use Tygh\Pdf; use Tygh\Registry; use Tygh\Storage; use Tygh\Settings; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $suffix = ''; if ($mode == 'm_delete' && !empty($_REQUEST['order_ids'])) { foreach ($_REQUEST['order_ids'] as $v) { fn_delete_order($v); } } if ($mode == 'update_details') { fn_trusted_vars('update_order'); // Update customer's email if its changed in customer's account if (!empty($_REQUEST['update_customer_details']) && $_REQUEST['update_customer_details'] == 'Y') { $u_id = db_get_field("SELECT user_id FROM ?:orders WHERE order_id = ?i", $_REQUEST['order_id']); $current_email = db_get_field("SELECT email FROM ?:users WHERE user_id = ?i", $u_id); db_query("UPDATE ?:orders SET email = ?s WHERE order_id = ?i", $current_email, $_REQUEST['order_id']); } // Log order update fn_log_event('orders', 'update', array('order_id' => $_REQUEST['order_id'])); db_query('UPDATE ?:orders SET ?u WHERE order_id = ?i', $_REQUEST['update_order'], $_REQUEST['order_id']); //Update shipping info if (!empty($_REQUEST['update_shipping'])) { foreach ($_REQUEST['update_shipping'] as $group_key => $shipment) { $shipment['shipment_data']['order_id'] = $_REQUEST['order_id']; $shipment_id = isset($shipment['shipment_id']) ? $shipment['shipment_id'] : 0; fn_update_shipment($shipment['shipment_data'], $shipment_id, $group_key, true);
if (!empty($_REQUEST['dynamic_object']['object_id']) && !empty($_REQUEST['dynamic_object']['object_type'])) { $scheme = SchemesManager::getDynamicObjectByType($_REQUEST['dynamic_object']['object_type']); $return_url = $scheme['admin_dispatch'] . '?' . $scheme['key'] . '=' . $_REQUEST['dynamic_object']['object_id']; if (!empty($_REQUEST['tab_redirect'])) { $return_url .= '&selected_section=product_tabs'; } else { $return_url .= '&selected_section=blocks'; } return array(CONTROLLER_STATUS_OK, $return_url); } $selected_location = fn_get_selected_location($_REQUEST); $suffix .= "&selected_location=" . $selected_location['location_id']; } } if ($mode == 'update_location') { fn_trusted_vars('location_data'); $_REQUEST['location_data']['lang_code'] = DESCR_SL; $location_id = Location::instance()->update($_REQUEST['location_data']); $suffix .= "&selected_location=" . $location_id; } if ($mode == 'export_layout') { $location_ids = isset($_REQUEST['location_ids']) ? $_REQUEST['location_ids'] : array(); $layout_id = Registry::get('runtime.layout.layout_id'); $content = Exim::instance()->export($layout_id, $location_ids, $_REQUEST); $filename = empty($_REQUEST['filename']) ? date_format(TIME, "%m%d%Y") . 'xml' : $_REQUEST['filename']; if (Registry::get('runtime.company_id')) { $filename = Registry::get('runtime.company_id') . '/' . $filename; } fn_mkdir(dirname(Registry::get('config.dir.layouts') . $filename)); fn_put_contents(Registry::get('config.dir.layouts') . $filename, $content); fn_set_notification('N', __('notice'), __('text_exim_data_exported'));
* * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Define trusted variables that shouldn't be stripped fn_trusted_vars('gift_cert_data'); if ($mode == 'update') { $min = Registry::get('addons.gift_certificates.min_amount') * 1; $max = Registry::get('addons.gift_certificates.max_amount') * 1; if ($_REQUEST['gift_cert_data']['amount'] < $min || $_REQUEST['gift_cert_data']['amount'] > $max) { fn_set_notification('E', __('error'), __('gift_cert_error_amount', array('[min]' => $min, '[max]' => $max))); } else { $gift_cert_id = fn_update_gift_certificate($_REQUEST['gift_cert_data'], $_REQUEST['gift_cert_id'], $_REQUEST); } $suffix = ".update?gift_cert_id={$gift_cert_id}"; } if ($mode == 'preview') { if (!empty($_REQUEST['gift_cert_data'])) { fn_correct_gift_certificate($_REQUEST['gift_cert_data']); fn_show_postal_card($_REQUEST['gift_cert_data']); exit;
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: product_groups.php 10229 2010-07-27 14:21:39Z 2tl $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('group', 'groups_data'); $suffix = ''; if ($mode == 'delete') { if (!empty($_REQUEST['group_ids'])) { fn_delete_affiliate_groups($_REQUEST['group_ids']); } else { fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_no_data')); } $suffix = '.manage'; } if ($mode == 'update') { $group_id = fn_update_affiliate_group($_REQUEST['group'], $_REQUEST['group_id'], DESCR_SL); $suffix = ".update?group_id={$group_id}"; } return array(CONTROLLER_STATUS_OK, "product_groups{$suffix}"); }
} else { db_query("REPLACE INTO ?:product_global_option_links (option_id, product_id) VALUES (?i, ?i)", $value, $k); if (fn_allowed_for('ULTIMATE')) { fn_ult_share_product_option($value, $k); } } } } if (!empty($updated_products)) { fn_set_notification('N', __('notice'), __('options_have_been_applied_to_products')); } } $suffix = ".apply"; } if ($mode == 'update') { fn_trusted_vars('option_data', 'regexp'); if (fn_allowed_for('MULTIVENDOR')) { $option_data = array(); if (!empty($_REQUEST['option_id'])) { $condition = fn_get_company_condition('?:product_options.company_id'); $option_data = db_get_row("SELECT * FROM ?:product_options WHERE option_id = ?i {$condition}", $_REQUEST['option_id']); if (empty($option_data)) { fn_set_notification('W', __('warning'), __('access_denied')); return array(CONTROLLER_STATUS_REDIRECT, 'product_options.manage'); } } $_REQUEST['option_data'] = array_merge($option_data, $_REQUEST['option_data']); fn_set_company_id($_REQUEST['option_data']); } $option_id = fn_update_product_option($_REQUEST['option_data'], $_REQUEST['option_id'], DESCR_SL); if (!empty($_REQUEST['object']) && $_REQUEST['object'] == 'product') {
* * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $suffix = ''; fn_trusted_vars('store_locations', 'store_location_data'); if ($mode == 'update') { $store_location_id = fn_update_store_location($_REQUEST['store_location_data'], $_REQUEST['store_location_id'], DESCR_SL); //die(); if (empty($store_location_id)) { $suffix = ".manage"; } else { $suffix = ".update?store_location_id={$store_location_id}"; } } return array(CONTROLLER_STATUS_OK, 'store_locator' . $suffix); } if ($mode == 'delete') { if (!empty($_REQUEST['store_location_id'])) { if (fn_delete_store_location($_REQUEST['store_location_id'])) { $count = db_get_field("SELECT COUNT(*) FROM ?:store_locations");
* * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Settings; use Tygh\BlockManager\Layout; use Tygh\Themes\Styles; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $suffix = ''; // Define trusted variables that shouldn't be stripped fn_trusted_vars('company_data'); // // Processing additon of new company // if ($mode == 'add') { if (fn_allowed_for('ULTIMATE:FREE')) { return array(CONTROLLER_STATUS_DENIED); } $suffix = '.add'; if (!empty($_REQUEST['company_data']['company'])) { // Checking for required fields for new company if (Registry::get('runtime.simple_ultimate')) { Registry::set('runtime.simple_ultimate', false); } if (isset($_REQUEST['company_data']['is_create_vendor_admin']) && $_REQUEST['company_data']['is_create_vendor_admin'] == 'Y') { if (!empty($_REQUEST['company_data']['admin_username']) && db_get_field("SELECT COUNT(*) FROM ?:users WHERE user_login = ?s", $_REQUEST['company_data']['admin_username']) > 0) {
* license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Enum\ProductFeatures; if (!defined('BOOTSTRAP')) { die('Access denied'); } fn_define('KEEP_UPLOADED_FILES', true); fn_define('NEW_FEATURE_GROUP_ID', 'OG'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('feature_data'); // Update features if ($mode == 'update') { $feature_id = fn_update_product_feature($_REQUEST['feature_data'], $_REQUEST['feature_id'], DESCR_SL); if ($_REQUEST['feature_data']['feature_type'] == ProductFeatures::EXTENDED) { return array(CONTROLLER_STATUS_OK, 'product_features.update?feature_id=' . $feature_id); } } if ($mode == 'update_status') { fn_tools_update_status($_REQUEST); if (!empty($_REQUEST['status']) && $_REQUEST['status'] == 'D') { $filter_ids = db_get_fields("SELECT filter_id FROM ?:product_filters WHERE feature_id = ?i AND status = 'A'", $_REQUEST['id']); if (!empty($filter_ids)) { db_query("UPDATE ?:product_filters SET status = 'D' WHERE filter_id IN (?n)", $filter_ids); $filter_names_array = db_get_fields("SELECT filter FROM ?:product_filter_descriptions WHERE filter_id IN (?n) AND lang_code = ?s", $filter_ids, DESCR_SL); fn_set_notification('W', __('warning'), __('text_product_filters_were_disabled', array('[url]' => fn_url('product_filters.manage'), '[filters_list]' => implode(', ', $filter_names_array))));
* * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } $_REQUEST['promotion_id'] = empty($_REQUEST['promotion_id']) ? 0 : $_REQUEST['promotion_id']; if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('promotion_data', 'promotions'); $suffix = ''; // // Update promotion // if ($mode == 'update') { if (fn_allowed_for('ULTIMATE') && Registry::get('runtime.company_id')) { if (!empty($_REQUEST['promotion_id']) && !fn_check_company_id('promotions', 'promotion_id', $_REQUEST['promotion_id'])) { fn_company_access_denied_notification(); return array(CONTROLLER_STATUS_OK, 'promotions.update?promotion_id=' . $_REQUEST['promotion_id']); } if (!empty($_REQUEST['promotion_id'])) { unset($_REQUEST['promotion_data']['company_id']); } } $promotion_id = fn_update_promotion($_REQUEST['promotion_data'], $_REQUEST['promotion_id'], DESCR_SL);
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: pages.php 10562 2010-09-01 08:17:50Z andyye $ // if (!defined('AREA')) { die('Access denied'); } /** Body **/ $page_id = isset($_REQUEST['page_id']) ? intval($_REQUEST['page_id']) : 0; /* POST data processing */ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $suffix = ''; // Define trusted variables that shouldn't be stripped fn_trusted_vars('page_data'); // // Processing additon of new page element // if ($mode == 'add') { if (!empty($_REQUEST['page_data']['page'])) { // Checking for required fields for new page // Adding page record $page_id = fn_update_page($_REQUEST['page_data']); if (isset($_REQUEST['redirect_url'])) { $_REQUEST['redirect_url'] .= '&get_tree=multi_level'; } if (empty($page_id)) { $suffix = ".manage"; } else { $suffix = ".update?page_id={$page_id}";
* license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: configurator.php 10229 2010-07-27 14:21:39Z 2tl $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Define trusted variables that shouldn't be stripped fn_trusted_vars('configurator_group_data'); $suffix = ''; //************************************ CONFIGURATOR STEPS **********************************\\ // // Add new configurator step // if ($mode == 'add_steps' && isset($_REQUEST['add_step_data'])) { foreach ($_REQUEST['add_step_data'] as $v) { if (!empty($v['step_name'])) { $step_id = db_query("INSERT INTO ?:conf_steps ?e", $v); fn_create_description('conf_step_descriptions', 'step_id', $step_id, $v); } } $suffix = ".manage?selected_section=steps"; } //
use Tygh\Enum\ProductTracking; use Tygh\Registry; use Tygh\BlockManager\SchemesManager; if (!defined('BOOTSTRAP')) { die('Access denied'); } $_REQUEST['product_id'] = empty($_REQUEST['product_id']) ? 0 : $_REQUEST['product_id']; if (fn_allowed_for('MULTIVENDOR')) { if (isset($_REQUEST['product_id']) && !fn_company_products_check($_REQUEST['product_id']) || isset($_REQUEST['product_ids']) && !fn_company_products_check($_REQUEST['product_ids'])) { return array(CONTROLLER_STATUS_DENIED); } } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $suffix = ''; // Define trusted variables that shouldn't be stripped fn_trusted_vars('product_data', 'override_products_data', 'product_files_descriptions', 'add_product_files_descriptions', 'products_data', 'product_file'); // // Apply Global Option // if ($mode == 'apply_global_option') { if ($_REQUEST['global_option']['link'] == 'N') { fn_clone_product_options(0, $_REQUEST['product_id'], $_REQUEST['global_option']['id']); } else { db_query("REPLACE INTO ?:product_global_option_links (option_id, product_id) VALUES(?i, ?i)", $_REQUEST['global_option']['id'], $_REQUEST['product_id']); if (fn_allowed_for('ULTIMATE')) { fn_ult_share_product_option($_REQUEST['global_option']['id'], $_REQUEST['product_id']); } } $suffix = ".update?product_id={$_REQUEST['product_id']}"; } //
/** * Update cart products and etc. from passed params * * @param array $cart Array of cart content and user information necessary for purchase * @param array $new_cart_data Array of new data for products, totals, discounts and etc. update * @param array $auth Array of user authentication data (e.g. uid, usergroup_ids, etc.) * @return boolean Always true */ function fn_update_cart_by_data(&$cart, $new_cart_data, $auth) { // Clean up saved shipping rates unset($_SESSION['shipping_rates']); // update products $product_data = !empty($new_cart_data['cart_products']) ? $new_cart_data['cart_products'] : array(); fn_update_cart_products($cart, $product_data, $auth); // Update shipping cost $cart['stored_shipping'] = array(); if (!empty($cart['product_groups'])) { foreach ($cart['product_groups'] as $group_key => $group) { if (!empty($group['chosen_shippings'])) { foreach ($group['chosen_shippings'] as $shipping_key => $shipping) { if (!empty($new_cart_data['stored_shipping'][$group_key][$shipping_key]) && $new_cart_data['stored_shipping'][$group_key][$shipping_key] != 'N') { $cart['stored_shipping'][$group_key][$shipping_key] = (double) $new_cart_data['stored_shipping_cost'][$group_key][$shipping_key]; $cart['product_groups'][$group_key]['chosen_shippings'][$shipping_key]['rate'] = $cart['stored_shipping'][$group_key][$shipping_key]; } else { unset($cart['product_groups'][$group_key]['chosen_shippings'][$shipping_key]['stored_shippings']); unset($cart['product_groups'][$group_key]['shippings'][$shipping['shipping_id']]['stored_shippings']); } } } } } // Update taxes if (!empty($new_cart_data['taxes']) && @$new_cart_data['stored_taxes'] == 'Y') { foreach ($new_cart_data['taxes'] as $id => $rate) { $cart['taxes'][$id]['rate_value'] = $rate; } } $cart['stored_taxes'] = !empty($new_cart_data['stored_taxes']) ? $new_cart_data['stored_taxes'] : array(); if (!empty($new_cart_data['stored_subtotal_discount']) && $new_cart_data['stored_subtotal_discount'] == 'Y') { $cart['stored_subtotal_discount'] = 'Y'; $cart['subtotal_discount'] = $new_cart_data['subtotal_discount']; } else { unset($cart['stored_subtotal_discount']); $cart['subtotal_discount'] = !empty($cart['original_subtotal_discount']) ? $cart['original_subtotal_discount'] : 0; } // Apply coupon if (!empty($new_cart_data['coupon_code'])) { fn_trusted_vars('coupon_code'); // That's why $cart->setPendingCoupon() is better $cart['pending_coupon'] = strtolower($new_cart_data['coupon_code']); } /** * Additional cart updates from passed params * * @param array $cart Array of cart content and user information necessary for purchase * @param array $new_cart_data Array of new data for products, totals, discounts and etc. update * @param array $auth Array of user authentication data (e.g. uid, usergroup_ids, etc.) */ fn_set_hook('update_cart_by_data_post', $cart, $new_cart_data, $auth); return true; }
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: news.php 10558 2010-08-31 12:50:29Z klerik $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('news', 'news_data'); // // Delete news // if ($mode == 'delete') { foreach ($_REQUEST['news_ids'] as $v) { fn_delete_news($v); } $suffix = ".manage"; } // // Manage news // if ($mode == 'm_update') { if (!empty($_REQUEST['news'])) { foreach ($_REQUEST['news'] as $k => $v) {
* * * (c) 2004 Vladimir V. Kalynyak, Alexey V. Vinokurov, Ilya M. Shalnev * * * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } fn_trusted_vars("processor_params", "payment_data"); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'update') { $payment_id = fn_attach_image_pairs('path_stamp', 'stamp', $_REQUEST['payment_id'], DESCR_SL); } return array(CONTROLLER_STATUS_OK, "payments.manage"); } if ($mode == 'update' || $mode == 'manage') { $processors = Tygh::$app['view']->getTemplateVars('payment_processors'); if (!empty($processors)) { $rus_payments = array(); foreach (fn_get_schema('rus_payments', 'processors') as $rus_payment) { $rus_payments[$rus_payment['processor']] = $rus_payment; } foreach ($processors as &$processor) { $processor['position'] = 'default_' . $processor['processor'];
* (c) 2004 Vladimir V. Kalynyak, Alexey V. Vinokurov, Ilya M. Shalnev * * * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('status_data'); if ($mode == 'update') { fn_update_status($_REQUEST['status'], $_REQUEST['status_data'], $_REQUEST['type']); } if ($mode == 'delete') { if (!empty($_REQUEST['status'])) { if (fn_delete_status($_REQUEST['status'], $_REQUEST['type'])) { $count = db_get_field("SELECT COUNT(*) FROM ?:statuses"); if (empty($count)) { Tygh::$app['view']->display('views/statuses/manage.tpl'); } } } exit; } return array(CONTROLLER_STATUS_OK, 'statuses.manage?type=' . $_REQUEST['type']);
* license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Debugger; use Tygh\Database; if (!defined('BOOTSTRAP') || !Debugger::isActive()) { die('Access denied'); } $data = !empty($_REQUEST['debugger_hash']) ? Debugger::getData($_REQUEST['debugger_hash']) : array(); if ($mode == 'sql_parse') { fn_trusted_vars('query'); if (!empty($data) && isset($_REQUEST['sql_id'])) { $query = stripslashes($data['sql']['queries'][$_REQUEST['sql_id']]['query']); $backtrace = !empty($data['backtraces']) ? $data['backtraces'][$_REQUEST['sql_id']] : array(); $_REQUEST['sandbox'] = true; } else { $query = $_REQUEST['query']; } $result = $explain = array(); $query_time = $start_time = 0; if (!empty($_REQUEST['sandbox'])) { db_query('SET AUTOCOMMIT=0'); db_query('START TRANSACTION'); } $stop_queries = array('DROP', 'CREATE', 'TRANSACTION', 'ROLLBACK'); $stop_exec = false;
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: affiliate_plans.php 10264 2010-07-29 08:09:07Z klerik $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('add_affiliate_plans', 'affiliate_plans_data', 'affiliate_plan', 'levels', 'commissions_ids'); $suffix = ''; // // Delete selected plans // if ($mode == 'delete') { if (!empty($_REQUEST['plan_ids'])) { fn_delete_affiliate_plans($_REQUEST['plan_ids']); } $suffix = '.manage'; } // // Update/add plan // if ($mode == 'update') { $plan_id = fn_update_affiliate_plan($_REQUEST['affiliate_plan'], $_REQUEST['plan_id'], DESCR_SL);
} if (!Registry::get('runtime.customization_mode.design') && !Registry::get('runtime.customization_mode.live_editor')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'update_customization_mode') { fn_update_customization_mode($_REQUEST['customization_modes']); return array(CONTROLLER_STATUS_OK, $_REQUEST['current_url']); } if ($mode == 'live_editor_update') { fn_trusted_vars('value'); fn_live_editor_update_object($_REQUEST); exit; } if ($mode == 'save_template') { fn_trusted_vars('content'); $ext = fn_strtolower(fn_get_file_ext($_REQUEST['file'])); if ($ext == 'tpl') { $theme_path = fn_get_theme_path('[themes]/[theme]/templates/', 'C'); if (fn_put_contents($_REQUEST['file'], $_REQUEST['content'], $theme_path)) { fn_set_notification('N', __('notice'), __('text_file_saved', array('[file]' => fn_basename($_REQUEST['file'])))); } } return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['current_url']); } if ($mode == 'restore_template') { $copied = false; $full_path = fn_get_theme_path('[themes]/[theme]', 'C') . '/templates/' . $_REQUEST['file']; if (fn_check_path($full_path)) { $c_name = fn_normalize_path($full_path); $r_name = fn_normalize_path(Registry::get('config.dir.themes_repository') . Registry::get('config.base_theme') . '/templates/' . $_REQUEST['file']);
* * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $suffix = ''; fn_trusted_vars('postcode_locations', 'postcode_location_data'); if ($mode == 'update') { $postcode_location_id = fn_update_postcode_location($_REQUEST['postcode_location_data'], $_REQUEST['postcode_location_id'], DESCR_SL); if (empty($postcode_location_id)) { $suffix = ".manage"; } else { $suffix = ".update?postcode_location_id={$postcode_location_id}"; } } if ($mode == 'delete') { if (!empty($_REQUEST['postcode_location_id'])) { fn_delete_postcode_location($_REQUEST['postcode_location_id']); } $suffix = '.manage'; } return array(CONTROLLER_STATUS_OK, 'postcode_checker' . $suffix);
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } $_REQUEST['category_id'] = empty($_REQUEST['category_id']) ? 0 : $_REQUEST['category_id']; if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Define trusted variables that shouldn't be stripped fn_trusted_vars('category_data', 'categories_data'); // // Create/update category // if ($mode == 'update') { if (fn_allowed_for('ULTIMATE')) { if (!empty($_REQUEST['category_id']) && !fn_check_company_id('categories', 'category_id', $_REQUEST['category_id'])) { fn_company_access_denied_notification(); return array(CONTROLLER_STATUS_OK, 'categories.update?category_id=' . $_REQUEST['category_id']); } } $category_id = fn_update_category($_REQUEST['category_data'], $_REQUEST['category_id'], DESCR_SL); if (!empty($category_id)) { fn_attach_image_pairs('category_main', 'category', $category_id, DESCR_SL); $suffix = ".update?category_id={$category_id}" . (!empty($_REQUEST['category_data']['block_id']) ? "&selected_block_id=" . $_REQUEST['category_data']['block_id'] : ""); } else {
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: site_layout.php 9938 2010-07-01 14:18:59Z 2tl $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars("lang_data"); $suffix = ''; if ($mode == 'update_design_mode') { db_query("UPDATE ?:settings SET value = ?s WHERE option_name = ?s AND section_id = ?s", $action == $_REQUEST['design_mode'] ? 'Y' : 'N', $_REQUEST['design_mode'], ''); if (!empty($_REQUEST['disable_mode'])) { db_query("UPDATE ?:settings SET value = 'N' WHERE option_name = ?s AND section_id = ?s", $_REQUEST['disable_mode'], ''); } fn_rm(DIR_COMPILED . 'customer', false); fn_rm(DIR_COMPILED . 'admin', false); $suffix = '.design_mode'; } if ($mode == 'update_logos') { $logos = fn_filter_uploaded_data('logotypes'); $areas = fn_get_manifest_definition(); fn_save_logo_alt($areas); // Update customer logotype
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Storage; if (!defined('BOOTSTRAP')) { die('Access denied'); } $_SESSION['current_path'] = empty($_SESSION['current_path']) ? '' : preg_replace('/^\\//', '', $_SESSION['current_path']); $current_path = $_SESSION['current_path']; // Disable debug console Tygh::$app['view']->debugging = false; $message = array(); $root_dir = fn_te_get_root('full'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'edit') { fn_trusted_vars('file_content'); $file_path = fn_te_normalize_path($_REQUEST, $root_dir); $is_forbidden_ext = in_array(fn_strtolower(fn_get_file_ext($file_path)), Registry::get('config.forbidden_file_extensions')); if (fn_te_check_path($file_path) && @is_writable($file_path) && !$is_forbidden_ext) { fn_put_contents($file_path, $_REQUEST['file_content']); fn_set_notification('N', __('notice'), __('text_file_saved', array('[file]' => fn_basename($file_path)))); Tygh::$app['ajax']->assign('saved', true); // Clear template cache of updated template for the customer front-end $view = Tygh::$app['view']; $view->setArea('C', '', Registry::get('runtime.company_id')); $updated_template_path = str_replace($view->getTemplateDir(0), '', $file_path); $view->clearCompiledTemplate($updated_template_path); $view->setArea(AREA, '', Registry::get('runtime.company_id')); } else { fn_set_notification('E', __('error'), __('cannot_write_file', array('[file]' => fn_get_rel_dir($file_path)))); }
* license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Settings; use Tygh\Languages\Languages; use Tygh\Languages\Values as LanguageValues; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars("lang_data", "new_lang_data"); $suffix = '.manage'; // // Update language variables // if ($mode == 'm_update_variables') { if (is_array($_REQUEST['lang_data'])) { fn_update_lang_var($_REQUEST['lang_data']); } $suffix = '.translations'; } // // Delete language variables // if ($mode == 'm_delete_variables') { if (!empty($_REQUEST['names'])) {
fn_login_user($user_id); return array(CONTROLLER_STATUS_REDIRECT, 'profiles.success_add'); } else { return array(CONTROLLER_STATUS_REDIRECT, 'checkout.complete?order_id=' . $_REQUEST['order_id']); } } else { return array(CONTROLLER_STATUS_DENIED); } } return array(CONTROLLER_STATUS_OK, 'checkout.cart'); } // // Delete discount coupon // if ($mode == 'delete_coupon') { fn_trusted_vars('coupon_code'); unset($cart['coupons'][$_REQUEST['coupon_code']], $cart['pending_coupon']); $cart['recalculate'] = true; if (!empty($cart['chosen_shipping'])) { $cart['calculate_shipping'] = true; } return array(CONTROLLER_STATUS_OK); } if (empty($mode)) { $redirect_mode = empty($_REQUEST['redirect_mode']) ? 'checkout' : $_REQUEST['redirect_mode']; return array(CONTROLLER_STATUS_REDIRECT, 'checkout.' . $redirect_mode); } $payment_methods = fn_prepare_checkout_payment_methods($cart, $auth); if ((fn_cart_is_empty($cart) && !isset($force_redirection) || empty($payment_methods)) && !in_array($mode, array('clear', 'delete', 'cart', 'update', 'apply_coupon', 'shipping_estimation', 'update_shipping', 'complete'))) { if (empty($payment_methods)) { fn_set_notification('W', __('notice'), __('cannot_proccess_checkout_without_payment_methods'), 'K', 'no_payment_notification');
* and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: recurring_plans.php 7502 2009-05-19 14:54:59Z zeke $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $suffix = ''; // Define trusted variables that shouldn't be stripped fn_trusted_vars('recurring_plan'); // // Update/add plan // if ($mode == 'update') { $plan_id = fn_update_recurring_plan($_REQUEST['recurring_plan'], $_REQUEST['plan_id'], DESCR_SL); $suffix = ".update?plan_id={$plan_id}"; } // // Delete selected plans // if ($mode == 'delete') { if (!empty($_REQUEST['plan_ids'])) { fn_delete_recurring_plans($_REQUEST['plan_ids']); } $suffix = '.manage';
* * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Mailer; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == "POST") { fn_trusted_vars('settings_data'); if ($mode == "update_settings") { if (!empty($_REQUEST['settings_data'])) { if (!empty($_REQUEST['settings_data']['statuses'])) { $_REQUEST['settings_data']['statuses'] = implode(',', $_REQUEST['settings_data']['statuses']); } $check = db_get_row("SELECT * FROM ?:orders_feedback WHERE feedback_id = ?i AND lang_code=?s", $_REQUEST['feedback_id'], DESCR_SL); if (!empty($check)) { db_query("UPDATE ?:orders_feedback SET ?u WHERE feedback_id = ?i AND lang_code=?s", $_REQUEST['settings_data'], $_REQUEST['feedback_id'], DESCR_SL); } else { foreach (fn_get_translation_languages() as $_REQUEST['settings_data']['lang_code'] => $v) { $_REQUEST['settings_data']['feedback_id'] = db_query("INSERT INTO ?:orders_feedback ?e", $_REQUEST['settings_data']); } return array(CONTROLLER_STATUS_OK, "orders_feedback.update?feedback_id=" . $_REQUEST['settings_data']['feedback_id']); } }
* (c) 2004 Vladimir V. Kalynyak, Alexey V. Vinokurov, Ilya M. Shalnev * * * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('banners', 'banner_data'); $suffix = ''; // // Delete banners // if ($mode == 'm_delete') { foreach ($_REQUEST['banner_ids'] as $v) { fn_delete_banner_by_id($v); } $suffix = '.manage'; } // // Add/edit banners // if ($mode == 'update') { $banner_id = fn_banners_update_banner($_REQUEST['banner_data'], $_REQUEST['banner_id'], DESCR_SL);
use Tygh\Registry; use Tygh\Settings; use Tygh\Helpdesk; if (!defined('BOOTSTRAP')) { die('Access denied'); } $section_id = empty($_REQUEST['section_id']) ? 'General' : $_REQUEST['section_id']; // Convert section name to section_id $section = Settings::instance()->getSectionByName($section_id); if (isset($section['section_id'])) { $section_id = $section['section_id']; } else { return array(CONTROLLER_STATUS_NO_PAGE); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('update'); $_suffix = ''; if ($mode == 'update') { if (isset($_REQUEST['update']) && is_array($_REQUEST['update'])) { foreach ($_REQUEST['update'] as $k => $v) { Settings::instance()->updateValueById($k, $v); if (!empty($_REQUEST['update_all_vendors'][$k])) { Settings::instance()->resetAllVendorsSettings($k); } } } $_suffix = ".manage"; if (defined('AJAX_REQUEST')) { exit; } }
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } // dynamic pieces of content that admin can use in newsletters $placeholders = array(NEWSLETTER_TYPE_NEWSLETTER => array('%UNSUBSCRIBE_LINK' => 'unsubscribe_link', '%SUBSCRIBER_EMAIL' => 'subscriber_email', '%COMPANY_NAME' => 'company_name', '%COMPANY_ADDRESS' => 'company_address', '%COMPANY_PHONE' => 'company_phone'), NEWSLETTER_TYPE_AUTORESPONDER => array('%ACTIVATION_LINK' => 'activation_link', '%SUBSCRIBER_EMAIL' => 'subscriber_email', '%COMPANY_NAME' => 'company_name', '%COMPANY_ADDRESS' => 'company_address', '%COMPANY_PHONE' => 'company_phone'), NEWSLETTER_TYPE_TEMPLATE => array('%UNSUBSCRIBE_LINK' => 'unsubscribe_link', '%ACTIVATION_LINK' => 'activation_link', '%SUBSCRIBER_EMAIL' => 'subscriber_email', '%COMPANY_NAME' => 'company_name', '%COMPANY_ADDRESS' => 'company_address', '%COMPANY_PHONE' => 'company_phone')); if ($_SERVER['REQUEST_METHOD'] == 'POST') { fn_trusted_vars('newsletter_data'); $suffix = '.manage'; // // Delete newsletters // if ($mode == 'm_delete') { if (!empty($_REQUEST['newsletter_ids'])) { foreach ($_REQUEST['newsletter_ids'] as $v) { fn_delete_newsletter($v); } } } // // Update newsletters // if ($mode == 'update') {