/**
* Smarty debug_print_var modifier plugin
*
* Type: modifier<br>
* Name: debug_print_var<br>
* Purpose: formats variable contents for display in the console
* @link http://smarty.php.net/manual/en/language.modifier.debug.print.var.php
* debug_print_var (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
* @param array|object
* @param integer
* @param integer
* @return string
*/
function smarty_modifier_debug_print_var($var, $depth = 0, $length = 40)
{
$_replace = array("\n" => '<i>\\n</i>', "\r" => '<i>\\r</i>', "\t" => '<i>\\t</i>');
switch (gettype($var)) {
case 'array':
$results = '<b>Array (' . count($var) . ')</b>';
foreach ($var as $curr_key => $curr_val) {
$results .= '<br>' . str_repeat(' ', $depth * 2) . '<b>' . strtr($curr_key, $_replace) . '</b> => ' . smarty_modifier_debug_print_var($curr_val, ++$depth, $length);
$depth--;
}
break;
case 'object':
$object_vars = get_object_vars($var);
$results = '<b>' . get_class($var) . ' Object (' . count($object_vars) . ')</b>';
foreach ($object_vars as $curr_key => $curr_val) {
$results .= '<br>' . str_repeat(' ', $depth * 2) . '<b> ->' . strtr($curr_key, $_replace) . '</b> = ' . smarty_modifier_debug_print_var($curr_val, ++$depth, $length);
$depth--;
}
break;
case 'boolean':
case 'NULL':
case 'resource':
if (true === $var) {
$results = 'true';
} elseif (false === $var) {
$results = 'false';
} elseif (null === $var) {
$results = 'null';
} else {
//$results = htmlspecialchars((string) $var);
$results = encode_htmlspecialchars((string) $var);
// web28 2013-01-11 - use encode_htmlentities (PHP5.4 ready)
}
$results = '<i>' . $results . '</i>';
break;
case 'integer':
case 'float':
$results = htmlspecialchars((string) $var);
break;
case 'string':
$results = strtr($var, $_replace);
if (strlen($var) > $length) {
$results = substr($var, 0, $length - 3) . '...';
}
//$results = htmlspecialchars('"' . $results . '"');
$results = encode_htmlspecialchars('"' . $results . '"');
// web28 2013-01-11 - use encode_htmlentities (PHP5.4 ready)
break;
case 'unknown type':
default:
$results = strtr((string) $var, $_replace);
if (strlen($results) > $length) {
$results = substr($results, 0, $length - 3) . '...';
}
//$results = htmlspecialchars($results);
$results = encode_htmlspecialchars($results);
// web28 2013-01-11 - use encode_htmlentities (PHP5.4 ready)
}
return $results;
}
/**
* escape_special_chars common function
*
* Function: smarty_function_escape_special_chars<br>
* Purpose: used by other smarty functions to escape
* special chars except for already escaped ones
* @author Monte Ohrt <monte at ohrt dot com>
* @param string
* @return string
*/
function smarty_function_escape_special_chars($string)
{
if (!is_array($string)) {
$string = preg_replace('!&(#?\\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
//$string = htmlspecialchars($string);
$string = encode_htmlspecialchars($string);
// web28 2013-01-11 - use encode_htmlentities (PHP5.4 ready)
$string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
}
return $string;
}
/**
* xtc_output_string()
*
* @param mixed $string
* @param bool $translate
* @param bool $protected
* @return
*/
function xtc_output_string($string, $translate = false, $protected = false)
{
if ($protected == true) {
return encode_htmlspecialchars($string);
} else {
if ($translate == false) {
return xtc_parse_input_field_data($string, array('"' => '"'));
} else {
return xtc_parse_input_field_data($string, $translate);
}
}
}
function SendShopConfig()
{
$schema = '<?xml version="1.0" encoding="' . CHARSET . '"?>' . "\n" . '<CONFIG>' . "\n" . '<CONFIG_DATA>' . "\n";
echo $schema;
$config_sql = 'select * from configuration';
$config_res = xtc_db_query($config_sql);
while ($config = xtc_db_fetch_array($config_res)) {
$schema = '<ENTRY ID="' . $config['configuration_id'] . '">' . "\n" . '<PARAM>' . encode_htmlspecialchars($config['configuration_key']) . '</PARAM>' . "\n" . '<VALUE>' . encode_htmlspecialchars($config['configuration_value']) . '</VALUE>' . "\n" . '<TITLE>' . encode_htmlspecialchars($config['configuration_title']) . '</TITLE>' . "\n" . '<DESCRIPTION>' . encode_htmlspecialchars($config['configuration_description']) . '</DESCRIPTION>' . "\n" . '<GROUP_ID>' . encode_htmlspecialchars($config['config_group_id']) . '</GROUP_ID>' . "\n" . '<SORT_ORDER>' . encode_htmlspecialchars($config['sort_order']) . '</SORT_ORDER>' . "\n" . '<USE_FUNCTION>' . encode_htmlspecialchars($config['use_function']) . '</USE_FUNCTION>' . "\n" . '<SET_FUNCTION>' . encode_htmlspecialchars($config['set_function']) . '</SET_FUNCTION>' . "\n" . '</ENTRY>' . "\n";
echo $schema;
}
$schema = '</CONFIG_DATA>' . "\n";
echo $schema;
$schema = '<TAX_CLASS>' . "\n";
echo $schema;
$tax_class_sql = 'select * from tax_class';
$tax_class_res = xtc_db_query($tax_class_sql);
while ($tax_class = xtc_db_fetch_array($tax_class_res)) {
$schema = '<CLASS ID="' . $tax_class['tax_class_id'] . '">' . "\n" . '<TITLE>' . encode_htmlspecialchars($tax_class['tax_class_title']) . '</TITLE>' . "\n" . '<DESCRIPTION>' . encode_htmlspecialchars($tax_class['tax_class_description']) . '</DESCRIPTION>' . "\n" . '<LAST_MODIFIED>' . encode_htmlspecialchars($tax_class['last_modified']) . '</LAST_MODIFIED>' . "\n" . '<DATE_ADDED>' . encode_htmlspecialchars($tax_class['date_added']) . '</DATE_ADDED>' . "\n" . '</CLASS>' . "\n";
echo $schema;
}
$schema = '</TAX_CLASS>' . "\n";
echo $schema;
$schema = '<TAX_RATES>' . "\n";
echo $schema;
$tax_rates_sql = 'select * from tax_rates';
$tax_rates_res = xtc_db_query($tax_rates_sql);
while ($tax_rates = xtc_db_fetch_array($tax_rates_res)) {
$schema = '<RATES ID="' . $tax_rates['tax_rates_id'] . '">' . "\n" . '<ZONE_ID>' . encode_htmlspecialchars($tax_rates['tax_zone_id']) . '</ZONE_ID>' . "\n" . '<CLASS_ID>' . encode_htmlspecialchars($tax_rates['tax_class_id']) . '</CLASS_ID>' . "\n" . '<PRIORITY>' . encode_htmlspecialchars($tax_rates['tax_priority']) . '</PRIORITY>' . "\n" . '<RATE>' . encode_htmlspecialchars($tax_rates['tax_rate']) . '</RATE>' . "\n" . '<DESCRIPTION>' . encode_htmlspecialchars($tax_rates['tax_description']) . '</DESCRIPTION>' . "\n" . '<LAST_MODIFIED>' . encode_htmlspecialchars($tax_rates['last_modified']) . '</LAST_MODIFIED>' . "\n" . '<DATE_ADDED>' . encode_htmlspecialchars($tax_rates['date_added']) . '</DATE_ADDED>' . "\n" . '</RATES>' . "\n";
echo $schema;
}
$schema = '</TAX_RATES>' . "\n";
echo $schema;
//Ausgabe ProductListingTemplates
$schema = '<PRODUCT_LISTING_TEMPLATES>' . "\n";
if ($dir = opendir(DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/module/product_listing/')) {
while (($file = readdir($dir)) != false) {
// BOF - Tomcraft - 2010-02-04 - Prevent modified eCommerce Shopsoftware from fetching other files than *.html
/*
if (is_file(DIR_FS_CATALOG.'templates/'.CURRENT_TEMPLATE.'/module/product_listing/'.$file) and
($file != "index.html"))
{
*/
if (is_file(DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/module/product_listing/' . $file) and substr($file, -5) == ".html" and $file != "index.html" and substr($file, 0, 1) != ".") {
// EOF - Tomcraft - 2010-02-04 - Prevent modified eCommerce Shopsoftware from fetching other files than *.html
$schema .= "<TEMPLATE>" . $file . "</TEMPLATE>\n";
}
//if
}
// while
closedir($dir);
}
$schema .= '</PRODUCT_LISTING_TEMPLATES>' . "\n";
echo $schema;
//Ausgabe ProductInfoTemplates
$schema = '<PRODUCT_DETAILS_TEMPLATES>' . "\n";
if ($dir = opendir(DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/module/product_info/')) {
while (($file = readdir($dir)) != false) {
// BOF - Tomcraft - 2010-02-04 - Prevent modified eCommerce Shopsoftware from fetching other files than *.html
/*
if (is_file(DIR_FS_CATALOG.'templates/'.CURRENT_TEMPLATE.'/module/product_info/'.$file) and
($file != "index.html"))
{
*/
if (is_file(DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/module/product_info/' . $file) and substr($file, -5) == ".html" and $file != "index.html" and substr($file, 0, 1) != ".") {
// EOF - Tomcraft - 2010-02-04 - Prevent modified eCommerce Shopsoftware from fetching other files than *.html
$schema .= "<TEMPLATE>" . $file . "</TEMPLATE>\n";
}
//if
}
// while
closedir($dir);
}
$schema .= '</PRODUCT_DETAILS_TEMPLATES>' . "\n";
echo $schema;
//Ausgabe ProductOptionsTemplates
$schema = '<PRODUCT_OPTIONS_TEMPLATES>' . "\n";
if ($dir = opendir(DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/module/product_options/')) {
while (($file = readdir($dir)) != false) {
// BOF - Tomcraft - 2010-02-04 - Prevent modified eCommerce Shopsoftware from fetching other files than *.html
/*
if (is_file(DIR_FS_CATALOG.'templates/'.CURRENT_TEMPLATE.'/module/product_options/'.$file) and
($file != "index.html"))
{
*/
if (is_file(DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/module/product_options/' . $file) and substr($file, -5) == ".html" and $file != "index.html" and substr($file, 0, 1) != ".") {
// EOF - Tomcraft - 2010-02-04 - Prevent modified eCommerce Shopsoftware from fetching other files than *.html
$schema .= "<TEMPLATE>" . $file . "</TEMPLATE>\n";
}
//if
}
// while
closedir($dir);
}
$schema .= '</PRODUCT_OPTIONS_TEMPLATES>' . "\n";
echo $schema;
$schema = '</CONFIG>' . "\n";
echo $schema;
}
</table>
');
*/
$smarty->assign('NAVBAR', '
<div style="width:100%;font-size:smaller">
<div style="float:left">' . $reviews_split->display_count(TEXT_DISPLAY_NUMBER_OF_REVIEWS) . '</div>
<div style="float:right">' . TEXT_RESULT_PAGE . ' ' . $reviews_split->display_links(MAX_DISPLAY_PAGE_LINKS, xtc_get_all_get_params(array('page', 'info', 'x', 'y'))) . '</div>
<br style="clear:both" /></div>
');
//EOF - Dokuman - 2009-06-05 - replace table with div
}
$module_data = array();
if ($reviews_split->number_of_rows > 0) {
$reviews_query = xtc_db_query($reviews_split->sql_query);
while ($reviews = xtc_db_fetch_array($reviews_query)) {
$module_data[] = array('PRODUCTS_IMAGE' => DIR_WS_THUMBNAIL_IMAGES . $reviews['products_image'], $reviews['products_name'], 'PRODUCTS_LINK' => xtc_href_link(FILENAME_PRODUCT_REVIEWS_INFO, 'products_id=' . $reviews['products_id'] . '&reviews_id=' . $reviews['reviews_id']), 'PRODUCTS_NAME' => $reviews['products_name'], 'AUTHOR' => $reviews['customers_name'], 'TEXT' => '(' . sprintf(TEXT_REVIEW_WORD_COUNT, xtc_word_count($reviews['reviews_text'], ' ')) . ')<br />' . nl2br(encode_htmlspecialchars($reviews['reviews_text'])) . '..', 'RATING' => xtc_image('templates/' . CURRENT_TEMPLATE . '/img/stars_' . $reviews['reviews_rating'] . '.gif', sprintf(TEXT_OF_5_STARS, $reviews['reviews_rating'])));
}
$smarty->assign('module_content', $module_data);
}
$smarty->assign('language', $_SESSION['language']);
// set cache ID
if (!CacheCheck()) {
$smarty->caching = 0;
$main_content = $smarty->fetch(CURRENT_TEMPLATE . '/module/reviews.html');
} else {
$smarty->caching = 1;
$smarty->cache_lifetime = CACHE_LIFETIME;
$smarty->cache_modified_check = CACHE_CHECK;
$cache_id = $_SESSION['language'];
$main_content = $smarty->fetch(CURRENT_TEMPLATE . '/module/reviews.html', $cache_id);
}
/**
* compile a resource
*
* sets $compiled_content to the compiled source
* @param string $resource_name
* @param string $source_content
* @param string $compiled_content
* @return true
*/
function _compile_file($resource_name, $source_content, &$compiled_content)
{
if ($this->security) {
// do not allow php syntax to be executed unless specified
if ($this->php_handling == SMARTY_PHP_ALLOW && !$this->security_settings['PHP_HANDLING']) {
$this->php_handling = SMARTY_PHP_PASSTHRU;
}
}
$this->_load_filters();
$this->_current_file = $resource_name;
$this->_current_line_no = 1;
$ldq = preg_quote($this->left_delimiter, '~');
$rdq = preg_quote($this->right_delimiter, '~');
// run template source through prefilter functions
if (count($this->_plugins['prefilter']) > 0) {
foreach ($this->_plugins['prefilter'] as $filter_name => $prefilter) {
if ($prefilter === false) {
continue;
}
if ($prefilter[3] || is_callable($prefilter[0])) {
$source_content = call_user_func_array($prefilter[0], array($source_content, &$this));
$this->_plugins['prefilter'][$filter_name][3] = true;
} else {
$this->_trigger_fatal_error("[plugin] prefilter '{$filter_name}' is not implemented");
}
}
}
/* fetch all special blocks */
$search = "~{$ldq}\\*(.*?)\\*{$rdq}|{$ldq}\\s*literal\\s*{$rdq}(.*?){$ldq}\\s*/literal\\s*{$rdq}|{$ldq}\\s*php\\s*{$rdq}(.*?){$ldq}\\s*/php\\s*{$rdq}~s";
preg_match_all($search, $source_content, $match, PREG_SET_ORDER);
$this->_folded_blocks = $match;
reset($this->_folded_blocks);
/* replace special blocks by "{php}" */
$source_content = preg_replace($search . 'e', "'" . $this->_quote_replace($this->left_delimiter) . 'php' . "' . str_repeat(\"\n\", substr_count('\\0', \"\n\")) .'" . $this->_quote_replace($this->right_delimiter) . "'", $source_content);
/* Gather all template tags. */
preg_match_all("~{$ldq}\\s*(.*?)\\s*{$rdq}~s", $source_content, $_match);
$template_tags = $_match[1];
/* Split content by template tags to obtain non-template content. */
$text_blocks = preg_split("~{$ldq}.*?{$rdq}~s", $source_content);
/* loop through text blocks */
for ($curr_tb = 0, $for_max = count($text_blocks); $curr_tb < $for_max; $curr_tb++) {
/* match anything resembling php tags */
if (preg_match_all('~(<\\?(?:\\w+|=)?|\\?>|language\\s*=\\s*[\\"\']?\\s*php\\s*[\\"\']?)~is', $text_blocks[$curr_tb], $sp_match)) {
/* replace tags with placeholders to prevent recursive replacements */
$sp_match[1] = array_unique($sp_match[1]);
usort($sp_match[1], '_smarty_sort_length');
for ($curr_sp = 0, $for_max2 = count($sp_match[1]); $curr_sp < $for_max2; $curr_sp++) {
$text_blocks[$curr_tb] = str_replace($sp_match[1][$curr_sp], '%%%SMARTYSP' . $curr_sp . '%%%', $text_blocks[$curr_tb]);
}
/* process each one */
for ($curr_sp = 0, $for_max2 = count($sp_match[1]); $curr_sp < $for_max2; $curr_sp++) {
if ($this->php_handling == SMARTY_PHP_PASSTHRU) {
/* echo php contents */
$text_blocks[$curr_tb] = str_replace('%%%SMARTYSP' . $curr_sp . '%%%', '<?php echo \'' . str_replace("'", "\\'", $sp_match[1][$curr_sp]) . '\'; ?>' . "\n", $text_blocks[$curr_tb]);
} else {
if ($this->php_handling == SMARTY_PHP_QUOTE) {
/* quote php tags */
//$text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', htmlspecialchars($sp_match[1][$curr_sp]), $text_blocks[$curr_tb]);
$text_blocks[$curr_tb] = str_replace('%%%SMARTYSP' . $curr_sp . '%%%', encode_htmlspecialchars($sp_match[1][$curr_sp]), $text_blocks[$curr_tb]);
// web28 2013-01-11 - use encode_htmlentities (PHP5.4 ready)
} else {
if ($this->php_handling == SMARTY_PHP_REMOVE) {
/* remove php tags */
$text_blocks[$curr_tb] = str_replace('%%%SMARTYSP' . $curr_sp . '%%%', '', $text_blocks[$curr_tb]);
} else {
/* SMARTY_PHP_ALLOW, but echo non php starting tags */
$sp_match[1][$curr_sp] = preg_replace('~(<\\?(?!php|=|$))~i', '<?php echo \'\\1\'?>' . "\n", $sp_match[1][$curr_sp]);
$text_blocks[$curr_tb] = str_replace('%%%SMARTYSP' . $curr_sp . '%%%', $sp_match[1][$curr_sp], $text_blocks[$curr_tb]);
}
}
}
}
}
}
/* Compile the template tags into PHP code. */
$compiled_tags = array();
for ($i = 0, $for_max = count($template_tags); $i < $for_max; $i++) {
$this->_current_line_no += substr_count($text_blocks[$i], "\n");
$compiled_tags[] = $this->_compile_tag($template_tags[$i]);
$this->_current_line_no += substr_count($template_tags[$i], "\n");
}
if (count($this->_tag_stack) > 0) {
list($_open_tag, $_line_no) = end($this->_tag_stack);
$this->_syntax_error("unclosed tag \\{{$_open_tag}} (opened line {$_line_no}).", E_USER_ERROR, __FILE__, __LINE__);
return;
}
/* Reformat $text_blocks between 'strip' and '/strip' tags,
removing spaces, tabs and newlines. */
$strip = false;
for ($i = 0, $for_max = count($compiled_tags); $i < $for_max; $i++) {
if ($compiled_tags[$i] == '{strip}') {
$compiled_tags[$i] = '';
$strip = true;
/* remove leading whitespaces */
$text_blocks[$i + 1] = ltrim($text_blocks[$i + 1]);
}
if ($strip) {
/* strip all $text_blocks before the next '/strip' */
for ($j = $i + 1; $j < $for_max; $j++) {
/* remove leading and trailing whitespaces of each line */
$text_blocks[$j] = preg_replace('![\\t ]*[\\r\\n]+[\\t ]*!', '', $text_blocks[$j]);
if ($compiled_tags[$j] == '{/strip}') {
/* remove trailing whitespaces from the last text_block */
$text_blocks[$j] = rtrim($text_blocks[$j]);
}
$text_blocks[$j] = "<?php echo '" . strtr($text_blocks[$j], array("'" => "\\'", "\\" => "\\\\")) . "'; ?>";
if ($compiled_tags[$j] == '{/strip}') {
$compiled_tags[$j] = "\n";
/* slurped by php, but necessary
if a newline is following the closing strip-tag */
$strip = false;
$i = $j;
break;
}
}
}
}
$compiled_content = '';
$tag_guard = '%%%SMARTYOTG' . md5(uniqid(rand(), true)) . '%%%';
/* Interleave the compiled contents and text blocks to get the final result. */
for ($i = 0, $for_max = count($compiled_tags); $i < $for_max; $i++) {
if ($compiled_tags[$i] == '') {
// tag result empty, remove first newline from following text block
$text_blocks[$i + 1] = preg_replace('~^(\\r\\n|\\r|\\n)~', '', $text_blocks[$i + 1]);
}
// replace legit PHP tags with placeholder
$text_blocks[$i] = str_replace('<?', $tag_guard, $text_blocks[$i]);
$compiled_tags[$i] = str_replace('<?', $tag_guard, $compiled_tags[$i]);
$compiled_content .= $text_blocks[$i] . $compiled_tags[$i];
}
$compiled_content .= str_replace('<?', $tag_guard, $text_blocks[$i]);
// escape php tags created by interleaving
$compiled_content = str_replace('<?', "<?php echo '<?' ?>\n", $compiled_content);
$compiled_content = preg_replace("~(?<!')language\\s*=\\s*[\"\\']?\\s*php\\s*[\"\\']?~", "<?php echo 'language=php' ?>\n", $compiled_content);
// recover legit tags
$compiled_content = str_replace($tag_guard, '<?', $compiled_content);
// remove \n from the end of the file, if any
if (strlen($compiled_content) && substr($compiled_content, -1) == "\n") {
$compiled_content = substr($compiled_content, 0, -1);
}
if (!empty($this->_cache_serial)) {
$compiled_content = "<?php \$this->_cache_serials['" . $this->_cache_include . "'] = '" . $this->_cache_serial . "'; ?>" . $compiled_content;
}
// run compiled template through postfilter functions
if (count($this->_plugins['postfilter']) > 0) {
foreach ($this->_plugins['postfilter'] as $filter_name => $postfilter) {
if ($postfilter === false) {
continue;
}
if ($postfilter[3] || is_callable($postfilter[0])) {
$compiled_content = call_user_func_array($postfilter[0], array($compiled_content, &$this));
$this->_plugins['postfilter'][$filter_name][3] = true;
} else {
$this->_trigger_fatal_error("Smarty plugin error: postfilter '{$filter_name}' is not implemented");
}
}
}
// put header at the top of the compiled template
$template_header = "<?php /* Smarty version " . $this->_version . ", created on " . strftime("%Y-%m-%d %H:%M:%S") . "\n";
$template_header .= " compiled from " . strtr(urlencode($resource_name), array('%2F' => '/', '%3A' => ':')) . " */ ?>\n";
/* Emit code to load needed plugins. */
$this->_plugins_code = '';
if (count($this->_plugin_info)) {
$_plugins_params = "array('plugins' => array(";
foreach ($this->_plugin_info as $plugin_type => $plugins) {
foreach ($plugins as $plugin_name => $plugin_info) {
$_plugins_params .= "array('{$plugin_type}', '{$plugin_name}', '" . strtr($plugin_info[0], array("'" => "\\'", "\\" => "\\\\")) . "', {$plugin_info['1']}, ";
$_plugins_params .= $plugin_info[2] ? 'true),' : 'false),';
}
}
$_plugins_params .= '))';
$plugins_code = "<?php require_once(SMARTY_CORE_DIR . 'core.load_plugins.php');\nsmarty_core_load_plugins({$_plugins_params}, \$this); ?>\n";
$template_header .= $plugins_code;
$this->_plugin_info = array();
$this->_plugins_code = $plugins_code;
}
if ($this->_init_smarty_vars) {
$template_header .= "<?php require_once(SMARTY_CORE_DIR . 'core.assign_smarty_interface.php');\nsmarty_core_assign_smarty_interface(null, \$this); ?>\n";
$this->_init_smarty_vars = false;
}
$compiled_content = $template_header . $compiled_content;
return true;
}
$order_total_modules->process();
$total_block = $order_total_modules->output();
$smarty->assign('TOTAL_BLOCK', $total_block);
}
if (is_array($payment_modules->modules)) {
if ($confirmation = $payment_modules->confirmation()) {
$payment_info = '';
//$confirmation['title'];
if (isset($confirmation['fields'])) {
//DokuMan - 2010-09-17 - Undefined index
$smarty->assign('PAYMENT_INFORMATION', $confirmation['fields']);
}
}
}
if (xtc_not_null($order->info['comments'])) {
$smarty->assign('ORDER_COMMENTS', nl2br(encode_htmlspecialchars($order->info['comments'])) . xtc_draw_hidden_field('comments', $order->info['comments']));
}
if (isset(${$_SESSION}['payment']->form_action_url) && (!isset(${$_SESSION}['payment']->tmpOrders) || !${$_SESSION}['payment']->tmpOrders)) {
$form_action_url = ${$_SESSION}['payment']->form_action_url;
} else {
$form_action_url = xtc_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL');
}
$smarty->assign('CHECKOUT_FORM', xtc_draw_form('checkout_confirmation', $form_action_url, 'post'));
$payment_button = '';
if (is_array($payment_modules->modules)) {
$payment_button .= $payment_modules->process_button();
}
$smarty->assign('MODULE_BUTTONS', $payment_button);
$smarty->assign('CHECKOUT_BUTTON', xtc_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "\n");
//check if display conditions on checkout page is true
if (DISPLAY_REVOCATION_ON_CHECKOUT == 'true') {
function xtc_db_output($string)
{
return encode_htmlspecialchars($string);
}
function get_sqlbefehl()
{
global $restore, $config, $databases, $lang;
//Init
$restore['fileEOF'] = false;
$restore['EOB'] = false;
$complete_sql = '';
$sqlparser_status = 0;
if (!isset($restore['eintraege_ready'])) {
$restore['eintraege_ready'] = 0;
}
//Parsen
while ($sqlparser_status != 100 && !$restore['fileEOF'] && !$restore['EOB']) {
//nächste Zeile lesen
$zeile = $restore['compressed'] ? gzgets($restore['filehandle']) : fgets($restore['filehandle']);
if (DEBUG) {
echo "<br><br>Zeile: " . encode_htmlspecialchars($zeile);
}
/******************* Setzen des Parserstatus *******************/
// herausfinden um was für einen Befehl es sich handelt
if ($sqlparser_status == 0) {
//Vergleichszeile, um nicht bei jedem Vergleich strtoupper ausführen zu müssen
$zeile2 = strtoupper(trim($zeile));
// pre-built compare strings - so we need the CPU power only once :)
$sub9 = substr($zeile2, 0, 9);
$sub7 = substr($sub9, 0, 7);
$sub6 = substr($sub7, 0, 6);
$sub4 = substr($sub6, 0, 4);
$sub3 = substr($sub4, 0, 3);
$sub2 = substr($sub3, 0, 2);
$sub1 = substr($sub2, 0, 1);
if ($sub7 == 'INSERT ') {
$sqlparser_status = 3;
//Datensatzaktion
$restore['actual_table'] = get_tablename($zeile);
} elseif ($sub7 == 'LOCK TA') {
$sqlparser_status = 4;
} elseif ($sub6 == 'COMMIT') {
$sqlparser_status = 7;
} elseif (substr($sub6, 0, 5) == 'BEGIN') {
$sqlparser_status = 7;
} elseif ($sub9 == 'UNLOCK TA') {
$sqlparser_status = 4;
} elseif ($sub3 == 'SET') {
$sqlparser_status = 4;
} elseif ($sub6 == 'START ') {
$sqlparser_status = 4;
} elseif ($sub3 == '/*!') {
$sqlparser_status = 5;
} elseif ($sub9 == 'ALTER TAB') {
$sqlparser_status = 4;
} elseif ($sub9 == 'CREATE TA') {
$sqlparser_status = 2;
} elseif ($sub9 == 'CREATE AL') {
$sqlparser_status = 2;
} elseif ($sub9 == 'CREATE IN') {
$sqlparser_status = 4;
} elseif ($sqlparser_status != 5 && substr($zeile2, 0, 2) == '/*') {
$sqlparser_status = 6;
} elseif ($sub9 == 'DROP TABL') {
$sqlparser_status = 1;
} elseif ($sub9 == 'DROP VIEW') {
$sqlparser_status = 1;
} elseif ($sub9 == 'CREATE DA ') {
$sqlparser_status = 7;
} elseif ($sub9 == 'DROP DATA ') {
$sqlparser_status = 7;
} elseif ($sub3 == 'USE') {
$sqlparser_status = 7;
} elseif ($sub6 == '-- EOB' || $sub4 == '# EO') {
$restore['EOB'] = true;
$restore['fileEOF'] = true;
$zeile = '';
$zeile2 = '';
$sqlparser_status = 100;
} elseif ($sub2 == '--' || $sub1 == '#') {
$zeile = '';
$zeile2 = '';
$sqlparser_status = 0;
}
// Fortsetzung von erweiterten Inserts
if ($restore['flag'] == 1) {
$sqlparser_status = 3;
}
if ($sqlparser_status == 0 && trim($complete_sql) > '' && $restore['flag'] == -1) {
// Unbekannten Befehl entdeckt
v($restore);
echo "<br>Sql: " . encode_htmlspecialchars($complete_sql);
echo "<br>Erweiterte Inserts: " . $restore['erweiterte_inserts'];
die('<br>' . $lang['L_UNKNOWN_SQLCOMMAND'] . ': ' . $zeile . '<br><br>' . $complete_sql);
}
/******************* Ende von Setzen des Parserstatus *******************/
}
$last_char = substr(rtrim($zeile), -1);
// Zeilenumbrüche erhalten - sonst werden Schlüsselwörter zusammengefügt
// z.B. 'null' und in der nächsten Zeile 'check' wird zu 'nullcheck'
$complete_sql .= $zeile . "\n";
if ($sqlparser_status == 3) {
//INSERT
if (SQL_Is_Complete($complete_sql)) {
$sqlparser_status = 100;
$complete_sql = trim($complete_sql);
if (substr($complete_sql, -2) == '*/') {
$complete_sql = remove_comment_at_eol($complete_sql);
}
// letzter Ausdruck des erweiterten Inserts erreicht?
if (substr($complete_sql, -2) == ');') {
$restore['flag'] = -1;
} else {
if (substr($complete_sql, -2) == '),') {
// letztes Komme gegen Semikolon tauschen
$complete_sql = substr($complete_sql, 0, -1) . ';';
$restore['erweiterte_inserts'] = 1;
$restore['flag'] = 1;
}
}
if (substr(strtoupper($complete_sql), 0, 7) != 'INSERT ') {
// wenn der Syntax aufgrund eines Reloads verloren ging - neu ermitteln
if (!isset($restore['insert_syntax'])) {
$restore['insert_syntax'] = get_insert_syntax($restore['actual_table']);
}
$complete_sql = $restore['insert_syntax'] . ' VALUES ' . $complete_sql . ';';
} else {
// INSERT Syntax ermitteln und merken
$ipos = strpos(strtoupper($complete_sql), ' VALUES');
if (!$ipos === false) {
$restore['insert_syntax'] = substr($complete_sql, 0, $ipos);
} else {
$restore['insert_syntax'] = 'INSERT INTO `' . $restore['actual_table'] . '`';
}
}
}
} else {
if ($sqlparser_status == 1) {
//Löschaktion
if ($last_char == ';') {
$sqlparser_status = 100;
}
//Befehl komplett
$restore['actual_table'] = get_tablename($complete_sql);
} else {
if ($sqlparser_status == 2) {
// Createanweisung ist beim Finden eines ; beendet
if ($last_char == ';') {
if ($config['minspeed'] > 0) {
$restore['anzahl_zeilen'] = $config['minspeed'];
}
// Soll die Tabelle hergestellt werden?
$do_it = true;
if (is_array($restore['tables_to_restore'])) {
$do_it = false;
if (in_array($restore['actual_table'], $restore['tables_to_restore'])) {
$do_it = true;
}
}
if ($do_it) {
$tablename = submit_create_action($complete_sql);
$restore['actual_table'] = $tablename;
$restore['table_ready']++;
}
// Zeile verwerfen, da CREATE jetzt bereits ausgefuehrt wurde und naechsten Befehl suchen
$complete_sql = '';
$sqlparser_status = 0;
}
} else {
if ($sqlparser_status == 4) {
//Createindex
if ($last_char == ';') {
if ($config['minspeed'] > 0) {
$restore['anzahl_zeilen'] = $config['minspeed'];
}
$complete_sql = del_inline_comments($complete_sql);
$sqlparser_status = 100;
}
} else {
if ($sqlparser_status == 5) {
//Anweisung
$t = strrpos($zeile, '*/;');
if (!$t === false) {
$restore['anzahl_zeilen'] = $config['minspeed'];
$sqlparser_status = 100;
}
} else {
if ($sqlparser_status == 6) {
$t = strrpos($zeile, '*/');
if (!$t === false) {
$complete_sql = '';
$sqlparser_status = 0;
}
} else {
if ($sqlparser_status == 7) {
//Anweisung
if ($last_char == ';') {
if ($config['minspeed'] > 0) {
$restore['anzahl_zeilen'] = $config['minspeed'];
}
$complete_sql = '';
$sqlparser_status = 0;
}
}
}
}
}
}
}
}
if ($restore['compressed'] && gzeof($restore['filehandle'])) {
$restore['fileEOF'] = true;
}
if (!$restore['compressed'] && feof($restore['filehandle'])) {
$restore['fileEOF'] = true;
}
}
// wenn bestimmte Tabellen wiederhergestellt werden sollen -> pruefen
if (is_array($restore['tables_to_restore']) && !in_array($restore['actual_table'], $restore['tables_to_restore'])) {
$complete_sql = '';
}
return trim($complete_sql);
}
}
$cfgValue = xtc_call_function($class_method[1], $configuration['configuration_value'], ${$class_method[0]});
} else {
$cfgValue = xtc_call_function($use_function, $configuration['configuration_value']);
}
} else {
$cfgValue = $configuration['configuration_value'];
}
if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $configuration['configuration_id']) && !isset($cInfo) && substr($action, 0, 3) != 'new') {
$cfg_extra_query = xtc_db_query("select configuration_key,configuration_value, date_added, last_modified, use_function, set_function from " . TABLE_CONFIGURATION . " where configuration_id = '" . $configuration['configuration_id'] . "'");
$cfg_extra = xtc_db_fetch_array($cfg_extra_query);
$cInfo_array = xtc_array_merge($configuration, $cfg_extra);
$cInfo = new objectInfo($cInfo_array);
}
if ($configuration['set_function']) {
eval('$value_field = ' . $configuration['set_function'] . '"' . encode_htmlspecialchars($configuration['configuration_value']) . '");');
} else {
if ($configuration['configuration_key'] == 'SMTP_PASSWORD') {
$value_field = xtc_draw_password_field($configuration['configuration_key'], $configuration['configuration_value']);
} else {
$value_field = xtc_draw_input_field($configuration['configuration_key'], $configuration['configuration_value'], 'style="width:380px;"');
}
}
if (strstr($value_field, 'configuration_value')) {
$value_field = str_replace('configuration_value', $configuration['configuration_key'], $value_field);
}
// catch up warnings if no language-text defined for configuration-key
$configuration_key_title = strtoupper($configuration['configuration_key'] . '_TITLE');
$configuration_key_desc = strtoupper($configuration['configuration_key'] . '_DESC');
if (defined($configuration_key_title)) {
// if language definition
echo sprintf(TEXT_OF_5_STARS, $rInfo->reviews_rating);
?>
]</small></td>
</tr>
<tr>
<td><?php
echo xtc_draw_separator('pixel_trans.gif', '1', '10');
?>
</td>
</tr>
<?php
if ($_POST) {
// Re-Post all POST'ed variables
reset($_POST);
while (list($key, $value) = each($_POST)) {
echo '<input type="hidden" name="' . $key . '" value="' . encode_htmlspecialchars(stripslashes($value)) . '">';
}
?>
<tr>
<td align="right" class="smallText"><?php
echo '<a class="btn btn-default" onclick="this.blur();" href="' . xtc_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $rInfo->reviews_id . '&action=edit') . '">' . BUTTON_BACK . '</a> <input type="submit" class="btn btn-default" onclick="this.blur();" value="' . BUTTON_UPDATE . '"/> <a class="btn btn-default" onclick="this.blur();" href="' . xtc_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $rInfo->reviews_id) . '">' . BUTTON_CANCEL . '</a>';
?>
</td>
</form></tr>
<?php
} else {
if ($_GET['origin']) {
$back_url = $_GET['origin'];
$back_url_params = '';
} else {
$back_url = FILENAME_REVIEWS;
<tr>
<td class="smallText"><b><?php
echo TEXT_MESSAGE;
?>
</b><br /><?php
echo stripslashes($_POST['message']);
?>
</td>
</tr>
<div class="col-xs-12"><br></div>
<?php
/* Re-Post all POST'ed variables */
reset($_POST);
while (list($key, $value) = each($_POST)) {
if (!is_array($_POST[$key])) {
echo xtc_draw_hidden_field($key, encode_htmlspecialchars(stripslashes($value)));
}
}
?>
<div class="col-xs-12"><?php
echo '<a class="btn btn-default" onclick="this.blur();" href="' . xtc_href_link(FILENAME_COUPON_ADMIN) . '">' . BUTTON_CANCEL . '</a> <input type="submit" class="btn btn-default" onclick="this.blur();" value="' . BUTTON_SEND_EMAIL . '"/>';
?>
</div>
</form>
</div>
<?php
break;
case 'email':
$coupon_query = xtc_db_query("select coupon_code from " . TABLE_COUPONS . " where coupon_id = '" . (int) $_GET['cid'] . "'");
$fsk_lock = '';
if ($_SESSION['customers_status']['customers_fsk18_display'] == '0') {
$fsk_lock = ' and p.products_fsk18!=1';
}
$random_select = "select r.reviews_id, r.reviews_rating, p.products_id, p.products_image, pd.products_name from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd, " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and p.products_id = r.products_id " . $fsk_lock . " and r.reviews_id = rd.reviews_id and rd.languages_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'";
if ($product->isProduct()) {
$random_select .= " and p.products_id = '" . $product->data['products_id'] . "'";
}
$random_select .= " order by r.reviews_id desc limit " . MAX_RANDOM_SELECT_REVIEWS;
$random_product = xtc_random_select($random_select);
if ($random_product) {
// display random review box
$review_query = "select substring(reviews_text, 1, 60) as reviews_text from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . $random_product['reviews_id'] . "' and languages_id = '" . $_SESSION['languages_id'] . "'";
$review_query = xtDBquery($review_query);
$review = xtc_db_fetch_array($review_query, true);
$review = encode_htmlspecialchars($review['reviews_text']);
$review = xtc_break_string($review, 15, '-<br />');
//BOF - Dokuman - 2010-01-29 - show review stars in box
//$box_content = '<div align="center" class="bewert"><a href="' . xtc_href_link(FILENAME_PRODUCT_REVIEWS_INFO, 'products_id=' . $random_product['products_id'] . '&reviews_id=' . $random_product['reviews_id']) . '">' . xtc_image(DIR_WS_THUMBNAIL_IMAGES . $random_product['products_image'], $random_product['products_name']) . '</a></div><a href="' . xtc_href_link(FILENAME_PRODUCT_REVIEWS_INFO, 'products_id=' . $random_product['products_id'] . '&reviews_id=' . $random_product['reviews_id']) . '">' . $review . ' ..</a><br />';
$box_content = '<div align="center" class="bewert"><a href="' . xtc_href_link(FILENAME_PRODUCT_REVIEWS_INFO, 'products_id=' . $random_product['products_id'] . '&reviews_id=' . $random_product['reviews_id']) . '">' . xtc_image(DIR_WS_THUMBNAIL_IMAGES . $random_product['products_image'], $random_product['products_name']) . '</a></div><a href="' . xtc_href_link(FILENAME_PRODUCT_REVIEWS_INFO, 'products_id=' . $random_product['products_id'] . '&reviews_id=' . $random_product['reviews_id']) . '">' . $review . ' ..</a><br /><div align="center">' . xtc_image('templates/' . CURRENT_TEMPLATE . '/img/stars_' . $random_product['reviews_rating'] . '.gif', sprintf(BOX_REVIEWS_TEXT_OF_5_STARS, $random_product['reviews_rating'])) . '</div>';
//EOF - Dokuman - 2010-01-29 - show review stars in box
} elseif ($product->isProduct()) {
// Verhindern das Gäste oder Spamer bewerten können. www.aranowa.de
if (isset($_SESSION['customer_id'])) {
// display 'write a review' box
$box_content = '<table border="0" cellspacing="0" cellpadding="2"><tr><td align="left" class="infoBoxContents"><a href="' . xtc_href_link(FILENAME_PRODUCT_REVIEWS_WRITE, xtc_product_link($product->data['products_id'], $product->data['products_name'])) . '">' . BOX_REVIEWS_WRITE_REVIEW . '</a></td></tr></table>';
}
}
if ($box_content != '') {
$box_smarty->assign('REVIEWS_LINK', xtc_href_link(FILENAME_REVIEWS));
$box_smarty->assign('BOX_CONTENT', $box_content);
}
}
$smarty->assign('BUTTON_RELOAD', xtc_image_submit('button_update_cart.gif', IMAGE_BUTTON_UPDATE_CART));
$smarty->assign('BUTTON_CHECKOUT', '<a href="' . xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL') . '">' . xtc_image_button('button_checkout.gif', IMAGE_BUTTON_CHECKOUT) . '</a>');
}
// EOF - Tomcraft - 2009-10-03 - Paypal Express Modul
} else {
// empty cart
$cart_empty = true;
//if ($_GET['info_message'])
// $smarty->assign('info_message', str_replace('+', ' ', encode_htmlspecialchars($_GET['info_message'])));
$smarty->assign('cart_empty', $cart_empty);
$smarty->assign('BUTTON_CONTINUE', '<a href="' . xtc_href_link(FILENAME_DEFAULT) . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
}
if (isset($_GET['info_message'])) {
$smarty->assign('info_message', str_replace('+', ' ', encode_htmlspecialchars($_GET['info_message'])));
}
//BOF - web28 - 2011-05-15 - new continue shopping link
if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], FILENAME_SHOPPING_CART) === false && strpos($_SERVER['HTTP_REFERER'], 'in_cart') === false) {
$_SESSION['continue_link'] = $_SERVER['HTTP_REFERER'];
}
if (!empty($_SESSION['continue_link'])) {
$smarty->assign('CONTINUE_LINK', $_SESSION['continue_link']);
}
$smarty->assign('BUTTON_CONTINUE_SHOPPING', xtc_image_button('button_continue_shopping.gif', IMAGE_BUTTON_CONTINUE_SHOPPING));
//EOF - web28 - 2011-05-15 - new continue shopping link
$smarty->assign('language', $_SESSION['language']);
$main_content = $smarty->fetch(CURRENT_TEMPLATE . '/module/shopping_cart.html');
$smarty->assign('main_content', $main_content);
$smarty->caching = 0;
if (!defined('RM')) {
// include needed functions
require_once DIR_FS_INC . 'xtc_break_string.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
// lets retrieve all $HTTP_GET_VARS keys and values..
$get_params = xtc_get_all_get_params(array('reviews_id'));
$get_params = substr($get_params, 0, -1);
//remove trailing &
$reviews_query = "select rd.reviews_text,\n r.reviews_rating,\n r.reviews_id,\n r.products_id,\n r.customers_name,\n r.date_added,\n r.last_modified,\n r.reviews_read,\n p.products_id,\n pd.products_name,\n p.products_image\n from " . TABLE_REVIEWS . " r\n left join " . TABLE_PRODUCTS . " p on (r.products_id = p.products_id)\n left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on (p.products_id = pd.products_id \n and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'), " . TABLE_REVIEWS_DESCRIPTION . " rd \n where r.reviews_id = '" . (int) $_GET['reviews_id'] . "'\n and r.reviews_id = rd.reviews_id\n and p.products_status = '1'";
$reviews_query = xtc_db_query($reviews_query);
if (!xtc_db_num_rows($reviews_query)) {
xtc_redirect(xtc_href_link(FILENAME_REVIEWS));
}
$reviews = xtc_db_fetch_array($reviews_query);
$breadcrumb->add(NAVBAR_TITLE_PRODUCT_REVIEWS, xtc_href_link(FILENAME_PRODUCT_REVIEWS, $get_params));
xtc_db_query("update " . TABLE_REVIEWS . " set reviews_read = reviews_read+1 where reviews_id = '" . $reviews['reviews_id'] . "'");
$reviews_text = xtc_break_string(encode_htmlspecialchars($reviews['reviews_text']), 60, '-<br />');
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('PRODUCTS_NAME', $reviews['products_name']);
$smarty->assign('AUTHOR', $reviews['customers_name']);
$smarty->assign('DATE', xtc_date_long($reviews['date_added']));
$smarty->assign('REVIEWS_TEXT', nl2br($reviews_text));
$smarty->assign('RATING', xtc_image('templates/' . CURRENT_TEMPLATE . '/img/stars_' . $reviews['reviews_rating'] . '.gif', sprintf(TEXT_OF_5_STARS, $reviews['reviews_rating'])));
$smarty->assign('PRODUCTS_LINK', xtc_href_link(FILENAME_PRODUCT_INFO, xtc_product_link($reviews['products_id'], $reviews['products_name'])));
$smarty->assign('BUTTON_BACK', '<a href="' . xtc_href_link(FILENAME_PRODUCT_REVIEWS, $get_params) . '">' . xtc_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>');
$smarty->assign('BUTTON_BUY_NOW', '<a href="' . xtc_href_link(FILENAME_DEFAULT, 'action=buy_now&BUYproducts_id=' . $reviews['products_id']) . '">' . xtc_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a>');
$smarty->assign('IMAGE', '<a href="javascript:popupImageWindow(\'' . xtc_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $reviews['products_id']) . '\')">' . xtc_image(DIR_WS_THUMBNAIL_IMAGES . $reviews['products_image'], $reviews['products_name'], '', '', 'align="center" hspace="5" vspace="5"') . '<br /></a>');
$smarty->assign('language', $_SESSION['language']);
// set cache ID
if (!CacheCheck()) {
$smarty->caching = 0;
$main_content = $smarty->fetch(CURRENT_TEMPLATE . '/module/product_reviews_info.html');
$smarty->assign('navtrail', $breadcrumb->trail('', '<li>', '</li>', '<li class="active">'));
} else {
$smarty->assign('navtrail', $breadcrumb->trail(' » '));
}
if (isset($_SESSION['customer_id'])) {
$smarty->assign('logoff', xtc_href_link(FILENAME_LOGOFF, '', 'SSL'));
} else {
$smarty->assign('login', xtc_href_link(FILENAME_LOGIN, '', 'SSL'));
}
$smarty->assign('index', xtc_href_link(FILENAME_DEFAULT));
if ($_SESSION['account_type'] == '0') {
$smarty->assign('account', xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
$smarty->assign('cart', xtc_href_link(FILENAME_SHOPPING_CART, '', 'NONSSL'));
$smarty->assign('checkout', xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
$smarty->assign('store_name', encode_htmlspecialchars(TITLE));
if (isset($_GET['error_message']) && xtc_not_null($_GET['error_message'])) {
$smarty->assign('error', '<p class="errormessage alert alert-danger">' . utf8_encode(urldecode($_GET['error_message'])) . '</p>');
}
if (isset($_GET['info_message']) && xtc_not_null($_GET['info_message'])) {
$smarty->assign('error', '<p class="errormessage alert alert-warning">' . utf8_encode($_GET['info_message']) . '</p>');
}
include DIR_WS_INCLUDES . FILENAME_BANNER;
//SHOP OFFLINE INFO
if (xtc_get_shop_conf('SHOP_OFFLINE') == 'checked' && $_SESSION['customers_status']['customers_status_id'] != 0) {
$smarty->assign('language', $_SESSION['language']);
$smarty->assign('shop_offline_msg', xtc_get_shop_conf('SHOP_OFFLINE_MSG'));
$smarty->display(CURRENT_TEMPLATE . '/offline.html');
exit;
}
//BOF - Dokuman - 2012-06-19 - BILLSAFE payment module (BillSAFE-Layer Start)
if ($paypal->get_config('MODULE_PAYMENT_' . strtoupper($order->info['payment_method']) . '_USE_ACCOUNT') == 1) {
$button = $paypal->create_paypal_link($order->info['order_id']);
if ($button != '') {
$smarty->assign('PAYPAL_LINK', sprintf(constant('MODULE_PAYMENT_' . strtoupper($order->info['payment_method']) . '_TEXT_SUCCESS'), $button));
}
if ($messageStack->size($order->info['payment_method']) > 0) {
$smarty->assign('info_message', $messageStack->output($order->info['payment_method']));
}
}
}
// Order History
$history_block = '';
//DokuMan - 2010-09-18 - set undefined variable
$statuses_query = xtc_db_query("-- /account_history_info.php\n SELECT os.orders_status_name,\n osh.date_added,\n osh.comments,\n osh.comments_sent\n FROM " . TABLE_ORDERS_STATUS . " os,\n " . TABLE_ORDERS_STATUS_HISTORY . " osh\n WHERE osh.orders_id = '" . $order->info['order_id'] . "'\n AND osh.customer_notified = 1\n AND osh.orders_status_id = os.orders_status_id\n AND os.language_id = '" . (int) $_SESSION['languages_id'] . "'\n ORDER BY osh.date_added");
while ($statuses = xtc_db_fetch_array($statuses_query)) {
$history_block .= xtc_date_short($statuses['date_added']) . ' <strong>' . $statuses['orders_status_name'] . '</strong> ' . (empty($statuses['comments']) || empty($statuses['comments_sent']) ? ' ' : nl2br(encode_htmlspecialchars($statuses['comments']))) . '<br />';
}
$smarty->assign('HISTORY_BLOCK', $history_block);
// Download-Products
if (DOWNLOAD_ENABLED == 'true') {
include DIR_WS_MODULES . 'downloads.php';
}
require_once DIR_FS_INC . 'xtc_get_tracking_link.php';
$smarty->assign('TRACKING_LINKS', xtc_get_tracking_link($order->info['order_id']));
// --- bof -- ipdfbill --------
require 'admin/includes/ipdfbill/pdfbill_lib.php';
// pdfbill
$pdffile = 'admin/' . PDFBILL_FOLDER . PDFBILL_PREFIX . ($_GET['order_id'] . '.pdf');
if (file_exists($pdffile)) {
$pdflink = xtc_href_link(FILENAME_PDFBILL_DISPLAY, 'oID=' . $_GET['order_id']);
$pdflink = sprintf('<a href="%s">' . PDFBILL_DOWNLOAD_INVOICE . '</a>', $pdflink);
function xtc_draw_small_input_field($name, $value = '', $parameters = '', $required = false, $type = 'text', $reinsert_value = true)
{
$field = '<input type="' . $type . '" class="form-control" size="3" name="' . $name . '"';
if (isset($GLOBALS[$name]) && $reinsert_value) {
$field .= ' value="' . encode_htmlspecialchars(trim($GLOBALS[$name])) . '"';
} elseif ($value != '') {
$field .= ' value="' . encode_htmlspecialchars(trim($value)) . '"';
}
if ($parameters != '') {
$field .= ' ' . $parameters;
}
$field .= '>';
if ($required) {
$field .= TEXT_FIELD_REQUIRED;
}
return $field;
}
$quotes[$i]['tax'] = 0;
}
$quotes[$i]['methods'][$j]['price'] = $xtPrice->xtcFormat(xtc_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax']), true, 0, true) . xtc_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']);
}
$radio_buttons++;
}
}
}
$module_smarty->assign('module_content', $quotes);
}
$module_smarty->caching = 0;
$shipping_block = $module_smarty->fetch(CURRENT_TEMPLATE . '/module/checkout_shipping_block.html');
}
if ($order->info['total'] > 0) {
if (isset($_GET['payment_error']) && is_object(${$_GET['payment_error']}) && ($error = ${$_GET['payment_error']}->get_error())) {
$smarty->assign('error', encode_htmlspecialchars($error['error']));
}
$selection = $payment_modules->selection();
$radio_buttons = 0;
//BOF - DokuMan - 2011-12-19 - precount for performance
//for($i = 0, $n = sizeof($selection); $i < $n; $i++) {
$n = sizeof($selection);
for ($i = 0; $i < $n; $i++) {
//EOF - DokuMan - 2011-12-19 - precount for performance
$selection[$i]['radio_buttons'] = $radio_buttons;
if (isset($payment)) {
//Dokuman - 2012-05-31 - fix paypal_checkout notices
if ($selection[$i]['id'] == $payment || $n == 1) {
$selection[$i]['checked'] = 1;
}
}
function process_button()
{
global $order, $xtPrice;
$worldpay_url = xtc_session_name() . '=' . xtc_session_id();
$total = number_format($xtPrice->xtcCalculateCurr($order->info['total']), $xtPrice->get_decimal_places($_SESSION['currency']), '.', '');
$process_button_string = xtc_draw_hidden_field('instId', MODULE_PAYMENT_WORLDPAY_ID) . xtc_draw_hidden_field('currency', $_SESSION['currency']) . xtc_draw_hidden_field('desc', 'Purchase from ' . STORE_NAME) . xtc_draw_hidden_field('cartId', $worldpay_url) . xtc_draw_hidden_field('amount', $total);
// Pre Auth Mod 3/1/2002 - Graeme Conkie
if (MODULE_PAYMENT_WORLDPAY_USEPREAUTH == 'true') {
$process_button_string .= xtc_draw_hidden_field('authMode', MODULE_PAYMENT_WORLDPAY_PREAUTH);
}
// Ian-san: Create callback and language links here 6/4/2003:
$language_code_raw = xtc_db_query("select code from " . TABLE_LANGUAGES . " where languages_id ='" . $_SESSION['languages_id'] . "'");
$language_code_array = xtc_db_fetch_array($language_code_raw);
$language_code = $language_code_array['code'];
$address = encode_htmlspecialchars($order->customer['street_address'] . "\n" . $order->customer['suburb'] . "\n" . $order->customer['city'] . "\n" . $order->customer['state'], ENT_QUOTES);
$process_button_string .= xtc_draw_hidden_field('testMode', MODULE_PAYMENT_WORLDPAY_MODE) . xtc_draw_hidden_field('name', $order->customer['firstname'] . ' ' . $order->customer['lastname']) . xtc_draw_hidden_field('address', $address) . xtc_draw_hidden_field('postcode', $order->customer['postcode']) . xtc_draw_hidden_field('country', $order->customer['country']['iso_code_2']) . xtc_draw_hidden_field('tel', $order->customer['telephone']) . xtc_draw_hidden_field('myvar', 'Y') . xtc_draw_hidden_field('fax', $order->customer['fax']) . xtc_draw_hidden_field('email', $order->customer['email_address']) . xtc_draw_hidden_field('lang', $language_code) . xtc_draw_hidden_field('MC_callback', xtc_href_link(wpcallback) . '.php') . xtc_draw_hidden_field('MC_XTCsid', $XTCsid);
// Ian-san: Added MD5 here 6/4/2003:
if (MODULE_PAYMENT_WORLDPAY_USEMD5 == '1') {
$md5_signature_fields = 'amount:language:email';
$md5_signature = MODULE_PAYMENT_WORLDPAY_MD5KEY . ':' . number_format($order->info['total'] * $currencies->get_value($currency), $currencies->get_decimal_places($currency), '.', '') . ':' . $language_code . ':' . $order->customer['email_address'];
$md5_signature_md5 = md5($md5_signature);
$process_button_string .= xtc_draw_hidden_field('signatureFields', $md5_signature_fields) . xtc_draw_hidden_field('signature', $md5_signature_md5);
}
return $process_button_string;
}