function affiliate_insert($sql_data_array, $affiliate_parent = 0)
{
// LOCK TABLES
@mysql_query("LOCK TABLES " . TABLE_AFFILIATE . " WRITE");
if ($affiliate_parent > 0) {
$affiliate_root_query = xtc_db_query("select affiliate_root, affiliate_rgt, affiliate_lft�from " . TABLE_AFFILIATE . " where affiliate_id = '" . $affiliate_parent . "' ");
// Check if we have a parent affiliate
if ($affiliate_root_array = xtc_db_fetch_array($affiliate_root_query)) {
xtc_db_query("update " . TABLE_AFFILIATE . " SET affiliate_lft = affiliate_lft + 2 WHERE affiliate_root = '" . $affiliate_root_array['affiliate_root'] . "' and affiliate_lft > " . $affiliate_root_array['affiliate_rgt'] . " AND affiliate_rgt >= " . $affiliate_root_array['affiliate_rgt'] . " ");
xtc_db_query("update " . TABLE_AFFILIATE . " SET affiliate_rgt = affiliate_rgt + 2 WHERE affiliate_root = '" . $affiliate_root_array['affiliate_root'] . "' and affiliate_rgt >= " . $affiliate_root_array['affiliate_rgt'] . " ");
$sql_data_array['affiliate_root'] = $affiliate_root_array['affiliate_root'];
$sql_data_array['affiliate_lft'] = $affiliate_root_array['affiliate_rgt'];
$sql_data_array['affiliate_rgt'] = $affiliate_root_array['affiliate_rgt'] + 1;
xtc_db_perform(TABLE_AFFILIATE, $sql_data_array);
$affiliate_id = xtc_db_insert_id();
}
// no parent -> new root
} else {
$sql_data_array['affiliate_lft'] = '1';
$sql_data_array['affiliate_rgt'] = '2';
xtc_db_perform(TABLE_AFFILIATE, $sql_data_array);
$affiliate_id = xtc_db_insert_id();
xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_root = '" . $affiliate_id . "' where affiliate_id = '" . $affiliate_id . "' ");
}
// UNLOCK TABLES
@mysql_query("UNLOCK TABLES");
return $affiliate_id;
}
/**
* All PaymentMethods without SR: Fill table sofort_orders_notification
* @param int $sofortOrdersId - key from table sofort_orders
* @return last insert_id
* @see insertSofortOrdersNotification()
*/
function updateTimeline($sofortOrdersId, $orderStatus, $comment)
{
if (!$sofortOrdersId) {
return false;
}
$sqlDataArray = array('sofort_orders_id' => $sofortOrdersId, 'items' => '', 'amount' => 0, 'customer_comment' => $comment, 'seller_comment' => $comment, 'status_id' => 0, 'status' => $orderStatus, 'status_reason' => '', 'invoice_status' => '', 'invoice_objection' => '');
xtc_db_query(HelperFunctions::getEscapedInsertInto('sofort_orders_notification', $sqlDataArray));
return xtc_db_insert_id();
// fetch and return the last insert id
}
function CustomersUpdate()
{
global $_POST, $Lang_folder;
$customers_id = -1;
// include PW function
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
if (isset($_POST['cID'])) {
$customers_id = xtc_db_prepare_input($_POST['cID']);
}
// security check, if user = admin, dont allow to perform changes
if ($customers_id != -1) {
$sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'");
$sec_data = xtc_db_fetch_array($sec_query);
if ($sec_data['customers_status'] == 0) {
print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', '');
return;
}
}
$sql_customers_data_array = array();
if (isset($_POST['customers_cid'])) {
$sql_customers_data_array['customers_cid'] = $_POST['customers_cid'];
}
if (isset($_POST['customers_firstname'])) {
$sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_dob'])) {
$sql_customers_data_array['customers_dob'] = $_POST['customers_dob'];
}
if (isset($_POST['customers_email'])) {
$sql_customers_data_array['customers_email_address'] = $_POST['customers_email'];
}
if (isset($_POST['customers_tele'])) {
$sql_customers_data_array['customers_telephone'] = $_POST['customers_tele'];
}
if (isset($_POST['customers_fax'])) {
$sql_customers_data_array['customers_fax'] = $_POST['customers_fax'];
}
if (isset($_POST['customers_gender'])) {
$sql_customers_data_array['customers_gender'] = $_POST['customers_gender'];
}
if (file_exists('cao_custupd_1.php')) {
include 'cao_custupd_1.php';
}
if (isset($_POST['customers_password'])) {
$sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']);
}
$sql_address_data_array = array();
if (isset($_POST['customers_firstname'])) {
$sql_address_data_array['entry_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_address_data_array['entry_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_company'])) {
$sql_address_data_array['entry_company'] = $_POST['customers_company'];
}
if (isset($_POST['customers_street'])) {
$sql_address_data_array['entry_street_address'] = $_POST['customers_street'];
}
if (isset($_POST['customers_city'])) {
$sql_address_data_array['entry_city'] = $_POST['customers_city'];
}
if (isset($_POST['customers_postcode'])) {
$sql_address_data_array['entry_postcode'] = $_POST['customers_postcode'];
}
if (isset($_POST['customers_gender'])) {
$sql_address_data_array['entry_gender'] = $_POST['customers_gender'];
}
if (isset($_POST['customers_country_id'])) {
$country_code = $_POST['customers_country_id'];
}
$country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1";
$country_result = xtc_db_query($country_query);
$row = xtc_db_fetch_array($country_result);
$sql_address_data_array['entry_country_id'] = $row['countries_id'];
$count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1");
$check = xtc_db_fetch_array($count_query);
if ($check['count'] > 0) {
$mode = 'UPDATE';
$address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1");
$customer = xtc_db_fetch_array($address_book_result);
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1");
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1");
xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1");
} else {
$mode = 'APPEND';
if (strlen($_POST['customers_password']) == 0) {
// generate PW if empty
$pw = xtc_RandomString(8);
$sql_customers_data_array['customers_password'] = xtc_create_password($pw);
} else {
$pw = $_POST['customers_password'];
}
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array);
$customers_id = xtc_db_insert_id();
$sql_address_data_array['customers_id'] = $customers_id;
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array);
$address_id = xtc_db_insert_id();
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'");
//JP20080401
if (!isset($_POST['customers_price_level'])) {
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'");
}
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())");
}
if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') {
// generate mail for customer if customer=new
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
require_once DIR_FS_INC . 'xtc_add_tax.inc.php';
require_once DIR_FS_INC . 'xtc_not_null.inc.php';
require_once DIR_FS_INC . 'xtc_href_link.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
require_once DIR_FS_INC . 'xtc_check_agent.inc.php';
require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php';
//JP 20080102
$smarty = new Smarty();
//$smarty->assign('language', $check_status['language']);
$smarty->assign('language', $Lang_folder);
$smarty->caching = false;
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
//BOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/');
//$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/');
//EOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']);
$smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']);
$smarty->assign('PASSWORD', $pw);
//$smarty->assign('language', $Lang_folder);
$smarty->assign('content', $module_content);
$smarty->caching = false;
$html_mail = $smarty->fetch('db:create_account_mail_admin.html');
$txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
// send mail with html/txt template
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
}
print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id);
}
}
if ($_POST['products_id']) {
$affiliate_products_id = $_POST['products_id'];
}
if ($_GET['affiliate_banner_id']) {
$affiliate_banner_id = $_GET['affiliate_banner_id'];
}
if ($_POST['affiliate_banner_id']) {
$affiliate_banner_id = $_POST['affiliate_banner_id'];
}
if (!$link_to) {
$link_to = "0";
}
$sql_data_array = array('affiliate_id' => $_SESSION['affiliate_ref'], 'affiliate_clientdate' => $affiliate_clientdate, 'affiliate_clientbrowser' => $affiliate_clientbrowser, 'affiliate_clientip' => $affiliate_clientip, 'affiliate_clientreferer' => $affiliate_clientreferer, 'affiliate_products_id' => $affiliate_products_id, 'affiliate_banner_id' => $affiliate_banner_id);
xtc_db_perform(TABLE_AFFILIATE_CLICKTHROUGHS, $sql_data_array);
$_SESSION['affiliate_clickthroughs_id'] = xtc_db_insert_id();
// Banner has been clicked, update stats:
if ($affiliate_banner_id && $_SESSION['affiliate_ref']) {
$today = date('Y-m-d');
$sql = "select * from " . TABLE_AFFILIATE_BANNERS_HISTORY . " where affiliate_banners_id = '" . $affiliate_banner_id . "' and affiliate_banners_affiliate_id = '" . $_SESSION['affiliate_ref'] . "' and affiliate_banners_history_date = '" . $today . "'";
$banner_stats_query = xtc_db_query($sql);
// Banner has been shown today
if (xtc_db_fetch_array($banner_stats_query)) {
xtc_db_query("update " . TABLE_AFFILIATE_BANNERS_HISTORY . " set affiliate_banners_clicks = affiliate_banners_clicks + 1 where affiliate_banners_id = '" . $affiliate_banner_id . "' and affiliate_banners_affiliate_id = '" . $_SESSION['affiliate_ref'] . "' and affiliate_banners_history_date = '" . $today . "'");
// Initial entry if banner has not been shown
} else {
$sql_data_array = array('affiliate_banners_id' => $affiliate_banner_id, 'affiliate_banners_products_id' => $affiliate_products_id, 'affiliate_banners_affiliate_id' => $_SESSION['affiliate_ref'], 'affiliate_banners_clicks' => '1', 'affiliate_banners_history_date' => $today);
xtc_db_perform(TABLE_AFFILIATE_BANNERS_HISTORY, $sql_data_array);
}
}
// Set Cookie if the customer comes back and orders it counts
xtc_db_query("delete from " . TABLE_ZONES_TO_GEO_ZONES . " where association_id = '" . xtc_db_input($sID) . "'");
xtc_redirect(xtc_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&action=list&spage=' . $_GET['spage']));
break;
}
switch ($_GET['action']) {
case 'insert_zone':
$error = array();
$geo_zone_name = xtc_db_prepare_input($_POST['geo_zone_name']);
$geo_zone_description = xtc_db_prepare_input($_POST['geo_zone_description']);
$check_if_name_exist = xtc_db_find_database_field(TABLE_GEO_ZONES, 'geo_zone_name', $geo_zone_name, 'geo_zone_name');
if (!$geo_zone_name || $check_if_name_exist) {
$error[] = ERROR_TEXT_NAME;
}
if (empty($error)) {
xtc_db_query("insert into " . TABLE_GEO_ZONES . " (geo_zone_name, geo_zone_description, date_added) values ('" . xtc_db_input($geo_zone_name) . "', '" . xtc_db_input($geo_zone_description) . "', now())");
$new_zone_id = xtc_db_insert_id();
xtc_redirect(xtc_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id));
} else {
$_SESSION['repopulate_form'] = $_REQUEST;
$_SESSION['errors'] = $error;
xtc_redirect(xtc_href_link(FILENAME_GEO_ZONES, 'page=' . $_GET['page'] . '&action=new_zone&errors=1'));
}
break;
case 'save_zone':
$error = array();
$zID = xtc_db_prepare_input($_GET['zID']);
$geo_zone_name = xtc_db_prepare_input($_POST['geo_zone_name']);
$geo_zone_description = xtc_db_prepare_input($_POST['geo_zone_description']);
$check_if_name_exist = xtc_db_find_database_field(TABLE_GEO_ZONES, 'geo_zone_name', $geo_zone_name);
if (!$geo_zone_name || $check_if_name_exist) {
if ($check_if_name_exist['geo_zone_id'] != $zID) {
/**
* insert article in shop order (e.g. during an undo operation)
* @param object $sofortItem
* @param int $ordersId
* @param string $lng
*/
protected function _insertShopOrderArticle($sofortItem, $ordersId, $lng)
{
$itemId = $sofortItem->itemId;
$splitItemId = explode('{', $itemId);
$productId = $splitItemId[0];
if (count($splitItemId) == '1') {
$hasAttributes = false;
} else {
$hasAttributes = true;
for ($i = 1; $i < count($splitItemId); ++$i) {
$attrId = explode('}', $splitItemId[$i]);
$attributes[] = array('optionsId' => $attrId[0], 'optionsValuesId' => $attrId[1]);
}
}
$data = array('orders_id' => $ordersId, 'products_id' => $productId, 'products_model' => $sofortItem->productNumber, 'products_name' => HelperFunctions::convertEncoding($sofortItem->title, 2), 'products_price' => $sofortItem->unitPrice, 'final_price' => $sofortItem->unitPrice * $sofortItem->quantity, 'products_tax' => $sofortItem->tax, 'products_quantity' => $sofortItem->quantity, 'allow_tax' => '1');
shopDbPerform(TABLE_ORDERS_PRODUCTS, $data);
$insertId = xtc_db_insert_id();
shopDbQuery('UPDATE sofort_products SET orders_products_id ="' . $insertId . '" WHERE orders_id = "' . $ordersId . '" AND item_id = "' . $itemId . '"');
if ($hasAttributes) {
$lngId = shopDbFetchArray(shopDbQuery("SELECT languages_id FROM " . TABLE_LANGUAGES . " WHERE code = '" . $lng . "'"));
foreach ($attributes as $attribute) {
$queryTpa = shopDbQuery("SELECT options_values_price, price_prefix FROM " . TABLE_PRODUCTS_ATTRIBUTES . " WHERE products_id ='" . $productId . "' AND options_id = '" . $attribute['optionsId'] . "' AND options_values_id ='" . $attribute['optionsValuesId'] . "'");
$resultTpa = shopDbFetchArray($queryTpa);
$queryTpo = shopDbQuery("SELECT products_options_name FROM " . TABLE_PRODUCTS_OPTIONS . " WHERE products_options_id = '" . $attribute['optionsId'] . "' AND language_id = '" . $lngId['languages_id'] . "'");
$resultTpo = shopDbFetchArray($queryTpo);
$queryTpov = shopDbQuery("SELECT products_options_values_name FROM " . TABLE_PRODUCTS_OPTIONS_VALUES . " WHERE products_options_values_id = '" . $attribute['optionsValuesId'] . "' AND language_id = '" . $lngId['languages_id'] . "'");
$resultTpov = shopDbFetchArray($queryTpov);
$data = array('orders_id' => $ordersId, 'orders_products_id' => $insertId, 'products_options' => $resultTpo['products_options_name'], 'products_options_values' => $resultTpov['products_options_values_name'], 'options_values_price' => $resultTpa['options_values_price'], 'price_prefix' => $resultTpa['price_prefix']);
shopDbPerform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $data);
}
}
}
}
if (!$campaigns_name || $check_if_name_exist) {
if ($_GET['action'] == 'save') {
if ($check_if_name_exist['campaigns_id'] != $campaigns_id) {
$error[] = ERROR_TEXT_NAME;
}
} else {
$error[] = ERROR_TEXT_NAME;
}
}
if (empty($error)) {
if ($_GET['action'] == 'insert') {
$insert_sql_data = array('date_added' => 'now()');
$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_CAMPAIGNS, $sql_data_array);
$campaigns_id = xtc_db_insert_id();
} elseif ($_GET['action'] == 'save') {
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
xtc_db_perform(TABLE_CAMPAIGNS, $sql_data_array, 'update', "campaigns_id = '" . xtc_db_input($campaigns_id) . "'");
}
xtc_redirect(xtc_href_link(FILENAME_CAMPAIGNS, 'page=' . $_GET['page'] . '&cID=' . $campaigns_id));
} else {
$_SESSION['repopulate_form'] = $_REQUEST;
$_SESSION['errors'] = $error;
xtc_redirect(xtc_href_link(FILENAME_CAMPAIGNS, 'page=' . $_GET['page'] . '&cID=' . $campaigns_id . '&action=' . $url_action . '&errors=1'));
}
break;
case 'deleteconfirm':
$campaigns_id = xtc_db_prepare_input($_GET['cID']);
xtc_db_query("delete from " . TABLE_CAMPAIGNS . " where campaigns_id = '" . xtc_db_input($campaigns_id) . "'");
/**
* Handle the result from the reserveAmount call
*
* @param string $option payment option
* @param array $result response array
* @param string $country country
*
* @return void
*/
private function _handleResponse($option, $result, $country)
{
global $order, $customer_id, $sendto, $billto;
$link_db = xtc_db_connect();
switch ($option) {
case KiTT::PART:
$module = "MODULE_PAYMENT_KLARNA_PARTPAYMENT";
break;
case KiTT::SPEC:
$module = "MODULE_PAYMENT_KLARNA_SPECCAMP";
break;
case KiTT::INVOICE:
$module = "MODULE_PAYMENT_KLARNA_INVOICE";
break;
}
$orderStatusQuery = null;
$orderStatusId = (int) constant("{$module}_ORDER_STATUS_PENDING_ID");
if ($result[1] == KlarnaFlags::PENDING && $orderStatusId > 0) {
$orderStatusQuery = $this->_klarnaDB->query("SELECT orders_status_name FROM " . TABLE_ORDERS_STATUS . " WHERE orders_status_id = {$orderStatusId}");
} else {
$orderStatusId = (int) constant("{$module}_ORDER_STATUS_ID");
$orderStatusQuery = $this->_klarnaDB->query("SELECT orders_status_name FROM " . TABLE_ORDERS_STATUS . " WHERE orders_status_id = {$orderStatusId}");
}
$orderStatus = $orderStatusQuery->getArray();
$_SESSION['klarna_orderstatus'] = $orderStatus['orders_status_name'];
// insert address in address book to get correct address in
// confirmation mail (or fetch correct address from address book
// if it exists)
$q = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '{$country}'";
$check_country_query = $this->_klarnaDB->query($q);
$check_country = $check_country_query->getArray();
$cid = $check_country['countries_id'];
$q = "SELECT address_book_id FROM " . TABLE_ADDRESS_BOOK . " WHERE customers_id = '" . (int) $customer_id . "' AND entry_firstname = '" . mysqli_real_escape_string($link_db, $order->delivery['firstname']) . "' AND entry_lastname = '" . mysqli_real_escape_string($link_db, $order->delivery['lastname']) . "' AND entry_street_address = '" . mysqli_real_escape_string($link_db, $order->delivery['street_address']) . "' AND entry_postcode = '" . mysqli_real_escape_string($link_db, $order->delivery['postcode']) . "' AND entry_city = '" . mysqli_real_escape_string($link_db, $order->delivery['city']) . "' AND entry_company = '" . mysqli_real_escape_string($link_db, $order->delivery['company']) . "'";
$check_address_query = $this->_klarnaDB->query($q);
$check_address = $check_address_query->getArray();
if (is_array($check_address) && $check_address_query->count() > 0) {
$sendto = $billto = $check_address['address_book_id'];
} else {
$sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $order->delivery['firstname'], 'entry_lastname' => $order->delivery['lastname'], 'entry_company' => $order->delivery['company'], 'entry_street_address' => $order->delivery['street_address'], 'entry_postcode' => $order->delivery['postcode'], 'entry_city' => $order->delivery['city'], 'entry_country_id' => $cid);
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$sendto = $billto = xtc_db_insert_id();
}
$_SESSION['klarna_refno'] = $result[0];
}
//BOC - web28 - 2012-04-08 - set order addresses to customers default address
$customers_query = xtc_db_query("SELECT * FROM " . TABLE_ADDRESS_BOOK . "\n WHERE customers_id = '" . (int) $_GET['cID'] . "'\n AND address_book_id = '" . (int) $customers1['customers_default_address_id'] . "'\n ");
//EOC - web28 - 2012-04-08 - set order addresses to customers default address
//TODO set order addresses to last orders addresses (customers, delivery, billing)
$customers = xtc_db_fetch_array($customers_query);
//BOF - web28 - 2011-06-10 add missing iso_code2
$country_query = xtc_db_query("SELECT countries_name,\n countries_iso_code_2,\n address_format_id\n FROM " . TABLE_COUNTRIES . "\n WHERE countries_id = '" . (int) $customers['entry_country_id'] . "'");
//EOF - web28 - 2011-06-10 add missing iso_code2
$country = xtc_db_fetch_array($country_query);
$stat_query = xtc_db_query("SELECT * FROM " . TABLE_CUSTOMERS_STATUS . " WHERE customers_status_id = '" . (int) $customers1['customers_status'] . "' ");
$stat = xtc_db_fetch_array($stat_query);
// BOF - DokuMan - 2009-05-22 - BUGFIX: first and last name were not saved when creating manual orders
$sql_data_array = array('customers_id' => xtc_db_prepare_input($customers['customers_id']), 'customers_cid' => xtc_db_prepare_input($customers1['customers_cid']), 'customers_vat_id' => xtc_db_prepare_input($customers1['customers_vat_id']), 'customers_status' => xtc_db_prepare_input($customers1['customers_status']), 'customers_status_name' => xtc_db_prepare_input($stat['customers_status_name']), 'customers_status_image' => xtc_db_prepare_input($stat['customers_status_image']), 'customers_status_discount' => xtc_db_prepare_input($stat['customers_status_discount']), 'customers_name' => xtc_db_prepare_input($customers['entry_firstname'] . ' ' . $customers['entry_lastname']), 'customers_lastname' => xtc_db_prepare_input($customers['entry_lastname']), 'customers_firstname' => xtc_db_prepare_input($customers['entry_firstname']), 'customers_company' => xtc_db_prepare_input($customers['entry_company']), 'customers_street_address' => xtc_db_prepare_input($customers['entry_street_address']), 'customers_suburb' => xtc_db_prepare_input($customers['entry_suburb']), 'customers_city' => xtc_db_prepare_input($customers['entry_city']), 'customers_postcode' => xtc_db_prepare_input($customers['entry_postcode']), 'customers_state' => xtc_db_prepare_input($customers['entry_state']), 'customers_country' => xtc_db_prepare_input($country['countries_name']), 'customers_telephone' => xtc_db_prepare_input($customers1['customers_telephone']), 'customers_email_address' => xtc_db_prepare_input($customers1['customers_email_address']), 'customers_address_format_id' => xtc_db_prepare_input($country['address_format_id']), 'delivery_name' => xtc_db_prepare_input($customers['entry_firstname'] . ' ' . $customers['entry_lastname']), 'delivery_lastname' => xtc_db_prepare_input($customers['entry_lastname']), 'delivery_firstname' => xtc_db_prepare_input($customers['entry_firstname']), 'delivery_company' => xtc_db_prepare_input($customers['entry_company']), 'delivery_street_address' => xtc_db_prepare_input($customers['entry_street_address']), 'delivery_suburb' => xtc_db_prepare_input($customers['entry_suburb']), 'delivery_city' => xtc_db_prepare_input($customers['entry_city']), 'delivery_postcode' => xtc_db_prepare_input($customers['entry_postcode']), 'delivery_state' => xtc_db_prepare_input($customers['entry_state']), 'delivery_country' => xtc_db_prepare_input($country['countries_name']), 'delivery_country_iso_code_2' => xtc_db_prepare_input($country['countries_iso_code_2']), 'delivery_address_format_id' => xtc_db_prepare_input($country['address_format_id']), 'billing_name' => xtc_db_prepare_input($customers['entry_firstname'] . ' ' . $customers['entry_lastname']), 'billing_lastname' => xtc_db_prepare_input($customers['entry_lastname']), 'billing_firstname' => xtc_db_prepare_input($customers['entry_firstname']), 'billing_company' => xtc_db_prepare_input($customers['entry_company']), 'billing_street_address' => xtc_db_prepare_input($customers['entry_street_address']), 'billing_suburb' => xtc_db_prepare_input($customers['entry_suburb']), 'billing_city' => xtc_db_prepare_input($customers['entry_city']), 'billing_postcode' => xtc_db_prepare_input($customers['entry_postcode']), 'billing_state' => xtc_db_prepare_input($customers['entry_state']), 'billing_country' => xtc_db_prepare_input($country['countries_name']), 'billing_country_iso_code_2' => xtc_db_prepare_input($country['countries_iso_code_2']), 'billing_address_format_id' => xtc_db_prepare_input($country['address_format_id']), 'payment_method' => 'cod', 'comments' => '', 'last_modified' => 'now()', 'date_purchased' => 'now()', 'orders_status' => '1', 'orders_date_finished' => '', 'currency' => DEFAULT_CURRENCY, 'currency_value' => '1.0000', 'account_type' => '0', 'payment_class' => 'cod', 'shipping_method' => MODULE_SHIPPING_FLAT_TEXT_TITLE, 'shipping_class' => 'flat_flat', 'customers_ip' => '', 'language' => $_SESSION['language']);
// EOF - DokuMan - 2009-05-22 - BUGFIX: first and last name were not saved when creating manual orders
xtc_db_perform(TABLE_ORDERS, $sql_data_array);
$orders_id = xtc_db_insert_id();
//BOC - Web28 - 2012-02-26 - BUGFIX: Use Session language
require_once DIR_FS_LANGUAGES . $_SESSION['language'] . '/modules/order_total/ot_total.php';
$sql_data_array = array('orders_id' => (int) $orders_id, 'title' => MODULE_ORDER_TOTAL_TOTAL_TITLE . ':', 'text' => '0', 'value' => '0', 'class' => 'ot_total');
//EOC - Web28 - 2012-02-26 - BUGFIX: Use Session language
$insert_sql_data = array('sort_order' => MODULE_ORDER_TOTAL_TOTAL_SORT_ORDER);
$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
//BOC - Web28 - 2012-02-26 - BUGFIX: Use Session language
require_once DIR_FS_LANGUAGES . $_SESSION['language'] . '/modules/order_total/ot_subtotal.php';
$sql_data_array = array('orders_id' => (int) $orders_id, 'title' => '<b>' . MODULE_ORDER_TOTAL_SUBTOTAL_TITLE . '</b>:', 'text' => '0', 'value' => '0', 'class' => 'ot_subtotal');
//EOC - Web28 - 2012-02-26 - BUGFIX: Use Session language
$insert_sql_data = array('sort_order' => MODULE_ORDER_TOTAL_SUBTOTAL_SORT_ORDER);
$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
xtc_redirect(xtc_href_link(FILENAME_ORDERS, 'oID=' . (int) $orders_id . '&action=edit'));
$affiliate_banner_error = true;
$_GET['action'] = 'new';
} else {
$image_location = DIR_FS_CATALOG_IMAGES . $_FILES['affiliate_banners_image']['name'];
move_uploaded_file($_FILES['affiliate_banners_image']['tmp_name'], $image_location);
@chmod($image_location, 0644);
$db_image_location = $_FILES['affiliate_banners_image']['name'];
if (!$affiliate_products_id) {
$affiliate_products_id = "0";
}
$sql_data_array = array('affiliate_banners_title' => $affiliate_banners_title, 'affiliate_products_id' => $affiliate_products_id, 'affiliate_banners_image' => $db_image_location, 'affiliate_banners_group' => $affiliate_banners_group);
if ($_GET['action'] == 'insert') {
$insert_sql_data = array('affiliate_date_added' => 'now()', 'affiliate_status' => '1');
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_AFFILIATE_BANNERS, $sql_data_array);
$affiliate_banners_id = xtc_db_insert_id();
// Banner ID 1 is generic Product Banner
if ($affiliate_banners_id == 1) {
xtc_db_query("update " . TABLE_AFFILIATE_BANNERS . " set affiliate_banners_id = affiliate_banners_id + 1");
}
$messageStack->add_session(SUCCESS_BANNER_INSERTED, 'success');
} elseif ($_GET['action'] == 'update') {
$insert_sql_data = array('affiliate_date_status_change' => 'now()');
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_AFFILIATE_BANNERS, $sql_data_array, 'update', 'affiliate_banners_id = \'' . $affiliate_banners_id . '\'');
$messageStack->add_session(SUCCESS_BANNER_UPDATED, 'success');
}
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_BANNER_MANAGER, 'page=' . $_GET['page'] . '&abID=' . $affiliate_banners_id));
}
}
break;
$affiliate_billing_query = xtc_db_query($sql);
$affiliate_billing = xtc_db_fetch_array($affiliate_billing_query);
// Get affiliate Informations
$sql = "\n SELECT a.*, c.countries_id, c.countries_name, c.countries_iso_code_2, c.countries_iso_code_3, c.address_format_id \n from " . TABLE_AFFILIATE . " a \n left join " . TABLE_ZONES . " z on (a.affiliate_zone_id = z.zone_id) \n left join " . TABLE_COUNTRIES . " c on (a.affiliate_country_id = c.countries_id)\n WHERE affiliate_id = '" . $affiliate_payment['affiliate_id'] . "' \n ";
$affiliate_query = xtc_db_query($sql);
$affiliate = xtc_db_fetch_array($affiliate_query);
// Get need tax informations for the affiliate
$affiliate_tax_rate = xtc_get_affiliate_tax_rate(AFFILIATE_TAX_ID, $affiliate['affiliate_country_id'], $affiliate['affiliate_zone_id']);
$affiliate_tax = xtc_round($affiliate_billing['affiliate_payment'] * $affiliate_tax_rate / 100, 2);
// Netto-Provision
$affiliate_payment_total = $affiliate_billing['affiliate_payment'];
// Bill the order
$affiliate['affiliate_state'] = xtc_get_zone_code($affiliate['affiliate_country_id'], $affiliate['affiliate_zone_id'], $affiliate['affiliate_state']);
$sql_data_array = array('affiliate_id' => $affiliate_payment['affiliate_id'], 'affiliate_payment' => $affiliate_billing['affiliate_payment'] - $affiliate_tax, 'affiliate_payment_tax' => $affiliate_tax, 'affiliate_payment_total' => $affiliate_payment_total, 'affiliate_payment_date' => 'now()', 'affiliate_payment_status' => '0', 'affiliate_firstname' => $affiliate['affiliate_firstname'], 'affiliate_lastname' => $affiliate['affiliate_lastname'], 'affiliate_street_address' => $affiliate['affiliate_street_address'], 'affiliate_suburb' => $affiliate['affiliate_suburb'], 'affiliate_city' => $affiliate['affiliate_city'], 'affiliate_country' => $affiliate['countries_name'], 'affiliate_postcode' => $affiliate['affiliate_postcode'], 'affiliate_company' => $affiliate['affiliate_company'], 'affiliate_state' => $affiliate['affiliate_state'], 'affiliate_address_format_id' => $affiliate['address_format_id']);
xtc_db_perform(TABLE_AFFILIATE_PAYMENT, $sql_data_array);
$insert_id = xtc_db_insert_id();
// Set the Sales to Final State
xtc_db_query("update " . TABLE_AFFILIATE_SALES . " set affiliate_payment_id = '" . $insert_id . "', affiliate_billing_status = 1, affiliate_payment_date = now() where affiliate_id = '" . $affiliate_payment['affiliate_id'] . "' and affiliate_billing_status = 99");
// Notify Affiliate
if (AFFILIATE_NOTIFY_AFTER_BILLING == 'true') {
$check_status_query = xtc_db_query("select af.affiliate_email_address, ap.affiliate_lastname, ap.affiliate_firstname, ap.affiliate_payment_status, ap.affiliate_payment_date, ap.affiliate_payment_date from " . TABLE_AFFILIATE_PAYMENT . " ap, " . TABLE_AFFILIATE . " af where affiliate_payment_id = '" . $insert_id . "' and af.affiliate_id = ap.affiliate_id ");
$check_status = xtc_db_fetch_array($check_status_query);
$email = STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_AFFILIATE_PAYMENT_NUMBER . ' ' . $insert_id . "\n" . EMAIL_TEXT_INVOICE_URL . ' ' . xtc_catalog_href_link(FILENAME_CATALOG_AFFILIATE_PAYMENT_INFO, 'payment_id=' . $insert_id, 'SSL') . "\n" . EMAIL_TEXT_PAYMENT_BILLED . ' ' . xtc_date_long($check_status['affiliate_payment_date']) . "\n\n" . EMAIL_TEXT_NEW_PAYMENT;
xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, EMAIL_SUPPORT_NAME, $check_status['affiliate_email_address'], $check_status['affiliate_firstname'] . ' ' . $check_status['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_TEXT_SUBJECT, nl2br($email), $email);
}
}
$messageStack->add_session(SUCCESS_BILLING, 'success');
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'update_payment':
$pID = xtc_db_prepare_input($_GET['pID']);
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = $state;
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
//SWITCH shipping/payment
switch ($checkout_page) {
case 'shipping':
$_SESSION['sendto'] = xtc_db_insert_id();
xtc_redirect(xtc_href_link($link_checkout_shipping, $params, 'SSL'));
break;
case 'payment':
$_SESSION['billto'] = xtc_db_insert_id();
if (isset($_SESSION['payment']) && !isset($_SESSION['paypal']['PayerID'])) {
unset($_SESSION['payment']);
}
xtc_redirect(xtc_href_link($link_checkout_payment, $params, 'SSL'));
break;
}
}
function duplicate_product($src_products_id, $dest_categories_id)
{
$src_products_id = (int) $src_products_id;
$dest_categories_id = (int) $dest_categories_id;
//get data
$product_query = xtc_db_query("SELECT * FROM " . TABLE_PRODUCTS . "\n WHERE products_id = '" . $src_products_id . "'");
$product = xtc_db_fetch_array($product_query);
if ($dest_categories_id == 0) {
$startpage = 1;
$products_status = 1;
} else {
$startpage = 0;
$products_status = $product['products_status'];
}
//copy data
$sql_data_array = $product;
//set new data (overrides)
unset($sql_data_array['products_id']);
$sql_data_array['products_startpage'] = $startpage;
$sql_data_array['products_date_added'] = 'now()';
$sql_data_array['products_status'] = $products_status;
//get customers statuses and set group_permissions
//not needed, because group_permissions are in $sql_data_array
//write data to DB
xtc_db_perform(TABLE_PRODUCTS, $sql_data_array);
//get duplicate id
$dup_products_id = xtc_db_insert_id();
//duplicate image if there is one
if ($product['products_image'] != '') {
//build new image_name for duplicate
$pname_arr = explode('.', $product['products_image']);
$nsuffix = array_pop($pname_arr);
$dup_products_image_name = $dup_products_id . '_0' . '.' . $nsuffix;
//write to DB
xtc_db_query("UPDATE " . TABLE_PRODUCTS . " SET products_image = '" . $dup_products_image_name . "' WHERE products_id = '" . $dup_products_id . "'");
@copy(DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $dup_products_image_name);
@copy(DIR_FS_CATALOG_INFO_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_INFO_IMAGES . '/' . $dup_products_image_name);
@copy(DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $dup_products_image_name);
@copy(DIR_FS_CATALOG_POPUP_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_POPUP_IMAGES . '/' . $dup_products_image_name);
//h-h-h - 2011-01-27 - set file rights
$this->set_products_images_file_rights($dup_products_image_name);
} else {
unset($dup_products_image_name);
}
//get description data
$description_query = xtc_db_query("SELECT * FROM " . TABLE_PRODUCTS_DESCRIPTION . "\n WHERE products_id = '" . $src_products_id . "'");
$old_products_id = $src_products_id;
while ($description = xtc_db_fetch_array($description_query)) {
//copy description data
$sql_data_array = $description;
//set description data (overrides)
$sql_data_array['products_id'] = $dup_products_id;
$sql_data_array['products_viewed'] = 0;
//write description data to DB
xtc_db_perform(TABLE_PRODUCTS_DESCRIPTION, $sql_data_array);
}
xtc_db_query("INSERT INTO " . TABLE_PRODUCTS_TO_CATEGORIES . "\n SET products_id = '" . $dup_products_id . "',\n categories_id = '" . $dest_categories_id . "'");
//mo_images by Novalis@eXanto.de
$mo_images = xtc_get_products_mo_images($src_products_id);
if (is_array($mo_images)) {
foreach ($mo_images as $dummy => $mo_img) {
//build new image_name for duplicate
$pname_arr = explode('.', $mo_img['image_name']);
$nsuffix = array_pop($pname_arr);
$dup_products_image_name = $dup_products_id . '_' . $mo_img['image_nr'] . '.' . $nsuffix;
//copy org images to duplicate
@copy(DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $dup_products_image_name);
@copy(DIR_FS_CATALOG_INFO_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_INFO_IMAGES . '/' . $dup_products_image_name);
@copy(DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $dup_products_image_name);
@copy(DIR_FS_CATALOG_POPUP_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_POPUP_IMAGES . '/' . $dup_products_image_name);
// h-h-h - 2011-01-27 - set file rights
$this->set_products_images_file_rights($dup_products_image_name);
//write to DB
xtc_db_query("INSERT INTO " . TABLE_PRODUCTS_IMAGES . "\n SET products_id = '" . $dup_products_id . "',\n image_nr = '" . $mo_img['image_nr'] . "',\n\t\t\t\t\t\t\t\t\t\t\t image_title = '" . $mo_img['image_title'] . "',\n\t\t\t\t\t\t\t\t\t\t\t image_alt = '" . $mo_img['image_alt'] . "',\n image_name = '" . $dup_products_image_name . "'");
}
}
//mo_images EOF
$products_id = $dup_products_id;
$group_query = xtc_db_query("SELECT customers_status_id FROM " . TABLE_CUSTOMERS_STATUS . "\n WHERE language_id = '" . (int) $_SESSION['languages_id'] . "'\n AND customers_status_id != '0'");
$i = 0;
while ($group_values = xtc_db_fetch_array($group_query)) {
// load data into array
$i++;
$group_data[$i] = array('STATUS_ID' => $group_values['customers_status_id']);
}
for ($col = 0, $n = sizeof($group_data); $col < $n + 1; $col++) {
if ($group_data[$col]['STATUS_ID'] != '') {
$copy_query = xtc_db_query("SELECT quantity,\n personal_offer\n FROM personal_offers_by_customers_status_" . $group_data[$col]['STATUS_ID'] . "\n WHERE products_id = '" . $old_products_id . "'");
while ($copy_data = xtc_db_fetch_array($copy_query)) {
xtc_db_query("INSERT INTO personal_offers_by_customers_status_" . $group_data[$col]['STATUS_ID'] . "\n SET price_id = '',\n products_id = '" . $products_id . "',\n quantity = '" . $copy_data['quantity'] . "',\n personal_offer = '" . $copy_data['personal_offer'] . "'");
}
}
}
//dublicate products attributes
if (isset($_POST['attr_copy']) && $_POST['attr_copy'] == 'attr_copy') {
$attribute_copy_query = xtc_db_query("SELECT *\n FROM products_attributes\n WHERE products_id = '" . $old_products_id . "'\n ");
while ($attribute_copy_data = xtc_db_fetch_array($attribute_copy_query)) {
$sql_data_array = $attribute_copy_data;
//set attributes data (overrides)
unset($sql_data_array['products_attributes_id']);
$sql_data_array['products_id'] = $dup_products_id;
//write attributes data to DB
xtc_db_perform(TABLE_PRODUCTS_ATTRIBUTES, $sql_data_array);
}
}
}
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('install_admin_step', ENTRY_PASSWORD_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add('install_admin_step', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($error == false) {
$first_admin_check_query = xtc_db_query("SELECT customers_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = 1 ");
if (xtc_db_num_rows($first_admin_check_query) > 0) {
xtc_db_query("insert into " . TABLE_CUSTOMERS . " (\n customers_status,\n customers_firstname,\n customers_lastname,\n customers_gender,\n customers_email_address,\n customers_telephone,\n customers_password,\n delete_user) VALUES\n ('0',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($gender) . "',\n '" . xtc_db_input($email_address) . "',\n '" . xtc_db_input($telephone) . "',\n '" . xtc_encrypt_password($password) . "',\n '0')");
$admin_id = xtc_db_insert_id();
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('" . $admin_id . "','','','now()','','')");
xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('" . $admin_id . "',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )");
// admin address connection
$address_book_id = xtc_db_insert_id();
xtc_db_query("UPDATE customers SET customers_default_address_id = '" . $address_book_id . "' WHERE customers_id = '" . $admin_id . "' ");
// customers_status
xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('" . $admin_id . "');");
$aa_spalten_qry = xtc_db_query("SHOW COLUMNS FROM admin_access");
while ($aa_spalten = xtc_db_fetch_array($aa_spalten_qry)) {
if ($aa_spalten['Type'] == 'int(1)') {
xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '1' WHERE customers_id = '" . $admin_id . "'");
}
}
xtc_redirect(xtc_href_link('install_additional_admins.php', '', 'NONSSL'));
} else {
xtc_db_query("insert into " . TABLE_CUSTOMERS . " (\n customers_id,\n customers_status,\n customers_firstname,\n customers_lastname,\n customers_gender,\n customers_email_address,\n customers_default_address_id,\n customers_telephone,\n customers_password,\n delete_user) VALUES\n ('1',\n '0',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($gender) . "',\n '" . xtc_db_input($email_address) . "',\n '1',\n '" . xtc_db_input($telephone) . "',\n '" . xtc_encrypt_password($password) . "',\n '0')");
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('1','','','now()','','')");
xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('1',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )");
// customers_status
}
}
$customers_statuses_array = xtc_get_customers_statuses();
if (strstr($group_ids, 'c_all_group')) {
$group_ids = 'c_all_group,';
for ($i = 0; $n = sizeof($customers_statuses_array), $i < $n; $i++) {
$group_ids .= 'c_' . $customers_statuses_array[$i]['id'] . '_group,';
}
}
$sql_data_array = array('products_id' => $product, 'group_ids' => $group_ids, 'content_name' => $content_title, 'content_file' => $content_file_name, 'content_link' => $content_link, 'file_comment' => $file_comment, 'languages_id' => $content_language);
if ($id == 'update_product') {
xtc_db_perform(TABLE_PRODUCTS_CONTENT, $sql_data_array, 'update', "content_id = '" . $coID . "'");
$content_id = xtc_db_insert_id();
} else {
xtc_db_perform(TABLE_PRODUCTS_CONTENT, $sql_data_array);
$content_id = xtc_db_insert_id();
}
// if get id
// rename filename
xtc_redirect(xtc_href_link(FILENAME_PRODUCTS_CONTENT, 'pID=' . $product));
}
// if error
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body>
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
/**
* Use $_SESSION to insert the order into the shop-db --- $_SESSION must contain all order-data! $GLOBALS must be set with all needed vars!
* incl. attributes and stockupdate
* @return array with orderId and orderProductsIds
*/
public function insertOrderIntoShop()
{
global $order, $order_total_modules, $order_totals, $insert_id;
if (!is_object($order)) {
//$order doesnt exist if called by notification!
$order = $this->Order;
}
$order_total_modules = $this->orderTotalModules;
$order_totals = $this->orderTotals;
$tmp_status = $order->info['order_status'];
if ($_SESSION['customers_status']['customers_status_ot_discount_flag'] == 1) {
$discount = $_SESSION['customers_status']['customers_status_ot_discount'];
} else {
$discount = '0.00';
}
if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
$customers_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$customers_ip = $_SERVER["REMOTE_ADDR"];
}
if ($_SESSION['credit_covers'] != '1') {
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_firstname' => $order->customer['firstname'], 'customers_lastname' => $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_firstname' => $order->delivery['firstname'], 'delivery_lastname' => $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_country_iso_code_2' => $order->delivery['country']['iso_code_2'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_firstname' => $order->billing['firstname'], 'billing_lastname' => $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_country_iso_code_2' => $order->billing['country']['iso_code_2'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'date_purchased' => 'now()', 'orders_status' => $tmp_status, 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'customers_ip' => $customers_ip, 'language' => $_SESSION['language'], 'comments' => $order->info['comments']);
} else {
// free gift , no paymentaddress
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_firstname' => $order->customer['firstname'], 'customers_lastname' => $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_firstname' => $order->delivery['firstname'], 'delivery_lastname' => $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_country_iso_code_2' => $order->delivery['country']['iso_code_2'], 'delivery_address_format_id' => $order->delivery['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'date_purchased' => 'now()', 'orders_status' => $tmp_status, 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'customers_ip' => $customers_ip, 'comments' => $order->info['comments']);
}
xtc_db_perform(TABLE_ORDERS, $sql_data_array);
$insert_id = xtc_db_insert_id();
for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
$sql_data_array = array('orders_id' => $insert_id, 'title' => $order_totals[$i]['title'], 'text' => $order_totals[$i]['text'], 'value' => $order_totals[$i]['value'], 'class' => $order_totals[$i]['code'], 'sort_order' => $order_totals[$i]['sort_order']);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
}
$customer_notification = SEND_EMAILS == 'true' ? '1' : '0';
$sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
// initialized for the email confirmation
$products_ordered = '';
$products_ordered_html = '';
$subtotal = 0;
$total_tax = 0;
$sofortData = array();
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
$sofortData[$i] = array();
$sofortData[$i]['sofortItemId'] = $order->products[$i]['id'];
if (STOCK_LIMITED == 'true') {
if (DOWNLOAD_ENABLED == 'true') {
$stock_query_raw = "SELECT products_quantity, pad.products_attributes_filename\n\t\t\t\t\t\t\t\t FROM " . TABLE_PRODUCTS . " p\n\t\t\t\t\t\t\t\t LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n\t\t\t\t\t\t\t\t ON p.products_id=pa.products_id\n\t\t\t\t\t\t\t\t LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n\t\t\t\t\t\t\t\t ON pa.products_attributes_id=pad.products_attributes_id\n\t\t\t\t\t\t\t\t WHERE p.products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'";
// Will work with only one option for downloadable products
// otherwise, we have to build the query dynamically with a loop
$products_attributes = $order->products[$i]['attributes'];
if (is_array($products_attributes)) {
$stock_query_raw .= " AND pa.options_id = '" . HelperFunctions::escapeSql($products_attributes[0]['option_id']) . "' AND pa.options_values_id = '" . HelperFunctions::escapeSql($products_attributes[0]['value_id']) . "'";
}
$stock_query = xtc_db_query($stock_query_raw);
} else {
$stock_query = xtc_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'");
}
if (xtc_db_num_rows($stock_query) > 0) {
$stock_values = xtc_db_fetch_array($stock_query);
// do not decrement quantities if products_attributes_filename exists
if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename']) {
$stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];
} else {
$stock_left = $stock_values['products_quantity'];
}
// doppelbuchung der Artikel bei Rbs verhindern
if ($order->info['payment_method'] != 'sofort_sofortrechnung') {
xtc_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . HelperFunctions::escapeSql($stock_left) . "' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'");
}
if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
xtc_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'");
}
}
}
// Update products_ordered (for bestsellers list)
xtc_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . HelperFunctions::escapeSql(sprintf('%d', $order->products[$i]['qty'])) . " where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'");
$sql_data_array = array('orders_id' => $insert_id, 'products_id' => xtc_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_shipping_time' => $order->products[$i]['shipping_time'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => $order->products[$i]['tax'], 'products_discount_made' => $order->products[$i]['discount_allowed'], 'products_quantity' => $order->products[$i]['qty'], 'allow_tax' => $_SESSION['customers_status']['customers_status_show_price_tax']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
$order_products_id = xtc_db_insert_id();
$sofortData[$i]['sofortOrderProductsId'] = $order_products_id;
// Aenderung Specials Quantity Anfang
$specials_result = xtc_db_query("SELECT products_id, specials_quantity from " . TABLE_SPECIALS . " WHERE products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "' ");
if (xtc_db_num_rows($specials_result)) {
$spq = xtc_db_fetch_array($specials_result);
$new_sp_quantity = $spq['specials_quantity'] - $order->products[$i]['qty'];
if ($new_sp_quantity >= 1) {
xtc_db_query("update " . TABLE_SPECIALS . " set specials_quantity = '" . HelperFunctions::escapeSql($new_sp_quantity) . "' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "' ");
} else {
xtc_db_query("update " . TABLE_SPECIALS . " set status = '0', specials_quantity = '" . HelperFunctions::escapeSql($new_sp_quantity) . "' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "' ");
}
}
// Aenderung Ende
$order_total_modules->update_credit_account($i);
// GV Code ICW ADDED FOR CREDIT CLASS SYSTEM
//------insert customer choosen option to order--------
$attributes_exist = '0';
$products_ordered_attributes = '';
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name,\n\t\t\t\t\t\t\t\t\t\t poval.products_options_values_name,\n\t\t\t\t\t\t\t\t\t\t pa.options_values_price,\n\t\t\t\t\t\t\t\t\t\t pa.price_prefix,\n\t\t\t\t\t\t\t\t\t\t pad.products_attributes_maxdays,\n\t\t\t\t\t\t\t\t\t\t pad.products_attributes_maxcount,\n\t\t\t\t\t\t\t\t\t\t pad.products_attributes_filename\n\t\t\t\t\t\t\t\t\t\t from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n\t\t\t\t\t\t\t\t\t\t left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n\t\t\t\t\t\t\t\t\t\t on pa.products_attributes_id=pad.products_attributes_id\n\t\t\t\t\t\t\t\t\t\t where pa.products_id = '" . HelperFunctions::escapeSql($order->products[$i]['id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['option_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = popt.products_options_id\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['value_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = poval.products_options_values_id\n\t\t\t\t\t\t\t\t\t\t and popt.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and poval.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'";
$attributes = xtc_db_query($attributes_query);
} else {
$attributes = xtc_db_query("select popt.products_options_name,\n\t\t\t\t\t\t\t\t\t\t poval.products_options_values_name,\n\t\t\t\t\t\t\t\t\t\t pa.options_values_price,\n\t\t\t\t\t\t\t\t\t\t pa.price_prefix\n\t\t\t\t\t\t\t\t\t\t from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n\t\t\t\t\t\t\t\t\t\t where pa.products_id = '" . HelperFunctions::escapeSql($order->products[$i]['id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['option_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = popt.products_options_id\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['value_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = poval.products_options_values_id\n\t\t\t\t\t\t\t\t\t\t and popt.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and poval.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'");
}
// update attribute stock
xtc_db_query("UPDATE " . TABLE_PRODUCTS_ATTRIBUTES . " set\n\t\t\t\t\t\t\t\t attributes_stock=attributes_stock - '" . HelperFunctions::escapeSql($order->products[$i]['qty']) . "'\n\t\t\t\t\t\t\t\t where\n\t\t\t\t\t\t\t\t products_id='" . HelperFunctions::escapeSql($order->products[$i]['id']) . "'\n\t\t\t\t\t\t\t\t and options_values_id='" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['value_id']) . "'\n\t\t\t\t\t\t\t\t and options_id='" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['option_id']) . "'\n\t\t\t\t\t\t\t\t ");
$attributes_values = xtc_db_fetch_array($attributes);
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && xtc_not_null($attributes_values['products_attributes_filename'])) {
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
}
}
//------insert customer choosen option eof ----
$total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight'];
$total_tax += xtc_calculate_tax($total_products_price, $products_tax) * $order->products[$i]['qty'];
$total_cost += $total_products_price;
}
if (isset($_SESSION['tracking']['refID'])) {
xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t refferers_id = '" . HelperFunctions::escapeSql($_SESSION['tracking']['refID']) . "'\n\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'");
// check if late or direct sale
$customers_logon_query = "SELECT customers_info_number_of_logons\n\t\t\t\t\t\t FROM " . TABLE_CUSTOMERS_INFO . " \n\t\t\t\t\t\t WHERE customers_info_id = '" . HelperFunctions::escapeSql($_SESSION['customer_id']) . "'";
$customers_logon_query = xtc_db_query($customers_logon_query);
$customers_logon = xtc_db_fetch_array($customers_logon_query);
if ($customers_logon['customers_info_number_of_logons'] == 0) {
// direct sale
xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t conversion_type = '1'\n\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'");
} else {
// late sale
xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t conversion_type = '2'\n\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'");
}
} else {
$customers_query = xtc_db_query("SELECT refferers_id as ref FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . HelperFunctions::escapeSql($_SESSION['customer_id']) . "'");
$customers_data = xtc_db_fetch_array($customers_query);
if (xtc_db_num_rows($customers_query)) {
xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t refferers_id = '" . HelperFunctions::escapeSql($customers_data['ref']) . "'\n\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'");
// check if late or direct sale
$customers_logon_query = "SELECT customers_info_number_of_logons\n\t\t\t\t\t\t\t FROM " . TABLE_CUSTOMERS_INFO . " \n\t\t\t\t\t\t\t WHERE customers_info_id = '" . HelperFunctions::escapeSql($_SESSION['customer_id']) . "'";
$customers_logon_query = xtc_db_query($customers_logon_query);
$customers_logon = xtc_db_fetch_array($customers_logon_query);
if ($customers_logon['customers_info_number_of_logons'] == 0) {
// direct sale
xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t\t conversion_type = '1'\n\t\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'");
} else {
// late sale
xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t\t conversion_type = '2'\n\t\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'");
}
}
}
$order_total_modules->apply_credit();
$return['orderId'] = $insert_id;
$return['sofortData'] = $sofortData;
return $return;
}
}
if (!$manufacturers_name || $check_if_name_exist) {
if ($_GET['action'] == 'save') {
if ($check_if_name_exist['manufacturers_id'] != $manufacturers_id) {
$error[] = ERROR_TEXT_NAME;
}
} else {
$error[] = ERROR_TEXT_NAME;
}
}
if (empty($error)) {
if ($_GET['action'] == 'insert') {
$insert_sql_data = array('date_added' => 'now()');
$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_MANUFACTURERS, $sql_data_array);
$manufacturers_id = xtc_db_insert_id();
} elseif ($_GET['action'] == 'save') {
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
xtc_db_perform(TABLE_MANUFACTURERS, $sql_data_array, 'update', "manufacturers_id = '" . xtc_db_input($manufacturers_id) . "'");
}
} else {
$_SESSION['repopulate_form'] = $_REQUEST;
$_SESSION['errors'] = $error;
xtc_redirect(xtc_href_link(FILENAME_MANUFACTURERS, 'page=' . $_GET['page'] . '&action=' . $url_action . '&errors=1&mID=' . $manufacturers_id));
}
$dir_manufacturers = DIR_FS_CATALOG_IMAGES . "/manufacturers";
if ($manufacturers_image = xtc_try_upload('manufacturers_image', $dir_manufacturers)) {
xtc_db_query("update " . TABLE_MANUFACTURERS . " set\n manufacturers_image ='manufacturers/" . $manufacturers_image->filename . "'\n where manufacturers_id = '" . xtc_db_input($manufacturers_id) . "'");
}
$languages = xtc_get_languages();
} else {
$error[] = ERROR_TEXT_NAME;
}
}
if (!$wholesaler_email) {
$error[] = ERROR_TEXT_EMAIL;
} elseif (!xtc_validate_email($wholesaler_email)) {
$error[] = ERROR_TEXT_EMAIL_INVALID;
}
if (!$wholesaler_file) {
$error[] = ERROR_TEXT_FILE;
}
if (empty($error)) {
if ($_GET['action'] == 'insert') {
xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array);
$wholesaler_id = xtc_db_insert_id();
// BOF - Mail Manager Template
xtc_db_query("INSERT INTO email_manager (em_name, em_language, em_body, em_delete, em_type, em_body_txt) VALUES\r\n('" . $wholesaler_file . "',\t2,\t'<p>Sehr geehrte Damen und Herren,</p>\\r\\n<p>wir möchten bitte folgende Produkte bei Ihnen Nachbestellen:</p>\\r\\n<p><br />\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}{\$order_values.products_quantity} x {\$order_values.products_name}<br />\\r\\n{/foreach}</p>',\t0,\t'wholesaler',\t'Sehr geehrte Damen und Herren,\\r\\n\\r\\nwir möchten bitte folgende Produkte bei Ihnen Nachbestellen\\r\\n\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}\\r\\n{\$order_values.products_quantity} x {\$order_values.products_name}\\r\\n{/foreach}');\r\n");
// EOF - Mail Manager Template
} elseif ($_GET['action'] == 'save') {
xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array, 'update', "wholesaler_id = '" . xtc_db_input($wholesaler_id) . "'");
}
if (USE_CACHE == 'true') {
xtc_reset_cache_block('wholesalers');
}
xtc_redirect(xtc_href_link(FILENAME_WHOLESALERS, 'page=' . $_GET['page'] . '&wID=' . $wholesaler_id));
} else {
$_SESSION['repopulate_form'] = $_REQUEST;
$_SESSION['errors'] = $error;
xtc_redirect(xtc_href_link(FILENAME_WHOLESALERS, 'page=' . $_GET['page'] . '&action=' . $url_action . '&errors=1&wID=' . $wholesaler_id));
}
function insertCategory(&$dataArray, $mode = 'insert', $pID)
{
if ($this->debug) {
echo '<pre>';
//print_ r($this->CatTree);
echo '</pre>';
}
$cat = array();
$catTree = '';
for ($i = 0; $i < $this->catDepth; $i++) {
if (trim($dataArray['p_cat.' . $i]) != '') {
$cat[$i] = trim($dataArray['p_cat.' . $i]);
$catTree .= '[\'' . addslashes($cat[$i]) . '\']';
}
}
$code = '$ID=$this->CatTree' . $catTree . '[\'ID\'];';
if ($this->debug) {
echo $code;
}
eval($code);
if (is_int($ID) || $ID == '0') {
$this->insertPtoCconnection($pID, $ID);
} else {
$catTree = '';
$parTree = '';
$curr_ID = 0;
for ($i = 0; $i < count($cat); $i++) {
$catTree .= '[\'' . addslashes($cat[$i]) . '\']';
$code = '$ID=$this->CatTree' . $catTree . '[\'ID\'];';
eval($code);
if (is_int($ID) || $ID == '0') {
$curr_ID = $ID;
} else {
$code = '$parent=$this->CatTree' . $parTree . '[\'ID\'];';
eval($code);
// check if categorie exists
$cat_query = xtc_db_query("SELECT c.categories_id FROM " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t cd.categories_name='" . addslashes($cat[$i]) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t and cd.language_id='" . $this->languages[0]['id'] . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t and cd.categories_id=c.categories_id\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t and parent_id='" . $parent . "'");
if (!xtc_db_num_rows($cat_query)) {
// insert categorie
$categorie_data = array('parent_id' => $parent, 'categories_status' => 1, 'date_added' => 'now()', 'last_modified' => 'now()');
xtc_db_perform(TABLE_CATEGORIES, $categorie_data);
$cat_id = xtc_db_insert_id();
$this->counter['cat_new']++;
$code = '$this->CatTree' . $parTree . '[\'' . addslashes($cat[$i]) . '\'][\'ID\']=' . $cat_id . ';';
eval($code);
$parent = $cat_id;
for ($i_insert = 0; $i_insert < sizeof($this->languages); $i_insert++) {
$categorie_data = array('language_id' => $this->languages[$i_insert]['id'], 'categories_id' => $cat_id, 'categories_name' => $cat[$i]);
xtc_db_perform(TABLE_CATEGORIES_DESCRIPTION, $categorie_data);
}
} else {
$this->counter['cat_touched']++;
$cData = xtc_db_fetch_array($cat_query);
$cat_id = $cData['categories_id'];
$code = '$this->CatTree' . $parTree . '[\'' . addslashes($cat[$i]) . '\'][\'ID\']=' . $cat_id . ';';
eval($code);
}
}
$parTree = $catTree;
}
$this->insertPtoCconnection($pID, $cat_id);
}
}
// Simple, yet effective.. loop through the selected Option Values.. find the proper price & prefix.. insert.. yadda yadda yadda.
for ($i = 0; $i < sizeof($_POST['optionValues']); $i++) {
$query = "SELECT * \n FROM " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " \n WHERE products_options_values_id = '" . $_POST['optionValues'][$i] . "'";
$result = xtc_db_query($query);
$matches = xtc_db_num_rows($result);
while ($line = xtc_db_fetch_array($result)) {
$optionsID = $line['products_options_id'];
}
$cv_id = $_POST['optionValues'][$i];
$value_price = $_POST[$cv_id . '_price'];
if (PRICE_IS_BRUTTO == 'true') {
$value_price = $value_price / (xtc_get_tax_rate(xtc_get_tax_class_id($_POST['current_product_id'])) + 100) * 100;
}
$value_price = xtc_round($value_price, PRICE_PRECISION);
//default values
$sql_data_array = array('products_id' => $_POST['current_product_id'], 'options_id' => $optionsID, 'options_values_id' => $_POST['optionValues'][$i], 'options_values_price' => $value_price, 'price_prefix' => $_POST[$cv_id . '_prefix'], 'attributes_model' => xtc_db_prepare_input($_POST[$cv_id . '_model']), 'attributes_stock' => $_POST[$cv_id . '_stock'], 'options_values_weight' => $_POST[$cv_id . '_weight'], 'weight_prefix' => $_POST[$cv_id . '_weight_prefix'], 'sortorder' => $_POST[$cv_id . '_sortorder']);
//additional values
$add_data_array = array('attributes_ean' => xtc_db_prepare_input($_POST[$cv_id . '_ean']));
$sql_data_array = xtc_array_merge($sql_data_array, $add_data_array);
xtc_db_perform(TABLE_PRODUCTS_ATTRIBUTES, $sql_data_array);
$products_attributes_id = xtc_db_insert_id();
if ($_POST[$cv_id . '_download_file'] != '') {
$value_download_file = $_POST[$cv_id . '_download_file'];
$value_download_expire = $_POST[$cv_id . '_download_expire'];
$value_download_count = $_POST[$cv_id . '_download_count'];
$sql_data_array = array('products_attributes_id' => $products_attributes_id, 'products_attributes_filename' => xtc_db_prepare_input($value_download_file), 'products_attributes_maxdays' => $value_download_expire, 'products_attributes_maxcount' => $value_download_count);
xtc_db_perform(TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD, $sql_data_array);
}
}
xtc_db_query('UPDATE ' . TABLE_PRODUCTS . ' SET products_last_modified=now() WHERE products_id=' . (int) $_POST['current_product_id']);
//DokuMan - 2010-09-21 - set modified date on product
function _process_order()
{
try {
/**
* Process the internal cartID to match the cartID in the $_SESSION
*/
if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) {
if ($_SESSION['cart']->cartID != $_SESSION['cartID']) {
return false;
}
}
$order = new order();
/**
* PropertiesControl Object
*/
$coo_properties = MainFactory::create_object('PropertiesControl');
$tmp_status = $order->info['order_status'];
if ($_SESSION['customers_status']['customers_status_ot_discount_flag'] == 1) {
$discount = $_SESSION['customers_status']['customers_status_ot_discount'];
} else {
$discount = '0.00';
}
if (gm_get_conf("GM_SHOW_IP") == '1' && gm_get_conf("GM_LOG_IP") == '1') {
$customers_ip = $_SESSION['user_info']['user_ip'];
}
$comments = '';
if (trim((string) $this->_request->comment_client) != '') {
$comments .= sprintf('Customer\'s Comment: %s', trim((string) $this->_request->comment_client) . "\n");
}
$comments .= sprintf('Rakuten Order No: %s', (string) $this->_request->order_no . "\n") . sprintf('Rakuten Client ID: %s', (string) $this->_request->client->client_id . "\n");
$order->info['comments'] = $comments;
$order->info['rakuten_order_no'] = (string) $this->_request->order_no;
$billing_addr = $this->_request->client;
$order->customer['email_address'] = (string) $billing_addr->email;
$order->customer['firstname'] = $this->_escape_str_revert((string) $billing_addr->first_name);
$order->customer['lastname'] = $this->_escape_str_revert((string) $billing_addr->last_name);
$order->customer['telephone'] = (string) $billing_addr->phone;
$billing_country_result = xtc_db_query("SELECT countries_id, countries_name from " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . (string) $billing_addr->country . "' ");
if (xtc_db_num_rows($billing_country_result)) {
$billing_country = xtc_db_fetch_array($billing_country_result);
} else {
$billing_country['countries_id'] = -1;
$billing_country['countries_name'] = (string) $billing_addr->country;
}
$order->billing['firstname'] = (string) $billing_addr->first_name;
$order->billing['lastname'] = (string) $billing_addr->last_name;
$order->billing['company'] = (string) $billing_addr->company;
$order->billing['street_address'] = (string) $billing_addr->street . " " . (string) $billing_addr->street_no . ((string) $billing_addr->address_add ? '<br />' . (string) $billing_addr->address_add : '');
$order->billing['city'] = (string) $billing_addr->city;
$order->billing['postcode'] = (string) $billing_addr->zip_code;
$order->billing['country']['title'] = $billing_country['countries_name'];
$order->billing['country']['iso_code_2'] = (string) $billing_addr->country;
$order->billing['format_id'] = '5';
$shipping_addr = $this->_request->delivery_address;
$shipping_country_result = xtc_db_query("SELECT countries_id, countries_name from " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . (string) $shipping_addr->country . "' ");
if (xtc_db_num_rows($shipping_country_result)) {
$shipping_country = xtc_db_fetch_array($shipping_country_result);
} else {
$shipping_country['countries_id'] = -1;
$shipping_country['countries_name'] = (string) $shipping_addr->country;
}
$order->delivery['firstname'] = (string) $shipping_addr->first_name;
$order->delivery['lastname'] = (string) $shipping_addr->last_name;
$order->delivery['company'] = (string) $shipping_addr->company;
$order->delivery['street_address'] = (string) $shipping_addr->street . " " . (string) $shipping_addr->street_no . ((string) $shipping_addr->address_add ? '<br />' . (string) $shipping_addr->address_add : '');
$order->delivery['city'] = (string) $shipping_addr->city;
$order->delivery['postcode'] = (string) $shipping_addr->zip_code;
$order->delivery['country']['title'] = $shipping_country['countries_name'];
$order->delivery['country']['iso_code_2'] = (string) $shipping_addr->country;
$order->delivery['format_id'] = '5';
$order->info['payment_method'] = 'rakuten';
$order->info['payment_class'] = '';
$order->info['shipping_method'] = 'rakuten';
$order->info['shipping_class'] = '';
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_firstname' => $order->customer['firstname'], 'customers_lastname' => $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_firstname' => $order->delivery['firstname'], 'delivery_lastname' => $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_country_iso_code_2' => $order->delivery['country']['iso_code_2'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_firstname' => $order->billing['firstname'], 'billing_lastname' => $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_country_iso_code_2' => $order->billing['country']['iso_code_2'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'cc_start' => $order->info['cc_start'], 'cc_cvv' => $order->info['cc_cvv'], 'cc_issue' => $order->info['cc_issue'], 'date_purchased' => 'now()', 'orders_status' => $tmp_status, 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'customers_ip' => $customers_ip, 'language' => $_SESSION['language'], 'comments' => $order->info['comments'], 'rakuten_order_no' => $order->info['rakuten_order_no']);
xtc_db_perform(TABLE_ORDERS, $sql_data_array);
$insert_id = xtc_db_insert_id();
$_SESSION['tmp_oID'] = $insert_id;
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_SUBTOTAL . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->total - (double) $this->_request->shipping - (double) $this->_request->total_tax_amount), 'value' => (double) $this->_request->total - (double) $this->_request->shipping - (double) $this->_request->total_tax_amount, 'class' => 'ot_subtotal', 'sort_order' => 10);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_SHIPPING . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->shipping), 'value' => (double) $this->_request->shipping, 'class' => 'ot_shipping', 'sort_order' => 30);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_TAX . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->total_tax_amount), 'value' => (double) $this->_request->total_tax_amount, 'class' => 'ot_tax', 'sort_order' => 97);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_TOTAL . ':', 'text' => sprintf("<b> %01.2f EUR</b>", (double) $this->_request->total), 'value' => (double) $this->_request->total, 'class' => 'ot_total', 'sort_order' => 99);
xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
$customer_notification = '0';
$sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']);
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
require_once DIR_FS_CATALOG . 'gm/inc/set_shipping_status.php';
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
/**
* Stock update
*/
if (STOCK_LIMITED == 'true') {
if (DOWNLOAD_ENABLED == 'true') {
$stock_query_raw = "SELECT p.products_quantity, pad.products_attributes_filename\n FROM " . TABLE_PRODUCTS . " p\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n ON p.products_id=pa.products_id\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n ON pa.products_attributes_id=pad.products_attributes_id\n WHERE p.products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'";
$products_attributes = $order->products[$i]['attributes'];
if (is_array($products_attributes)) {
$stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'";
}
$stock_query = xtc_db_query($stock_query_raw);
} else {
$stock_query = xtc_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
}
if (xtc_db_num_rows($stock_query) > 0) {
$stock_values = xtc_db_fetch_array($stock_query);
/**
* Do not decrement quantities if products_attributes_filename exists
*/
if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename']) {
$stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];
} else {
$stock_left = $stock_values['products_quantity'];
}
xtc_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false' && GM_SET_OUT_OF_STOCK_PRODUCTS == 'true') {
xtc_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
}
set_shipping_status($order->products[$i]['id']);
if ($stock_left <= STOCK_REORDER_LEVEL) {
$gm_get_products_name = xtc_db_query("SELECT products_name\n FROM products_description\n WHERE\n products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'\n AND language_id = '" . $_SESSION['languages_id'] . "'");
$gm_stock_data = mysql_fetch_array($gm_get_products_name);
$gm_subject = GM_OUT_OF_STOCK_NOTIFY_TEXT . ' ' . $gm_stock_data['products_name'];
$gm_body = GM_OUT_OF_STOCK_NOTIFY_TEXT . ': ' . (double) $stock_left . "\n\n" . HTTP_SERVER . DIR_WS_CATALOG . 'product_info.php?info=p' . xtc_get_prid($order->products[$i]['id']);
/**
* Send the email
*/
xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', '', $gm_subject, nl2br(htmlentities($gm_body)), $gm_body);
}
}
}
/**
* Update products_ordered (for bestsellers list)
*/
xtc_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . (double) $order->products[$i]['qty'] . " where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'");
$sql_data_array = array('orders_id' => $insert_id, 'products_id' => xtc_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_shipping_time' => $order->products[$i]['shipping_time'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => xtc_get_tax_rate($order->products[$i]['tax_class_id'], $shipping_country['countries_id']), 'products_discount_made' => $order->products[$i]['discount_allowed'], 'products_quantity' => $order->products[$i]['qty'], 'allow_tax' => $_SESSION['customers_status']['customers_status_show_price_tax']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
$order_products_id = xtc_db_insert_id();
if (!empty($order->products[$i]['quantity_unit_id'])) {
xtc_db_query("INSERT INTO orders_products_quantity_units\n SET orders_products_id = '" . (int) $order_products_id . "',\n quantity_unit_id = '" . (int) $order->products[$i]['quantity_unit_id'] . "',\n unit_name = '" . xtc_db_input($order->products[$i]['unit_name']) . "'");
}
/**
* Save selected properties_combi in product
*/
$t_combis_id = $coo_properties->extract_combis_id($order->products[$i]['id']);
$GLOBALS['coo_debugger']->log('checkout_process: $order->products[$i][id] ' . $order->products[$i]['id'], 'Properties');
$GLOBALS['coo_debugger']->log('checkout_process: extract_combis_id ' . $t_combis_id, 'Properties');
if (empty($t_combis_id) == false) {
$coo_properties->add_properties_combi_to_orders_product($t_combis_id, $order_products_id);
/**
* Update properties_combi quantity
*/
$t_quantity_change = $order->products[$i]['qty'] * -1;
$val = $coo_properties->change_combis_quantity($t_combis_id, $t_quantity_change);
}
$specials_result = xtc_db_query("SELECT products_id, specials_quantity from " . TABLE_SPECIALS . " WHERE products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' ");
if (xtc_db_num_rows($specials_result)) {
$spq = xtc_db_fetch_array($specials_result);
$new_sp_quantity = $spq['specials_quantity'] - $order->products[$i]['qty'];
if ($new_sp_quantity >= 1) {
xtc_db_query("update " . TABLE_SPECIALS . " set specials_quantity = '" . $new_sp_quantity . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' ");
} elseif (STOCK_CHECK == 'true') {
xtc_db_query("update " . TABLE_SPECIALS . " set status = '0', specials_quantity = '" . $new_sp_quantity . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' ");
}
}
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price,\n pa.price_prefix,\n pad.products_attributes_maxdays,\n pad.products_attributes_maxcount,\n pad.products_attributes_filename\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'";
$attributes = xtc_db_query($attributes_query);
} else {
$attributes = xtc_db_query("select popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price,\n pa.price_prefix\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'");
}
/**
* update attribute stock
*/
xtc_db_query("UPDATE " . TABLE_PRODUCTS_ATTRIBUTES . " set\n attributes_stock=attributes_stock - '" . $order->products[$i]['qty'] . "'\n where\n products_id='" . $order->products[$i]['id'] . "'\n and options_values_id='" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and options_id='" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n ");
$attributes_values = xtc_db_fetch_array($attributes);
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && xtc_not_null($attributes_values['products_attributes_filename'])) {
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']);
xtc_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
/**
* BOF GM_MOD attributes stock_notifier
*/
$gm_get_attributes_stock = xtc_db_query("SELECT\n pd.products_name,\n pa.attributes_stock,\n po.products_options_name,\n pov.products_options_values_name\n FROM\n products_description pd,\n products_attributes pa,\n products_options po,\n products_options_values pov\n WHERE pa.products_id = '" . $order->products[$i]['id'] . "'\n AND pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n AND pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n AND po.products_options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n AND po.language_id = '" . $_SESSION['languages_id'] . "'\n AND pov.products_options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n AND pov.language_id = '" . $_SESSION['languages_id'] . "'\n AND pd.products_id = '" . $order->products[$i]['id'] . "'\n AND pd.language_id = '" . $_SESSION['languages_id'] . "'");
if (xtc_db_num_rows($gm_get_attributes_stock) == 1) {
$gm_attributes_stock_data = xtc_db_fetch_array($gm_get_attributes_stock);
if ($gm_attributes_stock_data['attributes_stock'] <= STOCK_REORDER_LEVEL) {
$gm_subject = GM_OUT_OF_STOCK_NOTIFY_TEXT . ' ' . $gm_attributes_stock_data['products_name'] . ' - ' . $gm_attributes_stock_data['products_options_name'] . ': ' . $gm_attributes_stock_data['products_options_values_name'];
$gm_body = GM_OUT_OF_STOCK_NOTIFY_TEXT . ': ' . (double) $gm_attributes_stock_data['attributes_stock'] . ' (' . $gm_attributes_stock_data['products_name'] . ' - ' . $gm_attributes_stock_data['products_options_name'] . ': ' . $gm_attributes_stock_data['products_options_values_name'] . ")\n\n" . HTTP_SERVER . DIR_WS_CATALOG . 'product_info.php?info=p' . xtc_get_prid($order->products[$i]['id']);
xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', '', $gm_subject, nl2br(htmlentities($gm_body)), $gm_body);
}
}
}
}
$total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight'];
$total_cost += $total_products_price;
}
if (isset($_SESSION['tracking']['refID'])) {
xtc_db_query("update " . TABLE_ORDERS . " set\n refferers_id = '" . $_SESSION['tracking']['refID'] . "'\n where orders_id = '" . $insert_id . "'");
/**
* Check if late or direct sale
*/
$customers_logon_query = "SELECT customers_info_number_of_logons\n FROM " . TABLE_CUSTOMERS_INFO . "\n WHERE customers_info_id = '" . $_SESSION['customer_id'] . "'";
$customers_logon_query = xtc_db_query($customers_logon_query);
$customers_logon = xtc_db_fetch_array($customers_logon_query);
if ($customers_logon['customers_info_number_of_logons'] == 0) {
/**
* direct sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '1'\n where orders_id = '" . $insert_id . "'");
} else {
/**
* late sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '2'\n where orders_id = '" . $insert_id . "'");
}
} else {
$customers_query = xtc_db_query("SELECT refferers_id as ref FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . $_SESSION['customer_id'] . "'");
$customers_data = xtc_db_fetch_array($customers_query);
if (xtc_db_num_rows($customers_query)) {
xtc_db_query("update " . TABLE_ORDERS . " set\n refferers_id = '" . $customers_data['ref'] . "'\n where orders_id = '" . $insert_id . "'");
/**
* check if late or direct sale
*/
$customers_logon_query = "SELECT customers_info_number_of_logons\n FROM " . TABLE_CUSTOMERS_INFO . "\n WHERE customers_info_id = '" . $_SESSION['customer_id'] . "'";
$customers_logon_query = xtc_db_query($customers_logon_query);
$customers_logon = xtc_db_fetch_array($customers_logon_query);
if ($customers_logon['customers_info_number_of_logons'] == 0) {
/**
* Direct sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '1'\n where orders_id = '" . $insert_id . "'");
} else {
/**
* Late sale
*/
xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '2'\n where orders_id = '" . $insert_id . "'");
}
}
}
$_SESSION['cart']->reset(true);
/**
* Unregister session variables used during checkout
*/
unset($_SESSION['sendto']);
unset($_SESSION['billto']);
unset($_SESSION['shipping']);
unset($_SESSION['payment']);
unset($_SESSION['comments']);
unset($_SESSION['last_order']);
unset($_SESSION['tmp_oID']);
unset($_SESSION['cc']);
unset($_SESSION['nvpReqArray']);
unset($_SESSION['reshash']);
$last_order = $insert_id;
if (isset($_SESSION['credit_covers'])) {
unset($_SESSION['credit_covers']);
}
} catch (Exception $e) {
throw $e;
}
return true;
}
public function saveTransactionStatus($txstatus)
{
if (empty($txstatus['reference'])) {
$this->log("received TxStatus w/o reference!");
return;
}
$config = $this->getConfig();
$key_valid = false;
if (md5($config['global']['key']) == $txstatus['key']) {
$key_valid = true;
} else {
$paymentgenre_identifiers = $this->getPaymentGenreIdentifiers();
foreach ($paymentgenre_identifiers as $pg_id) {
if (md5($config[$pg_id]['global']['key']) == $txstatus['key']) {
$key_valid = true;
}
}
}
if ($key_valid == true) {
$sql_data_status_array = array('orders_id' => (int) $txstatus['reference'], 'received' => 'now()');
xtc_db_perform('payone_txstatus', $sql_data_status_array);
$txstatus_id = xtc_db_insert_id();
foreach ($txstatus as $key => $value) {
$sql_data_statusdata_array = array('`payone_txstatus_id`' => $txstatus_id, '`key`' => $key, '`value`' => is_array($value) ? implode('||', $value) : $value);
xtc_db_perform('payone_txstatus_data', $sql_data_statusdata_array);
}
$sql_data_transactions_array = array('status' => strtoupper($txstatus['txaction']), 'last_modified' => 'now()');
xtc_db_perform('payone_transactions', $sql_data_transactions_array, 'update', "txid='" . $txstatus['txid'] . "'");
if (in_array($txstatus['txaction'], $this->getStatusNames())) {
$sql_data_orders_array = array('orders_status' => (int) $config['orders_status'][$txstatus['txaction']], 'last_modified' => 'now()');
xtc_db_perform(TABLE_ORDERS, $sql_data_orders_array, 'update', "orders_id='" . (int) $txstatus['reference'] . "'");
$sql_data_array = array('orders_id' => (int) $txstatus['reference'], 'orders_status_id' => (int) $config['orders_status'][$txstatus['txaction']], 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => STATUS_UPDATED_BY_PAYONE, 'comments_sent' => '0');
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
// send Transaction Status
if ($config['orders_status_redirect']['url'][$txstatus['txaction']] != '') {
$this->sendTransactionStatus($config['orders_status_redirect']['url'][$txstatus['txaction']], $txstatus, $config['orders_status_redirect']['timeout'][$txstatus['txaction']]);
}
}
} else {
$this->log("received TxStatus with an invalid key! TxStatus will not be processed.");
}
// logging
$message_parts = array();
foreach ($txstatus as $name => $value) {
$message_parts[] = "{$name}={$value}";
}
$message = implode('|', $message_parts);
list($msec, $sec) = explode(' ', microtime());
$sql_data_array = array('event_id' => (int) (($sec + $msec) * 1000), 'date_created' => 'now()', 'log_count' => '0', 'log_level' => '0', 'message' => $message, 'customers_id' => '0');
$this->log(print_r($sql_data_array, true));
xtc_db_perform('payone_transactions_log', $sql_data_array);
}
function callback_process($data, $charset)
{
// Keine Session da !
// Stand: 29.06.2011
global $_GET;
$this->data = $data;
//$this->_logTrans($data);
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (EMAIL_TRANSPORT == 'smtp') {
require_once DIR_WS_CLASSES . 'class.smtp.php';
}
require_once DIR_FS_INC . 'xtc_Security.inc.php';
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
if (isset($xtc_order_id) && is_numeric($xtc_order_id) && $xtc_order_id > 0) {
// order suchen
$order_query = xtc_db_query("SELECT currency, currency_value\n FROM " . TABLE_ORDERS . "\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
if (xtc_db_num_rows($order_query) > 0) {
// order gefunden
$ipn_charset = xtc_db_prepare_input($this->data['charset']);
$ipn_data = array();
$ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']);
$ipn_data['xtc_order_id'] = xtc_db_prepare_input($xtc_order_id);
$ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']);
$ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']);
$ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']);
$ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']);
$ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']);
$ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'], $ipn_charset, $charset));
$ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'], $ipn_charset, $charset));
$ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'], $ipn_charset, $charset));
$ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'], $ipn_charset, $charset));
$ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'], $ipn_charset, $charset));
$ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'], $ipn_charset, $charset));
$ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']);
$ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'], $ipn_charset, $charset));
$ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']);
$ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']);
$ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']);
$ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']);
$ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date']));
$ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'], $ipn_charset, $charset));
$ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']);
$ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']);
$ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']);
$ipn_data['txn_type'] = $this->ipn_determine_txn_type($this->data['txn_type']);
$ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']);
$ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']);
$ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']);
$ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']);
$ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']);
$ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']);
$ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']);
$ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']);
$ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']);
if ($ipn_data['num_cart_items'] > 1) {
$verspos = $ipn_data['num_cart_items'];
for ($p = 1; $p <= $verspos; $p++) {
if ($this->data['item_name' . $p] == substr(SUB_TITLE_OT_DISCOUNT, 0, 127) || $this->data['item_name' . $p] == substr(PAYPAL_GS, 0, 127) || $this->data['item_name' . $p] == "Handling" || $this->data['item_name' . $p] == substr(PAYPAL_TAX, 0, 127) || $this->data['item_name' . $p] == "Differenz") {
// Artikel Nummer aus den Details für Sonderzeilen
$ipn_data['num_cart_items']--;
}
if ($this->data['item_name' . $p] == substr(SHIPPING_COSTS, 0, 127)) {
// Versandkosten
$ipn_data['mc_shipping'] = $this->data['mc_gross_' . $p];
$ipn_data['num_cart_items']--;
}
}
}
$_transQuery = "SELECT paypal_ipn_id FROM " . TABLE_PAYPAL . " WHERE txn_id = '" . $ipn_data['txn_id'] . "'";
$_transQuery = xtc_db_query($_transQuery);
$_transQuery = xtc_db_fetch_array($_transQuery);
if ($_transQuery['paypal_ipn_id'] != '') {
$insert_id = $_transQuery['paypal_ipn_id'];
$sql_data_array = array('payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'payer_email' => $ipn_data['payer_email'], 'num_cart_items' => $ipn_data['num_cart_items'], 'mc_fee' => $ipn_data['mc_fee'], 'mc_shipping' => $ipn_data['mc_shipping'], 'address_name' => $ipn_data['address_name'], 'address_street' => $ipn_data['address_street'], 'address_city' => $ipn_data['address_city'], 'address_state' => $ipn_data['address_state'], 'address_zip' => $ipn_data['address_zip'], 'address_country' => $ipn_data['address_country'], 'address_status' => $ipn_data['address_status'], 'payer_status' => $ipn_data['payer_status'], 'receiver_email' => $ipn_data['receiver_email'], 'last_modified ' => 'now()');
xtc_db_perform(TABLE_PAYPAL, $sql_data_array, 'update', "paypal_ipn_id = '" . (int) $insert_id . "'");
} else {
$ipn_data['date_added'] = 'now()';
$ipn_data['last_modified'] = 'now()';
xtc_db_perform(TABLE_PAYPAL, $ipn_data);
$insert_id = xtc_db_insert_id();
}
$paypal_order_history = array('paypal_ipn_id' => $insert_id, 'txn_id' => $ipn_data['txn_id'], 'parent_txn_id' => $ipn_data['parent_txn_id'], 'payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'mc_amount' => $ipn_data['mc_gross'], 'date_added' => 'now()');
xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY, $paypal_order_history);
$crlf = "\n";
$comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf;
$comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']);
if (isset($this->data['payer_status'])) {
$comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']);
}
$comment_status .= '.' . $crlf;
if (isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && $_POST['test_ipn'] > 0) {
$comment_status .= '(Sandbox-Test Mode)' . $crlf;
}
$comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']);
if (isset($this->data['pending_reason'])) {
$comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']);
}
if (isset($this->data['reason_code'])) {
$comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']);
}
$comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']);
$comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']);
if (isset($this->data['parent_txn_id'])) {
$comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']);
}
$comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']);
//Set status for default (Pending)
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
$parameters = 'cmd=_notify-validate';
foreach ($this->data as $key => $value) {
$parameters .= '&' . $key . '=' . urlencode(stripslashes($value));
}
//$this->_logTransactions($parameters);
// 08.01.2008 auch ohne cURL
$mit_curl = 0;
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->IPN_URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$result = curl_exec($ch);
if (!curl_errno($ch)) {
$mit_curl = 1;
}
curl_close($ch);
}
// cURL fehlt oder ist fehlgeschlagen
if ($mit_curl == 0) {
$request_post = array('http' => array('method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $parameters));
$request = stream_context_create($request_post);
$result = file_get_contents($this->IPN_URL, false, $request);
}
if (strtoupper($result) == 'VERIFIED' || $result == '1') {
// Steht auf Warten
if (strtolower($this->data['payment_status']) == 'completed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
//Set status for Denied, Failed
} elseif (strtolower($this->data['payment_status']) == 'denied' or strtolower($this->data['payment_status']) == 'failed') {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
//Set status for Reversed
} elseif (strtolower($this->data['payment_status']) == 'reversed') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Canceled-Reversal
} elseif (strtolower($this->data['payment_status']) == 'canceled-reversal') {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
//Set status for Refunded
} elseif (strtolower($this->data['payment_status']) == 'refunded') {
$order_status_id = DEFAULT_ORDERS_STATUS_ID;
//Set status for Pendign - eigentlich nicht nötig?
} elseif (strtolower($this->data['payment_status']) == 'pending') {
$order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
//Set status for Processed - wann kommt das ?
} elseif (strtolower($this->data['payment_status']) == 'processed') {
if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
$order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
}
}
} else {
$order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
$error_reason = 'Received INVALID responce but invoice and Customer matched.';
}
$xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
xtc_db_query("UPDATE " . TABLE_ORDERS . "\n SET orders_status = '" . $order_status_id . "', last_modified = now()\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
$sql_data_array = array('orders_id' => xtc_db_prepare_input($xtc_order_id), 'orders_status_id' => $order_status_id, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN ' . $comment_status . '');
xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
} else {
$error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.';
}
} else {
$error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.';
}
if (xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) {
$email_body = $error_reason . "\n\n" . '<br>';
$email_body .= $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . " - " . $_SERVER['HTTP_ACCEPT'] . "\n\n" . '<br>';
$email_body .= '$_POST:' . "\n\n" . '<br>';
foreach ($this->data as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
$email_body .= "\n" . '$_GET:' . "\n\n" . '<br>';
foreach ($_GET as $key => $value) {
$email_body .= $key . '=' . $value . "\n" . '<br>';
}
xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body);
}
}
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = xtc_db_insert_id();
xtc_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_default_address_id = '" . (int) $address_id . "' WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xtc_db_query("INSERT INTO " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) VALUES ('" . (int) $_SESSION['customer_id'] . "', '0', now())");
if (SESSION_RECREATE == 'True') {
xtc_session_recreate();
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_last_name'] = $lastname;
$_SESSION['customer_default_address_id'] = $address_id;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id;
$_SESSION['customer_vat_id'] = $vat;
// restore cart contents
$_SESSION['cart']->restore_contents();
// campaign tracking
if (isset($_SESSION['tracking']['refID'])) {
if (empty($banners_image_local)) {
$accepted_banners_image_files_extensions = array("jpg", "jpeg", "jpe", "gif", "png", "bmp", "tiff", "tif", "bmp", "swf", "cab");
$accepted_banners_image_files_mime_types = array("image/jpeg", "image/gif", "image/png", "image/bmp", "application/x-shockwave-flash");
if (!($banners_image = xtc_try_upload('banners_image', DIR_FS_CATALOG_IMAGES . 'banner/' . $banners_image_target, '644', $accepted_banners_image_files_extensions, $accepted_banners_image_files_mime_types))) {
$messageStack->add(ERROR_BANNER_IMAGE_REQUIRED, 'error');
$banner_error = true;
}
}
if ($banner_error == false) {
$db_image_location = xtc_not_null($banners_image_local) ? $banners_image_local : $banners_image_target . $banners_image->filename;
$sql_data_array = array('banners_title' => $banners_title, 'banners_url' => $banners_url, 'banners_image' => $db_image_location, 'banners_group' => $banners_group, 'banners_html_text' => $html_text);
if ($action == 'insert') {
$insert_sql_data = array('date_added' => 'now()', 'status' => '1');
$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_BANNERS, $sql_data_array);
$banners_id = xtc_db_insert_id();
$messageStack->add_session(SUCCESS_BANNER_INSERTED, 'success');
} elseif ($action == 'update') {
xtc_db_perform(TABLE_BANNERS, $sql_data_array, 'update', 'banners_id = \'' . (int) $banners_id . '\'');
$messageStack->add_session(SUCCESS_BANNER_UPDATED, 'success');
}
if ($_POST['expires_date']) {
$expires_date = xtc_db_prepare_input($_POST['expires_date']);
// BOF - Tomcraft - 2009-11-06 - Use "iso 8601" for the date format
//list($day, $month, $year) = explode('/', $expires_date);
list($year, $month, $day) = explode('-', $expires_date);
// EOF - Tomcraft - 2009-11-06 - Use "iso 8601" for the date format
$expires_date = $year . (strlen($month) == 1 ? '0' . $month : $month) . (strlen($day) == 1 ? '0' . $day : $day);
xtc_db_query("update " . TABLE_BANNERS . " set expires_date = '" . xtc_db_input($expires_date) . "', expires_impressions = null where banners_id = '" . (int) $banners_id . "'");
} elseif ($_POST['impressions']) {
$impressions = xtc_db_prepare_input($_POST['impressions']);
}
if (!$imagesliders_name || $check_if_name_exist) {
if ($_GET['action'] == 'save') {
if ($check_if_name_exist['imagesliders_id'] != $imagesliders_id) {
$error[] = ERROR_TEXT_NAME;
}
} else {
$error[] = ERROR_TEXT_NAME;
}
}
if (empty($error)) {
if ($_GET['action'] == 'insert') {
$insert_sql_data = array('date_added' => 'now()');
$sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data);
xtc_db_perform(TABLE_IMAGESLIDERS, $sql_data_array);
$imagesliders_id = xtc_db_insert_id();
} elseif ($_GET['action'] == 'save') {
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data);
xtc_db_perform(TABLE_IMAGESLIDERS, $sql_data_array, 'update', "imagesliders_id = '" . xtc_db_input($imagesliders_id) . "'");
}
$languages = xtc_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if ($_POST['imagesliders_image_delete' . $i] == true) {
@unlink(DIR_FS_CATALOG_IMAGES . xtc_get_imageslider_image($imagesliders_id, $languages[$i]['id']));
$imagepfad = '';
}
if ($image =& xtc_try_upload('imagesliders_image' . $i, DIR_FS_CATALOG_IMAGES . 'imagesliders/' . $languages[$i]['directory'] . '/')) {
$imagepfad = 'imagesliders/' . $languages[$i]['directory'] . '/' . $image->filename;
} else {
if ($_POST['imagesliders_image_delete' . $i] == false) {
