function vam_Security()
{
// Cross-Site Scripting attack defense - Sent by larsneo
// some syntax checking against injected javascript
// extended by Neo
if (count($_GET) > 0) {
// Lets now sanitize the GET vars
// echo '<pre>';
//print_r ($_GET);
//echo '</pre>';
foreach ($_GET as $secvalue) {
if (!is_array($secvalue)) {
if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue)) {
vamMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
vam_redirect(FILENAME_DEFAULT);
}
}
}
}
// Lets now sanitize the POST vars
if (count($_POST) > 0) {
foreach ($_POST as $secvalue) {
if (!is_array($secvalue)) {
if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue)) {
vamMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
vam_redirect(FILENAME_DEFAULT);
}
}
}
}
// Lets now sanitize the COOKIE vars
if (count($_COOKIE) > 0) {
foreach ($_COOKIE as $secvalue) {
if (!is_array($secvalue)) {
if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue)) {
vamMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
vam_redirect(FILENAME_DEFAULT);
}
}
}
}
}
} elseif (vam_not_null($_POST['dest_category_id'])) {
$dest_category_id = vam_db_prepare_input($_POST['dest_category_id']);
if ($_POST['copy_as'] == 'link') {
$catfunc->link_product($product_id, $dest_category_id);
} elseif ($_POST['copy_as'] == 'duplicate') {
$catfunc->duplicate_product($product_id, $dest_category_id);
} else {
$messageStack->add_session('Copy type not specified.', 'error');
}
}
}
}
vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $dest_category_id . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
}
// --- MULTI COPY ENDS ---
vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $_GET['cPath'] . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
break;
#EOB multi_action_confirm
}
//EOB switch action
}
//EOB if action
// check if the catalog image directory exists
if (is_dir(DIR_FS_CATALOG_IMAGES)) {
if (!is_writeable(DIR_FS_CATALOG_IMAGES)) {
$messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_DOES_NOT_EXIST, 'error');
}
// end of pre-checks and actions, HTML output follows
Released under the GNU General Public License
--------------------------------------------------------------
Third Party contributions:
New Attribute Manager v4b Autor: Mike G | mp3man@internetwork.net | http://downloads.ephing.com
copy attributes Autor: Hubi | http://www.netz-designer.de
Released under the GNU General Public License
--------------------------------------------------------------*/
require 'includes/application_top.php';
require DIR_WS_MODULES . 'new_attributes_config.php';
require DIR_FS_INC . 'vam_findTitle.inc.php';
require_once DIR_FS_INC . 'vam_format_filesize.inc.php';
if ($_POST['cpath'] != '' && $_POST['action'] == 'change') {
include DIR_WS_MODULES . 'new_attributes_change.php';
vam_redirect('./' . FILENAME_CATEGORIES . '?cPath=' . $_POST['cpath'] . '&pID=' . $_POST['current_product_id']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
echo TITLE;
?>
include 'includes/application_top.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'vam_break_string.inc.php';
require_once DIR_FS_INC . 'vam_date_long.inc.php';
// lets retrieve all $HTTP_GET_VARS keys and values..
$get_params = vam_get_all_get_params(array('reviews_id'));
$get_params = substr($get_params, 0, -1);
//remove trailing &
$reviews_query = "select rd.reviews_text, r.reviews_rating, r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, p.products_id, pd.products_name, p.products_image from " . TABLE_REVIEWS . " r left join " . TABLE_PRODUCTS . " p on (r.products_id = p.products_id) left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on (p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'), " . TABLE_REVIEWS_DESCRIPTION . " rd where r.reviews_id = '" . (int) $_GET['reviews_id'] . "' and r.reviews_id = rd.reviews_id and p.products_status = '1'";
$reviews_query = vam_db_query($reviews_query);
if (!vam_db_num_rows($reviews_query)) {
vam_redirect(vam_href_link(FILENAME_REVIEWS));
}
$reviews = vam_db_fetch_array($reviews_query);
$breadcrumb->add(NAVBAR_TITLE_PRODUCT_REVIEWS, vam_href_link(FILENAME_PRODUCT_REVIEWS, $get_params));
vam_db_query("update " . TABLE_REVIEWS . " set reviews_read = reviews_read+1 where reviews_id = '" . $reviews['reviews_id'] . "'");
$reviews_text = vam_break_string(htmlspecialchars($reviews['reviews_text']), 60, '-<br />');
require DIR_WS_INCLUDES . 'header.php';
$vamTemplate->assign('PRODUCTS_NAME', $reviews['products_name']);
$vamTemplate->assign('AUTHOR', $reviews['customers_name']);
$vamTemplate->assign('DATE', vam_date_long($reviews['date_added']));
$vamTemplate->assign('REVIEWS_TEXT', nl2br($reviews_text));
$vamTemplate->assign('RATING', vam_image('templates/' . CURRENT_TEMPLATE . '/img/stars_' . $reviews['reviews_rating'] . '.gif', sprintf(TEXT_OF_5_STARS, $reviews['reviews_rating'])));
$vamTemplate->assign('PRODUCTS_LINK', vam_href_link(FILENAME_PRODUCT_INFO, vam_product_link($reviews['products_id'], $reviews['products_name'])));
$vamTemplate->assign('BUTTON_BACK', '<a class="button" href="' . vam_href_link(FILENAME_PRODUCT_REVIEWS, $get_params) . '">' . vam_image_button('back.png', IMAGE_BUTTON_BACK) . '</a>');
$vamTemplate->assign('BUTTON_BUY_NOW', '<a class="button" href="' . vam_href_link(FILENAME_DEFAULT, 'action=buy_now&BUYproducts_id=' . $reviews['products_id']) . '">' . vam_image_button('buy.png', IMAGE_BUTTON_IN_CART) . '</a>');
$products_image = DIR_WS_THUMBNAIL_IMAGES . $reviews['products_image'];
case 'deleteconfirm':
$authors_id = vam_db_prepare_input($_GET['auID']);
vam_db_query("delete from " . TABLE_AUTHORS . " where authors_id = '" . (int) $authors_id . "'");
vam_db_query("delete from " . TABLE_AUTHORS_INFO . " where authors_id = '" . (int) $authors_id . "'");
if (isset($_POST['delete_articles']) && $_POST['delete_articles'] == 'on') {
$articles_query = vam_db_query("select articles_id from " . TABLE_ARTICLES . " where authors_id = '" . (int) $authors_id . "'");
while ($articles = vam_db_fetch_array($articles_query)) {
vam_remove_article($articles['articles_id']);
}
} else {
vam_db_query("update " . TABLE_ARTICLES . " set authors_id = '' where authors_id = '" . (int) $authors_id . "'");
}
if (USE_CACHE == 'true') {
vam_reset_cache_block('authors');
}
vam_redirect(vam_href_link(FILENAME_AUTHORS, 'page=' . $_GET['page']));
break;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
function before_process()
{
global $customer_id, $order, $vamPrice, $order_totals, $sendto, $billto, $languages_id, $payment, $currencies, $cart;
global ${$payment};
$order_id = substr($_SESSION['cart_yandex_id'], strpos($_SESSION['cart_yandex_id'], '-') + 1);
// initialized for the email confirmation
$products_ordered = '';
$subtotal = 0;
$total_tax = 0;
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
// Stock Update - Joao Correia
if (STOCK_LIMITED == 'true') {
if (DOWNLOAD_ENABLED == 'true') {
$stock_query_raw = "SELECT products_quantity, pad.products_attributes_filename, pad.products_attributes_is_pin \n FROM " . TABLE_PRODUCTS . " p\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n ON p.products_id=pa.products_id\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n ON pa.products_attributes_id=pad.products_attributes_id\n WHERE p.products_id = '" . vam_get_prid($order->products[$i]['id']) . "'";
// Will work with only one option for downloadable products
// otherwise, we have to build the query dynamically with a loop
$products_attributes = $order->products[$i]['attributes'];
if (is_array($products_attributes)) {
$stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'";
}
$stock_query = vam_db_query($stock_query_raw);
} else {
$stock_query = vam_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
}
if (vam_db_num_rows($stock_query) > 0) {
$stock_values = vam_db_fetch_array($stock_query);
// do not decrement quantities if products_attributes_filename exists
if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename'] || $stock_values['products_attributes_is_pin'] == 1) {
$stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];
} else {
$stock_left = $stock_values['products_quantity'];
}
vam_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
vam_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
}
}
}
// Update products_ordered (for bestsellers list)
vam_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
//------insert customer choosen option to order--------
$attributes_exist = '0';
$products_ordered_attributes = '';
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename, pad.products_attributes_is_pin\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'";
$attributes = vam_db_query($attributes_query);
} else {
$attributes = vam_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'");
}
$attributes_values = vam_db_fetch_array($attributes);
$products_ordered_attributes .= "\n\t" . $attributes_values['products_options_name'] . ' ' . $attributes_values['products_options_values_name'];
}
}
//------insert customer choosen option eof ----
$total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight'];
$total_tax += vam_calculate_tax($total_products_price, $products_tax) * $order->products[$i]['qty'];
$total_cost += $total_products_price;
$products_ordered .= $order->products[$i]['qty'] . ' x ' . $order->products[$i]['name'] . ' (' . $order->products[$i]['model'] . ') = ' . $vamPrice->Format($order->products[$i]['final_price'], true) . $products_ordered_attributes . "\n";
}
// initialize templates
$vamTemplate = new vamTemplate();
$vamTemplate->assign('address_label_customer', vam_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'));
$vamTemplate->assign('address_label_shipping', vam_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'));
if ($_SESSION['credit_covers'] != '1') {
$vamTemplate->assign('address_label_payment', vam_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'));
}
$vamTemplate->assign('csID', $order->customer['csID']);
$it = 0;
$semextrfields = vamDBquery("select * from " . TABLE_EXTRA_FIELDS . " where fields_required_email = '1'");
while ($dataexfes = vam_db_fetch_array($semextrfields, true)) {
$cusextrfields = vamDBquery("select * from " . TABLE_CUSTOMERS_TO_EXTRA_FIELDS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and fields_id = '" . $dataexfes['fields_id'] . "'");
$rescusextrfields = vam_db_fetch_array($cusextrfields, true);
$extrfieldsinf = vamDBquery("select fields_name from " . TABLE_EXTRA_FIELDS_INFO . " where fields_id = '" . $dataexfes['fields_id'] . "' and languages_id = '" . $_SESSION['languages_id'] . "'");
$extrfieldsres = vam_db_fetch_array($extrfieldsinf, true);
$extra_fields .= $extrfieldsres['fields_name'] . ' : ' . $rescusextrfields['value'] . "\n";
$vamTemplate->assign('customer_extra_fields', $extra_fields);
}
$order_total = $order->getTotalData($order_id);
$vamTemplate->assign('order_data', $order->getOrderData($order_id));
$vamTemplate->assign('order_total', $order_total['data']);
// assign language to template for caching
$vamTemplate->assign('language', $_SESSION['language']);
$vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$vamTemplate->assign('oID', $order_id);
if ($order->info['payment_method'] != '' && $order->info['payment_method'] != 'no_payment') {
include DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/' . $order->info['payment_method'] . '.php';
$payment_method = constant(strtoupper('MODULE_PAYMENT_' . $order->info['payment_method'] . '_TEXT_TITLE'));
}
$vamTemplate->assign('PAYMENT_METHOD', $payment_method);
if ($order->info['shipping_method'] != '') {
$shipping_method = $order->info['shipping_method'];
}
$vamTemplate->assign('SHIPPING_METHOD', $shipping_method);
$vamTemplate->assign('DATE', vam_date_long($order->info['date_purchased']));
$vamTemplate->assign('NAME', $order->customer['firstname'] . ' ' . $order->customer['lastname']);
$vamTemplate->assign('COMMENTS', $order->info['comments']);
$vamTemplate->assign('EMAIL', $order->customer['email_address']);
$vamTemplate->assign('PHONE', $order->customer['telephone']);
// dont allow cache
$vamTemplate->caching = false;
$html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.html');
$txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.txt');
// create subject
$order_subject = str_replace('{$nr}', $order_id, EMAIL_BILLING_SUBJECT_ORDER);
$order_subject = str_replace('{$date}', strftime(DATE_FORMAT_LONG), $order_subject);
$order_subject = str_replace('{$lastname}', $order->customer['lastname'], $order_subject);
$order_subject = str_replace('{$firstname}', $order->customer['firstname'], $order_subject);
// send mail to admin
vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, $order->customer['email_address'], $order->customer['firstname'], '', '', $order_subject, $html_mail, $txt_mail);
// send mail to customer
vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $order_subject, $html_mail, $txt_mail);
// load the after_process function from the payment modules
$this->after_process();
require_once DIR_WS_INCLUDES . 'affiliate_checkout_process.php';
$_SESSION['cart']->reset(true);
// unregister session variables used during checkout
unset($_SESSION['sendto']);
unset($_SESSION['billto']);
unset($_SESSION['shipping']);
unset($_SESSION['payment']);
unset($_SESSION['comments']);
unset($_SESSION['cart_yandex_id']);
vam_redirect(vam_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
}
} else {
//do nothing
$cart->reset(true);
// unregister session variables used during checkout
vam_session_unregister('sendto');
vam_session_unregister('billto');
vam_session_unregister('shipping');
vam_session_unregister('payment');
vam_session_unregister('comments');
vam_redirect(vam_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
}
}
//redirect
} else {
//finally redirect to index
vam_redirect(vam_href_link(FILENAME_DEFAULT, '', 'SSL'));
}
}
/**
debug function, html formatted
*/
function d($var, $echo = true)
{
$r = '<pre>';
$r .= htmlspecialchars(print_r($var, true));
$r .= '</pre>';
if ($echo) {
echo $r;
}
return $r;
}
vam_redirect(vam_href_link(FILENAME_MODULES, 'set=' . $_GET['set'] . '&module=' . $_GET['module']));
break;
case 'install':
case 'remove':
$file_extension = substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.'));
$class = basename($_GET['module']);
if (file_exists($module_directory . $class . $file_extension)) {
include $module_directory . $class . $file_extension;
$module = new $class(0);
if ($_GET['action'] == 'install') {
$module->install();
} elseif ($_GET['action'] == 'remove') {
$module->remove();
}
}
vam_redirect(vam_href_link(FILENAME_MODULES, 'set=' . $_GET['set'] . '&module=' . $class));
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
echo TITLE;
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = vam_array_merge($sql_data_array, $update_sql_data);
vam_db_perform(TABLE_BLACKLIST, $sql_data_array, 'update', "blacklist_id = '" . vam_db_input($blacklist_id) . "'");
}
if (USE_CACHE == 'true') {
vam_reset_cache_block('blacklist');
}
vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'] . '&bID=' . $blacklist_id));
break;
case 'deleteconfirm':
$blacklist_id = vam_db_prepare_input($_GET['bID']);
vam_db_query("delete from " . TABLE_BLACKLIST . " where blacklist_id = '" . vam_db_input($blacklist_id) . "'");
if (USE_CACHE == 'true') {
vam_reset_cache_block('manufacturers');
}
vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page']));
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
echo TITLE;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = vam_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = vam_db_fetch_array($check_customer_query);
if (vam_validate_password($password_current, $check_customer['customers_password'])) {
vam_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_password = '******', customers_last_modified=now() WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'");
vam_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . " SET customers_info_date_account_last_modified = now() WHERE customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
vam_redirect(vam_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, vam_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, vam_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
if ($messageStack->size('account_password') > 0) {
$vamTemplate->assign('error', $messageStack->output('account_password'));
}
$vamTemplate->assign('FORM_ACTION', vam_draw_form('account_password', vam_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'), 'post', 'onsubmit="return checkform(this);"') . vam_draw_hidden_field('action', 'process') . vam_draw_hidden_field('required', 'password_current,password_new,password_confirmation', 'id="required"'));
$vamTemplate->assign('INPUT_ACTUAL', vam_draw_password_fieldNote(array('name' => 'password_current', 'text' => ' ' . (vam_not_null(ENTRY_PASSWORD_CURRENT_TEXT) ? '<span class="Requirement">' . ENTRY_PASSWORD_CURRENT_TEXT . '</span>' : '')), '', 'id="password_current"'));
$vamTemplate->assign('ENTRY_PASSWORD_CURRENT_ERROR', ENTRY_PASSWORD_CURRENT_ERROR);
if (isset($_GET['gv_no'])) {
$error = true;
$gv_query = vam_db_query("select c.coupon_id, c.coupon_amount from " . TABLE_COUPONS . " c, " . TABLE_COUPON_EMAIL_TRACK . " et where coupon_code = '" . vam_db_input($_GET['gv_no']) . "' and c.coupon_id = et.coupon_id");
if (vam_db_num_rows($gv_query) > 0) {
$coupon = vam_db_fetch_array($gv_query);
$redeem_query = vam_db_query("select coupon_id from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $coupon['coupon_id'] . "'");
if (vam_db_num_rows($redeem_query) == 0) {
// check for required session variables
$_SESSION['gv_id'] = $coupon['coupon_id'];
$error = false;
} else {
$error = true;
}
}
} else {
vam_redirect(FILENAME_DEFAULT);
}
if (!$error && isset($_SESSION['customer_id'])) {
// Update redeem status
$gv_query = vam_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $_SESSION['customer_id'] . "', now(),'" . $REMOTE_ADDR . "')");
$gv_update = vam_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'");
vam_gv_account_update($_SESSION['customer_id'], $_SESSION['gv_id']);
unset($_SESSION['gv_id']);
}
$breadcrumb->add(NAVBAR_GV_REDEEM);
$coupon_r = $vamPrice->CalculateCurr($coupon['coupon_amount']);
// if we get here then either the url gv_no was not set or it was invalid
// so output a message.
$vamTemplate->assign('coupon_amount', $vamPrice->Format($coupon_r, true));
$vamTemplate->assign('error', $error);
$vamTemplate->assign('LINK_DEFAULT', '<a class="button" href="' . vam_href_link(FILENAME_DEFAULT) . '">' . vam_image_button('submit.png', IMAGE_BUTTON_CONTINUE) . '</a>');
vam_db_perform(TABLE_PRODUCTS, array('products_id' => $products_id, 'products_last_modified' => 'now()', 'products_price' => $products_price, 'products_image' => $products_image, 'group_permission_0' => 1, 'group_permission_1' => 1, 'group_permission_2' => 1, 'group_permission_3' => 1, 'products_startpage' => 1, 'products_status' => $products_status, 'products_quantity' => $products_quantity, 'products_date_available' => 'now()'));
vam_db_perform(TABLE_PRODUCTS_DESCRIPTION, array('products_id' => $products_id, 'products_name' => $products_name, 'products_description' => $products_description, 'language_id' => $_SESSION['languages_id']));
vam_db_perform(TABLE_PRODUCTS_TO_CATEGORIES, array('products_id' => $products_id, 'categories_id' => $categoryId));
$count_add++;
}
$count++;
}
$messageStack->add_session(TEXT_YML_UPDATED . $count_upd, 'success');
$messageStack->add_session(TEXT_YML_CHANGED . ($count - $count_upd), 'success');
$messageStack->add_session(TEXT_YML_ADDED . $count_add, 'success');
$messageStack->add_session(TEXT_YML_CAT_ADDED . $count_cat_add, 'success');
$messageStack->add_session(TEXT_YML_CAT_UPDATED . $count_cat_upd, 'success');
} else {
$messageStack->add_session(TEXT_YML_ERROR, 'error');
}
vam_redirect(vam_href_link(FILENAME_YML_IMPORT));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
echo TITLE;
?>
$link = vam_href_link(FILENAME_NEWSLETTER, 'action=activate&email=' . $email_address . '&key=' . $vlcode, 'NONSSL');
$sql_data_array = array('customers_email_address' => vam_db_input($email_address), 'customers_id' => vam_db_input($_SESSION['customer_id']), 'customers_status' => 2, 'customers_firstname' => vam_db_input($firstname), 'customers_lastname' => vam_db_input($lastname), 'mail_status' => '1', 'mail_key' => vam_db_input($vlcode), 'date_added' => 'now()');
vam_db_perform(TABLE_NEWSLETTER_RECIPIENTS, $sql_data_array);
// assign vars
$vamTemplate->assign('LINK', $link);
} else {
$vamTemplate->assign('LINK', false);
}
$html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/create_account_mail.html');
$vamTemplate->caching = 0;
$txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/create_account_mail.txt');
vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $email_address, $name, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
if (!isset($_SESSION['sendto'])) {
$_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
}
vam_redirect(vam_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL'));
}
}
if ($messageStack->size('checkout_alternative') > 0) {
$vamTemplate->assign('error', $messageStack->output('checkout_alternative'));
}
if (ACCOUNT_GENDER == 'true') {
$vamTemplate->assign('gender', '1');
$vamTemplate->assign('INPUT_MALE', vam_draw_radio_field(array('name' => 'gender', 'suffix' => MALE), 'm', '', 'id="gender" checked="checked"'));
$vamTemplate->assign('INPUT_FEMALE', vam_draw_radio_field(array('name' => 'gender', 'suffix' => FEMALE, 'text' => vam_not_null(ENTRY_GENDER_TEXT) ? '<span class="Requirement">' . ENTRY_GENDER_TEXT . '</span>' : ''), 'f', '', 'id="gender"'));
} else {
$vamTemplate->assign('gender', '0');
}
$vamTemplate->assign('INPUT_FIRSTNAME', vam_draw_input_fieldNote(array('name' => 'firstname', 'text' => ' ' . (vam_not_null(ENTRY_FIRST_NAME_TEXT) ? '<span class="Requirement">' . ENTRY_FIRST_NAME_TEXT . '</span>' : '')), '', 'id="firstname"'));
if (ACCOUNT_SECOND_NAME == 'true') {
$vamTemplate->assign('secondname', '1');
}
$_SESSION['billto'] = vam_db_prepare_input($_POST['address']);
$check_address_query = vam_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $_SESSION['customer_id'] . "' and address_book_id = '" . $_SESSION['billto'] . "'");
$check_address = vam_db_fetch_array($check_address_query);
if ($check_address['total'] == '1') {
if ($reset_payment == true) {
unset($_SESSION['payment']);
}
vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
} else {
unset($_SESSION['billto']);
}
// no addresses to select from - customer decided to keep the current assigned address
} else {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
}
// if no billing destination address was selected, use their own address as default
if (!isset($_SESSION['billto'])) {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
}
$breadcrumb->add(NAVBAR_TITLE_1_PAYMENT_ADDRESS, vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_PAYMENT_ADDRESS, vam_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL'));
$addresses_count = vam_count_customer_address_book_entries();
require DIR_WS_INCLUDES . 'header.php';
$vamTemplate->assign('FORM_ACTION', vam_draw_form('checkout_address', vam_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL'), 'post', 'onsubmit="return checkform(this);"') . vam_draw_hidden_field('required', 'gender,firstname,lastname,address,postcode,city,state,country', 'id="required"'));
if ($messageStack->size('checkout_address') > 0) {
$vamTemplate->assign('error', $messageStack->output('checkout_address'));
}
if ($process == false) {
// dont allow cache
$vamTemplate->caching = false;
$html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.html');
$txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.txt');
// create subject
$order_subject = str_replace('{$nr}', $oID, EMAIL_BILLING_SUBJECT_ORDER);
$order_subject = str_replace('{$date}', strftime(DATE_FORMAT_LONG), $order_subject);
$order_subject = str_replace('{$lastname}', $order->customer['lastname'], $order_subject);
$order_subject = str_replace('{$firstname}', $order->customer['firstname'], $order_subject);
// send mail to admin
vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, $order->customer['email_address'], $order->customer['firstname'], '', '', $order_subject, $html_mail, $txt_mail);
// send mail to customer
vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $order_subject, $html_mail, $txt_mail);
//do the dirty
$messageStack->add_session(SUCCESS_EMAIL_SENT, 'success');
vam_redirect(vam_href_link(FILENAME_ORDERS_EDIT, vam_get_all_get_params(array('action')) . 'action=edit'));
break;
////
// Edit Order
////
// Edit Order
case 'edit':
if (!isset($_GET['oID'])) {
$messageStack->add(ERROR_NO_ORDER_SELECTED, 'error');
break;
}
$oID = vam_db_prepare_input($_GET['oID']);
$orders_query = vam_db_query("select orders_id from " . TABLE_ORDERS . " where orders_id = '" . (int) $oID . "'");
$order_exists = true;
if (!vam_db_num_rows($orders_query)) {
$order_exists = false;
--------------------------------------------------------------*/
require 'includes/application_top.php';
require_once DIR_FS_CATALOG . 'includes/external/phpmailer/class.phpmailer.php';
require_once DIR_FS_INC . 'vam_php_mail.inc.php';
// initiate template engine for mail
$vamTemplate = new vamTemplate();
require DIR_WS_CLASSES . 'currencies.php';
$currencies = new currencies();
$custid = $_POST['custid'];
// Delete Entry Begin
if ($_GET['action'] == 'delete') {
$reset_query_raw = "delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id={$_GET['customer_id']}";
vam_db_query($reset_query_raw);
$reset_query_raw2 = "delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id={$_GET['customer_id']}";
vam_db_query($reset_query_raw2);
vam_redirect(vam_href_link(FILENAME_RECOVER_CART_SALES, 'delete=1&customer_id=' . $_GET['customer_id'] . '&tdate=' . $_GET['tdate']));
}
if ($_GET['delete']) {
$messageStack->add(MESSAGE_STACK_CUSTOMER_ID . $_GET['customer_id'] . MESSAGE_STACK_DELETE_SUCCESS, 'success');
}
// Delete Entry End
/**
* CONFIGURATION VARIABLES
*/
// E-mail Time to Live :: Default=90
$EMAIL_TTL = 90;
// Default number of days to look back from today for
// abadoned carts, today equals 0 (zero) :: Default=10
$BASE_DAYS = 10;
// Display item attributes. Some sites have attributes
// for their items some do not, if you need them
function vam_check_permission($pagename)
{
if ($pagename != 'index') {
$access_permission_query = vam_db_query("select `" . $pagename . "` from " . TABLE_ADMIN_ACCESS . " where customers_id = '" . $_SESSION['customer_id'] . "'");
$access_permission = vam_db_fetch_array($access_permission_query);
if ($_SESSION['customers_status']['customers_status_id'] == '0' && $access_permission[$pagename] == '1') {
return true;
} else {
return false;
}
} else {
vam_redirect(vam_href_link(FILENAME_LOGIN));
}
}
(c) 2004 xt:Commerce (account_history.php,v 1.13 2003/08/17); xt-commerce.com
Released under the GNU General Public License
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'vam_count_customer_orders.inc.php';
require_once DIR_FS_INC . 'vam_date_long.inc.php';
require_once DIR_FS_INC . 'vam_image_button.inc.php';
require_once DIR_FS_INC . 'vam_get_all_get_params.inc.php';
if (!isset($_SESSION['customer_id'])) {
vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_HISTORY, vam_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_HISTORY, vam_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$module_content = array();
if (($orders_total = vam_count_customer_orders()) > 0) {
$history_query_raw = "select o.orders_id, o.date_purchased, o.delivery_name, o.billing_name, ot.text as order_total, s.orders_status_name from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int) $_SESSION['customer_id'] . "' and o.orders_id = ot.orders_id and ot.class = 'ot_total' and o.orders_status = s.orders_status_id and s.language_id = '" . (int) $_SESSION['languages_id'] . "' order by orders_id DESC";
$history_split = new splitPageResults($history_query_raw, $_GET['page'], MAX_DISPLAY_ORDER_HISTORY);
$history_query = vam_db_query($history_split->sql_query);
while ($history = vam_db_fetch_array($history_query)) {
$products_query = vam_db_query("select count(*) as count from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . $history['orders_id'] . "'");
$products = vam_db_fetch_array($products_query);
if (vam_not_null($history['delivery_name'])) {
$order_type = TEXT_ORDER_SHIPPED_TO;
$order_name = $history['delivery_name'];
vam_db_query("update " . TABLE_SHIPPING_STATUS . " set shipping_status_image = '" . $shipping_status_image->filename . "' where shipping_status_id = '" . vam_db_input($shipping_status_id) . "'");
}
if ($_POST['default'] == 'on') {
vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . vam_db_input($shipping_status_id) . "' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
}
vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page'] . '&oID=' . $shipping_status_id));
break;
case 'deleteconfirm':
$oID = vam_db_prepare_input($_GET['oID']);
$shipping_status_query = vam_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
$shipping_status = vam_db_fetch_array($shipping_status_query);
if ($shipping_status['configuration_value'] == $oID) {
vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
}
vam_db_query("delete from " . TABLE_SHIPPING_STATUS . " where shipping_status_id = '" . vam_db_input($oID) . "'");
vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page']));
break;
case 'delete':
$oID = vam_db_prepare_input($_GET['oID']);
$remove_status = true;
if ($oID == DEFAULT_SHIPPING_STATUS_ID) {
$remove_status = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_SHIPPING_STATUS, 'error');
} else {
}
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
vam_db_query("insert into " . TABLE_GEO_ZONES . " (geo_zone_name, geo_zone_description, date_added) values ('" . vam_db_input($geo_zone_name) . "', '" . vam_db_input($geo_zone_description) . "', now())");
$new_zone_id = vam_db_insert_id();
vam_redirect(vam_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id));
break;
case 'save_zone':
$zID = vam_db_prepare_input($_GET['zID']);
$geo_zone_name = vam_db_prepare_input($_POST['geo_zone_name']);
$geo_zone_description = vam_db_prepare_input($_POST['geo_zone_description']);
vam_db_query("update " . TABLE_GEO_ZONES . " set geo_zone_name = '" . vam_db_input($geo_zone_name) . "', geo_zone_description = '" . vam_db_input($geo_zone_description) . "', last_modified = now() where geo_zone_id = '" . vam_db_input($zID) . "'");
vam_redirect(vam_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID']));
break;
case 'deleteconfirm_zone':
$zID = vam_db_prepare_input($_GET['zID']);
vam_db_query("delete from " . TABLE_GEO_ZONES . " where geo_zone_id = '" . vam_db_input($zID) . "'");
vam_db_query("delete from " . TABLE_ZONES_TO_GEO_ZONES . " where geo_zone_id = '" . vam_db_input($zID) . "'");
vam_redirect(vam_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage']));
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
echo TITLE;
// $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
// $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
// break;
default:
$affiliate_email_address = vam_db_prepare_input($_POST['affiliate_email_address']);
$mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . vam_db_input($affiliate_email_address) . "'");
$mail_sent_to = $_POST['affiliate_email_address'];
break;
}
$from = vam_db_prepare_input($_POST['from']);
$subject = vam_db_prepare_input($_POST['subject']);
$message = vam_db_prepare_input($_POST['message']);
while ($mail = vam_db_fetch_array($mail_query)) {
vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $mail['affiliate_email_address'], $mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $subject, $message, $message);
}
vam_redirect(vam_href_link(FILENAME_AFFILIATE_CONTACT, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['affiliate_email_address']) {
$messageStack->add(ERROR_NO_AFFILIATE_SELECTED, 'error');
}
if (vam_not_null($_GET['mail_sent_to'])) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset="<?php
$txt_mail_admin = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/accumulated_discount_admin.txt');
vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_ACC_SUBJECT, $html_mail_admin, $txt_mail_admin);
//email to customer
$html_mail_customer = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/accumulated_discount_customer.html');
$txt_mail_customer = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/accumulated_discount_customer.txt');
vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_ACC_SUBJECT, $html_mail_customer, $txt_mail_customer);
}
}
}
// eof denuz added accumulated discount
vam_redirect(vam_href_link(FILENAME_ORDERS, vam_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'deleteconfirm':
$oID = vam_db_prepare_input($_GET['oID']);
vam_remove_order($oID, $_POST['restock']);
vam_redirect(vam_href_link(FILENAME_ORDERS, vam_get_all_get_params(array('oID', 'action'))));
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
echo TITLE;
function before_process()
{
if ($_POST['credit_card_processed'] != 'Y') {
vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(MODULE_PAYMENT_PM2CHECKOUT_TEXT_ERROR_MESSAGE), 'SSL', true, false));
}
}
// Die if remaining count is <=0
if ($downloads['download_count'] <= 0) {
die;
}
// Die if file is not there
if (!file_exists(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'])) {
die;
}
// Now decrement counter
vam_db_query("update " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " set download_count = download_count-1 where orders_products_download_id = '" . (int) $_GET['id'] . "'");
// Now send the file with header() magic
header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: Application/octet-stream");
header("Content-Length: " . filesize(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']));
header("Content-disposition: attachment; filename=\"" . $downloads['orders_products_filename'] . "\"");
if (DOWNLOAD_BY_REDIRECT == 'true') {
// This will work only on Unix/Linux hosts
vam_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC);
$tempdir = vam_random_name();
umask(00);
mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777);
symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']);
vam_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']);
} else {
// This will work on all systems, but will need considerable resources
// We could also loop with fread($fp, 4096) to save memory
readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']);
}
vam_db_query("update " . TABLE_CUSTOMERS . " set password_request_key = '' where customers_id = '" . $check_customer['customers_id'] . "'");
// assign language to template for caching
$vamTemplate->assign('language', $_SESSION['language']);
$vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
// assign vars
$vamTemplate->assign('EMAIL', $check_customer['customers_email_address']);
$vamTemplate->assign('NEW_PASSWORD', $newpass);
// dont allow cache
$vamTemplate->caching = false;
// create mails
$html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/new_password_mail.html');
$txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/new_password_mail.txt');
vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $check_customer['customers_email_address'], '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_PASSWORD_NEW_PASSWORD, $html_mail, $txt_mail);
if (!isset($mail_error)) {
vam_redirect(vam_href_link(FILENAME_LOGIN, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
}
}
}
$breadcrumb->add(NAVBAR_TITLE_PASSWORD_DOUBLE_OPT, vam_href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'NONSSL'));
require DIR_WS_INCLUDES . 'header.php';
switch ($case) {
case first_opt_in:
$vamTemplate->assign('text_heading', HEADING_PASSWORD_FORGOTTEN);
$vamTemplate->assign('info_message', $info_message);
$vamTemplate->assign('info_message', TEXT_LINK_MAIL_SENDED);
$vamTemplate->assign('language', $_SESSION['language']);
$vamTemplate->caching = 0;
$main_content = $vamTemplate->fetch(CURRENT_TEMPLATE . '/module/password_messages.html');
break;
case second_opt_in:
if ($_GET['action']) {
switch ($_GET['action']) {
case 'update':
$reviews_id = vam_db_prepare_input($_GET['rID']);
$reviews_rating = vam_db_prepare_input($_POST['reviews_rating']);
$last_modified = vam_db_prepare_input($_POST['last_modified']);
$reviews_text = vam_db_prepare_input($_POST['reviews_text']);
vam_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . vam_db_input($reviews_rating) . "', last_modified = now() where reviews_id = '" . vam_db_input($reviews_id) . "'");
vam_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . vam_db_input($reviews_text) . "' where reviews_id = '" . vam_db_input($reviews_id) . "'");
vam_redirect(vam_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id));
break;
case 'deleteconfirm':
$reviews_id = vam_db_prepare_input($_GET['rID']);
vam_db_query("delete from " . TABLE_REVIEWS . " where reviews_id = '" . vam_db_input($reviews_id) . "'");
vam_db_query("delete from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . vam_db_input($reviews_id) . "'");
vam_redirect(vam_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page']));
break;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
<title><?php
vam_php_mail(AFFILIATE_EMAIL_ADDRESS, EMAIL_SUPPORT_NAME, $check_status['affiliate_email_address'], $check_status['affiliate_firstname'] . ' ' . $check_status['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_TEXT_SUBJECT, nl2br($email), $email);
$affiliate_notified = '1';
}
vam_db_query("insert into " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " (affiliate_payment_id, affiliate_new_value, affiliate_old_value, affiliate_date_added, affiliate_notified) values ('" . vam_db_input($pID) . "', '" . vam_db_input($status) . "', '" . $check_status['affiliate_payment_status'] . "', now(), '" . $affiliate_notified . "')");
$order_updated = true;
}
if ($order_updated) {
$messageStack->add_session(SUCCESS_PAYMENT_UPDATED, 'success');
}
vam_redirect(vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'deleteconfirm':
$pID = vam_db_prepare_input($_GET['pID']);
vam_db_query("delete from " . TABLE_AFFILIATE_PAYMENT . " where affiliate_payment_id = '" . vam_db_input($pID) . "'");
vam_db_query("delete from " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " where affiliate_payment_id = '" . vam_db_input($pID) . "'");
vam_redirect(vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID', 'action'))));
break;
}
if ($_GET['action'] == 'edit' && vam_not_null($_GET['pID'])) {
$pID = vam_db_prepare_input($_GET['pID']);
$payments_query = vam_db_query("select p.*, a.affiliate_payment_check, a.affiliate_payment_paypal, a.affiliate_payment_bank_name, a.affiliate_payment_bank_branch_number, a.affiliate_payment_bank_swift_code, a.affiliate_payment_bank_account_name, a.affiliate_payment_bank_account_number from " . TABLE_AFFILIATE_PAYMENT . " p, " . TABLE_AFFILIATE . " a where affiliate_payment_id = '" . vam_db_input($pID) . "' and a.affiliate_id = p.affiliate_id");
$payments_exists = true;
if (!($payments = vam_db_fetch_array($payments_query))) {
$payments_exists = false;
$messageStack->add(sprintf(ERROR_PAYMENT_DOES_NOT_EXIST, $pID), 'error');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
Released under the GNU General Public License
---------------------------------------------------------------------------*/
require 'includes/application_top.php';
// create smarty elements
$vamTemplate = new vamTemplate();
// include needed functions
require_once DIR_FS_INC . 'affiliate_period.inc.php';
require_once DIR_FS_INC . 'affiliate_get_status_list.inc.php';
require_once DIR_FS_INC . 'affiliate_get_status_array.inc.php';
require_once DIR_FS_INC . 'affiliate_get_level_list.inc.php';
require_once DIR_FS_INC . 'vam_date_short.inc.php';
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
if (!isset($_SESSION['affiliate_id'])) {
vam_redirect(vam_href_link(FILENAME_AFFILIATE, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE, vam_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_SALES, vam_href_link(FILENAME_AFFILIATE_SALES, '', 'SSL'));
if (!isset($_GET['page'])) {
$_GET['page'] = 1;
}
if (vam_not_null($_GET['a_period'])) {
$period_split = preg_split('/-/', vam_db_prepare_input($_GET['a_period']));
$period_clause = " AND year(a.affiliate_date) = " . $period_split[0] . " and month(a.affiliate_date) = " . $period_split[1];
}
if (vam_not_null($_GET['a_status'])) {
$a_status = vam_db_prepare_input($_GET['a_status']);
$status_clause = " AND o.orders_status = '" . $a_status . "'";
}
if (is_numeric($_GET['a_level'])) {
} else {
vam_redirect(vam_href_link(FILENAME_DEFAULT));
}
break;
case 'manufacturer':
if (isset($_GET['manufacturers_id'])) {
$manufacturer_query = vam_db_query("select manufacturers_url from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and languages_id = '" . (int) $_SESSION['languages_id'] . "'");
if (!vam_db_num_rows($manufacturer_query)) {
// no url exists for the selected language, lets use the default language then
$manufacturer_query = vam_db_query("select mi.languages_id, mi.manufacturers_url from " . TABLE_MANUFACTURERS_INFO . " mi, " . TABLE_LANGUAGES . " l where mi.manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and mi.languages_id = l.languages_id and l.code = '" . DEFAULT_LANGUAGE . "'");
if (!vam_db_num_rows($manufacturer_query)) {
// no url exists, return to the site
vam_redirect(vam_href_link(FILENAME_DEFAULT));
} else {
$manufacturer = vam_db_fetch_array($manufacturer_query);
vam_db_query("update " . TABLE_MANUFACTURERS_INFO . " set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and languages_id = '" . $manufacturer['languages_id'] . "'");
}
} else {
// url exists in selected language
$manufacturer = vam_db_fetch_array($manufacturer_query);
vam_db_query("update " . TABLE_MANUFACTURERS_INFO . " set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and languages_id = '" . $_SESSION['languages_id'] . "'");
}
vam_redirect($manufacturer['manufacturers_url']);
} else {
vam_redirect(vam_href_link(FILENAME_DEFAULT));
}
break;
default:
vam_redirect(vam_href_link(FILENAME_DEFAULT));
break;
}
$vamTemplate->assign('WEBSITE', HTTP_SERVER . DIR_WS_CATALOG);
if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
$link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '/gv_no,' . $id1;
} else {
$link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no=' . $id1;
}
$vamTemplate->assign('GIFT_LINK', $link);
$html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.html');
$txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.txt');
vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $_POST['email_to'], '', '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_BILLING_SUBJECT, $html_mail, $txt_mail);
// Now create the coupon email entry
$insert_query = vam_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $_POST['amount'] . "', now())");
$insert_id = vam_db_insert_id($insert_query);
$insert_query = vam_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $_POST['email_to'] . "', now() )");
}
vam_redirect(vam_href_link(FILENAME_GV_MAIL, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['customers_email_address'] && !$_POST['email_to']) {
$messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($_GET['action'] == 'preview' && !$_POST['amount']) {
$messageStack->add(ERROR_NO_AMOUNT_SELECTED, 'error');
}
if ($_GET['mail_sent_to']) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
