$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = xos_date_raw($dob);
}
xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'");
// reset the session variables
if (ACCOUNT_GENDER == 'true') {
$_SESSION['customer_gender'] = $gender;
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success');
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
}
$account_query = xos_db_query("select customers_gender, customers_c_id, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_language_id, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$account = xos_db_fetch_array($account_query);
$site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'));
require DIR_WS_INCLUDES . 'html_header.php';
while (list($key, $val) = each($_POST['shipping_allowed'])) {
if ($val == true) {
$group_shipment_allowed .= xos_db_prepare_input($val) . ';';
}
}
// end while
$group_shipment_allowed = substr($group_shipment_allowed, 0, strlen($group_shipment_allowed) - 1);
}
// end if ($_POST['shipment_allowed'])
$new_cg_id = LAST_CUSTOMERS_GROUPS_ID + 1;
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . (int) $new_cg_id . "', last_modified = now() where configuration_key = 'LAST_CUSTOMERS_GROUPS_ID'");
xos_db_query("insert into " . TABLE_CUSTOMERS_GROUPS . " set customers_group_id = '" . $new_cg_id . "', customers_group_name = '" . $customers_group_name . "', customers_group_discount='" . $customers_group_discount . "', customers_group_show_tax = '" . $customers_group_show_tax . "', customers_group_tax_exempt = '" . $customers_group_tax_exempt . "', group_payment_allowed = '" . $group_payment_allowed . "', group_shipment_allowed = '" . $group_shipment_allowed . "'");
$special_prices_query = xos_db_query("select products_id, specials_new_products_price, expires_date, status, error from " . TABLE_SPECIALS . " where customers_group_id = '0'");
while ($special_prices = xos_db_fetch_array($special_prices_query)) {
$special_expires_date = $special_prices['expires_date'] == null ? 'null' : xos_db_input($special_prices['expires_date']);
xos_db_perform(TABLE_SPECIALS, array('products_id' => xos_db_input($special_prices['products_id']), 'customers_group_id' => $new_cg_id, 'specials_new_products_price' => xos_db_input($special_prices['specials_new_products_price']), 'expires_date' => $special_expires_date, 'status' => xos_db_input($special_prices['status']), 'error' => xos_db_input($special_prices['error'])));
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action'))));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
if ($action == 'edit' || $action == 'new') {
$javascript .= '<script type="text/javascript">' . "\n\n" . '/* <![CDATA[ */' . "\n" . 'function check_form() {' . "\n" . ' var error = 0;' . "\n\n" . ' var customers_group_name = document.customers.customers_group_name.value;' . "\n\n" . ' if (customers_group_name == "") {' . "\n" . ' error_message = "' . ERROR_CUSTOMERS_GROUP_NAME . '";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
}
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if ($action == 'edit') {
@unlink(DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $_POST['current_manufacturer_image']);
}
xos_db_query("update " . TABLE_MANUFACTURERS . " set manufacturers_image = '' where manufacturers_id = '" . (int) $manufacturers_id . "'");
}
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$manufacturers_name_array = $_POST['manufacturers_name'];
$manufacturers_url_array = $_POST['manufacturers_url'];
$language_id = $languages[$i]['id'];
$sql_data_array = array('manufacturers_name' => xos_db_prepare_input($manufacturers_name_array[$language_id]), 'manufacturers_url' => xos_db_prepare_input($manufacturers_url_array[$language_id]));
if ($action == 'insert') {
$insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array);
} elseif ($action == 'save') {
xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'");
}
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'mID=' . $manufacturers_id));
break;
case 'deleteconfirm':
$manufacturers_id = xos_db_prepare_input($_GET['mID']);
if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') {
$manufacturer_query = xos_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
$manufacturer = xos_db_fetch_array($manufacturer_query);
$duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($manufacturer['manufacturers_image']) . "'");
$duplicate_image = xos_db_fetch_array($duplicate_image_query);
if ($duplicate_image['total'] < 2) {
$image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image'];
@unlink($image_location);
if ($special_price > 0) {
xos_db_perform(TABLE_SPECIALS, array('products_id' => (int) $products_id, 'customers_group_id' => $customers_group['customers_group_id'], 'specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'));
}
}
}
if (isset($_POST['attributes_price_array'])) {
$attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array']));
foreach ($attributes_price_array as $key => $value) {
if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) {
$_POST['price_prefix_' . $key] = $_POST['price_prefix_' . $key] == '-' && $_POST['value_price_' . $key] > 0 ? '-' : '+';
xos_db_query("update " . TABLE_PRODUCTS_ATTRIBUTES . " set options_values_price = '" . (double) $_POST['value_price_' . $key] . "', price_prefix = '" . xos_db_input($_POST['price_prefix_' . $key]) . "' where products_attributes_id = '" . (int) $key . "'");
}
}
}
$sql_data_array = array('products_price' => serialize($prices_array));
xos_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'");
$smarty_cache_control->clearAllCache();
if ($specials_error) {
$messageStack->add_session('price_error', ERROR_NOT_ALL_NECESSARY_PRICES, 'error');
xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'product_ID=' . $products_id . '&categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '') . '&errGr=' . substr($spec_err_gr, 0, -1)));
}
xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '')));
}
$max_display_update_prices_results_array = array();
$set = false;
for ($i = 50; $i <= 500; $i = $i + 50) {
if (MAX_DISPLAY_RESULTS <= $i && $set == false) {
$max_display_update_prices_results_array[] = array('id' => MAX_DISPLAY_RESULTS, 'text' => MAX_DISPLAY_RESULTS);
$set = true;
}
if (MAX_DISPLAY_RESULTS != $i) {
$messageStack->add('header', ERROR_NEWSLETTER_MODULE, 'error');
$newsletter_error = true;
}
if ($newsletter_error == false) {
$sql_data_array = array('title' => $title, 'language_id' => $language_id, 'content_text_plain' => $content_text_plain, 'module' => $newsletter_module);
if (isset($content_text_htlm)) {
$sql_data_array['content_text_htlm'] = $content_text_htlm;
}
if ($action == 'insert') {
$sql_data_array['date_added'] = 'now()';
$sql_data_array['status'] = '0';
$sql_data_array['locked'] = '0';
xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array);
$newsletter_id = xos_db_insert_id();
} elseif ($action == 'update') {
xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array, 'update', "newsletters_id = '" . (int) $newsletter_id . "'");
}
xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'nID=' . $newsletter_id));
} else {
$action = 'new';
}
break;
case 'deleteconfirm':
$newsletter_id = xos_db_prepare_input($_GET['nID']);
xos_db_query("delete from " . TABLE_NEWSLETTERS . " where newsletters_id = '" . (int) $newsletter_id . "'");
xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page']));
break;
case 'send':
case 'confirm_send':
if (SEND_EMAILS != 'true') {
xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page'] . '&nID=' . $_GET['nID']));
$sql_data_array['date_added'] = 'now()';
xos_db_perform(TABLE_CONTENTS, $sql_data_array);
$content_id = xos_db_insert_id();
} elseif ($action == 'update') {
xos_set_content_status($content_id, $status, $type);
$sql_data_array['last_modified'] = 'now()';
xos_db_perform(TABLE_CONTENTS, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "'");
}
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$sql_data_array = array('name' => xos_db_prepare_input(htmlspecialchars_decode($_POST['name'][$languages[$i]['id']])), 'heading_title' => xos_db_prepare_input(htmlspecialchars($_POST['heading_title'][$languages[$i]['id']])), 'content' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace(' ', '', strip_tags(xos_db_prepare_input($_POST['content'][$languages[$i]['id']]), '<img>'))) != '' ? xos_db_prepare_input($_POST['content'][$languages[$i]['id']]) : ''), 'php_source' => xos_db_prepare_input($_POST['php_source'][$languages[$i]['id']]));
if ($action == 'insert') {
$sql_data_array['content_id'] = $content_id;
$sql_data_array['language_id'] = $languages[$i]['id'];
xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array);
} elseif ($action == 'update') {
xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "' and language_id = '" . (int) $languages[$i]['id'] . "'");
}
}
$smarty_cache_control->clearCache(null, 'L2|box_information');
$smarty_cache_control->clearCache(null, 'L3|cc_index_default');
xos_redirect(xos_href_link(FILENAME_INFO_PAGES, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'cID=' . $content_id));
} else {
$reload = true;
$action = 'new';
}
break;
case 'deleteconfirm':
$content_id = xos_db_prepare_input($_GET['cID']);
xos_db_query("delete from " . TABLE_CONTENTS . " where content_id = '" . (int) $content_id . "'");
xos_db_query("delete from " . TABLE_CONTENTS_DATA . " where content_id = '" . (int) $content_id . "'");
$smarty_cache_control->clearCache(null, 'L2|box_information');
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$_SESSION['billto'] = xos_db_insert_id();
if (isset($_SESSION['payment'])) {
unset($_SESSION['payment']);
}
xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
// process the selected billing destination
} elseif (isset($_POST['address'])) {
$reset_payment = false;
if (isset($_SESSION['billto'])) {
if ($_SESSION['billto'] != $_POST['address']) {
if (isset($_SESSION['payment'])) {
$reset_payment = true;
}
}
$stored_email[] = $check_email['admin_email_address'];
}
if (xos_validate_email($admin_email_address) == false) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_not_valid'));
} elseif (in_array($admin_email_address, $stored_email)) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_used'));
} else {
$my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . "");
$my_old_account = xos_db_fetch_array($my_old_account_query);
$sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()');
$admin_password = xos_db_prepare_input($_POST['admin_password']);
if (xos_not_null($admin_password)) {
$insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password));
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
}
xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
if (SEND_EMAILS == 'true') {
$email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error');
}
}
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT));
}
break;
}
}
$my_account_query = xos_db_query("select a.admin_id, a.admin_firstname, a.admin_lastname, a.admin_email_address, a.admin_created, a.admin_modified, a.admin_logdate, a.admin_lognum, g.admin_groups_name from " . TABLE_ADMIN . " a, " . TABLE_ADMIN_GROUPS . " g where a.admin_id= " . $_SESSION['login_id'] . " and g.admin_groups_id= " . $_SESSION['login_groups_id'] . "");
$myAccount = xos_db_fetch_array($my_account_query);
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require 'includes/account_check.js.php';
$decimal_point_array = $_POST['decimal_point'];
$thousands_point_array = $_POST['thousands_point'];
$code = xos_db_prepare_input($_POST['code']);
$decimal_places = xos_db_prepare_input($_POST['decimal_places']);
$value = xos_db_prepare_input($_POST['value']);
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('title' => xos_db_prepare_input(htmlspecialchars($title_array[$language_id])), 'code' => $code, 'symbol_left' => xos_db_prepare_input(htmlspecialchars($symbol_left_array[$language_id])), 'symbol_right' => xos_db_prepare_input(htmlspecialchars($symbol_right_array[$language_id])), 'decimal_point' => xos_db_prepare_input($decimal_point_array[$language_id]), 'thousands_point' => xos_db_prepare_input($thousands_point_array[$language_id]), 'decimal_places' => $decimal_places, 'value' => $value, 'last_updated' => 'now()');
if ($action == 'insert') {
$insert_sql_data = array('currencies_id' => (int) $currency_id, 'language_id' => (int) $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_CURRENCIES, $sql_data_array);
$currency_id = xos_db_insert_id();
} elseif ($action == 'save') {
xos_db_perform(TABLE_CURRENCIES, $sql_data_array, 'update', "currencies_id = '" . (int) $currency_id . "' and language_id = '" . (int) $language_id . "'");
}
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($code) . "' where configuration_key = 'DEFAULT_CURRENCY'");
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id));
break;
case 'deleteconfirm':
$currencies_id = xos_db_prepare_input($_GET['cID']);
$currency_query = xos_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . DEFAULT_CURRENCY . "'");
$currency = xos_db_fetch_array($currency_query);
if ($currency['currencies_id'] == $currencies_id) {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_CURRENCY'");
}
$orders_status_name_array = $_POST['orders_status_name'];
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('orders_status_name' => xos_db_prepare_input(htmlspecialchars($orders_status_name_array[$language_id])), 'public_flag' => isset($_POST['public_flag']) && $_POST['public_flag'] == '1' ? '1' : '0', 'downloads_flag' => isset($_POST['downloads_flag']) && $_POST['downloads_flag'] == '1' ? '1' : '0');
if ($action == 'insert') {
if (empty($orders_status_id)) {
$next_id_query = xos_db_query("select max(orders_status_id) as orders_status_id from " . TABLE_ORDERS_STATUS . "");
$next_id = xos_db_fetch_array($next_id_query);
$orders_status_id = $next_id['orders_status_id'] + 1;
}
$insert_sql_data = array('orders_status_id' => $orders_status_id, 'language_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_ORDERS_STATUS, $sql_data_array);
} elseif ($action == 'save') {
xos_db_perform(TABLE_ORDERS_STATUS, $sql_data_array, 'update', "orders_status_id = '" . (int) $orders_status_id . "' and language_id = '" . (int) $language_id . "'");
}
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($orders_status_id) . "' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
}
xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page'] . '&oID=' . $orders_status_id));
break;
case 'deleteconfirm':
$oID = xos_db_prepare_input($_GET['oID']);
$orders_status_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
$orders_status = xos_db_fetch_array($orders_status_query);
if ($orders_status['configuration_value'] == $oID) {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
}
xos_db_query("delete from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . xos_db_input($oID) . "'");
if ($oldaction == 'voucheredit') {
xos_db_perform(TABLE_COUPONS, $sql_data_array, 'update', "coupon_id='" . (int) $coupon_id . "'");
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
xos_db_query("update " . TABLE_COUPONS_DESCRIPTION . " set coupon_name = '" . xos_db_prepare_input($_POST['coupon_name'][$language_id]) . "', coupon_description = '" . xos_db_prepare_input($_POST['coupon_desc'][$language_id]) . "' where coupon_id = '" . (int) $coupon_id . "' and language_id = '" . $language_id . "'");
// xos_db_perform(TABLE_COUPONS_DESCRIPTION, $sql_data_marray[$i], 'update', "coupon_id='" . $_GET['cid']."'");
}
} else {
xos_db_perform(TABLE_COUPONS, $sql_data_array);
// to fix bug to prevent errors when adding a new voucher. This will also fix when there is no name or description in final voucher
$insert_id = xos_db_insert_id();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_marray[$i]['coupon_id'] = $insert_id;
$sql_data_marray[$i]['language_id'] = $language_id;
xos_db_perform(TABLE_COUPONS_DESCRIPTION, $sql_data_marray[$i]);
}
// }
}
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
if ($action == 'new') {
$javascript .= '<script type="text/javascript" src="' . DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/' . $_SESSION['language'] . '/jquery.ui.datepicker-language.min.js"></script>' . "\n" . '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n\n" . '$(function() {' . "\n" . ' $( "#coupon_startdate" ).datepicker({' . "\n" . ' changeMonth: true,' . "\n" . ' changeYear: true' . "\n" . ' });' . "\n\n" . ' $( "#coupon_finishdate" ).datepicker({' . "\n" . ' changeMonth: true,' . "\n" . ' changeYear: true' . "\n" . ' });' . "\n\n" . '});' . "\n\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
}
$javascript .= '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function popupImageWindow(url) {' . "\n" . ' window.open(url,"popupImageWindow","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes,copyhistory=no,width=100,height=100,screenX=150,screenY=150,top=150,left=150").focus();' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
switch ($action) {
}
}
}
$categories_or_pages_name_array = $_POST['categories_or_pages_name'];
$categories_or_pages_heading_title_array = $_POST['categories_or_pages_heading_title'];
$categories_or_pages_content_array = $_POST['categories_or_pages_content'];
$categories_or_pages_php_source_array = $_POST['categories_or_pages_php_source'];
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('categories_or_pages_name' => xos_db_prepare_input(htmlspecialchars_decode($categories_or_pages_name_array[$language_id])), 'categories_or_pages_heading_title' => xos_db_prepare_input(htmlspecialchars($categories_or_pages_heading_title_array[$language_id])), 'categories_or_pages_content' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace(' ', '', strip_tags(xos_db_prepare_input($categories_or_pages_content_array[$language_id]), '<img>'))) != '' ? xos_db_prepare_input($categories_or_pages_content_array[$language_id]) : ''), 'categories_or_pages_php_source' => xos_db_prepare_input($categories_or_pages_php_source_array[$language_id]));
if ($action == 'insert_page') {
$insert_sql_data = array('categories_or_pages_id' => $categories_or_pages_id, 'language_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_CATEGORIES_OR_PAGES_DATA, $sql_data_array);
} elseif ($action == 'update_page') {
xos_db_perform(TABLE_CATEGORIES_OR_PAGES_DATA, $sql_data_array, 'update', "categories_or_pages_id = '" . (int) $categories_or_pages_id . "' and language_id = '" . (int) $language_id . "'");
}
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_PAGES, 'cPath=' . $cPath . '&cpID=' . $categories_or_pages_id));
} else {
$reload = true;
$action = 'new_page';
}
break;
case 'delete_page_confirm':
if (isset($_POST['categories_or_pages_id'])) {
$categories_or_pages_id = xos_db_prepare_input($_POST['categories_or_pages_id']);
$pages = xos_get_page_tree($categories_or_pages_id, '', '0', '', true);
for ($i = 0, $n = sizeof($pages); $i < $n; $i++) {
xos_remove_page($pages[$i]['id']);
}
}
break;
case 'group_new':
$admin_groups_name = ucwords(strtolower(xos_db_prepare_input($_POST['admin_groups_name'])));
$name_replace = preg_replace("/ /", "%", $admin_groups_name);
if ($admin_groups_name == '' || NULL || strlen($admin_groups_name) <= 5) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET[gID] . '&gName=false&action=new_group'));
} else {
$check_groups_name_query = xos_db_query("select admin_groups_name as group_name_new from " . TABLE_ADMIN_GROUPS . " where admin_groups_name like '%" . $name_replace . "%'");
$check_duplicate = xos_db_num_rows($check_groups_name_query);
if ($check_duplicate > 0) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET['gID'] . '&gName=used&action=new_group'));
} else {
$sql_data_array = array('admin_groups_name' => $admin_groups_name);
xos_db_perform(TABLE_ADMIN_GROUPS, $sql_data_array);
$admin_groups_id = xos_db_insert_id();
$set_groups_id = xos_db_prepare_input($_POST['set_groups_id']);
$add_group_id = $set_groups_id . ',\'' . $admin_groups_id . '\'';
xos_db_query("alter table " . TABLE_ADMIN_FILES . " change admin_groups_id admin_groups_id set( " . $add_group_id . ") NOT NULL DEFAULT '1' ");
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $admin_groups_id));
}
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require 'includes/account_check.js.php';
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
$duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_BANNERS_CONTENT . " where banners_image = '" . xos_db_input($current_banners_image[$languages[$i]['id']]) . "'");
$duplicate_image = xos_db_fetch_array($duplicate_image_query);
if ($duplicate_image['total'] < 2) {
@unlink(DIR_FS_CATALOG_IMAGES . 'banners/' . $current_banners_image[$languages[$i]['id']]);
}
$current_banners_image[$languages[$i]['id']] = '';
}
$db_image = xos_not_null($banners_image->filename) ? $banners_image->filename : $current_banners_image[$languages[$i]['id']];
$sql_data_array = array('banners_title' => $banners_title[$languages[$i]['id']], 'banners_url' => $banners_url[$languages[$i]['id']], 'banners_image' => $db_image, 'banners_html_text' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace(' ', '', strip_tags($banners_html_text[$languages[$i]['id']], '<img>'))) != '' ? $banners_html_text[$languages[$i]['id']] : ''), 'banners_php_source' => $banners_php_source[$languages[$i]['id']]);
unset($banners_image->filename);
if ($action == 'insert') {
$sql_data_array['banners_id'] = $banners_id;
$sql_data_array['language_id'] = $languages[$i]['id'];
xos_db_perform(TABLE_BANNERS_CONTENT, $sql_data_array);
} elseif ($action == 'update') {
xos_db_perform(TABLE_BANNERS_CONTENT, $sql_data_array, 'update', "banners_id = '" . (int) $banners_id . "' and language_id = '" . (int) $languages[$i]['id'] . "'");
}
}
if (date('Ymd') < $expires_date) {
xos_db_query("update " . TABLE_BANNERS . " set expires_date = '" . xos_db_input($expires_date) . "', expires_impressions = NULL where banners_id = '" . (int) $banners_id . "'");
} else {
$expires_impressions < 1 ? $db_input_expires_impressions = 'expires_impressions = NULL,' : ($db_input_expires_impressions = 'expires_impressions = ' . (int) $expires_impressions . ',');
xos_db_query("update " . TABLE_BANNERS . " set " . $db_input_expires_impressions . " expires_date = NULL where banners_id = '" . (int) $banners_id . "'");
}
if (xos_not_null($date_scheduled) || xos_not_null($current_date_scheduled)) {
if (date('Ymd') >= $date_scheduled) {
// xos_db_query("update " . TABLE_BANNERS . " set date_scheduled = NULL where banners_id = '" . (int)$banners_id . "'");
xos_db_query("update " . TABLE_BANNERS . " set status = '1', date_scheduled = NULL where banners_id = '" . (int) $banners_id . "'");
} else {
xos_db_query("update " . TABLE_BANNERS . " set status = '0', date_scheduled = '" . xos_db_input($date_scheduled) . "' where banners_id = '" . (int) $banners_id . "'");
}
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
$order_attributes_array = array();
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename \n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa \n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "' \n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' \n and pa.options_id = popt.products_options_id \n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' \n and pa.options_values_id = poval.products_options_values_id \n and popt.language_id = '" . $_SESSION['languages_id'] . "' \n and poval.language_id = '" . $_SESSION['languages_id'] . "'";
$attributes = xos_db_query($attributes_query);
} else {
$attributes = xos_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'");
}
$attributes_values = xos_db_fetch_array($attributes);
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $order->products[$i]['attributes'][$j]['price'], 'options_values_price_text' => $order->products[$i]['attributes'][$j]['price'] != 0 ? $order->products[$i]['attributes'][$j]['price_formated'] : '', 'price_prefix' => $attributes_values['price_prefix']);
xos_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && xos_not_null($attributes_values['products_attributes_filename'])) {
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']);
xos_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
$options_values_price = '';
if ($attributes_values['options_values_price'] != 0) {
$attributes_options_values_price = true;
$options_values_price = $order->products[$i]['attributes'][$j]['price_formated'];
}
$order_attributes_array[] = array('option_name' => $attributes_values['products_options_name'], 'option_value_name' => $attributes_values['products_options_values_name'], 'option_price' => $options_values_price, 'option_price_prefix' => $attributes_values['price_prefix']);
}
}
//------insert customer choosen option eof ----
$tax_rate = xos_display_tax_value($order->products[$i]['tax']);
$order_products_array[] = array('qty' => $order->products[$i]['qty'], 'model' => $order->products[$i]['model'], 'name' => $order->products[$i]['name'], 'packaging_unit' => $order->products[$i]['packaging_unit'], 'tax_value' => $tax_rate, 'price' => $order->products[$i]['price_formated'], 'final_single_price' => $order->products[$i]['final_price_formated'], 'final_price' => $order->products[$i]['total_price_formated'], 'products_attributes_option_price' => $attributes_options_values_price, 'product_attributes' => $order_attributes_array);
if (isset($tax_rate)) {
$tax_rates[$tax_rate] = '1';
}
}
} else {
if (SEND_EMAILS == 'true' && xos_not_null(MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL)) {
$email_body = '$_POST:' . "\n\n";
reset($_POST);
while (list($key, $value) = each($_POST)) {
$email_body .= $key . '=' . $value . "\n";
}
$email_body .= "\n" . '$_GET:' . "\n\n";
reset($_GET);
while (list($key, $value) = each($_GET)) {
$email_body .= $key . '=' . $value . "\n";
}
$debug_email_to_store_owner = new mailer('', MODULE_PAYMENT_PAYPAL_STANDARD_DEBUG_EMAIL, 'PayPal IPN Invalid Process', '', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$debug_email_to_store_owner->send();
}
if (isset($_POST['invoice']) && is_numeric($_POST['invoice']) && $_POST['invoice'] > 0) {
$check_query = xos_db_query("select orders_id from " . TABLE_ORDERS . " where orders_id = '" . $_POST['invoice'] . "' and customers_id = '" . (int) $_POST['custom'] . "'");
if (xos_db_num_rows($check_query) > 0) {
$comment_status = $_POST['payment_status'];
if ($_POST['payment_status'] == 'Pending') {
$comment_status .= '; ' . $_POST['pending_reason'];
} elseif ($_POST['payment_status'] == 'Reversed' || $_POST['payment_status'] == 'Refunded') {
$comment_status .= '; ' . $_POST['reason_code'];
}
xos_db_query("update " . TABLE_ORDERS . " set orders_status = '" . (MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID > 0 ? MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID : DEFAULT_ORDERS_STATUS_ID) . "', last_modified = now() where orders_id = '" . $_POST['invoice'] . "'");
$sql_data_array = array('orders_id' => $_POST['invoice'], 'orders_status_id' => MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID > 0 ? MODULE_PAYMENT_PAYPAL_STANDARD_ORDER_STATUS_ID : DEFAULT_ORDERS_STATUS_ID, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN Invalid [' . $comment_status . ']');
xos_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
}
}
}
// reregister session variables
if (isset($_POST['primary']) && $_POST['primary'] == 'on') {
if (ACCOUNT_GENDER == 'true') {
$_SESSION['customer_gender'] = $gender;
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id > 0 ? (int) $zone_id : '0';
$_SESSION['customer_default_address_id'] = $new_address_book_id;
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
$sql_data_array['customers_default_address_id'] = $new_address_book_id;
xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success');
}
}
}
if (isset($_POST['primary']) && $_POST['primary'] == 'on') {
$smarty->clearAllCache();
}
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
}
}
if (isset($_GET['edit']) && is_numeric($_GET['edit'])) {
$entry_query = xos_db_query("select entry_gender, entry_company, entry_company_tax_id, entry_firstname, entry_lastname, entry_street_address, entry_suburb, entry_postcode, entry_city, entry_state, entry_zone_id, entry_country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_GET['edit'] . "'");
if (!xos_db_num_rows($entry_query)) {
$messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
$delivery_times_text_array = $_POST['delivery_times_text'];
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('delivery_times_text' => xos_db_prepare_input(htmlspecialchars($delivery_times_text_array[$language_id])), 'popup_content_id' => isset($_POST['popup_content_id']) && (int) $_POST['popup_content_id'] > 0 ? (int) $_POST['popup_content_id'] : 0);
if ($action == 'insert') {
if (empty($delivery_times_id)) {
$next_id_query = xos_db_query("select max(delivery_times_id) as delivery_times_id from " . TABLE_DELIVERY_TIMES . "");
$next_id = xos_db_fetch_array($next_id_query);
$delivery_times_id = $next_id['delivery_times_id'] + 1;
}
$insert_sql_data = array('delivery_times_id' => $delivery_times_id, 'language_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_DELIVERY_TIMES, $sql_data_array);
} elseif ($action == 'save') {
xos_db_perform(TABLE_DELIVERY_TIMES, $sql_data_array, 'update', "delivery_times_id = '" . (int) $delivery_times_id . "' and language_id = '" . (int) $language_id . "'");
}
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($delivery_times_id) . "' where configuration_key = 'DEFAULT_DELIVERY_TIMES_ID'");
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_DELIVERY_TIMES, 'page=' . $_GET['page'] . '&dID=' . $delivery_times_id));
break;
case 'deleteconfirm':
$dID = xos_db_prepare_input($_GET['dID']);
$delivery_time_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_DELIVERY_TIMES_ID'");
$delivery_time = xos_db_fetch_array($delivery_time_query);
if ($delivery_time['configuration_value'] == $dID) {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_DELIVERY_TIMES_ID'");
}
