function repGetProductReportByCategoryID($callBackParam, &$count_row, $navigatorParams = null)
{
if ($navigatorParams != null) {
$offset = $navigatorParams["offset"];
$CountRowOnPage = $navigatorParams["CountRowOnPage"];
} else {
$offset = 0;
$CountRowOnPage = 0;
}
$where_clause = "";
$order_clause = "";
if (isset($callBackParam["categoryID"])) {
if ($callBackParam["categoryID"] != 0) {
$where_clause = " where categoryID=" . (int) $callBackParam["categoryID"];
}
}
if (isset($callBackParam["sort"])) {
$order_clause = " order by " . xEscSQL($callBackParam["sort"]);
if (isset($callBackParam["direction"])) {
$order_clause .= " " . xEscSQL($callBackParam["direction"]);
}
}
$res = array();
$q = db_query("select name, customers_rating, customer_votes, items_sold, " . " viewed_times, in_stock, sort_order from " . PRODUCTS_TABLE . " " . $where_clause . " " . $order_clause);
$i = 0;
while ($row = db_fetch_row($q)) {
if ($i >= $offset && $i < $offset + $CountRowOnPage || $navigatorParams == null) {
$res[] = $row;
}
$i++;
}
$count_row = $i;
return $res;
}
function configUpdateOptionValue($productID, $updatedValues)
{
foreach ($updatedValues as $key => $value) {
if ($updatedValues[$key]["option_radio_type"] == "UN_DEFINED" || $updatedValues[$key]["option_radio_type"] == "ANY_VALUE") {
$option_type = 0;
} else {
$option_type = 1;
}
if ($updatedValues[$key]["option_radio_type"] == "UN_DEFINED") {
$option_value = null;
} else {
if (isset($updatedValues[$key]["option_value"])) {
$option_value = $updatedValues[$key]["option_value"];
} else {
$option_value = null;
}
}
$where_clause = " where optionID=" . (int) $key . " AND productID=" . (int) $productID;
$q = db_query("select count(*) from " . PRODUCT_OPTIONS_VALUES_TABLE . " " . $where_clause);
$r = db_fetch_row($q);
if ($r[0] == 1) {
db_query("update " . PRODUCT_OPTIONS_VALUES_TABLE . " set option_value='" . xEscSQL($option_value) . "', option_type=" . (int) $option_type . " " . $where_clause);
} else {
db_query("insert into " . PRODUCT_OPTIONS_VALUES_TABLE . "(optionID, productID, option_value, option_type)" . "values ('" . (int) $key . "', '" . (int) $productID . "', '" . xEscSQL($option_value) . "', '" . (int) $option_type . "')");
}
}
}
function _setCallBackParamsToSearchOrders(&$callBackParam)
{
$callBackParam = array("customerID" => regGetIdByLogin($_SESSION["log"]));
if (isset($_GET["sort"])) {
$callBackParam["sort"] = xEscSQL($_GET["sort"]);
if (isset($_GET["direction"])) {
$callBackParam["direction"] = xEscSQL($_GET["direction"]);
}
} else {
$callBackParam["sort"] = "order_time";
$callBackParam["direction"] = "DESC";
}
if ($_GET["order_search_type"] == "SearchByOrderID") {
$callBackParam["orderID"] = (int) $_GET["orderID_textbox"];
} else {
if ($_GET["order_search_type"] == "SearchByStatusID") {
$orderStatuses = array();
$data = ScanGetVariableWithId(array("checkbox_order_status"));
foreach ($data as $key => $val) {
if ($val["checkbox_order_status"] == "1") {
$orderStatuses[] = (int) $key;
}
}
$callBackParam["orderStatuses"] = $orderStatuses;
}
}
}
function modGetModuleConfigs($_ModuleClassName)
{
$ModuleConfigs = array();
$sql = "select * FROM " . MODULES_TABLE . " WHERE ModuleClassName='" . xEscSQL($_ModuleClassName) . "' ORDER BY module_name ASC\n ";
$Result = db_query($sql);
while ($_Row = db_fetch_row($Result)) {
$ModuleConfigs[] = array('ConfigID' => $_Row['module_id'], 'ConfigName' => $_Row['module_name'], 'ConfigClass' => $_ModuleClassName);
}
return $ModuleConfigs;
}
function blockspgAddblocksPageFile($page_name, $page_file, $which, $bposition, $active, $admin, $s, $d, $c, $p)
{
$rs = isset($s) ? serialize($s) : serialize(array());
$rd = isset($d) ? serialize($d) : serialize(array());
$rc = isset($c) ? serialize($c) : serialize(array());
$rpt = explode("\n", chop($p));
$rp = array();
for ($i = 0; $i < count($rpt); $i++) {
if ($tmp = (int) rtrim($rpt[$i]) > 0 && rtrim($rpt[$i]) !== "") {
$rp[] = (int) rtrim($rpt[$i]);
}
}
$rp = serialize($rp);
db_query("insert into " . BLOCKS_TABLE . " ( title, bposition, active, which, html, url, admin, pages, dpages, categories, products ) " . " values( '" . xToText($page_name) . "', " . (int) $bposition . ", " . (int) $active . ", " . (int) $which . ", '1', '" . $page_file . "', " . (int) $admin . ", '" . xEscSQL($rs) . "',\n '" . xEscSQL($rd) . "', '" . xEscSQL($rc) . "', '" . xEscSQL($rp) . "') ");
}
function settingCallHtmlFunction($constantName)
{
$q = db_query("select settings_html_function, settingsID, settings_constant_name from " . SETTINGS_TABLE . " where settings_constant_name='" . xEscSQL($constantName) . "' ");
if ($row = db_fetch_row($q)) {
$function = $row["settings_html_function"];
$settingsID = $row["settingsID"];
$str = "";
if (preg_match('/,[ ]*$|\\([ ]*$/', $function)) {
eval("\$str=" . $function . "{$settingsID});");
} else {
eval("\$str=" . $function . ";");
}
return $str;
}
return false;
}
function _getInsertStatement($xmlTable, $row, $columns = NULL, $attributes = NULL, $columnsClause)
{
$sql = "INSERT INTO ";
if (!$attributes) {
$attributes = $xmlTable->GetXmlNodeAttributes();
}
$tableAlias = $attributes["NAME"];
$tableName = $attributes["NAME"];
// exceptions
if ($tableName == CATEGORIES_TABLE) {
if ($row["categoryID"] == 1) {
return "";
}
}
$sql .= $tableAlias;
$valueClause = "";
if (!$columns) {
$columns = $xmlTable->SelectNodes("table/column");
}
$i = 0;
foreach ($columns as $xmlColumn) {
$attributes = $xmlColumn->GetXmlNodeAttributes();
$columnName = $xmlColumn->GetXmlNodeData();
$columnName = trim($columnName);
$type = strtoupper($attributes["TYPE"]);
if (strstr($type, "CHAR") || strstr($type, "VARCHAR") || strstr($type, "TEXT") || strstr($type, "DATETIME")) {
$cellValue = $row[$i];
$cellValue = xEscSQL($cellValue);
$value = "'" . $cellValue . "'";
} else {
$value = $row[$i];
}
if ($row[$i] == null && trim($row[$i]) == "") {
$value = "NULL";
}
if ($i == 0) {
$valueClause .= $value;
} else {
$valueClause .= ", " . $value;
}
$i++;
}
$sql .= " (" . $columnsClause . ") values (" . $valueClause . ")";
$sql = str_replace(DB_PRFX, "DBPRFX_", $sql);
return $sql;
}
function db_query($s)
{
//database query
global $sc_4, $sc_8, $gmc;
if (isset($gmc) && $gmc == 1) {
$sc_81 = getmicrotime();
}
// $scriptv = getmicrotime();
$res = array();
$res["resource"] = mysql_query($s);
/*
$scriptp = getmicrotime();
$rom = $scriptp-$scriptv;
print $rom." - ".$s."<br>";
*/
if (!$res['resource']) {
$out = "ERROR: " . mysql_errno() . ":" . mysql_error() . "\nSql: " . $s . "\nLink: " . $_SERVER["REQUEST_URI"] . "\nDate: " . date("d.m.y - H:i:s") . "\nDump:\n";
ob_start();
var_dump($_GET);
var_dump($_POST);
$tmpa = ob_get_contents();
ob_end_clean();
$out .= $tmpa;
mysql_query("insert into " . MYSQL_ERROR_LOG_TABLE . " (errors, tstamp) VALUES ('" . xEscSQL(ToText($out)) . "', NOW())");
$ecount = mysql_fetch_row(mysql_query("select count(*) from " . MYSQL_ERROR_LOG_TABLE));
$ecount = $ecount[0] - 50;
if ($ecount > 0) {
mysql_query("delete from " . MYSQL_ERROR_LOG_TABLE . " ORDER BY tstamp ASC LIMIT " . $ecount);
}
// die('Wrong database query!');
}
$res["columns"] = array();
$column_index = 0;
while ($xwer = @mysql_fetch_field($res["resource"])) {
$res["columns"][$xwer->name] = $column_index;
$column_index++;
}
if (isset($gmc) && $gmc == 1) {
$sc_82 = getmicrotime();
$sc_4++;
$sc_8 = $sc_8 + $sc_82 - $sc_81;
}
return $res;
}
/**
* return array of categories by requested params
*
* @return array
*/
function le_getCategories($_where = '1', $_what = 'le_cID, le_cName, le_cSortOrder', $_order = "le_cSortOrder ASC, le_cName ASC")
{
$categories = array();
if (is_array($_where)) {
foreach ($_where as $_col => $_val) {
$_where[$_col] = $_col . " = '" . $_val . "'";
}
$_where = implode(" AND ", $_where);
}
if (is_array($_what)) {
$_what = implode(", ", xEscSQL($_what));
} else {
$_what = xEscSQL($_what);
}
$sql = "select " . $_what . " FROM " . LINK_EXCHANGE_CATEGORIES_TABLE . "\n WHERE " . $_where . " ORDER BY " . xEscSQL($_order);
$result = db_query($sql);
while ($_row = db_fetch_row($result)) {
$categories[] = $_row;
}
return $categories;
}
function error_reporting_log($error_num, $error_var, $error_file, $error_line)
{
$error_write = false;
switch ($error_num) {
case 1:
$error_desc = "ERROR";
$error_write = true;
break;
case 2:
$error_desc = "WARNING";
$error_write = true;
break;
case 4:
$error_desc = "PARSE";
$error_write = true;
break;
case 8:
$error_desc = "NOTICE";
$error_write = false;
break;
}
if ($error_write) {
if (strpos($error_file, "mysql.php") == false && strpos($error_file, "smarty") == false) {
$out = $error_desc . ": " . $error_var . "\nLine: " . $error_line . "\nFile: " . $error_file . "\nLink: " . $_SERVER["REQUEST_URI"] . "\nDate: " . date("d.m.y - H:i:s") . "\nDump:\n";
ob_start();
var_dump($_GET);
var_dump($_POST);
$tmpa = ob_get_contents();
ob_end_clean();
$out .= $tmpa;
db_query("insert into " . ERROR_LOG_TABLE . " (errors, tstamp) VALUES ('" . xEscSQL(ToText($out)) . "', NOW())");
$ecount = db_fetch_row(db_query("select count(*) from " . ERROR_LOG_TABLE));
$ecount = $ecount[0] - 50;
if ($ecount > 0) {
db_query("delete from " . ERROR_LOG_TABLE . " ORDER BY tstamp ASC LIMIT " . $ecount);
}
}
}
}
function discGetAllDiscussion($callBackParam, &$count_row, $navigatorParams = null)
{
$data = array();
$orderClause = "";
if (isset($callBackParam["sort"])) {
$orderClause = " order by " . xEscSQL($callBackParam["sort"]);
if (isset($callBackParam["direction"])) {
if ($callBackParam["direction"] == "ASC") {
$orderClause .= " ASC ";
} else {
$orderClause .= " DESC ";
}
}
}
$filter = "";
if (isset($callBackParam["productID"])) {
if ($callBackParam["productID"] != 0) {
$filter = " AND " . PRODUCTS_TABLE . ".productID=" . (int) $callBackParam["productID"];
}
}
$q = db_query("select DID, Author, Body, add_time, Topic, name AS product_name from " . DISCUSSIONS_TABLE . ", " . PRODUCTS_TABLE . " where " . DISCUSSIONS_TABLE . ".productID=" . PRODUCTS_TABLE . ".productID " . $filter . " " . $orderClause);
if ($navigatorParams != null) {
$offset = $navigatorParams["offset"];
$CountRowOnPage = $navigatorParams["CountRowOnPage"];
} else {
$offset = 0;
$CountRowOnPage = 0;
}
$i = 0;
while ($row = db_fetch_row($q)) {
if ($i >= $offset && $i < $offset + $CountRowOnPage || $navigatorParams == null) {
$row["add_time"] = format_datetime($row["add_time"]);
$data[] = $row;
}
$i++;
}
$count_row = $i;
return $data;
}
function payUpdatePaymentMethod($PID, $Name, $description, $Enabled, $sort_order, $module_id, $email_comments_text, $calculate_tax)
{
db_query("update " . PAYMENT_TYPES_TABLE . " set" . " Name='" . xToText($Name) . "', description='" . xEscSQL($description) . "', email_comments_text='" . xEscSQL($email_comments_text) . "', " . " Enabled=" . (int) $Enabled . ", module_id=" . (int) $module_id . ", sort_order=" . (int) $sort_order . ", calculate_tax = " . (int) $calculate_tax . " where PID=" . (int) $PID);
}
function shUpdateShippingMethod($SID, $Name, $description, $Enabled, $sort_order, $module_id, $email_comments_text)
{
db_query("update " . SHIPPING_METHODS_TABLE . " set Name='" . xToText(trim($Name)) . "', description='" . xEscSQL($description) . "', email_comments_text='" . xEscSQL($email_comments_text) . "', " . " Enabled=" . (int) $Enabled . ", module_id=" . (int) $module_id . ", sort_order=" . (int) $sort_order . " where SID=" . (int) $SID);
}
function ordOrderProcessing($shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $customers_comment, $cc_number, $cc_holdername, $cc_expires, $cc_cvv, $log, $smarty_mail, $shServiceID = 0)
{
$customerID = $log != null ? regGetIdByLogin($log) : NULL;
if ($log != null) {
$customerInfo = regGetCustomerInfo2($log);
} else {
$customerInfo['first_name'] = $_SESSION['first_name'];
$customerInfo['last_name'] = $_SESSION['last_name'];
$customerInfo['Email'] = $_SESSION['email'];
$customerInfo['affiliationLogin'] = $_SESSION['affiliationLogin'];
}
$order_time = get_current_time();
$frandl = mt_rand(3, 999);
$order_active_link = md5($order_time) . $frandl;
$customer_ip = stGetCustomerIP_Address();
$statusID = CONF_ACTIVE_ORDER == 1 ? 0 : ostGetNewOrderStatus();
$customer_affiliationLogin = isset($customerInfo['affiliationLogin']) ? $customerInfo['affiliationLogin'] : '';
$customer_email = $customerInfo['Email'];
$currencyID = currGetCurrentCurrencyUnitID();
if ($currencyID != 0) {
$currentCurrency = currGetCurrencyByID($currencyID);
$currency_code = $currentCurrency['currency_iso_3'];
$currency_value = $currentCurrency['currency_value'];
$currency_round = $currentCurrency['roundval'];
} else {
$currency_code = '';
$currency_value = 1;
$currency_round = 2;
}
// get shipping address
if ($shippingAddressID != 0) {
$shippingAddress = regGetAddress($shippingAddressID);
$shippingAddressCountry = cnGetCountryById($shippingAddress['countryID']);
$shippingAddress['country_name'] = $shippingAddressCountry['country_name'];
} else {
$shippingCountryName = cnGetCountryById($_SESSION['receiver_countryID']);
$shippingCountryName = $shippingCountryName['country_name'];
$shippingAddress['first_name'] = $_SESSION['receiver_first_name'];
$shippingAddress['last_name'] = $_SESSION['receiver_last_name'];
$shippingAddress['country_name'] = $shippingCountryName;
$shippingAddress['state'] = $_SESSION['receiver_state'];
$shippingAddress['city'] = $_SESSION['receiver_city'];
$shippingAddress['address'] = $_SESSION['receiver_address'];
$shippingAddress['zoneID'] = $_SESSION['receiver_zoneID'];
}
if (is_null($shippingAddress['state']) || trim($shippingAddress['state']) == '') {
$zone = znGetSingleZoneById($shippingAddress['zoneID']);
$shippingAddress['state'] = $zone['zone_name'];
}
// get billing address
if ($billingAddressID != 0) {
$billingAddress = regGetAddress($billingAddressID);
$billingAddressCountry = cnGetCountryById($billingAddress['countryID']);
$billingAddress['country_name'] = $billingAddressCountry['country_name'];
} else {
$billingCountryName = cnGetCountryById($_SESSION['billing_countryID']);
$billingCountryName = $billingCountryName['country_name'];
$billingAddress['first_name'] = $_SESSION['billing_first_name'];
$billingAddress['last_name'] = $_SESSION['billing_last_name'];
$billingAddress['country_name'] = $billingCountryName;
$billingAddress['state'] = $_SESSION['billing_state'];
$billingAddress['city'] = $_SESSION['billing_city'];
$billingAddress['address'] = $_SESSION['billing_address'];
$billingAddress['zoneID'] = $_SESSION['billing_zoneID'];
}
if (is_null($billingAddress['state']) || trim($billingAddress['state']) == '') {
$zone = znGetSingleZoneById($billingAddress['zoneID']);
$billingAddress['state'] = $zone['zone_name'];
}
$cartContent = cartGetCartContent();
foreach ($cartContent['cart_content'] as $key => $cartItem) {
if (!empty($cartItem['opt_margin']) && $paymentMethodID == 2) {
$cost = $cartItem['costUC'];
$margin = $cost / 100 * CONF_PERCENT_MARGIN;
$cost += $margin;
$costShow = show_price($cost * $cartItem['quantity']);
$cartContent['cart_content'][$key]['costUC'] = $cost;
$cartContent['cart_content'][$key]['cost'] = $costShow;
}
}
if ($log != null) {
$addresses = array($shippingAddressID, $billingAddressID);
} else {
$addresses = array(array('countryID' => $_SESSION['receiver_countryID'], 'zoneID' => $_SESSION['receiver_zoneID']), array('countryID' => $_SESSION['billing_countryID'], 'zoneID' => $_SESSION['billing_zoneID']));
}
$orderDetails = array('first_name' => $shippingAddress['first_name'], 'last_name' => $shippingAddress['last_name'], 'email' => $customerInfo['Email'], 'order_amount' => oaGetOrderAmountExShippingRate($cartContent, $addresses, $log, FALSE));
$shippingMethod = shGetShippingMethodById($shippingMethodID);
$shipping_email_comments_text = $shippingMethod['email_comments_text'];
$shippingName = $shippingMethod['Name'];
$paymentMethod = payGetPaymentMethodById($paymentMethodID);
$paymentName = $paymentMethod['Name'];
$payment_email_comments_text = $paymentMethod['email_comments_text'];
if (isset($paymentMethod['calculate_tax']) && (int) $paymentMethod['calculate_tax'] == 0) {
$order_amount = oaGetOrderAmount($cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID);
$d = oaGetDiscountPercent($cartContent, $log);
$tax = 0;
$shipping_costUC = oaGetShippingCostTakingIntoTax($cartContent, $shippingMethodID, $addresses, $orderDetails, FALSE, $shServiceID, TRUE);
$discount_percent = oaGetDiscountPercent($cartContent, $log);
} else {
$order_amount = oaGetOrderAmount($cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID);
$d = oaGetDiscountPercent($cartContent, $log);
$tax = oaGetProductTax($cartContent, $d, $addresses);
$shipping_costUC = oaGetShippingCostTakingIntoTax($cartContent, $shippingMethodID, $addresses, $orderDetails, TRUE, $shServiceID, TRUE);
$discount_percent = oaGetDiscountPercent($cartContent, $log);
}
$shServiceInfo = '';
if (is_array($shipping_costUC)) {
list($shipping_costUC) = $shipping_costUC;
$shServiceInfo = $shipping_costUC['name'];
$shipping_costUC = $shipping_costUC['rate'];
}
$paymentMethod = payGetPaymentMethodById($paymentMethodID);
if ($paymentMethod) {
$currentPaymentModule = modGetModuleObj($paymentMethod['module_id'], PAYMENT_MODULE);
} else {
$currentPaymentModule = null;
}
if ($currentPaymentModule != null) {
//define order details for payment module
$order_payment_details = array('customer_email' => $customer_email, 'customer_ip' => $customer_ip, 'order_amount' => $order_amount, 'currency_code' => $currency_code, 'currency_value' => $currency_value, 'shipping_cost' => $shipping_costUC, 'order_tax' => $tax, 'shipping_info' => $shippingAddress, 'billing_info' => $billingAddress);
$process_payment_result = $currentPaymentModule->payment_process($order_payment_details);
//gets payment processing result
if (!($process_payment_result == 1)) {
//die ($process_payment_result);
if (isset($_POST)) {
$_SESSION['order4confirmation_post'] = $_POST;
}
xSaveData('PaymentError', $process_payment_result);
if (!$customerID) {
RedirectProtected('index.php?order4_confirmation_quick=yes' . '&shippingMethodID=' . $_GET['shippingMethodID'] . '&paymentMethodID=' . $_GET['paymentMethodID'] . '&shServiceID=' . $shServiceID);
} else {
RedirectProtected('index.php?order4_confirmation=yes' . '&shippingAddressID=' . $_GET['shippingAddressID'] . '&shippingMethodID=' . $_GET['shippingMethodID'] . '&billingAddressID=' . $_GET['billingAddressID'] . '&paymentMethodID=' . $_GET['paymentMethodID'] . '&shServiceID=' . $shServiceID);
}
return false;
}
}
$customerID = (int) $customerID;
// debug($cartContent['cart_content']);
//
// exit;
$sql = 'INSERT INTO ' . ORDERS_TABLE . '
SET
customerID = ' . (int) $customerID . ',
order_time = "' . xEscSQL($order_time) . '",
customer_ip = "' . xToText($customer_ip) . '",
shipping_type = "' . xToText($shippingName) . '",
payment_type = "' . xToText($paymentName) . '",
customers_comment = "' . xToText($customers_comment) . '",
statusID = ' . (int) $statusID . ',
shipping_cost = "' . (double) $shipping_costUC . '",
order_discount = "' . (double) $discount_percent . '",
order_amount= "' . (double) $order_amount . '",
currency_code = "' . xEscSQL($currency_code) . '",
currency_value = "' . (double) $currency_value . '",
customer_firstname = "' . xToText($customerInfo['first_name']) . '",
customer_lastname = "' . xToText($customerInfo['last_name']) . '",
customer_email = "' . xToText($customer_email) . '",
shipping_firstname = "' . xToText($shippingAddress['first_name']) . '",
shipping_lastname = "' . xToText($shippingAddress['last_name']) . '",
shipping_country= "' . xToText($shippingAddress['country_name']) . '",
shipping_state= "' . xToText($shippingAddress['state']) . '",
shipping_city= "' . xToText($shippingAddress['city']) . '",
shipping_address= "' . xToText($shippingAddress['address']) . '",
billing_firstname= "' . xToText($billingAddress['first_name']) . '",
billing_lastname= "' . xToText($billingAddress['last_name']) . '",
billing_country= "' . xToText($billingAddress['country_name']) . '",
billing_state= "' . xToText($billingAddress['state']) . '",
billing_city= "' . xToText($billingAddress['city']) . '",
billing_address= "' . xToText($billingAddress['address']) . '",
cc_number= "' . xEscSQL($cc_number) . '",
cc_holdername= "' . xToText($cc_holdername) . '",
cc_expires= "' . xEscSQL($cc_expires) . '",
cc_cvv= "' . xEscSQL($cc_cvv) . '",
affiliateID= "' . (isset($_SESSION['refid']) ? $_SESSION['refid'] : regGetIdByLogin($customer_affiliationLogin)) . '",
shippingServiceInfo= "' . $shServiceInfo . '",
custlink= "' . xEscSQL($order_active_link) . '",
currency_round= "' . (int) $currency_round . '",
paymethod= ' . (int) $paymentMethodID;
db_query($sql);
$orderID = db_insert_id(ORDERS_TABLE);
if (!CONF_ACTIVE_ORDER) {
stChangeOrderStatus($orderID, $statusID);
}
$paymentMethod = payGetPaymentMethodById($paymentMethodID);
if ($paymentMethod) {
$currentPaymentModule = modGetModuleObj($paymentMethod['module_id'], PAYMENT_MODULE);
// $currentPaymentModule = payGetPaymentModuleById( $paymentMethod['module_id'], $paymentModulesFiles );
} else {
$currentPaymentModule = null;
}
//save shopping cart content to database and update in-stock information
if ($log != null) {
cartMoveContentFromShoppingCartsToOrderedCarts($orderID, $shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $smarty_mail);
} else {
_moveSessionCartContentToOrderedCart($orderID, $paymentMethodID);
//update in-stock information
if ($statusID != ostGetCanceledStatusId() && CONF_CHECKSTOCK) {
$q1 = db_query('select itemID, Quantity FROM ' . ORDERED_CARTS_TABLE . ' WHERE orderID=' . (int) $orderID);
while ($item = db_fetch_row($q1)) {
$q2 = db_query('select productID FROM ' . SHOPPING_CART_ITEMS_TABLE . ' WHERE itemID=' . (int) $item['itemID']);
$pr = db_fetch_row($q2);
if ($pr) {
db_query('update ' . PRODUCTS_TABLE . ' set in_stock = in_stock - ' . (int) $item['Quantity'] . ' where productID=' . (int) $pr[0]);
$q = db_query('select name, in_stock FROM ' . PRODUCTS_TABLE . ' WHERE productID=' . (int) $pr[0]);
$productsta = db_fetch_row($q);
if ($productsta[1] == 0) {
if (CONF_AUTOOFF_STOCKADMIN) {
db_query('update ' . PRODUCTS_TABLE . ' set enabled=0 where productID=' . (int) $pr[0]);
}
if (CONF_NOTIFY_STOCKADMIN) {
$smarty_mail->assign('productstaname', $productsta[0]);
$smarty_mail->assign('productstid', $pr[0]);
$stockadmin = $smarty_mail->fetch('notify_stockadmin.tpl');
$ressta = xMailTxtHTMLDATA(CONF_ORDERS_EMAIL, CUSTOMER_ACTIVATE_99 . ' - ' . CONF_SHOP_NAME, $stockadmin);
}
}
}
}
}
//now save registration form aux fields into CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG
//for quick checkout orders these fields are stored separately than for registered customer (SS_customers)
db_query('delete from ' . CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG . ' where orderID=' . (int) $orderID);
foreach ($_SESSION as $key => $val) {
if (strstr($key, 'additional_field_') && strlen(trim($val)) > 0) {
$id = (int) str_replace('additional_field_', '', $key);
if ($id > 0) {
db_query('insert into ' . CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG . ' (orderID, reg_field_ID, reg_field_value) values (' . (int) $orderID . ', ' . (int) $id . ', "' . xToText(trim($val)) . '");');
}
}
}
}
if ($currentPaymentModule != null) {
$currentPaymentModule->after_processing_php($orderID);
}
_sendOrderNotifycationToAdmin($orderID, $smarty_mail, $tax);
_sendOrderNotifycationToCustomer($orderID, $smarty_mail, $customerInfo['Email'], $log, $payment_email_comments_text, $shipping_email_comments_text, $tax, $order_active_link);
if ($log == null) {
_quickOrderUnsetSession();
}
unset($_SESSION['order4confirmation_post']);
return $orderID;
}
function admin_print_html($orderID)
{
$order = ordGetOrder($orderID);
if (!$this->ModuleConfigID) {
$sql = 'SELECT module_id FROM ' . MODULES_TABLE . ' WHERE module_name="' . xEscSQL($this->title) . '"';
@(list($this->ModuleConfigID) = db_fetch_row(db_query($sql)));
}
$result = 'admin.php?do=invoice_phys&moduleID=' . (int) $this->ModuleConfigID . '&orderID=' . (int) $orderID;
return $result;
}
function newsUpdateNews($add_date, $title, $textToPrePublication, $textToPublication, $textToMail, $id_news)
{
db_query("update " . NEWS_TABLE . " set add_date='" . xEscSQL(dtDateConvert($add_date)) . "', " . " title='" . xToText($title) . "', " . " textToPrePublication='" . xEscSQL($textToPrePublication) . "', " . " textToPublication='" . xEscSQL($textToPublication) . "', " . " textToMail='" . xEscSQL($textToMail) . "' " . " where NID = " . (int) $id_news);
}
function regGetCustomers($callBackParam, &$count_row, $navigatorParams = null)
{
if ($navigatorParams != null) {
$offset = $navigatorParams["offset"];
$CountRowOnPage = $navigatorParams["CountRowOnPage"];
} else {
$offset = 0;
$CountRowOnPage = 0;
}
$where_clause = "";
if (isset($callBackParam["Login"])) {
$callBackParam["Login"] = xEscSQL($callBackParam["Login"]);
$where_clause .= " Login LIKE '%" . $callBackParam["Login"] . "%' ";
}
if (isset($callBackParam["first_name"])) {
$callBackParam["first_name"] = xEscSQL($callBackParam["first_name"]);
if ($where_clause != "") {
$where_clause .= " AND ";
}
$where_clause .= " first_name LIKE '%" . $callBackParam["first_name"] . "%' ";
}
if (isset($callBackParam["last_name"])) {
$callBackParam["last_name"] = xEscSQL($callBackParam["last_name"]);
if ($where_clause != "") {
$where_clause .= " AND ";
}
$where_clause .= " last_name LIKE '%" . $callBackParam["last_name"] . "%' ";
}
if (isset($callBackParam["email"])) {
$callBackParam["email"] = xEscSQL($callBackParam["email"]);
if ($where_clause != "") {
$where_clause .= " AND ";
}
$where_clause .= " Email LIKE '%" . $callBackParam["email"] . "%' ";
}
if (isset($callBackParam["groupID"])) {
if ($callBackParam["groupID"] != 0) {
if ($where_clause != "") {
$where_clause .= " AND ";
}
$where_clause .= " custgroupID = " . (int) $callBackParam["groupID"] . " ";
}
}
if (isset($callBackParam["ActState"])) {
switch ($callBackParam["ActState"]) {
#activated
case 1:
if ($where_clause != "") {
$where_clause .= " AND ";
}
$where_clause .= " (ActivationCode='' OR ActivationCode IS NULL)";
break;
#not activated
#not activated
case 0:
if ($where_clause != "") {
$where_clause .= " AND ";
}
$where_clause .= " ActivationCode!=''";
break;
}
}
if ($where_clause != "") {
$where_clause = " where " . $where_clause;
}
$order_clause = "";
if (isset($callBackParam["sort"])) {
$order_clause .= " order by " . xEscSQL($callBackParam["sort"]) . " ";
if (isset($callBackParam["direction"])) {
if ($callBackParam["direction"] == "ASC") {
$order_clause .= " ASC ";
} else {
$order_clause .= " DESC ";
}
}
}
$q = db_query("select customerID, Login, cust_password, Email, first_name, last_name, subscribed4news, " . " custgroupID, addressID, reg_datetime, ActivationCode " . " from " . CUSTOMERS_TABLE . " " . $where_clause . " " . $order_clause);
$data = array();
$i = 0;
//var_dump ($navigatorParams);
while ($row = db_fetch_row($q)) {
if ($i >= $offset && $i < $offset + $CountRowOnPage || $navigatorParams == null) {
$group = GetCustomerGroupByCustomerId($row["customerID"]);
$row["custgroup_name"] = $group["custgroup_name"];
$row["allowToDelete"] = regVerifyToDelete($row["customerID"]);
$row["reg_datetime"] = format_datetime($row["reg_datetime"]);
$data[] = $row;
}
$i++;
}
$count_row = $i;
return $data;
}
function auxpgAddAuxPage($aux_page_name, $aux_page_text, $aux_page_text_type, $meta_keywords, $meta_description, $aux_page_title)
{
db_query("insert into " . AUX_PAGES_TABLE . " ( aux_page_name, aux_page_text, aux_page_text_type, meta_keywords, meta_description, title ) " . " values( '" . xToText($aux_page_name) . "', '" . xEscSQL($aux_page_text) . "', " . (int) $aux_page_text_type . ", " . " '" . xToText($meta_keywords) . "', '" . xToText($meta_description) . "', '" . xToText($aux_page_title) . "' ) ");
}
$answers_results = unserialize($data["poll_ans"]);
if ($data["iplog"] != "") {
$iplogs = unserialize($data["iplog"]);
} else {
$iplogs = array();
}
$ipaddr = stGetCustomerIP_Address();
if (!isset($iplogs[$ipaddr])) {
$iplogs[$ipaddr] = 0;
}
//increase voters count for current option
if ((!isset($_SESSION["vote_completed"][$data[0]]) || $_SESSION["vote_completed"][$data[0]] != 1) && isset($_GET["answer"]) && isset($answers_results[$_GET["answer"]]) && $iplogs[$ipaddr] < 3) {
$anscol = (int) $_GET["answer"];
$iplogs[$ipaddr]++;
$iplogs = serialize($iplogs);
db_query("UPDATE " . SURVEY_TABLE . " SET ans_" . $anscol . "=ans_" . $anscol . "+1, all_poll=all_poll+1, iplog='" . xEscSQL($iplogs) . "' WHERE active=1");
$data["ans_" . $anscol]++;
//don't allow user to vote more than 1 time
$_SESSION["vote_completed"][$data[0]] = 1;
} else {
if (!isset($_GET["view_voting_results"])) {
$smarty->assign("user_voted", 1);
}
}
$survey_results = array();
for ($i = 0; $i < count($answers_results); $i++) {
$survey_results[$i] = $data["ans_" . $i];
}
$smarty->assign("survey_results", $survey_results);
$smarty->assign("show_survey_results", 1);
$smarty->assign("main_content_template", "customer_survey_result.tpl");
function pricessCategories($parent, $level)
{
//same as processCategories(), except it creates a pricelist of the shop
$out = array();
$cnt = 0;
$sql = '
SELECT
categoryID,
name,
uri
FROM ' . CATEGORIES_TABLE . '
WHERE parent= ' . (int) $parent . '
ORDER BY sort_order, name';
$q1 = db_query($sql);
while ($row = db_fetch_row($q1)) {
$r = hexdec(substr('999999', 0, 2));
$g = hexdec(substr('999999', 2, 2));
$b = hexdec(substr('999999', 4, 2));
$m = (double) max($r, max($g, $b));
$r = round((190 + 20 * min($level, 3)) * $r / $m);
$g = round((190 + 20 * min($level, 3)) * $g / $m);
$b = round((190 + 20 * min($level, 3)) * $b / $m);
$c = dechex($r) . dechex($g) . dechex($b);
//final color
//add category to the output
$out[$cnt][0] = $row[0];
$out[$cnt][1] = $row[1];
$out[$cnt][2] = $level;
$out[$cnt][3] = 1;
$out[$cnt][4] = 0;
//0 is for category, 1 - product
$out[$cnt]['url'] = fu_make_url($row);
$cnt++;
if (!isset($_GET["sort"])) {
$order_clause = "order by " . CONF_DEFAULT_SORT_ORDER . "";
} else {
//verify $_GET["sort"]
if (!(!strcmp($_GET["sort"], "name") || !strcmp($_GET["sort"], "Price") || !strcmp($_GET["sort"], "customers_rating"))) {
$_GET["sort"] = "name";
}
$order_clause = " order by " . xEscSQL($_GET["sort"]);
if (isset($_GET["direction"])) {
if (!strcmp($_GET["direction"], "DESC")) {
$order_clause .= " DESC ";
} else {
$order_clause .= " ASC ";
}
}
}
//add products
// Price,
// in_stock,
$sql = '
SELECT
productID,
name,
product_code,
uri,
uri_opt_val,
categoryID
' . convert_prices() . '
FROM ' . PRODUCTS_TABLE . '
WHERE categoryID=' . $row[0] . ' AND Price > 0 AND enabled=1 ' . $order_clause;
$q = db_query($sql);
while ($row1 = db_fetch_row($q)) {
if ($row1['Price'] < 0) {
$cennik = "n/a";
$row1['Price'] = "n/a";
} else {
$cennik = show_price($row1['Price']);
$row1['Price'] = show_price($row1['Price'], 0, false);
}
$out[$cnt][0] = $row1['productID'];
$out[$cnt][1] = $row1['name'];
$out[$cnt][2] = $level;
$out[$cnt][3] = "FFFFFF";
$out[$cnt][4] = 1;
//0 is for category, 1 - product
$out[$cnt][5] = $cennik;
$out[$cnt][6] = $row1['in_stock'];
$out[$cnt][7] = $row1['product_code'];
$out[$cnt][8] = $row1['Price'];
$out[$cnt]['url'] = fu_make_url($row1);
$cnt++;
}
//process all subcategories
$sub_out = pricessCategories($row[0], $level + 1);
//add $sub_out to the end of $out
$c_sub_out = count($sub_out);
for ($j = 0; $j < $c_sub_out; $j++) {
$out[] = $sub_out[$j];
$cnt++;
}
}
return $out;
}
Redirect(ADMIN_FILE . "?dpt=modules&sub=survey&save_successful=yes");
}
if (isset($_POST["save_voting"]) && isset($_POST["question"]) && isset($_POST["answers"])) {
if (CONF_BACKEND_SAFEMODE) {
Redirect(ADMIN_FILE . "?dpt=modules&sub=survey&safemode=yes");
}
$answers = explode("\n", chop($_POST["answers"]));
$answers_cm = array();
for ($i = 0; $i < count($answers); $i++) {
if (rtrim($answers[$i]) !== "" && $i < 10) {
$answers_cm[] = xToText(rtrim($answers[$i]));
}
}
$answers = serialize($answers_cm);
db_query("UPDATE " . SURVEY_TABLE . " SET active=0 WHERE active=1");
db_query("insert into " . SURVEY_TABLE . " (poll_date, poll_title, poll_ans, active) values('" . xEscSQL(get_current_time()) . "','" . xToText(trim($_POST["question"])) . "','" . $answers . "',1)");
Redirect(ADMIN_FILE . "?dpt=modules&sub=survey&save_successful=yes");
}
if (isset($_GET["start_new_poll"])) {
$smarty->assign("start_new_poll", "yes");
} else {
$result = db_query("SELECT poll_title, all_poll, active, poll_id, poll_date FROM " . SURVEY_TABLE . " ORDER BY poll_id DESC");
$surveys = array();
while ($data = db_fetch_row($result)) {
$data["poll_ans"] = unserialize($data["poll_ans"]);
$surveys[] = $data;
$smarty->assign("surveys", $surveys);
}
}
//set sub-department template
$smarty->assign("admin_sub_dpt", "modules_survey.tpl");
function stChangeOrderStatus($orderID, $statusID, $comment = '', $notify = 0)
{
$q_status_name = db_query("select status_name from " . ORDER_STATUES_TABLE . " where statusID=" . (int) $statusID);
list($status_name) = db_fetch_row($q_status_name);
$sql = "insert into " . ORDER_STATUS_CHANGE_LOG_TABLE . " ( orderID, status_name, status_change_time, status_comment ) " . " values( " . (int) $orderID . ", '" . xToText($status_name) . "', '" . xEscSQL(get_current_time()) . "', '" . xToText(trim($comment)) . "' ) ";
db_query($sql);
if ($notify) {
$Order = ordGetOrder($orderID);
$t = '';
$Email = '';
$FirstName = '';
regGetContactInfo(regGetLoginById($Order['customerID']), $t, $Email, $FirstName, $t, $t, $t);
if (!$Email) {
$Email = $Order['customer_email'];
}
if (!$FirstName) {
$FirstName = $Order['customer_firstname'];
}
xMailTxt($Email, STRING_CHANGE_ORDER_STATUS, 'customer.order.change_status.tpl', array('customer_firstname' => $FirstName, '_MSG_CHANGE_ORDER_STATUS' => str_replace(array('{STATUS}', '{ORDERID}'), array($status_name == 'STRING_CANCELED_ORDER_STATUS' ? STRING_CANCELED_ORDER_STATUS : $status_name, $orderID), MSG_CHANGE_ORDER_STATUS), '_ADMIN_COMMENT' => $comment));
}
}
<?php
if (isset($_POST['links_exchange']) || isset($_GET['links_exchange'])) {
if (isset($_POST['fACTION'])) {
if ($_POST['fACTION'] == 'ADD_LINK') {
do {
if (!strlen(str_replace('http://', '', $_POST['LINK']['le_lURL']))) {
$error = STRING_ERROR_LE_ENTER_LINK;
break;
}
$_POST['LINK']['le_lURL'] = xEscSQL($_POST['LINK']['le_lURL']);
if (!strlen($_POST['LINK']['le_lText'])) {
$error = STRING_ERROR_LE_ENTER_TEXT;
break;
}
if (strlen($_POST['LINK']['le_lDesk'])) {
$_POST['LINK']['le_lDesk'] = xToText($_POST['LINK']['le_lDesk']);
}
$_POST['LINK']['le_lText'] = xToText($_POST['LINK']['le_lText']);
if (strpos($_POST['LINK']['le_lURL'], 'http://')) {
$_POST['LINK']['le_lURL'] = 'http://' . $_POST['LINK']['le_lURL'];
}
if (CONF_ENABLE_CONFIRMATION_CODE) {
$error_f = 1;
if (!$_POST['fConfirmationCode'] || !isset($_SESSION['captcha_keystring']) || $_SESSION['captcha_keystring'] !== $_POST['fConfirmationCode']) {
$error_f = 2;
$error = ERR_WRONG_CCODE;
}
unset($_SESSION['captcha_keystring']);
if ($error_f == 1) {
if (le_addLink($_POST['LINK'])) {
function currGetCurrencyByISO3($_ISO3)
{
$q = db_query("select CID, Name, code, currency_value, where2show, sort_order, currency_iso_3 from " . CURRENCY_TYPES_TABLE . " where currency_iso_3='" . xEscSQL($_ISO3) . "' ");
$row = db_fetch_row($q);
if (!$row) {
$row = NULL;
}
return $row;
}
function after_processing_html($orderID)
{
//открыть окно со счетом
$order = ordGetOrder($orderID);
if (!$this->ModuleConfigID) {
$sql = 'SELECT module_id FROM ' . MODULES_TABLE . ' WHERE module_name="' . xEscSQL($this->title) . '"';
@(list($this->ModuleConfigID) = db_fetch_row(db_query($sql)));
}
$res = "";
$res .= "<script>\n" . " open_window('index.php?do=invoice_jur&moduleID=" . (int) $this->ModuleConfigID . "&orderID=" . (int) $orderID . "&order_time=" . base64_encode($order["order_time_mysql"]) . "&customer_email=" . base64_encode($order["customer_email"]) . "',700,600);\n" . "</script>\n";
return $res;
}
function _exportProducts($f, $rate, $export_product_name, $categories_select)
{
if (!count($categories_select)) {
return 0;
}
include_once "core/classes/class.html2text.php";
include_once "core/classes/class.htmlparser.php";
fputs($f, " <offers>\n");
//товары с нулевым остатком на складе
if (isset($_POST["yandex_dont_export_negative_stock"])) {
$clause = " and in_stock>0";
} else {
$clause = "";
}
//какое описание экспортировать
if ($_POST["yandex_export_description"] == 1) {
$dsc = "description";
$dsc_q = ", " . $dsc;
} else {
if ($_POST["yandex_export_description"] == 2) {
$dsc = "brief_description";
$dsc_q = ", " . $dsc;
} else {
$dsc = "";
$dsc_q = "";
}
}
$clause .= " and categoryID IN (" . implode(", ", xEscSQL($categories_select)) . ")";
$sql = '
SELECT
productID,
name,
Price,
categoryID,
default_picture' . $dsc_q . ',
in_stock,
uri,
uri_opt_val
' . convert_prices() . '
FROM ' . PRODUCTS_TABLE . '
WHERE enabled=1' . $clause;
$q = db_query($sql);
$store_url = correct_URL(CONF_FULL_SHOP_URL);
while ($product = db_fetch_row($q)) {
$price_row = priceRow($product);
$url = $store_url . fu_make_url($product);
fputs($f, " <offer available=\"" . ($product['in_stock'] || !CONF_CHECKSTOCK ? 'true' : 'false') . "\" id=\"" . $product["productID"] . "\">\n");
fputs($f, " <url>" . $url . "</url>\n");
//fputs($f, " <price>" . roundf($product["Price"] * $rate) . "</price>\n");
fputs($f, " <price>" . $price_row['Price_base'] . "</price>\n");
fputs($f, " <currencyId>RUR</currencyId>\n");
fputs($f, " <categoryId>" . $product["categoryID"] . "</categoryId>\n");
if ($product["default_picture"] != NULL) {
$pic_clause = " and photoID=" . (int) $product["default_picture"];
} else {
$pic_clause = "";
}
$q1 = db_query("select filename, thumbnail from " . PRODUCT_PICTURES . " where productID=" . (int) $product["productID"] . $pic_clause);
$pic_row = db_fetch_row($q1);
if ($pic_row) {
if (strlen($pic_row["filename"]) && file_exists("data/small/" . $pic_row["filename"])) {
fputs($f, " <picture>" . $store_url . "data/small/" . str_replace(' ', '%20', _deleteHTML_Elements($pic_row["filename"])) . "</picture>\n");
} else {
if (strlen($pic_row["thumbnail"]) && file_exists("data/medium/" . $pic_row["thumbnail"])) {
fputs($f, " <picture>" . $store_url . "data/medium/" . str_replace(' ', '%20', _deleteHTML_Elements($pic_row["thumbnail"])) . "</picture>\n");
}
}
}
switch ($export_product_name) {
default:
case 'only_name':
$_NameAddi = '';
break;
case 'path_and_name':
$_NameAddi = '';
$_t = catCalculatePathToCategory($product['categoryID']);
foreach ($_t as $__t) {
if ($__t['categoryID'] != 1) {
$_NameAddi .= $__t['name'] . ':';
}
}
break;
}
$product["name"] = _deleteHTML_Elements($_NameAddi . $product["name"]);
fputs($f, " <name>" . $product["name"] . "</name>\n");
if (strlen($dsc) > 0) {
$product_dsc = new Html2Text($product[$dsc], 10000);
$product_dsc = $product_dsc->convert();
fputs($f, " <description>" . _deleteHTML_Elements($product_dsc) . "</description>\n");
} else {
fputs($f, " <description></description>\n");
}
fputs($f, " </offer>\n");
}
fputs($f, " </offers>\n");
}
die("Заказ не найден в базе данных");
}
$sql = '
SELECT count(*)
FROM ' . ORDERS_TABLE . '
WHERE orderID=' . $_GET['orderID'];
} else {
if (!isset($_GET["orderID"]) || !isset($_GET["order_time"]) || !isset($_GET["customer_email"]) || !isset($_GET["moduleID"])) {
die("Заказ не найден в базе данных");
}
$sql = '
SELECT count(*)
FROM ' . ORDERS_TABLE . '
orderID=' . $_GET['orderID'] . '
AND order_time="' . xEscSQL(base64_decode($_GET['order_time'])) . '"
AND customer_email="' . xEscSQL(base64_decode($_GET['customer_email'])) . '"';
}
$InvoiceModule = modGetModuleObj((int) $_GET['moduleID'], PAYMENT_MODULE);
$_GET["orderID"] = (int) $_GET["orderID"];
$q = db_query($sql);
$row = db_fetch_row($q);
if ($row[0] == 1) {
//заказ найден в базе данных
$order = ordGetOrder($_GET["orderID"]);
//define smarty vars
$smarty->assign("billing_lastname", $order["customer_lastname"]);
$smarty->assign("billing_firstname", $order["customer_firstname"]);
$smarty->assign("billing_city", $order["billing_city"]);
$smarty->assign("billing_address", $order["billing_address"]);
if ($InvoiceModule->is_installed()) {
$smarty->assign('InvoiceModule', $InvoiceModule);
function optOptionValueExists($optionID, $value_name)
{
$q = db_query("select variantID from " . PRODUCTS_OPTIONS_VALUES_VARIANTS_TABLE . " where optionID=" . (int) $optionID . " and option_value='" . xEscSQL(trim($value_name)) . "';");
$row = db_fetch_row($q);
if ($row) {
return $row[0];
} else {
return false;
}
}
function UpdateAdminRights($edit_num, $actions)
{
$actions[] = 100;
$actions = xEscSQL(serialize($actions));
db_query("update " . CUSTOMERS_TABLE . " set actions='" . $actions . "' where customerID=" . (int) $edit_num);
}
}
$msg = 'ok';
break;
case 'MOVE_LINKS':
if (isset($_POST['LINKS_IDS'])) {
foreach ($_POST['LINKS_IDS'] as $_linkID) {
le_SaveLink(array('le_lID' => $_linkID, 'le_lCategoryID' => $_POST['new_le_lCategoryID']));
}
}
$msg = 'ok';
break;
case 'SAVE_LINKS':
if (isset($_POST['LINKS_IDS'])) {
foreach ($_POST['LINKS_IDS'] as $_linkID) {
if (strlen(str_replace('http://', '', $_POST['LINK'][$_linkID]['le_lURL']))) {
$_POST['LINK'][$_linkID]['le_lURL'] = xEscSQL($_POST['LINK'][$_linkID]['le_lURL']);
}
if (strlen($_POST['LINK'][$_linkID]['le_lText'])) {
$_POST['LINK'][$_linkID]['le_lText'] = xToText($_POST['LINK'][$_linkID]['le_lText']);
}
if (strlen($_POST['LINK'][$_linkID]['le_lDesk'])) {
$_POST['LINK'][$_linkID]['le_lDesk'] = xToText($_POST['LINK'][$_linkID]['le_lDesk']);
}
$_POST['LINK'][$_linkID]['le_lID'] = $_linkID;
if (!le_SaveLink($_POST['LINK'][$_linkID])) {
$error_message = STRING_ERROR_LE_LINK_EXISTS;
}
}
}
if (!isset($error_message)) {
$msg = 'ok';
