => $order['delivery_lastname'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']);
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) {
$this->delivery = false;
}
$this->billing = array('name' => $order['billing_name'], 'firstname' => $order['billing_firstname'], 'lastname' => $order['billing_lastname'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']);
$index = 0;
$orders_products_query = xtc_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . xtc_db_input($order_id) . "'");
while ($orders_products = xtc_db_fetch_array($orders_products_query)) {
$this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'shipping_time' => $orders_products['products_shipping_time'], 'final_price' => $orders_products['final_price']);
$subindex = 0;
$attributes_query = xtc_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . xtc_db_input($order_id) . "' and orders_products_id = '" . $orders_products['orders_products_id'] . "'");
if (xtc_db_num_rows($attributes_query)) {
while ($attributes = xtc_db_fetch_array($attributes_query)) {
$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']);
$subindex++;
}
}
$this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';
$index++;
}
}
$tax_class_title = xtc_db_prepare_input($_POST['tax_class_title']);
$tax_class_description = xtc_db_prepare_input($_POST['tax_class_description']);
$date_added = xtc_db_prepare_input($_POST['date_added']);
xtc_db_query("insert into " . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . xtc_db_input($tax_class_title) . "', '" . xtc_db_input($tax_class_description) . "', now())");
xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES));
break;
case 'save':
$tax_class_id = xtc_db_prepare_input($_GET['tID']);
$tax_class_title = xtc_db_prepare_input($_POST['tax_class_title']);
$tax_class_description = xtc_db_prepare_input($_POST['tax_class_description']);
$last_modified = xtc_db_prepare_input($_POST['last_modified']);
xtc_db_query("update " . TABLE_TAX_CLASS . " set tax_class_id = '" . xtc_db_input($tax_class_id) . "', tax_class_title = '" . xtc_db_input($tax_class_title) . "', tax_class_description = '" . xtc_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . xtc_db_input($tax_class_id) . "'");
xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id));
break;
case 'deleteconfirm':
$tax_class_id = xtc_db_prepare_input($_GET['tID']);
xtc_db_query("delete from " . TABLE_TAX_CLASS . " where tax_class_id = '" . xtc_db_input($tax_class_id) . "'");
xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page']));
break;
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
function calculate_tax($amount)
{
global $xtPrice, $status;
$price = 'b_price';
if ($status['customers_status_show_price_tax'] == 0 && $status['customers_status_add_tax_ot'] == 1) {
$price = 'n_price';
}
$sum_query = xtc_db_query("select SUM(" . $price . ") as price from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and class = 'products'");
$sum_total = xtc_db_fetch_array($sum_query);
//Gutscheinwert/Rabatt in % berechnen, vereinheitlicht die Berechnungen
if ($sum_total['price'] == 0) {
return 0;
}
$amount_pro = $amount / $sum_total['price'] * 100;
//Steuersätze alle Produkte der Bestellung feststellen
$tax_rate_query = xtc_db_query("select tax_rate from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and class = 'ot_tax' GROUP BY tax_rate");
$tod_amount = 0;
//Berechnungen pro Steuersatz durchführen
while ($tax_rate = xtc_db_fetch_array($tax_rate_query)) {
$tax_query = xtc_db_query("select SUM(tax) as value from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and tax_rate = '" . $tax_rate['tax_rate'] . "'and class = 'products'");
$tax_total = xtc_db_fetch_array($tax_query);
$god_amount = $tax_total['value'] * $amount_pro / 100;
$new_tax_query = xtc_db_query("select tax as value from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and tax_rate = '" . $tax_rate['tax_rate'] . "'and class = 'ot_tax'");
$new_tax_total = xtc_db_fetch_array($new_tax_query);
$new_tax = $new_tax_total['value'] + $god_amount;
//web29 - 2011-08-25 - Fix negative sign
//Einzelne Steuersätze neu in Kalkulationstabelle speichern
xtc_db_query("UPDATE " . TABLE_ORDERS_RECALCULATE . "\n SET tax = '" . xtc_db_prepare_input($new_tax) . "'\n WHERE orders_id = '" . (int) $_POST['oID'] . "'\n AND tax_rate = '" . xtc_db_prepare_input($tax_rate['tax_rate']) . "'\n AND class = 'ot_tax'\n ");
//echo $god_amount . '<br>';
$tod_amount += $god_amount;
//hier wird die Steuer aufaddiert
}
return $tod_amount;
}
function saveSpecialsData($products_id)
{
// decide whether to insert a new special,
// or to update an existing one
if ($_POST['specials_action'] == "insert" && isset($_POST['specials_price']) && !empty($_POST['specials_price'])) {
// insert a new special, code taken from /admin/specials.php, and modified
if (!isset($_POST['specials_quantity']) or empty($_POST['specials_quantity'])) {
$_POST['specials_quantity'] = 0;
}
if (PRICE_IS_BRUTTO == 'true' && substr($_POST['specials_price'], -1) != '%') {
$_POST['specials_price'] = $_POST['specials_price'] / ($_POST['tax_rate'] + 100) * 100;
//web28 - 2010-07-27 - tax_rate from hidden field
}
if (substr($_POST['specials_price'], -1) == '%') {
$_POST['specials_price'] = $_POST['products_price_hidden'] - $_POST['specials_price'] / 100 * $_POST['products_price_hidden'];
//web28 - 2010-07-27 - products_price_hidden from hidden field
}
$expires_date = '';
if ($_POST['specials_expires']) {
$expires_date = str_replace("-", "", $_POST['specials_expires']);
}
$sql_data_array = array('products_id' => $products_id, 'specials_quantity' => (int) $_POST['specials_quantity'], 'specials_new_products_price' => xtc_db_prepare_input($_POST['specials_price']), 'specials_date_added' => 'now()', 'expires_date' => $expires_date, 'status' => '1');
xtc_db_perform(TABLE_SPECIALS, $sql_data_array);
} elseif ($_POST['specials_action'] == "update" && isset($_POST['specials_price']) && isset($_POST['specials_quantity'])) {
// update the existing special for this product, code taken from /admin/specials.php, and modified
if (PRICE_IS_BRUTTO == 'true' && substr($_POST['specials_price'], -1) != '%') {
$sql = "SELECT tr.tax_rate\n FROM " . TABLE_TAX_RATES . " tr,\n " . TABLE_PRODUCTS . " p\n WHERE tr.tax_class_id = p. products_tax_class_id\n AND p.products_id = '" . $products_id . "' ";
$tax_query = xtc_db_query($sql);
$tax = xtc_db_fetch_array($tax_query);
$_POST['specials_price'] = $_POST['specials_price'] / ($_POST['tax_rate'] + 100) * 100;
//web28 - 2010-07-27 - tax_rate from hidden field
}
if (substr($_POST['specials_price'], -1) == '%') {
$_POST['specials_price'] = $_POST['products_price_hidden'] - $_POST['specials_price'] / 100 * $_POST['products_price_hidden'];
//web28 - 2010-07-27 - products_price_hidden from hidden field
}
$expires_date = 'NULL';
if ($_POST['specials_expires'] && $_POST['specials_status'] == 1) {
//DokuMan - 2011-11-8 - from SP1b
$expires_date = str_replace("-", "", $_POST['specials_expires']);
}
$sql_data_array = array('specials_quantity' => (int) $_POST['specials_quantity'], 'specials_new_products_price' => xtc_db_prepare_input($_POST['specials_price']), 'specials_date_added' => 'now()', 'expires_date' => $expires_date, 'status' => (int) $_POST['specials_status']);
//$sql_data_array['specials_attribute'] = (int)$_POST['specials_attribute'];
xtc_db_perform(TABLE_SPECIALS, $sql_data_array, 'update', "specials_id = '" . xtc_db_input($_POST['specials_id']) . "'");
}
if (isset($_POST['specials_delete'])) {
// delete existing special for this product, code taken from /admin/specials.php, and modified
xtc_db_query("DELETE FROM " . TABLE_SPECIALS . " WHERE specials_id = '" . xtc_db_input($_POST['specials_id']) . "'");
}
}
function callback_process($data, $charset)
{
// Keine Session da !
// Stand: 29.06.2011
global $_GET;
$this->data = $data;
//$this->_logTrans($data);
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (EMAIL_TRANSPORT == 'smtp') {
require_once DIR_WS_CLASSES . 'class.smtp.php';
}
require_once DIR_FS_INC . 'xtc_Security.inc.php';
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
if (isset($xtc_order_id) && is_numeric($xtc_order_id) && $xtc_order_id > 0) {
// order suchen
$order_query = xtc_db_query("SELECT currency, currency_value\n FROM " . TABLE_ORDERS . "\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
if (xtc_db_num_rows($order_query) > 0) {
// order gefunden
$ipn_charset = xtc_db_prepare_input($this->data['charset']);
$ipn_data = array();
$ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']);
$ipn_data['xtc_order_id'] = xtc_db_prepare_input($xtc_order_id);
$ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']);
$ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']);
$ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']);
$ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']);
$ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']);
$ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'], $ipn_charset, $charset));
$ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'], $ipn_charset, $charset));
$ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'], $ipn_charset, $charset));
$ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'], $ipn_charset, $charset));
$ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'], $ipn_charset, $charset));
$ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'], $ipn_charset, $charset));
$ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']);
$ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'], $ipn_charset, $charset));
$ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']);
$ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']);
$ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']);
$ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']);
$ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date']));
$ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'], $ipn_charset, $charset));
$ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']);
$ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']);
$ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']);
$ipn_data['txn_type'] = $this->ipn_determine_txn_type($this->data['txn_type']);
$ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']);
$ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']);
$ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']);
$ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']);
$ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']);
$ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']);
$ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']);
$ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']);
$ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']);
if ($ipn_data['num_cart_items'] > 1) {
$verspos = $ipn_data['num_cart_items'];
for ($p = 1; $p <= $verspos; $p++) {
if ($this->data['item_name' . $p] == substr(SUB_TITLE_OT_DISCOUNT, 0, 127) || $this->data['item_name' . $p] == substr(PAYPAL_GS, 0, 127) || $this->data['item_name' . $p] == "Handling" || $this->data['item_name' . $p] == substr(PAYPAL_TAX, 0, 127) || $this->data['item_name' . $p] == "Differenz") {
// Artikel Nummer aus den Details für Sonderzeilen
$ipn_data['num_cart_items']--;
}
if ($this->data['item_name' . $p] == substr(SHIPPING_COSTS, 0, 127)) {
// Versandkosten
$ipn_data['mc_shipping'] = $this->data['mc_gross_' . $p];
$ipn_data['num_cart_items']--;
}
}
}
$_transQuery = "SELECT paypal_ipn_id FROM " . TABLE_PAYPAL . " WHERE txn_id = '" . $ipn_data['txn_id'] . "'";
$_transQuery = xtc_db_query($_transQuery);
$_transQuery = xtc_db_fetch_array($_transQuery);
if ($_transQuery['paypal_ipn_id'] != '') {
$insert_id = $_transQuery['paypal_ipn_id'];
$sql_data_array = array('payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'payer_email' => $ipn_data['payer_email'], 'num_cart_items' => $ipn_data['num_cart_items'], 'mc_fee' => $ipn_data['mc_fee'], 'mc_shipping' => $ipn_data['mc_shipping'], 'address_name' => $ipn_data['address_name'], 'address_street' => $ipn_data['address_street'], 'address_city' => $ipn_data['address_city'], 'address_state' => $ipn_data['address_state'], 'address_zip' => $ipn_data['address_zip'], 'address_country' => $ipn_data['address_country'], 'address_status' => $ipn_data['address_status'], 'payer_status' => $ipn_data['payer_status'], 'receiver_email' => $ipn_data['receiver_email'], 'last_modified ' => 'now()');
xtc_db_perform(TABLE_PAYPAL, $sql_data_array, 'update', "paypal_ipn_id = '" . (int) $insert_id . "'");
} else {
$ipn_data['date_added'] = 'now()';
$ipn_data['last_modified'] = 'now()';
xtc_db_perform(TABLE_PAYPAL, $ipn_data);
$insert_id = xtc_db_insert_id();
}
$paypal_order_history = array('paypal_ipn_id' => $insert_id, 'txn_id' => $ipn_data['txn_id'], 'parent_txn_id' => $ipn_data['parent_txn_id'], 'payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'mc_amount' => $ipn_data['mc_gross'], 'date_added' => 'now()');
xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY, $paypal_order_history);
$crlf = "\n";
$comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf;
$comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']);
if (isset($this->data['payer_status'])) {
$comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']);
}
$comment_status .= '.' . $crlf;
if (isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && $_POST['test_ipn'] > 0) {
$comment_status .= '(Sandbox-Test Mode)' . $crlf;
}
$comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']);
if (isset($this->data['pending_reason'])) {
$comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']);
}
if (isset($this->data['reason_code'])) {
$comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']);
}
$comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']);
$comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']);
if (isset($this->data['parent_txn_id'])) {
$comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']);
}
$comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']);
//Set status for default (Pending)
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
$parameters = 'cmd=_notify-validate';
foreach ($this->data as $key => $value) {
$parameters .= '&' . $key . '=' . urlencode(stripslashes($value));
}
//$this->_logTransactions($parameters);
// 08.01.2008 auch ohne cURL
$mit_curl = 0;
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->IPN_URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$result = curl_exec($ch);
if (!curl_errno($ch)) {
$mit_curl = 1;
}
curl_close($ch);
}
// cURL fehlt oder ist fehlgeschlagen
if ($mit_curl == 0) {
$request_post = array('http' => array('method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $parameters));
$request = stream_context_create($request_post);
$result = file_get_contents($this->IPN_URL, false, $request);
}
if (strtoupper($result) == 'VERIFIED' || $result == '1') {
// Steht auf Warten
if (strtolower($this->data['payment_status']) == 'completed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
//Set status for Denied, Failed
} elseif (strtolower($this->data['payment_status']) == 'denied' or strtolower($this->data['payment_status']) == 'failed') {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
//Set status for Reversed
} elseif (strtolower($this->data['payment_status']) == 'reversed') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Canceled-Reversal
} elseif (strtolower($this->data['payment_status']) == 'canceled-reversal') {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
//Set status for Refunded
} elseif (strtolower($this->data['payment_status']) == 'refunded') {
$order_status_id = DEFAULT_ORDERS_STATUS_ID;
//Set status for Pendign - eigentlich nicht nötig?
} elseif (strtolower($this->data['payment_status']) == 'pending') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Processed - wann kommt das ?
} elseif (strtolower($this->data['payment_status']) == 'processed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
}
} else {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
$error_reason = 'Received INVALID responce but invoice and Customer matched.';
}
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
xtc_db_query("UPDATE " . TABLE_ORDERS . "\n SET orders_status = '" . $order_status_id . "', last_modified = now()\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
$sql_data_array = array('orders_id' => xtc_db_prepare_input($xtc_order_id), 'orders_status_id' => $order_status_id, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN ' . $comment_status . '');
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
} else {
$error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.';
}
} else {
$error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.';
}
if (xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) {
$email_body = $error_reason . "\n\n" . '<br>';
$email_body .= $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . " - " . $_SERVER['HTTP_ACCEPT'] . "\n\n" . '<br>';
$email_body .= '$_POST:' . "\n\n" . '<br>';
foreach ($this->data as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
$email_body .= "\n" . '$_GET:' . "\n\n" . '<br>';
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body);
}
}
<?php
require 'includes/application_top.php';
#MN: Check if $_POST form is submited on this page
if ($_POST) {
switch ($_POST['action']) {
case 'widget_active':
xtc_db_query("update " . TABLE_WIDGETS . " set widgets_active = !widgets_active where widgets_id = '" . xtc_db_input($_POST['widgets']) . "'");
break;
case 'widget_save_position':
foreach ($_POST['widgets_id'] as $key => $widget) {
$w_x = xtc_db_prepare_input($_POST['widgets_x'][$key]);
$w_y = xtc_db_prepare_input($_POST['widgets_y'][$key]);
xtc_db_query("update " . TABLE_WIDGETS . " set widgets_x = '" . $w_x . "', widgets_y = '" . $w_y . "' where widgets_id = '" . $widget . "'");
}
break;
}
xtc_redirect(xtc_href_link(FILENAME_START));
}
require DIR_WS_INCLUDES . 'head.php';
?>
<style type="text/css">
.gridster li header {
background: #999;
display: block;
font-size: 20px;
line-height: normal;
padding: 4px 0 6px ;
$carrier_sort_order = xtc_db_prepare_input($_POST['carrier_sort_order']);
$date_added = xtc_db_prepare_input($_POST['carrier_date_added']);
xtc_db_query("insert into " . TABLE_CARRIERS . " (carrier_name, carrier_tracking_link, carrier_sort_order, carrier_date_added) values ('" . xtc_db_input($carrier_name) . "', '" . xtc_db_input($carrier_tracking_link) . "', '" . xtc_db_input($carrier_sort_order) . "', now())");
xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS));
break;
case 'save':
$carrier_id = xtc_db_prepare_input($_GET['carrierID']);
$carrier_name = xtc_db_prepare_input($_POST['carrier_name']);
$carrier_tracking_link = xtc_db_prepare_input($_POST['carrier_tracking_link']);
$carrier_sort_order = xtc_db_prepare_input($_POST['carrier_sort_order']);
$last_modified = xtc_db_prepare_input($_POST['carrier_last_modified']);
xtc_db_query("update " . TABLE_CARRIERS . " set carrier_id = '" . (int) $carrier_id . "', carrier_name = '" . xtc_db_input($carrier_name) . "', carrier_tracking_link = '" . xtc_db_input($carrier_tracking_link) . "', carrier_sort_order = '" . xtc_db_input($carrier_sort_order) . "', carrier_last_modified = now() where carrier_id = '" . (int) $carrier_id . "'");
xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel . '&carrierID=' . $carrier_id));
break;
case 'deleteconfirm':
$carrier_id = xtc_db_prepare_input($_GET['carrierID']);
xtc_db_query("delete from " . TABLE_CARRIERS . " where carrier_id = '" . (int) $carrier_id . "'");
xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel));
break;
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
<script type="text/javascript" src="includes/general.js"></script>
</head>
<body>
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
protected function after_process()
{
if (isset($this->document->document->documentNumber) && xtc_not_null($this->document->document->documentNumber)) {
$process_array = array('orders_id' => xtc_db_prepare_input($this->info['order_id']), 'customers_id' => xtc_db_prepare_input($this->customer['id']), 'easybill_customers_id' => xtc_db_prepare_input($this->customers->customerID), 'billing_id' => xtc_db_prepare_input($this->document->document->documentNumber), 'billing_date' => 'now()');
xtc_db_perform(TABLE_EASYBILL, $process_array);
if (MODULE_EASYBILL_DO_STATUS_CHANGE == 'True') {
$status_array = array('orders_id' => $this->info['order_id'], 'orders_status_id' => MODULE_EASYBILL_STATUS_CHANGE, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => EASYBILL_STATUS_CHANGE_COMMENT);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $status_array);
xtc_db_query("UPDATE " . TABLE_ORDERS . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSET orders_status = " . MODULE_EASYBILL_STATUS_CHANGE . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tlast_modified = now()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE orders_id = " . $this->info['order_id']);
}
}
}
function shopDbPrepareInput($string)
{
return xtc_db_prepare_input($string);
}
<td class="dataTableHeadingContent" align="right"><?php
echo TABLE_HEADING_ACTION;
?>
</td>
</tr>
<?php
if ($_GET['cID']) {
$cID = xtc_db_prepare_input($_GET['cID']);
// BOF - Tomcraft - 2009-10-11 - BUGFIX: #0000247 view orders query bug in admin
//$orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.orders_status, s.orders_status_name, ot.text as order_total from ".TABLE_ORDERS." o left join ".TABLE_ORDERS_TOTAL." ot on (o.orders_id = ot.orders_id), ".TABLE_ORDERS_STATUS." s where o.customers_id = '".xtc_db_input($cID)."' and (o.orders_status = s.orders_status_id and s.language_id = '".$_SESSION['languages_id']."' and ot.class = 'ot_total') or (o.orders_status = '0' and ot.class = 'ot_total' and s.orders_status_id = '1' and s.language_id = '".$_SESSION['languages_id']."') order by orders_id DESC";
$orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.orders_status, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . xtc_db_input($cID) . "' and ((o.orders_status = s.orders_status_id) or (o.orders_status = '0' and s.orders_status_id = '1')) and ot.class = 'ot_total' and s.language_id = '" . $_SESSION['languages_id'] . "' order by orders_id DESC";
// EOF - Tomcraft - 2009-10-11 - BUGFIX: #0000247 view orders query bug in admin
} elseif ($_GET['status'] == '0') {
$orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.orders_status, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id) where o.orders_status = '0' and ot.class = 'ot_total' order by o.orders_id DESC";
} elseif ($_GET['status']) {
$status = xtc_db_prepare_input($_GET['status']);
$orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . $_SESSION['languages_id'] . "' and s.orders_status_id = '" . xtc_db_input($status) . "' and ot.class = 'ot_total' order by o.orders_id DESC";
} elseif ($_GET['action'] == 'search' && $_GET['oID']) {
//$orders_query_raw siehe oben
//EOF - web28 - 2010-04-10 added for ADMIN SEARCH BAR
} else {
$orders_query_raw = "select o.orders_id, o.orders_status, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where (o.orders_status = s.orders_status_id and s.language_id = '" . $_SESSION['languages_id'] . "' and ot.class = 'ot_total') or (o.orders_status = '0' and ot.class = 'ot_total' and s.orders_status_id = '1' and s.language_id = '" . $_SESSION['languages_id'] . "') order by o.orders_id DESC";
}
$orders_split = new splitPageResults($_GET['page'], '20', $orders_query_raw, $orders_query_numrows);
$orders_query = xtc_db_query($orders_query_raw);
while ($orders = xtc_db_fetch_array($orders_query)) {
if ((!$_GET['oID'] || $_GET['oID'] == $orders['orders_id']) && !$oInfo) {
$oInfo = new objectInfo($orders);
}
if (is_object($oInfo) && $orders['orders_id'] == $oInfo->orders_id) {
echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'pointer\'" onclick="document.location.href=\'' . xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id . '&action=edit') . '\'">' . "\n";
@version 05.10.2014 - 00:32
---------------------------------------------------------------------------------------*/
chdir('../../');
require_once 'includes/application_top.php';
// include easymarketing api header
require_once DIR_FS_CATALOG . 'api/easymarketing/includes/header.php';
// include easymarketing functions
require_once 'includes/functions.php';
$parent_id = isset($_GET['parent_id']) ? (int) $_GET['parent_id'] : NULL;
$oLanguage = new language($_GET['lang']);
// process request
if (isset($parent_id)) {
// init array
$categories_array = array();
// sql query for categories
$categories_query_raw = "SELECT c.categories_id,\n cd.categories_name\n FROM " . TABLE_CATEGORIES . " c\n JOIN " . TABLE_CATEGORIES_DESCRIPTION . " cd\n ON (c.categories_id = cd.categories_id\n AND cd.language_id = '" . $oLanguage->language['id'] . "')\n WHERE c.categories_status = '1'\n AND c.categories_id = '" . xtc_db_prepare_input($parent_id) . "'";
// make sql query
$categories_query_result = xtc_db_query($categories_query_raw);
// check for result
if (xtc_db_num_rows($categories_query_result) > 0) {
while ($categories = xtc_db_fetch_array($categories_query_result)) {
// build categories array
$categories_array = array('id' => $categories['categories_id'], 'name' => mod_convert_string($categories['categories_name']), 'url' => xtc_href_link(FILENAME_DEFAULT, xtc_category_link($categories['categories_id'], $categories['categories_name']), 'NONSSL', false), 'children' => mod_get_sub_categories($categories['categories_id']));
}
} elseif ($parent_id == '0') {
// build categories array
$categories_array = array('id' => $parent_id, 'name' => mod_convert_string(STORE_NAME), 'url' => xtc_href_link(FILENAME_DEFAULT, '', 'NONSSL', false), 'children' => mod_get_sub_categories($parent_id));
}
// output categories
mod_stream_response($categories_array);
} else {
function install()
{
if (isset($_GET['autoinstall']) && $_GET['autoinstall'] == '1') {
// Module already installed
if (defined('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_STATUS') && MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_STATUS == 'true') {
xtc_redirect(xtc_href_link_admin('admin/modules.php', 'set=payment&module=pn_sofortueberweisung', 'SSL'));
}
print $this->autoinstall();
exit;
} else {
$user_id = !empty($_GET['user_id']) ? xtc_db_prepare_input($_GET['user_id']) : '10000';
$project_id = !empty($_GET['project_id']) ? xtc_db_prepare_input($_GET['project_id']) : '500000';
if (!empty($_GET['consumer_protection']) && xtc_db_prepare_input($_GET['consumer_protection']) == '1') {
$consumer_protection = 'true';
} else {
$consumer_protection = 'false';
}
if (isset($_SESSION['pn_sofortueberweisung_pw']) && !empty($_SESSION['pn_sofortueberweisung_pw'])) {
$project_password = $_SESSION['pn_sofortueberweisung_pw'];
unset($_SESSION['pn_sofortueberweisung_pw']);
} else {
$project_password = '';
}
if (isset($_SESSION['pn_sofortueberweisung_pw2']) && !empty($_SESSION['pn_sofortueberweisung_pw2'])) {
$project_password2 = $_SESSION['pn_sofortueberweisung_pw2'];
unset($_SESSION['pn_sofortueberweisung_pw2']);
} else {
$project_password2 = '';
}
if (isset($_SESSION['pn_sofortueberweisung_hashAlgorithm']) && !empty($_SESSION['pn_sofortueberweisung_hashAlgorithm'])) {
$hashAlgorithm = $_SESSION['pn_sofortueberweisung_hashAlgorithm'];
unset($_SESSION['pn_sofortueberweisung_hashAlgorithm']);
} else {
$hashAlgorithm = $this->pnSofortueberweisung->getSupportedHashAlgorithm();
}
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_STATUS', 'true', '6', '3', 'xtc_cfg_select_option(array(\\'true\\', \\'false\\'), ', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_KS_STATUS', '" . $consumer_protection . "', '6', '3', 'xtc_cfg_select_option(array(\\'true\\', \\'false\\'), ', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_ALLOWED', '', '6', '0', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_USER_ID', '" . (int) $user_id . "', '6', '4', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_PROJECT_ID', '" . (int) $project_id . "', '6', '4', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_PROJECT_PASSWORD', '" . $project_password . "', '6', '4', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_PROJECT_NOTIF_PASSWORD', '" . $project_password2 . "', '6', '4', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_HASH_ALGORITHM', '" . $hashAlgorithm . "', '6', '4', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_SORT_ORDER', '1', '6', '20', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, use_function, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_ZONE', '0', '6', '2', 'xtc_get_zone_class_title', 'xtc_cfg_pull_down_zone_classes(', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_ORDER_STATUS_ID', '0', '6', '10', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_TMP_STATUS_ID', '0', '6', '8', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_UNC_STATUS_ID', '0', '6', '9', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_RECEIVED_STATUS_ID', '0', '6', '11', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_LOSS_STATUS_ID', '0', '6', '12', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_REASON_1', 'Nr. {{order_id}} Kd-Nr. {{customer_id}}', '6', '4', 'xtc_cfg_select_option(array(\\'Nr. {{order_id}} Kd-Nr. {{customer_id}}\\',\\'-TRANSACTION-\\'), ', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_TEXT_REASON_2', '" . addslashes(STORE_NAME) . "', '6', '4', now())");
xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_IMAGE', 'Infographic', '6', '6', 'xtc_cfg_select_option(array(\\'Infographic\\',\\'Logo & Text\\',\\'Logo\\'), ', now())");
}
}
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// create smarty elements
$smarty = new Smarty();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'xtc_validate_password.inc.php';
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
if (!isset($_SESSION['customer_id'])) {
xtc_redirect(xtc_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (isset($_POST['action']) && $_POST['action'] == 'process') {
$password_current = xtc_db_prepare_input($_POST['password_current']);
$password_new = xtc_db_prepare_input($_POST['password_new']);
$password_confirmation = xtc_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = xtc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = xtc_db_fetch_array($check_customer_query);
if (xtc_validate_password($password_current, $check_customer['customers_password'])) {
}
}
xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page'] . '&oID=' . $cross_sell_id));
} else {
$_SESSION['repopulate_form'] = $_REQUEST;
$_SESSION['errors'] = $error;
xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page'] . '&oID=' . $cross_sell_id . '&action=' . $url_action . '&errors=1'));
}
break;
case 'deleteconfirm':
$oID = xtc_db_prepare_input($_GET['oID']);
xtc_db_query("delete from " . TABLE_PRODUCTS_XSELL_GROUPS . " where products_xsell_grp_name_id = '" . xtc_db_input($oID) . "'");
xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page']));
break;
case 'delete':
$oID = xtc_db_prepare_input($_GET['oID']);
$cross_sell_query = xtc_db_query("select count(*) as count from " . TABLE_PRODUCTS_XSELL . " where products_xsell_grp_name_id = '" . xtc_db_input($oID) . "'");
$status = xtc_db_fetch_array($cross_sell_query);
$remove_status = true;
if ($status['count'] > 0) {
$remove_status = false;
$messageStack->add(ERROR_STATUS_USED_IN_CROSS_SELLS, 'error');
}
break;
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
$a_level = xtc_db_prepare_input($_GET['a_level']);
$level_clause = " AND a.affiliate_level = '" . $a_level . "'";
}
$affiliate_sales_raw = "select a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent,\n a.affiliate_payment, a.affiliate_level AS level,\n o.orders_status as orders_status_id, os.orders_status_name as orders_status, \n MONTH(aa.affiliate_date_account_created) as start_month, YEAR(aa.affiliate_date_account_created) as start_year\n from " . TABLE_AFFILIATE . " aa\n left join " . TABLE_AFFILIATE_SALES . " a on (aa.affiliate_id = a.affiliate_id )\n left join " . TABLE_ORDERS . " o on (a.affiliate_orders_id = o.orders_id) \n left join " . TABLE_ORDERS_STATUS . " os on (o.orders_status = os.orders_status_id and language_id = '" . $_SESSION['languages_id'] . "')\n where a.affiliate_id = '" . $_SESSION['affiliate_id'] . "' " . $period_clause . $status_clause . $level_clause . " \n group by aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, \n a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, \n o.orders_status, os.orders_status_name\n order by affiliate_date DESC";
$count_key = 'aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, o.orders_status, os.orders_status_name';
$affiliate_sales_split = new splitPageResults($affiliate_sales_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $count_key);
if ($affiliate_sales_split->number_of_rows > 0) {
$affiliate_sales_values = xtc_db_query($affiliate_sales_split->sql_query);
$affiliate_sales = xtc_db_fetch_array($affiliate_sales_values);
} else {
$affiliate_sales_values = xtc_db_query("select MONTH(affiliate_date_account_created) as start_month,\n YEAR(affiliate_date_account_created) as start_year\n FROM " . TABLE_AFFILIATE . " WHERE affiliate_id = '" . $_SESSION['affiliate_id'] . "'");
$affiliate_sales = xtc_db_fetch_array($affiliate_sales_values);
}
$smarty->assign('period_selector', affiliate_period('a_period', $affiliate_sales['start_year'], $affiliate_sales['start_month'], true, xtc_db_prepare_input($_GET['a_period']), 'onChange="this.form.submit();"'));
$smarty->assign('status_selector', affiliate_get_status_list('a_status', xtc_db_prepare_input($_GET['a_status']), 'onChange="this.form.submit();"'));
$smarty->assign('level_selector', affiliate_get_level_list('a_level', xtc_db_prepare_input($_GET['a_level']), 'onChange="this.form.submit();"'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('affiliate_sales_split_numbers', $affiliate_sales_split->number_of_rows);
$smarty->assign('FORM_ACTION', xtc_draw_form('params', xtc_href_link(FILENAME_AFFILIATE_SALES), 'get', 'SSL'));
$affiliate_sales_table = '';
if ($affiliate_sales_split->number_of_rows > 0) {
$number_of_sales = 0;
$sum_of_earnings = 0;
do {
$number_of_sales++;
if ($affiliate_sales['orders_status_id'] >= AFFILIATE_PAYMENT_ORDER_MIN_STATUS) {
$sum_of_earnings += $affiliate_sales['affiliate_payment'];
}
if ($number_of_sales / 2 == floor($number_of_sales / 2)) {
$affiliate_sales_table .= '<tr class="productListing-even">';
} else {
Copyright (c) 2003 XT-Commerce
--------------------------------------------------------------
based on:
(c) 2000-2001 The Exchange Project (earlier name of osCommerce)
(c) 2002-2003 osCommerce(popup_image.php,v 1.6 2002/05/20); www.oscommerce.com
(c) 2003 nextcommerce (popup_image.php,v 1.7 2003/08/18); www.nextcommerce.org
Released under the GNU General Public License
--------------------------------------------------------------*/
require 'includes/application_top.php';
reset($_GET);
while (list($key, ) = each($_GET)) {
switch ($key) {
case 'banner':
$banners_id = xtc_db_prepare_input($_GET['banner']);
$banner_query = xtc_db_query("select banners_title, banners_image, banners_html_text from " . TABLE_BANNERS . " where banners_id = '" . xtc_db_input($banners_id) . "'");
$banner = xtc_db_fetch_array($banner_query);
$page_title = $banner['banners_title'];
if ($banner['banners_html_text']) {
$image_source = $banner['banners_html_text'];
} elseif ($banner['banners_image']) {
$image_source = xtc_image(HTTP_CATALOG_SERVER . DIR_WS_CATALOG_IMAGES . $banner['banners_image'], $page_title);
}
break;
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
<script type="text/javascript"><!--
var i=0;
$parent_check = xtc_db_prepare_input($_POST['parent_check']);
$parent_id = xtc_db_prepare_input($_POST['parent']);
$time = xtc_db_prepare_input(date("Y-m-d H:i:s"));
$content_query = xtc_db_query("SELECT MAX(content_group) AS content_group FROM " . TABLE_CONTENT_MANAGER . "");
$content_data = mysqli_fetch_row($content_query);
if ($_POST['content_group'] == '0' || $_POST['content_group'] == '') {
$group_id = $content_data[0] + 1;
} else {
$group_id = xtc_db_prepare_input($_POST['content_group']);
}
$group_ids = $group_ids;
$sort_order = xtc_db_prepare_input($_POST['sort_order']);
$content_meta_title = xtc_db_prepare_input($_POST['cont_meta_title']);
$content_meta_description = xtc_db_prepare_input($_POST['cont_meta_description']);
$content_meta_keywords = xtc_db_prepare_input($_POST['cont_meta_keywords']);
$content_meta_index = xtc_db_prepare_input($_POST['cont_meta_index']);
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if ($languages[$i]['code'] == $content_language) {
$content_language = $languages[$i]['id'];
}
}
// for
$error = false;
// reset error flag
if (strlen($content_title) < 1) {
$error = true;
$messageStack->add(ERROR_TITLE, 'error');
}
// if
if ($content_status == 'yes') {
$content_status = 1;
<?php
if (isset($_GET['cID'])) {
$cID = (int) $_GET['cID'];
$orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . ",\n s.orders_status_name\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN (" . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s)\n ON (o.orders_id = ot.orders_id\n AND (o.orders_status = s.orders_status_id\n OR (o.orders_status = '0' AND s.orders_status_id = '1')\n )\n )\n WHERE o.customers_id = '" . xtc_db_input($cID) . "'\n AND ot.class = 'ot_total'\n AND s.language_id = '" . (int) $_SESSION['languages_id'] . "'\n ORDER BY orders_id DESC";
} elseif (isset($_GET['status']) && $_GET['status'] == '0') {
$orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . "\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN " . TABLE_ORDERS_TOTAL . " ot ON (o.orders_id = ot.orders_id)\n WHERE o.orders_status = '0'\n AND ot.class = 'ot_total'\n ORDER BY o.orders_id DESC";
} elseif (isset($_GET['status']) && xtc_not_null($_GET['status']) || isset($_GET['payment_method']) && xtc_not_null($_GET['payment_method'])) {
//web28 - 2012-04-14 - FIX xtc_not_null($_GET['status'])
$status_query_string = "";
if (isset($_GET['status']) && xtc_not_null($_GET['status'])) {
$status = xtc_db_prepare_input($_GET['status']);
$status_query_string = "AND s.orders_status_id = '" . xtc_db_input($status) . "' ";
}
$payment_method_query_string = "";
if (isset($_GET['payment_method']) && xtc_not_null($_GET['payment_method'])) {
$payment_method = xtc_db_prepare_input($_GET['payment_method']);
$payment_method_query_string = "AND o.payment_method = '" . xtc_db_input($payment_method) . "' ";
}
$orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . ",\n s.orders_status_name\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN (" . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s)\n ON (o.orders_id = ot.orders_id AND o.orders_status = s.orders_status_id)\n WHERE s.language_id = '" . (int) $_SESSION['languages_id'] . "'\n " . $status_query_string . "\n " . $payment_method_query_string . "\n AND ot.class = 'ot_total'\n ORDER BY o.orders_id DESC";
} elseif ($action == 'search' && $oID) {
// ADMIN SEARCH BAR $orders_query_raw moved it to the top
} else {
$orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . ",\n s.orders_status_name\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN (" . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s)\n ON (o.orders_id = ot.orders_id AND o.orders_status = s.orders_status_id)\n WHERE (s.language_id = '" . (int) $_SESSION['languages_id'] . "'\n AND ot.class = 'ot_total')\n OR (o.orders_status = '0'\n AND ot.class = 'ot_total'\n AND s.orders_status_id = '1'\n AND s.language_id = '" . (int) $_SESSION['languages_id'] . "')\n ORDER BY o.orders_id DESC";
}
$orders_split = new splitPageResults($_GET['page'], MAX_DISPLAY_ORDER_RESULTS, $orders_query_raw, $orders_query_numrows);
$orders_query = xtc_db_query($orders_query_raw);
while ($orders = xtc_db_fetch_array($orders_query)) {
if ((!xtc_not_null($oID) || isset($oID) && $oID == $orders['orders_id']) && !isset($oInfo)) {
//web28 - 2012-04-14 - FIX !xtc_not_null($oID)
$oInfo = new objectInfo($orders);
}
$old_fields = array(array('FIRST_NAME', ENTRY_FIRST_NAME_MIN_LENGTH, ENTRY_FIRST_NAME_ERROR, TEXT_FIRSTNAME), array('LAST_NAME', ENTRY_LAST_NAME_MIN_LENGTH, ENTRY_LAST_NAME_ERROR, TEXT_LASTNAME), array('EMAIL_ADRESS', ENTRY_EMAIL_ADDRESS_MIN_LENGTH, ENTRY_EMAIL_ADDRESS_ERROR, TEXT_EMAIL), array('STREET_ADRESS', ENTRY_STREET_ADDRESS_MIN_LENGTH, ENTRY_STREET_ADDRESS_ERROR, TEXT_STREET), array('POST_CODE', ENTRY_POSTCODE_MIN_LENGTH, ENTRY_POST_CODE_ERROR, TEXT_POSTCODE), array('CITY', ENTRY_CITY_MIN_LENGTH, ENTRY_CITY_ERROR, TEXT_CITY), array(EMPTY_STRING, 0, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING), array('TELEPHONE', ENTRY_TELEPHONE_MIN_LENGTH, ENTRY_TELEPHONE_NUMBER_ERROR, TEXT_TEL), array('PASSWORD', ENTRY_PASSWORD_MIN_LENGTH, ENTRY_PASSWORD_ERROR, TEXT_PASSWORD), array('PASSWORD_CONFIRMATION', ENTRY_PASSWORD_MIN_LENGTH, ENTRY_PASSWORD_ERROR, TEXT_PASSWORD_CONF));
$old_fields_count = sizeof($old_fields);
$old_fields_1 = array(array('STORE_NAME', ENTRY_LAST_NAME_MIN_LENGTH, ENTRY_STORE_NAME_ERROR, TEXT_STORE), array('COMPANY', ENTRY_LAST_NAME_MIN_LENGTH, ENTRY_COMPANY_ERROR, TEXT_COMPANY), array('EMAIL_ADRESS_FROM', ENTRY_EMAIL_ADDRESS_MIN_LENGTH, ENTRY_EMAIL_ADDRESS_FROM_ERROR, TEXT_EMAIL_FROM));
$old_fields_1_count = sizeof($old_fields_1);
$new_fields = array(array('STORE_BANK_NAME', 0, EMPTY_STRING), array('STORE_BANK_BLZ', 0, EMPTY_STRING), array('STORE_BANK_ACCOUNT', 0, EMPTY_STRING), array('STORE_BANK_BIC', 0, EMPTY_STRING), array('STORE_BANK_IBAN', 0, EMPTY_STRING), array('STORE_USTID', 0, EMPTY_STRING), array('STORE_TAXNR', 0, EMPTY_STRING), array('STORE_REGISTER', 0, EMPTY_STRING), array('STORE_REGISTER_NR', 0, EMPTY_STRING), array('STORE_MANAGER', 0, EMPTY_STRING), array('STORE_DIRECTOR', 0, EMPTY_STRING));
$new_fields_count = sizeof($new_fields);
if ($process) {
for ($i = 0; $i < $old_fields_count; $i++) {
$old_field = $old_fields[$i];
$field_name = $old_field[0];
if ($field_name) {
$variable_name = strtolower($field_name);
${$variable_name} = get_check_input($field_name, $old_field[1], $old_field[2]);
}
}
$zone_setup = xtc_db_prepare_input($_POST[$zone_setup_text]);
if ($password != $password_confirmation) {
$error = true;
$messageStack->add($install_step, ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
for ($i = 0; $i < $old_fields_1_count; $i++) {
$old_field = $old_fields_1[$i];
$field_name = $old_field[0];
if ($field_name) {
$variable_name = strtolower($field_name);
${$variable_name} = get_check_input($field_name, $old_field[1], $old_field[2]);
}
}
for ($i = 0; $i < $new_fields_count; $i++) {
$new_field = $new_fields[$i];
$field_name = $new_field[0];
function saveMappings()
{
foreach ($_POST['mappingFields'] as $mappingField => $mappingFieldValues) {
xtc_db_query("UPDATE easymarketing_mappings SET mapping_field_values = '" . $mappingFieldValues . "', mapping_field_default_value = '" . xtc_db_prepare_input($_POST['mappingDefaultFields'][$mappingField]) . "' WHERE mapping_field = '" . $mappingField . "'");
}
}
$contents[] = array('text' => '<br />' . TEXT_DATE_ACCOUNT_LAST_MODIFIED . ' ' . xtc_date_short($cInfo->date_account_last_modified));
// BOF - Tomcraft - 2011-01-16 - Additionally show time for customers last logon time
//$contents[] = array ('text' => '<br />'.TEXT_INFO_DATE_LAST_LOGON.' '.xtc_date_short($cInfo->date_last_logon));
$contents[] = array('text' => '<br />' . TEXT_INFO_DATE_LAST_LOGON . ' ' . xtc_datetime_short($cInfo->date_last_logon));
// EOF - Tomcraft - 2011-01-16 - Additionally show time for customers last logon time
$contents[] = array('text' => '<br />' . TEXT_INFO_NUMBER_OF_LOGONS . ' ' . $cInfo->number_of_logons);
$contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY . ' ' . $cInfo->countries_name);
$contents[] = array('text' => '<br />' . TEXT_INFO_NUMBER_OF_REVIEWS . ' ' . $cInfo->number_of_reviews);
//BOF - DokuMan - 2010-11-02 - Workaround for customer details not showing on iplog-Box
}
//EOF - DokuMan - 2010-11-02 - Workaround for customer details not showing on iplog-Box
}
if ($action == 'iplog') {
if (isset($_GET['cID'])) {
$contents[] = array('text' => '<br /><b>IPLOG :');
$customers_id = xtc_db_prepare_input($_GET['cID']);
$customers_log_info_array = xtc_get_user_info($customers_id);
if (xtc_db_num_rows($customers_log_info_array)) {
while ($customers_log_info = xtc_db_fetch_array($customers_log_info_array)) {
$contents[] = array('text' => '<tr>' . "\n" . '<td class="smallText">' . $customers_log_info['customers_ip_date'] . ' ' . $customers_log_info['customers_ip'] . ' ' . $customers_log_info['customers_advertiser']);
}
}
}
}
break;
}
if (xtc_not_null($heading) && xtc_not_null($contents)) {
echo ' <div class="col-lg-2 col-md-12 hidden-sm hidden-xs pull-right">' . "\n";
#col-sm-12 col-xs-12
$box = new box();
echo $box->infoBox($heading, $contents);
function getNext()
{
switch ($this->mode) {
// yearly
case '1':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd), date("Y", $sd) + 1);
break;
// monthly
// monthly
case '2':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd) + 1, 1, date("Y", $sd));
break;
// weekly
// weekly
case '3':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 7, date("Y", $sd));
break;
// daily
// daily
case '4':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 1, date("Y", $sd));
break;
}
if ($ed > $this->endDate) {
$ed = $this->endDate;
}
$filterString = "";
if ($this->statusFilter > 0) {
$filterString .= " AND o.orders_status = " . $this->statusFilter . " ";
}
if (!is_numeric($this->paymentFilter)) {
$filterString .= " AND o.payment_method ='" . xtc_db_prepare_input($this->paymentFilter) . "' ";
}
$rqOrders = xtc_db_query($this->queryOrderCnt . " WHERE o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString);
$order = xtc_db_fetch_array($rqOrders);
$rqShipping = xtc_db_query($this->queryShipping . " AND o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString);
$shipping = xtc_db_fetch_array($rqShipping);
$rqItems = xtc_db_query($this->queryItemCnt . " AND o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString . " group by pid " . $this->sortString);
// set the return values
$this->actDate = $ed;
$this->showDate = $sd;
$this->showDateEnd = $ed - 60 * 60 * 24;
// execute the query
$cnt = 0;
$itemTot = 0;
$sumTot = 0;
while ($resp[$cnt] = xtc_db_fetch_array($rqItems)) {
// to avoid rounding differences round for every quantum
// multiply with the number of items afterwords.
$price = $resp[$cnt]['psum'] / $resp[$cnt]['pquant'];
// products_attributes
// are there any attributes for this order_id ?
$rqAttr = xtc_db_query($this->queryAttr . " AND o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "' AND op.products_id = " . $resp[$cnt]['pid'] . $filterString . " group by products_options_values order by orders_products_id");
$i = 0;
while ($attr[$i] = xtc_db_fetch_array($rqAttr)) {
$i++;
}
// values per date
if ($i > 0) {
$price2 = 0;
$price3 = 0;
$option = array();
$k = -1;
$ord_pro_id_old = 0;
for ($j = 0; $j < $i; $j++) {
if ($attr[$j]['price_prefix'] == "-") {
$price2 += -1 * $attr[$j]['options_values_price'];
$price3 = -1 * $attr[$j]['options_values_price'];
$prefix = "-";
} else {
$price2 += $attr[$j]['options_values_price'];
$price3 = $attr[$j]['options_values_price'];
$prefix = "+";
}
$ord_pro_id = $attr[$j]['orders_products_id'];
if ($ord_pro_id != $ord_pro_id_old) {
$k++;
$l = 0;
// set values
$option[$k]['quant'] = $attr[$j]['attr_cnt'];
$option[$k]['options'][0] = $attr[$j]['products_options'];
$option[$k]['options_values'][0] = $attr[$j]['products_options_values'];
if ($price3 != 0) {
//$option[$k]['price'][0] = xtc_add_tax($price3, $resp[$cnt]['ptax']);
$option[$k]['price'][0] = $price3;
} else {
$option[$k]['price'][0] = 0;
}
} else {
$l++;
// update values
$option[$k]['options'][$l] = $attr[$j]['products_options'];
$option[$k]['options_values'][$l] = $attr[$j]['products_options_values'];
if ($price3 != 0) {
//$option[$k]['price'][$l] = xtc_add_tax($price3, $resp[$cnt]['ptax']);
$option[$k]['price'][$l] = $price3;
} else {
$option[$k]['price'][$l] = 0;
}
}
$ord_pro_id_old = $ord_pro_id;
}
// set attr value
$resp[$cnt]['attr'] = $option;
} else {
$resp[$cnt]['attr'] = "";
}
//$resp[$cnt]['price'] = xtc_add_tax($price, $resp[$cnt]['ptax']);
//$resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * xtc_add_tax($price, $resp[$cnt]['ptax']);
$resp[$cnt]['price'] = $price;
$resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * $price;
$resp[$cnt]['order'] = $order['order_cnt'];
$resp[$cnt]['shipping'] = $shipping['shipping'];
// values per date and item
$sumTot += $resp[$cnt]['psum'];
$itemTot += $resp[$cnt]['pquant'];
// add totsum and totitem until current row
$resp[$cnt]['totsum'] = $sumTot;
$resp[$cnt]['totitem'] = $itemTot;
$cnt++;
}
return $resp;
}
}
}
//// zahlungsweise in session schreiben
$_SESSION['payment'] = 'paypalexpress';
if (isset($_POST['act_shipping'])) {
$_SESSION['act_shipping'] = 'true';
}
if (isset($_POST['act_payment'])) {
$_SESSION['act_payment'] = 'true';
}
if (isset($_POST['payment'])) {
$_SESSION['payment'] = xtc_db_prepare_input($_POST['payment']);
}
if (!empty($_POST['comments_added'])) {
//Dokuman - 2012-05-31 - fix paypal_checkout notices
$_SESSION['comments'] = xtc_db_prepare_input($_POST['comments']);
}
//-- TheMedia Begin check if display conditions on checkout page is true
if (isset($_POST['cot_gv'])) {
$_SESSION['cot_gv'] = true;
}
// if there is nothing in the customers cart, redirect them to the shopping cart page
if ($_SESSION['cart']->count_contents() < 1) {
xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART));
}
// Kein Token mehr da durch Back im Browser auf die Seite
if (!$_SESSION['nvpReqArray']['TOKEN'] or !$_SESSION['reshash']['PAYERID']) {
unset($_SESSION['payment']);
unset($_SESSION['nvpReqArray']);
unset($_SESSION['reshash']);
unset($_SESSION['sendto']);
xtc_db_query("insert into " . TABLE_TAX_RATES . " (tax_zone_id, tax_class_id, tax_rate, tax_description, tax_priority, date_added) values ('" . xtc_db_input($tax_zone_id) . "', '" . xtc_db_input($tax_class_id) . "', '" . xtc_db_input($tax_rate) . "', '" . xtc_db_input($tax_description) . "', '" . xtc_db_input($tax_priority) . "', now())");
xtc_redirect(xtc_href_link(FILENAME_TAX_RATES));
break;
case 'save':
$tax_rates_id = xtc_db_prepare_input($_GET['tID']);
$tax_zone_id = xtc_db_prepare_input($_POST['tax_zone_id']);
$tax_class_id = xtc_db_prepare_input($_POST['tax_class_id']);
$tax_rate = xtc_db_prepare_input($_POST['tax_rate']);
$tax_description = xtc_db_prepare_input($_POST['tax_description']);
$tax_priority = xtc_db_prepare_input($_POST['tax_priority']);
$last_modified = xtc_db_prepare_input($_POST['last_modified']);
xtc_db_query("update " . TABLE_TAX_RATES . " set tax_rates_id = '" . xtc_db_input($tax_rates_id) . "', tax_zone_id = '" . xtc_db_input($tax_zone_id) . "', tax_class_id = '" . xtc_db_input($tax_class_id) . "', tax_rate = '" . xtc_db_input($tax_rate) . "', tax_description = '" . xtc_db_input($tax_description) . "', tax_priority = '" . xtc_db_input($tax_priority) . "', last_modified = now() where tax_rates_id = '" . xtc_db_input($tax_rates_id) . "'");
xtc_redirect(xtc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id));
break;
case 'deleteconfirm':
$tax_rates_id = xtc_db_prepare_input($_GET['tID']);
xtc_db_query("delete from " . TABLE_TAX_RATES . " where tax_rates_id = '" . xtc_db_input($tax_rates_id) . "'");
xtc_redirect(xtc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page']));
break;
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
