Exemple #1
0
function repGetProductReportByCategoryID($callBackParam, &$count_row, $navigatorParams = null)
{
    if ($navigatorParams != null) {
        $offset = $navigatorParams["offset"];
        $CountRowOnPage = $navigatorParams["CountRowOnPage"];
    } else {
        $offset = 0;
        $CountRowOnPage = 0;
    }
    $where_clause = "";
    $order_clause = "";
    if (isset($callBackParam["categoryID"])) {
        if ($callBackParam["categoryID"] != 0) {
            $where_clause = " where categoryID=" . (int) $callBackParam["categoryID"];
        }
    }
    if (isset($callBackParam["sort"])) {
        $order_clause = " order by " . xEscSQL($callBackParam["sort"]);
        if (isset($callBackParam["direction"])) {
            $order_clause .= " " . xEscSQL($callBackParam["direction"]);
        }
    }
    $res = array();
    $q = db_query("select name, customers_rating, customer_votes, items_sold, " . " viewed_times, in_stock, sort_order  from " . PRODUCTS_TABLE . " " . $where_clause . " " . $order_clause);
    $i = 0;
    while ($row = db_fetch_row($q)) {
        if ($i >= $offset && $i < $offset + $CountRowOnPage || $navigatorParams == null) {
            $res[] = $row;
        }
        $i++;
    }
    $count_row = $i;
    return $res;
}
Exemple #2
0
function configUpdateOptionValue($productID, $updatedValues)
{
    foreach ($updatedValues as $key => $value) {
        if ($updatedValues[$key]["option_radio_type"] == "UN_DEFINED" || $updatedValues[$key]["option_radio_type"] == "ANY_VALUE") {
            $option_type = 0;
        } else {
            $option_type = 1;
        }
        if ($updatedValues[$key]["option_radio_type"] == "UN_DEFINED") {
            $option_value = null;
        } else {
            if (isset($updatedValues[$key]["option_value"])) {
                $option_value = $updatedValues[$key]["option_value"];
            } else {
                $option_value = null;
            }
        }
        $where_clause = " where optionID=" . (int) $key . " AND productID=" . (int) $productID;
        $q = db_query("select count(*) from " . PRODUCT_OPTIONS_VALUES_TABLE . " " . $where_clause);
        $r = db_fetch_row($q);
        if ($r[0] == 1) {
            db_query("update " . PRODUCT_OPTIONS_VALUES_TABLE . " set option_value='" . xEscSQL($option_value) . "', option_type=" . (int) $option_type . " " . $where_clause);
        } else {
            db_query("insert into " . PRODUCT_OPTIONS_VALUES_TABLE . "(optionID, productID, option_value, option_type)" . "values ('" . (int) $key . "', '" . (int) $productID . "', '" . xEscSQL($option_value) . "', '" . (int) $option_type . "')");
        }
    }
}
Exemple #3
0
 function _setCallBackParamsToSearchOrders(&$callBackParam)
 {
     $callBackParam = array("customerID" => regGetIdByLogin($_SESSION["log"]));
     if (isset($_GET["sort"])) {
         $callBackParam["sort"] = xEscSQL($_GET["sort"]);
         if (isset($_GET["direction"])) {
             $callBackParam["direction"] = xEscSQL($_GET["direction"]);
         }
     } else {
         $callBackParam["sort"] = "order_time";
         $callBackParam["direction"] = "DESC";
     }
     if ($_GET["order_search_type"] == "SearchByOrderID") {
         $callBackParam["orderID"] = (int) $_GET["orderID_textbox"];
     } else {
         if ($_GET["order_search_type"] == "SearchByStatusID") {
             $orderStatuses = array();
             $data = ScanGetVariableWithId(array("checkbox_order_status"));
             foreach ($data as $key => $val) {
                 if ($val["checkbox_order_status"] == "1") {
                     $orderStatuses[] = (int) $key;
                 }
             }
             $callBackParam["orderStatuses"] = $orderStatuses;
         }
     }
 }
Exemple #4
0
function modGetModuleConfigs($_ModuleClassName)
{
    $ModuleConfigs = array();
    $sql = "select * FROM " . MODULES_TABLE . " WHERE ModuleClassName='" . xEscSQL($_ModuleClassName) . "' ORDER BY module_name ASC\n        ";
    $Result = db_query($sql);
    while ($_Row = db_fetch_row($Result)) {
        $ModuleConfigs[] = array('ConfigID' => $_Row['module_id'], 'ConfigName' => $_Row['module_name'], 'ConfigClass' => $_ModuleClassName);
    }
    return $ModuleConfigs;
}
Exemple #5
0
function blockspgAddblocksPageFile($page_name, $page_file, $which, $bposition, $active, $admin, $s, $d, $c, $p)
{
    $rs = isset($s) ? serialize($s) : serialize(array());
    $rd = isset($d) ? serialize($d) : serialize(array());
    $rc = isset($c) ? serialize($c) : serialize(array());
    $rpt = explode("\n", chop($p));
    $rp = array();
    for ($i = 0; $i < count($rpt); $i++) {
        if ($tmp = (int) rtrim($rpt[$i]) > 0 && rtrim($rpt[$i]) !== "") {
            $rp[] = (int) rtrim($rpt[$i]);
        }
    }
    $rp = serialize($rp);
    db_query("insert into " . BLOCKS_TABLE . " ( title, bposition, active, which, html, url, admin, pages, dpages, categories, products )  " . " values( '" . xToText($page_name) . "', " . (int) $bposition . ", " . (int) $active . ", " . (int) $which . ", '1', '" . $page_file . "', " . (int) $admin . ", '" . xEscSQL($rs) . "',\n                '" . xEscSQL($rd) . "', '" . xEscSQL($rc) . "', '" . xEscSQL($rp) . "') ");
}
Exemple #6
0
function settingCallHtmlFunction($constantName)
{
    $q = db_query("select settings_html_function, settingsID, settings_constant_name from " . SETTINGS_TABLE . " where settings_constant_name='" . xEscSQL($constantName) . "' ");
    if ($row = db_fetch_row($q)) {
        $function = $row["settings_html_function"];
        $settingsID = $row["settingsID"];
        $str = "";
        if (preg_match('/,[ ]*$|\\([ ]*$/', $function)) {
            eval("\$str=" . $function . "{$settingsID});");
        } else {
            eval("\$str=" . $function . ";");
        }
        return $str;
    }
    return false;
}
function _getInsertStatement($xmlTable, $row, $columns = NULL, $attributes = NULL, $columnsClause)
{
    $sql = "INSERT INTO ";
    if (!$attributes) {
        $attributes = $xmlTable->GetXmlNodeAttributes();
    }
    $tableAlias = $attributes["NAME"];
    $tableName = $attributes["NAME"];
    // exceptions
    if ($tableName == CATEGORIES_TABLE) {
        if ($row["categoryID"] == 1) {
            return "";
        }
    }
    $sql .= $tableAlias;
    $valueClause = "";
    if (!$columns) {
        $columns = $xmlTable->SelectNodes("table/column");
    }
    $i = 0;
    foreach ($columns as $xmlColumn) {
        $attributes = $xmlColumn->GetXmlNodeAttributes();
        $columnName = $xmlColumn->GetXmlNodeData();
        $columnName = trim($columnName);
        $type = strtoupper($attributes["TYPE"]);
        if (strstr($type, "CHAR") || strstr($type, "VARCHAR") || strstr($type, "TEXT") || strstr($type, "DATETIME")) {
            $cellValue = $row[$i];
            $cellValue = xEscSQL($cellValue);
            $value = "'" . $cellValue . "'";
        } else {
            $value = $row[$i];
        }
        if ($row[$i] == null && trim($row[$i]) == "") {
            $value = "NULL";
        }
        if ($i == 0) {
            $valueClause .= $value;
        } else {
            $valueClause .= ", " . $value;
        }
        $i++;
    }
    $sql .= " (" . $columnsClause . ") values (" . $valueClause . ")";
    $sql = str_replace(DB_PRFX, "DBPRFX_", $sql);
    return $sql;
}
Exemple #8
0
function db_query($s)
{
    //database query
    global $sc_4, $sc_8, $gmc;
    if (isset($gmc) && $gmc == 1) {
        $sc_81 = getmicrotime();
    }
    // $scriptv = getmicrotime();
    $res = array();
    $res["resource"] = mysql_query($s);
    /*
     $scriptp = getmicrotime();
     $rom = $scriptp-$scriptv;
     print $rom." - ".$s."<br>";
    */
    if (!$res['resource']) {
        $out = "ERROR: " . mysql_errno() . ":" . mysql_error() . "\nSql: " . $s . "\nLink: " . $_SERVER["REQUEST_URI"] . "\nDate: " . date("d.m.y - H:i:s") . "\nDump:\n";
        ob_start();
        var_dump($_GET);
        var_dump($_POST);
        $tmpa = ob_get_contents();
        ob_end_clean();
        $out .= $tmpa;
        mysql_query("insert into " . MYSQL_ERROR_LOG_TABLE . " (errors, tstamp) VALUES ('" . xEscSQL(ToText($out)) . "', NOW())");
        $ecount = mysql_fetch_row(mysql_query("select count(*) from " . MYSQL_ERROR_LOG_TABLE));
        $ecount = $ecount[0] - 50;
        if ($ecount > 0) {
            mysql_query("delete from " . MYSQL_ERROR_LOG_TABLE . " ORDER BY tstamp ASC LIMIT " . $ecount);
        }
        // die('Wrong database query!');
    }
    $res["columns"] = array();
    $column_index = 0;
    while ($xwer = @mysql_fetch_field($res["resource"])) {
        $res["columns"][$xwer->name] = $column_index;
        $column_index++;
    }
    if (isset($gmc) && $gmc == 1) {
        $sc_82 = getmicrotime();
        $sc_4++;
        $sc_8 = $sc_8 + $sc_82 - $sc_81;
    }
    return $res;
}
Exemple #9
0
/**
 * return array of categories by requested params
 *
 * @return array
 */
function le_getCategories($_where = '1', $_what = 'le_cID, le_cName, le_cSortOrder', $_order = "le_cSortOrder ASC, le_cName ASC")
{
    $categories = array();
    if (is_array($_where)) {
        foreach ($_where as $_col => $_val) {
            $_where[$_col] = $_col . " = '" . $_val . "'";
        }
        $_where = implode(" AND ", $_where);
    }
    if (is_array($_what)) {
        $_what = implode(", ", xEscSQL($_what));
    } else {
        $_what = xEscSQL($_what);
    }
    $sql = "select " . $_what . " FROM " . LINK_EXCHANGE_CATEGORIES_TABLE . "\n                WHERE " . $_where . " ORDER BY " . xEscSQL($_order);
    $result = db_query($sql);
    while ($_row = db_fetch_row($result)) {
        $categories[] = $_row;
    }
    return $categories;
}
Exemple #10
0
function error_reporting_log($error_num, $error_var, $error_file, $error_line)
{
    $error_write = false;
    switch ($error_num) {
        case 1:
            $error_desc = "ERROR";
            $error_write = true;
            break;
        case 2:
            $error_desc = "WARNING";
            $error_write = true;
            break;
        case 4:
            $error_desc = "PARSE";
            $error_write = true;
            break;
        case 8:
            $error_desc = "NOTICE";
            $error_write = false;
            break;
    }
    if ($error_write) {
        if (strpos($error_file, "mysql.php") == false && strpos($error_file, "smarty") == false) {
            $out = $error_desc . ": " . $error_var . "\nLine: " . $error_line . "\nFile: " . $error_file . "\nLink: " . $_SERVER["REQUEST_URI"] . "\nDate: " . date("d.m.y - H:i:s") . "\nDump:\n";
            ob_start();
            var_dump($_GET);
            var_dump($_POST);
            $tmpa = ob_get_contents();
            ob_end_clean();
            $out .= $tmpa;
            db_query("insert into " . ERROR_LOG_TABLE . " (errors, tstamp) VALUES ('" . xEscSQL(ToText($out)) . "', NOW())");
            $ecount = db_fetch_row(db_query("select count(*) from " . ERROR_LOG_TABLE));
            $ecount = $ecount[0] - 50;
            if ($ecount > 0) {
                db_query("delete from " . ERROR_LOG_TABLE . " ORDER BY tstamp ASC LIMIT " . $ecount);
            }
        }
    }
}
Exemple #11
0
function discGetAllDiscussion($callBackParam, &$count_row, $navigatorParams = null)
{
    $data = array();
    $orderClause = "";
    if (isset($callBackParam["sort"])) {
        $orderClause = " order by " . xEscSQL($callBackParam["sort"]);
        if (isset($callBackParam["direction"])) {
            if ($callBackParam["direction"] == "ASC") {
                $orderClause .= " ASC ";
            } else {
                $orderClause .= " DESC ";
            }
        }
    }
    $filter = "";
    if (isset($callBackParam["productID"])) {
        if ($callBackParam["productID"] != 0) {
            $filter = " AND " . PRODUCTS_TABLE . ".productID=" . (int) $callBackParam["productID"];
        }
    }
    $q = db_query("select DID, Author, Body, add_time, Topic, name AS product_name from " . DISCUSSIONS_TABLE . ", " . PRODUCTS_TABLE . " where " . DISCUSSIONS_TABLE . ".productID=" . PRODUCTS_TABLE . ".productID " . $filter . " " . $orderClause);
    if ($navigatorParams != null) {
        $offset = $navigatorParams["offset"];
        $CountRowOnPage = $navigatorParams["CountRowOnPage"];
    } else {
        $offset = 0;
        $CountRowOnPage = 0;
    }
    $i = 0;
    while ($row = db_fetch_row($q)) {
        if ($i >= $offset && $i < $offset + $CountRowOnPage || $navigatorParams == null) {
            $row["add_time"] = format_datetime($row["add_time"]);
            $data[] = $row;
        }
        $i++;
    }
    $count_row = $i;
    return $data;
}
Exemple #12
0
function payUpdatePaymentMethod($PID, $Name, $description, $Enabled, $sort_order, $module_id, $email_comments_text, $calculate_tax)
{
    db_query("update " . PAYMENT_TYPES_TABLE . " set" . " Name='" . xToText($Name) . "', description='" . xEscSQL($description) . "', email_comments_text='" . xEscSQL($email_comments_text) . "', " . " Enabled=" . (int) $Enabled . ", module_id=" . (int) $module_id . ", sort_order=" . (int) $sort_order . ", calculate_tax = " . (int) $calculate_tax . " where PID=" . (int) $PID);
}
Exemple #13
0
function shUpdateShippingMethod($SID, $Name, $description, $Enabled, $sort_order, $module_id, $email_comments_text)
{
    db_query("update " . SHIPPING_METHODS_TABLE . " set Name='" . xToText(trim($Name)) . "', description='" . xEscSQL($description) . "', email_comments_text='" . xEscSQL($email_comments_text) . "', " . " Enabled=" . (int) $Enabled . ", module_id=" . (int) $module_id . ", sort_order=" . (int) $sort_order . " where SID=" . (int) $SID);
}
Exemple #14
0
function ordOrderProcessing($shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $customers_comment, $cc_number, $cc_holdername, $cc_expires, $cc_cvv, $log, $smarty_mail, $shServiceID = 0)
{
    $customerID = $log != null ? regGetIdByLogin($log) : NULL;
    if ($log != null) {
        $customerInfo = regGetCustomerInfo2($log);
    } else {
        $customerInfo['first_name'] = $_SESSION['first_name'];
        $customerInfo['last_name'] = $_SESSION['last_name'];
        $customerInfo['Email'] = $_SESSION['email'];
        $customerInfo['affiliationLogin'] = $_SESSION['affiliationLogin'];
    }
    $order_time = get_current_time();
    $frandl = mt_rand(3, 999);
    $order_active_link = md5($order_time) . $frandl;
    $customer_ip = stGetCustomerIP_Address();
    $statusID = CONF_ACTIVE_ORDER == 1 ? 0 : ostGetNewOrderStatus();
    $customer_affiliationLogin = isset($customerInfo['affiliationLogin']) ? $customerInfo['affiliationLogin'] : '';
    $customer_email = $customerInfo['Email'];
    $currencyID = currGetCurrentCurrencyUnitID();
    if ($currencyID != 0) {
        $currentCurrency = currGetCurrencyByID($currencyID);
        $currency_code = $currentCurrency['currency_iso_3'];
        $currency_value = $currentCurrency['currency_value'];
        $currency_round = $currentCurrency['roundval'];
    } else {
        $currency_code = '';
        $currency_value = 1;
        $currency_round = 2;
    }
    // get shipping address
    if ($shippingAddressID != 0) {
        $shippingAddress = regGetAddress($shippingAddressID);
        $shippingAddressCountry = cnGetCountryById($shippingAddress['countryID']);
        $shippingAddress['country_name'] = $shippingAddressCountry['country_name'];
    } else {
        $shippingCountryName = cnGetCountryById($_SESSION['receiver_countryID']);
        $shippingCountryName = $shippingCountryName['country_name'];
        $shippingAddress['first_name'] = $_SESSION['receiver_first_name'];
        $shippingAddress['last_name'] = $_SESSION['receiver_last_name'];
        $shippingAddress['country_name'] = $shippingCountryName;
        $shippingAddress['state'] = $_SESSION['receiver_state'];
        $shippingAddress['city'] = $_SESSION['receiver_city'];
        $shippingAddress['address'] = $_SESSION['receiver_address'];
        $shippingAddress['zoneID'] = $_SESSION['receiver_zoneID'];
    }
    if (is_null($shippingAddress['state']) || trim($shippingAddress['state']) == '') {
        $zone = znGetSingleZoneById($shippingAddress['zoneID']);
        $shippingAddress['state'] = $zone['zone_name'];
    }
    // get billing address
    if ($billingAddressID != 0) {
        $billingAddress = regGetAddress($billingAddressID);
        $billingAddressCountry = cnGetCountryById($billingAddress['countryID']);
        $billingAddress['country_name'] = $billingAddressCountry['country_name'];
    } else {
        $billingCountryName = cnGetCountryById($_SESSION['billing_countryID']);
        $billingCountryName = $billingCountryName['country_name'];
        $billingAddress['first_name'] = $_SESSION['billing_first_name'];
        $billingAddress['last_name'] = $_SESSION['billing_last_name'];
        $billingAddress['country_name'] = $billingCountryName;
        $billingAddress['state'] = $_SESSION['billing_state'];
        $billingAddress['city'] = $_SESSION['billing_city'];
        $billingAddress['address'] = $_SESSION['billing_address'];
        $billingAddress['zoneID'] = $_SESSION['billing_zoneID'];
    }
    if (is_null($billingAddress['state']) || trim($billingAddress['state']) == '') {
        $zone = znGetSingleZoneById($billingAddress['zoneID']);
        $billingAddress['state'] = $zone['zone_name'];
    }
    $cartContent = cartGetCartContent();
    foreach ($cartContent['cart_content'] as $key => $cartItem) {
        if (!empty($cartItem['opt_margin']) && $paymentMethodID == 2) {
            $cost = $cartItem['costUC'];
            $margin = $cost / 100 * CONF_PERCENT_MARGIN;
            $cost += $margin;
            $costShow = show_price($cost * $cartItem['quantity']);
            $cartContent['cart_content'][$key]['costUC'] = $cost;
            $cartContent['cart_content'][$key]['cost'] = $costShow;
        }
    }
    if ($log != null) {
        $addresses = array($shippingAddressID, $billingAddressID);
    } else {
        $addresses = array(array('countryID' => $_SESSION['receiver_countryID'], 'zoneID' => $_SESSION['receiver_zoneID']), array('countryID' => $_SESSION['billing_countryID'], 'zoneID' => $_SESSION['billing_zoneID']));
    }
    $orderDetails = array('first_name' => $shippingAddress['first_name'], 'last_name' => $shippingAddress['last_name'], 'email' => $customerInfo['Email'], 'order_amount' => oaGetOrderAmountExShippingRate($cartContent, $addresses, $log, FALSE));
    $shippingMethod = shGetShippingMethodById($shippingMethodID);
    $shipping_email_comments_text = $shippingMethod['email_comments_text'];
    $shippingName = $shippingMethod['Name'];
    $paymentMethod = payGetPaymentMethodById($paymentMethodID);
    $paymentName = $paymentMethod['Name'];
    $payment_email_comments_text = $paymentMethod['email_comments_text'];
    if (isset($paymentMethod['calculate_tax']) && (int) $paymentMethod['calculate_tax'] == 0) {
        $order_amount = oaGetOrderAmount($cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID);
        $d = oaGetDiscountPercent($cartContent, $log);
        $tax = 0;
        $shipping_costUC = oaGetShippingCostTakingIntoTax($cartContent, $shippingMethodID, $addresses, $orderDetails, FALSE, $shServiceID, TRUE);
        $discount_percent = oaGetDiscountPercent($cartContent, $log);
    } else {
        $order_amount = oaGetOrderAmount($cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID);
        $d = oaGetDiscountPercent($cartContent, $log);
        $tax = oaGetProductTax($cartContent, $d, $addresses);
        $shipping_costUC = oaGetShippingCostTakingIntoTax($cartContent, $shippingMethodID, $addresses, $orderDetails, TRUE, $shServiceID, TRUE);
        $discount_percent = oaGetDiscountPercent($cartContent, $log);
    }
    $shServiceInfo = '';
    if (is_array($shipping_costUC)) {
        list($shipping_costUC) = $shipping_costUC;
        $shServiceInfo = $shipping_costUC['name'];
        $shipping_costUC = $shipping_costUC['rate'];
    }
    $paymentMethod = payGetPaymentMethodById($paymentMethodID);
    if ($paymentMethod) {
        $currentPaymentModule = modGetModuleObj($paymentMethod['module_id'], PAYMENT_MODULE);
    } else {
        $currentPaymentModule = null;
    }
    if ($currentPaymentModule != null) {
        //define order details for payment module
        $order_payment_details = array('customer_email' => $customer_email, 'customer_ip' => $customer_ip, 'order_amount' => $order_amount, 'currency_code' => $currency_code, 'currency_value' => $currency_value, 'shipping_cost' => $shipping_costUC, 'order_tax' => $tax, 'shipping_info' => $shippingAddress, 'billing_info' => $billingAddress);
        $process_payment_result = $currentPaymentModule->payment_process($order_payment_details);
        //gets payment processing result
        if (!($process_payment_result == 1)) {
            //die ($process_payment_result);
            if (isset($_POST)) {
                $_SESSION['order4confirmation_post'] = $_POST;
            }
            xSaveData('PaymentError', $process_payment_result);
            if (!$customerID) {
                RedirectProtected('index.php?order4_confirmation_quick=yes' . '&shippingMethodID=' . $_GET['shippingMethodID'] . '&paymentMethodID=' . $_GET['paymentMethodID'] . '&shServiceID=' . $shServiceID);
            } else {
                RedirectProtected('index.php?order4_confirmation=yes' . '&shippingAddressID=' . $_GET['shippingAddressID'] . '&shippingMethodID=' . $_GET['shippingMethodID'] . '&billingAddressID=' . $_GET['billingAddressID'] . '&paymentMethodID=' . $_GET['paymentMethodID'] . '&shServiceID=' . $shServiceID);
            }
            return false;
        }
    }
    $customerID = (int) $customerID;
    //    debug($cartContent['cart_content']);
    //
    //    exit;
    $sql = 'INSERT INTO ' . ORDERS_TABLE . '
    SET
    customerID =  ' . (int) $customerID . ',
    order_time = "' . xEscSQL($order_time) . '",
    customer_ip = "' . xToText($customer_ip) . '",
    shipping_type = "' . xToText($shippingName) . '",
    payment_type = "' . xToText($paymentName) . '",
    customers_comment = "' . xToText($customers_comment) . '",
    statusID = ' . (int) $statusID . ',
    shipping_cost = "' . (double) $shipping_costUC . '",
    order_discount = "' . (double) $discount_percent . '",
    order_amount= "' . (double) $order_amount . '",
    currency_code = "' . xEscSQL($currency_code) . '",
    currency_value = "' . (double) $currency_value . '",
    customer_firstname = "' . xToText($customerInfo['first_name']) . '",
    customer_lastname = "' . xToText($customerInfo['last_name']) . '",
    customer_email = "' . xToText($customer_email) . '",
    shipping_firstname = "' . xToText($shippingAddress['first_name']) . '",
    shipping_lastname = "' . xToText($shippingAddress['last_name']) . '",
    shipping_country= "' . xToText($shippingAddress['country_name']) . '",
    shipping_state= "' . xToText($shippingAddress['state']) . '",
    shipping_city= "' . xToText($shippingAddress['city']) . '",
    shipping_address= "' . xToText($shippingAddress['address']) . '",
    billing_firstname= "' . xToText($billingAddress['first_name']) . '",
    billing_lastname= "' . xToText($billingAddress['last_name']) . '",
    billing_country= "' . xToText($billingAddress['country_name']) . '",
    billing_state= "' . xToText($billingAddress['state']) . '",
    billing_city= "' . xToText($billingAddress['city']) . '",
    billing_address= "' . xToText($billingAddress['address']) . '",
    cc_number= "' . xEscSQL($cc_number) . '",
    cc_holdername= "' . xToText($cc_holdername) . '",
    cc_expires= "' . xEscSQL($cc_expires) . '",
    cc_cvv= "' . xEscSQL($cc_cvv) . '",
    affiliateID= "' . (isset($_SESSION['refid']) ? $_SESSION['refid'] : regGetIdByLogin($customer_affiliationLogin)) . '",
    shippingServiceInfo= "' . $shServiceInfo . '",
    custlink= "' . xEscSQL($order_active_link) . '",
    currency_round= "' . (int) $currency_round . '",
    paymethod= ' . (int) $paymentMethodID;
    db_query($sql);
    $orderID = db_insert_id(ORDERS_TABLE);
    if (!CONF_ACTIVE_ORDER) {
        stChangeOrderStatus($orderID, $statusID);
    }
    $paymentMethod = payGetPaymentMethodById($paymentMethodID);
    if ($paymentMethod) {
        $currentPaymentModule = modGetModuleObj($paymentMethod['module_id'], PAYMENT_MODULE);
        //                $currentPaymentModule = payGetPaymentModuleById( $paymentMethod['module_id'], $paymentModulesFiles );
    } else {
        $currentPaymentModule = null;
    }
    //save shopping cart content to database and update in-stock information
    if ($log != null) {
        cartMoveContentFromShoppingCartsToOrderedCarts($orderID, $shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $smarty_mail);
    } else {
        _moveSessionCartContentToOrderedCart($orderID, $paymentMethodID);
        //update in-stock information
        if ($statusID != ostGetCanceledStatusId() && CONF_CHECKSTOCK) {
            $q1 = db_query('select itemID, Quantity FROM ' . ORDERED_CARTS_TABLE . ' WHERE orderID=' . (int) $orderID);
            while ($item = db_fetch_row($q1)) {
                $q2 = db_query('select productID FROM ' . SHOPPING_CART_ITEMS_TABLE . ' WHERE itemID=' . (int) $item['itemID']);
                $pr = db_fetch_row($q2);
                if ($pr) {
                    db_query('update ' . PRODUCTS_TABLE . ' set in_stock = in_stock - ' . (int) $item['Quantity'] . ' where productID=' . (int) $pr[0]);
                    $q = db_query('select name, in_stock FROM ' . PRODUCTS_TABLE . ' WHERE productID=' . (int) $pr[0]);
                    $productsta = db_fetch_row($q);
                    if ($productsta[1] == 0) {
                        if (CONF_AUTOOFF_STOCKADMIN) {
                            db_query('update ' . PRODUCTS_TABLE . ' set enabled=0 where productID=' . (int) $pr[0]);
                        }
                        if (CONF_NOTIFY_STOCKADMIN) {
                            $smarty_mail->assign('productstaname', $productsta[0]);
                            $smarty_mail->assign('productstid', $pr[0]);
                            $stockadmin = $smarty_mail->fetch('notify_stockadmin.tpl');
                            $ressta = xMailTxtHTMLDATA(CONF_ORDERS_EMAIL, CUSTOMER_ACTIVATE_99 . ' - ' . CONF_SHOP_NAME, $stockadmin);
                        }
                    }
                }
            }
        }
        //now save registration form aux fields into CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG
        //for quick checkout orders these fields are stored separately than for registered customer (SS_customers)
        db_query('delete from ' . CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG . ' where orderID=' . (int) $orderID);
        foreach ($_SESSION as $key => $val) {
            if (strstr($key, 'additional_field_') && strlen(trim($val)) > 0) {
                $id = (int) str_replace('additional_field_', '', $key);
                if ($id > 0) {
                    db_query('insert into ' . CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG . ' (orderID, reg_field_ID, reg_field_value) values (' . (int) $orderID . ', ' . (int) $id . ', "' . xToText(trim($val)) . '");');
                }
            }
        }
    }
    if ($currentPaymentModule != null) {
        $currentPaymentModule->after_processing_php($orderID);
    }
    _sendOrderNotifycationToAdmin($orderID, $smarty_mail, $tax);
    _sendOrderNotifycationToCustomer($orderID, $smarty_mail, $customerInfo['Email'], $log, $payment_email_comments_text, $shipping_email_comments_text, $tax, $order_active_link);
    if ($log == null) {
        _quickOrderUnsetSession();
    }
    unset($_SESSION['order4confirmation_post']);
    return $orderID;
}
Exemple #15
0
 function admin_print_html($orderID)
 {
     $order = ordGetOrder($orderID);
     if (!$this->ModuleConfigID) {
         $sql = 'SELECT module_id FROM ' . MODULES_TABLE . ' WHERE module_name="' . xEscSQL($this->title) . '"';
         @(list($this->ModuleConfigID) = db_fetch_row(db_query($sql)));
     }
     $result = 'admin.php?do=invoice_phys&moduleID=' . (int) $this->ModuleConfigID . '&orderID=' . (int) $orderID;
     return $result;
 }
Exemple #16
0
function newsUpdateNews($add_date, $title, $textToPrePublication, $textToPublication, $textToMail, $id_news)
{
    db_query("update " . NEWS_TABLE . " set     add_date='" . xEscSQL(dtDateConvert($add_date)) . "', " . "         title='" . xToText($title) . "', " . "         textToPrePublication='" . xEscSQL($textToPrePublication) . "', " . "         textToPublication='" . xEscSQL($textToPublication) . "', " . "         textToMail='" . xEscSQL($textToMail) . "' " . " where NID = " . (int) $id_news);
}
Exemple #17
0
function regGetCustomers($callBackParam, &$count_row, $navigatorParams = null)
{
    if ($navigatorParams != null) {
        $offset = $navigatorParams["offset"];
        $CountRowOnPage = $navigatorParams["CountRowOnPage"];
    } else {
        $offset = 0;
        $CountRowOnPage = 0;
    }
    $where_clause = "";
    if (isset($callBackParam["Login"])) {
        $callBackParam["Login"] = xEscSQL($callBackParam["Login"]);
        $where_clause .= " Login LIKE '%" . $callBackParam["Login"] . "%' ";
    }
    if (isset($callBackParam["first_name"])) {
        $callBackParam["first_name"] = xEscSQL($callBackParam["first_name"]);
        if ($where_clause != "") {
            $where_clause .= " AND ";
        }
        $where_clause .= " first_name LIKE '%" . $callBackParam["first_name"] . "%' ";
    }
    if (isset($callBackParam["last_name"])) {
        $callBackParam["last_name"] = xEscSQL($callBackParam["last_name"]);
        if ($where_clause != "") {
            $where_clause .= " AND ";
        }
        $where_clause .= " last_name LIKE '%" . $callBackParam["last_name"] . "%' ";
    }
    if (isset($callBackParam["email"])) {
        $callBackParam["email"] = xEscSQL($callBackParam["email"]);
        if ($where_clause != "") {
            $where_clause .= " AND ";
        }
        $where_clause .= " Email LIKE '%" . $callBackParam["email"] . "%' ";
    }
    if (isset($callBackParam["groupID"])) {
        if ($callBackParam["groupID"] != 0) {
            if ($where_clause != "") {
                $where_clause .= " AND ";
            }
            $where_clause .= " custgroupID = " . (int) $callBackParam["groupID"] . " ";
        }
    }
    if (isset($callBackParam["ActState"])) {
        switch ($callBackParam["ActState"]) {
            #activated
            case 1:
                if ($where_clause != "") {
                    $where_clause .= " AND ";
                }
                $where_clause .= " (ActivationCode='' OR ActivationCode IS NULL)";
                break;
                #not activated
            #not activated
            case 0:
                if ($where_clause != "") {
                    $where_clause .= " AND ";
                }
                $where_clause .= " ActivationCode!=''";
                break;
        }
    }
    if ($where_clause != "") {
        $where_clause = " where " . $where_clause;
    }
    $order_clause = "";
    if (isset($callBackParam["sort"])) {
        $order_clause .= " order by " . xEscSQL($callBackParam["sort"]) . " ";
        if (isset($callBackParam["direction"])) {
            if ($callBackParam["direction"] == "ASC") {
                $order_clause .= " ASC ";
            } else {
                $order_clause .= " DESC ";
            }
        }
    }
    $q = db_query("select customerID, Login, cust_password, Email, first_name, last_name, subscribed4news, " . " custgroupID, addressID, reg_datetime, ActivationCode " . " from " . CUSTOMERS_TABLE . " " . $where_clause . " " . $order_clause);
    $data = array();
    $i = 0;
    //var_dump ($navigatorParams);
    while ($row = db_fetch_row($q)) {
        if ($i >= $offset && $i < $offset + $CountRowOnPage || $navigatorParams == null) {
            $group = GetCustomerGroupByCustomerId($row["customerID"]);
            $row["custgroup_name"] = $group["custgroup_name"];
            $row["allowToDelete"] = regVerifyToDelete($row["customerID"]);
            $row["reg_datetime"] = format_datetime($row["reg_datetime"]);
            $data[] = $row;
        }
        $i++;
    }
    $count_row = $i;
    return $data;
}
Exemple #18
0
function auxpgAddAuxPage($aux_page_name, $aux_page_text, $aux_page_text_type, $meta_keywords, $meta_description, $aux_page_title)
{
    db_query("insert into " . AUX_PAGES_TABLE . " ( aux_page_name, aux_page_text, aux_page_text_type, meta_keywords, meta_description, title )  " . " values( '" . xToText($aux_page_name) . "', '" . xEscSQL($aux_page_text) . "', " . (int) $aux_page_text_type . ", " . " '" . xToText($meta_keywords) . "', '" . xToText($meta_description) . "', '" . xToText($aux_page_title) . "' ) ");
}
Exemple #19
0
 $answers_results = unserialize($data["poll_ans"]);
 if ($data["iplog"] != "") {
     $iplogs = unserialize($data["iplog"]);
 } else {
     $iplogs = array();
 }
 $ipaddr = stGetCustomerIP_Address();
 if (!isset($iplogs[$ipaddr])) {
     $iplogs[$ipaddr] = 0;
 }
 //increase voters count for current option
 if ((!isset($_SESSION["vote_completed"][$data[0]]) || $_SESSION["vote_completed"][$data[0]] != 1) && isset($_GET["answer"]) && isset($answers_results[$_GET["answer"]]) && $iplogs[$ipaddr] < 3) {
     $anscol = (int) $_GET["answer"];
     $iplogs[$ipaddr]++;
     $iplogs = serialize($iplogs);
     db_query("UPDATE " . SURVEY_TABLE . " SET ans_" . $anscol . "=ans_" . $anscol . "+1, all_poll=all_poll+1, iplog='" . xEscSQL($iplogs) . "'  WHERE active=1");
     $data["ans_" . $anscol]++;
     //don't allow user to vote more than 1 time
     $_SESSION["vote_completed"][$data[0]] = 1;
 } else {
     if (!isset($_GET["view_voting_results"])) {
         $smarty->assign("user_voted", 1);
     }
 }
 $survey_results = array();
 for ($i = 0; $i < count($answers_results); $i++) {
     $survey_results[$i] = $data["ans_" . $i];
 }
 $smarty->assign("survey_results", $survey_results);
 $smarty->assign("show_survey_results", 1);
 $smarty->assign("main_content_template", "customer_survey_result.tpl");
Exemple #20
0
function pricessCategories($parent, $level)
{
    //same as processCategories(), except it creates a pricelist of the shop
    $out = array();
    $cnt = 0;
    $sql = '
        SELECT
        categoryID,
        name,
        uri
        FROM ' . CATEGORIES_TABLE . '
        WHERE parent= ' . (int) $parent . '
        ORDER BY sort_order, name';
    $q1 = db_query($sql);
    while ($row = db_fetch_row($q1)) {
        $r = hexdec(substr('999999', 0, 2));
        $g = hexdec(substr('999999', 2, 2));
        $b = hexdec(substr('999999', 4, 2));
        $m = (double) max($r, max($g, $b));
        $r = round((190 + 20 * min($level, 3)) * $r / $m);
        $g = round((190 + 20 * min($level, 3)) * $g / $m);
        $b = round((190 + 20 * min($level, 3)) * $b / $m);
        $c = dechex($r) . dechex($g) . dechex($b);
        //final color
        //add category to the output
        $out[$cnt][0] = $row[0];
        $out[$cnt][1] = $row[1];
        $out[$cnt][2] = $level;
        $out[$cnt][3] = 1;
        $out[$cnt][4] = 0;
        //0 is for category, 1 - product
        $out[$cnt]['url'] = fu_make_url($row);
        $cnt++;
        if (!isset($_GET["sort"])) {
            $order_clause = "order by " . CONF_DEFAULT_SORT_ORDER . "";
        } else {
            //verify $_GET["sort"]
            if (!(!strcmp($_GET["sort"], "name") || !strcmp($_GET["sort"], "Price") || !strcmp($_GET["sort"], "customers_rating"))) {
                $_GET["sort"] = "name";
            }
            $order_clause = " order by " . xEscSQL($_GET["sort"]);
            if (isset($_GET["direction"])) {
                if (!strcmp($_GET["direction"], "DESC")) {
                    $order_clause .= " DESC ";
                } else {
                    $order_clause .= " ASC ";
                }
            }
        }
        //add products
        //        Price,
        //        in_stock,
        $sql = '

            SELECT
            productID,
            name,
            product_code,
            uri,
            uri_opt_val,
            categoryID
             ' . convert_prices() . '
            FROM ' . PRODUCTS_TABLE . '
            WHERE categoryID=' . $row[0] . ' AND Price > 0 AND enabled=1 ' . $order_clause;
        $q = db_query($sql);
        while ($row1 = db_fetch_row($q)) {
            if ($row1['Price'] < 0) {
                $cennik = "n/a";
                $row1['Price'] = "n/a";
            } else {
                $cennik = show_price($row1['Price']);
                $row1['Price'] = show_price($row1['Price'], 0, false);
            }
            $out[$cnt][0] = $row1['productID'];
            $out[$cnt][1] = $row1['name'];
            $out[$cnt][2] = $level;
            $out[$cnt][3] = "FFFFFF";
            $out[$cnt][4] = 1;
            //0 is for category, 1 - product
            $out[$cnt][5] = $cennik;
            $out[$cnt][6] = $row1['in_stock'];
            $out[$cnt][7] = $row1['product_code'];
            $out[$cnt][8] = $row1['Price'];
            $out[$cnt]['url'] = fu_make_url($row1);
            $cnt++;
        }
        //process all subcategories
        $sub_out = pricessCategories($row[0], $level + 1);
        //add $sub_out to the end of $out
        $c_sub_out = count($sub_out);
        for ($j = 0; $j < $c_sub_out; $j++) {
            $out[] = $sub_out[$j];
            $cnt++;
        }
    }
    return $out;
}
Exemple #21
0
     Redirect(ADMIN_FILE . "?dpt=modules&sub=survey&save_successful=yes");
 }
 if (isset($_POST["save_voting"]) && isset($_POST["question"]) && isset($_POST["answers"])) {
     if (CONF_BACKEND_SAFEMODE) {
         Redirect(ADMIN_FILE . "?dpt=modules&sub=survey&safemode=yes");
     }
     $answers = explode("\n", chop($_POST["answers"]));
     $answers_cm = array();
     for ($i = 0; $i < count($answers); $i++) {
         if (rtrim($answers[$i]) !== "" && $i < 10) {
             $answers_cm[] = xToText(rtrim($answers[$i]));
         }
     }
     $answers = serialize($answers_cm);
     db_query("UPDATE " . SURVEY_TABLE . " SET active=0 WHERE active=1");
     db_query("insert into " . SURVEY_TABLE . " (poll_date, poll_title, poll_ans, active) values('" . xEscSQL(get_current_time()) . "','" . xToText(trim($_POST["question"])) . "','" . $answers . "',1)");
     Redirect(ADMIN_FILE . "?dpt=modules&sub=survey&save_successful=yes");
 }
 if (isset($_GET["start_new_poll"])) {
     $smarty->assign("start_new_poll", "yes");
 } else {
     $result = db_query("SELECT poll_title, all_poll, active, poll_id, poll_date FROM " . SURVEY_TABLE . " ORDER BY poll_id DESC");
     $surveys = array();
     while ($data = db_fetch_row($result)) {
         $data["poll_ans"] = unserialize($data["poll_ans"]);
         $surveys[] = $data;
         $smarty->assign("surveys", $surveys);
     }
 }
 //set sub-department template
 $smarty->assign("admin_sub_dpt", "modules_survey.tpl");
Exemple #22
0
function stChangeOrderStatus($orderID, $statusID, $comment = '', $notify = 0)
{
    $q_status_name = db_query("select status_name from " . ORDER_STATUES_TABLE . " where statusID=" . (int) $statusID);
    list($status_name) = db_fetch_row($q_status_name);
    $sql = "insert into " . ORDER_STATUS_CHANGE_LOG_TABLE . " ( orderID, status_name, status_change_time, status_comment ) " . " values( " . (int) $orderID . ", '" . xToText($status_name) . "', '" . xEscSQL(get_current_time()) . "', '" . xToText(trim($comment)) . "' ) ";
    db_query($sql);
    if ($notify) {
        $Order = ordGetOrder($orderID);
        $t = '';
        $Email = '';
        $FirstName = '';
        regGetContactInfo(regGetLoginById($Order['customerID']), $t, $Email, $FirstName, $t, $t, $t);
        if (!$Email) {
            $Email = $Order['customer_email'];
        }
        if (!$FirstName) {
            $FirstName = $Order['customer_firstname'];
        }
        xMailTxt($Email, STRING_CHANGE_ORDER_STATUS, 'customer.order.change_status.tpl', array('customer_firstname' => $FirstName, '_MSG_CHANGE_ORDER_STATUS' => str_replace(array('{STATUS}', '{ORDERID}'), array($status_name == 'STRING_CANCELED_ORDER_STATUS' ? STRING_CANCELED_ORDER_STATUS : $status_name, $orderID), MSG_CHANGE_ORDER_STATUS), '_ADMIN_COMMENT' => $comment));
    }
}
Exemple #23
0
<?php

if (isset($_POST['links_exchange']) || isset($_GET['links_exchange'])) {
    if (isset($_POST['fACTION'])) {
        if ($_POST['fACTION'] == 'ADD_LINK') {
            do {
                if (!strlen(str_replace('http://', '', $_POST['LINK']['le_lURL']))) {
                    $error = STRING_ERROR_LE_ENTER_LINK;
                    break;
                }
                $_POST['LINK']['le_lURL'] = xEscSQL($_POST['LINK']['le_lURL']);
                if (!strlen($_POST['LINK']['le_lText'])) {
                    $error = STRING_ERROR_LE_ENTER_TEXT;
                    break;
                }
                if (strlen($_POST['LINK']['le_lDesk'])) {
                    $_POST['LINK']['le_lDesk'] = xToText($_POST['LINK']['le_lDesk']);
                }
                $_POST['LINK']['le_lText'] = xToText($_POST['LINK']['le_lText']);
                if (strpos($_POST['LINK']['le_lURL'], 'http://')) {
                    $_POST['LINK']['le_lURL'] = 'http://' . $_POST['LINK']['le_lURL'];
                }
                if (CONF_ENABLE_CONFIRMATION_CODE) {
                    $error_f = 1;
                    if (!$_POST['fConfirmationCode'] || !isset($_SESSION['captcha_keystring']) || $_SESSION['captcha_keystring'] !== $_POST['fConfirmationCode']) {
                        $error_f = 2;
                        $error = ERR_WRONG_CCODE;
                    }
                    unset($_SESSION['captcha_keystring']);
                    if ($error_f == 1) {
                        if (le_addLink($_POST['LINK'])) {
Exemple #24
0
function currGetCurrencyByISO3($_ISO3)
{
    $q = db_query("select CID, Name, code, currency_value, where2show, sort_order, currency_iso_3 from " . CURRENCY_TYPES_TABLE . " where currency_iso_3='" . xEscSQL($_ISO3) . "' ");
    $row = db_fetch_row($q);
    if (!$row) {
        $row = NULL;
    }
    return $row;
}
Exemple #25
0
 function after_processing_html($orderID)
 {
     //открыть окно со счетом
     $order = ordGetOrder($orderID);
     if (!$this->ModuleConfigID) {
         $sql = 'SELECT module_id FROM ' . MODULES_TABLE . ' WHERE module_name="' . xEscSQL($this->title) . '"';
         @(list($this->ModuleConfigID) = db_fetch_row(db_query($sql)));
     }
     $res = "";
     $res .= "<script>\n" . "        open_window('index.php?do=invoice_jur&moduleID=" . (int) $this->ModuleConfigID . "&orderID=" . (int) $orderID . "&order_time=" . base64_encode($order["order_time_mysql"]) . "&customer_email=" . base64_encode($order["customer_email"]) . "',700,600);\n" . "</script>\n";
     return $res;
 }
Exemple #26
0
 function _exportProducts($f, $rate, $export_product_name, $categories_select)
 {
     if (!count($categories_select)) {
         return 0;
     }
     include_once "core/classes/class.html2text.php";
     include_once "core/classes/class.htmlparser.php";
     fputs($f, "  <offers>\n");
     //товары с нулевым остатком на складе
     if (isset($_POST["yandex_dont_export_negative_stock"])) {
         $clause = " and in_stock>0";
     } else {
         $clause = "";
     }
     //какое описание экспортировать
     if ($_POST["yandex_export_description"] == 1) {
         $dsc = "description";
         $dsc_q = ", " . $dsc;
     } else {
         if ($_POST["yandex_export_description"] == 2) {
             $dsc = "brief_description";
             $dsc_q = ", " . $dsc;
         } else {
             $dsc = "";
             $dsc_q = "";
         }
     }
     $clause .= " and categoryID IN (" . implode(", ", xEscSQL($categories_select)) . ")";
     $sql = '
     SELECT
     productID,
     name,
     Price,
     categoryID,
     default_picture' . $dsc_q . ',
     in_stock,
     uri,
     uri_opt_val
     ' . convert_prices() . '
     FROM ' . PRODUCTS_TABLE . '
     WHERE enabled=1' . $clause;
     $q = db_query($sql);
     $store_url = correct_URL(CONF_FULL_SHOP_URL);
     while ($product = db_fetch_row($q)) {
         $price_row = priceRow($product);
         $url = $store_url . fu_make_url($product);
         fputs($f, " <offer available=\"" . ($product['in_stock'] || !CONF_CHECKSTOCK ? 'true' : 'false') . "\" id=\"" . $product["productID"] . "\">\n");
         fputs($f, "   <url>" . $url . "</url>\n");
         //fputs($f, "   <price>" . roundf($product["Price"] * $rate) . "</price>\n");
         fputs($f, "   <price>" . $price_row['Price_base'] . "</price>\n");
         fputs($f, "   <currencyId>RUR</currencyId>\n");
         fputs($f, "   <categoryId>" . $product["categoryID"] . "</categoryId>\n");
         if ($product["default_picture"] != NULL) {
             $pic_clause = " and photoID=" . (int) $product["default_picture"];
         } else {
             $pic_clause = "";
         }
         $q1 = db_query("select filename, thumbnail from " . PRODUCT_PICTURES . " where productID=" . (int) $product["productID"] . $pic_clause);
         $pic_row = db_fetch_row($q1);
         if ($pic_row) {
             if (strlen($pic_row["filename"]) && file_exists("data/small/" . $pic_row["filename"])) {
                 fputs($f, "   <picture>" . $store_url . "data/small/" . str_replace(' ', '%20', _deleteHTML_Elements($pic_row["filename"])) . "</picture>\n");
             } else {
                 if (strlen($pic_row["thumbnail"]) && file_exists("data/medium/" . $pic_row["thumbnail"])) {
                     fputs($f, "   <picture>" . $store_url . "data/medium/" . str_replace(' ', '%20', _deleteHTML_Elements($pic_row["thumbnail"])) . "</picture>\n");
                 }
             }
         }
         switch ($export_product_name) {
             default:
             case 'only_name':
                 $_NameAddi = '';
                 break;
             case 'path_and_name':
                 $_NameAddi = '';
                 $_t = catCalculatePathToCategory($product['categoryID']);
                 foreach ($_t as $__t) {
                     if ($__t['categoryID'] != 1) {
                         $_NameAddi .= $__t['name'] . ':';
                     }
                 }
                 break;
         }
         $product["name"] = _deleteHTML_Elements($_NameAddi . $product["name"]);
         fputs($f, "   <name>" . $product["name"] . "</name>\n");
         if (strlen($dsc) > 0) {
             $product_dsc = new Html2Text($product[$dsc], 10000);
             $product_dsc = $product_dsc->convert();
             fputs($f, "   <description>" . _deleteHTML_Elements($product_dsc) . "</description>\n");
         } else {
             fputs($f, "   <description></description>\n");
         }
         fputs($f, " </offer>\n");
     }
     fputs($f, "  </offers>\n");
 }
Exemple #27
0
        die("Заказ не найден в базе данных");
    }
    $sql = '
    SELECT count(*)
    FROM ' . ORDERS_TABLE . '
    WHERE orderID=' . $_GET['orderID'];
} else {
    if (!isset($_GET["orderID"]) || !isset($_GET["order_time"]) || !isset($_GET["customer_email"]) || !isset($_GET["moduleID"])) {
        die("Заказ не найден в базе данных");
    }
    $sql = '
    SELECT count(*)
    FROM ' . ORDERS_TABLE . '
    orderID=' . $_GET['orderID'] . '
    AND order_time="' . xEscSQL(base64_decode($_GET['order_time'])) . '"
    AND customer_email="' . xEscSQL(base64_decode($_GET['customer_email'])) . '"';
}
$InvoiceModule = modGetModuleObj((int) $_GET['moduleID'], PAYMENT_MODULE);
$_GET["orderID"] = (int) $_GET["orderID"];
$q = db_query($sql);
$row = db_fetch_row($q);
if ($row[0] == 1) {
    //заказ найден в базе данных
    $order = ordGetOrder($_GET["orderID"]);
    //define smarty vars
    $smarty->assign("billing_lastname", $order["customer_lastname"]);
    $smarty->assign("billing_firstname", $order["customer_firstname"]);
    $smarty->assign("billing_city", $order["billing_city"]);
    $smarty->assign("billing_address", $order["billing_address"]);
    if ($InvoiceModule->is_installed()) {
        $smarty->assign('InvoiceModule', $InvoiceModule);
Exemple #28
0
function optOptionValueExists($optionID, $value_name)
{
    $q = db_query("select variantID from " . PRODUCTS_OPTIONS_VALUES_VARIANTS_TABLE . " where optionID=" . (int) $optionID . " and option_value='" . xEscSQL(trim($value_name)) . "';");
    $row = db_fetch_row($q);
    if ($row) {
        return $row[0];
    } else {
        return false;
    }
}
Exemple #29
0
function UpdateAdminRights($edit_num, $actions)
{
    $actions[] = 100;
    $actions = xEscSQL(serialize($actions));
    db_query("update " . CUSTOMERS_TABLE . " set actions='" . $actions . "' where customerID=" . (int) $edit_num);
}
Exemple #30
0
     }
     $msg = 'ok';
     break;
 case 'MOVE_LINKS':
     if (isset($_POST['LINKS_IDS'])) {
         foreach ($_POST['LINKS_IDS'] as $_linkID) {
             le_SaveLink(array('le_lID' => $_linkID, 'le_lCategoryID' => $_POST['new_le_lCategoryID']));
         }
     }
     $msg = 'ok';
     break;
 case 'SAVE_LINKS':
     if (isset($_POST['LINKS_IDS'])) {
         foreach ($_POST['LINKS_IDS'] as $_linkID) {
             if (strlen(str_replace('http://', '', $_POST['LINK'][$_linkID]['le_lURL']))) {
                 $_POST['LINK'][$_linkID]['le_lURL'] = xEscSQL($_POST['LINK'][$_linkID]['le_lURL']);
             }
             if (strlen($_POST['LINK'][$_linkID]['le_lText'])) {
                 $_POST['LINK'][$_linkID]['le_lText'] = xToText($_POST['LINK'][$_linkID]['le_lText']);
             }
             if (strlen($_POST['LINK'][$_linkID]['le_lDesk'])) {
                 $_POST['LINK'][$_linkID]['le_lDesk'] = xToText($_POST['LINK'][$_linkID]['le_lDesk']);
             }
             $_POST['LINK'][$_linkID]['le_lID'] = $_linkID;
             if (!le_SaveLink($_POST['LINK'][$_linkID])) {
                 $error_message = STRING_ERROR_LE_LINK_EXISTS;
             }
         }
     }
     if (!isset($error_message)) {
         $msg = 'ok';