Exemple #1
0
 function query($order_id)
 {
     $order_query = xos_db_query("select customers_c_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, AES_DECRYPT(cc_number, 'key_cc_number') AS cc_number, cc_expires, language_id, language_directory, currency, currency_value, date_purchased, orders_status, last_modified from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'");
     $order = xos_db_fetch_array($order_query);
     $this->info = array('language_id' => $order['language_id'], 'language_directory' => $order['language_directory'], 'currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'date_purchased' => $order['date_purchased'], 'orders_status' => $order['orders_status'], 'last_modified' => $order['last_modified']);
     $this->customer = array('c_id' => $order['customers_c_id'], 'name' => $order['customers_name'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']);
     $this->delivery = array('name' => $order['delivery_name'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']);
     $this->billing = array('name' => $order['billing_name'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']);
     $index = 0;
     $orders_products_query = xos_db_query("select orders_products_id, products_id, products_model, products_name, products_p_unit, products_price, final_price, products_price_text, final_price_text, total_price_text, products_tax, products_quantity from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'");
     while ($orders_products = xos_db_fetch_array($orders_products_query)) {
         $this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'model' => $orders_products['products_model'], 'name' => $orders_products['products_name'], 'packaging_unit' => $orders_products['products_p_unit'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'final_price' => $orders_products['final_price'], 'price_formated' => $orders_products['products_price_text'], 'final_price_formated' => $orders_products['final_price_text'], 'total_price_formated' => $orders_products['total_price_text']);
         $subindex = 0;
         $attributes_query = xos_db_query("select products_options, products_options_values, options_values_price, options_values_price_text, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int) $order_id . "' and orders_products_id = '" . (int) $orders_products['orders_products_id'] . "'");
         if (xos_db_num_rows($attributes_query)) {
             while ($attributes = xos_db_fetch_array($attributes_query)) {
                 $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price'], 'price_formated' => $attributes['options_values_price_text']);
                 $subindex++;
             }
         }
         $this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';
         $index++;
     }
     $totals_query = xos_db_query("select title, text, tax, class from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' order by sort_order, orders_total_id");
     while ($totals = xos_db_fetch_array($totals_query)) {
         $this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'tax' => $totals['tax'], 'class' => $totals['class']);
         if ($totals['tax'] > -1 && ($totals['class'] == 'ot_shipping' || $totals['class'] == 'ot_loworderfee' || $totals['class'] == 'ot_cod_fee')) {
             $this->info['tax_groups']["{$totals['tax']}"] = '1';
         }
     }
 }
 function check()
 {
     if (!isset($this->_check)) {
         $check_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_ORDER_TOTAL_LOWORDERFEE_STATUS'");
         $this->_check = xos_db_num_rows($check_query);
     }
     return $this->_check;
 }
function xos_update_new_order_date()
{
    global $smarty;
    $new_order_date_query = xos_db_query("select last_modified  from " . TABLE_CONFIGURATION . " where configuration_key = 'NEW_ORDER' and configuration_value = 'true' and now() > date_add(last_modified,interval " . UPDATE_INTERVAL_AFTER_NEW_ORDER . " day)");
    if (xos_db_num_rows($new_order_date_query)) {
        xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = 'false', last_modified = null where configuration_key = 'NEW_ORDER'");
        $smarty->clearAllCache();
    }
}
 function canPerform($user_id, $user_name)
 {
     $check_query = xos_db_query("select id from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and user_name = '" . xos_db_input($user_name) . "' and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit " . (int) $this->attempts);
     if (xos_db_num_rows($check_query) == $this->attempts) {
         return false;
     } else {
         return true;
     }
 }
 function canPerform($user_id, $user_name)
 {
     $check_query = xos_db_query("select date_added from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and (" . (!empty($user_id) ? "user_id = '" . (int) $user_id . "' or " : "") . " identifier = '" . xos_db_input($this->identifier) . "') and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit 1");
     if (xos_db_num_rows($check_query)) {
         return false;
     } else {
         return true;
     }
 }
Exemple #6
0
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!$is_shop) {
    xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_DOWNLOAD) == 'overwrite_all')) {
    $_SESSION['navigation']->remove_current_page();
    if (!isset($_SESSION['customer_id'])) {
        die;
    }
    // Check download.php was called with proper GET parameters
    if (isset($_GET['order']) && !is_numeric($_GET['order']) || isset($_GET['id']) && !is_numeric($_GET['id'])) {
        die;
    }
    // Check that order_id, customer_id and filename match
    $downloads_query = xos_db_query("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd, " . TABLE_ORDERS_STATUS . " os where o.customers_id = '" . $_SESSION['customer_id'] . "' and o.orders_id = '" . (int) $_GET['order'] . "' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int) $_GET['id'] . "' and opd.orders_products_filename != '' and o.orders_status = os.orders_status_id and os.downloads_flag = '1' and os.language_id = '" . (int) $_SESSION['languages_id'] . "'");
    if (!xos_db_num_rows($downloads_query)) {
        die;
    }
    $downloads = xos_db_fetch_array($downloads_query);
    // MySQL 3.22 does not have INTERVAL
    list($dt_year, $dt_month, $dt_day) = explode('-', $downloads['date_purchased_day']);
    $download_timestamp = mktime(23, 59, 59, $dt_month, $dt_day + $downloads['download_maxdays'], $dt_year);
    // Die if time expired (maxdays = 0 means no time limit)
    if ($downloads['download_maxdays'] != 0 && $download_timestamp <= time()) {
        die;
    }
    // Die if remaining count is <=0
    if ($downloads['download_count'] <= 0) {
        die;
    }
    // Die if file is not there
         $smarty_cache_control->clearCache(null, 'L3|cc_product_info');
         xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string));
     }
     break;
 case 'update_value':
     $value_name_array = $_POST['value_name'];
     $value_id = xos_db_prepare_input($_POST['value_id']);
     $option_id = xos_db_prepare_input($_POST['option_id']);
     $actual_option_value_array = xos_db_prepare_input($_POST['actual_value_name']);
     $products_options_value_error = array();
     $error_options_value = false;
     for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
         if (mb_strtolower($actual_option_value_array[$languages[$i]['id']], 'UTF-8') != mb_strtolower($value_name_array[$languages[$i]['id']], 'UTF-8') || $value_name_array[$languages[$i]['id']] == '') {
             $check_query = xos_db_query("select products_options_name from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $languages[$i]['id'] . "' and products_options_name = '" . xos_db_input(htmlspecialchars($option_name_array[$languages[$i]['id']])) . "'");
             $check_query = xos_db_query("select pov.products_options_values_name from " . TABLE_PRODUCTS_OPTIONS_VALUES . " pov, " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " pov2po where pov2po.products_options_id = '" . $option_id . "' and pov2po.products_options_values_id = pov.products_options_values_id and pov.products_options_values_name = '" . xos_db_input(htmlspecialchars($value_name_array[$languages[$i]['id']])) . "' and pov.language_id = '" . (int) $languages[$i]['id'] . "'");
             if (xos_db_num_rows($check_query) || $value_name_array[$languages[$i]['id']] == '') {
                 $error_options_value = true;
                 $products_options_value_error[$languages[$i]['id']] = $value_name_array[$languages[$i]['id']];
             }
         }
     }
     if ($error_options_value) {
         $products_options_value_error_array = urlencode(serialize($products_options_value_error));
         $products_options_value_array = urlencode(serialize($value_name_array));
         xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&action=update_option_value&option_id=' . $option_id . '&value_id=' . $value_id . '&options_value=' . $products_options_value_array . '&options_value_error=' . $products_options_value_error_array . '&' . $parameter_string));
     } else {
         for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
             $value_name = xos_db_prepare_input(htmlspecialchars($value_name_array[$languages[$i]['id']]));
             xos_db_query("update " . TABLE_PRODUCTS_OPTIONS_VALUES . " set products_options_values_name = '" . xos_db_input($value_name) . "' where products_options_values_id = '" . xos_db_input($value_id) . "' and language_id = '" . (int) $languages[$i]['id'] . "'");
         }
         $smarty_cache_control->clearCache(null, 'L3|cc_product_info');
     return $output_string;
 }
 $add_header = '<script type="text/javascript" src="' . DIR_WS_CATALOG . DIR_WS_IMAGES . 'catalog/templates/' . SELECTED_TPL . '/' . $_SESSION['language'] . '/jquery.ui.datepicker-language.min.js"></script>' . "\n" . '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n\n" . '$(function() {' . "\n" . '  $( "#id_dfrom" ).datepicker({' . "\n" . '    changeMonth: true,' . "\n" . '    changeYear: true' . "\n" . '  });' . "\n\n" . '  $( "#id_dto" ).datepicker({' . "\n" . '    changeMonth: true,' . "\n" . '    changeYear: true' . "\n" . '  });' . "\n\n" . '});' . "\n\n" . 'function UpdateManufacturers() {' . "\n" . '  var NumManufacturers = document.advanced_search_and_results._m.options.length;' . "\n" . '  var PostNumManufacturers = "";' . "\n" . '  var SelectedManufacturer = "";' . "\n" . '  var SelectedCategory = "";' . "\n\n" . '  SelectedManufacturer = document.advanced_search_and_results._m.options[document.advanced_search_and_results._m.selectedIndex].value;' . "\n" . '  SelectedCategory = document.advanced_search_and_results.copid.options[document.advanced_search_and_results.copid.selectedIndex].value;' . "\n\n" . '  while(NumManufacturers > 0) {' . "\n" . '    NumManufacturers--;' . "\n" . '    document.advanced_search_and_results._m.options[NumManufacturers] = null;' . "\n" . '  }' . "\n\n" . xos_js_manufacturers_list('SelectedCategory', 'advanced_search_and_results', '_m') . "\n\n" . '  PostNumManufacturers = document.advanced_search_and_results._m.options.length;' . "\n\n" . '  while(PostNumManufacturers > 0) {' . "\n" . '    PostNumManufacturers--;' . "\n" . '    if (document.advanced_search_and_results._m.options[PostNumManufacturers].value == SelectedManufacturer)' . "\n" . '    document.advanced_search_and_results._m.options[PostNumManufacturers].selected = true;' . "\n" . '  }' . "\n\n" . '}' . "\n\n" . 'function SetFocus(TargetFormName) {' . "\n" . '  var target = 0;' . "\n" . '  if (TargetFormName != "") {' . "\n" . '    for (i=0; i<document.forms.length; i++) {' . "\n" . '      if (document.forms[i].name == TargetFormName) {' . "\n" . '        target = i;' . "\n" . '        break;' . "\n" . '      }' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  var TargetForm = document.forms[target];' . "\n\n" . '  for (i=0; i<TargetForm.length; i++) {' . "\n" . '    if ( (TargetForm.elements[i].type != "image") && (TargetForm.elements[i].type != "hidden") && (TargetForm.elements[i].type != "reset") && (TargetForm.elements[i].type != "submit") ) {' . "\n" . '      TargetForm.elements[i].focus();' . "\n\n" . '      if ( (TargetForm.elements[i].type == "text") || (TargetForm.elements[i].type == "password") ) {' . "\n" . '        TargetForm.elements[i].select();' . "\n" . '      }' . "\n\n" . '      break;' . "\n" . '    }' . "\n" . '  }' . "\n" . '}' . "\n\n" . 'function RemoveFormatString(TargetElement, FormatString) {' . "\n" . '  if (TargetElement.value == FormatString) {' . "\n" . '    TargetElement.value = "";' . "\n" . '  }' . "\n\n" . '  TargetElement.select();' . "\n" . '}' . "\n\n" . 'function IsValidDate(DateToCheck, FormatString, RemoveFormat) {' . "\n" . '  var strDateToCheck;' . "\n" . '  var strDateToCheckArray;' . "\n" . '  var strFormatArray;' . "\n" . '  var strFormatString;' . "\n" . '  var strDay;' . "\n" . '  var strMonth;' . "\n" . '  var strYear;' . "\n" . '  var intday;' . "\n" . '  var intMonth;' . "\n" . '  var intYear;' . "\n" . '  var intDateSeparatorIdx = -1;' . "\n" . '  var intFormatSeparatorIdx = -1;' . "\n" . '  var strSeparatorArray = new Array("-"," ","/",".");' . "\n" . '  var strMonthArray = new Array("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");' . "\n" . '  var intDaysArray = new Array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);' . "\n\n" . '  strDateToCheck = DateToCheck.toLowerCase();' . "\n" . '  strFormatString = FormatString.toLowerCase();' . "\n\n" . '  if (strDateToCheck.length != strFormatString.length) {' . "\n" . '    return false;' . "\n" . '  }' . "\n\n" . '  for (i=0; i<strSeparatorArray.length; i++) {' . "\n" . '    if (strFormatString.indexOf(strSeparatorArray[i]) != -1) {' . "\n" . '      intFormatSeparatorIdx = i;' . "\n" . '      break;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  for (i=0; i<strSeparatorArray.length; i++) {' . "\n" . '    if (strDateToCheck.indexOf(strSeparatorArray[i]) != -1) {' . "\n" . '      intDateSeparatorIdx = i;' . "\n" . '      break;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  if (intDateSeparatorIdx != intFormatSeparatorIdx) {' . "\n" . '    return false;' . "\n" . '  }' . "\n\n" . '  if (intDateSeparatorIdx != -1) {' . "\n" . '    strFormatArray = strFormatString.split(strSeparatorArray[intFormatSeparatorIdx]);' . "\n" . '    if (strFormatArray.length != 3) {' . "\n" . '      return false;' . "\n" . '    }' . "\n\n" . '    strDateToCheckArray = strDateToCheck.split(strSeparatorArray[intDateSeparatorIdx]);' . "\n" . '    if (strDateToCheckArray.length != 3) {' . "\n" . '      return false;' . "\n" . '    }' . "\n\n" . '    for (i=0; i<strFormatArray.length; i++) {' . "\n" . '      if (strFormatArray[i] == "mm" || strFormatArray[i] == "mmm") {' . "\n" . '        strMonth = strDateToCheckArray[i];' . "\n" . '      }' . "\n\n" . '      if (strFormatArray[i] == "dd") {' . "\n" . '        strDay = strDateToCheckArray[i];' . "\n" . '      }' . "\n\n" . '      if (strFormatArray[i] == "yyyy") {' . "\n" . '        strYear = strDateToCheckArray[i];' . "\n" . '      }' . "\n" . '    }' . "\n" . '  } else {' . "\n" . '    if (FormatString.length > 7) {' . "\n" . '      if (strFormatString.indexOf("mmm") == -1) {' . "\n" . '        strMonth = strDateToCheck.substring(strFormatString.indexOf("mm"), 2);' . "\n" . '      } else {' . "\n" . '        strMonth = strDateToCheck.substring(strFormatString.indexOf("mmm"), 3);' . "\n" . '      }' . "\n\n" . '      strDay = strDateToCheck.substring(strFormatString.indexOf("dd"), 2);' . "\n" . '      strYear = strDateToCheck.substring(strFormatString.indexOf("yyyy"), 2);' . "\n" . '    } else {' . "\n" . '      return false;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  if (RemoveFormat == true) {' . "\n" . '    return strYear + strMonth + strDay;' . "\n" . '  }' . "\n\n" . '  if (strYear.length != 4) {' . "\n" . '    return false;' . "\n" . '  }' . "\n\n" . '  intday = parseInt(strDay, 10);' . "\n" . '  if (isNaN(intday)) {' . "\n" . '    return false;' . "\n" . '  }' . "\n" . '  if (intday < 1) {' . "\n" . '    return false;' . "\n" . '  }' . "\n\n" . '  intMonth = parseInt(strMonth, 10);' . "\n" . '  if (isNaN(intMonth)) {' . "\n" . '    for (i=0; i<strMonthArray.length; i++) {' . "\n" . '      if (strMonth == strMonthArray[i]) {' . "\n" . '        intMonth = i+1;' . "\n" . '        break;' . "\n" . '      }' . "\n" . '    }' . "\n" . '    if (isNaN(intMonth)) {' . "\n" . '      return false;' . "\n" . '    }' . "\n" . '  }' . "\n" . '  if (intMonth > 12 || intMonth < 1) {' . "\n" . '    return false;' . "\n" . '  }' . "\n\n" . '  intYear = parseInt(strYear, 10);' . "\n" . '  if (isNaN(intYear)) {' . "\n" . '    return false;' . "\n" . '  }' . "\n\n" . '  if (IsLeapYear(intYear) == true) {' . "\n" . '    intDaysArray[1] = 29;' . "\n" . '  }' . "\n\n" . '  if (intday > intDaysArray[intMonth - 1]) {' . "\n" . '    return false;' . "\n" . '  }' . "\n\n" . '  return true;' . "\n" . '}' . "\n\n" . 'function IsLeapYear(intYear) {' . "\n" . '  if (intYear % 100 == 0) {' . "\n" . '    if (intYear % 400 == 0) {' . "\n" . '      return true;' . "\n" . '    }' . "\n" . '  } else {' . "\n" . '    if ((intYear % 4) == 0) {' . "\n" . '      return true;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  return false;' . "\n" . '}' . "\n\n" . 'function check_form() {' . "\n" . '  var error_message = "' . JS_ERROR . '";' . "\n" . '  var error_found = false;' . "\n" . '  var error_field;' . "\n" . '  var keywords = document.advanced_search_and_results.keywords.value;' . "\n" . '  var dfrom = document.advanced_search_and_results.dfrom.value;' . "\n" . '  var dto = document.advanced_search_and_results.dto.value;' . "\n" . '  var pfrom = document.advanced_search_and_results.pfrom.value;' . "\n" . '  var pto = document.advanced_search_and_results.pto.value;' . "\n" . '  var pfrom_float;' . "\n" . '  var pto_float;' . "\n\n" . '  String.prototype.trim = function () {' . "\n" . '    return (this.replace(/\\s+$/,"").replace(/^\\s+/,""));' . "\n" . '  };' . "\n\n" . '  if ( ((keywords == "") || (keywords.trim().length < 1)) && ((dfrom == "") || (dfrom == "' . AS_FORMAT_STRING . '") || (dfrom.length < 1)) && ((dto == "") || (dto == "' . AS_FORMAT_STRING . '") || (dto.length < 1)) && ((pfrom == "") || (pfrom.length < 1)) && ((pto == "") || (pto.length < 1)) ) {' . "\n" . '    error_message = error_message + "* ' . ERROR_AT_LEAST_ONE_INPUT . '\\n";' . "\n" . '    error_field = document.advanced_search_and_results.keywords;' . "\n" . '    error_found = true;' . "\n" . '  }' . "\n\n" . '  if ((dfrom.length > 0) && (dfrom != "' . AS_FORMAT_STRING . '")) {' . "\n" . '    if (!IsValidDate(dfrom, "' . AS_FORMAT_STRING_JS . '")) {' . "\n" . '      error_message = error_message + "* ' . ERROR_INVALID_FROM_DATE . '\\n";' . "\n" . '      error_field = document.advanced_search_and_results.dfrom;' . "\n" . '      error_found = true;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  if ((dto.length > 0) && (dto != "' . AS_FORMAT_STRING . '")) {' . "\n" . '    if (!IsValidDate(dto, "' . AS_FORMAT_STRING_JS . '")) {' . "\n" . '      error_message = error_message + "* ' . ERROR_INVALID_TO_DATE . '\\n";' . "\n" . '      error_field = document.advanced_search_and_results.dto;' . "\n" . '      error_found = true;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  if ((dfrom.length > 0) && (dfrom != "' . AS_FORMAT_STRING . '") && (IsValidDate(dfrom, "' . AS_FORMAT_STRING_JS . '")) && (dto.length > 0) && (dto != "' . AS_FORMAT_STRING . '") && (IsValidDate(dto, "' . AS_FORMAT_STRING_JS . '"))) {' . "\n" . '    if (IsValidDate(dfrom, "' . AS_FORMAT_STRING_JS . '", true) > IsValidDate(dto, "' . AS_FORMAT_STRING_JS . '", true)) {' . "\n" . '      error_message = error_message + "* ' . ERROR_TO_DATE_LESS_THAN_FROM_DATE . '\\n";' . "\n" . '      error_field = document.advanced_search_and_results.dto;' . "\n" . '      error_found = true;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  if (pfrom.length > 0) {' . "\n" . '    pfrom_float = parseFloat(pfrom);' . "\n" . '    if (isNaN(pfrom_float)) {' . "\n" . '      error_message = error_message + "* ' . ERROR_PRICE_FROM_MUST_BE_NUM . '\\n";' . "\n" . '      error_field = document.advanced_search_and_results.pfrom;' . "\n" . '      error_found = true;' . "\n" . '    }' . "\n" . '  } else {' . "\n" . '    pfrom_float = 0;' . "\n" . '  }' . "\n\n" . '  if (pto.length > 0) {' . "\n" . '    pto_float = parseFloat(pto);' . "\n" . '    if (isNaN(pto_float)) {' . "\n" . '      error_message = error_message + "* ' . ERROR_PRICE_TO_MUST_BE_NUM . '\\n";' . "\n" . '      error_field = document.advanced_search_and_results.pto;' . "\n" . '      error_found = true;' . "\n" . '    }' . "\n" . '  } else {' . "\n" . '    pto_float = 0;' . "\n" . '  }' . "\n\n" . '  if ( (pfrom.length > 0) && (pto.length > 0) ) {' . "\n" . '    if ( (!isNaN(pfrom_float)) && (!isNaN(pto_float)) && (pto_float <= pfrom_float) ) {' . "\n" . '      error_message = error_message + "* ' . ERROR_PRICE_TO_LESS_THAN_PRICE_FROM . '\\n";' . "\n" . '      error_field = document.advanced_search_and_results.pto;' . "\n" . '      error_found = true;' . "\n" . '    }' . "\n" . '  }' . "\n\n" . '  if (error_found == true) {' . "\n" . '    alert(error_message);' . "\n" . '    error_field.focus();' . "\n" . '    return false;' . "\n" . '  } else {' . "\n" . '    $( "#id_dfrom, #id_dto" ).datepicker( "destroy" );' . "\n" . '    RemoveFormatString(document.advanced_search_and_results.dfrom, "' . AS_FORMAT_STRING . '");' . "\n" . '    RemoveFormatString(document.advanced_search_and_results.dto, "' . AS_FORMAT_STRING . '");' . "\n" . '    $( "#id_dfrom, #id_dto" ).blur();' . "\n" . '    return true;' . "\n" . '  }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
 require DIR_WS_INCLUDES . 'html_header.php';
 require DIR_WS_INCLUDES . 'boxes.php';
 require DIR_WS_INCLUDES . 'header.php';
 require DIR_WS_INCLUDES . 'footer.php';
 $search_in_description = $_GET['sid'];
 if ($messageStack->size('search') > 0) {
     $smarty->assign('message_stack', $messageStack->output('search'));
     $smarty->assign('message_stack_error', $messageStack->output('search', 'error'));
     $smarty->assign('message_stack_warning', $messageStack->output('search', 'warning'));
     $smarty->assign('message_stack_success', $messageStack->output('search', 'success'));
 }
 $popup_status_query = xos_db_query("select status from " . TABLE_CONTENTS . "  where type = 'system_popup' and status = '1' and content_id = '9' LIMIT 1");
 $smarty->assign(array('form_begin' => xos_draw_form('advanced_search_and_results', xos_href_link(FILENAME_ADVANCED_SEARCH_AND_RESULTS, '', 'NONSSL', false), 'post', 'onsubmit="return check_form(this);"'), 'hide_session_id' => xos_hide_session_id(), 'input_field_keywords' => xos_draw_input_field('keywords', stripslashes($_GET['keywords']), 'class="form-control" id="keywords"'), 'checkbox_search_in_description' => xos_draw_checkbox_field('sid', '1', $action && !isset($_GET['sid']) ? false : true, 'id="search_in_description"'), 'link_filename_advanced_search_and_results' => xos_href_link(FILENAME_ADVANCED_SEARCH_AND_RESULTS), 'link_filename_popup_content_9' => xos_db_num_rows($popup_status_query) ? xos_href_link(FILENAME_POPUP_CONTENT, 'co=9', $request_type) : '', 'categories_pull_down_menu' => xos_draw_pull_down_menu('copid', $categories_array, $_GET['copid'], 'class="form-control" id="categories_or_pages_id" onchange="UpdateManufacturers();"'), 'manufacturers_pull_down_menu' => xos_draw_pull_down_menu('_m', xos_get_manufacturers(array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS))), $_GET['_m'], 'class="form-control" id="manufacturers_id"'), 'input_field_pfrom' => xos_draw_input_field('pfrom', $_GET['pfrom'], 'class="form-control" id="pfrom"'), 'input_field_pto' => xos_draw_input_field('pto', $_GET['pto'], 'class="form-control" id="pto"'), 'input_field_dfrom' => xos_draw_input_field('dfrom', $_GET['dfrom'] ? $_GET['dfrom'] : AS_FORMAT_STRING, 'class="form-control" id="id_dfrom"'), 'input_field_dto' => xos_draw_input_field('dto', $_GET['dto'] ? $_GET['dto'] : AS_FORMAT_STRING, 'class="form-control" id="id_dto"'), 'body_tag_params' => 'onload="UpdateManufacturers();"', 'form_end' => '</form>'));
 ///////////////////////////////////////////////////////////
 if ($action && !$error) {
     is_numeric($_GET['mdsr']) && $_GET['mdsr'] >= 1 ? $_SESSION['mdsr'] = (int) $_GET['mdsr'] : '';
     if ($_GET['srv'] == 'list') {
         $_SESSION['srv'] = 'list';
     } elseif ($_GET['srv'] == 'grid') {
         $_SESSION['srv'] = 'grid';
     }
     if (PRODUCT_LISTS_FOR_SEARCH_RESULTS == 'B' && $_SESSION['srv'] != 'list' || $_SESSION['srv'] == 'grid') {
         $product_list_b = true;
         // create column list
         $define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_B_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_B_NAME, 'PRODUCT_LIST_INFO' => PRODUCT_LIST_B_INFO, 'PRODUCT_LIST_PACKING_UNIT' => PRODUCT_LIST_B_PACKING_UNIT, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_B_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_B_PRICE, 'PRODUCT_LIST_QUANTITY' => STOCK_CHECK == 'true' ? PRODUCT_LIST_B_QUANTITY : '', 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_B_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_B_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_B_BUY_NOW);
     } else {
         $product_list_b = false;
         // create column list
Exemple #9
0
//              You should have received a copy of the GNU General Public License
//              along with XOS-Shop.  If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_OFFLINE) == 'overwrite_all')) {
    header('HTTP/1.1 503 Service Temporarily Unavailable');
    header('Status: 503 Service Temporarily Unavailable');
    $_SESSION['navigation']->remove_current_page();
    require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE;
    $error = false;
    if (isset($_GET['action']) && $_GET['action'] == 'process') {
        $email_address = xos_db_prepare_input($_POST['email_address']);
        $password = xos_db_prepare_input($_POST['password']);
        // Check if email exists
        $check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
        if (!xos_db_num_rows($check_admin_query)) {
            $error = true;
        } else {
            $check_admin = xos_db_fetch_array($check_admin_query);
            // Check that password is good
            if (!xos_validate_password($password, $check_admin['login_password'])) {
                $error = true;
            } else {
                $_SESSION['access_allowed'] = true;
                xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
            }
        }
    }
    if ($error == true) {
        unset($_SESSION['access_allowed']);
        $messageStack->add('offline', TEXT_OFFLINE_ERROR);
//------------------------------------------------------------------------------
// this file is based on:
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: manufacturer_info.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/boxes/manufacturer_info.php') == 'overwrite_all')) {
    if (CACHE_LEVEL > 2 && (isset($_COOKIE[session_name()]) && !isset($_GET[session_name()]) || SESSION_FORCE_COOKIE_USE == 'true')) {
        $smarty->caching = 1;
        $cache_id = 'L3|box_manufacturer_info|' . $_SESSION['language'] . '-' . $_GET['lnc'] . '-' . $_GET[session_name()] . '-' . $session_started . '-' . SELECTED_TPL . '-' . $_SESSION['currency'] . '-' . $_GET['p'];
    }
    if (!$smarty->isCached(SELECTED_TPL . '/includes/boxes/manufacturers_info.tpl', $cache_id)) {
        $manufacturer_query = xos_db_query("select m.manufacturers_id, m.manufacturers_image, mi.manufacturers_name, mi.manufacturers_url from " . TABLE_MANUFACTURERS . " m left join " . TABLE_MANUFACTURERS_INFO . " mi on (m.manufacturers_id = mi.manufacturers_id and mi.languages_id = '" . (int) $_SESSION['languages_id'] . "'), " . TABLE_PRODUCTS . " p  where p.products_id = '" . (int) $_GET['p'] . "' and p.manufacturers_id = m.manufacturers_id");
        if (xos_db_num_rows($manufacturer_query)) {
            $manufacturer = xos_db_fetch_array($manufacturer_query);
            if (xos_not_null($manufacturer['manufacturers_image'])) {
                $smarty->assign('box_manufacturer_info_manufacturer_image', xos_image(DIR_WS_IMAGES . 'manufacturers/' . rawurlencode($manufacturer['manufacturers_image']), $manufacturer['manufacturers_name']));
            }
            if (xos_not_null($manufacturer['manufacturers_url'])) {
                $smarty->assign(array('box_manufacturer_info_link_to_the_manufacturer' => xos_href_link(FILENAME_REDIRECT, 'action=manufacturer&m=' . $manufacturer['manufacturers_id']), 'box_manufacturer_info_manufacturer_name' => $manufacturer['manufacturers_name']));
            }
            $smarty->assign(array('box_manufacturer_info_has_content' => true, 'box_manufacturer_info_link_filename_default' => xos_href_link(FILENAME_DEFAULT, 'm=' . $manufacturer['manufacturers_id'])));
        }
    }
    $output_manufacturer_info = $smarty->fetch(SELECTED_TPL . '/includes/boxes/manufacturers_info.tpl', $cache_id);
    $smarty->caching = 0;
    $smarty->assign('box_manufacturer_info', $output_manufacturer_info);
}
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_STATS_CUSTOMERS) == 'overwrite_all')) {
    require DIR_WS_CLASSES . 'currencies.php';
    $currencies = new currencies();
    $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
    require DIR_WS_INCLUDES . 'html_header.php';
    require DIR_WS_INCLUDES . 'header.php';
    require DIR_WS_INCLUDES . 'column_left.php';
    require DIR_WS_INCLUDES . 'footer.php';
    if (isset($_GET['page']) && $_GET['page'] > 1) {
        $rows = $_GET['page'] * MAX_DISPLAY_RESULTS - MAX_DISPLAY_RESULTS;
    }
    $customers_query_raw = "select c.customers_firstname, c.customers_lastname, sum(ot.value / o.currency_value) as ordersum from " . TABLE_CUSTOMERS . " c, " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id) where c.customers_id = o.customers_id and ot.class = 'ot_total' group by c.customers_id order by ordersum DESC";
    $customers_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $customers_query_raw, $customers_query_numrows, 'c.customers_id');
    // fix counted customers
    $customers_query_numrows = xos_db_query("select customers_id from " . TABLE_ORDERS . " group by customers_id");
    $customers_query_numrows = xos_db_num_rows($customers_query_numrows);
    $rows = 0;
    $customers_query = xos_db_query($customers_query_raw);
    $customers_array = array();
    while ($customers = xos_db_fetch_array($customers_query)) {
        $rows++;
        if (strlen($rows) < 2) {
            $rows = '0' . $rows;
        }
        $customers_array[] = array('link_filename_customers' => xos_href_link(FILENAME_CUSTOMERS, 'search=' . $customers['customers_lastname']), 'rows' => $rows, 'firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'ordersum' => $currencies->format($customers['ordersum']));
    }
    $smarty->assign(array('customers' => $customers_array, 'nav_bar_number' => $customers_split->display_count($customers_query_numrows, MAX_DISPLAY_RESULTS, $_GET['page'], TEXT_DISPLAY_NUMBER_OF_CUSTOMERS), 'nav_bar_result' => $customers_split->display_links($customers_query_numrows, MAX_DISPLAY_RESULTS, MAX_DISPLAY_PAGE_LINKS, $_GET['page'])));
    $smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'stats_customers');
    $output_stats_customers = $smarty->fetch(ADMIN_TPL . '/stats_customers.tpl');
    $smarty->assign('central_contents', $output_stats_customers);
    $smarty->display(ADMIN_TPL . '/frame.tpl');
Exemple #12
0
         $new_country_id = LAST_COUNTRY_ID + 1;
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . (int) $new_country_id . "', last_modified = now() where configuration_key = 'LAST_COUNTRY_ID'");
         xos_db_query("insert into " . TABLE_COUNTRIES . " (countries_id, countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id) values ('" . (int) $new_country_id . "', '" . xos_db_input($countries_name) . "', '" . xos_db_input($countries_iso_code_2) . "', '" . xos_db_input($countries_iso_code_3) . "', '" . (int) $address_format_id . "')");
         $smarty_cache_control->clearAllCache();
         xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $new_country_id));
         break;
     case 'save':
         $countries_id = xos_db_prepare_input($_GET['cID']);
         $countries_name = xos_db_prepare_input($_POST['countries_name']);
         $actual_countries_name = xos_db_prepare_input($_POST['actual_countries_name']);
         $countries_iso_code_2 = xos_db_prepare_input($_POST['countries_iso_code_2']);
         $countries_iso_code_3 = xos_db_prepare_input($_POST['countries_iso_code_3']);
         $address_format_id = xos_db_prepare_input($_POST['address_format_id']);
         if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) {
             $check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'");
             if (xos_db_num_rows($check_query) || $countries_name == '') {
                 xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name));
             }
         }
         xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'");
         $smarty_cache_control->clearAllCache();
         xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
         break;
     case 'deleteconfirm':
         $countries_id = xos_db_prepare_input($_GET['cID']);
         xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'");
         xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'");
         $smarty_cache_control->clearAllCache();
         xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
         break;
 }
     $messageStack->add('checkout_address', ENTRY_POST_CODE_ERROR);
     $smarty->assign('post_code_error', true);
 }
 if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
     $error = true;
     $messageStack->add('checkout_address', ENTRY_CITY_ERROR);
     $smarty->assign('city_error', true);
 }
 if (ACCOUNT_STATE == 'true') {
     $zone_id = 0;
     $check_query = xos_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'");
     $check = xos_db_fetch_array($check_query);
     $entry_state_has_zones = $check['total'] > 0;
     if ($entry_state_has_zones == true) {
         $zone_query = xos_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_name = '" . xos_db_input($state) . "'");
         if (xos_db_num_rows($zone_query) == 1) {
             $zone = xos_db_fetch_array($zone_query);
             $zone_id = $zone['zone_id'];
         } else {
             $error = true;
             $messageStack->add('checkout_address', ENTRY_STATE_ERROR_SELECT);
             $smarty->assign('state_error', true);
         }
     } else {
         if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
             $error = true;
             $messageStack->add('checkout_address', ENTRY_STATE_ERROR);
             $smarty->assign('state_error', true);
         }
     }
 }
//              GNU General Public License for more details.
//
//              You should have received a copy of the GNU General Public License
//              along with XOS-Shop.  If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: manufacturers.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/boxes/manufacturers.php') == 'overwrite_all')) {
    $manufacturers_query = xos_db_query("select distinct mi.manufacturers_id, mi.manufacturers_name from " . TABLE_MANUFACTURERS_INFO . " mi left join " . TABLE_PRODUCTS . " p on mi.manufacturers_id = p.manufacturers_id left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id = p2c.products_id left join " . TABLE_CATEGORIES_OR_PAGES . " c on p2c.categories_or_pages_id = c.categories_or_pages_id where c.categories_or_pages_status = '1' and p.products_status = '1' and mi.languages_id = '" . (int) $_SESSION['languages_id'] . "' order by mi.manufacturers_name");
    if ($number_of_rows = xos_db_num_rows($manufacturers_query)) {
        $manufacturers_content = '';
        $manufacturers_content_noscript = '';
        $manufacturers_array = array();
        if (MAX_MANUFACTURERS_LIST < 2) {
            $manufacturers_array[] = array('id' => '', 'text' => PULL_DOWN_DEFAULT);
        }
        while ($manufacturers = xos_db_fetch_array($manufacturers_query)) {
            $manufacturers_name = strlen($manufacturers['manufacturers_name']) > MAX_DISPLAY_MANUFACTURER_NAME_LEN ? (function_exists('mb_substr') ? mb_substr($manufacturers['manufacturers_name'], 0, MAX_DISPLAY_MANUFACTURER_NAME_LEN, 'UTF-8') : substr($manufacturers['manufacturers_name'], 0, MAX_DISPLAY_MANUFACTURER_NAME_LEN)) . '..' : $manufacturers['manufacturers_name'];
            $manufacturers_array[] = array('id' => xos_href_link(FILENAME_DEFAULT, 'm=' . $manufacturers['manufacturers_id']), 'text' => $manufacturers_name);
            if (isset($_GET['m']) && $_GET['m'] == $manufacturers['manufacturers_id']) {
                $manufacturers_name = '<b>' . $manufacturers_name . '</b>';
            }
            $manufacturers_content_noscript .= '<a href="' . xos_href_link(FILENAME_DEFAULT, 'm=' . $manufacturers['manufacturers_id']) . '">' . $manufacturers_name . '</a><br />';
        }
        $manufacturers_content_noscript = substr($manufacturers_content_noscript, 0, -6);
//
//              You should have received a copy of the GNU General Public License
//              along with XOS-Shop.  If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: also_purchased_products.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/modules/also_purchased_products.php') == 'overwrite_all')) {
    if (isset($_GET['p'])) {
        $orders_query = xos_db_query("select p.products_id, p.products_image, pd.products_name, pd.products_info, p.products_tax_class_id, p.products_price from " . TABLE_ORDERS_PRODUCTS . " opa, " . TABLE_ORDERS_PRODUCTS . " opb, " . TABLE_ORDERS . " o, " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and opa.products_id = '" . (int) $_GET['p'] . "' and opa.orders_id = opb.orders_id and opb.products_id != '" . (int) $_GET['p'] . "' and opb.products_id = p.products_id and opb.orders_id = o.orders_id and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_status = '1' group by p.products_id order by o.date_purchased desc limit " . MAX_DISPLAY_ALSO_PURCHASED);
        $num_products_ordered = xos_db_num_rows($orders_query);
        if ($num_products_ordered >= MIN_DISPLAY_ALSO_PURCHASED) {
            $also_purchased_products_array = array();
            while ($orders = xos_db_fetch_array($orders_query)) {
                $products_prices = xos_get_product_prices($orders['products_price']);
                $products_tax_rate = xos_get_tax_rate($orders['products_tax_class_id']);
                $orders_price_breaks_array = array();
                if (isset($products_prices[$customer_group_id][0])) {
                    $orders_product_price = $currencies->display_price($products_prices[$customer_group_id][0]['regular'], $products_tax_rate);
                    $products_prices[$customer_group_id]['special_status'] == 1 && $products_prices[$customer_group_id][0]['special'] > 0 ? $orders_product_price_special = $currencies->display_price($products_prices[$customer_group_id][0]['special'], $products_tax_rate) : ($orders_product_price_special = '');
                    $sizeof = count($products_prices[$customer_group_id]);
                    /*          
                              if ($sizeof > 2) {
                                $array_keys = array_keys($products_prices[$customer_group_id]);
                                for ($count=2, $n=$sizeof; $count<$n; $count++) {
                                  $qty = $array_keys[$count];
Exemple #16
0
//              or (at your option) any later version.
//
//              XOS-Shop is distributed in the hope that it will be useful,
//              but WITHOUT ANY WARRANTY; without even the implied warranty of
//              MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//              GNU General Public License for more details.
//
//              You should have received a copy of the GNU General Public License
//              along with XOS-Shop.  If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: counter.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
$counter_query = xos_db_query("select startdate, counter from " . TABLE_COUNTER);
if (!xos_db_num_rows($counter_query)) {
    $date_now = date('Ymd');
    xos_db_query("insert into " . TABLE_COUNTER . " (startdate, counter) values ('" . $date_now . "', '1')");
    $counter_startdate = $date_now;
    $counter_now = 1;
} else {
    $counter = xos_db_fetch_array($counter_query);
    $counter_startdate = $counter['startdate'];
    $counter_now = $counter['counter'] + 1;
    xos_db_query("update " . TABLE_COUNTER . " set counter = '" . $counter_now . "'");
}
$counter_startdate_formatted = xos_date_format(DATE_FORMAT_LONG, mktime(0, 0, 0, substr($counter_startdate, 4, 2), substr($counter_startdate, -2), substr($counter_startdate, 0, 4)));
Exemple #17
0
 $product_image = xos_get_product_images($product['products_image']);
 // first lets take care of the DB update.
 if ($_POST) {
     foreach ($_POST as $key_a => $value_a) {
         xos_db_connect();
         $query = "UPDATE " . TABLE_PRODUCTS_XSELL . " SET sort_order = '" . $value_a . "' WHERE products_id ='" . $product['products_id'] . "' and xsell_id= '{$key_a}' ";
         if ($value_a != 'Update') {
             if (!xos_db_query($query)) {
                 exit('Could not UPDATE DB');
             }
         }
     }
     $smarty_cache_control->clearCache(null, 'L3|cc_product_info');
 }
 $cross_query = xos_db_query("select xsell_id, sort_order from " . TABLE_PRODUCTS_XSELL . " WHERE products_id = '" . $_GET['add_related_product_ID'] . "' ORDER BY sort_order");
 $ordering_size = xos_db_num_rows($cross_query);
 $cross_products_array = array();
 while ($cross = xos_db_fetch_array($cross_query)) {
     $cross_products_query = xos_db_query("select a.products_id, a.products_status, b.products_name, a.products_model, a.products_image from " . TABLE_PRODUCTS . " a, " . TABLE_PRODUCTS_DESCRIPTION . " b where b.products_id = a.products_id and b.language_id = '" . (int) $_SESSION['used_lng_id'] . "' and a.products_id = " . $cross['xsell_id'] . "");
     $cross_products = xos_db_fetch_array($cross_products_query);
     $select = '<select name="' . $cross_products['products_id'] . '">';
     for ($y = 1; $y <= $ordering_size; $y++) {
         $select .= '<option value="' . $y . '"';
         if (!strcmp($y, $cross['sort_order'])) {
             $select .= ' selected="selected"';
         }
         $select .= '>' . $y . '</option>';
     }
     $select .= '</select>';
     if ($cross_products['products_status'] == '1') {
         $products_status_image = xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_green.gif', ICON_TITLE_STATUS_GREEN);
    require DIR_WS_INCLUDES . 'header.php';
    require DIR_WS_INCLUDES . 'column_left.php';
    require DIR_WS_INCLUDES . 'footer.php';
    $whos_online_query = xos_db_query("select customer_id, full_name, ip_address, time_entry, time_last_click, last_page_url, session_id from " . TABLE_WHOS_ONLINE);
    $whos_online_array = array();
    while ($whos_online = xos_db_fetch_array($whos_online_query)) {
        $time_online = time() - $whos_online['time_entry'];
        if ((!isset($_GET['info']) || isset($_GET['info']) && $_GET['info'] == $whos_online['session_id'] . $whos_online['ip_address']) && !isset($info)) {
            $info = $whos_online['session_id'] . $whos_online['ip_address'];
        }
        $selected = false;
        if ($whos_online['session_id'] . $whos_online['ip_address'] == $info) {
            $info = $whos_online['session_id'];
            $selected = true;
        }
        $last_page_url = '';
        if (preg_match('/^(.*)XOSsid[=|\\/]+[a-z,0-9]+[&|\\/]?(.*)/i', $whos_online['last_page_url'], $array)) {
            $last_page_url = $array[1] . $array[2];
        } else {
            $last_page_url = $whos_online['last_page_url'];
        }
        $whos_online_array[] = array('selected' => $selected, 'link_filename_whos_online' => xos_href_link(FILENAME_WHOS_ONLINE, xos_get_all_get_params(array('info', 'action')) . 'info=' . $whos_online['session_id'] . $whos_online['ip_address']), 'time_online' => gmdate('H:i:s', $time_online), 'customer_id' => $whos_online['customer_id'], 'full_name' => $whos_online['full_name'], 'ip_address' => $whos_online['ip_address'], 'time_entry' => date('H:i:s', $whos_online['time_entry']), 'time_last_click' => date('H:i:s', $whos_online['time_last_click']), 'last_page_url' => strlen($last_page_url) > 50 ? "<abbr title=\"" . htmlspecialchars($last_page_url) . "\">" . substr(htmlspecialchars($last_page_url), 0, 50) . "&nbsp;</abbr>" : htmlspecialchars($last_page_url));
    }
    $smarty->assign(array('whos_online' => $whos_online_array, 'text_number_of_customers' => sprintf(TEXT_NUMBER_OF_CUSTOMERS, xos_db_num_rows($whos_online_query))));
    require DIR_WS_BOXES . 'infobox_whos_online.php';
    $smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'whos_online');
    $output_whos_online = $smarty->fetch(ADMIN_TPL . '/whos_online.tpl');
    $smarty->assign('central_contents', $output_whos_online);
    $smarty->display(ADMIN_TPL . '/frame.tpl');
    require DIR_WS_INCLUDES . 'application_bottom.php';
}
//------------------------------------------------------------------------------
// this file is based on:
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: products_attributes.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/includes/modules/attributes_values.php') == 'overwrite_all')) {
    if ($action == 'delete_option_value') {
        // delete product option value
        $values = xos_db_query("select products_options_values_id, products_options_values_name from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where products_options_values_id = '" . (int) $_GET['value_id'] . "' and language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
        $values_values = xos_db_fetch_array($values);
        $products = xos_db_query("select distinct p.products_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_ATTRIBUTES . " pa, " . TABLE_PRODUCTS_DESCRIPTION . " pd where pd.products_id = p.products_id and pd.language_id = '" . (int) $_SESSION['used_lng_id'] . "' and pa.products_id = p.products_id and pa.options_values_id='" . (int) $_GET['value_id'] . "' order by pd.products_name");
        if (xos_db_num_rows($products)) {
            $rows = 0;
            $products_value = array();
            while ($products_values = xos_db_fetch_array($products)) {
                $rows++;
                $products_value[] = array('id' => $products_values['products_id'], 'name' => $products_values['products_name']);
            }
            $smarty->assign(array('products_linked' => true, 'products' => $products_value, 'link_filename_products_attributes' => xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string)));
        } else {
            $smarty->assign(array('link_filename_products_attributes' => xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string), 'link_filename_products_attributes_delete' => xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'action=delete_value&value_id=' . $_GET['value_id'] . '&options_page=1&' . $parameter_string)));
        }
        $smarty->assign(array('delete_option_value' => true, 'products_options_values_name' => $values_values['products_options_values_name']));
    } else {
        $options_value_error_array = unserialize(stripslashes(urldecode($_GET['options_value_error'])));
        $options_value_array = unserialize(stripslashes(urldecode($_GET['options_value'])));
        $set_empty = false;
Exemple #20
0
     if (!$gv_email->send()) {
         $mailer_error = true;
         $messageStack->add_session('header', sprintf(ERROR_PHP_MAILER, $gv_email->ErrorInfo, $mail_sent_to), 'error');
     } else {
         // Now create the coupon email entry
         xos_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $amount . "', now())");
         $insert_id = xos_db_insert_id();
         xos_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $mail_sent_to . "', now() )");
     }
     $_SESSION['used_lng_id'] = $used_lang_id;
 } else {
     $used_lang_id = $_SESSION['used_lng_id'];
     while ($mail = xos_db_fetch_array($mail_query)) {
         $id1 = create_coupon_code($mail['customers_email_address']);
         $languages_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $mail['language_id'] . "'");
         if (!xos_db_num_rows($languages_query)) {
             $lang_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
             $languages = xos_db_fetch_array($lang_query);
         } else {
             $languages = xos_db_fetch_array($languages_query);
         }
         $_SESSION['used_lng_id'] = $languages['languages_id'];
         $currencies = new currencies();
         if (EMAIL_USE_HTML == 'true') {
             $smarty_gv_email->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => $languages['code'], 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG_IMAGES . 'email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . DEFAULT_TPL . '/') . EMAIL_SHOP_LOGO, 'gv_message' => $message, 'gv_id' => $id1, 'gv_amount' => $currencies->format($amount), 'link_shop' => xos_catalog_href_link(), 'link_gv_redeem' => xos_catalog_href_link(FILENAME_CATALOG_GV_REDEEM, 'gv_no=' . $id1, 'SSL')));
             $smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_html');
             $output_gv_email_html = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_html.tpl');
             $smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_text');
             $output_gv_email_text = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_text.tpl');
             $gv_email->isHTML(true);
             $gv_email->Body = $output_gv_email_html;
    $order_totals_array = array();
    for ($i = 0, $n = sizeof($order->totals); $i < $n; $i++) {
        $order_totals_array[] = array('totals_title' => $order->totals[$i]['title'], 'totals_text' => $order->totals[$i]['text'], 'totals_tax' => $order->totals[$i]['class'] == 'ot_shipping' || $order->totals[$i]['class'] == 'ot_loworderfee' || $order->totals[$i]['class'] == 'ot_cod_fee' ? xos_display_tax_value($order->totals[$i]['tax']) : -1);
    }
    $statuses_query = xos_db_query("select os.orders_status_name, osh.date_added, osh.comments from " . TABLE_ORDERS_STATUS . " os, " . TABLE_ORDERS_STATUS_HISTORY . " osh where osh.orders_id = '" . (int) $_GET['order_id'] . "' and osh.orders_status_id = os.orders_status_id and os.language_id = '" . (int) $_SESSION['languages_id'] . "' and os.public_flag = '1' order by osh.date_added, osh.orders_status_history_id");
    $statuses_array = array();
    while ($statuses = xos_db_fetch_array($statuses_query)) {
        $statuses_array[] = array('order_date_added' => xos_date_short($statuses['date_added']), 'order_status_name' => $statuses['orders_status_name'], 'order_comments' => empty($statuses['comments']) ? '&nbsp;' : nl2br(xos_output_string_protected($statuses['comments'])));
    }
    $back = sizeof($_SESSION['navigation']->path) - 2;
    if (!empty($_SESSION['navigation']->path[$back])) {
        $get_params_array = $_SESSION['navigation']->path[$back]['get'];
        $get_params_array['rmp'] = '0';
        $back_link = xos_href_link($_SESSION['navigation']->path[$back]['page'], xos_array_to_query_string($get_params_array, array('action', xos_session_name())), $_SESSION['navigation']->path[$back]['mode']);
    } else {
        $back_link = 'javascript:history.go(-1)';
    }
    $smarty->assign(array('order_id' => $_GET['order_id'], 'orders_status' => $order->info['orders_status'], 'date_purchased' => xos_date_long($order->info['date_purchased']), 'order_total' => $order->info['total'], 'order_products' => $order_products_array, 'billing_address' => xos_address_format($order->billing['format_id'], $order->billing, 1, ' ', '<br />'), 'payment_method' => $order->info['payment_method'], 'order_totals' => $order_totals_array, 'statuses' => $statuses_array, 'link_back' => $back_link));
    $smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'account_history_info');
    $language_directory_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where use_in_id > '1' and directory = '" . $order->info['language_directory'] . "'");
    if (xos_db_num_rows($language_directory_query)) {
        $smarty->configLoad('languages/' . $order->info['language_directory'] . '.conf', 'order_info');
    }
    if (DOWNLOAD_ENABLED == 'true') {
        include DIR_WS_MODULES . 'downloads.php';
    }
    $output_account_history_info = $smarty->fetch(SELECTED_TPL . '/account_history_info.tpl');
    $smarty->assign('central_contents', $output_account_history_info);
    $smarty->display(SELECTED_TPL . '/frame.tpl');
    require DIR_WS_INCLUDES . 'application_bottom.php';
}
             $contents[] = array('text' => '<br />' . sprintf(TEXT_INFO_ZONES_NAME_ERROR, $_GET['error_name']) . '<br />');
         }
     }
     $contents[] = array('text' => '<br />' . TEXT_INFO_ZONES_NAME . '<br />' . xos_draw_input_field('zone_name', isset($_GET['zone_name']) ? $_GET['zone_name'] : $cInfo->zone_name) . xos_draw_hidden_field('actual_zone_name', $cInfo->zone_name));
     $contents[] = array('text' => '<br />' . TEXT_INFO_ZONES_CODE . '<br />' . xos_draw_input_field('zone_code', isset($_GET['zone_code']) ? $_GET['zone_code'] : $cInfo->zone_code));
     if (!xos_db_num_rows($check_query) && STORE_ZONE != $cInfo->zone_id) {
         $contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY_NAME . '<br />' . xos_draw_pull_down_menu('zone_country_id', xos_get_countries(), isset($_GET['zone_country_id']) ? $_GET['zone_country_id'] : $cInfo->countries_id, 'style="font-size:9px"') . xos_draw_hidden_field('actual_zone_country_id', $cInfo->countries_id));
     } else {
         $contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY_NAME . '<br /><b>' . $cInfo->countries_name . '</b>' . xos_draw_hidden_field('zone_country_id', $cInfo->countries_id) . xos_draw_hidden_field('actual_zone_country_id', $cInfo->countries_id));
     }
     $contents[] = array('text' => '<br /><a href="" onclick="zones.submit(); return false" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_UPDATE . ' "><span>' . BUTTON_TEXT_UPDATE . '</span></a><a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id) . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_CANCEL . ' "><span>' . BUTTON_TEXT_CANCEL . '</span></a><br />&nbsp;');
     break;
 case 'delete':
     $check_query = xos_db_query("select ab.entry_zone_id, zgz.zone_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_ZONES_TO_GEO_ZONES . " zgz where ab.entry_zone_id = '" . (int) $cInfo->zone_id . "' or zgz.zone_id = '" . (int) $cInfo->zone_id . "' LIMIT 1");
     $heading_title = '<b>' . TEXT_INFO_HEADING_DELETE_ZONE . '</b>';
     if (!xos_db_num_rows($check_query) && STORE_ZONE != $cInfo->zone_id) {
         $form_tag = xos_draw_form('zones', FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id . '&action=deleteconfirm');
         $contents[] = array('text' => TEXT_INFO_DELETE_INTRO);
         $contents[] = array('text' => '<br /><b>' . $cInfo->zone_name . '</b>');
         $contents[] = array('text' => '<br /><a href="" onclick="zones.submit(); return false" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_DELETE . ' "><span>' . BUTTON_TEXT_DELETE . '</span></a><a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id) . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_CANCEL . ' "><span>' . BUTTON_TEXT_CANCEL . '</span></a><br />&nbsp;');
     } else {
         $contents[] = array('text' => TEXT_INFO_DELETE_NOT_ALLOWED . '<br /><br />');
         $contents[] = array('text' => '<br /><a href="' . xos_href_link(FILENAME_ZONES, xos_get_all_get_params(array('action'))) . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_BACK . ' "><span>' . BUTTON_TEXT_BACK . '</span></a><br />&nbsp;');
     }
     break;
 default:
     if (isset($cInfo) && is_object($cInfo)) {
         $heading_title = '<b>' . $cInfo->zone_name . '</b>';
         $contents[] = array('text' => '<a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id . '&action=edit') . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_EDIT . ' "><span>' . BUTTON_TEXT_EDIT . '</span></a><a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id . '&action=delete') . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_DELETE . ' "><span>' . BUTTON_TEXT_DELETE . '</span></a>');
         $contents[] = array('text' => '<br />' . TEXT_INFO_ZONES_NAME . '<br />' . $cInfo->zone_name . ' (' . $cInfo->zone_code . ')');
         $contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY_NAME . ' ' . $cInfo->countries_name);
Exemple #23
0
         $modules_array[] = array('selected' => $selected, 'installed' => $installed, 'link_filename_modules' => $link_filename_modules, 'title' => $module->title, 'sort_order' => $sort_order);
     }
 }
 ksort($installed_modules);
 $check_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = '" . $module_key . "'");
 if (xos_db_num_rows($check_query)) {
     $check = xos_db_fetch_array($check_query);
     if ($check['configuration_value'] != implode(';', $installed_modules)) {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $installed_modules) . "', last_modified = now() where configuration_key = '" . $module_key . "'");
     }
 } else {
     xos_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('" . $module_key . "', '" . implode(';', $installed_modules) . "', '6', '0', now())");
 }
 if ($template_integration == true) {
     $check_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'TEMPLATE_BLOCK_GROUPS'");
     if (xos_db_num_rows($check_query)) {
         $check = xos_db_fetch_array($check_query);
         $tbgroups_array = explode(';', $check['configuration_value']);
         if (!in_array($module_type, $tbgroups_array)) {
             $tbgroups_array[] = $module_type;
             sort($tbgroups_array);
             xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $tbgroups_array) . "', last_modified = now() where configuration_key = 'TEMPLATE_BLOCK_GROUPS'");
         }
     } else {
         xos_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('TEMPLATE_BLOCK_GROUPS', '" . $module_type . "', '6', '0', now())");
     }
 }
 $smarty->assign(array('modules' => $modules_array, 'directory_path' => $module_directory, 'heading_title' => HEADING_TITLE));
 require DIR_WS_BOXES . 'infobox_modules.php';
 $smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'modules');
 $output_modules = $smarty->fetch(ADMIN_TPL . '/modules.tpl');
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!$is_shop) {
    xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_PRODUCT_REVIEWS_WRITE) == 'overwrite_all')) {
    if (PRODUCT_REVIEWS_ENABLED != 'true') {
        xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
    } elseif (!isset($_SESSION['customer_id'])) {
        $_SESSION['navigation']->remove_current_page();
        $_SESSION['navigation']->set_snapshot();
        xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL'));
    }
    $product_info_query = xos_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name, pd.products_p_unit from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and p.products_id = '" . (int) $_GET['p'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'");
    if (!xos_db_num_rows($product_info_query)) {
        xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action'))), false);
    } else {
        $product_info = xos_db_fetch_array($product_info_query);
        $products_image_name = xos_get_product_images($product_info['products_image'], 'all');
    }
    $customer_query = xos_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
    $customer = xos_db_fetch_array($customer_query);
    if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
        $rating = xos_db_prepare_input($_POST['rating']);
        $review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000));
        $error = false;
        if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
            $error = true;
            $messageStack->add('review', JS_REVIEW_TEXT);
        }
         $regular_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['regular']);
         $special_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['special']);
     } else {
         $regular_price = $default_price;
         $special_price = $default_special_price;
         $special_expires_date = $default_special_expires_date;
         $product_special_status = $default_product_special_status;
     }
     $price_count_query = xos_db_query("select products_id from " . TABLE_PRODUCTS_PRICES . " where products_id = '" . (int) $products_id . "' and customers_group_id = '" . $customers_group['customers_group_id'] . "'");
     if (xos_db_num_rows($price_count_query)) {
         xos_db_query("update " . TABLE_PRODUCTS_PRICES . " set customers_group_price = '" . $regular_price . "' where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
     } else {
         xos_db_query("insert into " . TABLE_PRODUCTS_PRICES . " (products_id, customers_group_id, customers_group_price) values ('" . (int) $products_id . "', '" . $customers_group['customers_group_id'] . "', '" . $regular_price . "')");
     }
     $special_price_count_query = xos_db_query("select products_id from " . TABLE_SPECIALS . " where products_id = '" . (int) $products_id . "' and customers_group_id = '" . $customers_group['customers_group_id'] . "'");
     if (xos_db_num_rows($special_price_count_query)) {
         if ($special_price > 0) {
             xos_db_perform(TABLE_SPECIALS, array('specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'), 'update', "customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
         } else {
             xos_db_query("delete from " . TABLE_SPECIALS . " where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
         }
     } else {
         if ($special_price > 0) {
             xos_db_perform(TABLE_SPECIALS, array('products_id' => (int) $products_id, 'customers_group_id' => $customers_group['customers_group_id'], 'specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'));
         }
     }
 }
 if (isset($_POST['attributes_price_array'])) {
     $attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array']));
     foreach ($attributes_price_array as $key => $value) {
         if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) {
     $selected = false;
     if (is_object($cInfo) && $cc_list['coupon_id'] == $cInfo->coupon_id) {
         $selected = true;
         $link_filename_coupon_admin_edit = xos_href_link(FILENAME_COUPON_ADMIN, xos_get_all_get_params(array('cid', 'action')) . 'cid=' . $cInfo->coupon_id . '&action=edit');
     }
     $coupon_description_query = xos_db_query("select coupon_name from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $cc_list['coupon_id'] . "' and language_id = '" . $_SESSION['languages_id'] . "'");
     $coupon_desc = xos_db_fetch_array($coupon_description_query);
     if ($cc_list['coupon_type'] == 'P') {
         // not floating point value, don't display decimal info
         $coupon_amount = ($cc_list['coupon_amount'] == round($cc_list['coupon_amount']) ? number_format($cc_list['coupon_amount']) : number_format($cc_list['coupon_amount'], 2)) . '%';
     } elseif ($cc_list['coupon_type'] == 'S') {
         $coupon_amount = TEXT_FREE_SHIPPING;
     } else {
         $coupon_amount = $currencies->format($cc_list['coupon_amount']);
     }
     $redemptions = xos_db_num_rows($redeem_query);
     $coupon_status = false;
     if ($cc_list['coupon_active'] == 'Y') {
         $coupon_status = true;
     }
     $cc_list_array[] = array('selected' => $selected, 'status' => $coupon_status, 'name' => $coupon_desc['coupon_name'], 'amount' => $coupon_amount, 'code' => $cc_list['coupon_code'], 'redemptions' => $redemptions, 'icon_status_green' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_green.gif', ICON_TITLE_STATUS_GREEN), 'icon_status_red' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_red.gif', ICON_TITLE_STATUS_RED), 'icon_status_green_light' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_green_light.gif', ICON_TITLE_STATUS_GREEN_LIGHT), 'icon_status_red_light' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_red_light.gif', ICON_TITLE_STATUS_RED_LIGHT), 'link_filename_coupon_admin_action_setflag_N' => xos_href_link(FILENAME_COUPON_ADMIN, 'action=setflag&flag=N&cid=' . $cc_list['coupon_id']), 'link_filename_coupon_admin_action_setflag_Y' => xos_href_link(FILENAME_COUPON_ADMIN, 'action=setflag&flag=Y&cid=' . $cc_list['coupon_id']), 'link_filename_coupon_admin' => xos_href_link(FILENAME_COUPON_ADMIN, xos_get_all_get_params(array('cid', 'action')) . 'cid=' . $cc_list['coupon_id']), 'link_filename_coupon_admin_edit' => $link_filename_coupon_admin_edit);
 }
 $smarty->assign('cc_list', $cc_list_array);
 $status_array[] = array('id' => 'Y', 'text' => TEXT_COUPON_ACTIVE);
 $status_array[] = array('id' => 'N', 'text' => TEXT_COUPON_INACTIVE);
 $status_array[] = array('id' => 'R', 'text' => TEXT_COUPON_REDEEMED);
 $status_array[] = array('id' => '*', 'text' => TEXT_COUPON_ALL);
 if ($_GET['status']) {
     $status = xos_db_prepare_input($_GET['status']);
 } else {
     // Changed from "Y" to "*" to see the Red Active and the Green Inactive status
                     }
                     $sql_data_array['customers_default_address_id'] = $new_address_book_id;
                     xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
                     $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success');
                 }
             }
         }
         if (isset($_POST['primary']) && $_POST['primary'] == 'on') {
             $smarty->clearAllCache();
         }
         xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
     }
 }
 if (isset($_GET['edit']) && is_numeric($_GET['edit'])) {
     $entry_query = xos_db_query("select entry_gender, entry_company, entry_company_tax_id, entry_firstname, entry_lastname, entry_street_address, entry_suburb, entry_postcode, entry_city, entry_state, entry_zone_id, entry_country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_GET['edit'] . "'");
     if (!xos_db_num_rows($entry_query)) {
         $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);
         xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
     }
     $entry = xos_db_fetch_array($entry_query);
 } elseif (isset($_GET['delete']) && is_numeric($_GET['delete'])) {
     if ($_GET['delete'] == $_SESSION['customer_default_address_id']) {
         $messageStack->add_session('addressbook', WARNING_PRIMARY_ADDRESS_DELETION, 'warning');
         xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
     } else {
         $check_query = xos_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int) $_GET['delete'] . "' and customers_id = '" . (int) $_SESSION['customer_id'] . "'");
         $check = xos_db_fetch_array($check_query);
         if ($check['total'] < 1) {
             $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);
             xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
         }
Exemple #28
0
             $existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => '&nbsp;' . $existing_customers['customers_group_name'] . '&nbsp;');
             ++$index;
         }
     }
     if ($processed == true) {
         $customer_group_name_query = xos_db_query("select customers_group_name as name from " . TABLE_CUSTOMERS_GROUPS . " where customers_group_id = '" . $cInfo->customers_group_id . "'");
         $customer_group_name = xos_db_fetch_array($customer_group_name_query);
         $smarty->assign('customers_group_id_in_out_values', $customer_group_name['name'] . xos_draw_hidden_field('customers_group_id'));
     } else {
         $smarty->assign('customers_group_id_in_out_values', xos_draw_pull_down_menu('customers_group_id', $existing_customers_array, $cInfo->customers_group_id));
     }
     if ($processed == true) {
         $smarty->assign(array('several_lng_in_admin' => false, 'comments_in_out_values' => nl2br($cInfo->customers_comments) . xos_draw_hidden_field('customers_comments')));
     } else {
         $lng_query = xos_db_query("select languages_id from " . TABLE_LANGUAGES . " where use_in_id <> '2'");
         $smarty->assign(array('several_lng_in_admin' => xos_db_num_rows($lng_query) > 1 ? true : false, 'comments_in_out_values' => xos_draw_textarea_field('customers_comments', '80', '10', $cInfo->customers_comments)));
     }
     $smarty->assign(array('edit_or_update' => true, 'form_begin_customers' => xos_draw_form('customers', FILENAME_CUSTOMERS, xos_get_all_get_params(array('action')) . 'action=update', 'post', 'onsubmit="return check_form();"'), 'hidden_default_address_id' => xos_draw_hidden_field('default_address_id', $cInfo->customers_default_address_id), 'link_filename_customers' => xos_href_link(FILENAME_CUSTOMERS, xos_get_all_get_params(array('action'))), 'form_end' => '</form>'));
 } else {
     switch ($_GET['listing']) {
         case "id-asc":
             $order = "c.customers_id";
             break;
         case "cg_name":
             $order = "cg.customers_group_name, c.customers_lastname";
             break;
         case "cg_name-desc":
             $order = "cg.customers_group_name DESC, c.customers_lastname";
             break;
         case "firstname":
             $order = "c.customers_firstname";
//
//              You should have received a copy of the GNU General Public License
//              along with XOS-Shop.  If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: xsell_products.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/modules/xsell_products.php') == 'overwrite_all')) {
    if (isset($_GET['p'])) {
        $xsell_query = xos_db_query("select distinct p.products_id, p.products_image, pd.products_name, pd.products_info, p.products_tax_class_id, p.products_price from " . TABLE_PRODUCTS_XSELL . " xp, " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where xp.products_id = '" . (int) $_GET['p'] . "' and xp.xsell_id = p.products_id and p.products_id = pd.products_id and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_status = '1' and c.categories_or_pages_status = '1' order by xp.sort_order ");
        $num_products_xsell = xos_db_num_rows($xsell_query);
        if ($num_products_xsell > 0) {
            $xsell_products_array = array();
            while ($xsell = xos_db_fetch_array($xsell_query)) {
                $products_prices = xos_get_product_prices($xsell['products_price']);
                $products_tax_rate = xos_get_tax_rate($xsell['products_tax_class_id']);
                $xsell_price_breaks_array = array();
                if (isset($products_prices[$customer_group_id][0])) {
                    $xsell_product_price = $currencies->display_price($products_prices[$customer_group_id][0]['regular'], $products_tax_rate);
                    $products_prices[$customer_group_id]['special_status'] == 1 && $products_prices[$customer_group_id][0]['special'] > 0 ? $xsell_product_price_special = $currencies->display_price($products_prices[$customer_group_id][0]['special'], $products_tax_rate) : ($xsell_product_price_special = '');
                    $sizeof = count($products_prices[$customer_group_id]);
                    /*          
                              if ($sizeof > 2) {
                                $array_keys = array_keys($products_prices[$customer_group_id]);
                                for ($count=2, $n=$sizeof; $count<$n; $count++) {
                                  $qty = $array_keys[$count];
//
//              You should have received a copy of the GNU General Public License
//              along with XOS-Shop.  If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: product_notifications.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/boxes/product_notifications.php') == 'overwrite_all')) {
    if (isset($_GET['p'])) {
        $allowed_product_query = xos_db_query("select p.products_id total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES_OR_PAGES . " c where p.products_id = '" . (int) $_GET['p'] . "' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and c.categories_or_pages_status = '1' and p.products_status = '1'");
        if (xos_db_num_rows($allowed_product_query)) {
            if (isset($_SESSION['customer_id'])) {
                $check_query = xos_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . (int) $_GET['p'] . "' and customers_id = '" . (int) $_SESSION['customer_id'] . "'");
                $check = xos_db_fetch_array($check_query);
                $notification_exists = $check['count'] > 0 ? true : false;
            } else {
                $notification_exists = false;
            }
            if ($notification_exists == true) {
                $smarty->assign(array('box_product_notifications_notification_exists' => true, 'box_product_notifications_link_notify_notify_remove' => xos_href_link(basename($_SERVER['PHP_SELF']), xos_get_all_get_params(array('action', 'lnc', 'cur', 'tpl')) . 'action=notify_remove', $request_type), 'box_product_notifications_image' => xos_image(DIR_WS_IMAGES . 'catalog/templates/' . SELECTED_TPL . '/box_products_notifications_remove.gif', IMAGE_BUTTON_REMOVE_NOTIFICATIONS)));
            } else {
                $smarty->assign(array('box_product_notifications_notification_exists' => false, 'box_product_notifications_link_notify_notify_remove' => xos_href_link(basename($_SERVER['PHP_SELF']), xos_get_all_get_params(array('action', 'lnc', 'cur', 'tpl')) . 'action=notify', $request_type), 'box_product_notifications_image' => xos_image(DIR_WS_IMAGES . 'catalog/templates/' . SELECTED_TPL . '/box_products_notifications.gif', IMAGE_BUTTON_NOTIFICATIONS)));
            }
            $smarty->assign(array('box_product_notifications_link_filename_account_notifications' => xos_href_link(FILENAME_ACCOUNT_NOTIFICATIONS, '', 'SSL'), 'box_product_notifications_product_name' => xos_get_products_name($_GET['p'])));
            $output_product_notifications = $smarty->fetch(SELECTED_TPL . '/includes/boxes/product_notifications.tpl');
            $smarty->assign('box_product_notifications', $output_product_notifications);