function create_plugin_instance()
{
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
if (isset($_SESSION['customer_id'])) {
$wo_customer_id = $_SESSION['customer_id'];
$wo_full_name = addslashes($_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_lastname']);
} else {
$wo_customer_id = '';
$wo_full_name = 'Guest';
}
$wo_session_id = oos_session_id();
$wo_ip_address = $_SESSION['session_ip_address'];
$wo_last_page_url = addslashes(oos_server_get_var('REQUEST_URI'));
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$whos_onlinetable = $oostable['whos_online'];
$dbconn->Execute("DELETE FROM {$whos_onlinetable}\n WHERE time_last_click < '" . oos_db_input($xx_mins_ago) . "'");
$whos_onlinetable = $oostable['whos_online'];
$query = "SELECT COUNT(*) AS total\n FROM {$whos_onlinetable}\n WHERE session_id = '" . oos_db_input($wo_session_id) . "'";
$stored_customer = $dbconn->Execute($query);
if ($stored_customer->fields['total'] > 0) {
$whos_onlinetable = $oostable['whos_online'];
$query = "UPDATE {$whos_onlinetable}" . " SET customer_id = ?, full_name = ?, ip_address = ?, time_last_click = ?, last_page_url = ?" . " WHERE session_id = ?";
$result =& $dbconn->Execute($query, array((string) $wo_customer_id, (string) $wo_full_name, (string) $wo_ip_address, (string) $current_time, (string) $wo_last_page_url, (string) $wo_session_id));
} else {
$whos_onlinetable = $oostable['whos_online'];
$dbconn->Execute("INSERT INTO " . $whos_onlinetable . "\n (customer_id,\n full_name,\n session_id,\n ip_address,\n time_entry,\n time_last_click,\n last_page_url) VALUES ('" . oos_db_input($wo_customer_id) . "',\n '" . oos_db_input($wo_full_name) . "',\n '" . oos_db_input($wo_session_id) . "',\n '" . oos_db_input($wo_ip_address) . "',\n '" . oos_db_input($current_time) . "',\n '" . oos_db_input($current_time) . "',\n '" . oos_db_input($wo_last_page_url) . "')");
}
return true;
}
/**
* Sets the status of a featured product
*/
function oos_set_featured_status($nFeaturedId, $status)
{
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$featuredtable = $oostable['featured'];
return $dbconn->Execute("UPDATE {$featuredtable}\n SET status = '" . oos_db_input($status) . "',\n date_status_change = '" . date("Y-m-d H:i:s", time()) . "'\n WHERE featured_id = '" . intval($nFeaturedId) . "'");
}
function create_plugin_instance()
{
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
if ($_GET['file'] != $aFilename['login'] && !isset($_SESSION['customer_id'])) {
$cookie_url_array = parse_url((ENABLE_SSL == true ? OOS_HTTPS_SERVER : OOS_HTTP_SERVER) . substr(OOS_SHOP, 0, -1));
$cookie_path = $cookie_url_array['path'];
if (isset($_COOKIE['email_address']) && isset($_COOKIE['password'])) {
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$customerstable = $oostable['customers'];
$sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_language,\n customers_vat_id_status, customers_email_address, customers_default_address_id,\n customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($_COOKIE['email_address']) . "'";
$check_customer_result = $dbconn->Execute($sql);
if ($check_customer_result->RecordCount()) {
$check_customer = $check_customer_result->fields;
if (oos_validate_password($_COOKIE['password'], $check_customer['customers_password'])) {
$address_booktable = $oostable['address_book'];
$sql = "SELECT entry_country_id, entry_zone_id\n FROM {$address_booktable}\n WHERE customers_id = '" . $check_customer['customers_id'] . "'\n AND address_book_id = '1'";
$check_country = $dbconn->GetRow($sql);
if ($check_customer['customers_language'] == '') {
$sLanguage = oos_var_prep_for_os($_SESSION['language']);
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_language = '" . oos_db_input($sLanguage) . "'\n WHERE customers_id = '" . intval($check_customer['customers_id']) . "'");
}
$_SESSION['customer_wishlist_link_id'] = $check_customer['customers_wishlist_link_id'];
$_SESSION['customer_id'] = $check_customer['customers_id'];
$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
if (ACCOUNT_GENDER == '1') {
$_SESSION['customer_gender'] = $check_customer['customers_gender'];
}
$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
$_SESSION['customer_lastname'] = $check_customer['customers_lastname'];
$_SESSION['customer_max_order'] = $check_customer['customers_max_order'];
$_SESSION['customer_country_id'] = $check_country['entry_country_id'];
$_SESSION['customer_zone_id'] = $check_country['entry_zone_id'];
if (ACCOUNT_VAT_ID == '1') {
$_SESSION['customers_vat_id_status'] = $check_customer['customers_vat_id_status'];
}
$_SESSION['member']->restore_group();
setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
setcookie('password', $check_customer['customers_password'], time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
$customers_infotable = $oostable['customers_info'];
$dbconn->Execute("UPDATE {$customers_infotable}\n SET customers_info_date_of_last_logon = '" . date("Y-m-d H:i:s", time()) . "',\n customers_info_number_of_logons = customers_info_number_of_logons+1\n WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'");
$_SESSION['cart']->restore_contents();
// restore cart contents
}
}
}
}
return true;
}
/**
* Sets the status of a special product
*
* @param $specials_id
* @param $status
*/
function oos_set_specials_status($nSpecialsId, $status)
{
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$specialstable = $oostable['specials'];
return $dbconn->Execute("UPDATE $specialstable
SET status = '" . oos_db_input($status) . "',
date_status_change = '" . date("Y-m-d H:i:s", time()) . "'
WHERE specials_id = '" . intval($nSpecialsId) . "'");
}
function oos_get_languages_id($iso_639_2)
{
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$languagestable = $oostable['languages'];
$languages_result = $dbconn->Execute("SELECT languages_id, iso_639_2 FROM {$languagestable} WHERE iso_639_2 = '" . oos_db_input($iso_639_2) . "'");
if (!$languages_result->RecordCount()) {
$LangID = $_SESSION['language_id'];
} else {
$LangID = $languages_result->fields['languages_id'];
}
return $LangID;
}
function query($order_id)
{
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$lable_query = "SELECT customers_name, customers_company, customers_street_address, customers_suburb,\n customers_city, customers_postcode, customers_state, customers_country,\n customers_telephone, customers_email_address, customers_address_format_id,\n delivery_name, delivery_company, delivery_street_address, delivery_suburb,\n delivery_city, delivery_postcode, delivery_state, delivery_country,\n delivery_address_format_id, billing_name, billing_company, billing_street_address,\n billing_suburb, billing_city, billing_postcode, billing_state, billing_country,\n billing_address_format_id, payment_method, cc_type, cc_owner, cc_number,\n cc_expires, currency, currency_value, date_purchased, orders_status, last_modified\n FROM " . $oostable['orders'] . " \n WHERE orders_id = '" . oos_db_input($order_id) . "'";
$lable_result =& $dbconn->Execute($lable_query);
$lable = $lable_result->fields;
$totals_query = "SELECT title, text \n FROM " . $oostable['orders_total'] . " \n WHERE orders_id = '" . oos_db_input($order_id) . "'\n ORDER BY sort_order";
$totals_result =& $dbconn->Execute($totals_query);
while ($totals = $totals_result->fields) {
$this->totals[] = array('title' => $totals['title'], 'text' => $totals['text']);
// Move that ADOdb pointer!
$totals_result->MoveNext();
}
$this->info = array('currency' => $lable['currency'], 'currency_value' => $lable['currency_value'], 'payment_method' => $lable['payment_method'], 'cc_type' => $lable['cc_type'], 'cc_owner' => $lable['cc_owner'], 'cc_number' => $lable['cc_number'], 'cc_expires' => $lable['cc_expires'], 'date_purchased' => $lable['date_purchased'], 'orders_status' => $lable['orders_status'], 'last_modified' => $lable['last_modified']);
$this->customer = array('name' => $lable['customers_name'], 'company' => $lable['customers_company'], 'street_address' => $lable['customers_street_address'], 'suburb' => $lable['customers_suburb'], 'city' => $lable['customers_city'], 'postcode' => $lable['customers_postcode'], 'state' => $lable['customers_state'], 'country' => $lable['customers_country'], 'format_id' => $lable['customers_address_format_id'], 'telephone' => $lable['customers_telephone'], 'email_address' => $lable['customers_email_address']);
$this->delivery = array('name' => $lable['delivery_name'], 'company' => $lable['delivery_company'], 'street_address' => $lable['delivery_street_address'], 'suburb' => $lable['delivery_suburb'], 'city' => $lable['delivery_city'], 'postcode' => $lable['delivery_postcode'], 'state' => $lable['delivery_state'], 'country' => $lable['delivery_country'], 'format_id' => $lable['delivery_address_format_id']);
$this->billing = array('name' => $lable['billing_name'], 'company' => $lable['billing_company'], 'street_address' => $lable['billing_street_address'], 'suburb' => $lable['billing_suburb'], 'city' => $lable['billing_city'], 'postcode' => $lable['billing_postcode'], 'state' => $lable['billing_state'], 'country' => $lable['billing_country'], 'format_id' => $lable['billing_address_format_id']);
$index = 0;
$lables_products_query = "SELECT o.orders_products_id, o.products_id, o.products_name, o.products_model,\n o.products_price, o.products_tax, o.products_quantity, o.final_price,\n p.products_id, p.products_weight\n FROM " . $oostable['orders_products'] . " o,\n " . $oostable['products'] . " p\n WHERE o.products_id = p.products_id &&\n o.orders_id = '" . oos_db_input($order_id) . "'";
$lables_products_result =& $dbconn->Execute($lables_products_query);
while ($lables_products = $lables_products_result->fields) {
$this->products[$index] = array('qty' => $lables_products['products_quantity'], 'name' => $lables_products['products_name'], 'model' => $lables_products['products_model'], 'tax' => $lables_products['products_tax'], 'price' => $lables_products['products_price'], 'weight' => $lables_products['products_weight'], 'final_price' => $lables_products['final_price']);
$subindex = 0;
$attributes_query = "SELECT products_options, products_options_values, options_values_price, price_prefix\n FROM " . $oostable['orders_products_attributes'] . "\n WHERE orders_id = '" . oos_db_input($order_id) . "'\n AND orders_products_id = '" . $orders_products['orders_products_id'] . "'";
$attributes_result =& $dbconn->Execute($attributes_query);
if ($attributes_result->RecordCount()) {
while ($attributes = $attributes_result->fields) {
$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']);
$subindex++;
// Move that ADOdb pointer!
$attributes_result->MoveNext();
}
}
$index++;
// Move that ADOdb pointer!
$lables_products_result->MoveNext();
}
}
$dbconn->Execute("DELETE FROM {$manufacturerstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'");
$manufacturers_infotable = $oostable['manufacturers_info'];
$dbconn->Execute("DELETE FROM {$manufacturers_infotable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'");
if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') {
$productstable = $oostable['products'];
$products_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'");
while ($products = $products_result->fields) {
oos_remove_product($products['products_id']);
// Move that ADOdb pointer!
$products_result->MoveNext();
}
// Close result set
$products_result->Close();
} else {
$productstable = $oostable['products'];
$dbconn->Execute("UPDATE {$productstable} SET manufacturers_id = '' WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'");
}
oos_redirect_admin(oos_href_link_admin($aFilename['manufacturers'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
$rate = $quote_function($currency['code']);
if (empty($rate) && oos_is_not_null(CURRENCY_SERVER_BACKUP)) {
$quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency';
$rate = $quote_function($currency['code']);
}
if (oos_is_not_null($rate)) {
$dbconn->Execute("UPDATE " . $oostable['currencies'] . " SET value = '" . $rate . "', last_updated = '" . date("Y-m-d H:i:s", time()) . "' WHERE currencies_id = '" . $currency['currencies_id'] . "'");
}
// Move that ADOdb pointer!
$currency_result->MoveNext();
}
oos_redirect_admin(oos_href_link_admin($aFilename['currencies'], 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'delete':
$currencies_id = oos_db_prepare_input($_GET['cID']);
$currency_result = $dbconn->Execute("SELECT code FROM " . $oostable['currencies'] . " WHERE currencies_id = '" . oos_db_input($currencies_id) . "'");
$currency = $currency_result->fields;
$remove_currency = true;
if ($currency['code'] == DEFAULT_CURRENCY) {
$remove_currency = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_CURRENCY, 'error');
}
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
}
$customerstable = $oostable['customers'];
$sql = "SELECT customers_firstname, customers_lastname, customers_id\n FROM {$customerstable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'";
$check_customer_result = $dbconn->Execute($sql);
if ($check_customer_result->RecordCount()) {
$check_customer = $check_customer_result->fields;
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_newsletter = '0'\n WHERE customers_id = '" . $check_customer['customers_id'] . "'");
MyOOS_CoreApi::redirect(oos_href_link($aPages['newsletters_unsubscribe_success']));
} else {
$maillisttable = $oostable['maillist'];
$sql = "SELECT customers_firstname\n FROM {$maillisttable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'";
$check_mail_customer_result = $dbconn->Execute($sql);
if ($check_mail_customer_result->RecordCount()) {
$maillisttable = $oostable['maillist'];
$dbconn->Execute("UPDATE {$maillisttable}\n SET customers_newsletter = '0'\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'");
MyOOS_CoreApi::redirect(oos_href_link($aPages['newsletters_unsubscribe_success']));
}
}
MyOOS_CoreApi::redirect(oos_href_link($aPages['subscription_center'], 'email=nonexistent', 'SSL'));
} else {
$oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aPages['newsletters']), bookmark);
$aOption['template_main'] = $sTheme . '/modules/subscription_center.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$aOption['breadcrumb'] = 'default/system/breadcrumb.html';
$nPageType = OOS_PAGE_TYPE_SERVICE;
require 'includes/oos_system.php';
if (!isset($option)) {
require 'includes/info_message.php';
require 'includes/oos_blocks.php';
}
</td>
<td class="dataTableHeadingContent" align="center"><?php
echo COUPON_CODE;
?>
</td>
<td class="dataTableHeadingContent" align="right"><?php
echo TABLE_HEADING_ACTION;
?>
</td>
</tr>
<?php
if (isset($_GET['page']) && $_GET['page'] > 1) {
$rows = $_GET['page'] * 20 - 20;
}
if ($status != '*') {
$cc_result_raw = "SELECT\n coupon_id, coupon_code, coupon_amount, coupon_type, coupon_start_date,\n coupon_expire_date, uses_per_user, uses_per_coupon, restrict_to_products,\n restrict_to_categories, date_created,date_modified\n FROM\n " . $oostable['coupons'] . "\n WHERE\n coupon_active='" . oos_db_input($status) . "' AND\n coupon_type != 'G'";
} else {
$cc_result_raw = "SELECT\n coupon_id, coupon_code, coupon_amount, coupon_type, coupon_start_date,\n coupon_expire_date, uses_per_user, uses_per_coupon, restrict_to_products,\n restrict_to_categories, date_created,date_modified\n FROM\n " . $oostable['coupons'] . "\n WHERE\n coupon_type != 'G'";
}
$cc_split = new splitPageResults($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $cc_result_raw, $cc_result_numrows);
$cc_result = $dbconn->Execute($cc_result_raw);
while ($cc_list = $cc_result->fields) {
$rows++;
if (strlen($rows) < 2) {
$rows = '0' . $rows;
}
if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $cc_list['coupon_id']) && !isset($cInfo)) {
$cInfo = new objectInfo($cc_list);
}
if (isset($cInfo) && is_object($cInfo) && $cc_list['coupon_id'] == $cInfo->coupon_id) {
echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . oos_href_link_admin($aFilename['coupon_admin'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->coupon_id . '&action=edit') . '\'">' . "\n";
MyOOS_CoreApi::redirect(oos_href_link($goto_file, oos_get_all_get_parameters($parameters)));
break;
case 'cust_wishlist_add_product':
if (isset($_SESSION['customer_id']) && isset($_POST['products_id'])) {
if (isset($_POST['cart_quantity']) && is_numeric($_POST['cart_quantity'])) {
$cart_qty = $_SESSION['cart']->get_quantity(oos_get_uprid($_POST['products_id'], $_POST['id']));
$news_qty = $cart_qty + $cart_quantity;
$products_order_min = oos_get_products_quantity_order_min($_POST['products_id']);
$products_order_units = oos_get_products_quantity_order_units($_POST['products_id']);
$customers_wishlisttable = $oostable['customers_wishlist'];
$customers_wishlist_attributestable = $oostable['customers_wishlist_attributes'];
if ($cart_quantity >= $products_order_min or $cart_qty >= $products_order_min) {
if ($cart_quantity % $products_order_units == 0 and $news_qty >= $products_order_min) {
$_SESSION['cart']->add_cart($_POST['products_id'], intval($news_qty), $_POST['id']);
$dbconn->Execute("DELETE FROM {$customers_wishlisttable} WHERE customers_id = '" . intval($_SESSION['customer_id']) . "' AND products_id = '" . oos_db_input($wl_products_id) . "'");
$dbconn->Execute("DELETE FROM {$customers_wishlist_attributestable} WHERE customers_id = '" . intval($_SESSION['customer_id']) . "' AND products_id = '" . oos_db_input($wl_products_id) . "'");
} else {
$_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_units_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_unit_text_info'] . ' ' . $products_order_units;
}
} else {
$_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_quantity_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_min_text_info'] . ' ' . $products_order_min;
}
}
if ($_SESSION['error_cart_msg'] == '') {
MyOOS_CoreApi::redirect(oos_href_link($goto_file, oos_get_all_get_parameters($parameters), 'NONSSL'));
} else {
MyOOS_CoreApi::redirect(oos_href_link($aPages['product_info'], 'products_id=' . $_POST['products_id']));
}
}
break;
case 'frend_wishlist_add_product':
function oos_remove_product($product_id) {
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$productstable = $oostable['products'];
$product_image_query = "SELECT products_image
FROM $productstable
WHERE products_id = '" . oos_db_input($product_id) . "'";
$product_image_result =& $dbconn->Execute($product_image_query);
$product_image = $product_image_result->fields;
// Close result set
$product_image_result->Close();
$productstable = $oostable['products'];
$duplicate_query = "SELECT COUNT(*) AS total
FROM $productstable
WHERE products_image = '" . oos_db_input($product_image['products_image']) . "'";
$duplicate_result =& $dbconn->Execute($duplicate_query);
if ($duplicate_result->fields['total'] < 2) {
if (file_exists(OOS_ABSOLUTE_PATH . OOS_IMAGES . $product_image['products_image'])) {
@unlink(OOS_ABSOLUTE_PATH . OOS_IMAGES . $product_image['products_image']);
}
if (file_exists(OOS_ABSOLUTE_PATH . OOS_IMAGES . OOS_POPUP_IMAGES . $product_image['products_image'])) {
@unlink(OOS_ABSOLUTE_PATH . OOS_IMAGES . OOS_POPUP_IMAGES . $product_image['products_image']);
}
}
// Close result set
$duplicate_result->Close();
$dbconn->Execute("DELETE FROM " . $oostable['specials'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['products'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['products_to_categories'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['products_description'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['products_attributes'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_basket'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_basket_attributes'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist_attributes'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['products_to_master'] . " WHERE master_id = '" . oos_db_input($product_id) . "' OR slave_id = '" . oos_db_input($product_id) . "'");
$reviewstable = $oostable['reviews'];
$reviews_query = "SELECT reviews_id
FROM $reviewstable
WHERE products_id = '" . oos_db_input($product_id) . "'";
$reviews_result =& $dbconn->Execute($reviews_query);
while ($product_reviews = $reviews_result->fields) {
$dbconn->Execute("DELETE FROM " . $oostable['reviews_description'] . " WHERE reviews_id = '" . $product_reviews['reviews_id'] . "'");
// Move that ADOdb pointer!
$reviews_result->MoveNext();
}
// Close result set
$reviews_result->Close();
$dbconn->Execute("DELETE FROM " . $oostable['reviews'] . " WHERE products_id = '" . oos_db_input($product_id) . "'");
}
$products_attributestable pa
WHERE pa.products_id = '" . intval($products_id) . "'
AND pa.options_id = popt.products_options_id
AND pa.options_id = '" . oos_db_input($option) . "'
AND popt.products_options_languages_id = '" . intval($nLanguageID) . "'";
} else {
$sql = "SELECT popt.products_options_name,
poval.products_options_values_name,
pa.options_values_price, pa.price_prefix
FROM $products_optionstable popt,
$products_options_valuestable poval,
$products_attributestable pa
WHERE pa.products_id = '" . intval($products_id) . "'
AND pa.options_id = '" . oos_db_input($option) . "'
AND pa.options_id = popt.products_options_id
AND pa.options_values_id = '" . oos_db_input($value) . "'
AND pa.options_values_id = poval.products_options_values_id
AND popt.products_options_languages_id = '" . intval($nLanguageID) . "'
AND poval.products_options_values_languages_id = '" . intval($nLanguageID) . "'";
}
$attributes_values = $dbconn->GetRow($sql);
if ($value == PRODUCTS_OPTIONS_VALUE_TEXT_ID) {
$hidden_field .= oos_draw_hidden_field('id[' . $products[$i]['id'] . '][' . TEXT_PREFIX . $option . ']',$products[$i]['attributes_values'][$option]);
$attr_value = $products[$i]['attributes_values'][$option];
} else {
$hidden_field .= oos_draw_hidden_field('id[' . $products[$i]['id'] . '][' . $option . ']', $value);
$attr_value = $attributes_values['products_options_values_name'];
}
/**
* Checks to see if the currency code exists as a currency
*/
function oos_currency_exits($code)
{
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$currenciestable = $oostable['currencies'];
$query = "SELECT currencies_id
FROM $currenciestable
WHERE code = '" . oos_db_input($code) . "'";
$result =& $dbconn->Execute($query);
if ($result->RecordCount() > 0) {
return $code;
} else {
return false;
}
}
if ($wishlist_special_price = oos_get_products_special_price($wl_products_id)) {
$wishlist_product_special_price = $oCurrencies->display_price($wishlist_special_price, oos_get_tax_rate($wishlist_product['products_tax_class_id']));
} else {
$wishlist_product_discount = min($wishlist_product['products_discount_allowed'], $_SESSION['member']->group['discount']);
if ($wishlist_product_discount != 0) {
$wishlist_special_price = $wishlist_product['products_price'] * (100 - $wishlist_product_discount) / 100;
$wishlist_product_discount_price = $oCurrencies->display_price($wishlist_special_price, oos_get_tax_rate($wishlist_product['products_tax_class_id']));
}
}
if ($wishlist_product['products_base_price'] != 1) {
$wishlist_base_product_price = $oCurrencies->display_price($wishlist_product['products_price'] * $wishlist_product['products_base_price'], oos_get_tax_rate($wishlist_product['products_tax_class_id']));
if ($wishlist_special_price != '') {
$wishlist_base_product_special_price = $oCurrencies->display_price($wishlist_special_price * $wishlist_product['products_base_price'], oos_get_tax_rate($wishlist_product['products_tax_class_id']));
}
}
$sql = "SELECT products_options_id, products_options_value_id\n FROM " . $oostable['customers_wishlist_attributes'] . "\n WHERE customers_wishlist_link_id = '" . oos_db_input($wlid) . "'\n AND products_id = '" . $wishlist['products_id'] . "'";
$attributes_result = $dbconn->Execute($sql);
$attributes_print = '';
while ($attributes = $attributes_result->fields) {
$attributes_print .= oos_draw_hidden_field('id[' . $attributes['products_options_id'] . ']', $attributes['products_options_value_id']);
$attributes_print .= ' <tr>';
$sql = "SELECT popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price, pa.price_prefix\n FROM " . $oostable['products_options'] . " popt,\n " . $oostable['products_options_values'] . " poval,\n " . $oostable['products_attributes'] . " pa\n WHERE pa.products_id = '" . intval($wl_products_id) . "'\n AND pa.options_id = '" . $attributes['products_options_id'] . "'\n AND pa.options_id = popt.products_options_id\n AND pa.options_values_id = '" . $attributes['products_options_value_id'] . "'\n AND pa.options_values_id = poval.products_options_values_id\n AND popt.products_options_languages_id = '" . intval($nLanguageID) . "'\n AND poval.products_options_values_languages_id = '" . intval($nLanguageID) . "'";
$option = $dbconn->Execute($sql);
$option_values = $option->fields;
$attributes_print .= '<td><br /><small><i> - ' . $option_values['products_options_name'] . ' ' . $option_values['products_options_values_name'] . '</i></small></td>';
if ($option_values['options_values_price'] != 0) {
$attributes_print .= '<td align="right"><small><i>' . $option_values['price_prefix'] . $oCurrencies->display_price($option_values['options_values_price'], oos_get_tax_rate($wishlist_product['products_tax_class_id'])) . '</i></small></td>';
} else {
$attributes_print .= '<td><small><i> </i></small></td>';
}
$attributes_print .= ' </tr>';
echo HEADING_TITLE;
?>
</td>
<td class="pageHeading" align="right"><?php
echo oos_draw_separator('trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT);
?>
</td>
</tr>
</table></td>
</tr>
<?php
if ($action == 'edit') {
$rID = oos_db_prepare_input($_GET['rID']);
$reviewstable = $oostable['reviews'];
$reviews_descriptiontable = $oostable['reviews_description'];
$reviews_result = $dbconn->Execute("SELECT r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, rd.reviews_text, r.reviews_rating FROM {$reviewstable} r, {$reviews_descriptiontable} rd WHERE r.reviews_id = '" . oos_db_input($rID) . "' AND r.reviews_id = rd.reviews_id");
$reviews = $reviews_result->fields;
$productstable = $oostable['products'];
$products_result = $dbconn->Execute("SELECT products_image FROM {$productstable} WHERE products_id = '" . $reviews['products_id'] . "'");
$products = $products_result->fields;
$products_descriptiontable = $oostable['products_description'];
$products_name_result = $dbconn->Execute("SELECT products_name FROM {$products_descriptiontable} WHERE products_id = '" . $reviews['products_id'] . "' AND products_languages_id = '" . intval($_SESSION['language_id']) . "'");
$products_name = $products_name_result->fields;
$rInfo_array = array_merge($reviews, $products, $products_name);
$rInfo = new objectInfo($rInfo_array);
?>
<tr><?php
echo oos_draw_form('review', $aFilename['reviews'], 'page=' . $_GET['page'] . '&rID=' . $_GET['rID'] . '&action=preview');
?>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
}
oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page'] . '&oID=' . $ticket_reply_id));
break;
case 'deleteconfirm':
$oID = oos_db_prepare_input($_GET['oID']);
$configurationtable = $oostable['configuration'];
$ticket_reply_result = $dbconn->Execute("SELECT configuration_value FROM $configurationtable WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'");
$ticket_reply = $ticket_reply_result->fields;
if ($ticket_reply['configuration_value'] == $oID) {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'");
}
$dbconn->Execute("DELETE FROM " . $oostable['ticket_reply'] . " WHERE ticket_reply_id = '" . oos_db_input($oID) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<?php require 'includes/oos_blocks.php'; ?>
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
$review = oos_prepare_input($_POST['review']);
if ($valid_product == true) {
// We got to the process but it is an illegal product, don't write
$customersstable = $oostable['customers'];
$sql = "SELECT customers_firstname, customers_lastname\n FROM {$customersstable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'";
$customer = $dbconn->Execute($sql);
$customer_values = $customer->fields;
$firstname = $customer_values['customers_firstname'];
$lastname = ltrim($customer_values['customers_lastname']);
$lastname = substr($lastname, 0, 1);
$customers_name = $firstname . ' ' . $lastname . '. ';
$reviewstable = $oostable['reviews'];
$dbconn->Execute("INSERT INTO {$reviewstable}\n (products_id,\n customers_id,\n customers_name,\n reviews_rating,\n date_added) VALUES ('" . intval($nProductsId) . "',\n '" . intval($_SESSION['customer_id']) . "',\n '" . oos_db_input($customers_name) . "',\n '" . oos_db_input($rating) . "',\n '" . date("Y-m-d H:i:s", time()) . "')");
$insert_id = $dbconn->Insert_ID();
$reviews_descriptiontable = $oostable['reviews_description'];
$dbconn->Execute("INSERT INTO {$reviews_descriptiontable}\n (reviews_id,\n reviews_languages_id,\n reviews_text) VALUES ('" . intval($insert_id) . "',\n '" . intval($nLanguageID) . "',\n '" . oos_db_input($review) . "')");
$email_subject = 'Review: ' . $product_info['products_name'];
$email_text = "\n";
$email_text .= "Firstname: " . $customer_values['customers_firstname'] . "\n";
$email_text .= "Lastname: " . $customer_values['customers_lastname'] . "\n";
$email_text .= "\n";
$email_text .= "Text: " . $review . "\n";
oos_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $email_subject, nl2br($email_text), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');
// clear cache
require 'includes/classes/class_template.php';
$oSmarty =& new Template();
$sLocaleDir = $oSmarty->template_dir;
$aSkins = array();
if (is_dir($sLocaleDir)) {
if ($dh = opendir($sLocaleDir)) {
while (($file = readdir($dh)) !== false) {
$configurationtable = $oostable['configuration'];
$dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . oos_db_input($products_status_id) . "' WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'");
}
oos_redirect_admin_admin(oos_href_link_admin($aFilename['products_status'], 'page=' . $_GET['page'] . '&psID=' . $products_status_id));
break;
case 'deleteconfirm':
$psID = oos_db_prepare_input($_GET['psID']);
/*
$products_status_result = $dbconn->Execute("SELECT configuration_value FROM " . $oostable['configuration'] . " WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'");
$products_status = $products_status_result->fields;
if ($products_status['configuration_value'] == $psID) {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'");
}
*/
$products_statustable = $oostable['products_status'];
$dbconn->Execute("DELETE FROM {$products_statustable} WHERE products_status_id = '" . oos_db_input($psID) . "'");
oos_redirect_admin_admin(oos_href_link_admin($aFilename['products_status'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
?>
$dbconn->Execute("DELETE FROM " . $oostable['customers_status'] . " WHERE customers_status_id = '" . oos_db_input($cID) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['customers_status'], 'page=' . $_GET['page']));
break;
case 'delete':
$cID = oos_db_prepare_input($_GET['cID']);
$status_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers'] . " WHERE customers_status = '" . oos_db_input($cID) . "'");
$status = $status_result->fields;
$remove_status = true;
if ($cID == DEFAULT_CUSTOMERS_STATUS_ID || $cID == DEFAULT_CUSTOMERS_STATUS_ID_GUEST || $cID == DEFAULT_CUSTOMERS_STATUS_ID_NEWSLETTER) {
$remove_status = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_CUSTOMERS_STATUS, 'error');
} elseif ($status['count'] > 0) {
$remove_status = false;
$messageStack->add(ERROR_STATUS_USED_IN_CUSTOMERS, 'error');
} else {
$history_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers_status_history'] . " WHERE '" . oos_db_input($cID) . "' in (new_value, old_value)");
$history = $history_result->fields;
if ($history['count'] > 0) {
$remove_status = false;
$messageStack->add(ERROR_STATUS_USED_IN_HISTORY, 'error');
}
}
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
if ($customers_tickets_numrows > 0) {
$customers_tickets_result = $dbconn->Execute($customers_tickets_raw);
$customers_tickets_array = array();
while ($customers_tickets = $customers_tickets_result->fields) {
$customers_tickets_array[] = array('ticket_link_id' => $customers_tickets['ticket_link_id'], 'ticket_subject' => $customers_tickets['ticket_subject'], 'ticket_status_id' => $customers_tickets['ticket_status_id'], 'ticket_department_id' => $customers_tickets['ticket_department_id'], 'ticket_priority_id' => $customers_tickets['ticket_priority_id'], 'ticket_date_created' => $customers_tickets['ticket_date_created'], 'ticket_date_last_modified' => $customers_tickets['ticket_date_last_modified']);
$customers_tickets_result->MoveNext();
}
}
}
if (isset($tlid)) {
$ticket_tickettable = $oostable['ticket_ticket'];
$sql = "SELECT ticket_id, ticket_link_id, ticket_customers_id, ticket_customers_orders_id,\n ticket_customers_email, ticket_customers_name, ticket_subject, ticket_status_id,\n ticket_department_id, ticket_priority_id, ticket_date_created, ticket_date_last_modified,\n ticket_date_last_customer_modified, ticket_login_required\n FROM {$ticket_tickettable}\n WHERE ticket_link_id= '" . oos_db_input($tlid) . "'";
$ticket_result = $dbconn->Execute($sql);
$ticket = $ticket_result->fields;
$ticket_status_historytable = $oostable['ticket_status_history'];
$sql = "SELECT ticket_status_history_id, ticket_id, ticket_status_id, ticket_priority_id, ticket_department_id,\n ticket_date_modified, ticket_customer_notified, ticket_comments, ticket_edited_by\n FROM {$ticket_status_historytable}\n WHERE ticket_id = '" . oos_db_input($ticket['ticket_id']) . "'";
$ticket_status_result = $dbconn->Execute($sql);
$statuses_array = array();
while ($ticket_status = $ticket_status_result->fields) {
$statuses_array[] = array('ticket_edited_by' => $ticket_status['ticket_edited_by'], 'ticket_date_modified' => $ticket_status['ticket_date_modified'], 'ticket_status_id' => $ticket_status['ticket_status_id'], 'ticket_department_id' => $ticket_status['ticket_department_id'], 'ticket_priority_id' => $ticket_status['ticket_priority_id'], 'ticket_status_id' => $ticket_status['ticket_status_id'], 'ticket_department_id' => $ticket_status['ticket_department_id'], 'ticket_priority_id' => $ticket_status['ticket_priority_id'], 'ticket_comments' => $ticket_status['ticket_comments']);
$ticket_status_result->MoveNext();
}
}
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aPages['ticket_create']), bookmark);
$aOption['template_main'] = $sTheme . '/modules/ticket_view.html';
$aOption['page_heading'] = $sTheme . '/heading/page_heading.html';
$aOption['breadcrumb'] = 'default/system/breadcrumb.html';
$nPageType = OOS_PAGE_TYPE_SERVICE;
require 'includes/oos_system.php';
if (!isset($option)) {
$contents = array('form' => oos_draw_form('customers', $aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id . '&action=deleteconfirm'));
$contents[] = array('text' => TEXT_DELETE_INTRO . '<br /><br /><b>' . $cInfo->customers_firstname . ' ' . $cInfo->customers_lastname . '</b>');
if ($cInfo->number_of_reviews > 0) $contents[] = array('text' => '<br />' . oos_draw_checkbox_field('delete_reviews', 'on', true) . ' ' . sprintf(TEXT_DELETE_REVIEWS, $cInfo->number_of_reviews));
$contents[] = array('align' => 'center', 'text' => '<br />' . oos_image_swap_submits('delete', 'delete_off.gif', IMAGE_DELETE) . ' <a href="' . oos_href_link_admin($aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id) . '">' . oos_image_swap_button('cancel', 'cancel_off.gif', IMAGE_CANCEL) . '</a>');
break;
case 'editstatus':
$heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_STATUS_CUSTOMER . '</b>');
$contents = array('form' => oos_draw_form('customers', $aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id . '&action=statusconfirm'));
$contents[] = array('text' => '<br />' . oos_draw_pull_down_menu('pdm_status', array_merge(array(array('id' => '0', 'text' => PULL_DOWN_DEFAULT)), $customers_statuses_array), $cInfo->customers_status) );
$contents[] = array('text' => '<table border="0" cellspacing="0" cellpadding="5"><tr><td class="smallText" align="center">' . TABLE_HEADING_NEW_VALUE .' </td><td class="smallText" align="center">' . TABLE_HEADING_DATE_ADDED . '</td></tr>');
$customers_status_historytable = $oostable['customers_status_history'];
$customers_history_sql = "SELECT new_value, old_value, date_added, customer_notified
FROM $customers_status_historytable
WHERE customers_id = '" . oos_db_input($cID) . "'
ORDER BY customers_status_history_id DESC";
$customers_history_result = $dbconn->Execute($customers_history_sql);
if ($customers_history_result->RecordCount()) {
while ($customers_history = $customers_history_result->fields) {
$contents[] = array('text' => '<tr>' . "\n" . '<td class="smallText">' . $customers_statuses_array[$customers_history['new_value']]['text'] . '</td>' . "\n" .'<td class="smallText" align="center">' . oos_datetime_short($customers_history['date_added']) . '</td>' . "\n" .'<td class="smallText" align="center">');
$contents[] = array('text' => '</tr>' . "\n");
// Move that ADOdb pointer!
$customers_history_result->MoveNext();
}
} else {
$contents[] = array('text' => '<tr>' . "\n" . ' <td class="smallText" colspan="2">' . TEXT_NO_CUSTOMER_HISTORY . '</td>' . "\n" . ' </tr>' . "\n");
}
$contents[] = array('text' => '</table>');
$contents[] = array('align' => 'center', 'text' => '<br />' . oos_image_swap_submits('update', 'update_off.gif', IMAGE_UPDATE) . ' <a href="' . oos_href_link_admin($aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id) . '">' . oos_image_swap_button('cancel', 'cancel_off.gif', IMAGE_CANCEL) . '</a>');
include 'includes/languages/' . $_SESSION['language'] . '/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.'));
include 'includes/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.'));
$module_name = $nInfo->module;
$module = new $module_name($nInfo->title, $nInfo->content);
?>
<tr>
<td><?php
echo $module->confirm();
?>
</td>
</tr>
<?php
} elseif ($action == 'confirm_send') {
$nID = oos_db_prepare_input($_GET['nID']);
$newsletterstable = $oostable['newsletters'];
$newsletter_result = $dbconn->Execute("SELECT newsletters_id, title, content, module FROM {$newsletterstable} WHERE newsletters_id = '" . oos_db_input($nID) . "'");
$newsletter = $newsletter_result->fields;
$nInfo = new objectInfo($newsletter);
include 'includes/languages/' . $_SESSION['language'] . '/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.'));
include 'includes/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.'));
$module_name = $nInfo->module;
$module = new $module_name($nInfo->title, $nInfo->content);
?>
<tr>
<td><table border="0" cellspacing="0" cellpadding="2">
<tr>
<td class="main" valign="middle"><?php
echo oos_image(OOS_IMAGES . 'ani_send_email.gif', IMAGE_ANI_SEND_EMAIL);
?>
</td>
<td class="main" valign="middle"><b><?php
case 'delete':
$oID = oos_db_prepare_input($_GET['oID']);
$ticket_tickettable = $oostable['ticket_ticket'];
$priority_result = $dbconn->Execute("SELECT count(*) as count FROM $ticket_tickettable WHERE ticket_priority_id = '" . oos_db_input($oID) . "'");
$priority = $priority_result->fields;
$remove_priority = true;
if ($oID == TICKET_DEFAULT_PRIORITY_ID) {
$remove_priority = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_TEXT_PRIORITY, 'error');
} elseif ($priority['count'] > 0) {
$remove_priority = false;
$messageStack->add(ERROR_PRIORITY_USED_IN_TICKET, 'error');
} else {
$ticket_status_historytable = $oostable['ticket_status_history'];
$history_result = $dbconn->Execute("SELECT count(*) as count FROM $ticket_status_historytable WHERE ticket_priority_id = '" . oos_db_input($oID) . "'");
$history = $history_result->fields;
if ($history['count'] > 0) {
$remove_priority = false;
$messageStack->add(ERROR_PRIORITY_USED_IN_HISTORY, 'error');
}
}
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
if ($action == 'send_email_to_user' && ($_POST['customers_email_address'] || $_POST['email_to']) && !$_POST['back_x']) {
switch ($_POST['customers_email_address']) {
case '***':
$customerstable = $oostable['customers'];
$mail_result = $dbconn->Execute("SELECT customers_firstname, customers_lastname, customers_email_address FROM {$customerstable}");
$mail_sent_to = TEXT_ALL_CUSTOMERS;
break;
case '**D':
$customerstable = $oostable['customers'];
$mail_result = $dbconn->Execute("SELECT customers_firstname, customers_lastname, customers_email_address FROM {$customerstable} WHERE customers_newsletter = '1'");
$mail_sent_to = TEXT_NEWSLETTER_CUSTOMERS;
break;
default:
$customers_email_address = oos_db_prepare_input($_POST['customers_email_address']);
$customerstable = $oostable['customers'];
$mail_result = $dbconn->Execute("SELECT customers_firstname, customers_lastname, customers_email_address FROM {$customerstable} WHERE customers_email_address = '" . oos_db_input($customers_email_address) . "'");
$mail_sent_to = $_POST['customers_email_address'];
if (isset($_POST['email_to']) && !empty($_POST['email_to'])) {
$mail_sent_to = $_POST['email_to'];
}
break;
}
if ($action == 'send_email_to_user' && $_POST['customers_email_address'] && !$_POST['back_x']) {
while ($mail = $mail_result->fields) {
$id1 = oos_create_coupon_code($mail['customers_email_address']);
$message = $_POST['message'];
$message .= "\n\n" . TEXT_GV_WORTH . $currencies->format($_POST['amount']) . "\n\n";
$message .= TEXT_TO_REDEEM;
$message .= TEXT_WHICH_IS . $id1 . TEXT_IN_CASE . "\n\n";
$message .= OOS_HTTP_SERVER . OOS_SHOP . 'index.php?page=' . $aCatalogPage['gv_redeem'] . '&gv_no=' . $id1 . "\n\n";
$message .= TEXT_OR_VISIT . OOS_HTTP_SERVER . OOS_SHOP . TEXT_ENTER_CODE;
if (isset($_POST['verif_key'])) {
$verif_key = oos_prepare_input($_POST['verif_key']);
}
require 'includes/modules/key_generate.php';
if ( empty( $verif_key ) || !is_string( $verif_key ) ) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
}
$sLanguage = oos_var_prep_for_os($_SESSION['language']);
require 'includes/languages/' . $sLanguage . '.php';
require 'includes/languages/' . $sLanguage . '/admin_create_account.php';
$manual_infotable = $oostable['manual_info'];
$login_result = $dbconn->Execute("SELECT man_key2, man_key3, status FROM $manual_infotable WHERE man_key = '" . oos_db_input($verif_key) . "' AND status = 1 ");
if (!$login_result->RecordCount()) {
$manual_infotable = $oostable['manual_info'];
$dbconn->Execute("UPDATE $manual_infotable SET man_key = '', man_key2 = '' WHERE man_info_id = '1' ");
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
}
if (!isset($_GET['action']) && ($_GET['action'] != 'login_admin')) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
} else {
$login_result_values = $login_result->fields;
if (($login_result_values['man_key2'] = $newkey2) && ($login_result_values['status'] !=0)) {
// links breadcrumb
File: redirect.php,v 1.9 2003/02/13 04:23:23 hpdl
----------------------------------------------------------------------
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
/** ensure this file is being included by a parent file */
defined('OOS_VALID_MOD') or die('Direct Access to this location is not allowed.');
switch ($_GET['action']) {
case 'banner':
$bannerstable = $oostable['banners'];
$sql = "SELECT banners_url\n FROM {$bannerstable}\n WHERE banners_id = '" . oos_db_input($_GET['goto']) . "'";
$banner_result = $dbconn->Execute($sql);
if ($banner_result->RecordCount()) {
$banner = $banner_result->fields;
oos_update_banner_click_count($_GET['goto']);
oos_redirect($banner['banners_url']);
} else {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
}
break;
case 'url':
if (isset($_GET['goto'])) {
oos_redirect('http://' . $_GET['goto']);
} else {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
}
}
}
if ($cats == '') {
$cats = '<br />NONE';
}
$text_coupon_help .= $cats;
$text_coupon_help .= '<br /><br />' . $aLang['text_coupon_help_products'];
$couponstable = $oostable['coupons'];
$sql = "SELECT restrict_to_products\n FROM {$couponstable}\n WHERE coupon_id='" . intval($nCouponID) . "'";
$coupon_get = $dbconn->Execute($sql);
$get_result = $coupon_get->fields;
$pr_ids = preg_split("/[,]/", $get_result['restrict_to_products']);
for ($i = 0; $i < count($pr_ids); $i++) {
$productstable = $oostable['products'];
$products_descriptiontable = $oostable['products_description'];
$sql = "SELECT p.products_id, p.products_status, pd.products_name\n FROM {$productstable} p,\n {$products_descriptiontable} pd\n WHERE p.products_status >= '1'\n AND p.products_id = '" . oos_db_input($pr_ids[$i]) . "'\n AND pd.products_id = p.products_id\n AND pd.products_languages_id = '" . intval($nLanguageID) . "'";
$result = $dbconn->Execute($sql);
if ($row = $result->fields) {
$prods .= '<br />' . $row["products_name"];
}
}
if ($prods == '') {
$prods = '<br />NONE';
}
$text_coupon_help .= $prods;
} else {
$nCouponID = 0;
}
$aOption['popup_help'] = $sTheme . '/system/popup_help.html';
//smarty
require 'includes/classes/class_template.php';
/**
* Remove News
*
* @param $news_id
*/
function oos_remove_news($news_id)
{
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$news_image_query = "SELECT news_image\n FROM " . $oostable['news'] . "\n WHERE news_id = '" . oos_db_input($news_id) . "'";
$news_image_result =& $dbconn->Execute($news_image_query);
$news_image = $news_image_result->fields;
// Close result set
$news_image_result->Close();
$duplicate_query = "SELECT COUNT(*) AS total\n FROM " . $oostable['news'] . "\n WHERE news_image = '" . oos_db_input($news_image['news_image']) . "'";
$duplicate_result =& $dbconn->Execute($duplicate_query);
// Close result set
$duplicate_result->Close();
if ($duplicate_result->fields['total'] < 2) {
if (file_exists(OOS_ABSOLUTE_PATH . OOS_IMAGES . $news_image['news_image'])) {
@unlink(OOS_ABSOLUTE_PATH . OOS_IMAGES . $news_image['news_image']);
}
}
$dbconn->Execute("DELETE FROM " . $oostable['news'] . " WHERE news_id = '" . oos_db_input($news_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['news_to_categories'] . " WHERE news_id = '" . oos_db_input($news_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['news_description'] . " WHERE news_id = '" . oos_db_input($news_id) . "'");
$news_reviews_query = "SELECT news_reviews_id\n FROM " . $oostable['news_reviews'] . "\n WHERE news_id = '" . oos_db_input($news_id) . "'";
$news_reviews_result =& $dbconn->Execute($news_reviews_query);
while ($news_reviews = $news_reviews_result->fields) {
$dbconn->Execute("DELETE FROM " . $oostable['news_reviews_description'] . " WHERE news_reviews_id = '" . $news_reviews['news_reviews_id'] . "'");
// Move that ADOdb pointer!
$news_reviews_result->MoveNext();
}
// Close result set
$news_reviews_result->Close();
$dbconn->Execute("DELETE FROM " . $oostable['news_reviews'] . " WHERE news_id = '" . oos_db_input($news_id) . "'");
}
$dbconn->Execute("INSERT INTO {$products_to_categoriestable} (products_id, categories_id) values ('" . $products_id . "', '" . $current_category_id . "')");
}
}
if (oos_empty($_GET['categories'])) {
$categories = $current_category_id;
}
$languages = oos_get_languages();
for ($i = 0, $n = count($languages); $i < $n; $i++) {
$lang_id = $languages[$i]['id'];
$sql_data_array = array('products_name' => oos_db_prepare_input($_POST['products_name'][$lang_id]), 'products_description' => oos_db_prepare_input($_POST['products_description_' . $languages[$i]['id']]), 'products_description_meta' => oos_db_prepare_input($_POST['products_description_meta_' . $languages[$i]['id']]), 'products_keywords_meta' => oos_db_prepare_input($_POST['products_keywords_meta_' . $languages[$i]['id']]), 'products_url' => oos_db_prepare_input($_POST['products_url'][$lang_id]));
if ($action == 'insert_product') {
$insert_sql_data = array('products_id' => $products_id, 'products_languages_id' => $lang_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
oos_db_perform($oostable['products_description'], $sql_data_array);
} elseif ($action == 'update_product') {
oos_db_perform($oostable['products_description'], $sql_data_array, 'update', 'products_id = \'' . oos_db_input($products_id) . '\' and products_languages_id = \'' . $lang_id . '\'');
}
}
oos_redirect_admin(oos_href_link_admin($aFilename['categories'], 'categories=' . $categories . '&pID=' . $products_id));
}
break;
}
}
// check if the catalog image directory exists
if (is_dir(OOS_ABSOLUTE_PATH . OOS_IMAGES)) {
if (!is_writeable(OOS_ABSOLUTE_PATH . OOS_IMAGES)) {
$messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_DOES_NOT_EXIST, 'error');
}
