} else { $_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_quantity_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_min_text_info'] . ' ' . $products_order_min; } } } if ($_SESSION['error_cart_msg'] == '') { MyOOS_CoreApi::redirect(oos_href_link($goto_file, oos_get_all_post_parameters($parameters), 'NONSSL')); } else { MyOOS_CoreApi::redirect(oos_href_link($aPages['product_info'], 'products_id=' . $_POST['slave_id'])); } } break; case 'add_a_quickie': if (DECIMAL_CART_QUANTITY == '1') { $_POST['cart_quantity'] = str_replace(',', '.', $_POST['cart_quantity']); $cart_quantity = oos_prepare_input($_POST['cart_quantity']); } if (isset($_POST['cart_quantity']) && is_numeric($_POST['cart_quantity'])) { if (isset($_POST['quickie'])) { $productstable = $oostable['products']; $quickie_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE (products_model = '" . addslashes($quickie) . "' OR products_ean = '" . addslashes($quickie) . "')"); if (!$quickie_result->RecordCount()) { $productstable = $oostable['products']; $quickie_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE (products_model LIKE '%" . addslashes($quickie) . "%' OR products_ean LIKE '%" . addslashes($quickie) . "%')"); } if ($quickie_result->RecordCount() != 1) { MyOOS_CoreApi::redirect(oos_href_link($aPages['advanced_search_result'], 'keywords=' . $quickie, 'NONSSL')); } $products_quickie = $quickie_result->fields; if (oos_has_product_attributes($products_quickie['products_id'])) { MyOOS_CoreApi::redirect(oos_href_link($aPages['product_info'], 'products_id=' . $products_quickie['products_id'], 'NONSSL'));
if (!isset($nProductsId)) { $nProductsId = oos_get_product_id($_POST['products_id']); } } else { oos_redirect(oos_href_link($aModules['main'], $aFilename['main'])); } require 'includes/languages/' . $sLanguage . '/reviews_product_write.php'; $productstable = $oostable['products']; $products_descriptiontable = $oostable['products_description']; $sql = "SELECT pd.products_name, p.products_image\n FROM {$productstable} p,\n {$products_descriptiontable} pd\n WHERE p.products_id = '" . intval($nProductsId) . "'\n AND pd.products_id = p.products_id\n AND pd.products_languages_id = '" . intval($nLanguageID) . "'\n AND p.products_status >= '1'"; $product_result = $dbconn->Execute($sql); $valid_product = $product_result->RecordCount() > 0; $product_info = $product_result->fields; if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) { $rating = oos_prepare_input($_POST['rating']); $review = oos_prepare_input($_POST['review']); if ($valid_product == true) { // We got to the process but it is an illegal product, don't write $customersstable = $oostable['customers']; $sql = "SELECT customers_firstname, customers_lastname\n FROM {$customersstable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'"; $customer = $dbconn->Execute($sql); $customer_values = $customer->fields; $firstname = $customer_values['customers_firstname']; $lastname = ltrim($customer_values['customers_lastname']); $lastname = substr($lastname, 0, 1); $customers_name = $firstname . ' ' . $lastname . '. '; $reviewstable = $oostable['reviews']; $dbconn->Execute("INSERT INTO {$reviewstable}\n (products_id,\n customers_id,\n customers_name,\n reviews_rating,\n date_added) VALUES ('" . intval($nProductsId) . "',\n '" . intval($_SESSION['customer_id']) . "',\n '" . oos_db_input($customers_name) . "',\n '" . oos_db_input($rating) . "',\n '" . date("Y-m-d H:i:s", time()) . "')"); $insert_id = $dbconn->Insert_ID(); $reviews_descriptiontable = $oostable['reviews_description']; $dbconn->Execute("INSERT INTO {$reviews_descriptiontable}\n (reviews_id,\n reviews_languages_id,\n reviews_text) VALUES ('" . intval($insert_id) . "',\n '" . intval($nLanguageID) . "',\n '" . oos_db_input($review) . "')");
unset($_SESSION['customer_country_id']); unset($_SESSION['customer_zone_id']); unset($_SESSION['comments']); unset($_SESSION['customer_max_order']); unset($_SESSION['gv_id']); unset($_SESSION['cc_id']); unset($_SESSION['man_key']); $_SESSION['cart']->reset(); $_SESSION['member']->default_member(); } if (isset($_POST['verif_key'])) { $verif_key = oos_prepare_input($_POST['verif_key']); } require 'includes/modules/key_generate.php'; if ( empty( $verif_key ) || !is_string( $verif_key ) ) { MyOOS_CoreApi::redirect(oos_href_link($aPages['main'])); } $sLanguage = oos_var_prep_for_os($_SESSION['language']); require 'includes/languages/' . $sLanguage . '.php'; require 'includes/languages/' . $sLanguage . '/admin_create_account.php'; $manual_infotable = $oostable['manual_info']; $login_result = $dbconn->Execute("SELECT man_key2, man_key3, status FROM $manual_infotable WHERE man_key = '" . oos_db_input($verif_key) . "' AND status = 1 ");
unset($_SESSION['comments']); unset($_SESSION['customer_max_order']); unset($_SESSION['gv_id']); unset($_SESSION['cc_id']); unset($_SESSION['man_key']); $_SESSION['cart']->reset(); $_SESSION['member']->default_member(); } if (isset($_POST)) { $email_address = oos_prepare_input($_POST['email_address']); $verif_key = oos_prepare_input($_POST['verif_key']); } if (isset($_POST['action']) && $_POST['action'] == 'login_process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) { $email_addressb = oos_prepare_input($_POST['email_addressa']); $keya = oos_prepare_input($_POST['keya']); $keyb = oos_prepare_input($_POST['keyb']); $manual_infotable = $oostable['manual_info']; $sql = "SELECT man_name, defined\n FROM {$manual_infotable}\n WHERE man_key = '" . oos_db_input($keya) . "'\n AND man_key2 = '" . oos_db_input($keyb) . "'\n AND status = '1'"; $login_result = $dbconn->Execute($sql); if (!$login_result->RecordCount()) { $manual_infotable = $oostable['manual_info']; $dbconn->Execute("UPDATE {$manual_infotable}\n SET man_key = '',\n man_key2 = ''\n WHERE man_info_id = '1'"); MyOOS_CoreApi::redirect(oos_href_link($aPages['main'])); } // Check if email exists $customerstable = $oostable['customers']; $sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_vat_id_status,\n customers_email_address, customers_default_address_id, customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($email_addressb) . "'"; $check_customer_result = $dbconn->Execute($sql); if (!$check_customer_result->RecordCount()) { $_GET['login'] = '******'; $dbconn->Execute("UPDATE " . $oostable['manual_info'] . "\n SET man_key2 = ''\n WHERE where man_info_id = '1'");
if (ACCOUNT_VAT_ID == '1') $vat_id = oos_prepare_input($_POST['vat_id']); $street_address = oos_prepare_input($_POST['street_address']); if (ACCOUNT_SUBURB == '1') $suburb = oos_prepare_input($_POST['suburb']); $postcode = oos_prepare_input($_POST['postcode']); $city = oos_prepare_input($_POST['city']); if (ACCOUNT_STATE == '1') $state = oos_prepare_input($_POST['state']); $country = oos_prepare_input($_POST['country']); $telephone = oos_prepare_input($_POST['telephone']); $fax = oos_prepare_input($_POST['fax']); $newsletter = oos_prepare_input($_POST['newsletter']); $password = oos_prepare_input($_POST['password']); $confirmation = oos_prepare_input($_POST['confirmation']); $bError = false; // reset error flag if (ACCOUNT_GENDER == '1') { if ( ($gender == 'm') || ($gender == 'f') ) { $gender_error = false; } else { $bError = true; $gender_error = '1'; } } if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
} if (strlen($sKeywords) > 0) { if (!oos_parse_search_string(stripslashes($sKeywords), $search_keywords)) { $errorno += 10000000; $error = 1; } } } if ($error == 1) { MyOOS_CoreApi::redirect(oos_href_link($aPages['advanced_search'], 'errorno=' . $errorno . $all_get_listing)); } else { if (isset($_GET['keywords']) && !empty($_GET['keywords'])) { $sKeywords = oos_prepare_input($_GET['keywords']); $pw_keywords = explode(' ',stripslashes(strtolower($sKeywords))); $pw_boldwords = $pw_keywords; $sql = "SELECT sws_word, sws_replacement FROM " . $oostable['searchword_swap']; $sql_words = $dbconn->Execute($sql); $pw_replacement = ''; while ($sql_words_result = $sql_words->fields) { if (stripslashes(strtolower($sKeywords)) == stripslashes(strtolower($sql_words_result['sws_word']))) { $pw_replacement = stripslashes($sql_words_result['sws_replacement']); $pw_link_text = '<b><i>' . stripslashes($sql_words_result['sws_replacement']) . '</i></b>'; $pw_phrase = 1; $pw_mispell = 1; break; } for ($i=0; $i<count($pw_keywords); $i++) {
} if (!isset($_SESSION['customer_id'])) { if (isset($_GET['action']) && $_GET['action'] == 'process' && !oos_validate_is_email(trim($from_email_address))) { $fromemail_error = '1'; $error = '1'; } } if (isset($_GET['action']) && $_GET['action'] == 'process' && empty($from_name)) { $fromname_error = '1'; $error = '1'; } if (isset($_GET['action']) && $_GET['action'] == 'process' && $error == '0' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) { $email_subject = sprintf($aLang['text_email_subject'], $from_name, STORE_NAME); $email_body = sprintf($aLang['text_email_intro'], $friendname, $from_name, $products_name, STORE_NAME) . "\n\n"; if (!empty($_POST['yourmessage'])) { $email_body .= oos_prepare_input($_POST['yourname']) . "\n\n"; } $email_body .= sprintf($aLang['text_email_link'], oos_href_link($aModules['products'], $aFilename['product_info'], 'products_id=' . $_GET['products_id'])) . "\n\n" . sprintf($aLang['text_email_signature'], STORE_NAME . "\n" . OOS_HTTP_SERVER . OOS_SHOP . "\n"); oos_mail($friendname, $friendemail, $email_subject, stripslashes($email_body), '', $from_email_address); } else { if (isset($_SESSION['customer_id'])) { $your_name_prompt = $account_values['customers_firstname'] . ' ' . $account_values['customers_lastname']; $your_email_address_prompt = $account_values['customers_email_address']; } else { $your_name_prompt = oos_draw_input_field('yourname', $fromname_error == '1' ? $yourname : $_GET['yourname']); if ($fromname_error == '1') { $your_name_prompt .= ' <span class="errorText">' . $aLang['text_required'] . '</span>'; } $your_email_address_prompt = oos_draw_input_field('from', $fromemail_error == '1' ? $from : $_GET['from']); if ($fromemail_error == '1') { $your_email_address_prompt .= $aLang['entry_email_address_check_error'];
function pre_confirmation_check() { global $banktransfer_number, $banktransfer_blz, $aLang; if ($_POST['banktransfer_fax'] == false) { include 'includes/classes/class_banktransfer_validation.php'; $banktransfer_validation = new AccountCheck(); $banktransfer_result = $banktransfer_validation->CheckAccount($banktransfer_number, $banktransfer_blz); if ($banktransfer_result > 0 || $_POST['banktransfer_owner'] == '') { if ($_POST['banktransfer_owner'] == '') { $error = 'Name des Kontoinhabers fehlt!'; $recheckok = ''; } else { switch ($banktransfer_result) { case 1: // number & blz not ok $error = $aLang['module_payment_banktransfer_text_bank_error_1']; $recheckok = '1'; break; case 5: // BLZ not found $error = $aLang['module_payment_banktransfer_text_bank_error_5']; $recheckok = '1'; break; case 8: // no blz entered $error = $aLang['module_payment_banktransfer_text_bank_error_8']; $recheckok = ''; break; case 9: // no number entered $error = $aLang['module_payment_banktransfer_text_bank_error_9']; $recheckok = ''; break; default: $error = $aLang['module_payment_banktransfer_text_bank_error_4']; $recheckok = '1'; break; } } if ($_POST['recheckok'] != '1') { $payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error) . '&banktransfer_owner=' . urlencode($_POST['banktransfer_owner']) . '&banktransfer_number=' . urlencode($_POST['banktransfer_number']) . '&banktransfer_blz=' . urlencode($_POST['banktransfer_blz']) . '&banktransfer_bankname=' . urlencode($_POST['banktransfer_bankname']) . '&recheckok=' . $recheckok; $aPages = oos_get_pages(); MyOOS_CoreApi::redirect(oos_href_link($aPages['checkout_payment'], $payment_error_return, 'SSL', true, false)); } } $this->banktransfer_owner = oos_prepare_input($_POST['banktransfer_owner']); $this->banktransfer_blz = oos_prepare_input($_POST['banktransfer_blz']); $this->banktransfer_number = oos_prepare_input($_POST['banktransfer_number']); $this->banktransfer_prz = $banktransfer_validation->PRZ; $this->banktransfer_status = $banktransfer_result; if ($banktransfer_validation->Bankname != '') { $this->banktransfer_bankname = $banktransfer_validation->Bankname; } else { $this->banktransfer_bankname = oos_prepare_input($_POST['banktransfer_bankname']); } } }
} $firstname = oos_db_prepare_input($_POST['firstname']); $lastname = oos_db_prepare_input($_POST['lastname']); if (ACCOUNT_COMPANY == '1') { $company = oos_prepare_input($_POST['company']); } $street_address = oos_prepare_input($_POST['street_address']); if (ACCOUNT_SUBURB == '1') { $suburb = oos_prepare_input($_POST['suburb']); } $postcode = oos_prepare_input($_POST['postcode']); $city = oos_prepare_input($_POST['city']); if (ACCOUNT_STATE == '1') { $state = oos_prepare_input($_POST['state']); } $country = oos_prepare_input($_POST['country']); $process = '1'; if (ACCOUNT_GENDER == '1') { if ($gender == 'm' || $gender == 'f') { $gender_error = '0'; } else { $gender_error = '1'; $bError = true; } } if (ACCOUNT_COMPANY == '1') { if (strlen($company) < ENTRY_COMPANY_MIN_LENGTH) { $company_error = '1'; $bError = true; } }
// Used in the "Backup Manager" to compress backups define('LOCAL_EXE_GZIP', '/usr/bin/gzip'); define('LOCAL_EXE_GUNZIP', '/usr/bin/gunzip'); define('LOCAL_EXE_ZIP', '/usr/local/bin/zip'); define('LOCAL_EXE_UNZIP', '/usr/local/bin/unzip'); require 'includes/oos_filename.php'; require '../includes/oos_tables.php'; require '../includes/functions/function_global.php'; require 'includes/functions/function_kernel.php'; require '../includes/core/classes/utilities_class.php'; require '../includes/core/classes/core_api_class.php'; // Load server utilities require '../includes/functions/function_server.php'; if (isset($_POST)) { foreach ($_POST as $key => $value) { ${$key} = oos_prepare_input($value); } } // define how the session functions will be used require '../includes/functions/function_session.php'; // set the session ID if it exists if (isset($_POST[oos_session_name()])) { oos_session_id($_POST[oos_session_name()]); } elseif (isset($_GET[oos_session_name()])) { oos_session_id($_GET[oos_session_name()]); } oos_session_name('OOSADMINSID'); oos_session_start(); if (!isset($_SESSION)) { $_SESSION = array(); }
function oosUpdateConfigShop($db_prefs = false) { global $reg_src, $reg_rep; global $dbhost, $dbuname, $dbpass, $dbname, $prefix_table, $dbtype; global $oos_server, $oos_ssl_server, $enable_ssl, $oos_root_path, $oos_shop_path, $oos_shop_dir, $oos_template_dir, $tmpsession, $tmp_session_crypt; $static1 = oos_prepare_input($_POST['static1']); $image01 = oos_prepare_input($_POST['image01']); $planet = oos_prepare_input($_POST['planet']); $tracking = oos_prepare_input($_POST['tracking']); $wordpress = oos_prepare_input($_POST['wordpress']); add_src_rep("OOS_HTTP_SERVER", $oos_server); add_src_rep("OOS_HTTPS_SERVER", $oos_ssl_server); if ($enable_ssl == 'on') { add_src_rep("ENABLE_SSL", '1'); } else { add_src_rep("ENABLE_SSL", '0'); } add_src_rep("STATIC1_HTTP_SERVER", $static1); add_src_rep("IMAGE01_HTTP_SERVER", $image01); add_src_rep("PLANET_HTTP_SERVER", $planet); add_src_rep("TRACKING_HTTP_SERVER", $tracking); add_src_rep("BLOG_HTTP_SERVER", $wordpress); add_src_rep("OOS_SHOP", $oos_shop_dir); add_src_rep("OOS_ABSOLUTE_PATH", $oos_root_path . $oos_shop_dir); add_src_rep("OOS_TEMP_PATH", $oos_template_dir); add_src_rep("STORE_SESSIONS", '0'); add_src_rep("STORE_SESSIONS_CRYPT", '0'); add_src_rep("OOS_DB_TYPE", $dbtype); add_src_rep("OOS_DB_SERVER", $dbhost); add_src_rep("OOS_DB_USERNAME", base64_encode($dbuname)); add_src_rep("OOS_DB_PASSWORD", base64_encode($dbpass)); add_src_rep("OOS_DB_DATABASE", $dbname); add_src_rep("OOS_DB_PREFIX", $prefix_table); if (strstr($HTTP_ENV_VARS["OS"],"Win")) { add_src_rep("OOS_SYSTEM", '1'); } else { add_src_rep("OOS_SYSTEM", '0'); } add_src_rep("OOS_ENCODED", '1'); $ret = modify_file("../includes/configure.php", "../includes/configure-old.php", $reg_src, $reg_rep); if (preg_match("/Error/", $ret)) { show_error_shop_info(); } }
} // Post-entry error checking when updating or adding an entry $process = '0'; if (isset($_POST['action']) && ($_POST['action'] == 'process' || $_POST['action'] == 'update')) { if (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid']) { $gender = oos_prepare_input($_POST['gender']); $firstname = oos_prepare_input($_POST['firstname']); $lastname = oos_prepare_input($_POST['lastname']); $company = oos_prepare_input($_POST['company']); $street_address = oos_prepare_input($_POST['street_address']); $suburb = oos_prepare_input($_POST['suburb']); $postcode = oos_prepare_input($_POST['postcode']); $city = oos_prepare_input($_POST['city']); $state = oos_prepare_input($_POST['state']); $entry_id = oos_prepare_input($_POST['entry_id']); $suburb = oos_prepare_input($_POST['suburb']); $process = '1'; $error = '0'; if (ACCOUNT_GENDER == '1') { if ($gender == 'm' || $gender == 'f') { $gender_error = '0'; } else { $gender_error = '1'; $error = '1'; } } if (ACCOUNT_COMPANY == '1') { if (strlen($company) < ENTRY_COMPANY_MIN_LENGTH) { $company_error = '1'; $error = '1'; }
require_once '../includes/functions/function_global.php'; require_once '../includes/functions/function_kernel.php'; require_once '../includes/functions/function_password.php'; require_once '../includes/lib/adodb/adodb.inc.php'; include_once 'modify_configure.php'; include_once 'upgrade.php'; include_once 'newinstall.php'; include_once 'gui.php'; include_once 'db.php'; include_once 'check.php'; include_once 'language.php'; if (isset($_POST)) { foreach ($_POST as $k=>$v) { $$k = oos_prepare_input($v); } } if (isset($alanguage)) { $currentlang = $alanguage; } if (isset($aupdate)) { $update = $aupdate; } if (!empty($encoded)) { $dbuname = base64_decode($dbuname); $dbpass = base64_decode($dbpass); }
} define('OOS_VALID_MOD', 'yes'); require_once '../includes/functions/function_global.php'; require_once '../includes/functions/function_kernel.php'; require_once '../includes/functions/function_password.php'; require_once '../includes/lib/adodb/adodb.inc.php'; include_once 'modify_configure.php'; include_once 'upgrade.php'; include_once 'newinstall.php'; include_once 'gui.php'; include_once 'db.php'; include_once 'check.php'; include_once 'language.php'; if (isset($_POST)) { foreach ($_POST as $k => $v) { ${$k} = oos_prepare_input($v); } } if (isset($alanguage)) { $currentlang = $alanguage; } if (isset($aupdate)) { $update = $aupdate; } if (!empty($encoded)) { $dbuname = base64_decode($dbuname); $dbpass = base64_decode($dbpass); } installer_get_language(); include_once 'header.php'; /* This starts the switch statement that filters through the form options.
if (isset($_GET['tlid'])) { $tlid = oos_db_prepare_input($_GET['tlid']); } if (isset($_POST['tlid'])) { $tlid = oos_prepare_input($_POST['tlid']); } if (strlen($tlid) < 10) { unset($tlid); } // Form was submitted $bError = false; if (isset($_POST['action']) && $_POST['action'] == 'send' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid']) && isset($tlid)) { $status = oos_prepare_input($_POST['status']); $department = oos_prepare_input($_POST['department']); $priority = oos_prepare_input($_POST['priority']); $enquiry = oos_prepare_input($_POST['enquiry']); // Check Message length if (isset($enquiry) && strlen($enquiry) < TICKET_ENTRIES_MIN_LENGTH) { $bError = true; $_SESSION['error_message'] = $aLang['ticket_warning_enquiry_too_short']; } if ($bError === false) { $ticket_tickettable = $oostable['ticket_ticket']; $sql = "SELECT ticket_id, ticket_customers_name\n FROM {$ticket_tickettable}\n WHERE ticket_link_id = '" . oos_db_input($tlid) . "'"; $ticket_id_result = $dbconn->Execute($sql); $ticket_id = $ticket_id_result->fields; if ($ticket_id['ticket_id']) { if (TICKET_ALLOW_CUSTOMER_TO_CHANGE_STATUS == '0' && TICKET_CUSTOMER_REPLY_STATUS_ID > 0) { $status = TICKET_CUSTOMER_REPLY_STATUS_ID; } $sql_data_array = array('ticket_id' => $ticket_id['ticket_id'], 'ticket_status_id' => $status, 'ticket_priority_id' => $priority, 'ticket_department_id' => $department, 'ticket_date_modified' => 'now()', 'ticket_customer_notified' => '0', 'ticket_edited_by' => $ticket_id['ticket_customers_name'], 'ticket_comments' => $enquiry);
Max Order - 2003/04/27 JOHNSON - Copyright (c) 2003 Matti Ressler - mattifinn@optusnet.com.au ---------------------------------------------------------------------- Released under the GNU General Public License ---------------------------------------------------------------------- */ // DO NOT RUN THIS SCRIPT STANDALONE if (count(get_included_files()) < 2) { header("HTTP/1.1 301 Moved Permanently"); header("Location: /"); exit; } $_SESSION['navigation']->remove_current_page(); require 'includes/languages/' . $sLanguage . '/user_login.php'; if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) { $email_address = oos_prepare_input($_POST['email_address']); $password = oos_prepare_input($_POST['password']); if (empty($email_address) || !is_string($email_address)) { MyOOS_CoreApi::redirect(oos_href_link($aPages['main'])); } // Check if email exists $customerstable = $oostable['customers']; $sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_language,\n customers_vat_id_status, customers_email_address, customers_default_address_id,\n customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($email_address) . "'"; $check_customer_result = $dbconn->Execute($sql); if (!$check_customer_result->RecordCount()) { $_GET['login'] = '******'; } else { $check_customer = $check_customer_result->fields; // Check that password is good if (!oos_validate_password($password, $check_customer['customers_password'])) { $_GET['login'] = '******'; } else {
osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2002 - 2003 osCommerce ---------------------------------------------------------------------- Released under the GNU General Public License ---------------------------------------------------------------------- */ // DO NOT RUN THIS SCRIPT STANDALONE if (count(get_included_files()) < 2) { header("HTTP/1.1 301 Moved Permanently"); header("Location: /"); exit; } require 'includes/languages/' . $sLanguage . '/newsletters_subscription_center.php'; if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) { $email_address = oos_prepare_input($_POST['email_address']); if (empty($email_address) || !is_string($email_address)) { MyOOS_CoreApi::redirect(oos_href_link($aPages['main'])); } $customerstable = $oostable['customers']; $sql = "SELECT customers_firstname, customers_lastname, customers_id\n FROM {$customerstable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'"; $check_customer_result = $dbconn->Execute($sql); if ($check_customer_result->RecordCount()) { $check_customer = $check_customer_result->fields; $customerstable = $oostable['customers']; $dbconn->Execute("UPDATE {$customerstable}\n SET customers_newsletter = '0'\n WHERE customers_id = '" . $check_customer['customers_id'] . "'"); MyOOS_CoreApi::redirect(oos_href_link($aPages['newsletters_unsubscribe_success'])); } else { $maillisttable = $oostable['maillist']; $sql = "SELECT customers_firstname\n FROM {$maillisttable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'"; $check_mail_customer_result = $dbconn->Execute($sql);
// process the selected shipping method if ( (isset($_POST['action']) && ($_POST['action'] == 'process')) && (isset($_SESSION['formid']) && ($_SESSION['formid'] == $_POST['formid'])) ) { if ( (isset($_POST['comments'])) && (empty($_POST['comments'])) ) { $_SESSION['comments'] = ''; } elseif (isset($_POST['comments'])) { $_SESSION['comments'] = oos_db_prepare_input($_POST['comments']); } if (isset($_POST['campaign_id']) && is_numeric($_POST['campaign_id'])) { $_SESSION['campaigns_id'] = intval($_POST['campaign_id']); } if ( (oos_count_shipping_modules() > 0) || ($free_shipping == true) ) { if ( (isset($_POST['shipping'])) && (strpos($_POST['shipping'], '_')) ) { $_SESSION['shipping'] = oos_prepare_input($_POST['shipping']); list($module, $method) = preg_split("/_/", $_SESSION['shipping']); if ( is_object($$module) || ($_SESSION['shipping'] == 'free_free') ) { if ($_SESSION['shipping'] == 'free_free') { $quote[0]['methods'][0]['title'] = $aLang['free_shipping_title']; $quote[0]['methods'][0]['cost'] = '0'; } else { $quote = $oShippingModules->quote($method, $module); } if (isset($quote['error'])) { unset($_SESSION['shipping']); } else { if ( (isset($quote[0]['methods'][0]['title'])) && (isset($quote[0]['methods'][0]['cost'])) ) { $_SESSION['shipping'] = array('id' => $_SESSION['shipping'],