/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <*****@*****.**>
* @package AgileBill
* @version 1.4.93
*/
function CORE_database_add($VAR, $construct, $type)
{
global $C_translate;
# set the field list for this method:
$arr = $construct->method["{$type}"];
# define the validation class
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$construct->validated = true;
####################################################################
# loop through the field list to validate the required fields
####################################################################
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $construct->module . '_' . $value;
$field_name = $value;
$construct->validate = true;
####################################################################
# perform any field validation...
####################################################################
# check if this value is unique
if (isset($construct->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) {
if (!$validate->validate_unique($construct->table, $field_name, "record_id", $VAR["{$field_var}"])) {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_unique', "", ""));
}
}
# check if the submitted value meets the specifed requirements
if (isset($construct->field["{$value}"]["validate"])) {
if (isset($VAR["{$field_var}"])) {
if ($VAR["{$field_var}"] != '') {
if (!$validate->validate($field_name, $construct->field["{$value}"], $VAR["{$field_var}"], $construct->field["{$value}"]["validate"])) {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $validate->error["{$field_name}"]);
}
} else {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
} else {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
}
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$construct->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $construct->val_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
# define any triggers
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 0, $VAR);
}
# strip slashes
global $C_vars;
$C_vars->strip_slashes_all();
return false;
} else {
# begin the new database class:
$db =& DB();
# loop through the field list to create the sql queries
$field_list = '';
$i = 0;
reset($arr);
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $construct->module . '_' . $value;
$field_name = $value;
if (isset($VAR["{$field_var}"])) {
# check if html allowed:
if (@$construct->field["{$value}"]["html"] != 1 && !is_array($VAR["{$field_var}"])) {
$insert_value = htmlspecialchars($VAR["{$field_var}"]);
} else {
$insert_value = $VAR["{$field_var}"];
}
# perform data conversions
if (isset($construct->field["{$value}"]["convert"])) {
$insert_value = $validate->convert($field_name, $insert_value, $construct->field["{$value}"]["convert"]);
}
# create the sql statement
if (!empty($insert_value)) {
$field_list .= ", " . $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc());
}
}
}
# add a comma before the site_id if needed
if ($field_list != '') {
$field_list .= ',';
}
# determine the record id:
$construct->record_id = $db->GenID(AGILE_DB_PREFIX . "" . $construct->table . '_id');
# define the new ID as a constant
define(strtoupper('NEW_RECORD_' . $construct->table . '_ID'), $construct->record_id);
# generate the full query
$q = "INSERT INTO " . AGILE_DB_PREFIX . "{$construct->table}\n\t\t\t\tSET\n\t\t\t\tid = " . $db->qstr($construct->record_id) . "\n\t\t\t\t{$field_list}\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE);
# execute the query
$result = $db->Execute($q);
## echo $q;
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('database.inc.php', 'add', $db->ErrorMsg());
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 0, $VAR);
return false;
}
}
# define any triggers:
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 1, $VAR);
}
global $VAR;
$VAR["id"] = $construct->record_id;
@($redirect_page = $VAR['_page']);
if (isset($VAR["_escape"]) || isset($VAR["_escape_next"])) {
$_escape = '&_escape=1&_escape_next=1';
}
define('REDIRECT_PAGE', '?_page=' . $redirect_page . '&id=' . $construct->record_id . '' . @$_escape);
return $construct->record_id;
}
}
function search($VAR)
{
$this->charge_construct();
$type = "search";
$this->method["{$type}"] = explode(",", $this->method["{$type}"]);
$db =& DB();
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
# set the search criteria array
$arr = $VAR;
# loop through the submitted field_names to get the WHERE statement
$where_list = '';
$i = 0;
while (list($key, $value) = each($arr)) {
if ($i == 0) {
if ($value != '') {
$pat = "^" . $this->module . "_";
if (eregi($pat, $key)) {
$field = eregi_replace($pat, "", $key);
if (eregi('%', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]);
}
$where_list .= " WHERE " . AGILE_DB_PREFIX . "charge." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module . '_' . $field;
$VAR['field_option']["{$pat_field}"]["{$i_arr}"];
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]);
}
if ($i_arr == 0) {
$where_list .= " WHERE " . AGILE_DB_PREFIX . "charge." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
} else {
$where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
}
} else {
$where_list .= " WHERE " . AGILE_DB_PREFIX . "charge." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
} else {
if ($value != '') {
$pat = "^" . $this->module . "_";
if (eregi($pat, $key)) {
$field = eregi_replace($pat, "", $key);
if (eregi('%', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]);
}
$where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module . '_' . $field;
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]);
}
$where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
} else {
$where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
}
}
# Code for attribute searches:
if (!empty($VAR['item_attributes'])) {
$attr_arr = $VAR['item_attributes'];
for ($ati = 0; $ati < count($attr_arr); $ati++) {
if (!empty($attr_arr[$ati]['0'])) {
if ($where_list == '') {
$where_list .= ' WHERE ';
} else {
$where_list .= ' AND ';
}
$where_list .= AGILE_DB_PREFIX . "charge.attributes LIKE " . $db->qstr("%{$attr_arr[$ati]['0']}=={$attr_arr[$ati]['1']}%");
}
}
}
#### finalize the WHERE statement
if ($where_list == '') {
$where_list .= ' WHERE ';
} else {
$where_list .= ' AND ';
}
# get limit type
if (isset($VAR['limit'])) {
$limit = $VAR['limit'];
} else {
$limit = $this->limit;
}
# get order by
if (isset($VAR['order_by'])) {
$order_by = $VAR['order_by'];
} else {
$order_by = $this->order_by;
}
$q = "SELECT " . AGILE_DB_PREFIX . "charge.id FROM " . AGILE_DB_PREFIX . "charge ";
$q .= $where_list . " " . AGILE_DB_PREFIX . "charge.site_id = " . $db->qstr(DEFAULT_SITE);
$q_save = "SELECT DISTINCT %%fieldList%%, " . AGILE_DB_PREFIX . "charge.id FROM " . AGILE_DB_PREFIX . "charge ";
$q_save .= $where_list . " %%whereList%% ";
#echo $q;
#exit;
# run the database query
$result = $db->Execute($q);
# error reporting
if ($result === false) {
global $C_debug;
$C_debug->error('charge.inc.php', 'search', $db->ErrorMsg());
return false;
}
# get the result count:
$results = $result->RecordCount();
# get the first record id:
if ($results == 1) {
$record_id = $result->fields['id'];
}
# define the DB vars as a Smarty accessible block
global $smarty;
# Create the definition for fast-forwarding to a single record:
if ($results == 1 && !isset($this->fast_forward)) {
$smarty->assign('record_id', $record_id);
}
# create the search record:
if ($results > 0) {
# create the search record
include_once PATH_CORE . 'search.inc.php';
$search = new CORE_search();
$arr['module'] = $this->module;
$arr['sql'] = $q_save;
$arr['limit'] = $limit;
$arr['order_by'] = $order_by;
$arr['results'] = $results;
$search->add($arr);
# define the search id and other parameters for Smarty
$smarty->assign('search_id', $search->id);
# page:
$smarty->assign('page', '1');
# limit:
$smarty->assign('limit', $limit);
# order_by:
$smarty->assign('order_by', $order_by);
}
# define the result count
$smarty->assign('results', $results);
}
function add($VAR)
{
$this->construct();
global $C_debug, $C_translate;
$validate = true;
## Set type:
if (!empty($VAR['service_none'])) {
$VAR['service_type'] = 'none';
} elseif (!empty($VAR['service_domain'])) {
$VAR['service_type'] = 'domain';
} elseif (!empty($VAR['service_group'])) {
if (!empty($VAR['service_hosting'])) {
$VAR['service_type'] = 'host_group';
} elseif (!empty($VAR['service_product'])) {
$VAR['service_type'] = 'product_group';
} else {
$VAR['service_type'] = 'group';
}
} elseif (!empty($VAR['service_hosting'])) {
$VAR['service_type'] = 'host';
} elseif (!empty($VAR['service_product'])) {
$VAR['service_type'] = 'product';
}
## Set Price Type
if (!empty($VAR['billing_type'])) {
$VAR['service_price_type'] = "1";
} else {
$VAR['service_price_type'] = "0";
}
### loop through the field list to validate the required fields
$type = 'add';
$this->method["{$type}"] = explode(",", $this->method["{$type}"]);
$arr = $this->method["{$type}"];
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$this->validated = true;
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $this->module . '_' . $value;
$field_name = $value;
# check if this value is unique
if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) {
if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) {
$this->validated = false;
$this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", ""));
}
}
if (isset($this->field["{$value}"]["validate"])) {
if (isset($VAR["{$field_var}"])) {
if ($VAR["{$field_var}"] != '') {
if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]);
}
} else {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
} else {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
}
# If recurring, validate & set defaults
if ($VAR['service_price_type'] == 1) {
if (!empty($VAR['date_last_invoice'])) {
$last_invoice = $validate->DateToEpoch(DEFAULT_DATE_FORMAT, $VAR['date_last_invoice']);
} else {
$last_invoice = time();
}
# Determine the next invoice date:
$next_invoice = $this->calcNextInvoiceDate($last_invoice, @$VAR['product_price_recurr_default'], @$VAR['product_price_recurr_type'], @$VAR['product_price_recurr_weekday'], @$VAR['product_price_recurr_week']);
}
$active = 1;
$queue = 'new';
# Product details
if (!empty($VAR['service_sku'])) {
$product_id = @$VAR['product_id'];
$product_sku = @$VAR['service_sku'];
}
# Hosting Details:
if (@$VAR['service_type'] == 'host' || @$VAR['service_type'] == 'host_group') {
# validate domain/tld set
if (empty($VAR['host_domain_name']) || empty($VAR['host_domain_tld'])) {
$this->validated = false;
$this->val_error[] = array('field' => 'service_domain_name', 'field_trans' => $C_translate->translate('field_domain_name', 'service', ""), 'error' => $C_translate->translate('validate_any', "", ""));
} else {
$domain_name = $VAR['host_domain_name'];
$domain_tld = $VAR['host_domain_tld'];
}
} else {
if (@$VAR['service_type'] == 'domain') {
# validate domain/tld set
if (empty($VAR['domain_name']) || empty($VAR['domain_tld']) || empty($VAR['domain_type'])) {
$this->validated = false;
$this->val_error[] = array('field' => 'service_domain_name', 'field_trans' => $C_translate->translate('field_domain_name', 'service', ""), 'error' => $C_translate->translate('validate_any', "", ""));
} else {
$domain_name = $VAR['domain_name'];
$domain_tld = $VAR['domain_tld'];
$domain_type = $VAR['domain_type'];
# Get the host_tld_id
$db =& DB();
$q = "SELECT id,default_term_new,registrar_plugin_id FROM " . AGILE_DB_PREFIX . "host_tld WHERE\n\t\t\t \t name \t\t= " . $db->qstr($domain_tld) . " AND site_id \t= " . $db->qstr(DEFAULT_SITE);
$tld = $db->Execute($q);
$domain_host_tld_id = $tld->fields['id'];
$domain_host_registrar_id = $tld->fields['registrar_plugin_id'];
$domain_term = $tld->fields['default_term_new'];
$domain_date_expire = time() + $domain_term * (86400 * 365);
}
}
}
if (!$this->validated) {
# errors...
global $smarty;
$smarty->assign('form_validation', $this->val_error);
global $C_vars;
$C_vars->strip_slashes_all();
return;
} else {
# Generate the SQL:
$db =& DB();
$id = $db->GenID(AGILE_DB_PREFIX . 'service_id');
$q = "INSERT INTO " . AGILE_DB_PREFIX . "service SET\n\t\t id\t\t\t\t\t\t= " . $db->qstr($id) . ",\n\t\t site_id\t\t\t\t\t= " . $db->qstr(DEFAULT_SITE) . ",\n\t\t date_orig\t\t\t\t= " . $db->qstr(time()) . ",\n\t\t date_last\t\t\t\t= " . $db->qstr(time()) . ", \n\t\t account_id\t\t\t\t= " . $db->qstr($VAR['service_account_id']) . ",\n\t\t account_billing_id \t\t= " . $db->qstr(@$VAR['ccnum']) . ",\n\t\t product_id\t\t\t\t= " . $db->qstr(@$product_id) . ",\n\t\t sku\t\t\t\t\t\t= " . $db->qstr(@$product_sku) . ",\n\t\t active\t\t\t\t\t= " . $db->qstr('1') . ", \n\t\t type\t\t\t\t\t= " . $db->qstr($VAR['service_type']) . ",\n\t\t queue\t\t\t\t\t= " . $db->qstr('new') . ", \n\t\t price\t\t\t\t\t= " . $db->qstr(@$VAR['product_price_base']) . ",\n\t\t price_type\t\t\t\t= " . $db->qstr(@$VAR['service_price_type']) . ",\n\t\t taxable\t\t\t\t\t= " . $db->qstr(@$VAR['product_taxable']) . ", \n\t\t date_last_invoice\t\t= " . $db->qstr(@$last_invoice) . ",\n\t\t date_next_invoice\t\t= " . $db->qstr(@$next_invoice) . ",\n\t\t recur_schedule\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_default']) . ",\n\t\t recur_type\t\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_type']) . ",\n\t\t recur_weekday\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_weekday']) . ", \n\t\t recur_schedule_change \t= " . $db->qstr(@$VAR['product_price_recurr_schedule']) . ",\n\t\t recur_cancel\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_cancel']) . ", \n\t\t recur_modify\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_modify']) . ", \n\t\t group_grant\t\t\t\t= " . $db->qstr(serialize(@$VAR['product_assoc_grant_group'])) . ",\n\t\t group_type\t\t\t\t= " . $db->qstr(@$VAR['product_assoc_grant_group_type']) . ",\n\t\t group_days\t\t\t\t= " . $db->qstr(@$VAR['product_assoc_grant_group_days']) . ", \n\t\t host_server_id\t\t\t= " . $db->qstr(@$VAR['product_host_server_id']) . ",\n\t\t host_provision_plugin_data=" . $db->qstr(serialize(@$VAR['product_host_provision_plugin_data'])) . ",\n\t\t host_ip\t\t\t\t\t= " . $db->qstr(@$VAR['host_ip']) . ",\n\t\t host_username\t\t\t= " . $db->qstr(@$VAR['host_username']) . ",\n\t\t host_password\t\t\t= " . $db->qstr(@$VAR['host_password']) . ", \n\t\t domain_name\t\t\t\t= " . $db->qstr(@$domain_name) . ",\n\t\t domain_tld\t\t\t\t= " . $db->qstr(@$domain_tld) . ",\n\t\t domain_term\t\t\t\t= " . $db->qstr(@$domain_term) . ",\n\t\t domain_type\t\t\t\t= " . $db->qstr(@$domain_type) . ",\n\t\t domain_date_expire\t\t= " . $db->qstr(@$domain_date_expire) . ",\n\t\t domain_host_tld_id\t\t= " . $db->qstr(@$domain_host_tld_id) . ",\n\t\t domain_host_registrar_id= " . $db->qstr(@$domain_host_registrar_id) . ",\n\t\t prod_plugin_name\t\t= " . $db->qstr(@$VAR["product_prod_plugin_file"]) . ",\n\t\t prod_plugin_data\t\t= " . $db->qstr(serialize(@$VAR["product_prod_plugin_data"]));
$rs = $db->Execute($q);
if ($VAR['service_type'] == 'group' || ($VAR['service_type'] = 'product' || ($VAR['service_type'] = 'product_group'))) {
$this->queue_one($id, false);
}
global $VAR;
$VAR["id"] = $id;
define('FORCE_PAGE', 'service:view');
return;
}
}
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <*****@*****.**>
* @package AgileBill
* @version 1.4.93
*/
function CORE_database_search($VAR, &$construct, $type)
{
$db =& DB();
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
# set the search criteria array
$arr = $VAR;
# loop through the submitted field_names to get the WHERE statement
$where_list = '';
$i = 0;
while (list($key, $value) = each($arr)) {
if ($i == 0) {
if ($value != '') {
$pat = "^" . $construct->module . "_";
if (preg_match('/' . $pat . '/i', $key)) {
$field = preg_replace('/' . $pat . '/i', "", $key);
if (preg_match('/%/', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($construct->field["{$field}"]["convert"])) {
$value = $validate->convert($field, $value, $construct->field["{$field}"]["convert"]);
}
$where_list .= " WHERE " . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $construct->module . '_' . $field;
$VAR['field_option']["{$pat_field}"]["{$i_arr}"];
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($construct->field["{$field}"]["convert"])) {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $construct->field["{$field}"]["convert"]);
}
if ($i_arr == 0) {
$where_list .= " WHERE " . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
} else {
$where_list .= " AND " . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
}
} else {
$where_list .= " WHERE " . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
} else {
if ($value != '') {
$pat = "^" . $construct->module . "_";
if (preg_match('/' . $pat . '/', $key)) {
$field = preg_replace('/' . $pat . '/i', "", $key);
if (preg_match('/%/', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($construct->field["{$field}"]["convert"])) {
$value = $validate->convert($field, $value, $construct->field["{$field}"]["convert"]);
}
$where_list .= " AND " . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $construct->module . '_' . $field;
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($construct->field["{$field}"]["convert"])) {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $construct->field["{$field}"]["convert"]);
}
$where_list .= " AND " . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
} else {
$where_list .= " AND " . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
}
}
#### finalize the WHERE statement
if ($where_list == '') {
$where_list .= ' WHERE ';
} else {
$where_list .= ' AND ';
}
# get limit type
if (isset($VAR['limit'])) {
$limit = $VAR['limit'];
} else {
$limit = $construct->limit;
}
# get order by
if (isset($VAR['order_by'])) {
$order_by = $VAR['order_by'];
} else {
$order_by = $construct->order_by;
}
### Get any addition fields to select:
if (isset($construct->custom_EXP)) {
for ($ei = 0; $ei < count($construct->custom_EXP); $ei++) {
if ($ei == 0) {
$field_list = "," . $construct->custom_EXP[$ei]['field'];
}
}
}
# generate the full query
$q = "SELECT id" . $field_list . " FROM\n\t\t " . AGILE_DB_PREFIX . "{$construct->table}\n\t\t {$where_list}\n\t\t site_id = '" . DEFAULT_SITE . "'";
$q_save = "SELECT %%fieldList%% FROM %%tableList%% " . $where_list . " %%whereList%% ";
$result = $db->Execute($q);
//////////////// DEBUG ////
#echo "<PRE>$q</PRE>";
#exit;
# error reporting
if ($result === false) {
global $C_debug;
$C_debug->error('database.inc.php', 'search', $db->ErrorMsg());
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 0, $VAR);
}
return;
}
# get the result count:
$results = $result->RecordCount();
# get the first record id:
if ($results == 1) {
$record_id = $result->fields['id'];
}
### Run any custom validation on this result for
### this module
if (isset($construct->custom_EXP)) {
$results = 0;
while (!$result->EOF) {
for ($ei = 0; $ei < count($construct->custom_EXP); $ei++) {
$field = $construct->custom_EXP[$ei]["field"];
$value = $construct->custom_EXP[$ei]["value"];
if ($result->fields["{$field}"] == $value) {
//$result->MoveNext();
$ei = count($construct->custom_EXP);
$results++;
}
}
$result->MoveNext();
}
}
# define the DB vars as a Smarty accessible block
global $smarty;
# Create the definition for fast-forwarding to a single record:
if ($results == 1 && !isset($construct->fast_forward)) {
$smarty->assign('record_id', $record_id);
}
# create the search record:
if ($results > 0) {
# create the search record
include_once PATH_CORE . 'search.inc.php';
$search = new CORE_search();
$arr['module'] = $construct->module;
$arr['sql'] = $q_save;
$arr['limit'] = $limit;
$arr['order_by'] = $order_by;
$arr['results'] = $results;
$search->add($arr);
# define the search id and other parameters for Smarty
$smarty->assign('search_id', $search->id);
# page:
$smarty->assign('page', '1');
# limit:
$smarty->assign('limit', $limit);
# order_by:
$smarty->assign('order_by', $order_by);
}
# define the result count
$smarty->assign('results', $results);
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 1, $VAR);
}
}
function update_account_groups($VAR)
{
global $C_auth;
$ii = 0;
@($groups = $VAR['groups']);
@($account = $VAR['account_admin_id']);
# admin accounts groups cannot be altered
# user cannot modify their own groups
if ($account == "1" || SESS_ACCOUNT == $account) {
return false;
}
### Drop the current groups for this account:
# generate the full query
$dba =& DB();
$q = "DELETE FROM " . AGILE_DB_PREFIX . "account_group\n\t\t\t WHERE\n\t\t\t service_id IS NULL AND\n\t\t\t account_id = " . $dba->qstr($account) . " AND \n\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
#loop through the array to add each account_group record
for ($i = 0; $i < count($groups); $i++) {
# verify the admin adding this account is authorized
# for this group themselves, otherwise skip
if ($C_auth->auth_group_by_id($groups[$i])) {
# add the account to the selected groups...
$dba =& DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# determine the expiration
if (!empty($VAR['account_admin_date_expire'])) {
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$expire = $validate->DateToEpoch(DEFAULT_DATE_FORMAT, $VAR['account_admin_date_expire']);
} else {
$expire = 0;
}
# generate the full query
$q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\t SET\n\t\t\t\t\t id = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\t date_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\t date_expire = " . $dba->qstr($expire) . ",\n\t\t\t\t\t group_id = " . $dba->qstr($groups[$i]) . ",\n\t\t\t\t\t account_id = " . $dba->qstr($account) . ",\n\t\t\t\t\t active = " . $dba->qstr('1') . ",\n\t\t\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
$ii++;
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg());
}
}
}
### Add default group
if ($ii == 0) {
# add the account to the selected groups...
$dba =& DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# generate the full query
$q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\tSET\n\t\t\t\t\tid = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\tdate_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\tdate_expire = " . $dba->qstr(@$expire) . ",\n\t\t\t\t\tgroup_id = " . $dba->qstr(DEFAULT_GROUP) . ",\n\t\t\t\t\taccount_id = " . $dba->qstr($account) . ",\n\t\t\t\t\tactive = " . $dba->qstr('1') . ",\n\t\t\t\t\tsite_id = " . $dba->qstr(DEFAULT_SITE);
$result = $dba->Execute($q);
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg());
}
}
### Remove the user's session_auth_cache so it is regenerated on user's next pageview
$db =& DB();
$q = "SELECT id FROM " . AGILE_DB_PREFIX . "session WHERE\n\t\t\t account_id = " . $db->qstr($account) . " AND\n\t\t\t site_id = " . $db->qstr(DEFAULT_SITE);
$rss = $db->Execute($q);
while (!$rss->EOF) {
$q = "DELETE FROM " . AGILE_DB_PREFIX . "session_auth_cache WHERE\n\t\t\t\t session_id = " . $db->qstr($rss->fields['id']) . " AND \n\t\t\t\t site_id \t = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
$rss->MoveNext();
}
### Do any db_mapping
global $C_list;
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
$db_map->account_group_sync($account);
}
}
function subscribe($VAR)
{
$LIMIT_SECONDS = 120;
global $C_debug, $C_translate;
### Include the validation class
include_once PATH_CORE . 'validate.inc.php';
### store the details in a temporary database, and email the user
### a link with the time() string from the creation date of the
### record
### Check that the required variables are set:
if (!isset($VAR['newsletter_id']) || gettype($VAR['newsletter_id']) != 'array') {
if (isset($VAR['newsletter_type'])) {
#ERROR!
$C_debug->alert($C_translate->translate('subscribe_newsletter_req', 'newsletter', ''));
return;
} else {
return;
}
}
$newsletter_id = @$VAR['newsletter_id'];
if (isset($VAR['newsletter_html'])) {
$html = 1;
} else {
$html = 0;
}
if (isset($VAR['newsletter_type'])) {
if (empty($VAR['newsletter_first_name'])) {
#### ERROR!
if (isset($VAR['newsletter_type'])) {
$C_debug->alert($C_translate->translate('subscribe_name_req', 'newsletter', ''));
}
return;
}
$validate = new CORE_validate();
if (empty($VAR['newsletter_email']) || !$validate->validate_email($VAR['newsletter_email'], '')) {
### ERROR!
if (isset($VAR['newsletter_type'])) {
$C_debug->alert($C_translate->translate('subscribe_email_req', 'newsletter', ''));
}
return;
}
$first_name = @$VAR['newsletter_first_name'];
$last_name = @$VAR['newsletter_last_name'];
$email = @$VAR['newsletter_email'];
} else {
if (!isset($VAR['account_first_name']) || $VAR['account_first_name'] == '') {
return;
}
$validate = new CORE_validate();
if (!isset($VAR['account_email']) || $validate->validate_email($VAR['account_email'], '') == false) {
return;
}
$first_name = @$VAR['account_first_name'];
$last_name = @$VAR['account_last_name'];
$email = @$VAR['account_email'];
}
### Check that this email has not been requested already
### In the last 60 seconds
$db =& DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field1 = ' . $db->qstr($email);
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
$limit = $result->fields['date_orig'] + $LIMIT_SECONDS;
if ($limit > time()) {
### ERROR!
if (isset($VAR['newsletter_type'])) {
$error1 = $C_translate->translate("subscribe_spam_limit", "newsletter", "");
$error = ereg_replace('%limit%', "{$LIMIT_SECONDS}", $error1);
$C_debug->alert($error);
}
return;
} else {
### Delete the old request
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field1 = ' . $db->qstr($email);
$db->Execute($sql);
}
}
#####################################################
### Ok to continue:
$now = time();
$expire = time() + 86400 * 3;
$data = serialize(array('html' => $html, 'email' => $email, 'first_name' => $first_name, 'last_name' => $last_name, 'newsletter_id' => $newsletter_id, 'var' => base64_encode(serialize(@$VAR['static_relation']))));
#####################################################
### Create the temporary DB Record:
$db =& DB();
$id = $db->GenID(AGILE_DB_PREFIX . "" . 'temporary_data_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'temporary_data SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($id) . ',
date_orig = ' . $db->qstr($now) . ',
date_expire = ' . $db->qstr($expire) . ',
field1 = ' . $db->qstr($email) . ',
data = ' . $db->qstr($data);
$result = $db->Execute($sql);
#####################################################
### Send the subscription confirmation email :
$E['html'] = 0;
$E['priority'] = 0;
$E['to_email'] = $email;
$E['to_name'] = $first_name;
global $C_translate;
$E['body_text'] = $C_translate->translate('subscribe_body', 'newsletter', '');
$E['subject'] = $C_translate->translate('subscribe_subj', 'newsletter', '');
$E['body_text'] = eregi_replace('%name%', $first_name, $E['body_text']);
$E['body_text'] = eregi_replace('%email%', $email, $E['body_text']);
$E['body_text'] = eregi_replace('%confirm_url%', URL . '?_page=newsletter:subscribe_confirm&email=' . $email . '&validate=' . $now, $E['body_text']);
$E['body_text'] = eregi_replace('%site_name%', SITE_NAME, $E['body_text']);
#####################################################
### Get the setup email settings:
$db =& DB();
$q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL);
$setup_email = $db->Execute($q);
if ($setup_email->fields['type'] == 0) {
$type = 0;
} else {
$type = 1;
$E['server'] = $setup_email->fields['server'];
$E['account'] = $setup_email->fields['username'];
$E['password'] = $setup_email->fields['password'];
}
$E['from_name'] = $setup_email->fields['from_name'];
$E['from_email'] = $setup_email->fields['from_email'];
######################################################
### SEND THE MESSAGE!
require_once PATH_CORE . 'email.inc.php';
$email = new CORE_email();
if ($type == 0) {
### SEND THE MESSAGE
$email->PHP_Mail($E);
} else {
### SEND TEXT VERSION
$email->SMTP_Mail($E);
}
#####################################################
### Success message!
if (isset($VAR['newsletter_type'])) {
$message = $C_translate->translate('subscribe_confirm', 'newsletter', '');
$C_debug->alert($message);
}
}
function add($VAR)
{
$search_limit = 50;
global $C_debug, $C_translate;
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$this->start_date = false;
if (!empty($VAR['affiliate_commission_start_date'])) {
$this->start_date = $validate->convert('', $VAR['affiliate_commission_start_date'], 'date');
}
$this->end_date = false;
if (!empty($VAR['affiliate_commission_end_date'])) {
$this->end_date = $validate->convert('', $VAR['affiliate_commission_end_date'], 'date');
}
# determine the offset & limit
if (!empty($VAR['page'])) {
$current_page = $VAR['page'];
} else {
$current_page = '1';
}
# determine the offset & limit
$offset = -1;
if ($current_page == 1) {
$offset = 0;
} else {
$offset = $current_page * $search_limit - $search_limit;
}
$db =& DB();
if ($current_page == 1) {
$this->GenID = $db->GenID(AGILE_DB_PREFIX . 'affiliate_commission_id');
} else {
$this->GenID = @$VAR['GenID'];
}
# Generate the SQL for this commission generation session:
$sql = "SELECT id,affiliate_id,total_amt,tax_amt,type FROM " . AGILE_DB_PREFIX . "invoice WHERE site_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\tprocess_status = 1 AND billing_status = 1 AND\n\t\t\t\t( affiliate_id IS NOT NULL AND affiliate_id !='' ) AND \n\t\t\t\ttotal_amt > 0 ";
if ($this->start_date) {
$sql .= " AND date_orig\t>= " . $db->qstr($this->start_date);
}
if ($this->end_date) {
$sql .= " AND date_orig\t<= " . $db->qstr($this->end_date);
}
$result = $db->SelectLimit($sql, $search_limit, $offset);
#echo $sql;
#echo "<BR><BR>";
#print_r($result->fields);
#exit;
# No more results - print link to export data:
if ($result->RecordCount() == 0 && $current_page > 1) {
$msg = $C_translate->translate('generated', 'affiliate_commission', '');
$msg .= ' <a href="?_page=affiliate_commission:view&id=' . $this->GenID . '">' . $C_translate->translate('submit', '', '') . '</a>';
$msg .= '<SCRIPT LANGUAGE="JavaScript">
refresh("1", "?_page=affiliate_commission:view&id=' . $this->GenID . '");
</SCRIPT>';
$C_debug->alert($msg);
return;
}
# Loop through the results:
$count = 0;
while (!$result->EOF) {
$do = true;
$level = 1;
unset($affiliate_arr);
$affiliate_id = $result->fields["affiliate_id"];
# check if the commissions for this invoice have already been issued...
$sql = "SELECT id FROM " . AGILE_DB_PREFIX . "invoice_commission WHERE\n\t\t\t\t\tsite_id\t\t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\tinvoice_id\t\t= " . $db->qstr($result->fields["id"]);
$result2 = $db->Execute($sql);
if ($result2->RecordCount() == 0) {
# loop through all affiliate levels to generate the commissions...
while ($level < 100 && @$affiliate_id) {
for ($i = 0; $i < count(@$affiliate_arr); $i++) {
if ($affiliate_arr[$i] == $affiliate_id) {
$i = 100;
$do = false;
}
}
if ($do) {
// get the total amount of the items after discounts and before taxes
$sqli = "SELECT sum(total_amt) as invoice_amount\n\t\t\t\t\t\t\t\t FROM " . AGILE_DB_PREFIX . "invoice_item WHERE site_id = " . $db->qstr(DEFAULT_SITE) . " \n\t\t\t\t\t\t\t\t AND invoice_id = {$result->fields["id"]}\n\t\t\t\t\t\t\t\t GROUP BY invoice_id";
$rsi = $db->Execute($sqli);
if ($rsi && $rsi->RecordCount()) {
$invoice_amount = $rsi->fields["invoice_amount"];
$arr = $this->calc_commission($affiliate_id, $invoice_amount, $result->fields["type"], $level);
if (@$arr["amount"] > 0) {
$this->add_invoice_commission($arr['amount'], $affiliate_id, $result->fields["id"]);
}
unset($affiliate_id);
if (isset($arr["affiliate_id"])) {
$affiliate_id = $arr['affiliate_id'];
}
$count++;
}
}
$level++;
}
}
# add this invoice to the processed list...
$result->MoveNext();
}
# Create the affiliate_commission record:
if ($count == 0) {
$msg = $C_translate->translate('no_results', 'affiliate_commission', '');
$C_debug->alert($msg);
} else {
$start = $search_limit * $current_page - $search_limit;
$stop = $search_limit * $current_page;
$page = $current_page + 1;
$C_translate->value['affiliate_commission']['start'] = $start;
$C_translate->value['affiliate_commission']['stop'] = $stop;
$C_translate->value['affiliate_commission']['genid'] = $this->GenID;
$C_translate->value['affiliate_commission']['page'] = $page;
$C_translate->value['affiliate_commission']['unixtime_start_date'] = $this->start_date;
$C_translate->value['affiliate_commission']['unixtime_stop_date'] = $this->end_date;
$msg = $C_translate->translate('continue', 'affiliate_commission', '');
$url = '?_page=core:blank&do[]=affiliate_commission:add&GenID=' . $this->GenID . '&page=' . $page . '&affiliate_commission_start_date=' . @$VAR['affiliate_commission_start_date'] . '&affiliate_commission_start_date=' . @$VAR['affiliate_commission_start_date'];
$msg .= ' <a href="' . $url . '">' . $C_translate->translate('submit', '', '') . '</a>';
$msg .= '<script language="JavaScript">document.location = "' . $url . '";</script>';
$C_debug->alert($msg);
}
}
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <*****@*****.**>
* @package AgileBill
* @version 1.4.93
*/
function CORE_database_update($VAR, &$construct, $type)
{
global $C_translate;
# set the field list for this method:
$arr = $construct->method["{$type}"];
# define the validation class
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$construct->validated = true;
# define this record id
$id = $VAR[$construct->module . '_id'];
####################################################################
# loop through the field list to validate the required fields
####################################################################
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $construct->module . '_' . $value;
$field_name = $value;
$construct->validate = true;
####################################################################
# perform any field validation...
####################################################################
# check if the conversion type required is not one ignored on updates:
$ignore_con = false;
$ignore_convert = array('sha', 'md5', 'rc5', 'crypt');
for ($ic = 0; $ic < count($ignore_convert); $ic++) {
if (isset($construct->field["{$value}"]["convert"])) {
if ($construct->field["{$value}"]["convert"] == $ignore_convert[$ic]) {
$ignore_con = true;
}
}
}
if (!$ignore_con) {
# check if this value is unique
if (isset($construct->field["{$value}"]["unique"])) {
if (isset($VAR["{$field_var}"])) {
if (!$validate->validate_unique($construct->table, $field_name, $id, $VAR["{$field_var}"])) {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_unique', "", ""));
}
}
}
# check if the submitted value meets the specifed requirements
if (isset($construct->field["{$value}"]["validate"])) {
if (isset($VAR["{$field_var}"])) {
if ($VAR["{$field_var}"] != '') {
if (!$validate->validate($field_name, $construct->field["{$value}"], $VAR["{$field_var}"], $construct->field["{$value}"]["validate"])) {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $validate->error["{$field_name}"]);
}
} else {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
} else {
$construct->validated = false;
$construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
}
}
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$construct->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $construct->val_error);
# change the page to be loaded
global $VAR;
$VAR['_page'] = $construct->module . ':view';
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 0, $VAR);
}
# strip slashes
global $C_vars;
$C_vars->strip_slashes_all();
return false;
} else {
$db =& DB();
$field_list = '';
$i = 0;
reset($arr);
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $construct->module . '_' . $value;
$field_name = $value;
if (isset($VAR["{$field_var}"]) && $VAR["{$field_var}"] != 'IGNORE-ARRAY-VALUE') {
# check if html allowed:
if (@$construct->field["{$value}"]["html"] != 1 && !is_array($VAR["{$field_var}"])) {
$insert_value = htmlspecialchars($VAR["{$field_var}"]);
} else {
$insert_value = $VAR["{$field_var}"];
}
# perform data conversions
if (isset($construct->field["{$value}"]["convert"])) {
$insert_value = $validate->convert($field_name, $insert_value, $construct->field["{$value}"]["convert"]);
}
if ($i == 0) {
$field_list .= $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc());
} else {
$field_list .= ", " . $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc());
}
$i++;
} elseif (@$construct->field["{$value}"]["convert"] == "array" && @$VAR["{$field_var}"] != 'IGNORE-ARRAY-VALUE') {
# Handle blank array string...
$insert_value = serialize(array(""));
if ($i == 0) {
$field_list .= $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc());
} else {
$field_list .= ", " . $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc());
}
$i++;
}
}
# generate the full query
$q = "UPDATE " . AGILE_DB_PREFIX . "{$construct->table} SET\n\t\t\t\t{$field_list}\n\t\t\t\tWHERE\n\t\t\t\tid \t\t= " . $db->qstr($id) . "\n\t\t\t\tAND\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE);
# execute the query
$db =& DB();
$result = $db->Execute($q);
# echo "<PRE>$q</PRE>";
# error reporting
if ($result === false) {
global $C_debug;
$C_debug->error('database.inc.php', 'update', $db->ErrorMsg());
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 0, $VAR);
}
return false;
} else {
if (isset($construct->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($construct->trigger["{$type}"], 1, $VAR);
}
return true;
}
}
}
function add($VAR)
{
if (!$this->checkLimits()) {
return false;
}
// check account limits
$this->account_construct();
global $C_list, $C_translate, $C_debug, $VAR, $smarty;
$this->validated = true;
### Set the hidden values:
$VAR['account_date_orig'] = time();
$VAR['account_date_last'] = time();
if (defined("SESS_LANGUAGE")) {
@($VAR['account_language_id'] = SESS_LANGUAGE);
} else {
@($VAR['account_language_id'] = DEFAULT_LANGUAGE);
}
if (defined("SESS_AFFILIATE")) {
@($VAR['account_affiliate_id'] = SESS_AFFILIATE);
} else {
@($VAR['account_affiliate_id'] = DEFAULT_AFFILIATE);
}
if (defined("SESS_RESELLER")) {
@($VAR['account_reseller_id'] = SESS_RESELLER);
} else {
@($VAR['account_reseller_id'] = DEFAULT_RESELLER);
}
if (defined("SESS_CURRENCY")) {
@($VAR['account_currency_id'] = SESS_CURRENCY);
} else {
@($VAR['account_currency_id'] = DEFAULT_CURRENCY);
}
if (defined("SESS_THEME")) {
@($VAR['account_theme_id'] = SESS_THEME);
} else {
@($VAR['account_theme_id'] = DEFAULT_THEME);
}
if (defined("SESS_CAMPAIGN")) {
@($VAR['account_campaign_id'] = SESS_CAMPAIGN);
} else {
@($VAR['account_campaign_id'] = 0);
}
if (!isset($VAR['account_email_type']) && @$VAR['account_email_type'] != "1") {
@($VAR['account_email_type'] = '0');
}
### Determine the proper account status:
if (DEFAULT_ACCOUNT_STATUS != '1') {
$status = '1';
} else {
$status = '0';
}
## Single field login:
if (defined('SINGLE_FIELD_LOGIN') && SINGLE_FIELD_LOGIN == true && empty($VAR['account_password'])) {
$VAR['account_password'] = '******';
$VAR['confirm_password'] = '******';
}
####################################################################
### loop through the field list to validate the required fields
####################################################################
$type = 'add';
$this->method["{$type}"] = split(",", $this->method["{$type}"]);
$arr = $this->method["{$type}"];
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$this->validated = true;
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $this->module . '_' . $value;
$field_name = $value;
####################################################################
### perform any field validation...
####################################################################
# check if this value is unique
if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) {
if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) {
$this->validated = false;
$this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", ""));
}
}
# check if the submitted value meets the specifed requirements
if (isset($this->field["{$value}"]["validate"])) {
if (isset($VAR["{$field_var}"])) {
if ($VAR["{$field_var}"] != '') {
if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]);
}
} else {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
} else {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
}
####################################################################
### Validate the password
####################################################################
if (isset($VAR['account_password']) && $VAR['account_password'] != "") {
if (isset($VAR['confirm_password']) && $VAR['account_password'] == $VAR['confirm_password']) {
$password = $VAR['account_password'];
$smarty->assign('confirm_account_password', $VAR["account_password"]);
} else {
### ERROR: The passwords provided do not match!
$smarty->assign('confirm_account_password', '');
$this->validated = false;
$this->val_error[] = array('field' => 'account_confirm_password', 'field_trans' => $C_translate->translate('field_confirm_password', $this->module, ""), 'error' => $C_translate->translate('password_change_match', "account", ""));
}
} else {
$smarty->assign('confirm_account_password', '');
}
####################################################################
### Validate that the user's IP & E-mail are not banned!
####################################################################
if ($this->validated) {
require_once PATH_MODULES . 'blocked_email/blocked_email.inc.php';
$blocked_email = new blocked_email();
if (!$blocked_email->is_blocked($VAR['account_email'])) {
$this->val_error[] = array('field' => 'account_email', 'field_trans' => $C_translate->translate('field_email', $this->module, ""), 'error' => $C_translate->translate('validate_banned_email', "", ""));
}
require_once PATH_MODULES . 'blocked_ip/blocked_ip.inc.php';
$blocked_ip = new blocked_ip();
if (!$blocked_ip->is_blocked(USER_IP)) {
$this->val_error[] = array('field' => 'IP Address', 'field_trans' => $C_translate->translate('ip_address', $this->module, ""), 'error' => $C_translate->translate('validate_banned_ip', "", ""));
}
}
// validate the tax_id
require_once PATH_MODULES . 'tax/tax.inc.php';
$taxObj = new tax();
$tax_arr = @$VAR['account_tax_id'];
if (is_array($tax_arr)) {
foreach ($tax_arr as $country_id => $tax_id) {
if ($country_id == $VAR['account_country_id']) {
$exempt = @$VAR["account_tax_id_exempt"][$country_id];
if (!$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) {
$this->validated = false;
$this->val_error[] = array('field' => 'account_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", ""));
}
if ($exempt) {
$VAR['account_tax_id'] = false;
} else {
$VAR['account_tax_id'] = $tax_id;
}
}
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form($this->module, $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
}
####################################################################
### If validation was failed, skip the db insert &
### set the errors & origonal fields as Smarty objects,
### and change the page to be loaded.
####################################################################
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
# Stripslashes
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
# Get default invoice options
$db =& DB();
$invopt = $db->Execute(sqlSelect($db, "setup_invoice", "*", ""));
if ($invopt && $invopt->RecordCount()) {
$invoice_delivery = $invopt->fields['invoice_delivery'];
$invoice_format = $invopt->fields['invoice_show_itemized'];
}
/* hash the password */
if (defined('PASSWORD_ENCODING_SHA')) {
$password_encoded = sha1($password);
} else {
$password_encoded = md5($password);
}
####################################################################
### Insert the account record
####################################################################
$this->account_id = $db->GenID(AGILE_DB_PREFIX . 'account_id');
$validation_str = time();
/** get parent id */
$this->account_id;
if (empty($this->parent_id)) {
$this->parent_id = $this->account_id;
}
$sql = '
INSERT INTO ' . AGILE_DB_PREFIX . 'account SET
id = ' . $db->qstr($this->account_id) . ',
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
date_orig = ' . $db->qstr($validation_str) . ',
date_last = ' . $db->qstr(time()) . ',
language_id = ' . $db->qstr($VAR["account_language_id"]) . ',
country_id = ' . $db->qstr($VAR["account_country_id"]) . ',
parent_id = ' . $db->qstr($this->parent_id) . ',
affiliate_id = ' . $db->qstr(@$VAR["account_affiliate_id"]) . ',
campaign_id = ' . $db->qstr(@$VAR["account_campaign_id"]) . ',
reseller_id = ' . $db->qstr(@$VAR["account_reseller_id"]) . ',
currency_id = ' . $db->qstr($VAR["account_currency_id"]) . ',
theme_id = ' . $db->qstr($VAR["account_theme_id"]) . ',
username = '******',
password = '******',
status = ' . $db->qstr($status) . ',
first_name = ' . $db->qstr($VAR["account_first_name"], get_magic_quotes_gpc()) . ',
middle_name = ' . $db->qstr($VAR["account_middle_name"], get_magic_quotes_gpc()) . ',
last_name = ' . $db->qstr($VAR["account_last_name"], get_magic_quotes_gpc()) . ',
company = ' . $db->qstr($VAR["account_company"], get_magic_quotes_gpc()) . ',
title = ' . $db->qstr($VAR["account_title"], get_magic_quotes_gpc()) . ',
email = ' . $db->qstr($VAR["account_email"], get_magic_quotes_gpc()) . ',
address1 = ' . $db->qstr($VAR["account_address1"], get_magic_quotes_gpc()) . ',
address2 = ' . $db->qstr($VAR["account_address2"], get_magic_quotes_gpc()) . ',
city = ' . $db->qstr($VAR["account_city"], get_magic_quotes_gpc()) . ',
state = ' . $db->qstr($VAR["account_state"], get_magic_quotes_gpc()) . ',
zip = ' . $db->qstr($VAR["account_zip"], get_magic_quotes_gpc()) . ',
email_type = ' . $db->qstr($VAR["account_email_type"], get_magic_quotes_gpc()) . ',
invoice_delivery= ' . $db->qstr(@$invoice_delivery) . ',
invoice_show_itemized=' . $db->qstr(@$invoice_format) . ',
invoice_advance_gen = ' . $db->qstr(MAX_INV_GEN_PERIOD) . ',
invoice_grace = ' . $db->qstr(GRACE_PERIOD) . ',
tax_id = ' . $db->qstr(@$VAR['account_tax_id']);
$result = $db->Execute($sql);
####################################################################
### error reporting:
####################################################################
if ($result === false) {
global $C_debug;
$C_debug->error('account.inc.php', 'add', $db->ErrorMsg());
if (isset($this->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($this->trigger["{$type}"], 0, $VAR);
}
return;
}
/* password logging class */
if ($C_list->is_installed('account_password_history')) {
include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php';
$accountHistory = new account_password_history();
$accountHistory->setNewPassword($this->account_id, $password_encoded);
}
####################################################################
### Add the account to the default group:
####################################################################
$group_id = $db->GenID(AGILE_DB_PREFIX . 'account_group_id');
$sql = '
INSERT INTO ' . AGILE_DB_PREFIX . 'account_group SET
id = ' . $db->qstr($group_id) . ',
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
date_orig = ' . $db->qstr(time()) . ',
group_id = ' . $db->qstr(DEFAULT_GROUP) . ',
account_id = ' . $db->qstr($this->account_id) . ',
active = ' . $db->qstr('1');
$db->Execute($sql);
####################################################################
### Insert the static vars:
####################################################################
$static_var->add($VAR, $this->module, $this->account_id);
####################################################################
### Mail the user the new_account email template
####################################################################
require_once PATH_MODULES . 'email_template/email_template.inc.php';
$my = new email_template();
if ($status == "1") {
$my->send('account_registration_active', $this->account_id, $this->account_id, '', '');
} else {
$validation_str = strtoupper($validation_str . ':' . $this->account_id);
$my->send('account_registration_inactive', $this->account_id, '', '', $validation_str);
}
####################################################################
### Add the newsletters
####################################################################
if (NEWSLETTER_REGISTRATION == "1") {
@($VAR['newsletter_html'] = $VAR['account_email_type']);
$VAR['newsletter_email'] = $VAR['account_email'];
$VAR['newsletter_first_name'] = $VAR['account_first_name'];
$VAR['newsletter_last_name'] = $VAR['account_last_name'];
require_once PATH_MODULES . '/newsletter/newsletter.inc.php';
$newsletter = new newsletter();
$newsletter->subscribe($VAR, $this);
}
####################################################################
### Log in the user & display the welcome message
####################################################################
if ($status == "1") {
if ($this->parent_id == $this->account_id || empty($this->parent_id)) {
$C_debug->alert($C_translate->translate("user_add_active_welcome", "account", ""));
if (SESSION_EXPIRE == 0) {
$exp = 99999;
} else {
$exp = SESSION_EXPIRE;
}
$date_expire = time() + SESSION_EXPIRE * 60;
# update the session
$db =& DB();
$q = "UPDATE " . AGILE_DB_PREFIX . "session\n\t\t\t\t\t\tSET\n\t\t\t\t\t\tip= " . $db->qstr(USER_IP) . ",\n\t\t\t\t\t\tdate_expire = " . $db->qstr($date_expire) . ",\n\t\t\t\t\t\tlogged = " . $db->qstr('1') . ",\n\t\t\t\t\t\taccount_id = " . $db->qstr($this->account_id) . "\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\tid = " . $db->qstr(SESS) . "\n\t\t\t\t\t\tAND\n\t\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
### constants
define('FORCE_SESS_ACCOUNT', $this->account_id);
define('FORCE_SESS_LOGGED', 1);
### Reload the session auth cache
if (CACHE_SESSIONS == '1') {
$force = true;
$C_auth = new CORE_auth($force);
global $C_auth2;
$C_auth2 = $C_auth;
}
if (isset($VAR['_page_next'])) {
define('REDIRECT_PAGE', '?_page=' . $VAR['_page_next']);
} elseif (isset($VAR['_page'])) {
define('REDIRECT_PAGE', '?_page=' . $VAR['_page']);
}
}
####################################################################
### Do any db_mapping
####################################################################
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
if (!empty($password)) {
$db_map->plaintext_password = $password;
} else {
$db_map->plaintext_password = false;
}
$db_map->account_add($this->account_id);
$db_map = new db_mapping();
$db_map->login($this->account_id);
}
####################################################################
### Affiliate Auto Creation
####################################################################
if (AUTO_AFFILIATE == 1 && $C_list->is_installed("affiliate")) {
$VAR['affiliate_account_id'] = $this->account_id;
$VAR['affiliate_template_id'] = DEFAULT_AFFILIATE_TEMPLATE;
include_once PATH_MODULES . 'affiliate/affiliate.inc.php';
$affiliate = new affiliate();
$affiliate->add($VAR, $affiliate);
}
} else {
$C_debug->alert($C_translate->translate("user_add_inactive_welcome", "account", ""));
define('FORCE_PAGE', 'core:blank');
}
}
function user_add($VAR)
{
$this->construct();
global $C_debug, $C_translate, $C_vars, $smarty;
### Strip Slashes
global $VAR;
$C_vars->strip_slashes_all();
####################################################################
### Check that the required fields are set:
### ticket_department_id, ticket_subject, ticket_body
####################################################################
$fields = array('priority', 'department_id', 'subject', 'body');
for ($i = 0; $i < count($fields); $i++) {
$field = $fields[$i];
$field_name = $this->table . '_' . $field;
if (!isset($VAR["{$field_name}"]) || trim($VAR["{$field_name}"]) == "") {
$this->val_error[] = array('field' => $this->table . '_' . $field, 'field_trans' => $C_translate->translate('field_' . $field, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form($this->module, $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
}
### Validate e-mail
if (!SESS_LOGGED) {
include_once PATH_CORE . 'validate.inc.php';
$C_validate = new CORE_validate();
if (empty($VAR['ticket_email'])) {
$this->validated = false;
$smarty->assign('ticket_email', true);
$all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_any', "", ""));
} elseif (!$C_validate->validate_email(@$VAR['ticket_email'], false)) {
$this->validated = false;
$smarty->assign('ticket_email', true);
$all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_email', "", ""));
}
$this->email = $VAR['ticket_email'];
} else {
# Get the e-mail addy from the user's account
$db =& DB();
$sql = 'SELECT email FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(SESS_ACCOUNT);
$result = $db->Execute($sql);
$VAR['ticket_email'] = $result->fields['email'];
$this->email = $result->fields['email'];
}
###################################################################
### Check that the user is authorized for this department
$db =& DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'ticket_department WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['ticket_department_id']) . ' AND
status = ' . $db->qstr('1');
$result = $db->Execute($sql);
if ($result->RecordCount() == 0) {
###################################################################
### ERROR: The selected department is inactive or invalid
$C_debug->alert($C_translate->translate('department_invalid', 'ticket', ''));
return false;
}
global $C_auth;
$i = 0;
$dept_auth = false;
while (!$result->EOF) {
$arr = unserialize($result->fields['group_id']);
if (!SESS_LOGGED) {
### Check if the specified department is authorized for the 'All Users' group (0):
for ($i = 0; $i < count($arr); $i++) {
if ($arr[$i] == '0') {
$dept_auth = true;
}
}
if (!$dept_auth) {
$C_debug->alert($C_translate->translate('login_required', '', ''));
return false;
}
} else {
for ($i = 0; $i < count($arr); $i++) {
if ($C_auth->auth_group_by_id($arr[$i])) {
$dept_auth = true;
}
}
}
$result->MoveNext();
}
if (!$dept_auth) {
###################################################################
### ERROR: The current user does not have access to the selected department!
$C_debug->alert($C_translate->translate('department_not_auth', 'ticket', ''));
return false;
} else {
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
###################################################################
### Assemble the SQL & Insert the ticket
$db =& DB();
$id = $db->GenID(AGILE_DB_PREFIX . 'ticket_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'ticket SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($id) . ',
date_orig = ' . $db->qstr(time()) . ',
date_last = ' . $db->qstr(time()) . ',
date_expire = ' . $db->qstr(time() + 86400 * 7) . ',
account_id = ' . $db->qstr(SESS_ACCOUNT) . ',
department_id=' . $db->qstr($VAR['ticket_department_id']) . ',
status = ' . $db->qstr(0) . ',
last_reply = 0,
priority = ' . $db->qstr($VAR['ticket_priority']) . ',
subject = ' . $db->qstr($VAR['ticket_subject']) . ',
email = ' . $db->qstr($VAR['ticket_email']) . ',
body = ' . $db->qstr(htmlspecialchars($VAR['ticket_body']));
$result = $db->Execute($sql);
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('ticket.inc.php', 'user_add', $db->ErrorMsg());
return false;
}
###################################################################
### Insert the static vars...
$static_var->add($VAR, $this->module, $id);
###################################################################
### Mail the user the new_ticket email template
require_once PATH_MODULES . 'email_template/email_template.inc.php';
$VAR['email'] = trim($this->email);
$VAR['key'] = $this->key($this->email);
$my = new email_template();
$my->send('ticket_user_add', $this->email, $id, '', '');
unset($VAR['key']);
unset($VAR['email']);
###################################################################
### Get any staff members who should be mailed
$db =& DB();
$sql = 'SELECT id,account_id,department_avail FROM ' . AGILE_DB_PREFIX . 'staff
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
notify_new = ' . $db->qstr("1");
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
while (!$result->EOF) {
@($avail = unserialize($result->fields['department_avail']));
for ($i = 0; $i < count($avail); $i++) {
if ($avail[$i] == $VAR['ticket_department_id']) {
###################################################################
### Mail staff members the new_ticket email template
$my = new email_template();
$my->send('ticket_user_add_staff', $result->fields['account_id'], $id, $avail[$i], 'sql3');
$i = count($avail);
}
}
$result->MoveNext();
}
}
}
global $C_debug, $C_translate;
$C_debug->alert($C_translate->translate('user_add_success', 'ticket', ''));
}
function search($VAR)
{
$type = "search";
$this->method["{$type}"] = split(",", $this->method["{$type}"]);
$db =& DB();
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
# set the search criteria array
$arr = $VAR;
# loop through the submitted field_names to get the WHERE statement
$where_list = '';
$i = 0;
while (list($key, $value) = each($arr)) {
if ($i == 0) {
if ($value != '') {
$pat = "^" . $this->module . "_";
if (eregi($pat, $key)) {
$field = eregi_replace($pat, "", $key);
if (eregi('%', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]);
}
$where_list .= " WHERE " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module . '_' . $field;
$VAR['field_option']["{$pat_field}"]["{$i_arr}"];
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]);
}
if ($i_arr == 0) {
$where_list .= " WHERE " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
} else {
$where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
}
} else {
$where_list .= " WHERE " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
} else {
if ($value != '') {
$pat = "^" . $this->module . "_";
if (eregi($pat, $key)) {
$field = eregi_replace($pat, "", $key);
if (eregi('%', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]);
}
$where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module . '_' . $field;
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"])) {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]);
}
$where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
} else {
$where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
}
}
#### finalize the WHERE statement
if ($where_list == '') {
$where_list .= ' WHERE ';
} else {
$where_list .= ' AND ';
}
# get limit type
if (isset($VAR['limit'])) {
$limit = $VAR['limit'];
} else {
$limit = $this->limit;
}
# get order by
if (isset($VAR['order_by'])) {
$order_by = $VAR['order_by'];
} else {
$order_by = $this->order_by;
}
$pre = AGILE_DB_PREFIX;
$q = "SELECT DISTINCT " . AGILE_DB_PREFIX . "newsletter_subscriber.id FROM " . AGILE_DB_PREFIX . "newsletter_subscriber ";
$q_save = "SELECT DISTINCT %%fieldList%% FROM " . AGILE_DB_PREFIX . "newsletter_subscriber ";
######## GET ANY STATIC VARS TO SEARCH ##########
$join_list = '';
if (!empty($VAR["static_relation"]) && count($VAR["static_relation"] > 0)) {
while (list($idx, $value) = each($VAR["static_relation"])) {
if ($value != "") {
$join_list .= " INNER JOIN {$pre}static_var_record AS s{$idx} ON \n\t\t\t\t\t\t( \n\t\t\t\t\t\t\ts{$idx}.record_id = {$pre}{$this->table}.id\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\ts{$idx}.static_var_relation_id = '{$idx}'\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\ts{$idx}.site_id = " . $db->qstr(DEFAULT_SITE) . "\t\t \t\t\t\t\n\t\t\t\t\t\t\tAND";
if (ereg("%", $value)) {
$join_list .= " s{$idx}.value LIKE " . $db->qstr($VAR["static_relation"]["{$idx}"]);
} else {
$join_list .= " s{$idx}.value = " . $db->qstr($VAR["static_relation"]["{$idx}"]);
}
$join_list .= " ) ";
}
}
}
######## END STATIC VAR SEARCH ##################
# standard where list
$q .= $join_list . $where_list . " " . AGILE_DB_PREFIX . "newsletter_subscriber.site_id = " . $db->qstr(DEFAULT_SITE);
$q_save .= $join_list . $where_list . " %%whereList%% ";
################## DEBUG ##################
#echo "<pre>" . $q;
#echo "<BR><BR>" . $q_save;
#exit;
# run the database query
$result = $db->Execute($q);
# error reporting
if ($result === false) {
global $C_debug;
$C_debug->error('newsletter_subscriber.inc.php', 'search', $db->ErrorMsg());
return false;
}
# get the result count:
$results = $result->RecordCount();
# get the first record id:
if ($results == 1) {
$record_id = $result->fields['id'];
}
# define the DB vars as a Smarty accessible block
global $smarty;
# Create the definition for fast-forwarding to a single record:
if ($results == 1 && !isset($this->fast_forward)) {
$smarty->assign('record_id', $record_id);
}
# create the search record:
if ($results > 0) {
# create the search record
include_once PATH_CORE . 'search.inc.php';
$search = new CORE_search();
$arr['module'] = $this->module;
$arr['sql'] = $q_save;
$arr['limit'] = $limit;
$arr['order_by'] = $order_by;
$arr['results'] = $results;
$search->add($arr);
# define the search id and other parameters for Smarty
$smarty->assign('search_id', $search->id);
# page:
$smarty->assign('page', '1');
# limit:
$smarty->assign('limit', $limit);
# order_by:
$smarty->assign('order_by', $order_by);
}
# define the result count
$smarty->assign('results', $results);
}
function add($VAR)
{
$this->construct();
global $C_translate;
$type = "add";
$this->method["{$type}"] = split(",", $this->method["{$type}"]);
# set the field list for this method:
$arr = $this->method["{$type}"];
# define the validation class
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$this->validated = true;
####################################################################
# loop through the field list to validate the required fields
####################################################################
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $this->module . '_' . $value;
$field_name = $value;
$this->validate = true;
####################################################################
# perform any field validation...
####################################################################
# check if this value is unique
if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) {
if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) {
$this->validated = false;
$this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", ""));
}
}
# check if the submitted value meets the specifed requirements
if (isset($this->field["{$value}"]["validate"])) {
if (isset($VAR["{$field_var}"])) {
if ($VAR["{$field_var}"] != '') {
if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]);
}
} else {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
} else {
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
}
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $this->val_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
# define any triggers
if (isset($this->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($this->trigger["{$type}"], 0, $VAR);
}
return;
} else {
# begin the new database class:
$db =& DB();
# loop through the field list to create the sql queries
$field_list = '';
$i = 0;
reset($arr);
while (list($key, $value) = each($arr)) {
# get the field value
$field_var = $this->module . '_' . $value;
$field_name = $value;
####################################################################
# perform any special actions
####################################################################
# md5, rc5, pgp, gpg, time, date, date-time
if (isset($this->field["{$value}"]["convert"]) && isset($VAR["{$field_var}"])) {
# do the conversion...
$VAR["{$field_var}"] = $validate->convert($field_name, $VAR["{$field_var}"], $this->field["{$value}"]["convert"]);
}
if (isset($VAR["{$field_var}"])) {
$field_list .= ", " . $value . "=" . $db->qstr($VAR["{$field_var}"]);
}
}
# add a comma before the site_id if needed
if ($field_list != '') {
$field_list .= ',';
}
# determine the record id:
$this->record_id = $db->GenID(AGILE_DB_PREFIX . "" . $this->table . '_id');
# determine the record id, if it is an ACCOUNT record
if ($this->table == 'account') {
$this->record_id = md5($this->record_id . '' . microtime());
}
# define the new ID as a constant
define(strtoupper('NEW_RECORD_' . $this->table . '_ID'), $this->record_id);
# generate the full query
$q = "INSERT INTO " . AGILE_DB_PREFIX . "{$this->table}\n\t\t\t\t\tSET\n\t\t\t\t\tid = " . $db->qstr($this->record_id) . "\n\t\t\t\t\t{$field_list}\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE);
# execute the query
$result = $db->Execute($q);
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('database.inc.php', 'add', $db->ErrorMsg());
if (isset($this->trigger["{$type}"])) {
include_once PATH_CORE . 'trigger.inc.php';
$trigger = new CORE_trigger();
$trigger->trigger($this->trigger["{$type}"], 0, $VAR);
}
}
$VAR["id"] = $this->record_id;
@($redirect_page = $VAR['_page']);
define('REDIRECT_PAGE', '?_page=' . $redirect_page . '&id=' . $this->record_id . '&s=' . SESS);
# RUN ANY INSTALL SCRIPT!
$file = $VAR['db_mapping_map_file'];
if ($file != '') {
include_once PATH_PLUGINS . 'db_mapping/' . $file . '.php';
eval('$_MAP = new map_' . strtoupper($file) . ';');
if (isset($_MAP->map['install']) && $_MAP->map['install'] == true) {
$_MAP->install();
}
}
}
}
/** SEARCH
*/
function search($VAR)
{
$this->invoice_construct();
$type = "search";
$this->method["{$type}"] = explode(",", $this->method["{$type}"]);
$db =& DB();
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
# set the search criteria array
$arr = $VAR;
# convert invoice_discount_arr
if (!empty($VAR['invoice_discount_arr'])) {
$arr['invoice_discount_arr'] = '%"' . $VAR['invoice_discount_arr'] . '"%';
}
# loop through the submitted field_names to get the WHERE statement
$where_list = '';
$i = 0;
while (list($key, $value) = each($arr)) {
if ($i == 0) {
if ($value != '') {
$pat = "^" . $this->module . "_";
if (preg_match('/' . $pat . '/', $key)) {
$field = preg_replace('/' . $pat . '/', "", $key);
if (preg_match('/%/', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') {
$value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]);
}
$where_list .= " WHERE " . AGILE_DB_PREFIX . "invoice." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module . '_' . $field;
$VAR['field_option']["{$pat_field}"]["{$i_arr}"];
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]);
}
if ($i_arr == 0) {
$where_list .= " WHERE " . AGILE_DB_PREFIX . "invoice." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
} else {
$where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
}
} else {
$where_list .= " WHERE " . AGILE_DB_PREFIX . "invoice." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
} else {
if ($value != '') {
$pat = "^" . $this->module . "_";
if (preg_match('/' . $pat . '/', $key)) {
$field = preg_replace('/' . $pat . '/', "", $key);
if (preg_match('/%/', $value)) {
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') {
$value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]);
}
$where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
} else {
# check if array
if (is_array($value)) {
for ($i_arr = 0; $i_arr < count($value); $i_arr++) {
if ($value["{$i_arr}"] != '') {
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module . '_' . $field;
if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) {
$f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"];
# error checking, safety precaution
if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') {
$f_opt = '=';
}
}
# do any data conversion for this field (date, encrypt, etc...)
if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') {
$value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]);
}
$where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc());
$i++;
}
}
} else {
$where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
}
}
# Code for attribute searches:
if (!empty($VAR['join_product_id']) && !empty($VAR['item_attributes'])) {
$attr_arr = $VAR['item_attributes'];
for ($ati = 0; $ati < count($attr_arr); $ati++) {
if (!empty($attr_arr[$ati]['0'])) {
if ($where_list == '') {
$where_list .= ' WHERE ';
} else {
$where_list .= ' AND ';
}
$where_list .= AGILE_DB_PREFIX . "invoice_item.product_attr LIKE " . $db->qstr("%{$attr_arr[$ati]['0']}=={$attr_arr[$ati]['1']}%");
}
}
}
# get limit type
if (isset($VAR['limit'])) {
$limit = $VAR['limit'];
} else {
$limit = $this->limit;
}
# get order by
if (isset($VAR['order_by'])) {
$order_by = $VAR['order_by'];
} else {
$order_by = $this->order_by;
}
## SELECT FROM
$p = AGILE_DB_PREFIX;
$q = "SELECT DISTINCT {$p}invoice.id FROM " . AGILE_DB_PREFIX . "invoice ";
$q_save = "SELECT DISTINCT %%fieldList%%,{$p}invoice.id FROM {$p}invoice ";
## LEFT JOIN
if (!empty($VAR['join_product_id']) || !empty($VAR['join_service_id']) || !empty($VAR['join_domain_name']) || !empty($VAR['join_domain_tld']) || !empty($VAR['join_memo_text'])) {
# JOIN ON PRODUCT DETAILS:
if (!empty($VAR['join_product_id']) || !empty($VAR['join_service_id']) || !empty($VAR['join_domain_name']) || !empty($VAR['join_domain_tld'])) {
$q .= " LEFT JOIN {$p}invoice_item ON {$p}invoice_item.invoice_id = {$p}invoice.id";
$q_save .= " LEFT JOIN {$p}invoice_item ON {$p}invoice_item.invoice_id = {$p}invoice.id";
if ($where_list == '') {
$q .= " WHERE {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE);
$q_save .= " WHERE {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE);
} else {
$q .= $where_list . " AND {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE);
$q_save .= $where_list . " AND {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE);
}
# AND (invoice_item.product_id)
if (!empty($VAR['join_product_id'])) {
$q .= " AND {$p}invoice_item.product_id = " . $db->qstr($VAR['join_product_id']);
$q_save .= " AND {$p}invoice_item.product_id = " . $db->qstr($VAR['join_product_id']);
}
# AND (invoice_item.service_id)
if (!empty($VAR['join_service_id'])) {
$q .= " AND {$p}invoice_item.service_id = " . $db->qstr($VAR['join_service_id']);
$q_save .= " AND {$p}invoice_item.service_id = " . $db->qstr($VAR['join_service_id']);
}
# AND (invoice_item.domain_name)
if (!empty($VAR['join_domain_name'])) {
if (!preg_match('/%/', $VAR['join_domain_name'])) {
$qtype = ' = ';
} else {
$qtype = ' LIKE ';
}
$q .= " AND {$p}invoice_item.domain_name {$qtype} " . $db->qstr($VAR['join_domain_name']);
$q_save .= " AND {$p}invoice_item.domain_name {$qtype} " . $db->qstr($VAR['join_domain_name']);
}
# AND (invoice_item.domain_tld)
if (!empty($VAR['join_domain_tld'])) {
if (!preg_match('/%/', $VAR['join_domain_tld'])) {
$qtype = ' = ';
} else {
$qtype = ' LIKE ';
}
$q .= " AND {$p}invoice_item.domain_tld {$qtype} " . $db->qstr($VAR['join_domain_tld']);
$q_save .= " AND {$p}invoice_item.domain_tld {$qtype} " . $db->qstr($VAR['join_domain_tld']);
}
}
# JOIN ON MEMO TEXT:
if (!empty($VAR['join_memo_text'])) {
$q .= " LEFT JOIN {$p}invoice_memo ON {$p}invoice_memo.invoice_id = {$p}invoice.id";
$q_save .= " LEFT JOIN {$p}invoice_memo ON {$p}invoice_memo.invoice_id = {$p}invoice.id";
if ($where_list == '') {
$q .= " WHERE {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE);
$q_save .= " WHERE {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE);
} else {
$q .= $where_list . " AND {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE);
$q_save .= $where_list . " AND {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE);
}
$q .= " AND {$p}invoice_memo.memo LIKE " . $db->qstr('%' . $VAR['join_memo_text'] . '%');
$q_save .= " AND {$p}invoice_memo.memo LIKE " . $db->qstr('%' . $VAR['join_memo_text'] . '%');
}
$q .= " AND {$p}invoice.site_id = " . DEFAULT_SITE;
$q_save .= ' AND ';
} else {
if ($where_list == '') {
$q .= "WHERE {$p}invoice.site_id = " . DEFAULT_SITE;
$q_save .= ' WHERE ';
} else {
$q .= $where_list . " AND {$p}invoice.site_id = " . DEFAULT_SITE;
$q_save .= $where_list . ' AND ';
}
}
///////////////// debug
#echo $q;
#exit;
# run the database query
$result = $db->Execute($q);
# error reporting
if ($result === false) {
global $C_debug;
$C_debug->error('invoice.inc.php', 'search', $db->ErrorMsg());
return false;
}
# get the result count:
$results = $result->RecordCount();
# get the first record id:
if ($results == 1) {
$record_id = $result->fields['id'];
}
# define the DB vars as a Smarty accessible block
global $smarty;
# Create the definition for fast-forwarding to a single record:
if ($results == 1 && !isset($this->fast_forward)) {
$smarty->assign('record_id', $record_id);
}
# create the search record:
if ($results > 0) {
# create the search record
include_once PATH_CORE . 'search.inc.php';
$search = new CORE_search();
$arr['module'] = $this->module;
$arr['sql'] = $q_save;
$arr['limit'] = $limit;
$arr['order_by'] = $order_by;
$arr['results'] = $results;
$search->add($arr);
# define the search id and other parameters for Smarty
$smarty->assign('search_id', $search->id);
# page:
$smarty->assign('page', '1');
# limit:
$smarty->assign('limit', $limit);
# order_by:
$smarty->assign('order_by', $order_by);
}
# define the result count
$smarty->assign('results', $results);
}
function update($VAR)
{
global $C_translate, $C_debug;
/* load database object */
$db = new CORE_database();
$this->construct();
$type = "update";
/* conditional fields for cc/eft */
$dbx =& DB();
$rs = $dbx->Execute(sqlSelect($dbx, "account_billing", "card_type,id,checkout_plugin_id", "id=::{$VAR['id']}::"));
if (!$rs || !$rs->RecordCount()) {
return false;
}
$billing_id = $rs->fields['id'];
$checkout_plugin_id = $rs->fields['checkout_plugin_id'];
if ($rs->fields['card_type'] == 'eft') {
/* EFT */
$this->method["{$type}"] = $db->ignore_fields(array('card_exp_month', 'card_exp_year', 'card_num'), $this->method["{$type}"]);
/* last four */
@($VAR['account_billing_card_num4'] = substr($VAR['account_billing_eft_check_acct'], strlen($VAR['account_billing_eft_check_acct']) - 4, 4));
} else {
/* CC */
# Validate the exp date
if (mktime(0, 0, 0, $VAR['account_billing_card_exp_month'], date('d'), $VAR['account_billing_card_exp_year']) <= time()) {
$msg = $C_translate->translate('val_exp', 'account_billing', '');
$C_debug->alert($msg);
return false;
}
# Validate the card against the card type
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
if (!$validate->validate_cc(@$VAR['account_billing_card_num'], 'card_num', @$VAR['account_billing_card_type'], false)) {
$msg = $C_translate->translate('val_cc', 'account_billing', '');
$C_debug->alert($msg);
return false;
}
$this->method["{$type}"] = $db->ignore_fields(array('eft_trn', 'eft_check_acct'), $this->method["{$type}"]);
/* last four */
@($VAR['account_billing_card_num4'] = substr($VAR['account_billing_card_num'], strlen($VAR['account_billing_card_num']) - 4, 4));
}
if ($db->update($VAR, $this, $type)) {
# Update any invoices using this billing record
$dba =& DB();
$sql = "UPDATE " . AGILE_DB_PREFIX . "invoice SET\n\t\t\t\t\t\tcheckout_plugin_id \t= " . $dba->qstr($checkout_plugin_id) . "\n\t\t\t\t\t\tWHERE site_id\t\t\t\t= " . $dba->qstr(DEFAULT_SITE) . "\n\t\t\t\t\t\tAND account_billing_id\t= " . $dba->qstr($billing_id);
$result = $dba->Execute($sql);
return true;
}
return false;
}
function update($VAR, $module, $record_id)
{
include_once PATH_CORE . 'validate.inc.php';
####################################################################
### $Method is the method name called to add records, so we know if we
### should use the error class, i.e: 'user_add'
####################################################################
### Get the Id for this module
$db =& DB();
$sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
name = ' . $db->qstr($module);
$result = $db->Execute($sql);
if ($result->RecordCount() == 0) {
return false;
} else {
$module_id = $result->fields['id'];
}
####################################################################
### Get all the associated STATIC RELATION records
$sql = 'SELECT id, static_var_id FROM ' . AGILE_DB_PREFIX . 'static_relation WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
module_id = ' . $db->qstr($module_id) . ' ORDER BY sort_order';
$relation = $db->Execute($sql);
if ($relation->RecordCount() == 0) {
return false;
} else {
$i = 0;
$validate = new CORE_validate();
while (!$relation->EOF) {
unset($value);
### Get the primary settings for this field
$id = $relation->fields['id'];
$static_var_relation_id = $id;
$static_var_id = $relation->fields['static_var_id'];
### Get the extended details for this field from the STATIC
### VAR records
$sql = 'SELECT id,name,convert_type FROM ' . AGILE_DB_PREFIX . 'static_var WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($static_var_id);
$var = $db->Execute($sql);
$convert = $var->fields['convert_type'];
$name = $var->fields['name'];
############################################################
### Generate the field name, translate if it exists,
### otherwise, just return the actual field name
$static_relation = 'static_relation[' . $id . ']';
@($value = $VAR["static_relation"]["{$id}"]);
if (!empty($VAR["static_relation"]["{$id}"]) || $value == 0) {
if ($convert != 'none' && $convert != '') {
$value = $validate->convert($name, $value, $convert);
}
### Test record already exists:
$sql = 'SELECT id,value FROM ' . AGILE_DB_PREFIX . 'static_var_record
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
record_id = ' . $db->qstr($record_id) . ' AND
module_id = ' . $db->qstr($module_id) . ' AND
static_var_id=' . $db->qstr($static_var_id) . ' AND
static_var_relation_id= ' . $db->qstr($static_var_relation_id);
$return = $db->Execute($sql);
if ($return->RecordCount() == 0) {
### Create new record:
$idx = $db->GenID(AGILE_DB_PREFIX . "" . 'static_var_record_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'static_var_record SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($idx) . ',
record_id = ' . $db->qstr($record_id) . ',
module_id = ' . $db->qstr($module_id) . ',
static_var_id=' . $db->qstr($static_var_id) . ',
static_var_relation_id= ' . $db->qstr($static_var_relation_id) . ',
value = ' . $db->qstr($value);
$insert = $db->Execute($sql);
if ($insert === false) {
global $C_debug;
$C_debug->error('static_var.inc.php', 'update', $db->ErrorMsg());
return false;
}
} elseif ($value != $return->fields['value']) {
### UPDATE the DB Record:
$sql = 'UPDATE ' . AGILE_DB_PREFIX . 'static_var_record SET
value = ' . $db->qstr($value) . '
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($return->fields['id']);
$insert = $db->Execute($sql);
if ($insert === false) {
global $C_debug;
$C_debug->error('static_var.inc.php', 'update', $db->ErrorMsg());
return false;
}
}
} else {
### Test record already exists:
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'static_var_record
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
record_id = ' . $db->qstr($record_id) . ' AND
module_id = ' . $db->qstr($module_id) . ' AND
static_var_id=' . $db->qstr($static_var_id) . ' AND
static_var_relation_id= ' . $db->qstr($static_var_relation_id);
$return = $db->Execute($sql);
}
$relation->MoveNext();
}
}
}
function contact($VAR)
{
global $C_translate, $C_debug, $C_vars;
## Validate the required vars (account_id, message, subject)
if (@$VAR['mail_email'] != "" && @$VAR['mail_name'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "") {
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
if (!$validate->validate_email($VAR['mail_email'], '')) {
$C_debug->alert($C_translate->translate('validate_email', '', ''));
$C_vars->strip_slashes_all();
return;
}
@($s = $VAR['mail_staff_id']);
@($d = $VAR['mail_department_id']);
if ($s > 0) {
## Nothing to do
} else {
if ($d > 0) {
## Verify the specified department && get the associated account:
$db =& DB();
$sql = 'SELECT default_staff_id FROM ' . AGILE_DB_PREFIX . 'staff_department WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($d);
$dept = $db->Execute($sql);
if ($dept->RecordCount() == 0) {
$C_debug->alert($C_translate->translate('error_dept_non_exist', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
$s = $dept->fields['default_staff_id'];
} else {
## staff/dept not specified
$C_debug->alert($C_translate->translate('error_staff_dept', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
}
## Verify the specified staff account && get the associated account:
$db =& DB();
$sql = 'SELECT account_id FROM ' . AGILE_DB_PREFIX . 'staff WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($s);
$staff = $db->Execute($sql);
if ($staff->RecordCount() == 0) {
$C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
$account_id = $staff->fields['account_id'];
$sql = 'SELECT email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$account = $db->Execute($sql);
if ($account->RecordCount() == 0) {
$C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
### Validate any static vars, if defined
$this->validated = true;
if (!empty($VAR['static_relation'])) {
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form('staff', $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
# Get the fields and values and append to the message text...
while (list($id, $value) = each($VAR['static_relation'])) {
if (!empty($value) && !empty($id)) {
# Get the name:
$db =& DB();
$sql = "SELECT static_var_id FROM " . AGILE_DB_PREFIX . "static_relation WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE);
$rs = $db->Execute($sql);
$var_id = $rs->fields['static_var_id'];
$sql = "SELECT name FROM " . AGILE_DB_PREFIX . "static_var WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($var_id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE);
$rs = $db->Execute($sql);
$name = $rs->fields['name'];
$ul = preg_replace("/\\./", "-", $name);
$VAR['mail_message'] .= "\r\n\r\n";
$VAR['mail_message'] .= "{$ul}";
$VAR['mail_message'] .= "\r\n";
$VAR['mail_message'] .= "{$name}";
$VAR['mail_message'] .= "\r\n";
$VAR['mail_message'] .= "{$ul}";
$VAR['mail_message'] .= "\r\n";
$VAR['mail_message'] .= "{$value}";
}
}
}
}
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
################################################################
## OK to send the email:
$E['from_html'] = true;
$E['from_name'] = $VAR['mail_name'];
$E['from_email'] = $VAR['mail_email'];
$db =& DB();
$q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL);
$setup_email = $db->Execute($q);
$E['priority'] = $VAR['mail_priority'];
$E['html'] = '0';
$E['subject'] = $VAR['mail_subject'];
$E['body_text'] = $VAR['mail_message'];
$E['to_email'] = $account->fields['email'];
$E['to_name'] = $account->fields['first_name'];
if ($setup_email->fields['type'] == 0) {
$type = 0;
} else {
$type = 1;
$E['server'] = $setup_email->fields['server'];
$E['account'] = $setup_email->fields['username'];
$E['password'] = $setup_email->fields['password'];
}
if ($setup_email->fields['cc_list'] != '') {
$E['cc_list'] = explode(',', $setup_email->fields['cc_list']);
}
if ($setup_email->fields['bcc_list'] != '') {
$E['bcc_list'] = explode(',', $setup_email->fields['bcc_list']);
}
### Call the mail() or smtp() function to send
require_once PATH_CORE . 'email.inc.php';
$email = new CORE_email();
if ($type == 0) {
$email->PHP_Mail($E);
} else {
$email->SMTP_Mail($E);
}
} else {
## Error message:
$C_debug->alert($C_translate->translate('error_req_fields', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
## Success message:
$C_debug->alert($C_translate->translate('mail_sent', 'staff', ''));
# Stripslashes
$C_vars->strip_slashes_all();
}
/**
* Validate the current credit card details
*/
function validate_card_details(&$ret)
{
// validate input fields
if ($this->req_all_flds) {
$this->req_fields_arr = array('first_name', 'last_name', 'address1', 'state', 'zip');
}
if (is_array($this->req_fields_arr)) {
$validate = true;
global $VAR;
foreach ($this->req_fields_arr as $fld) {
if (empty($this->billing["{$fld}"]) && empty($this->account["{$fld}"])) {
$VAR["{$fld}_error"] = true;
$validate = false;
}
}
if (!$validate) {
global $C_translate;
$ret['status'] = 0;
$ret['msg'] = $C_translate->translate('missing_fields', 'checkout', '');
return false;
}
}
// validate actual credit card details
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$this->billing["cc_no"] == preg_replace('/^[0-9]/', '', $this->billing["cc_no"]);
if (!$validate->validate_cc($this->billing["cc_no"], false, $this->billing["card_type"], $this->cfg['card_type'])) {
$ret['status'] = 0;
global $C_translate;
$ret['msg'] = $C_translate->translate('card_invalid', 'checkout', '');
} elseif (!$validate->validate_cc_exp(@$this->billing["exp_month"], @$this->billing["exp_year"])) {
$ret['status'] = 0;
global $C_translate;
$ret['msg'] = $C_translate->translate('card_exp_invalid', 'checkout', '');
} else {
$ret['status'] = 1;
return true;
}
return false;
}
