function __construct($object_array)
{
reset($object_array);
while (list($key, $value) = each($object_array)) {
$this->{$key} = xos_db_prepare_input($value);
}
}
function query($order_id)
{
$order_id = xos_db_prepare_input($order_id);
$order_query = xos_db_query("select customers_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, AES_DECRYPT(cc_number, 'key_cc_number') AS cc_number, cc_expires, language_id, language_directory, currency, currency_value, date_purchased, orders_status, last_modified from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'");
$order = xos_db_fetch_array($order_query);
$order_total_query = xos_db_query("select text from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' and class = 'ot_total' order by orders_total_id DESC limit 1");
$order_total = xos_db_fetch_array($order_total_query);
$shipping_method_query = xos_db_query("select title from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' and class = 'ot_shipping'");
$shipping_method = xos_db_fetch_array($shipping_method_query);
$order_status_query = xos_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . (int) $_SESSION['languages_id'] . "'");
$order_status = xos_db_fetch_array($order_status_query);
$this->info = array('language_id' => $order['language_id'], 'language_directory' => $order['language_directory'], 'currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'date_purchased' => $order['date_purchased'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total['text']), 'shipping_method' => substr($shipping_method['title'], -1) == ':' ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title']));
$this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']);
$this->delivery = array('name' => $order['delivery_name'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']);
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) {
$this->delivery = false;
}
$this->billing = array('name' => $order['billing_name'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']);
$index = 0;
$orders_products_query = xos_db_query("select orders_products_id, products_id, products_model, products_name, products_p_unit, products_price, final_price, products_price_text, final_price_text, total_price_text, products_tax, products_quantity from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'");
while ($orders_products = xos_db_fetch_array($orders_products_query)) {
$this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'model' => $orders_products['products_model'], 'name' => $orders_products['products_name'], 'packaging_unit' => $orders_products['products_p_unit'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'final_price' => $orders_products['final_price'], 'price_formated' => $orders_products['products_price_text'], 'final_price_formated' => $orders_products['final_price_text'], 'total_price_formated' => $orders_products['total_price_text']);
$subindex = 0;
$attributes_query = xos_db_query("select products_options, products_options_values, options_values_price, options_values_price_text, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int) $order_id . "' and orders_products_id = '" . (int) $orders_products['orders_products_id'] . "'");
if (xos_db_num_rows($attributes_query)) {
while ($attributes = xos_db_fetch_array($attributes_query)) {
$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price'], 'price_formated' => $attributes['options_values_price_text']);
$subindex++;
}
}
$this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';
$index++;
}
$totals_query = xos_db_query("select title, text, tax, class from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' order by sort_order, orders_total_id");
while ($totals = xos_db_fetch_array($totals_query)) {
$this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'tax' => $totals['tax'], 'class' => $totals['class']);
if ($totals['tax'] > -1 && ($totals['class'] == 'ot_shipping' || $totals['class'] == 'ot_loworderfee' || $totals['class'] == 'ot_cod_fee')) {
$this->info['tax_groups']["{$totals['tax']}"] = '1';
}
}
}
$valid_product = true;
$product_info = xos_db_fetch_array($product_info_query);
}
}
if ($valid_product == false) {
xos_redirect(xos_href_link(FILENAME_PRODUCT_INFO, 'p=' . (int) $_GET['p']), false);
}
require DIR_FS_DOCUMENT_ROOT . FILENAME_CAPTCHA;
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_TELL_A_FRIEND;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$error = false;
$to_email_address = xos_db_prepare_input($_POST['to_email_address']);
$to_name = xos_db_prepare_input($_POST['to_name']);
$from_email_address = xos_db_prepare_input($_POST['from_email_address']);
$from_name = xos_db_prepare_input($_POST['from_name']);
$message = xos_db_prepare_input(substr(strip_tags($_POST['message']), 0, 1000));
if (empty($from_name)) {
$error = true;
$messageStack->add('friend', ERROR_FROM_NAME);
$smarty->assign('error_from_name', true);
}
if (strlen($from_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('friend', ERROR_FROM_ADDRESS_MIN_LENGTH);
$smarty->assign('error_from_address', true);
} elseif (!xos_validate_email($from_email_address)) {
$error = true;
$messageStack->add('friend', ERROR_FROM_ADDRESS);
$smarty->assign('error_from_address', true);
}
if (empty($to_name)) {
$firstname = xos_db_prepare_input($_POST['firstname']);
$lastname = xos_db_prepare_input($_POST['lastname']);
$street_address = xos_db_prepare_input($_POST['street_address']);
if (ACCOUNT_SUBURB == 'true') {
$suburb = xos_db_prepare_input($_POST['suburb']);
}
$postcode = xos_db_prepare_input($_POST['postcode']);
$city = xos_db_prepare_input($_POST['city']);
$country = xos_db_prepare_input($_POST['country']);
if (ACCOUNT_STATE == 'true') {
if (isset($_POST['zone_id'])) {
$zone_id = xos_db_prepare_input($_POST['zone_id']);
} else {
$zone_id = false;
}
$state = xos_db_prepare_input($_POST['state']);
}
if (ACCOUNT_GENDER == 'true') {
if ($gender != 'm' && $gender != 'f') {
$error = true;
$messageStack->add('addressbook', ENTRY_GENDER_ERROR);
$smarty->assign('gender_error', true);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('addressbook', ENTRY_FIRST_NAME_ERROR);
$smarty->assign('first_name_error', true);
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
}
// needs to be included earlier to set the success message in the messageStack
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_ACCOUNT_EDIT;
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
if (ACCOUNT_GENDER == 'true') {
$gender = xos_db_prepare_input($_POST['gender']);
}
$firstname = xos_db_prepare_input($_POST['firstname']);
$lastname = xos_db_prepare_input($_POST['lastname']);
if (ACCOUNT_DOB == 'true') {
$dob = xos_db_prepare_input($_POST['dob']);
}
$email_address = xos_db_prepare_input($_POST['email_address']);
$language_id = xos_db_prepare_input($_POST['languages']);
$telephone = xos_db_prepare_input($_POST['telephone']);
$fax = xos_db_prepare_input($_POST['fax']);
$error = false;
if (ACCOUNT_GENDER == 'true') {
if ($gender != 'm' && $gender != 'f') {
$error = true;
$messageStack->add('account_edit', ENTRY_GENDER_ERROR);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_FIRST_NAME_ERROR);
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_LAST_NAME_ERROR);
}
function send($newsletter_id)
{
global $messageStack;
if (SEND_EMAILS != 'true') {
$messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error');
return false;
}
$ids = $_GET['customers_chosen'];
$mail_query = xos_db_query("select s.subscriber_id, s.subscriber_email_address, s.subscriber_identity_code, c.customers_firstname, c.customers_lastname from " . TABLE_NEWSLETTER_SUBSCRIBERS . " s left join " . TABLE_CUSTOMERS . " c on s.customers_id = c.customers_id where s.subscriber_id in (" . $ids . ") order by s.customers_id");
if (empty($this->language_directory)) {
$lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
$lang = xos_db_fetch_array($lang_query);
$this->language_directory = $lang['directory'];
}
//Let's build a message object using the mailer class
$email_to_subscriber = new mailer();
$email_from_value = EMAIL_FROM;
$from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8');
$address = '';
$name = '';
$pieces = explode('<', $from);
if (count($pieces) == 2) {
$address = trim($pieces[1], " >");
$name = trim($pieces[0]);
} elseif (count($pieces) == 1) {
$pos = stripos($pieces[0], '@');
$address = $pos ? trim($pieces[0], " >") : '';
}
$email_to_subscriber->From = $address;
$email_to_subscriber->FromName = $name;
$email_to_subscriber->WordWrap = '100';
$email_to_subscriber->Subject = $this->title;
$smarty_newsletter = new Smarty();
$smarty_newsletter->template_dir = DIR_FS_SMARTY . 'catalog/templates/';
$smarty_newsletter->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/';
$smarty_newsletter->config_dir = DIR_FS_SMARTY . 'catalog/';
$smarty_newsletter->cache_dir = DIR_FS_SMARTY . 'catalog/cache/';
$smarty_newsletter->left_delimiter = '[@{';
$smarty_newsletter->right_delimiter = '}@]';
$is_html = false;
if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') {
$is_html = true;
$smarty_newsletter->assign(array('nl' => "\n", 'html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain));
$smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_html');
$output_newsletter_email_html = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_html.tpl');
$smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text');
$output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl');
$email_to_subscriber->isHTML(true);
} else {
$smarty_newsletter->assign(array('nl' => "\n", 'content_text_plain' => $this->content_text_plain));
$smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text');
$output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl');
$email_to_subscriber->isHTML(false);
}
while ($mail = xos_db_fetch_array($mail_query)) {
$link_unsubscribe = xos_catalog_href_link('newsletter_subscribe.php', 'action=unsubscribe&identity_code=' . $mail['subscriber_identity_code'], 'SSL');
if ($is_html) {
$email_to_subscriber->Body = $output_newsletter_email_html . '<a href="' . $link_unsubscribe . '" target="_blank">' . $link_unsubscribe . '</a>' . "\n" . '</div>' . "\n" . '</body>' . "\n" . '</html>' . "\n";
$email_to_subscriber->AltBody = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8');
} else {
$email_to_subscriber->Body = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8');
}
$email_to_subscriber->addAddress($mail['subscriber_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname']);
if (!$email_to_subscriber->send()) {
$messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_subscriber->ErrorInfo, '<' . $mail['subscriber_email_address'] . '>'), 'error');
} else {
$messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '<' . $mail['subscriber_email_address'] . '>'), 'success');
}
$email_to_subscriber->clearAddresses();
}
$newsletter_id = xos_db_prepare_input($newsletter_id);
xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'");
}
$rInfo_array = array_merge((array) $reviews, (array) $products, (array) $products_name);
$rInfo = new objectInfo($rInfo_array);
$product_image = xos_get_product_images($rInfo->products_image);
$reviews_rating = '';
for ($i = 1; $i <= 5; $i++) {
$reviews_rating .= xos_draw_radio_field('reviews_rating', $i, '', $rInfo->reviews_rating);
}
if ($product_image['name']) {
$smarty->assign('products_image', xos_image(DIR_WS_CATALOG_IMAGES . 'products/medium/' . $product_image['name'], $rInfo->products_name, '', '', 'style="margin: 5px;"'));
}
$smarty->assign(array('edit' => true, 'form_begin_review' => xos_draw_form('review', FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $_GET['rID'] . '&action=preview'), 'products_name' => $rInfo->products_name, 'customers_name' => $rInfo->customers_name, 'date_added' => xos_date_short($rInfo->date_added), 'textarea_reviews_text' => xos_draw_textarea_field('reviews_text', '60', '15', $rInfo->reviews_text), 'hidden_reviews_id' => xos_draw_hidden_field('reviews_id', $rInfo->reviews_id), 'hidden_products_id' => xos_draw_hidden_field('products_id', $rInfo->products_id), 'hidden_customers_name' => xos_draw_hidden_field('customers_name', $rInfo->customers_name), 'hidden_products_name' => xos_draw_hidden_field('products_name', $rInfo->products_name), 'hidden_products_image' => xos_draw_hidden_field('products_image', $rInfo->products_image), 'hidden_date_added' => xos_draw_hidden_field('date_added', $rInfo->date_added), 'link_filename_reviews_cancel' => xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $_GET['rID']), 'reviews_rating' => $reviews_rating, 'form_end' => '</form>'));
} elseif ($action == 'preview') {
if (xos_not_null($_POST)) {
$rInfo = new objectInfo($_POST);
} else {
$rID = xos_db_prepare_input($_GET['rID']);
$reviews_query = xos_db_query("select r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, rd.reviews_text, r.reviews_rating from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd where r.reviews_id = '" . (int) $rID . "' and r.reviews_id = rd.reviews_id");
$reviews = xos_db_fetch_array($reviews_query);
$products_query = xos_db_query("select products_image from " . TABLE_PRODUCTS . " where products_id = '" . (int) $reviews['products_id'] . "'");
$products = xos_db_fetch_array($products_query);
$products_name_query = xos_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int) $reviews['products_id'] . "' and language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
$products_name = xos_db_fetch_array($products_name_query);
$rInfo_array = array_merge((array) $reviews, (array) $products, (array) $products_name);
$rInfo = new objectInfo($rInfo_array);
}
$product_image = xos_get_product_images($rInfo->products_image);
if (xos_not_null($_POST)) {
/* Re-Post all POST'ed variables */
reset($_POST);
$hidden_post_values = '';
while (list($key, $value) = each($_POST)) {
// XOS-Shop is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published
// by the Free Software Foundation, either version 3 of the License,
// or (at your option) any later version.
//
// XOS-Shop is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_CONTENT) == 'overwrite_all')) {
$content_id = xos_db_prepare_input($_GET['co']);
$content_query = xos_db_query("select c.content_id, c.link_request_type, c.type, cd.name, cd.heading_title, cd.content, cd.php_source from " . TABLE_CONTENTS . " c, " . TABLE_CONTENTS_DATA . " cd where c.status = '1' and c.content_id = '" . (int) $content_id . "' and c.content_id = cd.content_id and language_id = '" . (int) $_SESSION['languages_id'] . "'");
$content = xos_db_fetch_array($content_query);
eval(' ?>' . $content['php_source'] . '<?php ');
if (in_array($content['type'], array('info', 'not_in_menu'))) {
$site_trail->add($content['name'], xos_href_link(FILENAME_CONTENT, 'co=' . $content['content_id'], !empty($content['link_request_type']) ? $content['link_request_type'] : 'NONSSL'));
}
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
$back = sizeof($_SESSION['navigation']->path) - 2;
if (!empty($_SESSION['navigation']->path[$back])) {
$get_params_array = $_SESSION['navigation']->path[$back]['get'];
$get_params_array['rmp'] = '0';
$back_link = xos_href_link($_SESSION['navigation']->path[$back]['page'], xos_array_to_query_string($get_params_array, array('action', xos_session_name())), $_SESSION['navigation']->path[$back]['mode']);
function xos_db_prepare_input($string)
{
if (is_string($string)) {
return trim(xos_sanitize_string(stripslashes($string)));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = xos_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
if ($action == 'new_page' && WYSIWYG_FOR_PAGES == 'true') {
$javascript .= '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/ckeditor/ckeditor.js"></script>' . "\n";
}
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
// $smarty->assign('BODY_TAG_PARAMS', 'onload="SetFocus();"');
if ($action == 'new_page') {
$parameters = array('categories_or_pages_id' => '', 'link_request_type' => '', 'page_name' => '', 'page_not_in_menu' => '', 'sort_order' => '', 'categories_or_pages_status' => '');
if (isset($_GET['cpID']) && $reload != true) {
$cpID = xos_db_prepare_input($_GET['cpID']);
$page_query = xos_db_query("select c.categories_or_pages_id, c.link_request_type, cpd.categories_or_pages_name as page_name, c.page_not_in_menu, c.sort_order, c.categories_or_pages_status from " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_CATEGORIES_OR_PAGES_DATA . " cpd where c.categories_or_pages_id = '" . (int) $cpID . "' and c.categories_or_pages_id = cpd.categories_or_pages_id and cpd.language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
$page = xos_db_fetch_array($page_query);
$cInfo = new objectInfo($page);
} elseif (xos_not_null($_POST)) {
$cInfo = new objectInfo($_POST);
} else {
$cInfo = new objectInfo($parameters);
}
if (WYSIWYG_FOR_PAGES == 'true') {
$smarty->assign(array('wysiwyg' => true, 'link_filename_popup_file_manager_link_selection' => str_replace('&', '&', xos_href_link(FILENAME_POPUP_FILE_MANAGER, 'action=link_entrence&goto=' . DIR_FS_DOCUMENT_ROOT . 'contents')), 'link_filename_popup_file_manager_image' => str_replace('&', '&', xos_href_link(FILENAME_POPUP_FILE_MANAGER, 'action=no_link_entrence&goto=' . DIR_FS_DOCUMENT_ROOT . 'contents/image')), 'link_filename_popup_file_manager_flash' => str_replace('&', '&', xos_href_link(FILENAME_POPUP_FILE_MANAGER, 'action=no_link_entrence&goto=' . DIR_FS_DOCUMENT_ROOT . 'contents/flash')), 'page_config' => (ENABLE_SSL == 'true' ? $_SESSION['disable_ssl'] ? HTTP_SERVER : HTTPS_SERVER : HTTP_SERVER) . DIR_WS_ADMIN_IMAGES . ADMIN_TPL . '/ckconfig/page_config.js', 'page_base_href' => ENABLE_SSL == 'true' ? $_SESSION['disable_ssl'] ? HTTP_SERVER : HTTPS_SERVER : HTTP_SERVER, 'lang_code' => xos_get_languages_code()));
}
$languages = xos_get_languages();
$contents_data_array = array();
$php_code_included = false;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_ACCOUNT_NEWSLETTERS) == 'overwrite_all')) {
if (!isset($_SESSION['customer_id'])) {
$_SESSION['navigation']->remove_current_page();
$_SESSION['navigation']->set_snapshot();
xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL'));
} elseif (NEWSLETTER_ENABLED != 'true') {
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
// needs to be included earlier to set the success message in the messageStack
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_ACCOUNT_NEWSLETTERS;
$newsletter_query = xos_db_query("select newsletter_status from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$newsletter = xos_db_fetch_array($newsletter_query);
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
if (isset($_POST['newsletter_general']) && is_numeric($_POST['newsletter_general'])) {
$newsletter_general = xos_db_prepare_input($_POST['newsletter_general']);
} else {
$newsletter_general = '0';
}
if ($newsletter_general != $newsletter['newsletter_status']) {
$newsletter_general = $newsletter['newsletter_status'] == '1' ? '0' : '1';
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set newsletter_status = '" . (int) $newsletter_general . "', newsletter_status_change = now() where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
}
$messageStack->add_session('account', SUCCESS_NEWSLETTER_UPDATED, 'success');
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
$site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_NEWSLETTERS, '', 'SSL'));
$add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function rowOverEffect(object) {' . "\n" . ' if (object.className == "module-row") object.className = "module-row-over";' . "\n" . '}' . "\n\n" . 'function rowOutEffect(object) {' . "\n" . ' if (object.className == "module-row-over") object.className = "module-row";' . "\n" . '}' . "\n\n" . 'function checkBox(object) {' . "\n" . ' document.account_newsletter.elements[object].checked = !document.account_newsletter.elements[object].checked;' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
break;
case 'group_new':
$admin_groups_name = ucwords(strtolower(xos_db_prepare_input($_POST['admin_groups_name'])));
$name_replace = preg_replace("/ /", "%", $admin_groups_name);
if ($admin_groups_name == '' || NULL || strlen($admin_groups_name) <= 5) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET[gID] . '&gName=false&action=new_group'));
} else {
$check_groups_name_query = xos_db_query("select admin_groups_name as group_name_new from " . TABLE_ADMIN_GROUPS . " where admin_groups_name like '%" . $name_replace . "%'");
$check_duplicate = xos_db_num_rows($check_groups_name_query);
if ($check_duplicate > 0) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET['gID'] . '&gName=used&action=new_group'));
} else {
$sql_data_array = array('admin_groups_name' => $admin_groups_name);
xos_db_perform(TABLE_ADMIN_GROUPS, $sql_data_array);
$admin_groups_id = xos_db_insert_id();
$set_groups_id = xos_db_prepare_input($_POST['set_groups_id']);
$add_group_id = $set_groups_id . ',\'' . $admin_groups_id . '\'';
xos_db_query("alter table " . TABLE_ADMIN_FILES . " change admin_groups_id admin_groups_id set( " . $add_group_id . ") NOT NULL DEFAULT '1' ");
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $admin_groups_id));
}
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require 'includes/account_check.js.php';
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if ($_GET['gPath']) {
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_REDIRECT) == 'overwrite_all')) {
switch ($_GET['action']) {
case 'banner':
$banner_query = xos_db_query("select banners_url from " . TABLE_BANNERS_CONTENT . " where banners_id = '" . (int) $_GET['goto'] . "' and language_id = '" . (int) $_SESSION['languages_id'] . "'");
if (xos_db_num_rows($banner_query)) {
$banner = xos_db_fetch_array($banner_query);
xos_update_banner_click_count($_GET['goto']);
xos_redirect($banner['banners_url']);
}
break;
case 'url':
if (isset($_GET['goto']) && xos_not_null($_GET['goto'])) {
$check_query = xos_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . xos_db_input(xos_db_prepare_input($_GET['goto'])) . "' limit 1");
if (xos_db_num_rows($check_query)) {
$url = xos_db_fetch_array($check_query);
xos_redirect(parse_url($url['products_url'], PHP_URL_SCHEME) ? $url['products_url'] : 'http://' . $url['products_url']);
}
}
break;
case 'manufacturer':
if (isset($_GET['m']) && xos_not_null($_GET['m'])) {
$manufacturer_query = xos_db_query("select manufacturers_url from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $_GET['m'] . "' and languages_id = '" . (int) $_SESSION['languages_id'] . "'");
if (xos_db_num_rows($manufacturer_query)) {
// url exists in selected language
$manufacturer = xos_db_fetch_array($manufacturer_query);
if (xos_not_null($manufacturer['manufacturers_url'])) {
xos_db_query("update " . TABLE_MANUFACTURERS_INFO . " set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = '" . (int) $_GET['m'] . "' and languages_id = '" . (int) $_SESSION['languages_id'] . "'");
xos_redirect(parse_url($manufacturer['manufacturers_url'], PHP_URL_SCHEME) ? $manufacturer['manufacturers_url'] : 'http://' . $manufacturer['manufacturers_url']);
<?php
if (SEND_EMAILS != 'true') {
xos_redirect(xos_href_link(FILENAME_LOGIN));
}
if (isset($_GET['action']) && $_GET['action'] == 'process' && (SESSION_FORCE_COOKIE_USE == 'true' && isset($_COOKIE[session_name()]) || SESSION_FORCE_COOKIE_USE == 'false')) {
$email_address = xos_db_prepare_input($_POST['email_address']);
$firstname = xos_db_prepare_input($_POST['firstname']);
$log_times = $_POST['log_times'] + 1;
if ($log_times >= 4) {
$_SESSION['password_forgotten'] = true;
}
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as check_id, admin_firstname as check_firstname, admin_lastname as check_lastname, admin_email_address as check_email_address from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$_GET['login'] = '******';
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
if ($check_admin['check_firstname'] != $firstname) {
$_GET['login'] = '******';
} else {
$_GET['login'] = '******';
$makePassword = xos_create_random_value(7);
@(require DIR_FS_SMARTY . 'admin/languages/' . $_SESSION['language'] . '/' . FILENAME_LOGIN);
$email_to_admin = new mailer($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$mailer_error_message = sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo);
} else {
xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'");
}
}
$tax_class_id = xos_db_prepare_input($_GET['tID']);
$tax_class_title = xos_db_prepare_input($_POST['tax_class_title']);
$actual_tax_class_title = xos_db_prepare_input($_POST['actual_tax_class_title']);
$tax_class_description = xos_db_prepare_input($_POST['tax_class_description']);
if (mb_strtolower($actual_tax_class_title) != mb_strtolower($tax_class_title)) {
$check_query = xos_db_query("select tax_class_title from " . TABLE_TAX_CLASS . " where tax_class_title = '" . xos_db_input($tax_class_title) . "'");
if (xos_db_num_rows($check_query) || $tax_class_title == '') {
xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $_GET['tID'] . '&tax_class_title=' . $tax_class_title . '&tax_class_description=' . $tax_class_description . '&action=edit&error_title=' . $tax_class_title));
}
}
xos_db_query("update " . TABLE_TAX_CLASS . " set tax_class_id = '" . (int) $tax_class_id . "', tax_class_title = '" . xos_db_input($tax_class_title) . "', tax_class_description = '" . xos_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . (int) $tax_class_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id));
break;
case 'deleteconfirm':
$tax_class_id = xos_db_prepare_input($_GET['tID']);
xos_db_query("delete from " . TABLE_TAX_CLASS . " where tax_class_id = '" . (int) $tax_class_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page']));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$classes_query_raw = "select tax_class_id, tax_class_title, tax_class_description, last_modified, date_added from " . TABLE_TAX_CLASS . " order by tax_class_title";
$classes_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $classes_query_raw, $classes_query_numrows);
$classes_query = xos_db_query($classes_query_raw);
$classes_array = array();
}
$gv_email->clearAddresses();
}
$_SESSION['used_lng_id'] = $used_lang_id;
}
if ($mailer_error == false) {
$messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $mail_sent_to), 'success');
}
xos_redirect(xos_href_link(FILENAME_GV_MAIL));
}
}
$email_error = false;
$entry_email_to_error = false;
$entry_email_to_check_error = false;
if ($action == 'preview' && !empty($_POST['email_to'])) {
$email_to = xos_db_prepare_input($_POST['email_to']);
if (strlen($email_to) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$email_error = true;
$entry_email_to_error = true;
}
if (!xos_validate_email($email_to)) {
$email_error = true;
$entry_email_to_check_error = true;
}
}
if ($action == 'preview' && empty($_POST['customers_email_address']) && empty($_POST['email_to'])) {
$messageStack->add('header', ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($action == 'preview' && $_POST['amount'] == '') {
$messageStack->add('header', ERROR_NO_AMOUNT_SELECTED, 'error');
}
$specials_error = true;
$this_group_specials_error = true;
$spec_err_gr .= $customers_group['customers_group_id'] . ',';
}
}
$special_expires_date = xos_date_raw(xos_db_prepare_input($_POST['special_expires_date_' . $customers_group['customers_group_id']]));
$special_expires_date = date('Ymd') <= $special_expires_date && $all_specials ? $special_expires_date : 'null';
if ($customers_group['customers_group_id'] == 0) {
$default_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['regular']);
$default_special_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['special']);
$default_product_special_status = $product_special_status;
$default_special_expires_date = $special_expires_date;
}
if ($_POST['option'][$customers_group['customers_group_id']]) {
$regular_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['regular']);
$special_price = xos_db_prepare_input($prices_array[$customers_group['customers_group_id']][0]['special']);
} else {
$regular_price = $default_price;
$special_price = $default_special_price;
$special_expires_date = $default_special_expires_date;
$product_special_status = $default_product_special_status;
}
$price_count_query = xos_db_query("select products_id from " . TABLE_PRODUCTS_PRICES . " where products_id = '" . (int) $products_id . "' and customers_group_id = '" . $customers_group['customers_group_id'] . "'");
if (xos_db_num_rows($price_count_query)) {
xos_db_query("update " . TABLE_PRODUCTS_PRICES . " set customers_group_price = '" . $regular_price . "' where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
} else {
xos_db_query("insert into " . TABLE_PRODUCTS_PRICES . " (products_id, customers_group_id, customers_group_price) values ('" . (int) $products_id . "', '" . $customers_group['customers_group_id'] . "', '" . $regular_price . "')");
}
$special_price_count_query = xos_db_query("select products_id from " . TABLE_SPECIALS . " where products_id = '" . (int) $products_id . "' and customers_group_id = '" . $customers_group['customers_group_id'] . "'");
if (xos_db_num_rows($special_price_count_query)) {
if ($special_price > 0) {
function send($newsletter_id)
{
global $messageStack;
if (SEND_EMAILS != 'true') {
$messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error');
return false;
}
$audience = array();
$ids = $_GET['customers_chosen'];
$customers_query = xos_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c where c.customers_id in (" . $ids . ")");
while ($customers = xos_db_fetch_array($customers_query)) {
$audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']);
}
if (empty($this->language_directory)) {
$lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
$lang = xos_db_fetch_array($lang_query);
$this->language_directory = $lang['directory'];
}
//Let's build a message object using the mailer class
$email_to_customer = new mailer();
$email_from_value = EMAIL_FROM;
$from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8');
$address = '';
$name = '';
$pieces = explode('<', $from);
if (count($pieces) == 2) {
$address = trim($pieces[1], " >");
$name = trim($pieces[0]);
} elseif (count($pieces) == 1) {
$pos = stripos($pieces[0], '@');
$address = $pos ? trim($pieces[0], " >") : '';
}
$email_to_customer->From = $address;
$email_to_customer->FromName = $name;
$email_to_customer->WordWrap = '100';
$email_to_customer->Subject = $this->title;
$smarty_product_notification = new Smarty();
$smarty_product_notification->template_dir = DIR_FS_SMARTY . 'catalog/templates/';
$smarty_product_notification->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/';
$smarty_product_notification->config_dir = DIR_FS_SMARTY . 'catalog/';
$smarty_product_notification->cache_dir = DIR_FS_SMARTY . 'catalog/cache/';
$smarty_product_notification->left_delimiter = '[@{';
$smarty_product_notification->right_delimiter = '}@]';
$is_html = false;
if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') {
$is_html = true;
$smarty_product_notification->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain));
$smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_html.tpl');
$output_product_notification_email_html = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_html.tpl');
$smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl');
$output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl');
$email_to_customer->isHTML(true);
} else {
$smarty_product_notification->assign('content_text_plain', $this->content_text_plain);
$smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl');
$output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl');
$email_to_customer->isHTML(false);
}
reset($audience);
while (list($key, $value) = each($audience)) {
if ($is_html) {
$email_to_customer->Body = $output_product_notification_email_html;
$email_to_customer->AltBody = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8');
} else {
$email_to_customer->Body = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8');
}
$email_to_customer->addAddress($value['email_address'], $value['firstname'] . ' ' . $value['lastname']);
if (!$email_to_customer->send()) {
$messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_customer->ErrorInfo, '<' . $value['email_address'] . '>'), 'error');
} else {
$messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '<' . $value['email_address'] . '>'), 'success');
}
$email_to_customer->clearAddresses();
}
$newsletter_id = xos_db_prepare_input($newsletter_id);
xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'");
}
xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $parameter_string));
break;
case 'delete_option':
$option_id = xos_db_prepare_input($_GET['option_id']);
xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS . " where products_options_id = '" . (int) $option_id . "'");
xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string));
break;
case 'delete_value':
$value_id = xos_db_prepare_input($_GET['value_id']);
xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where products_options_values_id = '" . (int) $value_id . "'");
xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " where products_options_values_id = '" . (int) $value_id . "'");
xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, 'options_page=1&' . $parameter_string));
break;
case 'delete_attribute':
$attribute_id = xos_db_prepare_input($_GET['attribute_id']);
$products_id = xos_db_prepare_input($_GET['products_id']);
$combinations_query = xos_db_query("select p.products_quantity, p.attributes_quantity, p.attributes_combinations, p.attributes_not_updated, pa.options_id, pa.options_values_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where p.products_id = '" . (int) $products_id . "' and pa.products_attributes_id = '" . (int) $attribute_id . "'");
$combinations = xos_db_fetch_array($combinations_query);
$qty = 0;
if (xos_not_null($combinations['attributes_combinations'])) {
$attributes_not_updated = xos_get_attributes_not_updated($combinations['attributes_not_updated']);
foreach ($attributes_not_updated as $key_not_updated => $val_not_updated) {
if ($val_not_updated == $combinations['options_id'] . ',' . $combinations['options_values_id']) {
unset($attributes_not_updated[$key_not_updated]);
}
}
ksort($attributes_not_updated);
if (empty($attributes_not_updated)) {
$not_updated = "attributes_not_updated = null";
} else {
$not_updated = "attributes_not_updated = '" . xos_db_input(serialize($attributes_not_updated)) . "'";
}
if (isset($_GET['_m']) && xos_not_null($_GET['_m'])) {
$where_str .= " and mi.manufacturers_id = '" . (int) $_GET['_m'] . "'";
}
if (isset($search_keywords) && sizeof($search_keywords) > 0) {
$where_str .= " and (";
for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) {
switch ($search_keywords[$i]) {
case '(':
case ')':
case 'and':
case 'or':
$where_str .= " " . $search_keywords[$i] . " ";
break;
default:
$keyword = xos_db_prepare_input($search_keywords[$i]);
$where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'";
if (isset($_GET['sid']) && $_GET['sid'] == '1') {
$where_str .= " or pd.products_description like '%" . xos_db_input($keyword) . "%' or pd.products_info like '%" . xos_db_input($keyword) . "%'";
}
$where_str .= ')';
break;
}
}
$where_str .= " )";
}
if (xos_not_null($dfrom)) {
$where_str .= " and p.products_date_added >= '" . xos_date_raw($dfrom) . "'";
}
if (xos_not_null($dto)) {
$where_str .= " and p.products_date_added <= '" . xos_date_raw($dto) . "'";
if (sizeof($order->info['tax_groups']) > 1) {
$smarty->assign('tax_groups', true);
}
$smarty->assign(array('order_id' => $oID, 'order_language_name' => $languages['name'], 'date_purchased' => xos_datetime_short($order->info['date_purchased']), 'customer_address' => xos_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'), 'delivery_address' => xos_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'), 'billing_address' => xos_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'), 'c_id' => $order->customer['c_id'], 'telephone_number' => $order->customer['telephone'], 'email_address' => $order->customer['email_address'], 'payment_method' => $order->info['payment_method'], 'order_products' => $order_products_array, 'order_totals' => $order_totals_array, 'form_begin_status' => xos_draw_form('new_status', FILENAME_ORDERS, xos_get_all_get_params(array('action')) . 'action=update_order'), 'textarea_comments' => xos_draw_textarea_field('comments', '60', '5'), 'pull_down_status' => xos_draw_pull_down_menu('status', $orders_statuses, $order->info['orders_status']), 'form_end' => '</form>', 'link_filename_orders_invoice' => xos_href_link(FILENAME_ORDERS_INVOICE, 'oID=' . $_GET['oID']), 'link_filename_orders_packingslip' => xos_href_link(FILENAME_ORDERS_PACKINGSLIP, 'oID=' . $_GET['oID']), 'link_filename_orders' => xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('action'))), 'edit' => true));
} else {
$orders_statuses = array();
$orders_status_query = xos_db_query("select orders_status_id, orders_status_name from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
while ($orders_status = xos_db_fetch_array($orders_status_query)) {
$orders_statuses[] = array('id' => $orders_status['orders_status_id'], 'text' => $orders_status['orders_status_name']);
}
$status = $_GET['status'];
if (isset($_GET['cID'])) {
$cID = xos_db_prepare_input($_GET['cID']);
$orders_query_raw = "select o.orders_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, s.orders_status_code, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int) $cID . "' and o.orders_status = s.orders_status_id and s.language_id = '" . (int) $_SESSION['used_lng_id'] . "' and ot.class = 'ot_total' group by o.orders_id order by o.orders_id DESC";
} elseif (isset($_GET['status']) && is_numeric($_GET['status']) && $_GET['status'] > 0) {
$status = xos_db_prepare_input($_GET['status']);
$orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, s.orders_status_code, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int) $_SESSION['used_lng_id'] . "' and s.orders_status_id = '" . (int) $status . "' and ot.class = 'ot_total' group by o.orders_id order by o.orders_id DESC";
} else {
$orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, s.orders_status_code, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int) $_SESSION['used_lng_id'] . "' and ot.class = 'ot_total' group by o.orders_id order by o.orders_id DESC";
}
$orders_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $orders_query_raw, $orders_query_numrows, 'o.orders_id');
$orders_query = xos_db_query($orders_query_raw);
$orders_array = array();
while ($orders = xos_db_fetch_array($orders_query)) {
$oder_total_query = xos_db_query("select text from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $orders['orders_id'] . "' and class = 'ot_total' order by orders_total_id DESC limit 1");
$oder_total = xos_db_fetch_array($oder_total_query);
if ((!isset($_GET['oID']) || isset($_GET['oID']) && $_GET['oID'] == $orders['orders_id']) && !isset($oInfo)) {
$oInfo = new objectInfo($orders);
}
$selected = false;
if (isset($oInfo) && is_object($oInfo) && $orders['orders_id'] == $oInfo->orders_id) {
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_ACCOUNT_NOTIFICATIONS) == 'overwrite_all')) {
if (!isset($_SESSION['customer_id'])) {
$_SESSION['navigation']->remove_current_page();
$_SESSION['navigation']->set_snapshot();
xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL'));
} elseif (PRODUCT_NOTIFICATION_ENABLED != 'true') {
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
// needs to be included earlier to set the success message in the messageStack
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_ACCOUNT_NOTIFICATIONS;
$global_query = xos_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
$global = xos_db_fetch_array($global_query);
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
if (isset($_POST['product_global']) && is_numeric($_POST['product_global'])) {
$product_global = xos_db_prepare_input($_POST['product_global']);
} else {
$product_global = '0';
}
(array) ($products = $_POST['products']);
if ($product_global != $global['global_product_notifications']) {
$product_global = $global['global_product_notifications'] == '1' ? '0' : '1';
xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set global_product_notifications = '" . (int) $product_global . "' where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
} elseif (sizeof($products) > 0) {
$products_parsed = array();
foreach ($products as $product) {
if (is_numeric($product)) {
$products_parsed[] = $product;
}
}
if (sizeof($products_parsed) > 0) {
}
$smarty->assign(array('shipping_allowed' => $shipping_allowed_array, 'new' => true, 'form_begin_customers_new' => xos_draw_form('customers', FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action')) . 'action=newconfirm', 'post', 'onsubmit="return check_form();"'), 'group_name_in_values' => xos_draw_input_field('customers_group_name', '', 'maxlength="32"', false), 'group_discount_in_out_values' => xos_draw_input_field('customers_group_discount', $cInfo->customers_group_discount, 'maxlength="5" size="5"', false), 'group_show_tax_in_values' => xos_draw_pull_down_menu('customers_group_show_tax', $cg_show_tax_array, '1'), 'group_tax_exempt_in_values' => xos_draw_pull_down_menu('customers_group_tax_exempt', $cg_tax_exempt_array, '0'), 'group_payment_settings_in_values_1' => xos_draw_radio_field('group_payment_settings', '1', false, '0'), 'group_payment_settings_in_values_0' => xos_draw_radio_field('group_payment_settings', '0', false, '0'), 'group_shipment_settings_in_values_1' => xos_draw_radio_field('group_shipment_settings', '1', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'group_shipment_settings_in_values_0' => xos_draw_radio_field('group_shipment_settings', '0', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'link_filename_customers_groups' => xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action', 'cID'))), 'form_end' => '</form>'));
} else {
switch ($_GET[listing]) {
case "group":
$order = "g.customers_group_name";
break;
case "group-desc":
$order = "g.customers_group_name DESC";
break;
default:
$order = "g.customers_group_id ASC";
}
$search_string = '';
if ($_GET['search'] && xos_not_null($_GET['search'])) {
$keywords = xos_db_input(xos_db_prepare_input($_GET['search']));
$search_string = "where g.customers_group_name like '%" . $keywords . "%'";
}
$customers_groups_query_raw = "select g.customers_group_id, g.customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " g " . $search_string . " order by {$order}";
$customers_groups_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $customers_groups_query_raw, $customers_groups_query_numrows);
$customers_groups_query = xos_db_query($customers_groups_query_raw);
$customers_groups_array = array();
while ($customers_groups = xos_db_fetch_array($customers_groups_query)) {
$info_query = xos_db_query("select customers_info_date_account_created as date_account_created, customers_info_date_account_last_modified as date_account_last_modified, customers_info_date_of_last_logon as date_last_logon, customers_info_number_of_logons as number_of_logons from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . $customers_groups['customers_group_id'] . "'");
$info = xos_db_fetch_array($info_query);
if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $customers_groups['customers_group_id']) && !isset($cInfo)) {
$cInfo = new objectInfo($customers_groups);
}
$selected = false;
if (is_object($cInfo) && $customers_groups['customers_group_id'] == $cInfo->customers_group_id) {
$selected = true;
break;
case 'both':
$pass = true;
break;
}
$free_shipping = false;
if ($pass == true && $order->info['subtotal'] >= $currencies->currencies[$_SESSION['currency']]['value'] * MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER) {
$free_shipping = true;
include DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/modules/order_total/ot_shipping.php';
}
} else {
$free_shipping = false;
}
// process the selected shipping method
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$_SESSION['comments'] = xos_db_prepare_input(substr(strip_tags($_POST['comments']), 0, 1000));
if (xos_count_shipping_modules() > 0 || $free_shipping == true) {
if (isset($_POST['shipping']) && strpos($_POST['shipping'], '_')) {
$_SESSION['shipping'] = $_POST['shipping'];
list($module, $method) = explode('_', $_SESSION['shipping']);
if (is_object(${$module}) || $_SESSION['shipping'] == 'free_free') {
if ($_SESSION['shipping'] == 'free_free') {
$quote[0]['methods'][0]['title'] = FREE_SHIPPING_TITLE;
$quote[0]['methods'][0]['cost'] = '0';
} else {
$quote = $shipping_modules->quote($method, $module);
}
if (isset($quote['error'])) {
unset($_SESSION['shipping']);
} else {
if (isset($quote[0]['methods'][0]['title']) && isset($quote[0]['methods'][0]['cost'])) {
$manufacturers_url_array = $_POST['manufacturers_url'];
$language_id = $languages[$i]['id'];
$sql_data_array = array('manufacturers_name' => xos_db_prepare_input($manufacturers_name_array[$language_id]), 'manufacturers_url' => xos_db_prepare_input($manufacturers_url_array[$language_id]));
if ($action == 'insert') {
$insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array);
} elseif ($action == 'save') {
xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'");
}
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'mID=' . $manufacturers_id));
break;
case 'deleteconfirm':
$manufacturers_id = xos_db_prepare_input($_GET['mID']);
if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') {
$manufacturer_query = xos_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
$manufacturer = xos_db_fetch_array($manufacturer_query);
$duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($manufacturer['manufacturers_image']) . "'");
$duplicate_image = xos_db_fetch_array($duplicate_image_query);
if ($duplicate_image['total'] < 2) {
$image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image'];
@unlink($image_location);
}
}
xos_db_query("delete from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') {
$products_query = xos_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
while ($products = xos_db_fetch_array($products_query)) {
$admin_email_address = xos_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$hiddenPassword = TEXT_INFO_PASSWORD_HIDDEN;
$check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . (int) $admin_id . "");
while ($check_email = xos_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (xos_validate_email($admin_email_address) == false) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_not_valid'));
} elseif (in_array($admin_email_address, $stored_email)) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_used'));
} else {
$my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . "");
$my_old_account = xos_db_fetch_array($my_old_account_query);
$sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()');
$admin_password = xos_db_prepare_input($_POST['admin_password']);
if (xos_not_null($admin_password)) {
$insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password));
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
}
xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
if (SEND_EMAILS == 'true') {
$email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error');
}
}
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT));
}
break;
}
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_OFFLINE) == 'overwrite_all')) {
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
$_SESSION['navigation']->remove_current_page();
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$email_address = xos_db_prepare_input($_POST['email_address']);
$password = xos_db_prepare_input($_POST['password']);
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$error = true;
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
// Check that password is good
if (!xos_validate_password($password, $check_admin['login_password'])) {
$error = true;
} else {
$_SESSION['access_allowed'] = true;
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
}
}
}
$quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency';
$rate = $quote_function($currency['code']);
$server_used = CURRENCY_SERVER_BACKUP;
}
if (xos_not_null($rate)) {
xos_db_query("update " . TABLE_CURRENCIES . " set value = '" . $rate . "', last_updated = now() where currencies_id = '" . (int) $currency['currencies_id'] . "'");
$messageStack->add_session('header', sprintf(TEXT_INFO_CURRENCY_UPDATED, $currency['title'], $currency['code'], $server_used), 'success');
} else {
$messageStack->add_session('header', sprintf(ERROR_CURRENCY_INVALID, $currency['title'], $currency['code'], $server_used), 'error');
}
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'delete':
$currencies_id = xos_db_prepare_input($_GET['cID']);
$currency_query = xos_db_query("select code from " . TABLE_CURRENCIES . " where currencies_id = '" . (int) $currencies_id . "'");
$currency = xos_db_fetch_array($currency_query);
$remove_currency = true;
if ($currency['code'] == DEFAULT_CURRENCY) {
$remove_currency = false;
$messageStack->add('header', ERROR_REMOVE_DEFAULT_CURRENCY, 'error');
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$_SESSION['navigation']->remove_current_page();
$_SESSION['navigation']->set_snapshot();
xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL'));
}
$product_info_query = xos_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name, pd.products_p_unit from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and p.products_id = '" . (int) $_GET['p'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'");
if (!xos_db_num_rows($product_info_query)) {
xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action'))), false);
} else {
$product_info = xos_db_fetch_array($product_info_query);
$products_image_name = xos_get_product_images($product_info['products_image'], 'all');
}
$customer_query = xos_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$customer = xos_db_fetch_array($customer_query);
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$rating = xos_db_prepare_input($_POST['rating']);
$review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000));
$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
$error = true;
$messageStack->add('review', JS_REVIEW_TEXT);
}
if ($rating < 1 || $rating > 5) {
$error = true;
$messageStack->add('review', JS_REVIEW_RATING);
}
if ($error == false) {
xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())");
$insert_id = xos_db_insert_id();
xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')");
$smarty->clearCache(null, 'L3|cc_reviews');
$smarty->clearCache(null, 'L3|cc_product_reviews');
$actual_countries_name = xos_db_prepare_input($_POST['actual_countries_name']);
$countries_iso_code_2 = xos_db_prepare_input($_POST['countries_iso_code_2']);
$countries_iso_code_3 = xos_db_prepare_input($_POST['countries_iso_code_3']);
$address_format_id = xos_db_prepare_input($_POST['address_format_id']);
if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) {
$check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'");
if (xos_db_num_rows($check_query) || $countries_name == '') {
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name));
}
}
xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'deleteconfirm':
$countries_id = xos_db_prepare_input($_GET['cID']);
xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'");
xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$countries_query_raw = "select countries_id, countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id from " . TABLE_COUNTRIES . " order by countries_name";
$countries_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $countries_query_raw, $countries_query_numrows);
$countries_query = xos_db_query($countries_query_raw);