$check_email = xos_db_fetch_array($check_email_query); if ($check_email['total'] > 0) { $error = true; $messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS); } if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) { $error = true; $messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR); } if ($error == false) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = xos_date_raw($dob); } xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname); if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'"); // reset the session variables if (ACCOUNT_GENDER == 'true') { $_SESSION['customer_gender'] = $gender; } $_SESSION['customer_first_name'] = $firstname;
$prices_array[$customers_group['customers_group_id']][$_POST['products_quantity_' . $customers_group['customers_group_id'] . $count]]['special'] = $formated_special_price; $has_specials = true; } else { $all_specials = false; } } } } !$all_specials ? $prices_array[$customers_group['customers_group_id']]['special_status'] = $product_special_status = 0 : ''; if ($has_specials && !$all_specials) { $specials_error = true; $this_group_specials_error = true; $spec_err_gr .= $customers_group['customers_group_id'] . ','; } } $special_expires_date = xos_date_raw(xos_db_prepare_input($_POST['special_expires_date_' . $customers_group['customers_group_id']])); $special_expires_date = date('Ymd') <= $special_expires_date && $all_specials ? $special_expires_date : 'null'; if ($customers_group['customers_group_id'] == 0) { $default_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['regular']); $default_special_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['special']); $default_product_special_status = $product_special_status; $default_special_expires_date = $special_expires_date; } if ($_POST['option'][$customers_group['customers_group_id']]) { $regular_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['regular']); $special_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['special']); } else { $regular_price = $default_price; $special_price = $default_special_price; $special_expires_date = $default_special_expires_date; $product_special_status = $default_product_special_status;
if ($oldaction == 'voucheredit') { $action = 'voucheredit'; } else { $action = 'new'; } } else { $coupon_type = "F"; $coupon_amount = $_POST['coupon_amount']; if (substr($_POST['coupon_amount'], -1) == '%') { $coupon_type = 'P'; } if ($_POST['coupon_free_ship']) { $coupon_type = 'S'; $coupon_amount = 0; } $sql_data_array = array('coupon_active' => xos_db_prepare_input($_POST['coupon_status']), 'coupon_code' => xos_db_prepare_input($_POST['coupon_code']), 'coupon_amount' => xos_db_prepare_input($coupon_amount), 'coupon_type' => xos_db_prepare_input($coupon_type), 'uses_per_coupon' => xos_db_prepare_input($_POST['coupon_uses_coupon']), 'uses_per_user' => xos_db_prepare_input($_POST['coupon_uses_user']), 'coupon_minimum_order' => xos_db_prepare_input($_POST['coupon_min_order']), 'restrict_to_products' => xos_db_prepare_input($_POST['coupon_products']), 'restrict_to_categories' => xos_db_prepare_input($_POST['coupon_categories']), 'coupon_start_date' => xos_date_raw(xos_db_prepare_input($_POST['coupon_startdate'])), 'coupon_expire_date' => xos_date_raw(xos_db_prepare_input($_POST['coupon_finishdate'])), 'date_created' => $_POST['date_created'] != '0' ? $_POST['date_created'] : 'now()', 'date_modified' => 'now()'); $languages = xos_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; $sql_data_marray[$i] = array('coupon_name' => xos_db_prepare_input($_POST['coupon_name'][$language_id]), 'coupon_description' => xos_db_prepare_input($_POST['coupon_desc'][$language_id])); } // $query = xos_db_query("select coupon_code from " . TABLE_COUPONS . " where coupon_code = '" . xos_db_prepare_input($_POST['coupon_code']) . "'"); // if (!xos_db_num_rows($query)) { if ($oldaction == 'voucheredit') { xos_db_perform(TABLE_COUPONS, $sql_data_array, 'update', "coupon_id='" . (int) $coupon_id . "'"); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; xos_db_query("update " . TABLE_COUPONS_DESCRIPTION . " set coupon_name = '" . xos_db_prepare_input($_POST['coupon_name'][$language_id]) . "', coupon_description = '" . xos_db_prepare_input($_POST['coupon_desc'][$language_id]) . "' where coupon_id = '" . (int) $coupon_id . "' and language_id = '" . $language_id . "'"); // xos_db_perform(TABLE_COUPONS_DESCRIPTION, $sql_data_marray[$i], 'update', "coupon_id='" . $_GET['cid']."'"); } } else {
$keyword = xos_db_prepare_input($search_keywords[$i]); $where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'"; if (isset($_GET['sid']) && $_GET['sid'] == '1') { $where_str .= " or pd.products_description like '%" . xos_db_input($keyword) . "%' or pd.products_info like '%" . xos_db_input($keyword) . "%'"; } $where_str .= ')'; break; } } $where_str .= " )"; } if (xos_not_null($dfrom)) { $where_str .= " and p.products_date_added >= '" . xos_date_raw($dfrom) . "'"; } if (xos_not_null($dto)) { $where_str .= " and p.products_date_added <= '" . xos_date_raw($dto) . "'"; } if ($currencies->is_set($_SESSION['currency'])) { $rate = $currencies->get_value($_SESSION['currency']); if (xos_not_null($pfrom)) { $pfrom = $pfrom / $rate; } if (xos_not_null($pto)) { $pto = $pto / $rate; } } $precision = $currencies->currencies[$_SESSION['currency']]['decimal_places']; if ($_SESSION['sppc_customer_group_show_tax'] == '1' && $_SESSION['sppc_customer_group_tax_exempt'] != '1') { if ($pfrom > 0) { $where_str .= " and (ROUND(IF(s.status, s.specials_new_products_price, IF(pp.customers_group_price >= 0, pp.customers_group_price, ppz.customers_group_price)) * if(tr.tax_rate_final is null, 1, 1 + (tr.tax_rate_final / 100) ), " . $precision . ") >= ROUND(" . (double) $pfrom . ", " . $precision . "))"; }
case 'insert': case 'update': if (isset($_POST['banners_id'])) { $banners_id = xos_db_prepare_input($_POST['banners_id']); } $banners_title = xos_db_prepare_input($_POST['banners_title']); $banners_url = xos_db_prepare_input($_POST['banners_url']); $new_banners_group = xos_db_prepare_input($_POST['new_banners_group']); $banners_group = empty($new_banners_group) ? xos_db_prepare_input($_POST['banners_group']) : $new_banners_group; $banners_html_text = xos_db_prepare_input($_POST['banners_html_text']); $banners_php_source = xos_db_prepare_input($_POST['banners_php_source']); $current_banners_image = xos_db_prepare_input($_POST['current_banners_image']); $current_date_scheduled = xos_db_prepare_input($_POST['current_date_scheduled']); $expires_date = xos_date_raw(xos_db_prepare_input($_POST['expires_date'])); $expires_impressions = xos_db_prepare_input($_POST['expires_impressions']); $date_scheduled = xos_date_raw(xos_db_prepare_input($_POST['date_scheduled'])); $banner_error = false; if (empty($banners_group)) { $messageStack->add('header', ERROR_BANNER_GROUP_REQUIRED, 'error'); $banner_error = true; } $languages = xos_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if (empty($banners_title[$languages[$i]['id']])) { $messageStack->add('header', ERROR_BANNER_TITLE_REQUIRED, 'error'); $banner_error = true; } } if ($banner_error == false) { $sql_data_array = array('banners_group' => $banners_group); if ($action == 'insert') {