function query($order_id) { $order_id = oos_db_prepare_input($order_id); $nLanguageID = isset($_SESSION['language_id']) ? $_SESSION['language_id'] + 0 : 1; // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $orderstable = $oostable['orders']; $sql = "SELECT customers_id, customers_name, customers_number, customers_company, customers_street_address,\n customers_suburb, customers_city, customers_postcode, customers_state,\n customers_country, customers_telephone, customers_email_address,\n customers_address_format_id, delivery_name, delivery_company,\n delivery_street_address, delivery_suburb, delivery_city, delivery_postcode,\n delivery_state, delivery_country, delivery_address_format_id, billing_name,\n billing_company, billing_street_address, billing_suburb, billing_city,\n billing_postcode, billing_state, billing_country, billing_address_format_id,\n payment_method, cc_type, cc_owner, cc_number, cc_expires, cc_cvv, cc_start, cc_issue,\n currency, currency_value, date_purchased, campaigns, orders_status, last_modified\n FROM {$orderstable}\n WHERE orders_id = '" . intval($order_id) . "'"; $order = $dbconn->GetRow($sql); $orders_totaltable = $oostable['orders_total']; $sql = "SELECT title, text\n FROM {$orders_totaltable}\n WHERE orders_id = '" . intval($order_id) . "'\n ORDER BY sort_order"; $this->totals = $dbconn->GetAll($sql); $orders_totaltable = $oostable['orders_total']; $sql = "SELECT text\n FROM {$orders_totaltable}\n WHERE orders_id = '" . intval($order_id) . "'\n AND class = 'ot_total'"; $order_total_text = $dbconn->GetOne($sql); $orders_totaltable = $oostable['orders_total']; $sql = "SELECT title\n FROM {$orders_totaltable}\n WHERE orders_id = '" . intval($order_id) . "'\n AND class = 'ot_shipping'"; $shipping_method_title = $dbconn->GetOne($sql); $orders_statustable = $oostable['orders_status']; $sql = "SELECT orders_status_name\n FROM {$orders_statustable}\n WHERE orders_status_id = '" . $order['orders_status'] . "'\n AND orders_languages_id = '" . intval($nLanguageID) . "'"; $orders_status_name = $dbconn->GetOne($sql); $campaignstable = $oostable['campaigns']; $sql = "SELECT campaigns_name\n FROM {$campaignstable}\n WHERE campaigns_id = '" . $order['campaigns'] . "'\n AND campaigns_languages_id = '" . intval($nLanguageID) . "'"; $campaigns_name = $dbconn->GetOne($sql); $this->info = array('currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'cc_start' => $order['cc_start'], 'cc_issue' => $order['cc_issue'], 'cc_cvv' => $order['cc_cvv'], 'date_purchased' => $order['date_purchased'], 'campaigns' => $campaigns_name, 'orders_status' => $orders_status_name, 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total_text), 'shipping_method' => substr($shipping_method_title, -1) == ':' ? substr(strip_tags($shipping_method_title), 0, -1) : strip_tags($shipping_method_title)); $this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'number' => $order['customers_number'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']); $this->delivery = array('name' => $order['delivery_name'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']); if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { $this->delivery = false; } $this->billing = array('name' => $order['billing_name'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']); $index = 0; $orders_productstable = $oostable['orders_products']; $sql = "SELECT orders_products_id, products_id, products_name, products_model,\n products_ean, products_serial_number, products_price, products_tax,\n products_quantity, final_price\n FROM {$orders_productstable}\n WHERE orders_id = '" . intval($order_id) . "'"; $orders_products_result = $dbconn->Execute($sql); while ($orders_products = $orders_products_result->fields) { $this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'ean' => $orders_products['products_ean'], 'serial_number' => $orders_products['products_serial_number'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'final_price' => $orders_products['final_price']); $subindex = 0; $orders_products_attributestable = $oostable['orders_products_attributes']; $sql = "SELECT products_options, products_options_values, options_values_price, price_prefix\n FROM {$orders_products_attributestable}\n WHERE orders_id = '" . intval($order_id) . "'\n AND orders_products_id = '" . $orders_products['orders_products_id'] . "'"; $attributes_result = $dbconn->Execute($sql); if ($attributes_result->RecordCount()) { while ($attributes = $attributes_result->fields) { $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']); $subindex++; // Move that ADOdb pointer! $attributes_result->MoveNext(); } } $this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1'; $index++; // Move that ADOdb pointer! $orders_products_result->MoveNext(); } }
$newsfeed_title_array = $_POST['newsfeed_title']; $newsfeed_description_array = $_POST['newsfeed_description']; $lang_id = $languages[$i]['id']; $sql_data_array = array('newsfeed_name' => oos_db_prepare_input($newsfeed_name_array[$lang_id]), 'newsfeed_title' => oos_db_prepare_input($newsfeed_title_array[$lang_id]), 'newsfeed_description' => oos_db_prepare_input($newsfeed_description_array[$lang_id])); if ($action == 'insert') { $insert_sql_data = array('newsfeed_id' => $newsfeed_id, 'newsfeed_languages_id' => $lang_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); oos_db_perform($oostable['newsfeed_info'], $sql_data_array); } elseif ($action == 'save') { oos_db_perform($oostable['newsfeed_info'], $sql_data_array, 'update', "newsfeed_id = '" . oos_db_input($newsfeed_id) . "' and newsfeed_languages_id = '" . intval($lang_id) . "'"); } } oos_redirect_admin(oos_href_link_admin($aFilename['rss_conf'], 'page=' . $_GET['page'] . '&nID=' . $newsfeed_id)); break; case 'deleteconfirm': $newsfeed_id = oos_db_prepare_input($_GET['nID']); if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') { $newsfeedtable = $oostable['newsfeed']; $newsfeed_result = $dbconn->Execute("SELECT newsfeed_image FROM {$newsfeedtable} WHERE newsfeed_id = '" . oos_db_input($newsfeed_id) . "'"); $newsfeed = $newsfeed_result->fields; $image_location = OOS_ABSOLUTE_PATH . OOS_IMAGES . $newsfeed['newsfeed_image']; if (file_exists($image_location)) { @unlink($image_location); } } $newsfeedtable = $oostable['newsfeed']; $dbconn->Execute("DELETE FROM {$newsfeedtable} WHERE newsfeed_id = '" . oos_db_input($newsfeed_id) . "'"); $newsfeed_infotable = $oostable['newsfeed_info']; $dbconn->Execute("DELETE FROM {$newsfeed_infotable} WHERE newsfeed_id = '" . oos_db_input($newsfeed_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['rss_conf'], 'page=' . $_GET['page'])); break;
for ($i = 0, $n = count($languages); $i < $n; $i++) { $manufacturers_url_array = oos_db_prepare_input($_POST['manufacturers_url']); $lang_id = $languages[$i]['id']; $sql_data_array = array('manufacturers_url' => oos_db_prepare_input($manufacturers_url_array[$lang_id])); if ($action == 'insert') { $insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'manufacturers_languages_id' => $lang_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); oos_db_perform($oostable['manufacturers_info'], $sql_data_array); } elseif ($action == 'save') { oos_db_perform($oostable['manufacturers_info'], $sql_data_array, 'update', "manufacturers_id = '" . oos_db_input($manufacturers_id) . "' and manufacturers_languages_id = '" . intval($lang_id) . "'"); } } oos_redirect_admin(oos_href_link_admin($aFilename['manufacturers'], 'page=' . $_GET['page'] . '&mID=' . $manufacturers_id)); break; case 'deleteconfirm': $manufacturers_id = oos_db_prepare_input($_GET['mID']); if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') { $manufacturerstable = $oostable['manufacturers']; $manufacturer_result = $dbconn->Execute("SELECT manufacturers_image FROM {$manufacturerstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); $manufacturer = $manufacturer_result->fields; $image_location = OOS_ABSOLUTE_PATH . OOS_IMAGES . $manufacturer['manufacturers_image']; if (file_exists($image_location)) { @unlink($image_location); } } $manufacturerstable = $oostable['manufacturers']; $dbconn->Execute("DELETE FROM {$manufacturerstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); $manufacturers_infotable = $oostable['manufacturers_info']; $dbconn->Execute("DELETE FROM {$manufacturers_infotable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') { $productstable = $oostable['products'];
$quote_function = 'quote_' . CURRENCY_SERVER_PRIMARY . '_currency'; $rate = $quote_function($currency['code']); if (empty($rate) && oos_is_not_null(CURRENCY_SERVER_BACKUP)) { $quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency'; $rate = $quote_function($currency['code']); } if (oos_is_not_null($rate)) { $dbconn->Execute("UPDATE " . $oostable['currencies'] . " SET value = '" . $rate . "', last_updated = '" . date("Y-m-d H:i:s", time()) . "' WHERE currencies_id = '" . $currency['currencies_id'] . "'"); } // Move that ADOdb pointer! $currency_result->MoveNext(); } oos_redirect_admin(oos_href_link_admin($aFilename['currencies'], 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); break; case 'delete': $currencies_id = oos_db_prepare_input($_GET['cID']); $currency_result = $dbconn->Execute("SELECT code FROM " . $oostable['currencies'] . " WHERE currencies_id = '" . oos_db_input($currencies_id) . "'"); $currency = $currency_result->fields; $remove_currency = true; if ($currency['code'] == DEFAULT_CURRENCY) { $remove_currency = false; $messageStack->add(ERROR_REMOVE_DEFAULT_CURRENCY, 'error'); } break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr>
$newsletter = $newsletter_result->fields; $nInfo = new objectInfo($newsletter); include 'includes/languages/' . $_SESSION['language'] . '/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); include 'includes/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><?php echo $module->confirm(); ?> </td> </tr> <?php } elseif ($action == 'confirm_send') { $nID = oos_db_prepare_input($_GET['nID']); $newsletterstable = $oostable['newsletters']; $newsletter_result = $dbconn->Execute("SELECT newsletters_id, title, content, module FROM {$newsletterstable} WHERE newsletters_id = '" . oos_db_input($nID) . "'"); $newsletter = $newsletter_result->fields; $nInfo = new objectInfo($newsletter); include 'includes/languages/' . $_SESSION['language'] . '/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); include 'includes/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><table border="0" cellspacing="0" cellpadding="2"> <tr> <td class="main" valign="middle"><?php echo oos_image(OOS_IMAGES . 'ani_send_email.gif', IMAGE_ANI_SEND_EMAIL); ?>
$ticket_prioritys[] = array('id' => $ticket_priority['ticket_priority_id'], 'text' => $ticket_priority['ticket_priority_name']); $ticket_priority_array[$ticket_priority['ticket_priority_id']] = $ticket_priority['ticket_priority_name']; $ticket_priority_result->MoveNext(); } $ticket_statuses = array(); $ticket_status_array = array(); $ticket_statustable = $oostable['ticket_status']; $sql = "SELECT ticket_status_id, ticket_status_name\n FROM {$ticket_statustable}\n WHERE ticket_languages_id = '" . intval($nLanguageID) . "'"; $ticket_status_result = $dbconn->Execute($sql); while ($ticket_status = $ticket_status_result->fields) { $ticket_statuses[] = array('id' => $ticket_status['ticket_status_id'], 'text' => $ticket_status['ticket_status_name']); $ticket_status_array[$ticket_status['ticket_status_id']] = $ticket_status['ticket_status_name']; $ticket_status_result->MoveNext(); } if (isset($_GET['tlid'])) { $tlid = oos_db_prepare_input($_GET['tlid']); } if (isset($_POST['tlid'])) { $tlid = oos_prepare_input($_POST['tlid']); } if (strlen($tlid) < 10) { unset($tlid); } // Form was submitted $bError = false; if (isset($_POST['action']) && $_POST['action'] == 'send' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid']) && isset($tlid)) { $status = oos_prepare_input($_POST['status']); $department = oos_prepare_input($_POST['department']); $priority = oos_prepare_input($_POST['priority']); $enquiry = oos_prepare_input($_POST['enquiry']); // Check Message length
} $insert_sql_data = array('products_status_id' => $products_status_id, 'products_status_languages_id' => $lang_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); oos_db_perform($oostable['products_status'], $sql_data_array); } elseif ($action == 'save') { oos_db_perform($oostable['products_status'], $sql_data_array, 'update', "products_status_id = '" . oos_db_input($products_status_id) . "' and products_status_languages_id = '" . intval($lang_id) . "'"); } } if (isset($_POST['default']) && $_POST['default'] == 'on') { $configurationtable = $oostable['configuration']; $dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . oos_db_input($products_status_id) . "' WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'"); } oos_redirect_admin_admin(oos_href_link_admin($aFilename['products_status'], 'page=' . $_GET['page'] . '&psID=' . $products_status_id)); break; case 'deleteconfirm': $psID = oos_db_prepare_input($_GET['psID']); /* $products_status_result = $dbconn->Execute("SELECT configuration_value FROM " . $oostable['configuration'] . " WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'"); $products_status = $products_status_result->fields; if ($products_status['configuration_value'] == $psID) { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'"); } */ $products_statustable = $oostable['products_status']; $dbconn->Execute("DELETE FROM {$products_statustable} WHERE products_status_id = '" . oos_db_input($psID) . "'"); oos_redirect_admin_admin(oos_href_link_admin($aFilename['products_status'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?>
function oos_get_categories($aCategories = '', $parent_id = '0', $indent = '') { $parent_id = oos_db_prepare_input($parent_id); $nGroupID = intval($_SESSION['member']->group['id']); if (!is_array($aCategories)) $aCategories = array(); // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $nLanguageID = isset($_SESSION['language_id']) ? $_SESSION['language_id']+0 : 1; $categoriestable = $oostable['categories']; $categories_descriptiontable = $oostable['categories_description']; $query = "SELECT c.categories_id, c.categories_status, cd.categories_name FROM $categoriestable c, $categories_descriptiontable cd WHERE ( c.access = '0' OR c.access = '" . intval($nGroupID) . "' ) AND c.categories_status = '1' AND c.parent_id = '" . oos_db_input($parent_id) . "' AND c.categories_id = cd.categories_id AND cd.categories_languages_id = '" . intval($nLanguageID) . "' ORDER BY sort_order, cd.categories_name"; $result =& $dbconn->Execute($query); while ($categories = $result->fields) { $aCategories[] = array('id' => $categories['categories_id'], 'text' => $indent . $categories['categories_name']); if ($categories['categories_id'] != $parent_id) { $aCategories = oos_get_categories($aCategories, $categories['categories_id'], $indent . ' '); } // Move that ADOdb pointer! $result->MoveNext(); } // Close result set $result->Close(); return $aCategories; }
$admin_email_address = oos_db_prepare_input($_POST['admin_email_address']); $stored_email[] = 'NONE'; $admintable = $oostable['admin']; $check_email_query = "SELECT admin_email_address FROM " . $admintable . " WHERE admin_id <> " . $admin_id . ""; $check_email_result =& $dbconn->Execute($check_email_query); while ($check_email = $check_email_result->fields) { $stored_email[] = $check_email['admin_email_address']; // Move that ADOdb pointer! $check_email_result->MoveNext(); } // Close result set $check_email_result->Close(); if (in_array($_POST['admin_email_address'], $stored_email)) { oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'action=edit_process&error=email')); } else { $sql_data_array = array('admin_firstname' => oos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => oos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => oos_db_prepare_input($_POST['admin_email_address']), 'admin_password' => oos_encrypt_password(oos_db_prepare_input($_POST['admin_password'])), 'admin_modified' => '" . date("Y-m-d H:i:s", time()) . "'); oos_db_perform($oostable['admin'], $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\''); //oos_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], OOS_HTTP_SERVER . OOS_SHOP . 'admin/', $_POST['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'page=' . $_GET['page'] . '&mID=' . $admin_id)); } break; } } require 'includes/oos_header.php'; require 'includes/account_check.js.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH;
$sql_data_array_url = array('information_url' => oos_db_prepare_input($information_url_array[$lang_id])); $sql_data_array_head = array('information_heading_title' => oos_db_prepare_input($information_heading_title_array[$lang_id])); $sql_data_array_desc = array('information_description' => oos_db_prepare_input($information_description_array[$lang_id])); $sql_data_array = array_merge($sql_data_array, $sql_data_array_url, $sql_data_array_desc, $sql_data_array_head); if ($action == 'insert') { $insert_sql_data = array('information_id' => $information_id, 'information_languages_id' => $lang_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); oos_db_perform($oostable['information_description'], $sql_data_array); } elseif ($action == 'save') { oos_db_perform($oostable['information_description'], $sql_data_array, 'update', "information_id = '" . oos_db_input($information_id) . "' AND information_languages_id = '" . intval($lang_id) . "'"); } } oos_redirect_admin(oos_href_link_admin($aFilename['information'], 'page=' . $_GET['page'] . '&mID=' . $information_id)); break; case 'deleteconfirm': $information_id = oos_db_prepare_input($_GET['mID']); if ($information_id > 5) { if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') { $informationtable = $oostable['information']; $informations_result = $dbconn->Execute("SELECT information_image FROM {$informationtable} WHERE information_id = '" . oos_db_input($information_id) . "'"); $informations = $informations_result->fields; $image_location = OOS_ABSOLUTE_PATH . OOS_IMAGES . $informations['information_image']; if (file_exists($image_location)) { @unlink($image_location); } } $informationtable = $oostable['information']; $dbconn->Execute("DELETE FROM {$informationtable} WHERE information_id = '" . oos_db_input($information_id) . "'"); $information_descriptiontable = $oostable['information_description']; $dbconn->Execute("DELETE FROM {$information_descriptiontable} WHERE information_id = '" . oos_db_input($information_id) . "'"); }
$form_action = $_GET['cID'] ? 'update_category' : 'insert_category'; echo oos_draw_form($form_action, $aFilename['categories'], 'categories=' . $categories . '&cID=' . $_GET['cID'] . '&action=' . $form_action, 'post', 'enctype="multipart/form-data"'); $languages = oos_get_languages(); for ($i = 0; $i < count($languages); $i++) { if (isset($_GET['read']) && $_GET['read'] == 'only') { $cInfo->categories_name = oos_get_category_name($cInfo->categories_id, $languages[$i]['id']); $cInfo->categories_heading_title = oos_get_category_heading_title($cInfo->categories_id, $languages[$i]['id']); $cInfo->categories_description = oos_get_category_description($cInfo->categories_id, $languages[$i]['id']); $cInfo->categories_description_meta = oos_get_category_description_meta($cInfo->categories_id, $languages[$i]['id']); $cInfo->categories_keywords_meta = oos_get_category_keywords_meta($cInfo->categories_id, $languages[$i]['id']); } else { $cInfo->categories_name = oos_db_prepare_input($categories_name[$languages[$i]['id']]); $cInfo->categories_heading_title = oos_db_prepare_input($categories_heading_title[$languages[$i]['id']]); $cInfo->categories_description = oos_db_prepare_input($categories_description[$languages[$i]['id']]); $cInfo->categories_description_meta = oos_db_prepare_input($categories_description_meta[$languages[$i]['id']]); $cInfo->categories_keywords_meta = oos_db_prepare_input($categories_keywords_meta[$languages[$i]['id']]); } ?> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo oos_image(OOS_SHOP_IMAGES . 'flags/' . $languages[$i]['iso_639_2'] . '.gif', $languages[$i]['name']) . ' ' . $cInfo->categories_heading_title; ?> </td> </tr> </table></td> </tr> <tr> <td><?php echo oos_draw_separator('trans.gif', '1', '10');
define('OOS_VALID_MOD', 'yes'); require 'includes/oos_main.php'; if (!isset($_SESSION['login_id'])) { oos_redirect_admin(oos_href_link_admin($aFilename['login'], '', 'SSL')); } if ( !current_user_can('popup_image') ) oos_redirect_admin(oos_href_link_admin($aFilename['forbiden'])); reset($_GET); while (list($key, ) = each($_GET)) { switch ($key) { case 'banner': $banners_id = oos_db_prepare_input($_GET['banner']); $bannerstable = $oostable['banners']; $banner_result = $dbconn->Execute("SELECT banners_title, banners_image, banners_html_text FROM $bannerstable WHERE banners_id = '" . oos_db_input($banners_id) . "'"); $banner = $banner_result->fields; $page_title = $banner['banners_title']; if ($banner['banners_html_text']) { $image_source = $banner['banners_html_text']; } elseif ($banner['banners_image']) { $image_source = oos_image(OOS_HTTP_SERVER . '/' . OOS_IMAGES . $banner['banners_image'], $page_title); } break; } }
case 'insert': $tax_classtable = $oostable['tax_class']; $dbconn->Execute("INSERT INTO $tax_classtable (tax_class_title, tax_class_description, date_added) VALUES ('" . oos_db_input($tax_class_title) . "', '" . oos_db_input($tax_class_description) . "', '" . date("Y-m-d H:i:s", time()) . "')"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_classes'])); break; case 'save': $tax_class_id = oos_db_prepare_input($_GET['tID']); $tax_classtable = $oostable['tax_class']; $dbconn->Execute("UPDATE $tax_classtable SET tax_class_id = '" . oos_db_input($tax_class_id) . "', tax_class_title = '" . oos_db_input($tax_class_title) . "', tax_class_description = '" . oos_db_input($tax_class_description) . "', last_modified = '" . date("Y-m-d H:i:s", time()) . "' WHERE tax_class_id = '" . oos_db_input($tax_class_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_classes'], 'page=' . $_GET['page'] . '&tID=' . $tax_class_id)); break; case 'deleteconfirm': $tax_class_id = oos_db_prepare_input($_GET['tID']); $tax_classtable = $oostable['tax_class']; $dbconn->Execute("DELETE FROM $tax_classtable WHERE tax_class_id = '" . oos_db_input($tax_class_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_classes'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft"> <?php require 'includes/oos_blocks.php'; ?> </table></td>
case 'group_new': $admin_groups_name = ucwords(strtolower(oos_db_prepare_input($_POST['admin_groups_name']))); $name_replace = preg_replace("/ /", "%", $admin_groups_name); if ($admin_groups_name == '' || NULL || strlen($admin_groups_name) <= 5) { oos_redirect_admin(oos_href_link_admin($aFilename['admin_members'], 'gID=' . $_GET[gID] . '&gName=false&action=new_group')); } else { $check_groups_name_query = "SELECT admin_groups_name as group_name_new FROM " . $oostable['admin_groups'] . " WHERE admin_groups_name like '%" . $name_replace . "%'"; $check_groups_name_result =& $dbconn->Execute($check_groups_name_query); $check_duplicate = $check_groups_name_result->RecordCount(); if ($check_duplicate > 0) { oos_redirect_admin(oos_href_link_admin($aFilename['admin_members'], 'gID=' . $_GET['gID'] . '&gName=used&action=new_group')); } else { $sql_data_array = array('admin_groups_name' => $admin_groups_name); oos_db_perform($oostable['admin_groups'], $sql_data_array); $admin_groups_id = $dbconn->Insert_ID(); $set_groups_id = oos_db_prepare_input($_POST['set_groups_id']); $add_group_id = $set_groups_id . ',\'' . $admin_groups_id . '\''; $query = "alter table " . $oostable['admin_files'] . " change admin_groups_id admin_groups_id set( " . $add_group_id . ") NOT NULL DEFAULT '1' "; $dbconn->Execute($query); oos_redirect_admin(oos_href_link_admin($aFilename['admin_members'], 'gID=' . $admin_groups_id)); } } break; } } require 'includes/oos_header.php'; require 'includes/account_check.js.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr>
echo TABLE_HEADING_PUBLISHED; ?> </td> <td class="dataTableHeadingContent" align="left"><?php echo TABLE_HEADING_ARTICLES; ?> </td> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?> </td> </tr> <?php $search = ''; if (isset($_GET['categories'])) { $categories = oos_db_prepare_input($_GET['categories']); $search = "WHERE newsfeed_categories_id = '" . $categories . "'"; } $newsfeed_manager_result_raw = "SELECT\n newsfeed_manager_id, newsfeed_categories_id, newsfeed_manager_name,\n newsfeed_manager_link, newsfeed_manager_languages_id, newsfeed_manager_numarticles,\n newsfeed_manager_refresh, newsfeed_manager_status, newsfeed_manager_date_added,\n newsfeed_manager_last_modified, newsfeed_manager_sort_order\n FROM\n " . $oostable['newsfeed_manager'] . "\n " . $search . "\n ORDER BY\n newsfeed_manager_name"; $newsfeed_manager_split = new splitPageResults($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $newsfeed_manager_result_raw, $newsfeed_manager_result_numrows); $newsfeed_manager_result = $dbconn->Execute($newsfeed_manager_result_raw); while ($newsfeed_manager = $newsfeed_manager_result->fields) { if ((!isset($_GET['nmID']) || isset($_GET['nmID']) && $_GET['nmID'] == $newsfeed_manager['newsfeed_manager_id']) && !isset($nmInfo) && substr($action, 0, 3) != 'new') { $nmInfo = new objectInfo($newsfeed_manager); } if (isset($nmInfo) && is_object($nmInfo) && $newsfeed_manager['newsfeed_manager_id'] == $nmInfo->newsfeed_manager_id) { echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . oos_href_link_admin($aFilename['newsfeed_manager'], oos_get_all_get_params(array('nmID', 'action')) . 'nmID=' . $nmInfo->newsfeed_manager_id . '&action=edit') . '\'">' . "\n"; } else { echo ' <tr class="dataTableRow" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'hand\'" onmouseout="this.className=\'dataTableRow\'" onclick="document.location.href=\'' . oos_href_link_admin($aFilename['newsfeed_manager'], oos_get_all_get_params(array('nmID')) . 'nmID=' . $newsfeed_manager['newsfeed_manager_id']) . '\'">' . "\n"; } ?>
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA All contributions are gladly accepted though Paypal. ---------------------------------------------------------------------- */ /** ensure this file is being included by a parent file */ defined('OOS_VALID_MOD') or die('Direct Access to this location is not allowed.'); if (!isset($_POST['action']) || $_POST['action'] != 'process' || isset($_SESSION['formid']) && $_SESSION['formid'] != $_POST['formid']) { MyOOS_CoreApi::redirect(oos_href_link($aModules['main'], $aFilename['main'])); } require 'includes/languages/' . $sLanguage . '/admin_create_account_process.php'; require 'includes/functions/function_validate_vatid.php'; if (ACCOUNT_GENDER == '1') { $gender = oos_prepare_input($_POST['gender']); } $firstname = oos_db_prepare_input($_POST['firstname']); $lastname = oos_db_prepare_input($_POST['lastname']); if (ACCOUNT_DOB == '1') { $dob = oos_prepare_input($_POST['dob']); } if (ACCOUNT_NUMBER == '1') { $number = oos_prepare_input($_POST['number']); } $email_address = oos_prepare_input($_POST['email_address']); if (ACCOUNT_COMPANY == '1') { $company = oos_prepare_input($_POST['company']); } if (ACCOUNT_OWNER == '1') { $owner = oos_prepare_input($_POST['owner']); } if (ACCOUNT_VAT_ID == '1') { $vat_id = oos_prepare_input($_POST['vat_id']);
$dbconn->Execute("INSERT INTO {$featuredtable} (products_id, featured_date_added, expires_date, status) VALUES ('" . $_POST['products_id'] . "', '" . date("Y-m-d H:i:s", time()) . "', '" . $expires_date . "', '1')"); oos_redirect_admin(oos_href_link_admin($aFilename['featured'], 'page=' . $_GET['page'])); break; case 'update': $expires_date = ''; if ($_POST['day'] && $_POST['month'] && $_POST['year']) { $expires_date = $_POST['year']; $expires_date .= strlen($_POST['month']) == 1 ? '0' . $_POST['month'] : $_POST['month']; $expires_date .= strlen($_POST['day']) == 1 ? '0' . $_POST['day'] : $_POST['day']; } $featuredtable = $oostable['featured']; $dbconn->Execute("UPDATE {$featuredtable} SET featured_last_modified = '" . date("Y-m-d H:i:s", time()) . "', expires_date = '" . $expires_date . "' WHERE featured_id = '" . $_POST['featured_id'] . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['featured'], 'page=' . $_GET['page'] . '&fID=' . $featured_id)); break; case 'deleteconfirm': $featured_id = oos_db_prepare_input($_GET['fID']); $featuredtable = $oostable['featured']; $dbconn->Execute("DELETE FROM {$featuredtable} WHERE featured_id = '" . oos_db_input($featured_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['featured'], 'page=' . $_GET['page'])); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET;
function oos_db_prepare_input($data) { if (is_string($data)) { return trim(stripslashes($data)); } elseif (is_array($data)) { foreach ($data as $key => $value) { $data[$key] = oos_db_prepare_input($value); } return $data; } else { return $data; } }
$form_action = $_GET['pID'] ? 'update_product' : 'insert_product'; echo oos_draw_form($form_action, $aFilename['products'], 'categories=' . $categories . '&pID=' . $_GET['pID'] . '&action=' . $form_action, 'post', 'enctype="multipart/form-data"'); $languages = oos_get_languages(); for ($i = 0, $n = count($languages); $i < $n; $i++) { if (isset($_GET['read']) && $_GET['read'] == 'only') { $pInfo->products_name = oos_get_products_name($pInfo->products_id, $languages[$i]['id']); $pInfo->products_description = oos_get_products_description($pInfo->products_id, $languages[$i]['id']); $pInfo->products_description_meta = oos_get_products_description_meta($pInfo->products_id, $languages[$i]['id']); $pInfo->products_keywords_meta = oos_get_products_keywords_meta($pInfo->products_id, $languages[$i]['id']); $pInfo->products_url = oos_get_products_url($pInfo->products_id, $languages[$i]['id']); } else { $pInfo->products_name = oos_db_prepare_input($products_name[$languages[$i]['id']]); $pInfo->products_description = oos_db_prepare_input($_POST['products_description_' . $languages[$i]['id']]); $pInfo->products_description_meta = oos_db_prepare_input($_POST['products_description_meta_' . $languages[$i]['id']]); $pInfo->products_keywords_meta = oos_db_prepare_input($_POST['products_keywords_meta_' . $languages[$i]['id']]); $pInfo->products_url = oos_db_prepare_input($products_url[$languages[$i]['id']]); } ?> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo oos_image(OOS_SHOP_IMAGES . 'flags/' . $languages[$i]['iso_639_2'] . '.gif', $languages[$i]['name']) . ' ' . $pInfo->products_name; ?> </td> <?php $oosPrice = $pInfo->products_price; if (OOS_PRICE_IS_BRUTTO == '1' && ($_GET['read'] == 'only' || $action != 'new_product_preview')) { $oosPriceNetto = round($oosPrice, TAX_DECIMAL_PLACES); $tax_ratestable = $oostable['tax_rates']; $tax_result = $dbconn->Execute("SELECT tax_rate FROM {$tax_ratestable} WHERE tax_class_id = '" . $pInfo->products_tax_class_id . "' ");
function send($newsletter_id) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $send_mail = new PHPMailer(); $send_mail->PluginDir = OOS_ABSOLUTE_PATH . 'includes/lib/phpmailer/'; $sLang = isset($_SESSION['iso_639_1']) ? $_SESSION['iso_639_1'] : 'en'; $send_mail->SetLanguage($sLang, OOS_ABSOLUTE_PATH . 'includes/lib/phpmailer/language/'); $send_mail->CharSet = CHARSET; $send_mail->IsMail(); $send_mail->From = STORE_OWNER_EMAIL_ADDRESS; $send_mail->FromName = STORE_OWNER; $send_mail->Mailer = EMAIL_TRANSPORT; // Add smtp values if needed if (EMAIL_TRANSPORT == 'smtp') { $send_mail->IsSMTP(); // set mailer to use SMTP $send_mail->SMTPAuth = OOS_SMTPAUTH; // turn on SMTP authentication $send_mail->Username = OOS_SMTPUSER; // SMTP username $send_mail->Password = OOS_SMTPPASS; // SMTP password $send_mail->Host = OOS_SMTPHOST; // specify main and backup server } else { // Set sendmail path if (EMAIL_TRANSPORT == 'sendmail') { if (!oos_empty(OOS_SENDMAIL)) { $send_mail->Sendmail = OOS_SENDMAIL; $send_mail->IsSendmail(); } } } $send_mail->Subject = $this->title; $sql = "SELECT customers_firstname, customers_lastname, customers_email_address\n FROM " . $oostable['customers'] . "\n WHERE customers_newsletter = '1'"; $mail_result = $dbconn->Execute($sql); while ($mail = $mail_result->fields) { $send_mail->Body = $this->content; $send_mail->AddAddress($mail['customers_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname']); $send_mail->Send(); // Clear all addresses and attachments for next loop $send_mail->ClearAddresses(); $send_mail->ClearAttachments(); // Move that ADOdb pointer! $mail_result->MoveNext(); } $sql = "SELECT customers_firstname, customers_lastname, customers_email_address\n FROM " . $oostable['maillist'] . "\n WHERE customers_newsletter = '1'"; $mail_result2 = $dbconn->Execute($sql); while ($mail = $mail_result2->fields) { $send_mail->Body = $this->content; $send_mail->AddAddress($mail['customers_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname']); $send_mail->Send(); // Clear all addresses and attachments for next loop $send_mail->ClearAddresses(); $send_mail->ClearAttachments(); // Move that ADOdb pointer! $mail_result2->MoveNext(); } $newsletter_id = oos_db_prepare_input($newsletter_id); $dbconn->Execute("UPDATE " . $oostable['newsletters'] . " SET date_sent = now(), status = '1' WHERE newsletters_id = '" . oos_db_input($newsletter_id) . "'"); }
oos_db_perform($oostable['block_info'], $sql_data_array); } elseif ($action == 'save') { oos_db_perform($oostable['block_info'], $sql_data_array, 'update', "block_id = '" . intval($block_content_id) . "' AND block_languages_id = '" . intval($lang_id) . "'"); } } if (isset($_REQUEST['page_type'])) { reset($_REQUEST['page_type']); foreach ($_REQUEST['page_type'] as $k => $id) { $sql = "INSERT INTO " . $oostable['block_to_page_type'] . "\n (block_id,\n page_type_id)\n VALUES (" . $dbconn->qstr($block_content_id) . ',' . $dbconn->qstr($id) . ")"; $dbconn->Execute($sql); } } oos_redirect_admin(oos_href_link_admin($aFilename['content_block'], 'page=' . $_GET['page'] . '&bID=' . $block_content_id)); break; case 'deleteconfirm': $block_content_id = oos_db_prepare_input($_GET['bID']); $dbconn->Execute("DELETE FROM " . $oostable['block'] . " WHERE block_id = '" . intval($block_content_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['block_info'] . " WHERE block_id = '" . intval($block_content_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['block_to_page_type'] . " WHERE block_id = '" . intval($block_content_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['content_block'], 'page=' . $_GET['page'])); break; } } $no_js_general = true; require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo block_WIDTH;
$action = isset($_GET['action']) ? $_GET['action'] : ''; if (!empty($action)) { switch ($action) { case 'insert': $tax_ratestable = $oostable['tax_rates']; $dbconn->Execute("INSERT INTO {$tax_ratestable} (tax_zone_id, tax_class_id, tax_rate, tax_description, date_added) VALUES ('" . oos_db_input($tax_zone_id) . "', '" . oos_db_input($tax_class_id) . "', '" . oos_db_input($tax_rate) . "', '" . oos_db_input($tax_description) . "', now())"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'])); break; case 'save': $tax_rates_id = oos_db_prepare_input($_GET['tID']); $tax_ratestable = $oostable['tax_rates']; $dbconn->Execute("UPDATE {$tax_ratestable} SET tax_rates_id = '" . oos_db_input($tax_rates_id) . "', tax_zone_id = '" . oos_db_input($tax_zone_id) . "', tax_class_id = '" . oos_db_input($tax_class_id) . "', tax_rate = '" . oos_db_input($tax_rate) . "', tax_description = '" . oos_db_input($tax_description) . "', tax_priority = '" . oos_db_input($tax_priority) . "', last_modified = now() WHERE tax_rates_id = '" . oos_db_input($tax_rates_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'], 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id)); break; case 'deleteconfirm': $tax_rates_id = oos_db_prepare_input($_GET['tID']); $tax_ratestable = $oostable['tax_rates']; $dbconn->Execute("DELETE FROM {$tax_ratestable} WHERE tax_rates_id = '" . oos_db_input($tax_rates_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php
?> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?> </td> <td class="main"><?php echo oos_draw_form('status', $aFilename['coupon_admin'], '', 'get'); $status_array[] = array('id' => 'Y', 'text' => TEXT_COUPON_ACTIVE); $status_array[] = array('id' => 'N', 'text' => TEXT_COUPON_INACTIVE); $status_array[] = array('id' => '*', 'text' => TEXT_COUPON_ALL); if (isset($_GET['status'])) { $status = oos_db_prepare_input($_GET['status']); } else { $status = 'Y'; } echo HEADING_TITLE_STATUS . ' ' . oos_draw_pull_down_menu('status', $status_array, $status, 'onChange="this.form.submit();"'); ?> </form> </td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="dataTableHeadingRow">
$tax = $tax_result->fields; $_POST['specials_price'] = ($_POST['specials_price']/($tax[tax_rate]+100)*100); } $expires_date = ''; if ($_POST['day'] && $_POST['month'] && $_POST['year']) { $expires_date = $_POST['year']; $expires_date .= (strlen($_POST['month']) == 1) ? '0' . $_POST['month'] : $_POST['month']; $expires_date .= (strlen($_POST['day']) == 1) ? '0' . $_POST['day'] : $_POST['day']; } $dbconn->Execute("UPDATE " . $oostable['specials'] . " SET specials_new_products_price = '" . $_POST['specials_price'] . "', specials_last_modified = now(), expires_date = '" . $expires_date . "' WHERE specials_id = '" . $_POST['specials_id'] . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['specials'], 'page=' . $_GET['page'] . '&sID=' . $specials_id)); break; case 'deleteconfirm': $specials_id = oos_db_prepare_input($_GET['sID']); $specialstable = $oostable['specials']; $dbconn->Execute("DELETE FROM $specialstable WHERE specials_id = '" . oos_db_input($specials_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['specials'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; if ( ($action == 'new') || ($action == 'edit') ) { ?> <link rel="stylesheet" type="text/css" href="includes/javascript/calendar.css"> <script language="JavaScript" src="includes/javascript/calendarcode.js"></script> <?php
$send_mail->AddAddress($mail['customers_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname']); $send_mail->Send(); $send_mail->ClearAddresses(); $send_mail->ClearAttachments(); // Now create the coupon main and email entry $couponstable = $oostable['coupons']; $insert_result = $dbconn->Execute("INSERT INTO {$couponstable} (coupon_code, coupon_type, coupon_amount, date_created) VALUES ('" . $id1 . "', 'G', '" . $_POST['amount'] . "', '" . date("Y-m-d H:i:s", time()) . "')"); $insert_id = $dbconn->Insert_ID(); $coupon_email_tracktable = $oostable['coupon_email_track']; $insert_result = $dbconn->Execute("INSERT INTO {$coupon_email_tracktable} (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) VALUES ('" . $insert_id . "', '0', 'Admin', '" . $mail['customers_email_address'] . "', '" . date("Y-m-d H:i:s", time()) . "' )"); // Move that ADOdb pointer! $mail_result->MoveNext(); } } elseif (isset($_POST['email_to']) && !$_POST['back_x']) { $id1 = oos_create_coupon_code($_POST['email_to']); $message = oos_db_prepare_input($_POST['message']); $message .= "\n\n" . TEXT_GV_WORTH . $currencies->format($_POST['amount']) . "\n\n"; $message .= TEXT_TO_REDEEM; $message .= TEXT_WHICH_IS . $id1 . TEXT_IN_CASE . "\n\n"; $message .= OOS_HTTP_SERVER . OOS_SHOP . 'index.php?page=' . $aCatalogPage['gv_redeem'] . '&gv_no=' . $id1 . "\n\n"; $message .= TEXT_OR_VISIT . OOS_HTTP_SERVER . OOS_SHOP . TEXT_ENTER_CODE; //Let's build a message object using the email class $send_mail = new PHPMailer(); $send_mail->PluginDir = OOS_ABSOLUTE_PATH . 'includes/lib/phpmailer/'; $sLang = isset($_SESSION['iso_639_1']) ? $_SESSION['iso_639_1'] : 'en'; $send_mail->SetLanguage($sLang, OOS_ABSOLUTE_PATH . 'includes/lib/phpmailer/language/'); $send_mail->CharSet = CHARSET; $send_mail->IsMail(); $send_mail->From = $from_mail ? $from_mail : STORE_OWNER_EMAIL_ADDRESS; $send_mail->FromName = $from_name ? $from_name : STORE_OWNER; $send_mail->Mailer = EMAIL_TRANSPORT;
function send($newsletter_id) { $audience = array(); // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); if ($_POST['global'] == 'true') { $products_result = $dbconn->Execute("SELECT distinct pn.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address FROM " . $oostable['customers'] . " c, " . $oostable['products_notifications'] . " pn WHERE c.customers_id = pn.customers_id"); while ($products = $products_result->fields) { $audience[$products['customers_id']] = array('firstname' => $products['customers_firstname'], 'lastname' => $products['customers_lastname'], 'email_address' => $products['customers_email_address']); // Move that ADOdb pointer! $products_result->MoveNext(); } $customers_result = $dbconn->Execute("SELECT c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address FROM " . $oostable['customers'] . " c, " . $oostable['customers_info'] . " ci WHERE c.customers_id = ci.customers_info_id AND ci.global_product_notifications = '1'"); while ($customers = $customers_result->fields) { $audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']); // Move that ADOdb pointer! $customers_result->MoveNext(); } } else { $chosen = $_POST['chosen']; $ids = implode(',', $chosen); $products_result = $dbconn->Execute("SELECT distinct pn.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address FROM " . $oostable['customers'] . " c, " . $oostable['products_notifications'] . " pn WHERE c.customers_id = pn.customers_id AND pn.products_id in (" . $ids . ")"); while ($products = $products_result->fields) { $audience[$products['customers_id']] = array('firstname' => $products['customers_firstname'], 'lastname' => $products['customers_lastname'], 'email_address' => $products['customers_email_address']); // Move that ADOdb pointer! $products_result->MoveNext(); } $customers_result = $dbconn->Execute("SELECT c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address FROM " . $oostable['customers'] . " c, " . $oostable['customers_info'] . " ci WHERE c.customers_id = ci.customers_info_id AND ci.global_product_notifications = '1'"); while ($customers = $customers_result->fields) { $audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']); // Move that ADOdb pointer! $customers_result->MoveNext(); } } $send_mail = new PHPMailer(); $send_mail->PluginDir = OOS_ABSOLUTE_PATH . 'includes/lib/phpmailer/'; $sLang = isset($_SESSION['iso_639_1']) ? $_SESSION['iso_639_1'] : 'en'; $send_mail->SetLanguage($sLang, OOS_ABSOLUTE_PATH . 'includes/lib/phpmailer/language/'); $send_mail->CharSet = CHARSET; $send_mail->IsMail(); $send_mail->From = STORE_OWNER_EMAIL_ADDRESS; $send_mail->FromName = STORE_OWNER; $send_mail->Mailer = EMAIL_TRANSPORT; // Add smtp values if needed if (EMAIL_TRANSPORT == 'smtp') { $send_mail->IsSMTP(); // set mailer to use SMTP $send_mail->SMTPAuth = OOS_SMTPAUTH; // turn on SMTP authentication $send_mail->Username = OOS_SMTPUSER; // SMTP username $send_mail->Password = OOS_SMTPPASS; // SMTP password $send_mail->Host = OOS_SMTPHOST; // specify main and backup server } else { // Set sendmail path if (EMAIL_TRANSPORT == 'sendmail') { if (!oos_empty(OOS_SENDMAIL)) { $send_mail->Sendmail = OOS_SENDMAIL; $send_mail->IsSendmail(); } } } $send_mail->Subject = $this->title; reset($audience); while (list($key, $value) = each($audience)) { $send_mail->Body = $this->content; $send_mail->AddAddress($value['email_address'], $value['firstname'] . ' ' . $value['lastname']); $send_mail->Send(); // Clear all addresses and attachments for next loop $send_mail->ClearAddresses(); $send_mail->ClearAttachments(); } $newsletter_id = oos_db_prepare_input($newsletter_id); $dbconn->Execute("UPDATE " . $oostable['newsletters'] . " SET date_sent = '" . date("Y-m-d H:i:s", time()) . "', status = '1' WHERE newsletters_id = '" . oos_db_input($newsletter_id) . "'"); }
---------------------------------------------------------------------- osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce ---------------------------------------------------------------------- Released under the GNU General Public License ---------------------------------------------------------------------- */ /** ensure this file is being included by a parent file */ defined('OOS_VALID_MOD') or die('Direct Access to this location is not allowed.'); require 'includes/languages/' . $sLanguage . '/user_create_account.php'; // links breadcrumb $oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aModules['user'], $aFilename['create_account'])); $snapshot = count($_SESSION['navigation']->snapshot); if (isset($_GET['email_address'])) { $email_address = oos_db_prepare_input($_GET['email_address']); } $account['entry_country_id'] = STORE_COUNTRY; ob_start(); require 'js/form_check.js.php'; $javascript = ob_get_contents(); ob_end_clean(); $aOption['template_main'] = $sTheme . '/modules/user_create_account.html'; $aOption['page_heading'] = $sTheme . '/heading/page_heading.html'; $nPageType = OOS_PAGE_TYPE_ACCOUNT; require 'includes/oos_system.php'; if (!isset($option)) { require 'includes/info_message.php'; require 'includes/oos_blocks.php'; require 'includes/oos_counter.php'; }
$sInstance = oos_db_prepare_input($_GET['plugin']); if (($key = array_search($sInstance, $installed)) !== false) { include OOS_ABSOLUTE_PATH . 'includes/plugins/' . 'oos_event_' . $sInstance . '/oos_event_' . $sInstance . '.php'; $class = 'oos_event_' . $sInstance; $oPlugin = new $class(); if ($oPlugin->uninstallable) { $oPlugin->remove(); unset($installed[$key]); $configurationtable = $oostable['configuration']; $dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . implode(';', $installed) . "' WHERE configuration_key = 'MODULE_PLUGIN_EVENT_INSTALLED'"); } } oos_redirect_admin(oos_href_link_admin($aFilename['plugins'], 'plugin=' . $_GET['plugin'])); break; case 'install': $sInstance = oos_db_prepare_input($_GET['plugin']); if (array_search($sInstance, $installed) === false) { include OOS_ABSOLUTE_PATH . 'includes/plugins/' . 'oos_event_' . $sInstance . '/oos_event_' . $sInstance . '.php'; $class = 'oos_event_' . $sInstance; $oPlugin = new $class(); $bInstall = $oPlugin->install(); if ($bInstall) { if (isset($oPlugin->depends)) { if (is_string($oPlugin->depends) && ($key = array_search($oPlugin->depends, $installed)) !== false) { if (isset($installed[$key + 1])) { array_splice($installed, $key + 1, 0, $sInstance); } else { $installed[] = $sInstance; } } elseif (is_array($oPlugin->depends)) { foreach ($oPlugin->depends as $depends_module) {
// avoid hack attempts during the checkout procedure by checking the internal cartID if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) { if ($_SESSION['cart']->cartID != $_SESSION['cartID']) { MyOOS_CoreApi::redirect(oos_href_link($aPages['checkout_shipping'], '', 'SSL')); } } if ( isset($_SESSION['formid']) && ($_SESSION['formid'] == $_POST['formid']) ) { if (isset($_POST['payment'])) $_SESSION['payment'] = oos_db_prepare_input($_POST['payment']); if ( (isset($_POST['comments'])) && (empty($_POST['comments'])) ) { $_SESSION['comments'] = ''; } elseif (isset($_POST['comments'])) { $_SESSION['comments'] = oos_db_prepare_input($_POST['comments']); } if (isset($_POST['campaign_id']) && is_numeric($_POST['campaign_id'])) { $_SESSION['campaigns_id'] = intval($_POST['campaign_id']); } // if no shipping method has been selected, redirect the customer to the shipping method selection page if (!isset($_SESSION['shipping'])) { MyOOS_CoreApi::redirect(oos_href_link($aPages['checkout_shipping'], '', 'SSL')); } // if conditions are not accepted, redirect the customer to the payment method selection page if ( (DISPLAY_CONDITIONS_ON_CHECKOUT == '1') && (empty($_POST['gv_redeem_code'])) ) { if ($_POST['conditions'] == false) {
case 'box_remove': // NOTE: ALSO DELETE FILES STORED IN REMOVED BOX // $admin_boxes_id = oos_db_prepare_input($_GET['cID']); $admin_filestable = $oostable['admin_files']; $query = "DELETE FROM " . $admin_filestable . " WHERE admin_files_id = '" . $admin_boxes_id . "' or admin_files_to_boxes = '" . $admin_boxes_id . "'"; $dbconn->Execute($query); oos_redirect_admin(oos_href_link_admin($aFilename['admin_files'])); break; case 'file_store': $sql_data_array = array('admin_files_name' => oos_db_prepare_input($_POST['admin_files_name']), 'admin_files_to_boxes' => oos_db_prepare_input($_POST['admin_files_to_boxes'])); oos_db_perform($oostable['admin_files'], $sql_data_array); $admin_files_id = $dbconn->Insert_ID(); oos_redirect_admin(oos_href_link_admin($aFilename['admin_files'], 'categories=' . $_GET['categories'] . '&fID=' . $admin_files_id)); break; case 'file_remove': $admin_files_id = oos_db_prepare_input($_POST['admin_files_id']); $admin_filestable = $oostable['admin_files']; $query = "DELETE FROM " . $admin_filestable . " WHERE admin_files_id = '" . $admin_files_id . "'"; $dbconn->Execute($query); oos_redirect_admin(oos_href_link_admin($aFilename['admin_files'], 'categories=' . $_GET['categories'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>