function query($order_id)
{
$order_query = xos_db_query("select customers_c_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, AES_DECRYPT(cc_number, 'key_cc_number') AS cc_number, cc_expires, language_id, language_directory, currency, currency_value, date_purchased, orders_status, last_modified from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'");
$order = xos_db_fetch_array($order_query);
$this->info = array('language_id' => $order['language_id'], 'language_directory' => $order['language_directory'], 'currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'date_purchased' => $order['date_purchased'], 'orders_status' => $order['orders_status'], 'last_modified' => $order['last_modified']);
$this->customer = array('c_id' => $order['customers_c_id'], 'name' => $order['customers_name'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']);
$this->delivery = array('name' => $order['delivery_name'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']);
$this->billing = array('name' => $order['billing_name'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']);
$index = 0;
$orders_products_query = xos_db_query("select orders_products_id, products_id, products_model, products_name, products_p_unit, products_price, final_price, products_price_text, final_price_text, total_price_text, products_tax, products_quantity from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'");
while ($orders_products = xos_db_fetch_array($orders_products_query)) {
$this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'model' => $orders_products['products_model'], 'name' => $orders_products['products_name'], 'packaging_unit' => $orders_products['products_p_unit'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'final_price' => $orders_products['final_price'], 'price_formated' => $orders_products['products_price_text'], 'final_price_formated' => $orders_products['final_price_text'], 'total_price_formated' => $orders_products['total_price_text']);
$subindex = 0;
$attributes_query = xos_db_query("select products_options, products_options_values, options_values_price, options_values_price_text, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int) $order_id . "' and orders_products_id = '" . (int) $orders_products['orders_products_id'] . "'");
if (xos_db_num_rows($attributes_query)) {
while ($attributes = xos_db_fetch_array($attributes_query)) {
$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price'], 'price_formated' => $attributes['options_values_price_text']);
$subindex++;
}
}
$this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';
$index++;
}
$totals_query = xos_db_query("select title, text, tax, class from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' order by sort_order, orders_total_id");
while ($totals = xos_db_fetch_array($totals_query)) {
$this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'tax' => $totals['tax'], 'class' => $totals['class']);
if ($totals['tax'] > -1 && ($totals['class'] == 'ot_shipping' || $totals['class'] == 'ot_loworderfee' || $totals['class'] == 'ot_cod_fee')) {
$this->info['tax_groups']["{$totals['tax']}"] = '1';
}
}
}
function check()
{
if (!isset($this->_check)) {
$check_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_ORDER_TOTAL_LOWORDERFEE_STATUS'");
$this->_check = xos_db_num_rows($check_query);
}
return $this->_check;
}
function xos_update_new_order_date()
{
global $smarty;
$new_order_date_query = xos_db_query("select last_modified from " . TABLE_CONFIGURATION . " where configuration_key = 'NEW_ORDER' and configuration_value = 'true' and now() > date_add(last_modified,interval " . UPDATE_INTERVAL_AFTER_NEW_ORDER . " day)");
if (xos_db_num_rows($new_order_date_query)) {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = 'false', last_modified = null where configuration_key = 'NEW_ORDER'");
$smarty->clearAllCache();
}
}
function canPerform($user_id, $user_name)
{
$check_query = xos_db_query("select id from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and user_name = '" . xos_db_input($user_name) . "' and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit " . (int) $this->attempts);
if (xos_db_num_rows($check_query) == $this->attempts) {
return false;
} else {
return true;
}
}
function canPerform($user_id, $user_name)
{
$check_query = xos_db_query("select date_added from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and (" . (!empty($user_id) ? "user_id = '" . (int) $user_id . "' or " : "") . " identifier = '" . xos_db_input($this->identifier) . "') and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit 1");
if (xos_db_num_rows($check_query)) {
return false;
} else {
return true;
}
}
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!$is_shop) {
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_DOWNLOAD) == 'overwrite_all')) {
$_SESSION['navigation']->remove_current_page();
if (!isset($_SESSION['customer_id'])) {
die;
}
// Check download.php was called with proper GET parameters
if (isset($_GET['order']) && !is_numeric($_GET['order']) || isset($_GET['id']) && !is_numeric($_GET['id'])) {
die;
}
// Check that order_id, customer_id and filename match
$downloads_query = xos_db_query("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd, " . TABLE_ORDERS_STATUS . " os where o.customers_id = '" . $_SESSION['customer_id'] . "' and o.orders_id = '" . (int) $_GET['order'] . "' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int) $_GET['id'] . "' and opd.orders_products_filename != '' and o.orders_status = os.orders_status_id and os.downloads_flag = '1' and os.language_id = '" . (int) $_SESSION['languages_id'] . "'");
if (!xos_db_num_rows($downloads_query)) {
die;
}
$downloads = xos_db_fetch_array($downloads_query);
// MySQL 3.22 does not have INTERVAL
list($dt_year, $dt_month, $dt_day) = explode('-', $downloads['date_purchased_day']);
$download_timestamp = mktime(23, 59, 59, $dt_month, $dt_day + $downloads['download_maxdays'], $dt_year);
// Die if time expired (maxdays = 0 means no time limit)
if ($downloads['download_maxdays'] != 0 && $download_timestamp <= time()) {
die;
}
// Die if remaining count is <=0
if ($downloads['download_count'] <= 0) {
die;
}
// Die if file is not there
$smarty_cache_control->clearCache(null, 'L3|cc_product_info');
xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string));
}
break;
case 'update_value':
$value_name_array = $_POST['value_name'];
$value_id = xos_db_prepare_input($_POST['value_id']);
$option_id = xos_db_prepare_input($_POST['option_id']);
$actual_option_value_array = xos_db_prepare_input($_POST['actual_value_name']);
$products_options_value_error = array();
$error_options_value = false;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if (mb_strtolower($actual_option_value_array[$languages[$i]['id']], 'UTF-8') != mb_strtolower($value_name_array[$languages[$i]['id']], 'UTF-8') || $value_name_array[$languages[$i]['id']] == '') {
$check_query = xos_db_query("select products_options_name from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $languages[$i]['id'] . "' and products_options_name = '" . xos_db_input(htmlspecialchars($option_name_array[$languages[$i]['id']])) . "'");
$check_query = xos_db_query("select pov.products_options_values_name from " . TABLE_PRODUCTS_OPTIONS_VALUES . " pov, " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " pov2po where pov2po.products_options_id = '" . $option_id . "' and pov2po.products_options_values_id = pov.products_options_values_id and pov.products_options_values_name = '" . xos_db_input(htmlspecialchars($value_name_array[$languages[$i]['id']])) . "' and pov.language_id = '" . (int) $languages[$i]['id'] . "'");
if (xos_db_num_rows($check_query) || $value_name_array[$languages[$i]['id']] == '') {
$error_options_value = true;
$products_options_value_error[$languages[$i]['id']] = $value_name_array[$languages[$i]['id']];
}
}
}
if ($error_options_value) {
$products_options_value_error_array = urlencode(serialize($products_options_value_error));
$products_options_value_array = urlencode(serialize($value_name_array));
xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&action=update_option_value&option_id=' . $option_id . '&value_id=' . $value_id . '&options_value=' . $products_options_value_array . '&options_value_error=' . $products_options_value_error_array . '&' . $parameter_string));
} else {
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$value_name = xos_db_prepare_input(htmlspecialchars($value_name_array[$languages[$i]['id']]));
xos_db_query("update " . TABLE_PRODUCTS_OPTIONS_VALUES . " set products_options_values_name = '" . xos_db_input($value_name) . "' where products_options_values_id = '" . xos_db_input($value_id) . "' and language_id = '" . (int) $languages[$i]['id'] . "'");
}
$smarty_cache_control->clearCache(null, 'L3|cc_product_info');
return $output_string;
}
$add_header = '<script type="text/javascript" src="' . DIR_WS_CATALOG . DIR_WS_IMAGES . 'catalog/templates/' . SELECTED_TPL . '/' . $_SESSION['language'] . '/jquery.ui.datepicker-language.min.js"></script>' . "\n" . '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n\n" . '$(function() {' . "\n" . ' $( "#id_dfrom" ).datepicker({' . "\n" . ' changeMonth: true,' . "\n" . ' changeYear: true' . "\n" . ' });' . "\n\n" . ' $( "#id_dto" ).datepicker({' . "\n" . ' changeMonth: true,' . "\n" . ' changeYear: true' . "\n" . ' });' . "\n\n" . '});' . "\n\n" . 'function UpdateManufacturers() {' . "\n" . ' var NumManufacturers = document.advanced_search_and_results._m.options.length;' . "\n" . ' var PostNumManufacturers = "";' . "\n" . ' var SelectedManufacturer = "";' . "\n" . ' var SelectedCategory = "";' . "\n\n" . ' SelectedManufacturer = document.advanced_search_and_results._m.options[document.advanced_search_and_results._m.selectedIndex].value;' . "\n" . ' SelectedCategory = document.advanced_search_and_results.copid.options[document.advanced_search_and_results.copid.selectedIndex].value;' . "\n\n" . ' while(NumManufacturers > 0) {' . "\n" . ' NumManufacturers--;' . "\n" . ' document.advanced_search_and_results._m.options[NumManufacturers] = null;' . "\n" . ' }' . "\n\n" . xos_js_manufacturers_list('SelectedCategory', 'advanced_search_and_results', '_m') . "\n\n" . ' PostNumManufacturers = document.advanced_search_and_results._m.options.length;' . "\n\n" . ' while(PostNumManufacturers > 0) {' . "\n" . ' PostNumManufacturers--;' . "\n" . ' if (document.advanced_search_and_results._m.options[PostNumManufacturers].value == SelectedManufacturer)' . "\n" . ' document.advanced_search_and_results._m.options[PostNumManufacturers].selected = true;' . "\n" . ' }' . "\n\n" . '}' . "\n\n" . 'function SetFocus(TargetFormName) {' . "\n" . ' var target = 0;' . "\n" . ' if (TargetFormName != "") {' . "\n" . ' for (i=0; i<document.forms.length; i++) {' . "\n" . ' if (document.forms[i].name == TargetFormName) {' . "\n" . ' target = i;' . "\n" . ' break;' . "\n" . ' }' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' var TargetForm = document.forms[target];' . "\n\n" . ' for (i=0; i<TargetForm.length; i++) {' . "\n" . ' if ( (TargetForm.elements[i].type != "image") && (TargetForm.elements[i].type != "hidden") && (TargetForm.elements[i].type != "reset") && (TargetForm.elements[i].type != "submit") ) {' . "\n" . ' TargetForm.elements[i].focus();' . "\n\n" . ' if ( (TargetForm.elements[i].type == "text") || (TargetForm.elements[i].type == "password") ) {' . "\n" . ' TargetForm.elements[i].select();' . "\n" . ' }' . "\n\n" . ' break;' . "\n" . ' }' . "\n" . ' }' . "\n" . '}' . "\n\n" . 'function RemoveFormatString(TargetElement, FormatString) {' . "\n" . ' if (TargetElement.value == FormatString) {' . "\n" . ' TargetElement.value = "";' . "\n" . ' }' . "\n\n" . ' TargetElement.select();' . "\n" . '}' . "\n\n" . 'function IsValidDate(DateToCheck, FormatString, RemoveFormat) {' . "\n" . ' var strDateToCheck;' . "\n" . ' var strDateToCheckArray;' . "\n" . ' var strFormatArray;' . "\n" . ' var strFormatString;' . "\n" . ' var strDay;' . "\n" . ' var strMonth;' . "\n" . ' var strYear;' . "\n" . ' var intday;' . "\n" . ' var intMonth;' . "\n" . ' var intYear;' . "\n" . ' var intDateSeparatorIdx = -1;' . "\n" . ' var intFormatSeparatorIdx = -1;' . "\n" . ' var strSeparatorArray = new Array("-"," ","/",".");' . "\n" . ' var strMonthArray = new Array("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");' . "\n" . ' var intDaysArray = new Array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);' . "\n\n" . ' strDateToCheck = DateToCheck.toLowerCase();' . "\n" . ' strFormatString = FormatString.toLowerCase();' . "\n\n" . ' if (strDateToCheck.length != strFormatString.length) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' for (i=0; i<strSeparatorArray.length; i++) {' . "\n" . ' if (strFormatString.indexOf(strSeparatorArray[i]) != -1) {' . "\n" . ' intFormatSeparatorIdx = i;' . "\n" . ' break;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' for (i=0; i<strSeparatorArray.length; i++) {' . "\n" . ' if (strDateToCheck.indexOf(strSeparatorArray[i]) != -1) {' . "\n" . ' intDateSeparatorIdx = i;' . "\n" . ' break;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (intDateSeparatorIdx != intFormatSeparatorIdx) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' if (intDateSeparatorIdx != -1) {' . "\n" . ' strFormatArray = strFormatString.split(strSeparatorArray[intFormatSeparatorIdx]);' . "\n" . ' if (strFormatArray.length != 3) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' strDateToCheckArray = strDateToCheck.split(strSeparatorArray[intDateSeparatorIdx]);' . "\n" . ' if (strDateToCheckArray.length != 3) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' for (i=0; i<strFormatArray.length; i++) {' . "\n" . ' if (strFormatArray[i] == "mm" || strFormatArray[i] == "mmm") {' . "\n" . ' strMonth = strDateToCheckArray[i];' . "\n" . ' }' . "\n\n" . ' if (strFormatArray[i] == "dd") {' . "\n" . ' strDay = strDateToCheckArray[i];' . "\n" . ' }' . "\n\n" . ' if (strFormatArray[i] == "yyyy") {' . "\n" . ' strYear = strDateToCheckArray[i];' . "\n" . ' }' . "\n" . ' }' . "\n" . ' } else {' . "\n" . ' if (FormatString.length > 7) {' . "\n" . ' if (strFormatString.indexOf("mmm") == -1) {' . "\n" . ' strMonth = strDateToCheck.substring(strFormatString.indexOf("mm"), 2);' . "\n" . ' } else {' . "\n" . ' strMonth = strDateToCheck.substring(strFormatString.indexOf("mmm"), 3);' . "\n" . ' }' . "\n\n" . ' strDay = strDateToCheck.substring(strFormatString.indexOf("dd"), 2);' . "\n" . ' strYear = strDateToCheck.substring(strFormatString.indexOf("yyyy"), 2);' . "\n" . ' } else {' . "\n" . ' return false;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (RemoveFormat == true) {' . "\n" . ' return strYear + strMonth + strDay;' . "\n" . ' }' . "\n\n" . ' if (strYear.length != 4) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' intday = parseInt(strDay, 10);' . "\n" . ' if (isNaN(intday)) {' . "\n" . ' return false;' . "\n" . ' }' . "\n" . ' if (intday < 1) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' intMonth = parseInt(strMonth, 10);' . "\n" . ' if (isNaN(intMonth)) {' . "\n" . ' for (i=0; i<strMonthArray.length; i++) {' . "\n" . ' if (strMonth == strMonthArray[i]) {' . "\n" . ' intMonth = i+1;' . "\n" . ' break;' . "\n" . ' }' . "\n" . ' }' . "\n" . ' if (isNaN(intMonth)) {' . "\n" . ' return false;' . "\n" . ' }' . "\n" . ' }' . "\n" . ' if (intMonth > 12 || intMonth < 1) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' intYear = parseInt(strYear, 10);' . "\n" . ' if (isNaN(intYear)) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' if (IsLeapYear(intYear) == true) {' . "\n" . ' intDaysArray[1] = 29;' . "\n" . ' }' . "\n\n" . ' if (intday > intDaysArray[intMonth - 1]) {' . "\n" . ' return false;' . "\n" . ' }' . "\n\n" . ' return true;' . "\n" . '}' . "\n\n" . 'function IsLeapYear(intYear) {' . "\n" . ' if (intYear % 100 == 0) {' . "\n" . ' if (intYear % 400 == 0) {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . ' } else {' . "\n" . ' if ((intYear % 4) == 0) {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' return false;' . "\n" . '}' . "\n\n" . 'function check_form() {' . "\n" . ' var error_message = "' . JS_ERROR . '";' . "\n" . ' var error_found = false;' . "\n" . ' var error_field;' . "\n" . ' var keywords = document.advanced_search_and_results.keywords.value;' . "\n" . ' var dfrom = document.advanced_search_and_results.dfrom.value;' . "\n" . ' var dto = document.advanced_search_and_results.dto.value;' . "\n" . ' var pfrom = document.advanced_search_and_results.pfrom.value;' . "\n" . ' var pto = document.advanced_search_and_results.pto.value;' . "\n" . ' var pfrom_float;' . "\n" . ' var pto_float;' . "\n\n" . ' String.prototype.trim = function () {' . "\n" . ' return (this.replace(/\\s+$/,"").replace(/^\\s+/,""));' . "\n" . ' };' . "\n\n" . ' if ( ((keywords == "") || (keywords.trim().length < 1)) && ((dfrom == "") || (dfrom == "' . AS_FORMAT_STRING . '") || (dfrom.length < 1)) && ((dto == "") || (dto == "' . AS_FORMAT_STRING . '") || (dto.length < 1)) && ((pfrom == "") || (pfrom.length < 1)) && ((pto == "") || (pto.length < 1)) ) {' . "\n" . ' error_message = error_message + "* ' . ERROR_AT_LEAST_ONE_INPUT . '\\n";' . "\n" . ' error_field = document.advanced_search_and_results.keywords;' . "\n" . ' error_found = true;' . "\n" . ' }' . "\n\n" . ' if ((dfrom.length > 0) && (dfrom != "' . AS_FORMAT_STRING . '")) {' . "\n" . ' if (!IsValidDate(dfrom, "' . AS_FORMAT_STRING_JS . '")) {' . "\n" . ' error_message = error_message + "* ' . ERROR_INVALID_FROM_DATE . '\\n";' . "\n" . ' error_field = document.advanced_search_and_results.dfrom;' . "\n" . ' error_found = true;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if ((dto.length > 0) && (dto != "' . AS_FORMAT_STRING . '")) {' . "\n" . ' if (!IsValidDate(dto, "' . AS_FORMAT_STRING_JS . '")) {' . "\n" . ' error_message = error_message + "* ' . ERROR_INVALID_TO_DATE . '\\n";' . "\n" . ' error_field = document.advanced_search_and_results.dto;' . "\n" . ' error_found = true;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if ((dfrom.length > 0) && (dfrom != "' . AS_FORMAT_STRING . '") && (IsValidDate(dfrom, "' . AS_FORMAT_STRING_JS . '")) && (dto.length > 0) && (dto != "' . AS_FORMAT_STRING . '") && (IsValidDate(dto, "' . AS_FORMAT_STRING_JS . '"))) {' . "\n" . ' if (IsValidDate(dfrom, "' . AS_FORMAT_STRING_JS . '", true) > IsValidDate(dto, "' . AS_FORMAT_STRING_JS . '", true)) {' . "\n" . ' error_message = error_message + "* ' . ERROR_TO_DATE_LESS_THAN_FROM_DATE . '\\n";' . "\n" . ' error_field = document.advanced_search_and_results.dto;' . "\n" . ' error_found = true;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (pfrom.length > 0) {' . "\n" . ' pfrom_float = parseFloat(pfrom);' . "\n" . ' if (isNaN(pfrom_float)) {' . "\n" . ' error_message = error_message + "* ' . ERROR_PRICE_FROM_MUST_BE_NUM . '\\n";' . "\n" . ' error_field = document.advanced_search_and_results.pfrom;' . "\n" . ' error_found = true;' . "\n" . ' }' . "\n" . ' } else {' . "\n" . ' pfrom_float = 0;' . "\n" . ' }' . "\n\n" . ' if (pto.length > 0) {' . "\n" . ' pto_float = parseFloat(pto);' . "\n" . ' if (isNaN(pto_float)) {' . "\n" . ' error_message = error_message + "* ' . ERROR_PRICE_TO_MUST_BE_NUM . '\\n";' . "\n" . ' error_field = document.advanced_search_and_results.pto;' . "\n" . ' error_found = true;' . "\n" . ' }' . "\n" . ' } else {' . "\n" . ' pto_float = 0;' . "\n" . ' }' . "\n\n" . ' if ( (pfrom.length > 0) && (pto.length > 0) ) {' . "\n" . ' if ( (!isNaN(pfrom_float)) && (!isNaN(pto_float)) && (pto_float <= pfrom_float) ) {' . "\n" . ' error_message = error_message + "* ' . ERROR_PRICE_TO_LESS_THAN_PRICE_FROM . '\\n";' . "\n" . ' error_field = document.advanced_search_and_results.pto;' . "\n" . ' error_found = true;' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (error_found == true) {' . "\n" . ' alert(error_message);' . "\n" . ' error_field.focus();' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' $( "#id_dfrom, #id_dto" ).datepicker( "destroy" );' . "\n" . ' RemoveFormatString(document.advanced_search_and_results.dfrom, "' . AS_FORMAT_STRING . '");' . "\n" . ' RemoveFormatString(document.advanced_search_and_results.dto, "' . AS_FORMAT_STRING . '");' . "\n" . ' $( "#id_dfrom, #id_dto" ).blur();' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
$search_in_description = $_GET['sid'];
if ($messageStack->size('search') > 0) {
$smarty->assign('message_stack', $messageStack->output('search'));
$smarty->assign('message_stack_error', $messageStack->output('search', 'error'));
$smarty->assign('message_stack_warning', $messageStack->output('search', 'warning'));
$smarty->assign('message_stack_success', $messageStack->output('search', 'success'));
}
$popup_status_query = xos_db_query("select status from " . TABLE_CONTENTS . " where type = 'system_popup' and status = '1' and content_id = '9' LIMIT 1");
$smarty->assign(array('form_begin' => xos_draw_form('advanced_search_and_results', xos_href_link(FILENAME_ADVANCED_SEARCH_AND_RESULTS, '', 'NONSSL', false), 'post', 'onsubmit="return check_form(this);"'), 'hide_session_id' => xos_hide_session_id(), 'input_field_keywords' => xos_draw_input_field('keywords', stripslashes($_GET['keywords']), 'class="form-control" id="keywords"'), 'checkbox_search_in_description' => xos_draw_checkbox_field('sid', '1', $action && !isset($_GET['sid']) ? false : true, 'id="search_in_description"'), 'link_filename_advanced_search_and_results' => xos_href_link(FILENAME_ADVANCED_SEARCH_AND_RESULTS), 'link_filename_popup_content_9' => xos_db_num_rows($popup_status_query) ? xos_href_link(FILENAME_POPUP_CONTENT, 'co=9', $request_type) : '', 'categories_pull_down_menu' => xos_draw_pull_down_menu('copid', $categories_array, $_GET['copid'], 'class="form-control" id="categories_or_pages_id" onchange="UpdateManufacturers();"'), 'manufacturers_pull_down_menu' => xos_draw_pull_down_menu('_m', xos_get_manufacturers(array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS))), $_GET['_m'], 'class="form-control" id="manufacturers_id"'), 'input_field_pfrom' => xos_draw_input_field('pfrom', $_GET['pfrom'], 'class="form-control" id="pfrom"'), 'input_field_pto' => xos_draw_input_field('pto', $_GET['pto'], 'class="form-control" id="pto"'), 'input_field_dfrom' => xos_draw_input_field('dfrom', $_GET['dfrom'] ? $_GET['dfrom'] : AS_FORMAT_STRING, 'class="form-control" id="id_dfrom"'), 'input_field_dto' => xos_draw_input_field('dto', $_GET['dto'] ? $_GET['dto'] : AS_FORMAT_STRING, 'class="form-control" id="id_dto"'), 'body_tag_params' => 'onload="UpdateManufacturers();"', 'form_end' => '</form>'));
///////////////////////////////////////////////////////////
if ($action && !$error) {
is_numeric($_GET['mdsr']) && $_GET['mdsr'] >= 1 ? $_SESSION['mdsr'] = (int) $_GET['mdsr'] : '';
if ($_GET['srv'] == 'list') {
$_SESSION['srv'] = 'list';
} elseif ($_GET['srv'] == 'grid') {
$_SESSION['srv'] = 'grid';
}
if (PRODUCT_LISTS_FOR_SEARCH_RESULTS == 'B' && $_SESSION['srv'] != 'list' || $_SESSION['srv'] == 'grid') {
$product_list_b = true;
// create column list
$define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_B_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_B_NAME, 'PRODUCT_LIST_INFO' => PRODUCT_LIST_B_INFO, 'PRODUCT_LIST_PACKING_UNIT' => PRODUCT_LIST_B_PACKING_UNIT, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_B_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_B_PRICE, 'PRODUCT_LIST_QUANTITY' => STOCK_CHECK == 'true' ? PRODUCT_LIST_B_QUANTITY : '', 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_B_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_B_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_B_BUY_NOW);
} else {
$product_list_b = false;
// create column list
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_OFFLINE) == 'overwrite_all')) {
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
$_SESSION['navigation']->remove_current_page();
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$email_address = xos_db_prepare_input($_POST['email_address']);
$password = xos_db_prepare_input($_POST['password']);
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$error = true;
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
// Check that password is good
if (!xos_validate_password($password, $check_admin['login_password'])) {
$error = true;
} else {
$_SESSION['access_allowed'] = true;
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
}
}
}
if ($error == true) {
unset($_SESSION['access_allowed']);
$messageStack->add('offline', TEXT_OFFLINE_ERROR);
//------------------------------------------------------------------------------
// this file is based on:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: manufacturer_info.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/boxes/manufacturer_info.php') == 'overwrite_all')) {
if (CACHE_LEVEL > 2 && (isset($_COOKIE[session_name()]) && !isset($_GET[session_name()]) || SESSION_FORCE_COOKIE_USE == 'true')) {
$smarty->caching = 1;
$cache_id = 'L3|box_manufacturer_info|' . $_SESSION['language'] . '-' . $_GET['lnc'] . '-' . $_GET[session_name()] . '-' . $session_started . '-' . SELECTED_TPL . '-' . $_SESSION['currency'] . '-' . $_GET['p'];
}
if (!$smarty->isCached(SELECTED_TPL . '/includes/boxes/manufacturers_info.tpl', $cache_id)) {
$manufacturer_query = xos_db_query("select m.manufacturers_id, m.manufacturers_image, mi.manufacturers_name, mi.manufacturers_url from " . TABLE_MANUFACTURERS . " m left join " . TABLE_MANUFACTURERS_INFO . " mi on (m.manufacturers_id = mi.manufacturers_id and mi.languages_id = '" . (int) $_SESSION['languages_id'] . "'), " . TABLE_PRODUCTS . " p where p.products_id = '" . (int) $_GET['p'] . "' and p.manufacturers_id = m.manufacturers_id");
if (xos_db_num_rows($manufacturer_query)) {
$manufacturer = xos_db_fetch_array($manufacturer_query);
if (xos_not_null($manufacturer['manufacturers_image'])) {
$smarty->assign('box_manufacturer_info_manufacturer_image', xos_image(DIR_WS_IMAGES . 'manufacturers/' . rawurlencode($manufacturer['manufacturers_image']), $manufacturer['manufacturers_name']));
}
if (xos_not_null($manufacturer['manufacturers_url'])) {
$smarty->assign(array('box_manufacturer_info_link_to_the_manufacturer' => xos_href_link(FILENAME_REDIRECT, 'action=manufacturer&m=' . $manufacturer['manufacturers_id']), 'box_manufacturer_info_manufacturer_name' => $manufacturer['manufacturers_name']));
}
$smarty->assign(array('box_manufacturer_info_has_content' => true, 'box_manufacturer_info_link_filename_default' => xos_href_link(FILENAME_DEFAULT, 'm=' . $manufacturer['manufacturers_id'])));
}
}
$output_manufacturer_info = $smarty->fetch(SELECTED_TPL . '/includes/boxes/manufacturers_info.tpl', $cache_id);
$smarty->caching = 0;
$smarty->assign('box_manufacturer_info', $output_manufacturer_info);
}
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_STATS_CUSTOMERS) == 'overwrite_all')) {
require DIR_WS_CLASSES . 'currencies.php';
$currencies = new currencies();
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if (isset($_GET['page']) && $_GET['page'] > 1) {
$rows = $_GET['page'] * MAX_DISPLAY_RESULTS - MAX_DISPLAY_RESULTS;
}
$customers_query_raw = "select c.customers_firstname, c.customers_lastname, sum(ot.value / o.currency_value) as ordersum from " . TABLE_CUSTOMERS . " c, " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id) where c.customers_id = o.customers_id and ot.class = 'ot_total' group by c.customers_id order by ordersum DESC";
$customers_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $customers_query_raw, $customers_query_numrows, 'c.customers_id');
// fix counted customers
$customers_query_numrows = xos_db_query("select customers_id from " . TABLE_ORDERS . " group by customers_id");
$customers_query_numrows = xos_db_num_rows($customers_query_numrows);
$rows = 0;
$customers_query = xos_db_query($customers_query_raw);
$customers_array = array();
while ($customers = xos_db_fetch_array($customers_query)) {
$rows++;
if (strlen($rows) < 2) {
$rows = '0' . $rows;
}
$customers_array[] = array('link_filename_customers' => xos_href_link(FILENAME_CUSTOMERS, 'search=' . $customers['customers_lastname']), 'rows' => $rows, 'firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'ordersum' => $currencies->format($customers['ordersum']));
}
$smarty->assign(array('customers' => $customers_array, 'nav_bar_number' => $customers_split->display_count($customers_query_numrows, MAX_DISPLAY_RESULTS, $_GET['page'], TEXT_DISPLAY_NUMBER_OF_CUSTOMERS), 'nav_bar_result' => $customers_split->display_links($customers_query_numrows, MAX_DISPLAY_RESULTS, MAX_DISPLAY_PAGE_LINKS, $_GET['page'])));
$smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'stats_customers');
$output_stats_customers = $smarty->fetch(ADMIN_TPL . '/stats_customers.tpl');
$smarty->assign('central_contents', $output_stats_customers);
$smarty->display(ADMIN_TPL . '/frame.tpl');
$new_country_id = LAST_COUNTRY_ID + 1;
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . (int) $new_country_id . "', last_modified = now() where configuration_key = 'LAST_COUNTRY_ID'");
xos_db_query("insert into " . TABLE_COUNTRIES . " (countries_id, countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id) values ('" . (int) $new_country_id . "', '" . xos_db_input($countries_name) . "', '" . xos_db_input($countries_iso_code_2) . "', '" . xos_db_input($countries_iso_code_3) . "', '" . (int) $address_format_id . "')");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $new_country_id));
break;
case 'save':
$countries_id = xos_db_prepare_input($_GET['cID']);
$countries_name = xos_db_prepare_input($_POST['countries_name']);
$actual_countries_name = xos_db_prepare_input($_POST['actual_countries_name']);
$countries_iso_code_2 = xos_db_prepare_input($_POST['countries_iso_code_2']);
$countries_iso_code_3 = xos_db_prepare_input($_POST['countries_iso_code_3']);
$address_format_id = xos_db_prepare_input($_POST['address_format_id']);
if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) {
$check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'");
if (xos_db_num_rows($check_query) || $countries_name == '') {
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name));
}
}
xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'deleteconfirm':
$countries_id = xos_db_prepare_input($_GET['cID']);
xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'");
xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
break;
}
$messageStack->add('checkout_address', ENTRY_POST_CODE_ERROR);
$smarty->assign('post_code_error', true);
}
if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
$error = true;
$messageStack->add('checkout_address', ENTRY_CITY_ERROR);
$smarty->assign('city_error', true);
}
if (ACCOUNT_STATE == 'true') {
$zone_id = 0;
$check_query = xos_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'");
$check = xos_db_fetch_array($check_query);
$entry_state_has_zones = $check['total'] > 0;
if ($entry_state_has_zones == true) {
$zone_query = xos_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_name = '" . xos_db_input($state) . "'");
if (xos_db_num_rows($zone_query) == 1) {
$zone = xos_db_fetch_array($zone_query);
$zone_id = $zone['zone_id'];
} else {
$error = true;
$messageStack->add('checkout_address', ENTRY_STATE_ERROR_SELECT);
$smarty->assign('state_error', true);
}
} else {
if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
$error = true;
$messageStack->add('checkout_address', ENTRY_STATE_ERROR);
$smarty->assign('state_error', true);
}
}
}
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: manufacturers.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/boxes/manufacturers.php') == 'overwrite_all')) {
$manufacturers_query = xos_db_query("select distinct mi.manufacturers_id, mi.manufacturers_name from " . TABLE_MANUFACTURERS_INFO . " mi left join " . TABLE_PRODUCTS . " p on mi.manufacturers_id = p.manufacturers_id left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id = p2c.products_id left join " . TABLE_CATEGORIES_OR_PAGES . " c on p2c.categories_or_pages_id = c.categories_or_pages_id where c.categories_or_pages_status = '1' and p.products_status = '1' and mi.languages_id = '" . (int) $_SESSION['languages_id'] . "' order by mi.manufacturers_name");
if ($number_of_rows = xos_db_num_rows($manufacturers_query)) {
$manufacturers_content = '';
$manufacturers_content_noscript = '';
$manufacturers_array = array();
if (MAX_MANUFACTURERS_LIST < 2) {
$manufacturers_array[] = array('id' => '', 'text' => PULL_DOWN_DEFAULT);
}
while ($manufacturers = xos_db_fetch_array($manufacturers_query)) {
$manufacturers_name = strlen($manufacturers['manufacturers_name']) > MAX_DISPLAY_MANUFACTURER_NAME_LEN ? (function_exists('mb_substr') ? mb_substr($manufacturers['manufacturers_name'], 0, MAX_DISPLAY_MANUFACTURER_NAME_LEN, 'UTF-8') : substr($manufacturers['manufacturers_name'], 0, MAX_DISPLAY_MANUFACTURER_NAME_LEN)) . '..' : $manufacturers['manufacturers_name'];
$manufacturers_array[] = array('id' => xos_href_link(FILENAME_DEFAULT, 'm=' . $manufacturers['manufacturers_id']), 'text' => $manufacturers_name);
if (isset($_GET['m']) && $_GET['m'] == $manufacturers['manufacturers_id']) {
$manufacturers_name = '<b>' . $manufacturers_name . '</b>';
}
$manufacturers_content_noscript .= '<a href="' . xos_href_link(FILENAME_DEFAULT, 'm=' . $manufacturers['manufacturers_id']) . '">' . $manufacturers_name . '</a><br />';
}
$manufacturers_content_noscript = substr($manufacturers_content_noscript, 0, -6);
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: also_purchased_products.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/modules/also_purchased_products.php') == 'overwrite_all')) {
if (isset($_GET['p'])) {
$orders_query = xos_db_query("select p.products_id, p.products_image, pd.products_name, pd.products_info, p.products_tax_class_id, p.products_price from " . TABLE_ORDERS_PRODUCTS . " opa, " . TABLE_ORDERS_PRODUCTS . " opb, " . TABLE_ORDERS . " o, " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and opa.products_id = '" . (int) $_GET['p'] . "' and opa.orders_id = opb.orders_id and opb.products_id != '" . (int) $_GET['p'] . "' and opb.products_id = p.products_id and opb.orders_id = o.orders_id and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_status = '1' group by p.products_id order by o.date_purchased desc limit " . MAX_DISPLAY_ALSO_PURCHASED);
$num_products_ordered = xos_db_num_rows($orders_query);
if ($num_products_ordered >= MIN_DISPLAY_ALSO_PURCHASED) {
$also_purchased_products_array = array();
while ($orders = xos_db_fetch_array($orders_query)) {
$products_prices = xos_get_product_prices($orders['products_price']);
$products_tax_rate = xos_get_tax_rate($orders['products_tax_class_id']);
$orders_price_breaks_array = array();
if (isset($products_prices[$customer_group_id][0])) {
$orders_product_price = $currencies->display_price($products_prices[$customer_group_id][0]['regular'], $products_tax_rate);
$products_prices[$customer_group_id]['special_status'] == 1 && $products_prices[$customer_group_id][0]['special'] > 0 ? $orders_product_price_special = $currencies->display_price($products_prices[$customer_group_id][0]['special'], $products_tax_rate) : ($orders_product_price_special = '');
$sizeof = count($products_prices[$customer_group_id]);
/*
if ($sizeof > 2) {
$array_keys = array_keys($products_prices[$customer_group_id]);
for ($count=2, $n=$sizeof; $count<$n; $count++) {
$qty = $array_keys[$count];
// or (at your option) any later version.
//
// XOS-Shop is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: counter.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
$counter_query = xos_db_query("select startdate, counter from " . TABLE_COUNTER);
if (!xos_db_num_rows($counter_query)) {
$date_now = date('Ymd');
xos_db_query("insert into " . TABLE_COUNTER . " (startdate, counter) values ('" . $date_now . "', '1')");
$counter_startdate = $date_now;
$counter_now = 1;
} else {
$counter = xos_db_fetch_array($counter_query);
$counter_startdate = $counter['startdate'];
$counter_now = $counter['counter'] + 1;
xos_db_query("update " . TABLE_COUNTER . " set counter = '" . $counter_now . "'");
}
$counter_startdate_formatted = xos_date_format(DATE_FORMAT_LONG, mktime(0, 0, 0, substr($counter_startdate, 4, 2), substr($counter_startdate, -2), substr($counter_startdate, 0, 4)));
$product_image = xos_get_product_images($product['products_image']);
// first lets take care of the DB update.
if ($_POST) {
foreach ($_POST as $key_a => $value_a) {
xos_db_connect();
$query = "UPDATE " . TABLE_PRODUCTS_XSELL . " SET sort_order = '" . $value_a . "' WHERE products_id ='" . $product['products_id'] . "' and xsell_id= '{$key_a}' ";
if ($value_a != 'Update') {
if (!xos_db_query($query)) {
exit('Could not UPDATE DB');
}
}
}
$smarty_cache_control->clearCache(null, 'L3|cc_product_info');
}
$cross_query = xos_db_query("select xsell_id, sort_order from " . TABLE_PRODUCTS_XSELL . " WHERE products_id = '" . $_GET['add_related_product_ID'] . "' ORDER BY sort_order");
$ordering_size = xos_db_num_rows($cross_query);
$cross_products_array = array();
while ($cross = xos_db_fetch_array($cross_query)) {
$cross_products_query = xos_db_query("select a.products_id, a.products_status, b.products_name, a.products_model, a.products_image from " . TABLE_PRODUCTS . " a, " . TABLE_PRODUCTS_DESCRIPTION . " b where b.products_id = a.products_id and b.language_id = '" . (int) $_SESSION['used_lng_id'] . "' and a.products_id = " . $cross['xsell_id'] . "");
$cross_products = xos_db_fetch_array($cross_products_query);
$select = '<select name="' . $cross_products['products_id'] . '">';
for ($y = 1; $y <= $ordering_size; $y++) {
$select .= '<option value="' . $y . '"';
if (!strcmp($y, $cross['sort_order'])) {
$select .= ' selected="selected"';
}
$select .= '>' . $y . '</option>';
}
$select .= '</select>';
if ($cross_products['products_status'] == '1') {
$products_status_image = xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_green.gif', ICON_TITLE_STATUS_GREEN);
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$whos_online_query = xos_db_query("select customer_id, full_name, ip_address, time_entry, time_last_click, last_page_url, session_id from " . TABLE_WHOS_ONLINE);
$whos_online_array = array();
while ($whos_online = xos_db_fetch_array($whos_online_query)) {
$time_online = time() - $whos_online['time_entry'];
if ((!isset($_GET['info']) || isset($_GET['info']) && $_GET['info'] == $whos_online['session_id'] . $whos_online['ip_address']) && !isset($info)) {
$info = $whos_online['session_id'] . $whos_online['ip_address'];
}
$selected = false;
if ($whos_online['session_id'] . $whos_online['ip_address'] == $info) {
$info = $whos_online['session_id'];
$selected = true;
}
$last_page_url = '';
if (preg_match('/^(.*)XOSsid[=|\\/]+[a-z,0-9]+[&|\\/]?(.*)/i', $whos_online['last_page_url'], $array)) {
$last_page_url = $array[1] . $array[2];
} else {
$last_page_url = $whos_online['last_page_url'];
}
$whos_online_array[] = array('selected' => $selected, 'link_filename_whos_online' => xos_href_link(FILENAME_WHOS_ONLINE, xos_get_all_get_params(array('info', 'action')) . 'info=' . $whos_online['session_id'] . $whos_online['ip_address']), 'time_online' => gmdate('H:i:s', $time_online), 'customer_id' => $whos_online['customer_id'], 'full_name' => $whos_online['full_name'], 'ip_address' => $whos_online['ip_address'], 'time_entry' => date('H:i:s', $whos_online['time_entry']), 'time_last_click' => date('H:i:s', $whos_online['time_last_click']), 'last_page_url' => strlen($last_page_url) > 50 ? "<abbr title=\"" . htmlspecialchars($last_page_url) . "\">" . substr(htmlspecialchars($last_page_url), 0, 50) . " </abbr>" : htmlspecialchars($last_page_url));
}
$smarty->assign(array('whos_online' => $whos_online_array, 'text_number_of_customers' => sprintf(TEXT_NUMBER_OF_CUSTOMERS, xos_db_num_rows($whos_online_query))));
require DIR_WS_BOXES . 'infobox_whos_online.php';
$smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'whos_online');
$output_whos_online = $smarty->fetch(ADMIN_TPL . '/whos_online.tpl');
$smarty->assign('central_contents', $output_whos_online);
$smarty->display(ADMIN_TPL . '/frame.tpl');
require DIR_WS_INCLUDES . 'application_bottom.php';
}
//------------------------------------------------------------------------------
// this file is based on:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: products_attributes.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/includes/modules/attributes_values.php') == 'overwrite_all')) {
if ($action == 'delete_option_value') {
// delete product option value
$values = xos_db_query("select products_options_values_id, products_options_values_name from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where products_options_values_id = '" . (int) $_GET['value_id'] . "' and language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
$values_values = xos_db_fetch_array($values);
$products = xos_db_query("select distinct p.products_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_ATTRIBUTES . " pa, " . TABLE_PRODUCTS_DESCRIPTION . " pd where pd.products_id = p.products_id and pd.language_id = '" . (int) $_SESSION['used_lng_id'] . "' and pa.products_id = p.products_id and pa.options_values_id='" . (int) $_GET['value_id'] . "' order by pd.products_name");
if (xos_db_num_rows($products)) {
$rows = 0;
$products_value = array();
while ($products_values = xos_db_fetch_array($products)) {
$rows++;
$products_value[] = array('id' => $products_values['products_id'], 'name' => $products_values['products_name']);
}
$smarty->assign(array('products_linked' => true, 'products' => $products_value, 'link_filename_products_attributes' => xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string)));
} else {
$smarty->assign(array('link_filename_products_attributes' => xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string), 'link_filename_products_attributes_delete' => xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'action=delete_value&value_id=' . $_GET['value_id'] . '&options_page=1&' . $parameter_string)));
}
$smarty->assign(array('delete_option_value' => true, 'products_options_values_name' => $values_values['products_options_values_name']));
} else {
$options_value_error_array = unserialize(stripslashes(urldecode($_GET['options_value_error'])));
$options_value_array = unserialize(stripslashes(urldecode($_GET['options_value'])));
$set_empty = false;
if (!$gv_email->send()) {
$mailer_error = true;
$messageStack->add_session('header', sprintf(ERROR_PHP_MAILER, $gv_email->ErrorInfo, $mail_sent_to), 'error');
} else {
// Now create the coupon email entry
xos_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $amount . "', now())");
$insert_id = xos_db_insert_id();
xos_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $mail_sent_to . "', now() )");
}
$_SESSION['used_lng_id'] = $used_lang_id;
} else {
$used_lang_id = $_SESSION['used_lng_id'];
while ($mail = xos_db_fetch_array($mail_query)) {
$id1 = create_coupon_code($mail['customers_email_address']);
$languages_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $mail['language_id'] . "'");
if (!xos_db_num_rows($languages_query)) {
$lang_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
$languages = xos_db_fetch_array($lang_query);
} else {
$languages = xos_db_fetch_array($languages_query);
}
$_SESSION['used_lng_id'] = $languages['languages_id'];
$currencies = new currencies();
if (EMAIL_USE_HTML == 'true') {
$smarty_gv_email->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => $languages['code'], 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG_IMAGES . 'email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . DEFAULT_TPL . '/') . EMAIL_SHOP_LOGO, 'gv_message' => $message, 'gv_id' => $id1, 'gv_amount' => $currencies->format($amount), 'link_shop' => xos_catalog_href_link(), 'link_gv_redeem' => xos_catalog_href_link(FILENAME_CATALOG_GV_REDEEM, 'gv_no=' . $id1, 'SSL')));
$smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_html');
$output_gv_email_html = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_html.tpl');
$smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_text');
$output_gv_email_text = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_text.tpl');
$gv_email->isHTML(true);
$gv_email->Body = $output_gv_email_html;
$order_totals_array = array();
for ($i = 0, $n = sizeof($order->totals); $i < $n; $i++) {
$order_totals_array[] = array('totals_title' => $order->totals[$i]['title'], 'totals_text' => $order->totals[$i]['text'], 'totals_tax' => $order->totals[$i]['class'] == 'ot_shipping' || $order->totals[$i]['class'] == 'ot_loworderfee' || $order->totals[$i]['class'] == 'ot_cod_fee' ? xos_display_tax_value($order->totals[$i]['tax']) : -1);
}
$statuses_query = xos_db_query("select os.orders_status_name, osh.date_added, osh.comments from " . TABLE_ORDERS_STATUS . " os, " . TABLE_ORDERS_STATUS_HISTORY . " osh where osh.orders_id = '" . (int) $_GET['order_id'] . "' and osh.orders_status_id = os.orders_status_id and os.language_id = '" . (int) $_SESSION['languages_id'] . "' and os.public_flag = '1' order by osh.date_added, osh.orders_status_history_id");
$statuses_array = array();
while ($statuses = xos_db_fetch_array($statuses_query)) {
$statuses_array[] = array('order_date_added' => xos_date_short($statuses['date_added']), 'order_status_name' => $statuses['orders_status_name'], 'order_comments' => empty($statuses['comments']) ? ' ' : nl2br(xos_output_string_protected($statuses['comments'])));
}
$back = sizeof($_SESSION['navigation']->path) - 2;
if (!empty($_SESSION['navigation']->path[$back])) {
$get_params_array = $_SESSION['navigation']->path[$back]['get'];
$get_params_array['rmp'] = '0';
$back_link = xos_href_link($_SESSION['navigation']->path[$back]['page'], xos_array_to_query_string($get_params_array, array('action', xos_session_name())), $_SESSION['navigation']->path[$back]['mode']);
} else {
$back_link = 'javascript:history.go(-1)';
}
$smarty->assign(array('order_id' => $_GET['order_id'], 'orders_status' => $order->info['orders_status'], 'date_purchased' => xos_date_long($order->info['date_purchased']), 'order_total' => $order->info['total'], 'order_products' => $order_products_array, 'billing_address' => xos_address_format($order->billing['format_id'], $order->billing, 1, ' ', '<br />'), 'payment_method' => $order->info['payment_method'], 'order_totals' => $order_totals_array, 'statuses' => $statuses_array, 'link_back' => $back_link));
$smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'account_history_info');
$language_directory_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where use_in_id > '1' and directory = '" . $order->info['language_directory'] . "'");
if (xos_db_num_rows($language_directory_query)) {
$smarty->configLoad('languages/' . $order->info['language_directory'] . '.conf', 'order_info');
}
if (DOWNLOAD_ENABLED == 'true') {
include DIR_WS_MODULES . 'downloads.php';
}
$output_account_history_info = $smarty->fetch(SELECTED_TPL . '/account_history_info.tpl');
$smarty->assign('central_contents', $output_account_history_info);
$smarty->display(SELECTED_TPL . '/frame.tpl');
require DIR_WS_INCLUDES . 'application_bottom.php';
}
$contents[] = array('text' => '<br />' . sprintf(TEXT_INFO_ZONES_NAME_ERROR, $_GET['error_name']) . '<br />');
}
}
$contents[] = array('text' => '<br />' . TEXT_INFO_ZONES_NAME . '<br />' . xos_draw_input_field('zone_name', isset($_GET['zone_name']) ? $_GET['zone_name'] : $cInfo->zone_name) . xos_draw_hidden_field('actual_zone_name', $cInfo->zone_name));
$contents[] = array('text' => '<br />' . TEXT_INFO_ZONES_CODE . '<br />' . xos_draw_input_field('zone_code', isset($_GET['zone_code']) ? $_GET['zone_code'] : $cInfo->zone_code));
if (!xos_db_num_rows($check_query) && STORE_ZONE != $cInfo->zone_id) {
$contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY_NAME . '<br />' . xos_draw_pull_down_menu('zone_country_id', xos_get_countries(), isset($_GET['zone_country_id']) ? $_GET['zone_country_id'] : $cInfo->countries_id, 'style="font-size:9px"') . xos_draw_hidden_field('actual_zone_country_id', $cInfo->countries_id));
} else {
$contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY_NAME . '<br /><b>' . $cInfo->countries_name . '</b>' . xos_draw_hidden_field('zone_country_id', $cInfo->countries_id) . xos_draw_hidden_field('actual_zone_country_id', $cInfo->countries_id));
}
$contents[] = array('text' => '<br /><a href="" onclick="zones.submit(); return false" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_UPDATE . ' "><span>' . BUTTON_TEXT_UPDATE . '</span></a><a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id) . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_CANCEL . ' "><span>' . BUTTON_TEXT_CANCEL . '</span></a><br /> ');
break;
case 'delete':
$check_query = xos_db_query("select ab.entry_zone_id, zgz.zone_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_ZONES_TO_GEO_ZONES . " zgz where ab.entry_zone_id = '" . (int) $cInfo->zone_id . "' or zgz.zone_id = '" . (int) $cInfo->zone_id . "' LIMIT 1");
$heading_title = '<b>' . TEXT_INFO_HEADING_DELETE_ZONE . '</b>';
if (!xos_db_num_rows($check_query) && STORE_ZONE != $cInfo->zone_id) {
$form_tag = xos_draw_form('zones', FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id . '&action=deleteconfirm');
$contents[] = array('text' => TEXT_INFO_DELETE_INTRO);
$contents[] = array('text' => '<br /><b>' . $cInfo->zone_name . '</b>');
$contents[] = array('text' => '<br /><a href="" onclick="zones.submit(); return false" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_DELETE . ' "><span>' . BUTTON_TEXT_DELETE . '</span></a><a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id) . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_CANCEL . ' "><span>' . BUTTON_TEXT_CANCEL . '</span></a><br /> ');
} else {
$contents[] = array('text' => TEXT_INFO_DELETE_NOT_ALLOWED . '<br /><br />');
$contents[] = array('text' => '<br /><a href="' . xos_href_link(FILENAME_ZONES, xos_get_all_get_params(array('action'))) . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_BACK . ' "><span>' . BUTTON_TEXT_BACK . '</span></a><br /> ');
}
break;
default:
if (isset($cInfo) && is_object($cInfo)) {
$heading_title = '<b>' . $cInfo->zone_name . '</b>';
$contents[] = array('text' => '<a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id . '&action=edit') . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_EDIT . ' "><span>' . BUTTON_TEXT_EDIT . '</span></a><a href="' . xos_href_link(FILENAME_ZONES, 'page=' . $_GET['page'] . '&cID=' . $cInfo->zone_id . '&action=delete') . '" class="button-default" style="margin-right: 5px; float: left" title=" ' . BUTTON_TITLE_DELETE . ' "><span>' . BUTTON_TEXT_DELETE . '</span></a>');
$contents[] = array('text' => '<br />' . TEXT_INFO_ZONES_NAME . '<br />' . $cInfo->zone_name . ' (' . $cInfo->zone_code . ')');
$contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY_NAME . ' ' . $cInfo->countries_name);
$modules_array[] = array('selected' => $selected, 'installed' => $installed, 'link_filename_modules' => $link_filename_modules, 'title' => $module->title, 'sort_order' => $sort_order);
}
}
ksort($installed_modules);
$check_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = '" . $module_key . "'");
if (xos_db_num_rows($check_query)) {
$check = xos_db_fetch_array($check_query);
if ($check['configuration_value'] != implode(';', $installed_modules)) {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $installed_modules) . "', last_modified = now() where configuration_key = '" . $module_key . "'");
}
} else {
xos_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('" . $module_key . "', '" . implode(';', $installed_modules) . "', '6', '0', now())");
}
if ($template_integration == true) {
$check_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'TEMPLATE_BLOCK_GROUPS'");
if (xos_db_num_rows($check_query)) {
$check = xos_db_fetch_array($check_query);
$tbgroups_array = explode(';', $check['configuration_value']);
if (!in_array($module_type, $tbgroups_array)) {
$tbgroups_array[] = $module_type;
sort($tbgroups_array);
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $tbgroups_array) . "', last_modified = now() where configuration_key = 'TEMPLATE_BLOCK_GROUPS'");
}
} else {
xos_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('TEMPLATE_BLOCK_GROUPS', '" . $module_type . "', '6', '0', now())");
}
}
$smarty->assign(array('modules' => $modules_array, 'directory_path' => $module_directory, 'heading_title' => HEADING_TITLE));
require DIR_WS_BOXES . 'infobox_modules.php';
$smarty->configLoad('languages/' . $_SESSION['language'] . '.conf', 'modules');
$output_modules = $smarty->fetch(ADMIN_TPL . '/modules.tpl');
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!$is_shop) {
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_PRODUCT_REVIEWS_WRITE) == 'overwrite_all')) {
if (PRODUCT_REVIEWS_ENABLED != 'true') {
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!isset($_SESSION['customer_id'])) {
$_SESSION['navigation']->remove_current_page();
$_SESSION['navigation']->set_snapshot();
xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL'));
}
$product_info_query = xos_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name, pd.products_p_unit from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and p.products_id = '" . (int) $_GET['p'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'");
if (!xos_db_num_rows($product_info_query)) {
xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action'))), false);
} else {
$product_info = xos_db_fetch_array($product_info_query);
$products_image_name = xos_get_product_images($product_info['products_image'], 'all');
}
$customer_query = xos_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$customer = xos_db_fetch_array($customer_query);
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$rating = xos_db_prepare_input($_POST['rating']);
$review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000));
$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
$error = true;
$messageStack->add('review', JS_REVIEW_TEXT);
}
$regular_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['regular']);
$special_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['special']);
} else {
$regular_price = $default_price;
$special_price = $default_special_price;
$special_expires_date = $default_special_expires_date;
$product_special_status = $default_product_special_status;
}
$price_count_query = xos_db_query("select products_id from " . TABLE_PRODUCTS_PRICES . " where products_id = '" . (int) $products_id . "' and customers_group_id = '" . $customers_group['customers_group_id'] . "'");
if (xos_db_num_rows($price_count_query)) {
xos_db_query("update " . TABLE_PRODUCTS_PRICES . " set customers_group_price = '" . $regular_price . "' where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
} else {
xos_db_query("insert into " . TABLE_PRODUCTS_PRICES . " (products_id, customers_group_id, customers_group_price) values ('" . (int) $products_id . "', '" . $customers_group['customers_group_id'] . "', '" . $regular_price . "')");
}
$special_price_count_query = xos_db_query("select products_id from " . TABLE_SPECIALS . " where products_id = '" . (int) $products_id . "' and customers_group_id = '" . $customers_group['customers_group_id'] . "'");
if (xos_db_num_rows($special_price_count_query)) {
if ($special_price > 0) {
xos_db_perform(TABLE_SPECIALS, array('specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'), 'update', "customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
} else {
xos_db_query("delete from " . TABLE_SPECIALS . " where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
}
} else {
if ($special_price > 0) {
xos_db_perform(TABLE_SPECIALS, array('products_id' => (int) $products_id, 'customers_group_id' => $customers_group['customers_group_id'], 'specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'));
}
}
}
if (isset($_POST['attributes_price_array'])) {
$attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array']));
foreach ($attributes_price_array as $key => $value) {
if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) {
$selected = false;
if (is_object($cInfo) && $cc_list['coupon_id'] == $cInfo->coupon_id) {
$selected = true;
$link_filename_coupon_admin_edit = xos_href_link(FILENAME_COUPON_ADMIN, xos_get_all_get_params(array('cid', 'action')) . 'cid=' . $cInfo->coupon_id . '&action=edit');
}
$coupon_description_query = xos_db_query("select coupon_name from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $cc_list['coupon_id'] . "' and language_id = '" . $_SESSION['languages_id'] . "'");
$coupon_desc = xos_db_fetch_array($coupon_description_query);
if ($cc_list['coupon_type'] == 'P') {
// not floating point value, don't display decimal info
$coupon_amount = ($cc_list['coupon_amount'] == round($cc_list['coupon_amount']) ? number_format($cc_list['coupon_amount']) : number_format($cc_list['coupon_amount'], 2)) . '%';
} elseif ($cc_list['coupon_type'] == 'S') {
$coupon_amount = TEXT_FREE_SHIPPING;
} else {
$coupon_amount = $currencies->format($cc_list['coupon_amount']);
}
$redemptions = xos_db_num_rows($redeem_query);
$coupon_status = false;
if ($cc_list['coupon_active'] == 'Y') {
$coupon_status = true;
}
$cc_list_array[] = array('selected' => $selected, 'status' => $coupon_status, 'name' => $coupon_desc['coupon_name'], 'amount' => $coupon_amount, 'code' => $cc_list['coupon_code'], 'redemptions' => $redemptions, 'icon_status_green' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_green.gif', ICON_TITLE_STATUS_GREEN), 'icon_status_red' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_red.gif', ICON_TITLE_STATUS_RED), 'icon_status_green_light' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_green_light.gif', ICON_TITLE_STATUS_GREEN_LIGHT), 'icon_status_red_light' => xos_image(DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/icon_status_red_light.gif', ICON_TITLE_STATUS_RED_LIGHT), 'link_filename_coupon_admin_action_setflag_N' => xos_href_link(FILENAME_COUPON_ADMIN, 'action=setflag&flag=N&cid=' . $cc_list['coupon_id']), 'link_filename_coupon_admin_action_setflag_Y' => xos_href_link(FILENAME_COUPON_ADMIN, 'action=setflag&flag=Y&cid=' . $cc_list['coupon_id']), 'link_filename_coupon_admin' => xos_href_link(FILENAME_COUPON_ADMIN, xos_get_all_get_params(array('cid', 'action')) . 'cid=' . $cc_list['coupon_id']), 'link_filename_coupon_admin_edit' => $link_filename_coupon_admin_edit);
}
$smarty->assign('cc_list', $cc_list_array);
$status_array[] = array('id' => 'Y', 'text' => TEXT_COUPON_ACTIVE);
$status_array[] = array('id' => 'N', 'text' => TEXT_COUPON_INACTIVE);
$status_array[] = array('id' => 'R', 'text' => TEXT_COUPON_REDEEMED);
$status_array[] = array('id' => '*', 'text' => TEXT_COUPON_ALL);
if ($_GET['status']) {
$status = xos_db_prepare_input($_GET['status']);
} else {
// Changed from "Y" to "*" to see the Red Active and the Green Inactive status
}
$sql_data_array['customers_default_address_id'] = $new_address_book_id;
xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success');
}
}
}
if (isset($_POST['primary']) && $_POST['primary'] == 'on') {
$smarty->clearAllCache();
}
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
}
}
if (isset($_GET['edit']) && is_numeric($_GET['edit'])) {
$entry_query = xos_db_query("select entry_gender, entry_company, entry_company_tax_id, entry_firstname, entry_lastname, entry_street_address, entry_suburb, entry_postcode, entry_city, entry_state, entry_zone_id, entry_country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_GET['edit'] . "'");
if (!xos_db_num_rows($entry_query)) {
$messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
}
$entry = xos_db_fetch_array($entry_query);
} elseif (isset($_GET['delete']) && is_numeric($_GET['delete'])) {
if ($_GET['delete'] == $_SESSION['customer_default_address_id']) {
$messageStack->add_session('addressbook', WARNING_PRIMARY_ADDRESS_DELETION, 'warning');
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
} else {
$check_query = xos_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int) $_GET['delete'] . "' and customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check = xos_db_fetch_array($check_query);
if ($check['total'] < 1) {
$messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
}
$existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => ' ' . $existing_customers['customers_group_name'] . ' ');
++$index;
}
}
if ($processed == true) {
$customer_group_name_query = xos_db_query("select customers_group_name as name from " . TABLE_CUSTOMERS_GROUPS . " where customers_group_id = '" . $cInfo->customers_group_id . "'");
$customer_group_name = xos_db_fetch_array($customer_group_name_query);
$smarty->assign('customers_group_id_in_out_values', $customer_group_name['name'] . xos_draw_hidden_field('customers_group_id'));
} else {
$smarty->assign('customers_group_id_in_out_values', xos_draw_pull_down_menu('customers_group_id', $existing_customers_array, $cInfo->customers_group_id));
}
if ($processed == true) {
$smarty->assign(array('several_lng_in_admin' => false, 'comments_in_out_values' => nl2br($cInfo->customers_comments) . xos_draw_hidden_field('customers_comments')));
} else {
$lng_query = xos_db_query("select languages_id from " . TABLE_LANGUAGES . " where use_in_id <> '2'");
$smarty->assign(array('several_lng_in_admin' => xos_db_num_rows($lng_query) > 1 ? true : false, 'comments_in_out_values' => xos_draw_textarea_field('customers_comments', '80', '10', $cInfo->customers_comments)));
}
$smarty->assign(array('edit_or_update' => true, 'form_begin_customers' => xos_draw_form('customers', FILENAME_CUSTOMERS, xos_get_all_get_params(array('action')) . 'action=update', 'post', 'onsubmit="return check_form();"'), 'hidden_default_address_id' => xos_draw_hidden_field('default_address_id', $cInfo->customers_default_address_id), 'link_filename_customers' => xos_href_link(FILENAME_CUSTOMERS, xos_get_all_get_params(array('action'))), 'form_end' => '</form>'));
} else {
switch ($_GET['listing']) {
case "id-asc":
$order = "c.customers_id";
break;
case "cg_name":
$order = "cg.customers_group_name, c.customers_lastname";
break;
case "cg_name-desc":
$order = "cg.customers_group_name DESC, c.customers_lastname";
break;
case "firstname":
$order = "c.customers_firstname";
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: xsell_products.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/modules/xsell_products.php') == 'overwrite_all')) {
if (isset($_GET['p'])) {
$xsell_query = xos_db_query("select distinct p.products_id, p.products_image, pd.products_name, pd.products_info, p.products_tax_class_id, p.products_price from " . TABLE_PRODUCTS_XSELL . " xp, " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where xp.products_id = '" . (int) $_GET['p'] . "' and xp.xsell_id = p.products_id and p.products_id = pd.products_id and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_status = '1' and c.categories_or_pages_status = '1' order by xp.sort_order ");
$num_products_xsell = xos_db_num_rows($xsell_query);
if ($num_products_xsell > 0) {
$xsell_products_array = array();
while ($xsell = xos_db_fetch_array($xsell_query)) {
$products_prices = xos_get_product_prices($xsell['products_price']);
$products_tax_rate = xos_get_tax_rate($xsell['products_tax_class_id']);
$xsell_price_breaks_array = array();
if (isset($products_prices[$customer_group_id][0])) {
$xsell_product_price = $currencies->display_price($products_prices[$customer_group_id][0]['regular'], $products_tax_rate);
$products_prices[$customer_group_id]['special_status'] == 1 && $products_prices[$customer_group_id][0]['special'] > 0 ? $xsell_product_price_special = $currencies->display_price($products_prices[$customer_group_id][0]['special'], $products_tax_rate) : ($xsell_product_price_special = '');
$sizeof = count($products_prices[$customer_group_id]);
/*
if ($sizeof > 2) {
$array_keys = array_keys($products_prices[$customer_group_id]);
for ($count=2, $n=$sizeof; $count<$n; $count++) {
$qty = $array_keys[$count];
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
//------------------------------------------------------------------------------
// this file is based on:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: product_notifications.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/includes/boxes/product_notifications.php') == 'overwrite_all')) {
if (isset($_GET['p'])) {
$allowed_product_query = xos_db_query("select p.products_id total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES_OR_PAGES . " c where p.products_id = '" . (int) $_GET['p'] . "' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and c.categories_or_pages_status = '1' and p.products_status = '1'");
if (xos_db_num_rows($allowed_product_query)) {
if (isset($_SESSION['customer_id'])) {
$check_query = xos_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . (int) $_GET['p'] . "' and customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check = xos_db_fetch_array($check_query);
$notification_exists = $check['count'] > 0 ? true : false;
} else {
$notification_exists = false;
}
if ($notification_exists == true) {
$smarty->assign(array('box_product_notifications_notification_exists' => true, 'box_product_notifications_link_notify_notify_remove' => xos_href_link(basename($_SERVER['PHP_SELF']), xos_get_all_get_params(array('action', 'lnc', 'cur', 'tpl')) . 'action=notify_remove', $request_type), 'box_product_notifications_image' => xos_image(DIR_WS_IMAGES . 'catalog/templates/' . SELECTED_TPL . '/box_products_notifications_remove.gif', IMAGE_BUTTON_REMOVE_NOTIFICATIONS)));
} else {
$smarty->assign(array('box_product_notifications_notification_exists' => false, 'box_product_notifications_link_notify_notify_remove' => xos_href_link(basename($_SERVER['PHP_SELF']), xos_get_all_get_params(array('action', 'lnc', 'cur', 'tpl')) . 'action=notify', $request_type), 'box_product_notifications_image' => xos_image(DIR_WS_IMAGES . 'catalog/templates/' . SELECTED_TPL . '/box_products_notifications.gif', IMAGE_BUTTON_NOTIFICATIONS)));
}
$smarty->assign(array('box_product_notifications_link_filename_account_notifications' => xos_href_link(FILENAME_ACCOUNT_NOTIFICATIONS, '', 'SSL'), 'box_product_notifications_product_name' => xos_get_products_name($_GET['p'])));
$output_product_notifications = $smarty->fetch(SELECTED_TPL . '/includes/boxes/product_notifications.tpl');
$smarty->assign('box_product_notifications', $output_product_notifications);