function create_plugin_instance() { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); if (isset($_SESSION['customer_id'])) { $wo_customer_id = $_SESSION['customer_id']; $wo_full_name = addslashes($_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_lastname']); } else { $wo_customer_id = ''; $wo_full_name = 'Guest'; } $wo_session_id = oos_session_id(); $wo_ip_address = $_SESSION['session_ip_address']; $wo_last_page_url = addslashes(oos_server_get_var('REQUEST_URI')); $current_time = time(); $xx_mins_ago = $current_time - 900; // remove entries that have expired $whos_onlinetable = $oostable['whos_online']; $dbconn->Execute("DELETE FROM {$whos_onlinetable}\n WHERE time_last_click < '" . oos_db_input($xx_mins_ago) . "'"); $whos_onlinetable = $oostable['whos_online']; $query = "SELECT COUNT(*) AS total\n FROM {$whos_onlinetable}\n WHERE session_id = '" . oos_db_input($wo_session_id) . "'"; $stored_customer = $dbconn->Execute($query); if ($stored_customer->fields['total'] > 0) { $whos_onlinetable = $oostable['whos_online']; $query = "UPDATE {$whos_onlinetable}" . " SET customer_id = ?, full_name = ?, ip_address = ?, time_last_click = ?, last_page_url = ?" . " WHERE session_id = ?"; $result =& $dbconn->Execute($query, array((string) $wo_customer_id, (string) $wo_full_name, (string) $wo_ip_address, (string) $current_time, (string) $wo_last_page_url, (string) $wo_session_id)); } else { $whos_onlinetable = $oostable['whos_online']; $dbconn->Execute("INSERT INTO " . $whos_onlinetable . "\n (customer_id,\n full_name,\n session_id,\n ip_address,\n time_entry,\n time_last_click,\n last_page_url) VALUES ('" . oos_db_input($wo_customer_id) . "',\n '" . oos_db_input($wo_full_name) . "',\n '" . oos_db_input($wo_session_id) . "',\n '" . oos_db_input($wo_ip_address) . "',\n '" . oos_db_input($current_time) . "',\n '" . oos_db_input($current_time) . "',\n '" . oos_db_input($wo_last_page_url) . "')"); } return true; }
/** * Sets the status of a featured product */ function oos_set_featured_status($nFeaturedId, $status) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $featuredtable = $oostable['featured']; return $dbconn->Execute("UPDATE {$featuredtable}\n SET status = '" . oos_db_input($status) . "',\n date_status_change = '" . date("Y-m-d H:i:s", time()) . "'\n WHERE featured_id = '" . intval($nFeaturedId) . "'"); }
function create_plugin_instance() { $aFilename = oos_get_filename(); $aModules = oos_get_modules(); if ($_GET['file'] != $aFilename['login'] && !isset($_SESSION['customer_id'])) { $cookie_url_array = parse_url((ENABLE_SSL == true ? OOS_HTTPS_SERVER : OOS_HTTP_SERVER) . substr(OOS_SHOP, 0, -1)); $cookie_path = $cookie_url_array['path']; if (isset($_COOKIE['email_address']) && isset($_COOKIE['password'])) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $customerstable = $oostable['customers']; $sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_language,\n customers_vat_id_status, customers_email_address, customers_default_address_id,\n customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($_COOKIE['email_address']) . "'"; $check_customer_result = $dbconn->Execute($sql); if ($check_customer_result->RecordCount()) { $check_customer = $check_customer_result->fields; if (oos_validate_password($_COOKIE['password'], $check_customer['customers_password'])) { $address_booktable = $oostable['address_book']; $sql = "SELECT entry_country_id, entry_zone_id\n FROM {$address_booktable}\n WHERE customers_id = '" . $check_customer['customers_id'] . "'\n AND address_book_id = '1'"; $check_country = $dbconn->GetRow($sql); if ($check_customer['customers_language'] == '') { $sLanguage = oos_var_prep_for_os($_SESSION['language']); $customerstable = $oostable['customers']; $dbconn->Execute("UPDATE {$customerstable}\n SET customers_language = '" . oos_db_input($sLanguage) . "'\n WHERE customers_id = '" . intval($check_customer['customers_id']) . "'"); } $_SESSION['customer_wishlist_link_id'] = $check_customer['customers_wishlist_link_id']; $_SESSION['customer_id'] = $check_customer['customers_id']; $_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id']; if (ACCOUNT_GENDER == '1') { $_SESSION['customer_gender'] = $check_customer['customers_gender']; } $_SESSION['customer_first_name'] = $check_customer['customers_firstname']; $_SESSION['customer_lastname'] = $check_customer['customers_lastname']; $_SESSION['customer_max_order'] = $check_customer['customers_max_order']; $_SESSION['customer_country_id'] = $check_country['entry_country_id']; $_SESSION['customer_zone_id'] = $check_country['entry_zone_id']; if (ACCOUNT_VAT_ID == '1') { $_SESSION['customers_vat_id_status'] = $check_customer['customers_vat_id_status']; } $_SESSION['member']->restore_group(); setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0); setcookie('password', $check_customer['customers_password'], time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0); $customers_infotable = $oostable['customers_info']; $dbconn->Execute("UPDATE {$customers_infotable}\n SET customers_info_date_of_last_logon = '" . date("Y-m-d H:i:s", time()) . "',\n customers_info_number_of_logons = customers_info_number_of_logons+1\n WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'"); $_SESSION['cart']->restore_contents(); // restore cart contents } } } } return true; }
/** * Sets the status of a special product * * @param $specials_id * @param $status */ function oos_set_specials_status($nSpecialsId, $status) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $specialstable = $oostable['specials']; return $dbconn->Execute("UPDATE $specialstable SET status = '" . oos_db_input($status) . "', date_status_change = '" . date("Y-m-d H:i:s", time()) . "' WHERE specials_id = '" . intval($nSpecialsId) . "'"); }
function oos_get_languages_id($iso_639_2) { $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $languagestable = $oostable['languages']; $languages_result = $dbconn->Execute("SELECT languages_id, iso_639_2 FROM {$languagestable} WHERE iso_639_2 = '" . oos_db_input($iso_639_2) . "'"); if (!$languages_result->RecordCount()) { $LangID = $_SESSION['language_id']; } else { $LangID = $languages_result->fields['languages_id']; } return $LangID; }
function query($order_id) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $lable_query = "SELECT customers_name, customers_company, customers_street_address, customers_suburb,\n customers_city, customers_postcode, customers_state, customers_country,\n customers_telephone, customers_email_address, customers_address_format_id,\n delivery_name, delivery_company, delivery_street_address, delivery_suburb,\n delivery_city, delivery_postcode, delivery_state, delivery_country,\n delivery_address_format_id, billing_name, billing_company, billing_street_address,\n billing_suburb, billing_city, billing_postcode, billing_state, billing_country,\n billing_address_format_id, payment_method, cc_type, cc_owner, cc_number,\n cc_expires, currency, currency_value, date_purchased, orders_status, last_modified\n FROM " . $oostable['orders'] . " \n WHERE orders_id = '" . oos_db_input($order_id) . "'"; $lable_result =& $dbconn->Execute($lable_query); $lable = $lable_result->fields; $totals_query = "SELECT title, text \n FROM " . $oostable['orders_total'] . " \n WHERE orders_id = '" . oos_db_input($order_id) . "'\n ORDER BY sort_order"; $totals_result =& $dbconn->Execute($totals_query); while ($totals = $totals_result->fields) { $this->totals[] = array('title' => $totals['title'], 'text' => $totals['text']); // Move that ADOdb pointer! $totals_result->MoveNext(); } $this->info = array('currency' => $lable['currency'], 'currency_value' => $lable['currency_value'], 'payment_method' => $lable['payment_method'], 'cc_type' => $lable['cc_type'], 'cc_owner' => $lable['cc_owner'], 'cc_number' => $lable['cc_number'], 'cc_expires' => $lable['cc_expires'], 'date_purchased' => $lable['date_purchased'], 'orders_status' => $lable['orders_status'], 'last_modified' => $lable['last_modified']); $this->customer = array('name' => $lable['customers_name'], 'company' => $lable['customers_company'], 'street_address' => $lable['customers_street_address'], 'suburb' => $lable['customers_suburb'], 'city' => $lable['customers_city'], 'postcode' => $lable['customers_postcode'], 'state' => $lable['customers_state'], 'country' => $lable['customers_country'], 'format_id' => $lable['customers_address_format_id'], 'telephone' => $lable['customers_telephone'], 'email_address' => $lable['customers_email_address']); $this->delivery = array('name' => $lable['delivery_name'], 'company' => $lable['delivery_company'], 'street_address' => $lable['delivery_street_address'], 'suburb' => $lable['delivery_suburb'], 'city' => $lable['delivery_city'], 'postcode' => $lable['delivery_postcode'], 'state' => $lable['delivery_state'], 'country' => $lable['delivery_country'], 'format_id' => $lable['delivery_address_format_id']); $this->billing = array('name' => $lable['billing_name'], 'company' => $lable['billing_company'], 'street_address' => $lable['billing_street_address'], 'suburb' => $lable['billing_suburb'], 'city' => $lable['billing_city'], 'postcode' => $lable['billing_postcode'], 'state' => $lable['billing_state'], 'country' => $lable['billing_country'], 'format_id' => $lable['billing_address_format_id']); $index = 0; $lables_products_query = "SELECT o.orders_products_id, o.products_id, o.products_name, o.products_model,\n o.products_price, o.products_tax, o.products_quantity, o.final_price,\n p.products_id, p.products_weight\n FROM " . $oostable['orders_products'] . " o,\n " . $oostable['products'] . " p\n WHERE o.products_id = p.products_id &&\n o.orders_id = '" . oos_db_input($order_id) . "'"; $lables_products_result =& $dbconn->Execute($lables_products_query); while ($lables_products = $lables_products_result->fields) { $this->products[$index] = array('qty' => $lables_products['products_quantity'], 'name' => $lables_products['products_name'], 'model' => $lables_products['products_model'], 'tax' => $lables_products['products_tax'], 'price' => $lables_products['products_price'], 'weight' => $lables_products['products_weight'], 'final_price' => $lables_products['final_price']); $subindex = 0; $attributes_query = "SELECT products_options, products_options_values, options_values_price, price_prefix\n FROM " . $oostable['orders_products_attributes'] . "\n WHERE orders_id = '" . oos_db_input($order_id) . "'\n AND orders_products_id = '" . $orders_products['orders_products_id'] . "'"; $attributes_result =& $dbconn->Execute($attributes_query); if ($attributes_result->RecordCount()) { while ($attributes = $attributes_result->fields) { $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']); $subindex++; // Move that ADOdb pointer! $attributes_result->MoveNext(); } } $index++; // Move that ADOdb pointer! $lables_products_result->MoveNext(); } }
$dbconn->Execute("DELETE FROM {$manufacturerstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); $manufacturers_infotable = $oostable['manufacturers_info']; $dbconn->Execute("DELETE FROM {$manufacturers_infotable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') { $productstable = $oostable['products']; $products_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); while ($products = $products_result->fields) { oos_remove_product($products['products_id']); // Move that ADOdb pointer! $products_result->MoveNext(); } // Close result set $products_result->Close(); } else { $productstable = $oostable['products']; $dbconn->Execute("UPDATE {$productstable} SET manufacturers_id = '' WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); } oos_redirect_admin(oos_href_link_admin($aFilename['manufacturers'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH;
$rate = $quote_function($currency['code']); if (empty($rate) && oos_is_not_null(CURRENCY_SERVER_BACKUP)) { $quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency'; $rate = $quote_function($currency['code']); } if (oos_is_not_null($rate)) { $dbconn->Execute("UPDATE " . $oostable['currencies'] . " SET value = '" . $rate . "', last_updated = '" . date("Y-m-d H:i:s", time()) . "' WHERE currencies_id = '" . $currency['currencies_id'] . "'"); } // Move that ADOdb pointer! $currency_result->MoveNext(); } oos_redirect_admin(oos_href_link_admin($aFilename['currencies'], 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); break; case 'delete': $currencies_id = oos_db_prepare_input($_GET['cID']); $currency_result = $dbconn->Execute("SELECT code FROM " . $oostable['currencies'] . " WHERE currencies_id = '" . oos_db_input($currencies_id) . "'"); $currency = $currency_result->fields; $remove_currency = true; if ($currency['code'] == DEFAULT_CURRENCY) { $remove_currency = false; $messageStack->add(ERROR_REMOVE_DEFAULT_CURRENCY, 'error'); } break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php
} $customerstable = $oostable['customers']; $sql = "SELECT customers_firstname, customers_lastname, customers_id\n FROM {$customerstable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'"; $check_customer_result = $dbconn->Execute($sql); if ($check_customer_result->RecordCount()) { $check_customer = $check_customer_result->fields; $customerstable = $oostable['customers']; $dbconn->Execute("UPDATE {$customerstable}\n SET customers_newsletter = '0'\n WHERE customers_id = '" . $check_customer['customers_id'] . "'"); MyOOS_CoreApi::redirect(oos_href_link($aPages['newsletters_unsubscribe_success'])); } else { $maillisttable = $oostable['maillist']; $sql = "SELECT customers_firstname\n FROM {$maillisttable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'"; $check_mail_customer_result = $dbconn->Execute($sql); if ($check_mail_customer_result->RecordCount()) { $maillisttable = $oostable['maillist']; $dbconn->Execute("UPDATE {$maillisttable}\n SET customers_newsletter = '0'\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'"); MyOOS_CoreApi::redirect(oos_href_link($aPages['newsletters_unsubscribe_success'])); } } MyOOS_CoreApi::redirect(oos_href_link($aPages['subscription_center'], 'email=nonexistent', 'SSL')); } else { $oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aPages['newsletters']), bookmark); $aOption['template_main'] = $sTheme . '/modules/subscription_center.html'; $aOption['page_heading'] = $sTheme . '/heading/page_heading.html'; $aOption['breadcrumb'] = 'default/system/breadcrumb.html'; $nPageType = OOS_PAGE_TYPE_SERVICE; require 'includes/oos_system.php'; if (!isset($option)) { require 'includes/info_message.php'; require 'includes/oos_blocks.php'; }
</td> <td class="dataTableHeadingContent" align="center"><?php echo COUPON_CODE; ?> </td> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?> </td> </tr> <?php if (isset($_GET['page']) && $_GET['page'] > 1) { $rows = $_GET['page'] * 20 - 20; } if ($status != '*') { $cc_result_raw = "SELECT\n coupon_id, coupon_code, coupon_amount, coupon_type, coupon_start_date,\n coupon_expire_date, uses_per_user, uses_per_coupon, restrict_to_products,\n restrict_to_categories, date_created,date_modified\n FROM\n " . $oostable['coupons'] . "\n WHERE\n coupon_active='" . oos_db_input($status) . "' AND\n coupon_type != 'G'"; } else { $cc_result_raw = "SELECT\n coupon_id, coupon_code, coupon_amount, coupon_type, coupon_start_date,\n coupon_expire_date, uses_per_user, uses_per_coupon, restrict_to_products,\n restrict_to_categories, date_created,date_modified\n FROM\n " . $oostable['coupons'] . "\n WHERE\n coupon_type != 'G'"; } $cc_split = new splitPageResults($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $cc_result_raw, $cc_result_numrows); $cc_result = $dbconn->Execute($cc_result_raw); while ($cc_list = $cc_result->fields) { $rows++; if (strlen($rows) < 2) { $rows = '0' . $rows; } if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $cc_list['coupon_id']) && !isset($cInfo)) { $cInfo = new objectInfo($cc_list); } if (isset($cInfo) && is_object($cInfo) && $cc_list['coupon_id'] == $cInfo->coupon_id) { echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . oos_href_link_admin($aFilename['coupon_admin'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->coupon_id . '&action=edit') . '\'">' . "\n";
MyOOS_CoreApi::redirect(oos_href_link($goto_file, oos_get_all_get_parameters($parameters))); break; case 'cust_wishlist_add_product': if (isset($_SESSION['customer_id']) && isset($_POST['products_id'])) { if (isset($_POST['cart_quantity']) && is_numeric($_POST['cart_quantity'])) { $cart_qty = $_SESSION['cart']->get_quantity(oos_get_uprid($_POST['products_id'], $_POST['id'])); $news_qty = $cart_qty + $cart_quantity; $products_order_min = oos_get_products_quantity_order_min($_POST['products_id']); $products_order_units = oos_get_products_quantity_order_units($_POST['products_id']); $customers_wishlisttable = $oostable['customers_wishlist']; $customers_wishlist_attributestable = $oostable['customers_wishlist_attributes']; if ($cart_quantity >= $products_order_min or $cart_qty >= $products_order_min) { if ($cart_quantity % $products_order_units == 0 and $news_qty >= $products_order_min) { $_SESSION['cart']->add_cart($_POST['products_id'], intval($news_qty), $_POST['id']); $dbconn->Execute("DELETE FROM {$customers_wishlisttable} WHERE customers_id = '" . intval($_SESSION['customer_id']) . "' AND products_id = '" . oos_db_input($wl_products_id) . "'"); $dbconn->Execute("DELETE FROM {$customers_wishlist_attributestable} WHERE customers_id = '" . intval($_SESSION['customer_id']) . "' AND products_id = '" . oos_db_input($wl_products_id) . "'"); } else { $_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_units_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_unit_text_info'] . ' ' . $products_order_units; } } else { $_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_quantity_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_min_text_info'] . ' ' . $products_order_min; } } if ($_SESSION['error_cart_msg'] == '') { MyOOS_CoreApi::redirect(oos_href_link($goto_file, oos_get_all_get_parameters($parameters), 'NONSSL')); } else { MyOOS_CoreApi::redirect(oos_href_link($aPages['product_info'], 'products_id=' . $_POST['products_id'])); } } break; case 'frend_wishlist_add_product':
function oos_remove_product($product_id) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $productstable = $oostable['products']; $product_image_query = "SELECT products_image FROM $productstable WHERE products_id = '" . oos_db_input($product_id) . "'"; $product_image_result =& $dbconn->Execute($product_image_query); $product_image = $product_image_result->fields; // Close result set $product_image_result->Close(); $productstable = $oostable['products']; $duplicate_query = "SELECT COUNT(*) AS total FROM $productstable WHERE products_image = '" . oos_db_input($product_image['products_image']) . "'"; $duplicate_result =& $dbconn->Execute($duplicate_query); if ($duplicate_result->fields['total'] < 2) { if (file_exists(OOS_ABSOLUTE_PATH . OOS_IMAGES . $product_image['products_image'])) { @unlink(OOS_ABSOLUTE_PATH . OOS_IMAGES . $product_image['products_image']); } if (file_exists(OOS_ABSOLUTE_PATH . OOS_IMAGES . OOS_POPUP_IMAGES . $product_image['products_image'])) { @unlink(OOS_ABSOLUTE_PATH . OOS_IMAGES . OOS_POPUP_IMAGES . $product_image['products_image']); } } // Close result set $duplicate_result->Close(); $dbconn->Execute("DELETE FROM " . $oostable['specials'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['products'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['products_to_categories'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['products_description'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['products_attributes'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_basket'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_basket_attributes'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist_attributes'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['products_to_master'] . " WHERE master_id = '" . oos_db_input($product_id) . "' OR slave_id = '" . oos_db_input($product_id) . "'"); $reviewstable = $oostable['reviews']; $reviews_query = "SELECT reviews_id FROM $reviewstable WHERE products_id = '" . oos_db_input($product_id) . "'"; $reviews_result =& $dbconn->Execute($reviews_query); while ($product_reviews = $reviews_result->fields) { $dbconn->Execute("DELETE FROM " . $oostable['reviews_description'] . " WHERE reviews_id = '" . $product_reviews['reviews_id'] . "'"); // Move that ADOdb pointer! $reviews_result->MoveNext(); } // Close result set $reviews_result->Close(); $dbconn->Execute("DELETE FROM " . $oostable['reviews'] . " WHERE products_id = '" . oos_db_input($product_id) . "'"); }
$products_attributestable pa WHERE pa.products_id = '" . intval($products_id) . "' AND pa.options_id = popt.products_options_id AND pa.options_id = '" . oos_db_input($option) . "' AND popt.products_options_languages_id = '" . intval($nLanguageID) . "'"; } else { $sql = "SELECT popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix FROM $products_optionstable popt, $products_options_valuestable poval, $products_attributestable pa WHERE pa.products_id = '" . intval($products_id) . "' AND pa.options_id = '" . oos_db_input($option) . "' AND pa.options_id = popt.products_options_id AND pa.options_values_id = '" . oos_db_input($value) . "' AND pa.options_values_id = poval.products_options_values_id AND popt.products_options_languages_id = '" . intval($nLanguageID) . "' AND poval.products_options_values_languages_id = '" . intval($nLanguageID) . "'"; } $attributes_values = $dbconn->GetRow($sql); if ($value == PRODUCTS_OPTIONS_VALUE_TEXT_ID) { $hidden_field .= oos_draw_hidden_field('id[' . $products[$i]['id'] . '][' . TEXT_PREFIX . $option . ']',$products[$i]['attributes_values'][$option]); $attr_value = $products[$i]['attributes_values'][$option]; } else { $hidden_field .= oos_draw_hidden_field('id[' . $products[$i]['id'] . '][' . $option . ']', $value); $attr_value = $attributes_values['products_options_values_name']; }
/** * Checks to see if the currency code exists as a currency */ function oos_currency_exits($code) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $currenciestable = $oostable['currencies']; $query = "SELECT currencies_id FROM $currenciestable WHERE code = '" . oos_db_input($code) . "'"; $result =& $dbconn->Execute($query); if ($result->RecordCount() > 0) { return $code; } else { return false; } }
if ($wishlist_special_price = oos_get_products_special_price($wl_products_id)) { $wishlist_product_special_price = $oCurrencies->display_price($wishlist_special_price, oos_get_tax_rate($wishlist_product['products_tax_class_id'])); } else { $wishlist_product_discount = min($wishlist_product['products_discount_allowed'], $_SESSION['member']->group['discount']); if ($wishlist_product_discount != 0) { $wishlist_special_price = $wishlist_product['products_price'] * (100 - $wishlist_product_discount) / 100; $wishlist_product_discount_price = $oCurrencies->display_price($wishlist_special_price, oos_get_tax_rate($wishlist_product['products_tax_class_id'])); } } if ($wishlist_product['products_base_price'] != 1) { $wishlist_base_product_price = $oCurrencies->display_price($wishlist_product['products_price'] * $wishlist_product['products_base_price'], oos_get_tax_rate($wishlist_product['products_tax_class_id'])); if ($wishlist_special_price != '') { $wishlist_base_product_special_price = $oCurrencies->display_price($wishlist_special_price * $wishlist_product['products_base_price'], oos_get_tax_rate($wishlist_product['products_tax_class_id'])); } } $sql = "SELECT products_options_id, products_options_value_id\n FROM " . $oostable['customers_wishlist_attributes'] . "\n WHERE customers_wishlist_link_id = '" . oos_db_input($wlid) . "'\n AND products_id = '" . $wishlist['products_id'] . "'"; $attributes_result = $dbconn->Execute($sql); $attributes_print = ''; while ($attributes = $attributes_result->fields) { $attributes_print .= oos_draw_hidden_field('id[' . $attributes['products_options_id'] . ']', $attributes['products_options_value_id']); $attributes_print .= ' <tr>'; $sql = "SELECT popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price, pa.price_prefix\n FROM " . $oostable['products_options'] . " popt,\n " . $oostable['products_options_values'] . " poval,\n " . $oostable['products_attributes'] . " pa\n WHERE pa.products_id = '" . intval($wl_products_id) . "'\n AND pa.options_id = '" . $attributes['products_options_id'] . "'\n AND pa.options_id = popt.products_options_id\n AND pa.options_values_id = '" . $attributes['products_options_value_id'] . "'\n AND pa.options_values_id = poval.products_options_values_id\n AND popt.products_options_languages_id = '" . intval($nLanguageID) . "'\n AND poval.products_options_values_languages_id = '" . intval($nLanguageID) . "'"; $option = $dbconn->Execute($sql); $option_values = $option->fields; $attributes_print .= '<td><br /><small><i> - ' . $option_values['products_options_name'] . ' ' . $option_values['products_options_values_name'] . '</i></small></td>'; if ($option_values['options_values_price'] != 0) { $attributes_print .= '<td align="right"><small><i>' . $option_values['price_prefix'] . $oCurrencies->display_price($option_values['options_values_price'], oos_get_tax_rate($wishlist_product['products_tax_class_id'])) . '</i></small></td>'; } else { $attributes_print .= '<td><small><i> </i></small></td>'; } $attributes_print .= ' </tr>';
echo HEADING_TITLE; ?> </td> <td class="pageHeading" align="right"><?php echo oos_draw_separator('trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?> </td> </tr> </table></td> </tr> <?php if ($action == 'edit') { $rID = oos_db_prepare_input($_GET['rID']); $reviewstable = $oostable['reviews']; $reviews_descriptiontable = $oostable['reviews_description']; $reviews_result = $dbconn->Execute("SELECT r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, rd.reviews_text, r.reviews_rating FROM {$reviewstable} r, {$reviews_descriptiontable} rd WHERE r.reviews_id = '" . oos_db_input($rID) . "' AND r.reviews_id = rd.reviews_id"); $reviews = $reviews_result->fields; $productstable = $oostable['products']; $products_result = $dbconn->Execute("SELECT products_image FROM {$productstable} WHERE products_id = '" . $reviews['products_id'] . "'"); $products = $products_result->fields; $products_descriptiontable = $oostable['products_description']; $products_name_result = $dbconn->Execute("SELECT products_name FROM {$products_descriptiontable} WHERE products_id = '" . $reviews['products_id'] . "' AND products_languages_id = '" . intval($_SESSION['language_id']) . "'"); $products_name = $products_name_result->fields; $rInfo_array = array_merge($reviews, $products, $products_name); $rInfo = new objectInfo($rInfo_array); ?> <tr><?php echo oos_draw_form('review', $aFilename['reviews'], 'page=' . $_GET['page'] . '&rID=' . $_GET['rID'] . '&action=preview'); ?> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr>
} oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page'] . '&oID=' . $ticket_reply_id)); break; case 'deleteconfirm': $oID = oos_db_prepare_input($_GET['oID']); $configurationtable = $oostable['configuration']; $ticket_reply_result = $dbconn->Execute("SELECT configuration_value FROM $configurationtable WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'"); $ticket_reply = $ticket_reply_result->fields; if ($ticket_reply['configuration_value'] == $oID) { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'"); } $dbconn->Execute("DELETE FROM " . $oostable['ticket_reply'] . " WHERE ticket_reply_id = '" . oos_db_input($oID) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft"> <?php require 'includes/oos_blocks.php'; ?> </table></td> <!-- body_text //--> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
$review = oos_prepare_input($_POST['review']); if ($valid_product == true) { // We got to the process but it is an illegal product, don't write $customersstable = $oostable['customers']; $sql = "SELECT customers_firstname, customers_lastname\n FROM {$customersstable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'"; $customer = $dbconn->Execute($sql); $customer_values = $customer->fields; $firstname = $customer_values['customers_firstname']; $lastname = ltrim($customer_values['customers_lastname']); $lastname = substr($lastname, 0, 1); $customers_name = $firstname . ' ' . $lastname . '. '; $reviewstable = $oostable['reviews']; $dbconn->Execute("INSERT INTO {$reviewstable}\n (products_id,\n customers_id,\n customers_name,\n reviews_rating,\n date_added) VALUES ('" . intval($nProductsId) . "',\n '" . intval($_SESSION['customer_id']) . "',\n '" . oos_db_input($customers_name) . "',\n '" . oos_db_input($rating) . "',\n '" . date("Y-m-d H:i:s", time()) . "')"); $insert_id = $dbconn->Insert_ID(); $reviews_descriptiontable = $oostable['reviews_description']; $dbconn->Execute("INSERT INTO {$reviews_descriptiontable}\n (reviews_id,\n reviews_languages_id,\n reviews_text) VALUES ('" . intval($insert_id) . "',\n '" . intval($nLanguageID) . "',\n '" . oos_db_input($review) . "')"); $email_subject = 'Review: ' . $product_info['products_name']; $email_text = "\n"; $email_text .= "Firstname: " . $customer_values['customers_firstname'] . "\n"; $email_text .= "Lastname: " . $customer_values['customers_lastname'] . "\n"; $email_text .= "\n"; $email_text .= "Text: " . $review . "\n"; oos_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $email_subject, nl2br($email_text), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, ''); // clear cache require 'includes/classes/class_template.php'; $oSmarty =& new Template(); $sLocaleDir = $oSmarty->template_dir; $aSkins = array(); if (is_dir($sLocaleDir)) { if ($dh = opendir($sLocaleDir)) { while (($file = readdir($dh)) !== false) {
$configurationtable = $oostable['configuration']; $dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . oos_db_input($products_status_id) . "' WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'"); } oos_redirect_admin_admin(oos_href_link_admin($aFilename['products_status'], 'page=' . $_GET['page'] . '&psID=' . $products_status_id)); break; case 'deleteconfirm': $psID = oos_db_prepare_input($_GET['psID']); /* $products_status_result = $dbconn->Execute("SELECT configuration_value FROM " . $oostable['configuration'] . " WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'"); $products_status = $products_status_result->fields; if ($products_status['configuration_value'] == $psID) { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_PRODUTS_STATUS_ID'"); } */ $products_statustable = $oostable['products_status']; $dbconn->Execute("DELETE FROM {$products_statustable} WHERE products_status_id = '" . oos_db_input($psID) . "'"); oos_redirect_admin_admin(oos_href_link_admin($aFilename['products_status'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>
$dbconn->Execute("DELETE FROM " . $oostable['customers_status'] . " WHERE customers_status_id = '" . oos_db_input($cID) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['customers_status'], 'page=' . $_GET['page'])); break; case 'delete': $cID = oos_db_prepare_input($_GET['cID']); $status_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers'] . " WHERE customers_status = '" . oos_db_input($cID) . "'"); $status = $status_result->fields; $remove_status = true; if ($cID == DEFAULT_CUSTOMERS_STATUS_ID || $cID == DEFAULT_CUSTOMERS_STATUS_ID_GUEST || $cID == DEFAULT_CUSTOMERS_STATUS_ID_NEWSLETTER) { $remove_status = false; $messageStack->add(ERROR_REMOVE_DEFAULT_CUSTOMERS_STATUS, 'error'); } elseif ($status['count'] > 0) { $remove_status = false; $messageStack->add(ERROR_STATUS_USED_IN_CUSTOMERS, 'error'); } else { $history_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers_status_history'] . " WHERE '" . oos_db_input($cID) . "' in (new_value, old_value)"); $history = $history_result->fields; if ($history['count'] > 0) { $remove_status = false; $messageStack->add(ERROR_STATUS_USED_IN_HISTORY, 'error'); } } break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php
if ($customers_tickets_numrows > 0) { $customers_tickets_result = $dbconn->Execute($customers_tickets_raw); $customers_tickets_array = array(); while ($customers_tickets = $customers_tickets_result->fields) { $customers_tickets_array[] = array('ticket_link_id' => $customers_tickets['ticket_link_id'], 'ticket_subject' => $customers_tickets['ticket_subject'], 'ticket_status_id' => $customers_tickets['ticket_status_id'], 'ticket_department_id' => $customers_tickets['ticket_department_id'], 'ticket_priority_id' => $customers_tickets['ticket_priority_id'], 'ticket_date_created' => $customers_tickets['ticket_date_created'], 'ticket_date_last_modified' => $customers_tickets['ticket_date_last_modified']); $customers_tickets_result->MoveNext(); } } } if (isset($tlid)) { $ticket_tickettable = $oostable['ticket_ticket']; $sql = "SELECT ticket_id, ticket_link_id, ticket_customers_id, ticket_customers_orders_id,\n ticket_customers_email, ticket_customers_name, ticket_subject, ticket_status_id,\n ticket_department_id, ticket_priority_id, ticket_date_created, ticket_date_last_modified,\n ticket_date_last_customer_modified, ticket_login_required\n FROM {$ticket_tickettable}\n WHERE ticket_link_id= '" . oos_db_input($tlid) . "'"; $ticket_result = $dbconn->Execute($sql); $ticket = $ticket_result->fields; $ticket_status_historytable = $oostable['ticket_status_history']; $sql = "SELECT ticket_status_history_id, ticket_id, ticket_status_id, ticket_priority_id, ticket_department_id,\n ticket_date_modified, ticket_customer_notified, ticket_comments, ticket_edited_by\n FROM {$ticket_status_historytable}\n WHERE ticket_id = '" . oos_db_input($ticket['ticket_id']) . "'"; $ticket_status_result = $dbconn->Execute($sql); $statuses_array = array(); while ($ticket_status = $ticket_status_result->fields) { $statuses_array[] = array('ticket_edited_by' => $ticket_status['ticket_edited_by'], 'ticket_date_modified' => $ticket_status['ticket_date_modified'], 'ticket_status_id' => $ticket_status['ticket_status_id'], 'ticket_department_id' => $ticket_status['ticket_department_id'], 'ticket_priority_id' => $ticket_status['ticket_priority_id'], 'ticket_status_id' => $ticket_status['ticket_status_id'], 'ticket_department_id' => $ticket_status['ticket_department_id'], 'ticket_priority_id' => $ticket_status['ticket_priority_id'], 'ticket_comments' => $ticket_status['ticket_comments']); $ticket_status_result->MoveNext(); } } // links breadcrumb $oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aPages['ticket_create']), bookmark); $aOption['template_main'] = $sTheme . '/modules/ticket_view.html'; $aOption['page_heading'] = $sTheme . '/heading/page_heading.html'; $aOption['breadcrumb'] = 'default/system/breadcrumb.html'; $nPageType = OOS_PAGE_TYPE_SERVICE; require 'includes/oos_system.php'; if (!isset($option)) {
$contents = array('form' => oos_draw_form('customers', $aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id . '&action=deleteconfirm')); $contents[] = array('text' => TEXT_DELETE_INTRO . '<br /><br /><b>' . $cInfo->customers_firstname . ' ' . $cInfo->customers_lastname . '</b>'); if ($cInfo->number_of_reviews > 0) $contents[] = array('text' => '<br />' . oos_draw_checkbox_field('delete_reviews', 'on', true) . ' ' . sprintf(TEXT_DELETE_REVIEWS, $cInfo->number_of_reviews)); $contents[] = array('align' => 'center', 'text' => '<br />' . oos_image_swap_submits('delete', 'delete_off.gif', IMAGE_DELETE) . ' <a href="' . oos_href_link_admin($aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id) . '">' . oos_image_swap_button('cancel', 'cancel_off.gif', IMAGE_CANCEL) . '</a>'); break; case 'editstatus': $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_STATUS_CUSTOMER . '</b>'); $contents = array('form' => oos_draw_form('customers', $aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id . '&action=statusconfirm')); $contents[] = array('text' => '<br />' . oos_draw_pull_down_menu('pdm_status', array_merge(array(array('id' => '0', 'text' => PULL_DOWN_DEFAULT)), $customers_statuses_array), $cInfo->customers_status) ); $contents[] = array('text' => '<table border="0" cellspacing="0" cellpadding="5"><tr><td class="smallText" align="center">' . TABLE_HEADING_NEW_VALUE .' </td><td class="smallText" align="center">' . TABLE_HEADING_DATE_ADDED . '</td></tr>'); $customers_status_historytable = $oostable['customers_status_history']; $customers_history_sql = "SELECT new_value, old_value, date_added, customer_notified FROM $customers_status_historytable WHERE customers_id = '" . oos_db_input($cID) . "' ORDER BY customers_status_history_id DESC"; $customers_history_result = $dbconn->Execute($customers_history_sql); if ($customers_history_result->RecordCount()) { while ($customers_history = $customers_history_result->fields) { $contents[] = array('text' => '<tr>' . "\n" . '<td class="smallText">' . $customers_statuses_array[$customers_history['new_value']]['text'] . '</td>' . "\n" .'<td class="smallText" align="center">' . oos_datetime_short($customers_history['date_added']) . '</td>' . "\n" .'<td class="smallText" align="center">'); $contents[] = array('text' => '</tr>' . "\n"); // Move that ADOdb pointer! $customers_history_result->MoveNext(); } } else { $contents[] = array('text' => '<tr>' . "\n" . ' <td class="smallText" colspan="2">' . TEXT_NO_CUSTOMER_HISTORY . '</td>' . "\n" . ' </tr>' . "\n"); } $contents[] = array('text' => '</table>'); $contents[] = array('align' => 'center', 'text' => '<br />' . oos_image_swap_submits('update', 'update_off.gif', IMAGE_UPDATE) . ' <a href="' . oos_href_link_admin($aFilename['customers'], oos_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_id) . '">' . oos_image_swap_button('cancel', 'cancel_off.gif', IMAGE_CANCEL) . '</a>');
include 'includes/languages/' . $_SESSION['language'] . '/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); include 'includes/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><?php echo $module->confirm(); ?> </td> </tr> <?php } elseif ($action == 'confirm_send') { $nID = oos_db_prepare_input($_GET['nID']); $newsletterstable = $oostable['newsletters']; $newsletter_result = $dbconn->Execute("SELECT newsletters_id, title, content, module FROM {$newsletterstable} WHERE newsletters_id = '" . oos_db_input($nID) . "'"); $newsletter = $newsletter_result->fields; $nInfo = new objectInfo($newsletter); include 'includes/languages/' . $_SESSION['language'] . '/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); include 'includes/modules/newsletters/' . $nInfo->module . substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><table border="0" cellspacing="0" cellpadding="2"> <tr> <td class="main" valign="middle"><?php echo oos_image(OOS_IMAGES . 'ani_send_email.gif', IMAGE_ANI_SEND_EMAIL); ?> </td> <td class="main" valign="middle"><b><?php
case 'delete': $oID = oos_db_prepare_input($_GET['oID']); $ticket_tickettable = $oostable['ticket_ticket']; $priority_result = $dbconn->Execute("SELECT count(*) as count FROM $ticket_tickettable WHERE ticket_priority_id = '" . oos_db_input($oID) . "'"); $priority = $priority_result->fields; $remove_priority = true; if ($oID == TICKET_DEFAULT_PRIORITY_ID) { $remove_priority = false; $messageStack->add(ERROR_REMOVE_DEFAULT_TEXT_PRIORITY, 'error'); } elseif ($priority['count'] > 0) { $remove_priority = false; $messageStack->add(ERROR_PRIORITY_USED_IN_TICKET, 'error'); } else { $ticket_status_historytable = $oostable['ticket_status_history']; $history_result = $dbconn->Execute("SELECT count(*) as count FROM $ticket_status_historytable WHERE ticket_priority_id = '" . oos_db_input($oID) . "'"); $history = $history_result->fields; if ($history['count'] > 0) { $remove_priority = false; $messageStack->add(ERROR_PRIORITY_USED_IN_HISTORY, 'error'); } } break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
if ($action == 'send_email_to_user' && ($_POST['customers_email_address'] || $_POST['email_to']) && !$_POST['back_x']) { switch ($_POST['customers_email_address']) { case '***': $customerstable = $oostable['customers']; $mail_result = $dbconn->Execute("SELECT customers_firstname, customers_lastname, customers_email_address FROM {$customerstable}"); $mail_sent_to = TEXT_ALL_CUSTOMERS; break; case '**D': $customerstable = $oostable['customers']; $mail_result = $dbconn->Execute("SELECT customers_firstname, customers_lastname, customers_email_address FROM {$customerstable} WHERE customers_newsletter = '1'"); $mail_sent_to = TEXT_NEWSLETTER_CUSTOMERS; break; default: $customers_email_address = oos_db_prepare_input($_POST['customers_email_address']); $customerstable = $oostable['customers']; $mail_result = $dbconn->Execute("SELECT customers_firstname, customers_lastname, customers_email_address FROM {$customerstable} WHERE customers_email_address = '" . oos_db_input($customers_email_address) . "'"); $mail_sent_to = $_POST['customers_email_address']; if (isset($_POST['email_to']) && !empty($_POST['email_to'])) { $mail_sent_to = $_POST['email_to']; } break; } if ($action == 'send_email_to_user' && $_POST['customers_email_address'] && !$_POST['back_x']) { while ($mail = $mail_result->fields) { $id1 = oos_create_coupon_code($mail['customers_email_address']); $message = $_POST['message']; $message .= "\n\n" . TEXT_GV_WORTH . $currencies->format($_POST['amount']) . "\n\n"; $message .= TEXT_TO_REDEEM; $message .= TEXT_WHICH_IS . $id1 . TEXT_IN_CASE . "\n\n"; $message .= OOS_HTTP_SERVER . OOS_SHOP . 'index.php?page=' . $aCatalogPage['gv_redeem'] . '&gv_no=' . $id1 . "\n\n"; $message .= TEXT_OR_VISIT . OOS_HTTP_SERVER . OOS_SHOP . TEXT_ENTER_CODE;
if (isset($_POST['verif_key'])) { $verif_key = oos_prepare_input($_POST['verif_key']); } require 'includes/modules/key_generate.php'; if ( empty( $verif_key ) || !is_string( $verif_key ) ) { MyOOS_CoreApi::redirect(oos_href_link($aPages['main'])); } $sLanguage = oos_var_prep_for_os($_SESSION['language']); require 'includes/languages/' . $sLanguage . '.php'; require 'includes/languages/' . $sLanguage . '/admin_create_account.php'; $manual_infotable = $oostable['manual_info']; $login_result = $dbconn->Execute("SELECT man_key2, man_key3, status FROM $manual_infotable WHERE man_key = '" . oos_db_input($verif_key) . "' AND status = 1 "); if (!$login_result->RecordCount()) { $manual_infotable = $oostable['manual_info']; $dbconn->Execute("UPDATE $manual_infotable SET man_key = '', man_key2 = '' WHERE man_info_id = '1' "); MyOOS_CoreApi::redirect(oos_href_link($aPages['main'])); } if (!isset($_GET['action']) && ($_GET['action'] != 'login_admin')) { MyOOS_CoreApi::redirect(oos_href_link($aPages['main'])); } else { $login_result_values = $login_result->fields; if (($login_result_values['man_key2'] = $newkey2) && ($login_result_values['status'] !=0)) { // links breadcrumb
File: redirect.php,v 1.9 2003/02/13 04:23:23 hpdl ---------------------------------------------------------------------- osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce ---------------------------------------------------------------------- Released under the GNU General Public License ---------------------------------------------------------------------- */ /** ensure this file is being included by a parent file */ defined('OOS_VALID_MOD') or die('Direct Access to this location is not allowed.'); switch ($_GET['action']) { case 'banner': $bannerstable = $oostable['banners']; $sql = "SELECT banners_url\n FROM {$bannerstable}\n WHERE banners_id = '" . oos_db_input($_GET['goto']) . "'"; $banner_result = $dbconn->Execute($sql); if ($banner_result->RecordCount()) { $banner = $banner_result->fields; oos_update_banner_click_count($_GET['goto']); oos_redirect($banner['banners_url']); } else { oos_redirect(oos_href_link($aModules['main'], $aFilename['main'])); } break; case 'url': if (isset($_GET['goto'])) { oos_redirect('http://' . $_GET['goto']); } else { oos_redirect(oos_href_link($aModules['main'], $aFilename['main'])); }
} } if ($cats == '') { $cats = '<br />NONE'; } $text_coupon_help .= $cats; $text_coupon_help .= '<br /><br />' . $aLang['text_coupon_help_products']; $couponstable = $oostable['coupons']; $sql = "SELECT restrict_to_products\n FROM {$couponstable}\n WHERE coupon_id='" . intval($nCouponID) . "'"; $coupon_get = $dbconn->Execute($sql); $get_result = $coupon_get->fields; $pr_ids = preg_split("/[,]/", $get_result['restrict_to_products']); for ($i = 0; $i < count($pr_ids); $i++) { $productstable = $oostable['products']; $products_descriptiontable = $oostable['products_description']; $sql = "SELECT p.products_id, p.products_status, pd.products_name\n FROM {$productstable} p,\n {$products_descriptiontable} pd\n WHERE p.products_status >= '1'\n AND p.products_id = '" . oos_db_input($pr_ids[$i]) . "'\n AND pd.products_id = p.products_id\n AND pd.products_languages_id = '" . intval($nLanguageID) . "'"; $result = $dbconn->Execute($sql); if ($row = $result->fields) { $prods .= '<br />' . $row["products_name"]; } } if ($prods == '') { $prods = '<br />NONE'; } $text_coupon_help .= $prods; } else { $nCouponID = 0; } $aOption['popup_help'] = $sTheme . '/system/popup_help.html'; //smarty require 'includes/classes/class_template.php';
/** * Remove News * * @param $news_id */ function oos_remove_news($news_id) { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $news_image_query = "SELECT news_image\n FROM " . $oostable['news'] . "\n WHERE news_id = '" . oos_db_input($news_id) . "'"; $news_image_result =& $dbconn->Execute($news_image_query); $news_image = $news_image_result->fields; // Close result set $news_image_result->Close(); $duplicate_query = "SELECT COUNT(*) AS total\n FROM " . $oostable['news'] . "\n WHERE news_image = '" . oos_db_input($news_image['news_image']) . "'"; $duplicate_result =& $dbconn->Execute($duplicate_query); // Close result set $duplicate_result->Close(); if ($duplicate_result->fields['total'] < 2) { if (file_exists(OOS_ABSOLUTE_PATH . OOS_IMAGES . $news_image['news_image'])) { @unlink(OOS_ABSOLUTE_PATH . OOS_IMAGES . $news_image['news_image']); } } $dbconn->Execute("DELETE FROM " . $oostable['news'] . " WHERE news_id = '" . oos_db_input($news_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['news_to_categories'] . " WHERE news_id = '" . oos_db_input($news_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['news_description'] . " WHERE news_id = '" . oos_db_input($news_id) . "'"); $news_reviews_query = "SELECT news_reviews_id\n FROM " . $oostable['news_reviews'] . "\n WHERE news_id = '" . oos_db_input($news_id) . "'"; $news_reviews_result =& $dbconn->Execute($news_reviews_query); while ($news_reviews = $news_reviews_result->fields) { $dbconn->Execute("DELETE FROM " . $oostable['news_reviews_description'] . " WHERE news_reviews_id = '" . $news_reviews['news_reviews_id'] . "'"); // Move that ADOdb pointer! $news_reviews_result->MoveNext(); } // Close result set $news_reviews_result->Close(); $dbconn->Execute("DELETE FROM " . $oostable['news_reviews'] . " WHERE news_id = '" . oos_db_input($news_id) . "'"); }
$dbconn->Execute("INSERT INTO {$products_to_categoriestable} (products_id, categories_id) values ('" . $products_id . "', '" . $current_category_id . "')"); } } if (oos_empty($_GET['categories'])) { $categories = $current_category_id; } $languages = oos_get_languages(); for ($i = 0, $n = count($languages); $i < $n; $i++) { $lang_id = $languages[$i]['id']; $sql_data_array = array('products_name' => oos_db_prepare_input($_POST['products_name'][$lang_id]), 'products_description' => oos_db_prepare_input($_POST['products_description_' . $languages[$i]['id']]), 'products_description_meta' => oos_db_prepare_input($_POST['products_description_meta_' . $languages[$i]['id']]), 'products_keywords_meta' => oos_db_prepare_input($_POST['products_keywords_meta_' . $languages[$i]['id']]), 'products_url' => oos_db_prepare_input($_POST['products_url'][$lang_id])); if ($action == 'insert_product') { $insert_sql_data = array('products_id' => $products_id, 'products_languages_id' => $lang_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); oos_db_perform($oostable['products_description'], $sql_data_array); } elseif ($action == 'update_product') { oos_db_perform($oostable['products_description'], $sql_data_array, 'update', 'products_id = \'' . oos_db_input($products_id) . '\' and products_languages_id = \'' . $lang_id . '\''); } } oos_redirect_admin(oos_href_link_admin($aFilename['categories'], 'categories=' . $categories . '&pID=' . $products_id)); } break; } } // check if the catalog image directory exists if (is_dir(OOS_ABSOLUTE_PATH . OOS_IMAGES)) { if (!is_writeable(OOS_ABSOLUTE_PATH . OOS_IMAGES)) { $messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_NOT_WRITEABLE, 'error'); } } else { $messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_DOES_NOT_EXIST, 'error'); }