function objectInfo($object_array)
 {
     reset($object_array);
     while (list($key, $value) = each($object_array)) {
         $this->{$key} = vam_db_prepare_input($value);
     }
 }
function vam_db_prepare_input($string)
{
    if (is_string($string)) {
        return trim(stripslashes($string));
    } elseif (is_array($string)) {
        reset($string);
        while (list($key, $value) = each($string)) {
            $string[$key] = vam_db_prepare_input($value);
        }
        return $string;
    } else {
        return $string;
    }
}
function vam_get_categories($categories_array = '', $parent_id = '0', $indent = '')
{
    $parent_id = vam_db_prepare_input($parent_id);
    if (!is_array($categories_array)) {
        $categories_array = array();
    }
    $categories_query = "select\n                                      c.categories_id,\n                                      cd.categories_name\n                                      from " . TABLE_CATEGORIES . " c,\n                                       " . TABLE_CATEGORIES_DESCRIPTION . " cd\n                                       where parent_id = '" . vam_db_input($parent_id) . "'\n                                       and c.categories_id = cd.categories_id\n                                       and c.categories_status != 0\n                                       and cd.language_id = '" . $_SESSION['languages_id'] . "'\n                                       order by sort_order, cd.categories_name";
    $categories_query = vamDBquery($categories_query);
    while ($categories = vam_db_fetch_array($categories_query, true)) {
        $categories_array[] = array('id' => $categories['categories_id'], 'text' => $indent . $categories['categories_name']);
        if ($categories['categories_id'] != $parent_id) {
            $categories_array = vam_get_categories($categories_array, $categories['categories_id'], $indent . '  ');
        }
    }
    return $categories_array;
}
function vam_address_summary($customers_id, $address_id)
{
    $customers_id = vam_db_prepare_input($customers_id);
    $address_id = vam_db_prepare_input($address_id);
    $address_query = vam_db_query("select ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_state, ab.entry_country_id, ab.entry_zone_id, c.countries_name, c.address_format_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_COUNTRIES . " c where ab.address_book_id = '" . vam_db_input($address_id) . "' and ab.customers_id = '" . vam_db_input($customers_id) . "' and ab.entry_country_id = c.countries_id");
    $address = vam_db_fetch_array($address_query);
    $street_address = $address['entry_street_address'];
    $suburb = $address['entry_suburb'];
    $postcode = $address['entry_postcode'];
    $city = $address['entry_city'];
    $state = vam_get_zone_name($address['entry_country_id'], $address['entry_zone_id'], $address['entry_state']);
    $country = $address['countries_name'];
    $address_format_query = vam_db_query("select address_summary from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . $address['address_format_id'] . "'");
    $address_format = vam_db_fetch_array($address_format_query);
    //    eval("\$address = \"{$address_format['address_summary']}\";");
    $address_summary = $address_format['address_summary'];
    eval("\$address = \"{$address_summary}\";");
    return $address;
}
Exemple #5
0
 function query($order_id)
 {
     $order_id = vam_db_prepare_input($order_id);
     $order_query = vam_db_query("SELECT\n                                   *\n                                   FROM " . TABLE_ORDERS . " WHERE\n                                   orders_id = '" . vam_db_input($order_id) . "'");
     $order = vam_db_fetch_array($order_query);
     $totals_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_TOTAL . " where orders_id = '" . vam_db_input($order_id) . "' order by sort_order");
     while ($totals = vam_db_fetch_array($totals_query)) {
         $this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'value' => $totals['value']);
     }
     $order_total_query = vam_db_query("select text,value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_total'");
     $order_total = vam_db_fetch_array($order_total_query);
     $shipping_method_query = vam_db_query("select title from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_shipping'");
     $shipping_method = vam_db_fetch_array($shipping_method_query);
     $order_status_query = vam_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . $_SESSION['languages_id'] . "'");
     $order_status = vam_db_fetch_array($order_status_query);
     $this->info = array('currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'cc_start' => $order['cc_start'], 'cc_issue' => $order['cc_issue'], 'cc_cvv' => $order['cc_cvv'], 'date_purchased' => $order['date_purchased'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total['text']), 'total_value' => $order_total['value'], 'shipping_method' => substr($shipping_method['title'], -1) == ':' ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title']), 'comments' => $order['comments']);
     $this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'firstname' => $order['customers_firstname'], 'secondname' => $order['customers_secondname'], 'lastname' => $order['customers_lastname'], 'csID' => $order['customers_cid'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']);
     $this->delivery = array('name' => $order['delivery_name'], 'firstname' => $order['delivery_firstname'], 'secondname' => $order['delivery_secondname'], 'lastname' => $order['delivery_lastname'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']);
     if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) {
         $this->delivery = false;
     }
     $this->billing = array('name' => $order['billing_name'], 'firstname' => $order['billing_firstname'], 'secondname' => $order['billing_secondname'], 'lastname' => $order['billing_lastname'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']);
     $index = 0;
     $orders_products_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS . "   WHERE orders_id = '" . vam_db_input($order_id) . "'");
     while ($orders_products = vam_db_fetch_array($orders_products_query)) {
         $this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'shipping_time' => $orders_products['products_shipping_time'], 'final_price' => $orders_products['final_price']);
         $subindex = 0;
         $attributes_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . vam_db_input($order_id) . "' and orders_products_id = '" . $orders_products['orders_products_id'] . "'");
         if (vam_db_num_rows($attributes_query)) {
             while ($attributes = vam_db_fetch_array($attributes_query)) {
                 $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']);
                 $subindex++;
             }
         }
         $this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';
         $index++;
     }
 }
   Copyright (c) 2007 VaM Shop
   --------------------------------------------------------------
   based on: 
   (c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
   (c) 2002-2003 osCommerce(popup_image.php,v 1.6 2002/05/20); www.oscommerce.com 
   (c) 2003	 nextcommerce (popup_image.php,v 1.7 2003/08/18); www.nextcommerce.org
   (c) 2004	 xt:Commerce (popup_image.php,v 1.7 2003/08/18); xt-commerce.com

   Released under the GNU General Public License 
   --------------------------------------------------------------*/
require 'includes/application_top.php';
reset($_GET);
while (list($key, ) = each($_GET)) {
    switch ($key) {
        case 'banner':
            $banners_id = vam_db_prepare_input($_GET['banner']);
            $banner_query = vam_db_query("select banners_title, banners_image, banners_html_text from " . TABLE_BANNERS . " where banners_id = '" . vam_db_input($banners_id) . "'");
            $banner = vam_db_fetch_array($banner_query);
            $page_title = $banner['banners_title'];
            if ($banner['banners_html_text']) {
                $image_source = $banner['banners_html_text'];
            } elseif ($banner['banners_image']) {
                $image_source = vam_image(HTTP_CATALOG_SERVER . DIR_WS_CATALOG_IMAGES . 'banner/' . $banner['banners_image'], $page_title);
            }
            break;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
            $insert_sql_data = array('date_added' => 'now()');
            $sql_data_array = vam_array_merge($sql_data_array, $insert_sql_data);
            vam_db_perform(TABLE_BLACKLIST, $sql_data_array);
            $blacklist_id = vam_db_insert_id();
        } elseif ($_GET['action'] == 'save') {
            $update_sql_data = array('last_modified' => 'now()');
            $sql_data_array = vam_array_merge($sql_data_array, $update_sql_data);
            vam_db_perform(TABLE_BLACKLIST, $sql_data_array, 'update', "blacklist_id = '" . vam_db_input($blacklist_id) . "'");
        }
        if (USE_CACHE == 'true') {
            vam_reset_cache_block('blacklist');
        }
        vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'] . '&bID=' . $blacklist_id));
        break;
    case 'deleteconfirm':
        $blacklist_id = vam_db_prepare_input($_GET['bID']);
        vam_db_query("delete from " . TABLE_BLACKLIST . " where blacklist_id = '" . vam_db_input($blacklist_id) . "'");
        if (USE_CACHE == 'true') {
            vam_reset_cache_block('manufacturers');
        }
        vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page']));
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
         }
         mysql_free_result($result);
         mysql_close();
         if (isset($fURL) && $fURL != '') {
             $url = HTTP_SERVER . DIR_WS_CATALOG . $fURL;
             header("HTTP/1.1 301 Moved Permanently");
             header('Location: ' . $url);
             exit;
         }
     }
     $PHP_SELF = '/faq.php';
     include 'faq.php';
     break;
 case 'articles':
     if (isset($_GET['tPath']) && $_GET['tPath'] != '') {
         $query = 'select topics_page_url from ' . TABLE_TOPICS . ' where topics_id="' . vam_db_prepare_input($_GET['tPath']) . '"';
         $result = mysql_query($query);
         if (mysql_num_rows($result) > 0) {
             $row = mysql_fetch_array($result, MYSQL_ASSOC);
             $tURL = $row['topics_page_url'];
         }
         mysql_free_result($result);
         mysql_close();
         if (isset($tURL) && $tURL != '') {
             $url = HTTP_SERVER . DIR_WS_CATALOG . $tURL;
             header("HTTP/1.1 301 Moved Permanently");
             header('Location: ' . $url);
             exit;
         }
     }
     $PHP_SELF = '/articles.php';
            $countries_id = vam_db_prepare_input($_GET['cID']);
            $countries_name = vam_db_prepare_input($_POST['countries_name']);
            $countries_iso_code_2 = vam_db_prepare_input($_POST['countries_iso_code_2']);
            $countries_iso_code_3 = vam_db_prepare_input($_POST['countries_iso_code_3']);
            $address_format_id = vam_db_prepare_input($_POST['address_format_id']);
            vam_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . vam_db_input($countries_name) . "', countries_iso_code_2 = '" . vam_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . vam_db_input($countries_iso_code_3) . "', address_format_id = '" . vam_db_input($address_format_id) . "' where countries_id = '" . vam_db_input($countries_id) . "'");
            vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id));
            break;
        case 'deleteconfirm':
            $countries_id = vam_db_prepare_input($_GET['cID']);
            vam_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . vam_db_input($countries_id) . "'");
            vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
            break;
        case 'setlflag':
            $countries_id = vam_db_prepare_input($_GET['cID']);
            $status = vam_db_prepare_input($_GET['flag']);
            vam_db_query("update " . TABLE_COUNTRIES . " set status = '" . vam_db_input($status) . "' where countries_id = '" . vam_db_input($countries_id) . "'");
            vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id));
            break;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
Exemple #10
0
 if (mysql_num_rows($result) > 0) {
     $row = mysql_fetch_array($result, MYSQL_ASSOC);
     $nID = $row['news_id'];
     $matched = true;
 } else {
     $matched = false;
 }
 if ($matched) {
     $HTTP_GET_VARS['news_id'] = $nID;
     $_GET['news_id'] = $nID;
     mysql_free_result($result);
     mysql_close();
     $PHP_SELF = '/news.php';
     include 'news.php';
 } else {
     $query = 'select faq_id from ' . TABLE_FAQ . ' where BINARY faq_page_url="' . vam_db_prepare_input($URI_elements[0]) . '"';
     $result = mysql_query($query);
     if (mysql_num_rows($result) > 0) {
         $row = mysql_fetch_array($result, MYSQL_ASSOC);
         $fID = $row['faq_id'];
         $matched = true;
     } else {
         $matched = false;
     }
     if ($matched) {
         $HTTP_GET_VARS['faq_id'] = $fID;
         $_GET['faq_id'] = $fID;
         mysql_free_result($result);
         mysql_close();
         $PHP_SELF = '/faq.php';
         include 'faq.php';
            //        $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
            //        $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
            //        break;
        //      case '**D':
        //        $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
        //        $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
        //        break;
        default:
            $affiliate_email_address = vam_db_prepare_input($_POST['affiliate_email_address']);
            $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . vam_db_input($affiliate_email_address) . "'");
            $mail_sent_to = $_POST['affiliate_email_address'];
            break;
    }
    $from = vam_db_prepare_input($_POST['from']);
    $subject = vam_db_prepare_input($_POST['subject']);
    $message = vam_db_prepare_input($_POST['message']);
    while ($mail = vam_db_fetch_array($mail_query)) {
        vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $mail['affiliate_email_address'], $mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $subject, $message, $message);
    }
    vam_redirect(vam_href_link(FILENAME_AFFILIATE_CONTACT, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['affiliate_email_address']) {
    $messageStack->add(ERROR_NO_AFFILIATE_SELECTED, 'error');
}
if (vam_not_null($_GET['mail_sent_to'])) {
    $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
         if (isset($_SESSION['payment'])) {
             unset($_SESSION['payment']);
         }
         vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
     }
     // process the selected billing destination
 } elseif (isset($_POST['address'])) {
     $reset_payment = false;
     if (isset($_SESSION['billto'])) {
         if ($billto != $_POST['address']) {
             if (isset($_SESSION['payment'])) {
                 $reset_payment = true;
             }
         }
     }
     $_SESSION['billto'] = vam_db_prepare_input($_POST['address']);
     $check_address_query = vam_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $_SESSION['customer_id'] . "' and address_book_id = '" . $_SESSION['billto'] . "'");
     $check_address = vam_db_fetch_array($check_address_query);
     if ($check_address['total'] == '1') {
         if ($reset_payment == true) {
             unset($_SESSION['payment']);
         }
         vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
     } else {
         unset($_SESSION['billto']);
     }
     // no addresses to select from - customer decided to keep the current assigned address
 } else {
     $_SESSION['billto'] = $_SESSION['customer_default_address_id'];
     vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
 }
    $a_level = vam_db_prepare_input($_GET['a_level']);
    $level_clause = " AND a.affiliate_level = '" . $a_level . "'";
}
$affiliate_sales_raw = "select a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent,\n    a.affiliate_payment, a.affiliate_level AS level,\n    o.orders_status as orders_status_id, os.orders_status_name as orders_status, \n    MONTH(aa.affiliate_date_account_created) as start_month, YEAR(aa.affiliate_date_account_created) as start_year\n    from " . TABLE_AFFILIATE . " aa\n    left join " . TABLE_AFFILIATE_SALES . " a on (aa.affiliate_id = a.affiliate_id )\n    left join " . TABLE_ORDERS . " o on (a.affiliate_orders_id = o.orders_id) \n    left join " . TABLE_ORDERS_STATUS . " os on (o.orders_status = os.orders_status_id and language_id = '" . $_SESSION['languages_id'] . "')\n    where a.affiliate_id = '" . $_SESSION['affiliate_id'] . "' " . $period_clause . $status_clause . $level_clause . " \n    group by aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, \n        a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, \n        o.orders_status, os.orders_status_name\n    order by affiliate_date DESC";
$count_key = 'aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, o.orders_status, os.orders_status_name';
$affiliate_sales_split = new splitPageResults($affiliate_sales_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $count_key);
if ($affiliate_sales_split->number_of_rows > 0) {
    $affiliate_sales_values = vam_db_query($affiliate_sales_split->sql_query);
    $affiliate_sales = vam_db_fetch_array($affiliate_sales_values);
} else {
    $affiliate_sales_values = vam_db_query("select MONTH(affiliate_date_account_created) as start_month,\n                                      YEAR(affiliate_date_account_created) as start_year\n                                      FROM " . TABLE_AFFILIATE . " WHERE affiliate_id = '" . $_SESSION['affiliate_id'] . "'");
    $affiliate_sales = vam_db_fetch_array($affiliate_sales_values);
}
$vamTemplate->assign('period_selector', affiliate_period('a_period', $affiliate_sales['start_year'], $affiliate_sales['start_month'], true, vam_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"'));
$vamTemplate->assign('status_selector', affiliate_get_status_list('a_status', vam_db_prepare_input($_GET['a_status']), 'onchange="this.form.submit();"'));
$vamTemplate->assign('level_selector', affiliate_get_level_list('a_level', vam_db_prepare_input($_GET['a_level']), 'onchange="this.form.submit();"'));
require DIR_WS_INCLUDES . 'header.php';
$vamTemplate->assign('affiliate_sales_split_numbers', $affiliate_sales_split->number_of_rows);
$vamTemplate->assign('FORM_ACTION', vam_draw_form('params', vam_href_link(FILENAME_AFFILIATE_SALES), 'get'));
$affiliate_sales_table = '';
if ($affiliate_sales_split->number_of_rows > 0) {
    $number_of_sales = 0;
    $sum_of_earnings = 0;
    do {
        $number_of_sales++;
        if ($affiliate_sales['orders_status_id'] >= AFFILIATE_PAYMENT_ORDER_MIN_STATUS) {
            $sum_of_earnings += $affiliate_sales['affiliate_payment'];
        }
        if ($number_of_sales / 2 == floor($number_of_sales / 2)) {
            $affiliate_sales_table .= '<tr class="productListing-even">';
        } else {
Exemple #14
0
                    $faq_page_url = $alias;
                } else {
                    $faq_page_url = $_POST['faq_page_url'];
                }
                $sql_data_array = array('question' => vam_db_prepare_input($_POST['question']), 'faq_page_url' => vam_db_prepare_input($faq_page_url), 'answer' => vam_db_prepare_input($_POST['answer']), 'date_added' => 'now()', 'language' => vam_db_prepare_input($_POST['item_language']), 'status' => '1');
                vam_db_perform(TABLE_FAQ, $sql_data_array);
                $faq_id = vam_db_insert_id();
                //not actually used ATM -- just there in case
            }
            //       vam_redirect(vam_href_link(FILENAME_FAQ));
            break;
        case 'update_faq':
            //user wants to modify a faq.
            if ($_GET['faq_id']) {
                $sql_data_array = array('question' => vam_db_prepare_input($_POST['question']), 'faq_page_url' => vam_db_prepare_input($_POST['faq_page_url']), 'answer' => vam_db_prepare_input($_POST['answer']), 'date_added' => vam_db_prepare_input($_POST['date_added']), 'language' => vam_db_prepare_input($_POST['item_language']));
                vam_db_perform(TABLE_FAQ, $sql_data_array, 'update', "faq_id = '" . vam_db_prepare_input($_GET['faq_id']) . "'");
            }
            //      vam_redirect(vam_href_link(FILENAME_FAQ));
            break;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
     if (is_array($_POST['multi_products']) && (is_array($_POST['dest_cat_ids']) || vam_not_null($_POST['dest_category_id']))) {
         foreach ($_POST['multi_products'] as $product_id) {
             $product_id = vam_db_prepare_input($product_id);
             if (is_array($_POST['dest_cat_ids'])) {
                 foreach ($_POST['dest_cat_ids'] as $dest_category_id) {
                     $dest_category_id = vam_db_prepare_input($dest_category_id);
                     if ($_POST['copy_as'] == 'link') {
                         $catfunc->link_product($product_id, $dest_category_id);
                     } elseif ($_POST['copy_as'] == 'duplicate') {
                         $catfunc->duplicate_product($product_id, $dest_category_id);
                     } else {
                         $messageStack->add_session('Copy type not specified.', 'error');
                     }
                 }
             } elseif (vam_not_null($_POST['dest_category_id'])) {
                 $dest_category_id = vam_db_prepare_input($_POST['dest_category_id']);
                 if ($_POST['copy_as'] == 'link') {
                     $catfunc->link_product($product_id, $dest_category_id);
                 } elseif ($_POST['copy_as'] == 'duplicate') {
                     $catfunc->duplicate_product($product_id, $dest_category_id);
                 } else {
                     $messageStack->add_session('Copy type not specified.', 'error');
                 }
             }
         }
     }
     vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $dest_category_id . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
 }
 // --- MULTI COPY ENDS ---
 vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $_GET['cPath'] . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
 break;
   ---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
require_once DIR_FS_INC . 'vam_random_charcode.inc.php';
require_once DIR_FS_INC . 'vam_render_vvcode.inc.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
if ($_SESSION['customers_status']['customers_status_write_reviews'] == 0) {
    vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    if (is_object($product) && $product->isProduct()) {
        // We got to the process but it is an illegal product, don't write
        $rating = vam_db_prepare_input($_POST['rating']);
        $review = vam_db_prepare_input($_POST['review']);
        $error = false;
        if ($_POST['captcha'] == '' or $_POST['captcha'] != $_SESSION['vvcode']) {
            $error = true;
            $vamTemplate->assign('captcha_error', ENTRY_CAPTCHA_ERROR);
        }
        if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
            $error = true;
            $vamTemplate->assign('error', ERROR_INVALID_PRODUCT);
        }
        if ($rating < 1 || $rating > 5) {
            $error = true;
            $vamTemplate->assign('error', ERROR_INVALID_PRODUCT);
        }
        if ($error == false) {
            $customer = vam_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
     $_imgQuery = vam_db_fetch_array($_imgQuery);
     if ($_imgQuery['count'] > 0) {
     } else {
         vam_db_perform(TABLE_PRODUCTS_OPTIONS_IMAGES, $data);
     }
 }
 for ($img = 0; $img < MO_PICS; $img++) {
     if ($pIMG =& vam_try_upload('mo_pics_' . $img, DIR_FS_CATALOG_IMAGES . 'product_options/', '777', '')) {
         $pname_arr = explode('.', $pIMG->filename);
         $nsuffix = array_pop($pname_arr);
         $value_image_name = $_POST['value_id'] . '_' . ($img + 1) . '.' . $nsuffix;
         rename(DIR_FS_CATALOG_IMAGES . 'product_options/' . $pIMG->filename, DIR_FS_CATALOG_IMAGES . 'product_options/' . $value_image_name);
         //get data & write to table
         $mo_img = array('products_options_values_id' => vam_db_prepare_input($_POST['value_id']), 'image_nr' => vam_db_prepare_input($img + 1), 'image_name' => vam_db_prepare_input($value_image_name));
         //				if ($action == 'insert') {
         $_imgQuery = vam_db_query("SELECT count(*) as count FROM " . TABLE_PRODUCTS_OPTIONS_IMAGES . " WHERE image_nr='" . ($img + 1) . "' and products_options_values_id='" . vam_db_prepare_input($_POST['value_id']) . "'");
         $_imgQuery = vam_db_fetch_array($_imgQuery);
         if ($_imgQuery['count'] > 0) {
         } else {
             vam_db_perform(TABLE_PRODUCTS_OPTIONS_IMAGES, $mo_img);
         }
     }
 }
 if ($_POST['del_mo_pic'] != '') {
     foreach ($_POST['del_mo_pic'] as $dummy => $val) {
         @vam_del_image_options_file($val);
         vam_db_query("DELETE FROM " . TABLE_PRODUCTS_OPTIONS_IMAGES . "\n\t\t\t\t\t\t\t\t\t               WHERE products_options_values_id = '" . vam_db_input($_POST['value_id']) . "' AND image_name  = '" . $val . "'");
     }
 }
 //are we asked to delete some pics?
 if ($_POST['del_pic'] != '') {
        vam_db_query("insert into " . TABLE_FEATURED . " (products_id, featured_quantity, featured_date_added, expires_date, status) values ('" . $_POST['products_id'] . "', '" . $_POST['featured_quantity'] . "', now(), '" . $expires_date . "', '1')");
        vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page']));
        break;
    case 'update':
        // update a product on featured
        $expires_date = '';
        if ($_POST['expires-dd'] && $_POST['expires-mm'] && $_POST['expires']) {
            $expires_date = $_POST['expires'];
            $expires_date .= strlen($_POST['expires-mm']) == 1 ? '0' . $_POST['expires-mm'] : $_POST['expires-mm'];
            $expires_date .= strlen($_POST['expires-dd']) == 1 ? '0' . $_POST['expires-dd'] : $_POST['expires-dd'];
        }
        vam_db_query("update " . TABLE_FEATURED . " set featured_quantity = '" . $_POST['featured_quantity'] . "', featured_last_modified = now(), expires_date = '" . $expires_date . "' where featured_id = '" . $_POST['featured_id'] . "'");
        vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page'] . '&fID=' . $featured_id));
        break;
    case 'deleteconfirm':
        $featured_id = vam_db_prepare_input($_GET['fID']);
        vam_db_query("delete from " . TABLE_FEATURED . " where featured_id = '" . vam_db_input($featured_id) . "'");
        vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page']));
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
">
// avoid hack attempts during the checkout procedure by checking the internal cartID
if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) {
    if ($_SESSION['cart']->cartID != $_SESSION['cartID']) {
        vam_redirect(vam_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
    }
}
// if no shipping method has been selected, redirect the customer to the shipping method selection page
if (!isset($_SESSION['shipping'])) {
    vam_redirect(vam_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}
//check if display conditions on checkout page is true
if (isset($_POST['payment'])) {
    $_SESSION['payment'] = vam_db_prepare_input($_POST['payment']);
}
if ($_POST['comments_added'] != '') {
    $_SESSION['comments'] = vam_db_prepare_input($_POST['comments']);
}
if (!isset($_SESSION['kvit_name'])) {
    $_SESSION['kvit_name'] = $_POST['kvit_name'];
}
if (!isset($_SESSION['kvit_address'])) {
    $_SESSION['kvit_address'] = $_POST['kvit_address'];
}
if (!isset($_SESSION['qiwi_telephone'])) {
    $_SESSION['qiwi_telephone'] = $_POST['qiwi_telephone'];
}
if (!isset($_SESSION['aviso_telephone'])) {
    $_SESSION['aviso_telephone'] = $_POST['aviso_telephone'];
}
if (!isset($_SESSION['s_name'])) {
    $_SESSION['s_name'] = $_POST['s_name'];
Exemple #20
0
 function after_process()
 {
     global $insert_id, $name, $inn, $kpp, $ogrn, $okpo, $rs, $bank_name, $bik, $ks, $address, $yur_address, $fakt_address, $telephone, $fax, $email, $director, $accountant, $checkout_form_action, $checkout_form_submit;
     vam_db_query("INSERT INTO " . TABLE_COMPANIES . " (orders_id, customers_id, name, inn, kpp, ogrn, okpo, rs, bank_name, bik, ks, address, yur_address, fakt_address, telephone, fax, email, director, accountant) VALUES ('" . vam_db_prepare_input($insert_id) . "', '" . (int) $_SESSION['customer_id'] . "', '" . vam_db_prepare_input($_SESSION['s_name']) . "', '" . vam_db_prepare_input($_SESSION['s_inn']) . "', '" . vam_db_prepare_input($_SESSION['s_kpp']) . "', '" . vam_db_prepare_input($_SESSION['s_ogrn']) . "', '" . vam_db_prepare_input($_SESSION['s_okpo']) . "', '" . vam_db_prepare_input($_SESSION['s_rs']) . "', '" . vam_db_prepare_input($_SESSION['s_bank_name']) . "', '" . vam_db_prepare_input($_SESSION['s_bik']) . "', '" . vam_db_prepare_input($_SESSION['s_ks']) . "', '" . vam_db_prepare_input($_SESSION['s_address']) . "', '" . vam_db_prepare_input($_SESSION['s_yur_address']) . "', '" . vam_db_prepare_input($_SESSION['s_fakt_address']) . "', '" . vam_db_prepare_input($_SESSION['s_telephone']) . "', '" . vam_db_prepare_input($_SESSION['s_fax']) . "', '" . vam_db_prepare_input($_SESSION['s_email']) . "', '" . vam_db_prepare_input($_SESSION['s_director']) . "', '" . vam_db_prepare_input($_SESSION['s_accountant']) . "')");
     if ($this->order_status) {
         vam_db_query("UPDATE " . TABLE_ORDERS . " SET orders_status='" . $this->order_status . "' WHERE orders_id='" . $insert_id . "'");
     }
 }
 function getNext()
 {
     switch ($this->mode) {
         // yearly
         case '1':
             $sd = $this->actDate;
             $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd), date("Y", $sd) + 1);
             break;
             // monthly
         // monthly
         case '2':
             $sd = $this->actDate;
             $ed = mktime(0, 0, 0, date("m", $sd) + 1, 1, date("Y", $sd));
             break;
             // weekly
         // weekly
         case '3':
             $sd = $this->actDate;
             $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 7, date("Y", $sd));
             break;
             // daily
         // daily
         case '4':
             $sd = $this->actDate;
             $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 1, date("Y", $sd));
             break;
     }
     if ($ed > $this->endDate) {
         $ed = $this->endDate;
     }
     $filterString = "";
     if ($this->statusFilter > 0) {
         $filterString .= " AND o.orders_status = " . $this->statusFilter . " ";
     }
     if (!is_numeric($this->paymentFilter)) {
         $filterString .= " AND o.payment_method ='" . vam_db_prepare_input($this->paymentFilter) . "' ";
     }
     $rqOrders = vam_db_query($this->queryOrderCnt . " WHERE o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString);
     $order = vam_db_fetch_array($rqOrders);
     $rqShipping = vam_db_query($this->queryShipping . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString);
     $shipping = vam_db_fetch_array($rqShipping);
     $rqItems = vam_db_query($this->queryItemCnt . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString . " group by pid " . $this->sortString);
     // set the return values
     $this->actDate = $ed;
     $this->showDate = $sd;
     $this->showDateEnd = $ed - 60 * 60 * 24;
     // execute the query
     $cnt = 0;
     $itemTot = 0;
     $sumTot = 0;
     while ($resp[$cnt] = vam_db_fetch_array($rqItems)) {
         // to avoid rounding differences round for every quantum
         // multiply with the number of items afterwords.
         $price = $resp[$cnt]['psum'] / $resp[$cnt]['pquant'];
         // products_attributes
         // are there any attributes for this order_id ?
         $rqAttr = vam_db_query($this->queryAttr . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "' AND op.products_id = " . $resp[$cnt]['pid'] . $filterString . " group by products_options_values order by orders_products_id");
         $i = 0;
         while ($attr[$i] = vam_db_fetch_array($rqAttr)) {
             $i++;
         }
         // values per date
         if ($i > 0) {
             $price2 = 0;
             $price3 = 0;
             $option = array();
             $k = -1;
             $ord_pro_id_old = 0;
             for ($j = 0; $j < $i; $j++) {
                 if ($attr[$j]['price_prefix'] == "-") {
                     $price2 += -1 * $attr[$j]['options_values_price'];
                     $price3 = -1 * $attr[$j]['options_values_price'];
                     $prefix = "-";
                 } else {
                     $price2 += $attr[$j]['options_values_price'];
                     $price3 = $attr[$j]['options_values_price'];
                     $prefix = "+";
                 }
                 $ord_pro_id = $attr[$j]['orders_products_id'];
                 if ($ord_pro_id != $ord_pro_id_old) {
                     $k++;
                     $l = 0;
                     // set values
                     $option[$k]['quant'] = $attr[$j]['attr_cnt'];
                     $option[$k]['options'][0] = $attr[$j]['products_options'];
                     $option[$k]['options_values'][0] = $attr[$j]['products_options_values'];
                     if ($price3 != 0) {
                         //$option[$k]['price'][0] = vam_add_tax($price3, $resp[$cnt]['ptax']);
                         $option[$k]['price'][0] = $price3;
                     } else {
                         $option[$k]['price'][0] = 0;
                     }
                 } else {
                     $l++;
                     // update values
                     $option[$k]['options'][$l] = $attr[$j]['products_options'];
                     $option[$k]['options_values'][$l] = $attr[$j]['products_options_values'];
                     if ($price3 != 0) {
                         //$option[$k]['price'][$l] = vam_add_tax($price3, $resp[$cnt]['ptax']);
                         $option[$k]['price'][$l] = $price3;
                     } else {
                         $option[$k]['price'][$l] = 0;
                     }
                 }
                 $ord_pro_id_old = $ord_pro_id;
             }
             // set attr value
             $resp[$cnt]['attr'] = $option;
         } else {
             $resp[$cnt]['attr'] = "";
         }
         //$resp[$cnt]['price'] = vam_add_tax($price, $resp[$cnt]['ptax']);
         //$resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * vam_add_tax($price, $resp[$cnt]['ptax']);
         $resp[$cnt]['price'] = $price;
         $resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * $price;
         $resp[$cnt]['order'] = $order['order_cnt'];
         $resp[$cnt]['shipping'] = $shipping['shipping'];
         // values per date and item
         $sumTot += $resp[$cnt]['psum'];
         $itemTot += $resp[$cnt]['pquant'];
         // add totsum and totitem until current row
         $resp[$cnt]['totsum'] = $sumTot;
         $resp[$cnt]['totitem'] = $itemTot;
         $cnt++;
     }
     return $resp;
 }
}
if (ACCOUNT_POSTCODE == 'true') {
    $vamTemplate->assign('postcode', '1');
    $vamTemplate->assign('INPUT_CODE', vam_draw_input_fieldNote(array('name' => 'postcode', 'text' => '&nbsp;' . (vam_not_null(ENTRY_POST_CODE_TEXT) ? '<span class="Requirement">' . ENTRY_POST_CODE_TEXT . '</span>' : '')), '', 'id="postcode"'));
} else {
    $vamTemplate->assign('postcode', '0');
}
if (ACCOUNT_CITY == 'true') {
    $vamTemplate->assign('city', '1');
    $vamTemplate->assign('INPUT_CITY', vam_draw_input_fieldNote(array('name' => 'city', 'text' => '&nbsp;' . (vam_not_null(ENTRY_CITY_TEXT) ? '<span class="Requirement">' . ENTRY_CITY_TEXT . '</span>' : '')), '', 'id="city"'));
} else {
    $vamTemplate->assign('city', '0');
}
if (ACCOUNT_STATE == 'true') {
    $vamTemplate->assign('state', '1');
    $country = isset($_POST['country']) ? vam_db_prepare_input($_POST['country']) : STORE_COUNTRY;
    $zone_id = 0;
    $check_query = vam_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'");
    $check = vam_db_fetch_array($check_query);
    $entry_state_has_zones = $check['total'] > 0;
    if ($entry_state_has_zones == true) {
        $zones_array = array();
        $zones_query = vam_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' order by zone_name");
        while ($zones_values = vam_db_fetch_array($zones_query)) {
            $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']);
        }
        $zone = vam_db_query("select distinct zone_id, zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_code = '" . vam_db_input($state) . "'");
        if (vam_db_num_rows($zone) > 0) {
            $zone_id = $zone['zone_id'];
            $zone_name = $zone['zone_name'];
        } else {
Exemple #23
0
         break;
     case '**D':
         $mail_query = vam_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_newsletter = '1'");
         $mail_sent_to = TEXT_NEWSLETTER_CUSTOMERS;
         break;
     default:
         $customers_email_address = vam_db_prepare_input($_POST['customers_email_address']);
         $mail_query = vam_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_email_address = '" . vam_db_input($customers_email_address) . "'");
         $mail_sent_to = $_POST['customers_email_address'];
         if ($_POST['email_to']) {
             $mail_sent_to = $_POST['email_to'];
         }
         break;
 }
 $from = vam_db_prepare_input($_POST['from']);
 $subject = vam_db_prepare_input($_POST['subject']);
 while ($mail = vam_db_fetch_array($mail_query)) {
     $id1 = create_coupon_code($mail['customers_email_address']);
     // assign language to template for caching
     $vamTemplate->assign('language', $_SESSION['language']);
     $vamTemplate->caching = false;
     $vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
     $vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
     $vamTemplate->assign('AMMOUNT', $currencies->format($_POST['amount']));
     $vamTemplate->assign('MESSAGE', $_POST['message']);
     $vamTemplate->assign('GIFT_ID', $id1);
     $vamTemplate->assign('WEBSITE', HTTP_SERVER . DIR_WS_CATALOG);
     $link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no=' . $id1;
     $vamTemplate->assign('GIFT_LINK', $link);
     $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.html');
     $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.txt');
    if (reg) { document.customers.state.value = reg; }
}
   var zones = new Array(
   <?php 
    $zones_query = vam_db_query("select zone_country_id,zone_name from " . TABLE_ZONES . " order by zone_name asc");
    $mas = array();
    while ($zones_values = vam_db_fetch_array($zones_query)) {
        $zones[] = 'new Array(' . $zones_values['zone_country_id'] . ',"' . $zones_values['zone_name'] . '")';
    }
    echo implode(',', $zones);
    ?>
       );
document.write('<SELECT NAME="state">');
document.write('</SELECT>');
changeselect("<?php 
    echo vam_db_prepare_input($_POST['state']);
    ?>
");
-->
</script>
          </td>
             </tr>
<?php 
}
?>
        </table></td>
      </tr>
      <tr>
        <td><?php 
echo vam_draw_separator('pixel_trans.gif', '1', '10');
?>
            vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . vam_db_input($shipping_status_id) . "' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
        }
        vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page'] . '&oID=' . $shipping_status_id));
        break;
    case 'deleteconfirm':
        $oID = vam_db_prepare_input($_GET['oID']);
        $shipping_status_query = vam_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
        $shipping_status = vam_db_fetch_array($shipping_status_query);
        if ($shipping_status['configuration_value'] == $oID) {
            vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
        }
        vam_db_query("delete from " . TABLE_SHIPPING_STATUS . " where shipping_status_id = '" . vam_db_input($oID) . "'");
        vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page']));
        break;
    case 'delete':
        $oID = vam_db_prepare_input($_GET['oID']);
        $remove_status = true;
        if ($oID == DEFAULT_SHIPPING_STATUS_ID) {
            $remove_status = false;
            $messageStack->add(ERROR_REMOVE_DEFAULT_SHIPPING_STATUS, 'error');
        } else {
        }
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
if ($affiliate_impressions == 0) {
    $affiliate_impressions = "n/a";
}
$vamTemplate->assign('affiliate_impressions', $affiliate_impressions);
$vamTemplate->assign('period_selector', affiliate_period('a_period', $affiliate['start_year'], $affiliate['start_month'], true, vam_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"'));
$affiliate_percent = 0;
$affiliate_percent = $affiliate['affiliate_commission_percent'];
if ($affiliate_percent < AFFILIATE_PERCENT) {
    $affiliate_percent = AFFILIATE_PERCENT;
}
$vamTemplate->assign('affiliate_percent', vam_round($affiliate_percent, 2));
$affiliate_percent_tier = preg_split("/;/", AFFILIATE_TIER_PERCENTAGE, AFFILIATE_TIER_LEVELS);
if (empty($_GET['a_period']) or $_GET['a_period'] == "all") {
    $affiliate_sales = affiliate_level_statistics_query($_SESSION['affiliate_id']);
} else {
    $affiliate_sales = affiliate_level_statistics_query($_SESSION['affiliate_id'], vam_db_prepare_input($_GET['a_period']));
}
$vamTemplate->assign('affiliate_transactions', vam_not_null($affiliate_sales['count']) ? $affiliate_sales['count'] : 0);
if ($affiliate_clickthroughs > 0) {
    $affiliate_conversions = vam_round($affiliate_transactions / $affiliate_clickthroughs * 100, 2) . "%";
} else {
    $affiliate_conversions = "n/a";
}
$vamTemplate->assign('affiliate_conversions', $affiliate_conversions);
$vamTemplate->assign('affiliate_amount', $vamPrice->Format($affiliate_sales['total'], true));
if ($affiliate_transactions > 0) {
    $affiliate_average = vam_round($affiliate_amount / $affiliate_transactions, 2);
    $affiliate_average = $vamPrice->Format($affiliate_average, true);
} else {
    $affiliate_average = "n/a";
}
Exemple #27
0
         $sql_data_array = array('authors_description' => vam_db_prepare_input($authors_desc_array[$language_id]), 'authors_url' => vam_db_prepare_input($authors_url_array[$language_id]));
         if ($action == 'insert') {
             $insert_sql_data = array('authors_id' => $authors_id, 'languages_id' => $language_id);
             $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
             vam_db_perform(TABLE_AUTHORS_INFO, $sql_data_array);
         } elseif ($action == 'save') {
             vam_db_perform(TABLE_AUTHORS_INFO, $sql_data_array, 'update', "authors_id = '" . (int) $authors_id . "' and languages_id = '" . (int) $language_id . "'");
         }
     }
     if (USE_CACHE == 'true') {
         vam_reset_cache_block('authors');
     }
     vam_redirect(vam_href_link(FILENAME_AUTHORS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'auID=' . $authors_id));
     break;
 case 'deleteconfirm':
     $authors_id = vam_db_prepare_input($_GET['auID']);
     vam_db_query("delete from " . TABLE_AUTHORS . " where authors_id = '" . (int) $authors_id . "'");
     vam_db_query("delete from " . TABLE_AUTHORS_INFO . " where authors_id = '" . (int) $authors_id . "'");
     if (isset($_POST['delete_articles']) && $_POST['delete_articles'] == 'on') {
         $articles_query = vam_db_query("select articles_id from " . TABLE_ARTICLES . " where authors_id = '" . (int) $authors_id . "'");
         while ($articles = vam_db_fetch_array($articles_query)) {
             vam_remove_article($articles['articles_id']);
         }
     } else {
         vam_db_query("update " . TABLE_ARTICLES . " set authors_id = '' where authors_id = '" . (int) $authors_id . "'");
     }
     if (USE_CACHE == 'true') {
         vam_reset_cache_block('authors');
     }
     vam_redirect(vam_href_link(FILENAME_AUTHORS, 'page=' . $_GET['page']));
     break;
   ---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'vam_validate_password.inc.php';
require_once DIR_FS_INC . 'vam_encrypt_password.inc.php';
if (!isset($_SESSION['customer_id'])) {
    vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (isset($_POST['action']) && $_POST['action'] == 'process') {
    $password_current = vam_db_prepare_input($_POST['password_current']);
    $password_new = vam_db_prepare_input($_POST['password_new']);
    $password_confirmation = vam_db_prepare_input($_POST['password_confirmation']);
    $error = false;
    if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
    } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }
    if ($error == false) {
        $check_customer_query = vam_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
        $check_customer = vam_db_fetch_array($check_customer_query);
        if (vam_validate_password($password_current, $check_customer['customers_password'])) {
                <td class="dataTableHeadingContent" align="right"><?php 
    echo TABLE_HEADING_STATUS;
    ?>
</td>
                <td class="dataTableHeadingContent" align="right"><?php 
    echo TABLE_HEADING_ACTION;
    ?>
&nbsp;</td>
              </tr>
<?php 
    if ($_GET['sID']) {
        // Search only payment_id by now
        $sID = vam_db_prepare_input($_GET['sID']);
        $payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where p.affiliate_payment_id = '" . vam_db_input($sID) . "' and p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC";
    } elseif (is_numeric($_GET['status'])) {
        $status = vam_db_prepare_input($_GET['status']);
        $payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where s.affiliate_payment_status_id = '" . vam_db_input($status) . "' and p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC";
    } else {
        $payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC";
    }
    $payments_split = new splitPageResults($_GET['page'], MAX_DISPLAY_ADMIN_PAGE, $payments_query_raw, $payments_query_numrows);
    $payments_query = vam_db_query($payments_query_raw);
    while ($payments = vam_db_fetch_array($payments_query)) {
        if ((!$_GET['pID'] || $_GET['pID'] == $payments['affiliate_payment_id']) && !$pInfo) {
            $pInfo = new objectInfo($payments);
        }
        if (is_object($pInfo) && $payments['affiliate_payment_id'] == $pInfo->affiliate_payment_id) {
            echo '              <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID', 'action')) . 'pID=' . $pInfo->affiliate_payment_id . '&action=edit') . '\'">' . "\n";
        } else {
            echo '              <tr class="dataTableRow" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'hand\'" onmouseout="this.className=\'dataTableRow\'" onclick="document.location.href=\'' . vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID')) . 'pID=' . $payments['affiliate_payment_id']) . '\'">' . "\n";
        }
   Copyright (c) 2007 VaM Shop
   --------------------------------------------------------------
   based on:
   (c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
   (c) 2002-2003 osCommercecoding standards www.oscommerce.com
   (c) 2004	 xt:Commerce (popup_memo.php,v 1.7 2003/08/18); xt-commerce.com

   Released under the GNU General Public License
   --------------------------------------------------------------*/
require 'includes/application_top.php';
include DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/customers.php';
if ($_GET['action']) {
    switch ($_GET['action']) {
        case 'save':
            $memo_title = vam_db_prepare_input($_POST['memo_title']);
            $memo_text = vam_db_prepare_input($_POST['memo_text']);
            if ($memo_text != '' && $memo_title != '') {
                $sql_data_array = array('customers_id' => $_POST['ID'], 'memo_date' => date("Y-m-d"), 'memo_title' => $memo_title, 'memo_text' => nl2br($memo_text), 'poster_id' => $_SESSION['customer_id']);
                vam_db_perform(TABLE_CUSTOMERS_MEMO, $sql_data_array);
            }
            break;
        case 'remove':
            vam_db_query("DELETE FROM " . TABLE_CUSTOMERS_MEMO . " where memo_id='" . $_GET['mID'] . "'");
            break;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>