             array_push($itemsToCancel, $gitem);
     if (count($itemsToCancel) > 0) {
         //Compare total quantity of order items with cancel items to update order status
         $orderItems = db_getOrderItems($dborder->id);
         $Gresponse->log->LogResponse("From " . count($orderItems) . " items, " . count($itemsToCancel) . " will be cancelled");
         $response = $Grequest->SendRefundOrder($dborder->ordernumber, $refundAmount, "Items could not be processed in Quota System. The most common reason " . "is that there were not enough resources to satisfy this request", "Contact the administrator for further details.");
         $response = $Grequest->SendCancelItems($dborder->ordernumber, $itemsToCancel, "Items could not be processed in Quota System. The most common reason " . "is that there were not enough resources to satisfy this request");
         db_setOrderRefund($dborder->id, $dborder->refund + $refundAmount);
     $Gresponse->log->LogResponse("Canceling order " . $data[$root]['google-order-number']['VALUE']);
     $response = $Grequest->SendCancelOrder($data[$root]['google-order-number']['VALUE'], "Payment Declined", "Contact Google Checkout for further details.");
     $Grequest->SendBuyerMessage($data[$root]['google-order-number']['VALUE'], "Sorry, your payment has been declined", true);
     $Gresponse->log->LogResponse("Response: " . array_to_json($response));
 case 'CANCELLED':
     $Gresponse->log->LogResponse("Cancelled " + $data[$root]['google-order-number']['VALUE']);
     $order = db_getOrderByOrderNumber($data[$root]['google-order-number']['VALUE']);
     $orderItems = db_getOrderItems($orderid);
     foreach ($orderItems as $orderItem) {
         db_cancelOrderItem($orderid, $orderItem->itemid);
     $Grequest->SendBuyerMessage($data[$root]['google-order-number']['VALUE'], "Sorry, your order is cancelled by the store", true);
     $Gresponse->log->LogResponse("Cancelled by Google " + $data[$root]['google-order-number']['VALUE']);
function nzshpcrt_submit_ajax()
    global $wpdb, $user_level, $wp_rewrite;
    if (get_option('permalink_structure') != '') {
        $seperator = "?";
    } else {
        $seperator = "&";
    $cartt = $_SESSION['nzshpcrt_cart'];
    $cartt1 = $cartt[0]->product_id;
    // if is an AJAX request, cruddy code, could be done better but getting approval would be impossible
    if ($_POST['ajax'] == "true" || $_GET['ajax'] == "true") {
        if ($_POST['metabox'] == 'true') {
            $output .= "<div class='meta_box'>";
            if (get_option('multi_add') == '1') {
                $output .= TXT_WPSC_QUANTITY . ": <input type='text' name='quantity[]' size='3'><br>";
            if (get_option('time_requested') == '1') {
                $output .= TXT_WPSC_DATE_REQUESTED . ": <input type='text' class='time_requested' name='time_requested[]' size='10'><br>";
            if (get_option('commenting') == '1') {
                $output .= TXT_WPSC_COMMENT . ":<br><textarea type='text' name='comment[]'></textarea><br>";
            $output .= TXT_WPSC_LABEL . ":<br><textarea type='text' name='label[]'></textarea><br>";
            $output .= "</div>";
        if ($_POST['submittogoogle']) {
            $newvalue = $_POST['value'];
            $amount = $_POST['amount'];
            $reason = $_POST['reason'];
            $comment = $_POST['comment'];
            $message = $_POST['message'];
            $amount = number_format($amount, 2, '.', '');
            $log_data = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
            if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
            $google_status = unserialize($log_data['google_status']);
            switch ($newvalue) {
                case "Charge":
                    if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
                        if ($amount == '') {
                            $google_status['0'] = 'Partially Charged';
                        } else {
                            $google_status['0'] = 'CHARGED';
                            $google_status['partial_charge_amount'] = $amount;
                case "Cancel":
                    if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
                        $google_status[0] = 'CANCELLED';
                    if ($google_status[1] != 'DELIVERED') {
                        $google_status[1] = 'WILL_NOT_DELIVER';
                case "Refund":
                    if ($amount == '') {
                        $google_status['0'] = 'Partially Refund';
                    } else {
                        $google_status['0'] = 'REFUND';
                        $google_status['partial_refund_amount'] = $amount;
                case "Ship":
                    if ($google_status[1] != 'WILL_NOT_DELIVER') {
                        $google_status[1] = 'DELIVERED';
                case "Archive":
                    $google_status[1] = 'ARCHIVED';
            $google_status_sql = "UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET google_status='" . serialize($google_status) . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
            $merchant_id = get_option('google_id');
            $merchant_key = get_option('google_key');
            $server_type = get_option('google_server_type');
            $currency = get_option('google_cur');
            $Grequest = new GoogleRequest($merchant_id, $merchant_key, $server_type, $currency);
            $google_order_number = $wpdb->get_var("SELECT google_order_number FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1");
            switch ($newvalue) {
                case 'Charge':
                    $Grequest->SendChargeOrder($google_order_number, $amount);
                case 'Ship':
                case 'Archive':
                case 'Refund':
                    $Grequest->SendRefundOrder($google_order_number, $amount, $reason);
                case 'Cancel':
                    $Grequest->SendCancelOrder($google_order_number, $reason, $comment);
                case 'Send Message':
                    $Grequest->SendBuyerMessage($google_order_number, $message);
            $update_sql = "UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
        	if(($_GET['user'] == "true") && is_numeric($_POST['prodid'])) {
        		if(function_exists('wpsc_members_init')) {
        			$memberstatus = get_product_meta($_POST['prodid'],'is_membership',true);
        		if(($memberstatus=='1') && ($_SESSION['nzshopcrt_cart']!=NULL)){
        		} else{
        			$sql = "SELECT * FROM `".WPSC_TABLE_PRODUCT_LIST."` WHERE `id`='".$_POST['prodid']."' LIMIT 1";
        			$item_data = $wpdb->get_results($sql,ARRAY_A);
        			if ($_POST['quantity']!='') {
        				$add_quantity = $_POST['quantity'];
        			$item_quantity = 0;
        			if($_SESSION['nzshpcrt_cart'] != null) {
        				foreach($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
        					if (($memberstatus[0]!='1')&&($_SESSION['nzshpcrt_cart']!=NULL)){
        						if($cart_item->product_id == $_POST['prodid']) {
        							if(($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $_POST['variation'])&&($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $_POST['extras'])) {
        								$item_quantity += $_SESSION['nzshpcrt_cart'][$cart_key]->quantity;
        								$item_variations = $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations;
        		  $item_stock = null;
        		  $variation_count = count($_POST['variation']);
        		  if($variation_count >= 1) {
        				foreach($_POST['variation'] as $value_id) {
        					if(is_numeric($value_id)) {
        						$value_ids[] = (int)$value_id;
                if(count($value_ids) > 0) {
                  $variation_ids = $wpdb->get_col("SELECT `variation_id` FROM `".WPSC_TABLE_VARIATION_VALUES."` WHERE `id` IN ('".implode("','",$value_ids)."')");
                  $all_variation_ids = implode(",", $variation_ids);
                  $priceandstock_id = $wpdb->get_var("SELECT `priceandstock_id` FROM `".WPSC_TABLE_VARIATION_COMBINATIONS."` WHERE `product_id` = '".(int)$_POST['prodid']."' AND `value_id` IN ( '".implode("', '",$value_ids )."' )  AND `all_variation_ids` IN('$all_variation_ids')  GROUP BY `priceandstock_id` HAVING COUNT( `priceandstock_id` ) = '".count($value_ids)."' LIMIT 1");
                  $variation_stock_data = $wpdb->get_row("SELECT * FROM `".WPSC_TABLE_VARIATION_PROPERTIES."` WHERE `id` = '{$priceandstock_id}' LIMIT 1", ARRAY_A);
                  $item_stock = $variation_stock_data['stock'];
        		if($item_stock === null) {
        			$item_stock = $item_data[0]['quantity'];
        			if((($item_data[0]['quantity_limited'] == 1) && ($item_stock > 0) && ($item_stock > $item_quantity)) || ($item_data[0]['quantity_limited'] == 0)) {
        				$cartcount = count($_SESSION['nzshpcrt_cart']);
        				if(is_array($_POST['variation'])) {  $variations = $_POST['variation'];  }  else  { $variations = null; }
        				//if(is_array($_POST['extras'])) {  $extras = $_POST['extras'];  }  else  { $extras = null; }
        				$updated_quantity = false;
        				if($_SESSION['nzshpcrt_cart'] != null) {
        					foreach($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
        						if ((!($memberstatus[0]=='1')&&(count($_SESSION['nzshpcrt_cart'])>0))) {
        							if((int)$cart_item->product_id === (int)$_POST['prodid']) {  // force both to integer before testing for identicality
        								if(($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $extras)&&($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $variations) && ((int)$_SESSION['nzshpcrt_cart'][$cart_key]->donation_price == (int)$_POST['donation_price'])) {
        									if ($_POST['quantity'] != ''){
        									  if(is_array($_POST['quantity'])) {
        											foreach ((array)$_POST['quantity'] as $qty) {
        												$_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int)$qty;
        										} else {
        											$_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int)$_POST['quantity'];
        									} else {
        									$_SESSION['nzshpcrt_cart'][$cart_key]->comment = $_POST['comment'];
        									foreach((array)$_POST['label'] as $key => $label) {
        										if ($label != '') {
        											if (array_key_exists($label, $_SESSION['nzshpcrt_cart'][$cart_key]->meta)) {
        												$_SESSION['nzshpcrt_cart'][$cart_key]->time_requested[$label] = $_POST['time_requested'][$key];
        											} else {
        												$_SESSION['nzshpcrt_cart'][$cart_key]->meta[$label] = $_POST['quantity'][$key];
        												$_SESSION['nzshpcrt_cart'][$cart_key]->time_requested[$label] = $_POST['time_requested'][$key];
        									$updated_quantity = true;
        				if($item_data[0]['donation'] == 1) {
        					$donation = $_POST['donation_price'];
        				} else {
        					$donation = false;
        					$status = get_product_meta($cartt1, 'is_membership', true);
        					if (function_exists('wpsc_members_init') && ( $status=='1')){
        					$parameters = array();
        					if($updated_quantity === false) {
        						$parameters['variation_values'] = $variations;
        						$parameters['provided_price'] = $donation;
        						if($_POST['quantity'] != '') {
        							$total_qty = 0;
        							foreach ($_POST['quantity'] as $key=>$qty) {
        								$label[$_POST['label'][$key]] = $qty;
        								$time_requested[$_POST['label'][$key]] = $_POST['time_requested'][$key];
        							$parameters['quantity'] = $total_qty;
        							//$new_cart_item = new wpsc_cart_item($_POST['prodid'],$variations,$total_qty, $donation,$_POST['comment'],$time_requested,$label);
        						} else {
        							$parameters['quantity'] = 1;
        						//mail('*****@*****.**', 'stuff', print_r($parameters,true));
        						$new_cart_item = new wpsc_cart_item($_POST['prodid'],$parameters);
        						$_SESSION['nzshpcrt_cart'][] = $new_cart_item;
        			} else {
        				$quantity_limit = true;
        			$cart = $_SESSION['nzshpcrt_cart'];
        			if (($memberstatus[0]=='1')&&(count($cart)>1)) {
        			} else {
        				$status = get_product_meta($cartt1, 'is_membership', true);
        				if (function_exists('wpsc_members_init') && ( $status=='1')){
        			  echo  "if(document.getElementById('shoppingcartcontents') != null)
        					  document.getElementById('shoppingcartcontents').innerHTML = \"".str_replace(Array("\n","\r") , "",addslashes(nzshpcrt_shopping_basket_internals($cart,$quantity_limit))). "\";
        			  if($_SESSION['slider_state'] == 0) {
        				//echo  'jQuery("#sliding_cart").css({ display: "none"});'."\n\r";
        				} else {
        				//echo  'jQuery("#sliding_cart").css({ display: "block"});'."\n\r";
        		} else if(($_POST['user'] == "true") && ($_POST['emptycart'] == "true")) {
        			$_SESSION['nzshpcrt_cart'] = '';			
        			$_SESSION['nzshpcrt_cart'] = Array();      
        			echo  "if(document.getElementById('shoppingcartcontents') != null) {   
        			document.getElementById('shoppingcartcontents').innerHTML = \"".str_replace(Array("\n","\r") , "", addslashes(nzshpcrt_shopping_basket_internals($cart))). "\";
        			if($_POST['current_page'] == get_option('shopping_cart_url')) {
        			  echo "window.location = '".get_option('shopping_cart_url')."';\n\r"; // if we are on the checkout page, redirect back to it to clear the non-ajax cart too
        if ($_POST['store_list'] == "true") {
            $map_data['address'] = $_POST['addr'];
            $map_data['city'] = $_POST['city'];
            $map_data['country'] = 'US';
            $map_data['zipcode'] = '';
            $map_data['radius'] = '50000';
            $map_data['state'] = '';
            $map_data['submit'] = 'Find Store';
            $stores = getdistance($map_data);
            $i = 0;
            while ($rows = mysql_fetch_array($stores)) {
                //echo "<pre>".print_r($rows,1)."</pre>";
                if ($i == 0) {
                    $closest_store = $rows[5];
                $store_list[$i] = $rows[5];
            foreach ($store_list as $store) {
                $output .= "<option value='{$store}'>{$store}</option>";
            echo $output;
        if (is_numeric($_POST['currencyid'])) {
            $currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `id`='" . $_POST['currencyid'] . "' LIMIT 1", ARRAY_A);
            $price_out = null;
            if ($currency_data[0]['symbol'] != '') {
                $currency_sign = $currency_data[0]['symbol_html'];
            } else {
                $currency_sign = $currency_data[0]['code'];
            echo $currency_sign;
        if ($_POST['buynow'] == "true") {
            if (is_numeric($_REQUEST['product_id']) && is_numeric($_REQUEST['price'])) {
                $id = $wpdb->escape((int) $_REQUEST['product_id']);
                $price = $wpdb->escape((double) $_REQUEST['price']);
                $downloads = get_option('max_downloads');
                $product_info = $wpdb->get_row("SELECT * FROM " . WPSC_TABLE_PRODUCT_LIST . " WHERE id = " . $id . " LIMIT 1", ARRAY_A);
                if (count($product_info) > 0) {
                    $sessionid = mt_rand(100, 999) . time();
                    $sql = "INSERT INTO `" . WPSC_TABLE_PURCHASE_LOGS . "` ( `totalprice` , `sessionid` , `date`, `billing_country`, `shipping_country`,`shipping_region`, `user_ID`, `discount_value` ) VALUES ( '" . $price . "', '" . $sessionid . "', '" . time() . "', 'BuyNow', 'BuyNow', 'BuyNow' , NULL , 0)";
                    $log_id = $wpdb->get_var("SELECT `id` FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid` IN('" . $sessionid . "') LIMIT 1");
                    $cartsql = "INSERT INTO `" . WPSC_TABLE_CART_CONTENTS . "` ( `prodid` , `purchaseid`, `price`, `pnp`, `gst`, `quantity`, `donation`, `no_shipping` ) VALUES ('" . $id . "', '" . $log_id . "','" . $price . "','0', '0','1', '" . $donation . "', '1')";
                    $wpdb->query("INSERT INTO `" . WPSC_TABLE_DOWNLOAD_STATUS . "` ( `fileid` , `purchid` , `downloads` , `active` , `datetime` ) VALUES ( '" . $product_info['file'] . "', '" . $log_id . "', '{$downloads}', '0', NOW( ));");
        /* rate item */
        if ($_POST['rate_item'] == "true" && is_numeric($_POST['product_id']) && is_numeric($_POST['rating'])) {
            $nowtime = time();
            $prodid = $_POST['product_id'];
            $ip_number = $_SERVER['REMOTE_ADDR'];
            $rating = $_POST['rating'];
            $cookie_data = explode(",", $_COOKIE['voting_cookie'][$prodid]);
            if (is_numeric($cookie_data[0]) && $cookie_data[0] > 0) {
                $vote_id = $cookie_data[0];
                $wpdb->query("UPDATE `" . WPSC_TABLE_PRODUCT_RATING . "` SET `rated` = '" . $rating . "' WHERE `id` ='" . $vote_id . "' LIMIT 1 ;");
            } else {
                $insert_sql = "INSERT INTO `" . WPSC_TABLE_PRODUCT_RATING . "` ( `ipnum`  , `productid` , `rated`, `time`) VALUES ( '" . $ip_number . "', '" . $prodid . "', '" . $rating . "', '" . $nowtime . "');";
                $data = $wpdb->get_results("SELECT `id`,`rated` FROM `" . WPSC_TABLE_PRODUCT_RATING . "` WHERE `ipnum`='" . $ip_number . "' AND `productid` = '" . $prodid . "'  AND `rated` = '" . $rating . "' AND `time` = '" . $nowtime . "' ORDER BY `id` DESC LIMIT 1", ARRAY_A);
                $vote_id = $data[0]['id'];
                setcookie("voting_cookie[{$prodid}]", $vote_id . "," . $rating, time() + 60 * 60 * 24 * 360);
            $output[1] = $prodid;
            $output[2] = $rating;
            echo $output[1] . "," . $output[2];
        //written by allen
        if ($_REQUEST['save_tracking_id'] == "true") {
            $id = $_POST['id'];
            $value = $_POST['value'];
            $update_sql = "UPDATE " . WPSC_TABLE_PURCHASE_LOGS . " SET track_id = '" . $value . "' WHERE id={$id}";
        if ($_POST['get_updated_price'] == "true" && is_numeric($_POST['product_id'])) {
            $notax = $wpdb->get_var("SELECT `notax` FROM `" . WPSC_TABLE_PRODUCT_LIST . "` WHERE `id` IN('" . $_POST['product_id'] . "') LIMIT 1");
            foreach ((array) $_POST['variation'] as $variation) {
                if (is_numeric($variation)) {
                    $variations[] = (int) $variation;
            $pm = $_POST['pm'];
            echo "product_id=" . (int) $_POST['product_id'] . ";\n";
            echo "price=\"" . nzshpcrt_currency_display(calculate_product_price((int) $_POST['product_id'], $variations, 'stay', $extras), $notax, true) . "\";\n";
            echo "numeric_price=\"" . number_format(calculate_product_price((int) $_POST['product_id'], $variations, 'stay', $extras), 2) . "\";\n";
            exit(" ");
        // 	if(($_POST['redisplay_variation_values'] == "true")) {
        // 		$variation_processor = new nzshpcrt_variations();
        // 		$variations_selected = array_values(array_unique(array_merge((array)$_POST['new_variation_id'], (array)$_POST['variation_id'])));
        // 		foreach($variations_selected as $variation_id) {
        // 		  // cast everything to integer to make sure nothing nasty gets in.
        // 		  $variation_list[] = (int)$variation_id;
        // 		}
        // 		echo $variation_processor->variations_add_grid_view((array)$variation_list);
        // 		//echo "/*\n\r".print_r(array_values(array_unique($_POST['variation_id'])),true)."\n\r*/";
        // 		exit();
        // 	}
         * function for handling the checkout billing address
        if (preg_match("/[a-zA-Z]{2,4}/", $_POST['billing_country'])) {
            if ($_SESSION['selected_country'] == $_POST['billing_country']) {
                $do_not_refresh_regions = true;
            } else {
                $do_not_refresh_regions = false;
                $_SESSION['selected_country'] = $_POST['billing_country'];
            if (is_numeric($_POST['form_id'])) {
                $form_id = $_POST['form_id'];
                $html_form_id = "region_country_form_{$form_id}";
            } else {
                $html_form_id = 'region_country_form';
            if (is_numeric($_POST['billing_region'])) {
                $_SESSION['selected_region'] = $_POST['billing_region'];
            $cart =& $_SESSION['nzshpcrt_cart'];
            if ($memberstatus[0] == '1' && count($cart) > 0) {
                echo "\n\r";
            } else {
                if ($status[0] == '1') {
                echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t  {\n\t\t\t\t\t  document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t  }\n\r";
                if ($do_not_refresh_regions == false) {
                    $region_list = $wpdb->get_results("SELECT `" . WPSC_TABLE_REGION_TAX . "`.* FROM `" . WPSC_TABLE_REGION_TAX . "`, `" . WPSC_TABLE_CURRENCY_LIST . "`  WHERE `" . WPSC_TABLE_CURRENCY_LIST . "`.`isocode` IN('" . $_POST['billing_country'] . "') AND `" . WPSC_TABLE_CURRENCY_LIST . "`.`id` = `" . WPSC_TABLE_REGION_TAX . "`.`country_id`", ARRAY_A);
                    if ($region_list != null) {
                        $output .= "<select name='collected_data[" . $form_id . "][1]' class='current_region' onchange='set_billing_country(\\\"{$html_form_id}\\\", \\\"{$form_id}\\\");'>";
                        //$output .= "<option value=''>None</option>";
                        foreach ($region_list as $region) {
                            if ($_SESSION['selected_region'] == $region['id']) {
                                $selected = "selected='true'";
                            } else {
                                $selected = "";
                            $output .= "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>";
                        $output .= "</select>";
                        echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\tdocument.getElementById('region_select_{$form_id}').innerHTML = \"" . $output . "\";\n\t\t\t\t\t\t\t}\n\r";
                    } else {
                        echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t\t\t\t\t{\n\t\t\t\t\t\tdocument.getElementById('region_select_{$form_id}').innerHTML = \"\";\n\t\t\t\t\t\t}\n\r";
            if ($_POST['changetax'] == "true") {
                if (isset($_POST['billing_region'])) {
                    $billing_region = $_POST['billing_region'];
                } else {
                    $billing_region = $_SESSION['selected_region'];
                $billing_country = $_POST['billing_country'];
                $price = 0;
                $tax = 0;
                foreach ((array) $cart as $cart_item) {
                    $product_id = $cart_item->product_id;
                    $quantity = $cart_item->quantity;
                    $product = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PRODUCT_LIST . "` WHERE `id` = '{$product_id}' LIMIT 1", ARRAY_A);
                    if ($product['donation'] == 1) {
                        $price += $quantity * $cart_item->donation_price;
                    } else {
                        $product_price = $quantity * calculate_product_price($product_id, $cart_item->product_variations);
                        if ($product['notax'] != 1) {
                            $tax += nzshpcrt_calculate_tax($product_price, $billing_country, $billing_region) - $product_price;
                        $price += $product_price;
                        $all_donations = false;
                    if ($_SESSION['delivery_country'] != null) {
                        $total_shipping += nzshpcrt_determine_item_shipping($product['id'], $quantity, $_SESSION['delivery_country']);
                $total_shipping += nzshpcrt_determine_base_shipping(0, $_SESSION['delivery_country']);
                $total = number_format($tax + $price + $total_shipping, 2);
                if ($tax > 0) {
                    echo "jQuery(\"tr.total_tax td\").show();\n\r";
                } else {
                    echo "jQuery(\"tr.total_tax td\").hide();\n\r";
                $tax = number_format($tax, 2);
                echo "jQuery('#checkout_tax').html(\"<span class='pricedisplay'>\${$tax}</span>\");\n\r";
                echo "jQuery('#checkout_total').html(\"<span class='pricedisplay'>\${$total}</span><input id='shopping_cart_total_price' type='hidden' value='\${$total}'>\");\n\r";
        if ($_POST['get_country_tax'] == "true" && preg_match("/[a-zA-Z]{2,4}/", $_POST['country_id'])) {
            $country_id = $_POST['country_id'];
            $region_list = $wpdb->get_results("SELECT `" . WPSC_TABLE_REGION_TAX . "`.* FROM `" . WPSC_TABLE_REGION_TAX . "`, `" . WPSC_TABLE_CURRENCY_LIST . "`  WHERE `" . WPSC_TABLE_CURRENCY_LIST . "`.`isocode` IN('" . $country_id . "') AND `" . WPSC_TABLE_CURRENCY_LIST . "`.`id` = `" . WPSC_TABLE_REGION_TAX . "`.`country_id`", ARRAY_A);
            if ($region_list != null) {
                echo "<select name='base_region'>\n\r";
                foreach ($region_list as $region) {
                    if (get_option('base_region') == $region['id']) {
                        $selected = "selected='true'";
                    } else {
                        $selected = "";
                    echo "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>\n\r";
                echo "</select>\n\r";
            } else {
                echo "&nbsp;";
        /* fill product form */
        if ($_POST['set_slider'] == "true" && is_numeric($_POST['state'])) {
            $_SESSION['slider_state'] = $_POST['state'];
        /* fill category form */
        if ($_GET['action'] == "register") {
            $siteurl = get_option('siteurl');
            require_once ABSPATH . WPINC . '/registration-functions.php';
            if ($_POST['action'] == 'register' && get_settings('users_can_register')) {
                //exit("fail for testing purposes");
                $user_login = sanitize_user($_POST['user_login']);
                $user_email = $_POST['user_email'];
                $errors = array();
                if ($user_login == '') {
                    exit($errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'));
                /* checking e-mail address */
                if ($user_email == '') {
                    exit(__('<strong>ERROR</strong>: Please type your e-mail address.'));
                } else {
                    if (!is_email($user_email)) {
                        exit(__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
                        $user_email = '';
                if (!validate_username($user_login)) {
                    $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
                    $user_login = '';
                if (username_exists($user_login)) {
                    exit(__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
                /* checking the email isn't already used by another user */
                $email_exists = $wpdb->get_row("SELECT user_email FROM {$wpdb->users} WHERE user_email = '{$user_email}'");
                if ($email_exists) {
                    die(__('<strong>ERROR</strong>: This email address is already registered, please supply another.'));
                if (0 == count($errors)) {
                    $password = substr(md5(uniqid(microtime())), 0, 7);
                    $user_id = wp_create_user($user_login, $password, $user_email);
                    if (!$user_id) {
                        exit(sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
                    } else {
                        wp_new_user_notification($user_id, $password);
<div id="login"> 
                        _e('Registration Complete');
                        printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>");
<br />
                        printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>');
 <br />
                        printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>");
            } else {
                // onsubmit='submit_register_form(this);return false;'
                echo "<div id='login'>\n    <h2>Register for this blog</h2>\n    <form id='registerform' action='index.php?ajax=true&amp;action=register'  onsubmit='submit_register_form(this);return false;' method='post'>\n      <p><input type='hidden' value='register' name='action'/>\n      <label for='user_login'>Username:</label><br/> <input type='text' value='' maxlength='20' size='20' id='user_login' name='user_login'/><br/></p>\n      <p><label for='user_email'>E-mail:</label><br/> <input type='text' value='' maxlength='100' size='25' id='user_email' name='user_email'/></p>\n      <p>A password will be emailed to you.</p>\n      <p class='submit'><input type='submit' name='submit_form' id='submit' value='" . TXT_WPSC_REGISTER . " »'/><img id='register_loading_img' src='" . WPSC_URL . "/images/loading.gif' alt='' title=''></p>\n\n      \n    </form>\n    </div>";
    * AJAX stuff stops here, I would put an exit here, but it may screw up other plugins
Exemple #3
function nzshpcrt_submit_ajax()
    global $wpdb, $user_level, $wp_rewrite;
    if (get_option('permalink_structure') != '') {
        $seperator = "?";
    } else {
        $seperator = "&amp;";
    $cartt = $_SESSION['nzshpcrt_cart'];
    $cartt1 = $cartt[0]->product_id;
    // if is an AJAX request, cruddy code, could be done better but getting approval would be impossible
    if ($_POST['ajax'] == "true" || $_GET['ajax'] == "true") {
        if ($_POST['changetax'] == "true") {
            if (isset($_POST['billing_region'])) {
                $billing_region = $_POST['billing_region'];
            } else {
                $billing_region = $_SESSION['selected_region'];
            $billing_country = $_POST['billing_country'];
            foreach ($cartt as $cart_item) {
                $product_id = $cart_item->product_id;
                $quantity = $cart_item->quantity;
                $product = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "product_list` WHERE `id` = '{$product_id}' LIMIT 1", ARRAY_A);
                if ($product['donation'] == 1) {
                    $price = $quantity * $cart_item->donation_price;
                } else {
                    $price = $quantity * calculate_product_price($product_id, $cart_item->product_variations);
                    if ($product['notax'] != 1) {
                        $tax += nzshpcrt_calculate_tax($price, $billing_country, $billing_region) - $price;
                    $all_donations = false;
                if ($_SESSION['delivery_country'] != null) {
                    $total_shipping += nzshpcrt_determine_item_shipping($product['id'], $quantity, $_SESSION['delivery_country']);
            echo $tax . ":" . $price . ":" . $total_shipping;
        if ($_POST['submittogoogle']) {
            $newvalue = $_POST['value'];
            $amount = $_POST['amount'];
            $reason = $_POST['reason'];
            $comment = $_POST['comment'];
            $message = $_POST['message'];
            $amount = number_format($amount, 2, '.', '');
            $log_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
            if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
            $google_status = unserialize($log_data['google_status']);
            switch ($newvalue) {
                case "Charge":
                    if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
                        if ($amount == '') {
                            $google_status['0'] = 'Partially Charged';
                        } else {
                            $google_status['0'] = 'CHARGED';
                            $google_status['partial_charge_amount'] = $amount;
                case "Cancel":
                    if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
                        $google_status[0] = 'CANCELLED';
                    if ($google_status[1] != 'DELIVERED') {
                        $google_status[1] = 'WILL_NOT_DELIVER';
                case "Refund":
                    if ($amount == '') {
                        $google_status['0'] = 'Partially Refund';
                    } else {
                        $google_status['0'] = 'REFUND';
                        $google_status['partial_refund_amount'] = $amount;
                case "Ship":
                    if ($google_status[1] != 'WILL_NOT_DELIVER') {
                        $google_status[1] = 'DELIVERED';
                case "Archive":
                    $google_status[1] = 'ARCHIVED';
            $google_status_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET google_status='" . serialize($google_status) . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
            $merchant_id = get_option('google_id');
            $merchant_key = get_option('google_key');
            $server_type = get_option('google_server_type');
            $currency = get_option('google_cur');
            $Grequest = new GoogleRequest($merchant_id, $merchant_key, $server_type, $currency);
            $google_order_number = $wpdb->get_var("SELECT google_order_number FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1");
            switch ($newvalue) {
                case 'Charge':
                    $Grequest->SendChargeOrder($google_order_number, $amount);
                case 'Ship':
                case 'Archive':
                case 'Refund':
                    $Grequest->SendRefundOrder($google_order_number, $amount, $reason);
                case 'Cancel':
                    $Grequest->SendCancelOrder($google_order_number, $reason, $comment);
                case 'Send Message':
                    $Grequest->SendBuyerMessage($google_order_number, $message);
            $update_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
        ////changes for usps
        if ($_POST['uspsswitch']) {
            foreach ($_SESSION['uspsQuote'] as $quotes) {
                $total = $_POST['total'];
                if ($quotes[$_POST['key']] != '') {
                    echo nzshpcrt_currency_display($total + $quotes[$_POST['key']], 1);
                    echo "<input type='hidden' value='" . $total . "' id='shopping_cart_total_price'>";
                    $_SESSION['usps_shipping'] = $quotes[$_POST['key']];
        //changes for usps ends
        if ($_GET['user'] == "true" && is_numeric($_POST['prodid'])) {
            $memberstatus = get_product_meta($_POST['prodid'], 'is_membership', true);
            if ($memberstatus[0] == '1' && $_SESSION['nzshopcrt_cart'] != NULL) {
            } else {
                $sql = "SELECT * FROM `" . $wpdb->prefix . "product_list` WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1";
                $item_data = $wpdb->get_results($sql, ARRAY_A);
                $item_quantity = 0;
                if ($_SESSION['nzshpcrt_cart'] != null) {
                    foreach ($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
                        if ($memberstatus[0] != '1' && $_SESSION['nzshpcrt_cart'] != NULL) {
                            if ($cart_item->product_id == $_POST['prodid']) {
                                if ($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $_POST['variation'] && $_SESSION['nzshpcrt_cart'][$cart_key]->extras === $_POST['extras']) {
                                    $item_quantity += $_SESSION['nzshpcrt_cart'][$cart_key]->quantity;
                                    $item_variations = $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations;
                $item_stock = null;
                $variation_count = count($_POST['variation']);
                if ($variation_count >= 1 && $variation_count <= 2) {
                    foreach ($_POST['variation'] as $variation_id) {
                        if (is_numeric($variation_id)) {
                            $variation_ids[] = (int) $variation_id;
                    if (count($variation_ids) == 2) {
                        $variation_stock_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "variation_priceandstock` WHERE `product_id` = '" . $_POST['prodid'] . "' AND (`variation_id_1` = '" . $variation_ids[0] . "' AND `variation_id_2` = '" . $variation_ids[1] . "') OR (`variation_id_1` = '" . $variation_ids[1] . "' AND `variation_id_2` = '" . $variation_ids[0] . "') LIMIT 1", ARRAY_A);
                        $item_stock = $variation_stock_data['stock'];
                    } else {
                        if (count($variation_ids) == 1) {
                            $variation_stock_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "variation_priceandstock` WHERE `product_id` = '" . $_POST['prodid'] . "' AND (`variation_id_1` = '" . $variation_ids[0] . "' AND `variation_id_2` = '0') LIMIT 1", ARRAY_A);
                            $item_stock = $variation_stock_data['stock'];
                if ($item_stock === null) {
                    $item_stock = $item_data[0]['quantity'];
                if ($item_data[0]['quantity_limited'] == 1 && $item_stock > 0 && $item_stock > $item_quantity || $item_data[0]['quantity_limited'] == 0) {
                    $cartcount = count($_SESSION['nzshpcrt_cart']);
                    if (is_array($_POST['variation'])) {
                        $variations = $_POST['variation'];
                    } else {
                        $variations = null;
                    if (is_array($_POST['extras'])) {
                        $extras = $_POST['extras'];
                    } else {
                        $extras = null;
                    $updated_quantity = false;
                    if ($_SESSION['nzshpcrt_cart'] != null) {
                        foreach ($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
                            if (!($memberstatus[0] == '1') && count($_SESSION['nzshpcrt_cart']) > 0) {
                                if ((int) $cart_item->product_id === (int) $_POST['prodid']) {
                                    // force both to integer before testing for identicality
                                    if ($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $extras && $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $variations && (int) $_SESSION['nzshpcrt_cart'][$cart_key]->donation_price == (int) $_POST['donation_price']) {
                                        if (is_numeric($_POST['quantity'])) {
                                            $_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int) $_POST['quantity'];
                                        } else {
                                        $updated_quantity = true;
                    if ($item_data[0]['donation'] == 1) {
                        $donation = $_POST['donation_price'];
                    } else {
                        $donation = false;
                    if (!($memberstatus[0] == '1' && count($_SESSION['nzshpcrt_cart']) > 0)) {
                        $status = get_product_meta($cartt1, 'is_membership', true);
                        if ($status[0] == '1') {
                        if ($updated_quantity === false) {
                            if (is_numeric($_POST['quantity'])) {
                                if ($_POST['quantity'] > 0) {
                                    $new_cart_item = new cart_item($_POST['prodid'], $variations, $_POST['quantity'], $donation, $extras);
                            } else {
                                //echo "correct";
                                $new_cart_item = new cart_item($_POST['prodid'], $variations, 1, $donation, $extras);
                            $_SESSION['nzshpcrt_cart'][] = $new_cart_item;
                } else {
                    $quantity_limit = true;
                $cart = $_SESSION['nzshpcrt_cart'];
                if ($memberstatus[0] == '1' && count($cart) > 1) {
                } else {
                    $status = get_product_meta($cartt1, 'is_membership', true);
                    if ($status[0] == '1') {
                    echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t  {\n\t\t\t\t\t  document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t  }\n\t\t\t\t\t";
                    if ($_POST['prodid'] != null && get_option('fancy_notifications') == 1) {
                        echo "if(document.getElementById('fancy_notification_content') != null)\n\t\t\t\t\t  {\n\t\t\t\t\t  document.getElementById('fancy_notification_content').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(fancy_notification_content($_POST['prodid'], $quantity_limit))) . "\";\n\t\t\t\t\t  jQuery('#loading_animation').css('display', 'none');\n\t\t\t\t\t  jQuery('#fancy_notification_content').css('display', 'block');  \n\t\t\t\t\t  }\n\t\t\t\t\t";
                    if ($_SESSION['slider_state'] == 0) {
                        echo 'jQuery("#sliding_cart").css({ display: "none"});' . "\n\r";
                    } else {
                        echo 'jQuery("#sliding_cart").css({ display: "block"});' . "\n\r";
        } else {
            if ($_POST['user'] == "true" && $_POST['emptycart'] == "true") {
                //exit("/* \n\r ".get_option('shopping_cart_url')." \n\r ".print_r($_POST,true)." \n\r */");
                $_SESSION['nzshpcrt_cart'] = '';
                $_SESSION['nzshpcrt_cart'] = array();
                echo "if(document.getElementById('shoppingcartcontents') != null) {   \n\t\t\tdocument.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart))) . "\";\n\t\t\t}\n\r";
                if ($_POST['current_page'] == get_option('shopping_cart_url')) {
                    echo "window.location = '" . get_option('shopping_cart_url') . "';\n\r";
                    // if we are on the checkout page, redirect back to it to clear the non-ajax cart too
        if ($_POST['store_list'] == "true") {
            $map_data['address'] = $_POST['addr'];
            $map_data['city'] = $_POST['city'];
            $map_data['country'] = 'US';
            $map_data['zipcode'] = '';
            $map_data['radius'] = '50000';
            $map_data['state'] = '';
            $map_data['submit'] = 'Find Store';
            $stores = getdistance($map_data);
            $i = 0;
            while ($rows = mysql_fetch_array($stores)) {
                //echo "<pre>".print_r($rows,1)."</pre>";
                if ($i == 0) {
                    $closest_store = $rows[5];
                $store_list[$i] = $rows[5];
            foreach ($store_list as $store) {
                $output .= "<option value='{$store}'>{$store}</option>";
            echo $output;
        if ($_POST['admin'] == "true") {
            if (is_numeric($_POST['prodid'])) {
                /* fill product form */
                echo nzshpcrt_getproductform($_POST['prodid']);
            } else {
                if (is_numeric($_POST['catid'])) {
                    /* fill category form */
                    echo nzshpcrt_getcategoryform($_POST['catid']);
                } else {
                    if (is_numeric($_POST['brandid'])) {
                        /* fill brand form */
                        echo nzshpcrt_getbrandsform($_POST['brandid']);
                    } else {
                        if (is_numeric($_POST['variation_id'])) {
                            echo nzshpcrt_getvariationform($_POST['variation_id']);
            if ($_POST['hide_ecom_dashboard'] == 'true') {
                require_once ABSPATH . WPINC . '/rss.php';
                $rss = fetch_rss('http://www.instinct.co.nz/feed/');
                $rss->items = array_slice($rss->items, 0, 5);
                $rss_hash = sha1(serialize($rss->items));
                update_option('wpsc_ecom_news_hash', $rss_hash);
            if ($_POST['remove_meta'] == 'true' && is_numeric($_POST['meta_id'])) {
                $meta_id = (int) $_POST['meta_id'];
                $selected_meta = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}') ", ARRAY_A);
                if ($selected_meta != null) {
                    if ($wpdb->query("DELETE FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}')  LIMIT 1")) {
                        echo $meta_id;
                echo 0;
        if (is_numeric($_POST['currencyid'])) {
            $currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `" . $wpdb->prefix . "currency_list` WHERE `id`='" . $_POST['currencyid'] . "' LIMIT 1", ARRAY_A);
            $price_out = null;
            if ($currency_data[0]['symbol'] != '') {
                $currency_sign = $currency_data[0]['symbol_html'];
            } else {
                $currency_sign = $currency_data[0]['code'];
            echo $currency_sign;
        //echo "--==->";
        if ($_POST['buynow'] == "true") {
            $id = $_REQUEST['product_id'];
            $price = $_REQUEST['price'];
            $downloads = get_option('max_downloads');
            $product_sql = "SELECT * FROM " . $wpdb->prefix . "product_list WHERE id = " . $id . " LIMIT 1";
            $product_info = $wpdb->get_results($product_sql, ARRAY_A);
            $product_info = $product_info[0];
            $sessionid = mt_rand(100, 999) . time();
            $sql = "INSERT INTO `" . $wpdb->prefix . "purchase_logs` ( `totalprice` , `sessionid` , `date`, `billing_country`, `shipping_country`,`shipping_region`, `user_ID`, `discount_value` ) VALUES ( '" . $price . "', '" . $sessionid . "', '" . time() . "', 'BuyNow', 'BuyNow', 'BuyNow' , NULL , 0)";
            $log_id = $wpdb->get_var("SELECT `id` FROM `" . $wpdb->prefix . "purchase_logs` WHERE `sessionid` IN('" . $sessionid . "') LIMIT 1");
            $cartsql = "INSERT INTO `" . $wpdb->prefix . "cart_contents` ( `prodid` , `purchaseid`, `price`, `pnp`, `gst`, `quantity`, `donation`, `no_shipping` ) VALUES ('" . $id . "', '" . $log_id . "','" . $price . "','0', '0','1', '" . $donation . "', '1')";
            $wpdb->query("INSERT INTO `" . $wpdb->prefix . "download_status` ( `fileid` , `purchid` , `downloads` , `active` , `datetime` ) VALUES ( '" . $product_info['file'] . "', '" . $log_id . "', '{$downloads}', '0', NOW( ));");
        if ($_POST['changeorder'] == "true" && is_numeric($_POST['category_id'])) {
            $category_id = (int) $_POST['category_id'];
            $hash = $_POST['sort1'];
            $order = 1;
            foreach ($hash as $id) {
                $wpdb->query("UPDATE `" . $wpdb->prefix . "product_order` SET `order`={$order} WHERE `product_id`=" . (int) $id . " AND `category_id`=" . (int) $category_id . " LIMIT 1");
            exit(" ");
        /* rate item */
        if ($_POST['rate_item'] == "true" && is_numeric($_POST['product_id']) && is_numeric($_POST['rating'])) {
            $nowtime = time();
            $prodid = $_POST['product_id'];
            $ip_number = $_SERVER['REMOTE_ADDR'];
            $rating = $_POST['rating'];
            $cookie_data = explode(",", $_COOKIE['voting_cookie'][$prodid]);
            if (is_numeric($cookie_data[0]) && $cookie_data[0] > 0) {
                $vote_id = $cookie_data[0];
                $wpdb->query("UPDATE `" . $wpdb->prefix . "product_rating` SET `rated` = '" . $rating . "' WHERE `id` ='" . $vote_id . "' LIMIT 1 ;");
            } else {
                $insert_sql = "INSERT INTO `" . $wpdb->prefix . "product_rating` ( `ipnum`  , `productid` , `rated`, `time`) VALUES ( '" . $ip_number . "', '" . $prodid . "', '" . $rating . "', '" . $nowtime . "');";
                $data = $wpdb->get_results("SELECT `id`,`rated` FROM `" . $wpdb->prefix . "product_rating` WHERE `ipnum`='" . $ip_number . "' AND `productid` = '" . $prodid . "'  AND `rated` = '" . $rating . "' AND `time` = '" . $nowtime . "' ORDER BY `id` DESC LIMIT 1", ARRAY_A);
                $vote_id = $data[0]['id'];
                setcookie("voting_cookie[{$prodid}]", $vote_id . "," . $rating, time() + 60 * 60 * 24 * 360);
            $output[1] = $prodid;
            $output[2] = $rating;
            echo $output[1] . "," . $output[2];
        //written by allen
        if ($_REQUEST['save_tracking_id'] == "true") {
            $id = $_POST['id'];
            $value = $_POST['value'];
            $update_sql = "UPDATE " . $wpdb->prefix . "purchase_logs SET track_id = '" . $value . "' WHERE id={$id}";
        if ($_POST['get_rating_count'] == "true" && is_numeric($_POST['product_id'])) {
            $prodid = $_POST['product_id'];
            $data = $wpdb->get_results("SELECT COUNT(*) AS `count` FROM `" . $wpdb->prefix . "product_rating` WHERE `productid` = '" . $prodid . "'", ARRAY_A);
            echo $data[0]['count'] . "," . $prodid;
        /// Pointless AJAX call is pointless
        // 	if(isset($_POST['changeperpage'])) {
        // 		$item_per_page = $_POST['changeperpage'];
        // 		echo $item_per_page;
        // 		exit();
        // 	}
        if ($_POST['remove_variation_value'] == "true" && is_numeric($_POST['variation_value_id'])) {
            $wpdb->query("DELETE FROM `" . $wpdb->prefix . "variation_values_associations` WHERE `value_id` = '" . $_POST['variation_value_id'] . "'");
            $wpdb->query("DELETE FROM `" . $wpdb->prefix . "variation_values` WHERE `id` = '" . $_POST['variation_value_id'] . "' LIMIT 1");
        if ($_POST['get_updated_price'] == "true" && is_numeric($_POST['product_id'])) {
            $notax = $wpdb->get_var("SELECT `notax` FROM `" . $wpdb->prefix . "product_list` WHERE `id` IN('" . $_POST['product_id'] . "') LIMIT 1");
            foreach ((array) $_POST['variation'] as $variation) {
                if (is_numeric($variation)) {
                    $variations[] = $variation;
            foreach ((array) $_POST['extra'] as $extra) {
                if (is_numeric($extra)) {
                    $extras[] = $extra;
            $pm = $_POST['pm'];
            echo "product_id=" . $_POST['product_id'] . ";\n";
            echo "price=\"" . nzshpcrt_currency_display(calculate_product_price($_POST['product_id'], $variations, 'stay', $extras), $notax) . "\";\n";
        if ($_REQUEST['log_state'] == "true" && is_numeric($_POST['id']) && is_numeric($_POST['value'])) {
            $newvalue = $_POST['value'];
            if ($_REQUEST['suspend'] == 'true') {
                if ($_REQUEST['value'] == 1) {
                } else {
            } else {
                $log_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
                if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
                $update_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
                if ($newvalue > $log_data['processed'] && $log_data['processed'] < 2) {
                    transaction_results($log_data['sessionid'], false);
                $stage_sql = "SELECT * FROM `" . $wpdb->prefix . "purchase_statuses` WHERE `id`='" . $newvalue . "' AND `active`='1' LIMIT 1";
                $stage_data = $wpdb->get_row($stage_sql, ARRAY_A);
                echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").innerHTML = '" . $stage_data['name'] . "';\n";
                echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").style.color = '#" . $stage_data['colour'] . "';\n";
                $year = date("Y");
                $month = date("m");
                $start_timestamp = mktime(0, 0, 0, $month, 1, $year);
                $end_timestamp = mktime(0, 0, 0, $month + 1, 0, $year);
                echo "document.getElementById(\"log_total_month\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price($start_timestamp, $end_timestamp), 1)) . "';\n";
                echo "document.getElementById(\"log_total_absolute\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price(), 1)) . "';\n";
        if ($_POST['list_variation_values'] == "true" && is_numeric($_POST['new_variation_id'])) {
            $variation_processor = new nzshpcrt_variations();
            echo "variation_value_id = \"" . $_POST['new_variation_id'] . "\";\n";
            echo "variation_value_html = \"" . $variation_processor->display_variation_values($_POST['prefix'], $_POST['new_variation_id']) . "\";\n";
            $variations_selected = array_values(array_unique(array_merge((array) $_POST['new_variation_id'], (array) $_POST['variation_id'])));
            echo "variation_subvalue_html = \"" . str_replace("\n\r", '\\n\\r', $variation_processor->variations_add_grid_view((array) $variations_selected)) . "\";\n";
            //echo "/*\n\r".print_r(array_values(array_unique(array_merge((array)$_POST['new_variation_id'], $_POST['variation_id']))),true)."\n\r*/";
        if ($_POST['redisplay_variation_values'] == "true") {
            $variation_processor = new nzshpcrt_variations();
            $variations_selected = array_values(array_unique(array_merge((array) $_POST['new_variation_id'], (array) $_POST['variation_id'])));
            foreach ($variations_selected as $variation_id) {
                // cast everything to integer to make sure nothing nasty gets in.
                $variation_list[] = (int) $variation_id;
            echo $variation_processor->variations_add_grid_view((array) $variation_list);
            //echo "/*\n\r".print_r(array_values(array_unique($_POST['variation_id'])),true)."\n\r*/";
        if ($_POST['edit_variation_value_list'] == 'true' && is_numeric($_POST['variation_id']) && is_numeric($_POST['product_id'])) {
            $variation_id = (int) $_POST['variation_id'];
            $product_id = (int) $_POST['product_id'];
            $variations_processor = new nzshpcrt_variations();
            $variation_values = $variations_processor->falsepost_variation_values($variation_id);
            if (is_array($variation_values)) {
                $check_variation_added = $wpdb->get_var("SELECT `id` FROM `" . $wpdb->prefix . "variation_associations` WHERE `type` IN ('product') AND `associated_id` IN ('{$product_id}') AND `variation_id` IN ('{$variation_id}') LIMIT 1");
                if ($check_variation_added == null) {
                    $variations_processor->add_to_existing_product($product_id, $variation_values);
                echo $variations_processor->display_attached_variations($product_id);
                echo $variations_processor->variations_grid_view($product_id);
            } else {
                echo "false";
        if ($_POST['remove_form_field'] == "true" && is_numeric($_POST['form_id'])) {
            if (current_user_can('level_7')) {
                $wpdb->query("UPDATE `" . $wpdb->prefix . "collect_data_forms` SET `active` = '0' WHERE `id` ='" . $_POST['form_id'] . "' LIMIT 1 ;");
                exit(' ');
         * function for handling the checkout billing address
        if (preg_match("/[a-zA-Z]{2,4}/", $_POST['billing_country'])) {
            if ($_SESSION['selected_country'] == $_POST['billing_country']) {
                $do_not_refresh_regions = true;
            } else {
                $do_not_refresh_regions = false;
                $_SESSION['selected_country'] = $_POST['billing_country'];
            if (is_numeric($_POST['form_id'])) {
                $form_id = $_POST['form_id'];
                $html_form_id = "region_country_form_{$form_id}";
            } else {
                $html_form_id = 'region_country_form';
            if (is_numeric($_POST['billing_region'])) {
                $_SESSION['selected_region'] = $_POST['billing_region'];
            $cart =& $_SESSION['nzshpcrt_cart'];
            if ($memberstatus[0] == '1' && count($cart) > 0) {
                echo "\n\t\t\t";
            } else {
                if ($status[0] == '1') {
                echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t  {\n\t\t\t\t\t  document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t  }\n\t\t\t\t\t";
                if ($do_not_refresh_regions == false) {
                    $region_list = $wpdb->get_results("SELECT `" . $wpdb->prefix . "region_tax`.* FROM `" . $wpdb->prefix . "region_tax`, `" . $wpdb->prefix . "currency_list`  WHERE `" . $wpdb->prefix . "currency_list`.`isocode` IN('" . $_POST['billing_country'] . "') AND `" . $wpdb->prefix . "currency_list`.`id` = `" . $wpdb->prefix . "region_tax`.`country_id`", ARRAY_A);
                    if ($region_list != null) {
                        $output .= "<select name='collected_data[" . $form_id . "][1]' class='current_region' onchange='set_billing_country(\\\"{$html_form_id}\\\", \\\"{$form_id}\\\");'>";
                        //$output .= "<option value=''>None</option>";
                        foreach ($region_list as $region) {
                            if ($_SESSION['selected_region'] == $region['id']) {
                                $selected = "selected='true'";
                            } else {
                                $selected = "";
                            $output .= "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>";
                        $output .= "</select>";
                        echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t  {\n\t\t  document.getElementById('region_select_{$form_id}').innerHTML = \"" . $output . "\";\n\t\t  }\n\t\t";
                    } else {
                        echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t  {\n\t\t  document.getElementById('region_select_{$form_id}').innerHTML = \"\";\n\t\t  }\n\t\t";
        if ($_POST['get_country_tax'] == "true" && preg_match("/[a-zA-Z]{2,4}/", $_POST['country_id'])) {
            $country_id = $_POST['country_id'];
            $region_list = $wpdb->get_results("SELECT `" . $wpdb->prefix . "region_tax`.* FROM `" . $wpdb->prefix . "region_tax`, `" . $wpdb->prefix . "currency_list`  WHERE `" . $wpdb->prefix . "currency_list`.`isocode` IN('" . $country_id . "') AND `" . $wpdb->prefix . "currency_list`.`id` = `" . $wpdb->prefix . "region_tax`.`country_id`", ARRAY_A);
            if ($region_list != null) {
                echo "<select name='base_region'>\n\r";
                foreach ($region_list as $region) {
                    if (get_option('base_region') == $region['id']) {
                        $selected = "selected='true'";
                    } else {
                        $selected = "";
                    echo "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>\n\r";
                echo "</select>\n\r";
            } else {
                echo "&nbsp;";
        /* fill product form */
        if ($_POST['set_slider'] == "true" && is_numeric($_POST['state'])) {
            $_SESSION['slider_state'] = $_POST['state'];
        /* fill category form */
        if ($_GET['action'] == "register") {
            $siteurl = get_option('siteurl');
            require_once ABSPATH . WPINC . '/registration-functions.php';
            if ($_POST['action'] == 'register' && get_settings('users_can_register')) {
                //exit("fail for testing purposes");
                $user_login = sanitize_user($_POST['user_login']);
                $user_email = $_POST['user_email'];
                $errors = array();
                if ($user_login == '') {
                    exit($errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'));
                /* checking e-mail address */
                if ($user_email == '') {
                    exit(__('<strong>ERROR</strong>: Please type your e-mail address.'));
                } else {
                    if (!is_email($user_email)) {
                        exit(__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
                        $user_email = '';
                if (!validate_username($user_login)) {
                    $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
                    $user_login = '';
                if (username_exists($user_login)) {
                    exit(__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
                /* checking the email isn't already used by another user */
                $email_exists = $wpdb->get_row("SELECT user_email FROM {$wpdb->users} WHERE user_email = '{$user_email}'");
                if ($email_exists) {
                    die(__('<strong>ERROR</strong>: This email address is already registered, please supply another.'));
                if (0 == count($errors)) {
                    $password = substr(md5(uniqid(microtime())), 0, 7);
                    $user_id = wp_create_user($user_login, $password, $user_email);
                    if (!$user_id) {
                        exit(sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
                    } else {
                        wp_new_user_notification($user_id, $password);
<div id="login"> 
                        _e('Registration Complete');
                        printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>");
<br />
                        printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>');
 <br />
                        printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>");
            } else {
                // onsubmit='submit_register_form(this);return false;'
                echo "<div id='login'>\n    <h2>Register for this blog</h2>\n    <form id='registerform' action='index.php?ajax=true&amp;action=register'  onsubmit='submit_register_form(this);return false;' method='post'>\n      <p><input type='hidden' value='register' name='action'/>\n      <label for='user_login'>Username:</label><br/> <input type='text' value='' maxlength='20' size='20' id='user_login' name='user_login'/><br/></p>\n      <p><label for='user_email'>E-mail:</label><br/> <input type='text' value='' maxlength='100' size='25' id='user_email' name='user_email'/></p>\n      <p>A password will be emailed to you.</p>\n      <p class='submit'><input type='submit' name='submit_form' id='submit' value='Register »'/><img id='register_loading_img' src='" . WPSC_URL . "/images/loading.gif' alt='' title=''></p>\n      \n    </form>\n    </div>";
    * AJAX stuff stops here, I would put an exit here, but it may screw up other plugins
Exemple #4
function google_checkout_state_change($check_status, $status, $oID, $cust_notify, $notify_comments)
    global $db, $messageStack, $orders_statuses;
    define('API_CALLBACK_ERROR_LOG', DIR_FS_CATALOG . "/googlecheckout/logs/response_error.log");
    define('API_CALLBACK_MESSAGE_LOG', DIR_FS_CATALOG . "/googlecheckout/logs/response_message.log");
    include_once DIR_FS_CATALOG . '/includes/modules/payment/googlecheckout.php';
    include_once DIR_FS_CATALOG . '/googlecheckout/library/googlerequest.php';
    require_once DIR_FS_CATALOG . '/googlecheckout/library/configuration/google_configuration.php';
    require_once DIR_FS_CATALOG . '/googlecheckout/library/configuration/google_configuration_keys.php';
    $config = new GoogleConfigurationKeys();
    $googlecheckout = new googlecheckout();
    $google_request = new GoogleRequest($googlecheckout->merchantid, $googlecheckout->merchantkey, MODULE_PAYMENT_GOOGLECHECKOUT_MODE == 'https://sandbox.google.com/checkout/' ? "sandbox" : "production", DEFAULT_CURRENCY);
    $google_answer = tep_db_fetch_array(tep_db_query("SELECT go.google_order_number, go.order_amount, o.customers_email_address, gc.buyer_id, o.customers_id\n                                  FROM " . $googlecheckout->table_order . " go \n                                  inner join " . TABLE_ORDERS . " o on go.orders_id = o.orders_id\n                                  inner join " . $googlecheckout->table_name . " gc on gc.customers_id = o.customers_id\n                                  WHERE go.orders_id = '" . (int) $oID . "'\n                                  group by o.customers_id order by o.orders_id desc"));
    $google_order = $google_answer['google_order_number'];
    $amount = $google_answer['order_amount'];
    // If status update is from Google New -> Google Processing on the Admin UI
    // this invokes the processing-order and charge-order commands
    // 1->Google New, 2-> Google Processing
    if ($check_status['orders_status'] == GC_STATE_NEW && $status == GC_STATE_PROCESSING && $google_order != '') {
        list($curl_status, ) = $google_request->SendChargeOrder($google_order, $amount);
        if ($curl_status != 200) {
            $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_CHARGE_ORDER, 'error');
        } else {
            $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_CHARGE_ORDER, 'success');
        list($curl_status, ) = $google_request->SendProcessOrder($google_order);
        if ($curl_status != 200) {
            $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_PROCESS_ORDER, 'error');
        } else {
            $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_PROCESS_ORDER, 'success');
    } else {
        if (($check_status['orders_status'] == GC_STATE_PROCESSING || $check_status['orders_status'] == GC_STATE_REFUNDED) && ($status == GC_STATE_SHIPPED || $status == GC_STATE_SHIPPED_REFUNDED) && $google_order != '') {
            $carrier = $tracking_no = "";
            // Add tracking Data
            if (isset($_POST['carrier_select']) && $_POST['carrier_select'] != 'select' && isset($_POST['tracking_number']) && !empty($_POST['tracking_number'])) {
                $carrier = $_POST['carrier_select'];
                $tracking_no = $_POST['tracking_number'];
                tep_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . "\n                  (orders_id, orders_status_id, date_added, customer_notified, comments)\n                  values ('" . (int) $oID . "',\n                  '" . tep_db_input($check_status['orders_status'] == GC_STATE_REFUNDED ? GC_STATE_SHIPPED_REFUNDED : GC_STATE_SHIPPED) . "',\n                  now(),\n                  '" . tep_db_input($cust_notify) . "',\n                  '" . tep_db_input($comments) . "')");
            list($curl_status, ) = $google_request->SendDeliverOrder($google_order, $carrier, $tracking_no, $cust_notify == 1 ? "true" : "false");
            if ($curl_status != 200) {
                $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_DELIVER_ORDER, 'error');
            } else {
                $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_DELIVER_ORDER, 'success');
            list($curl_status, ) = $google_request->SendArchiveOrder($google_order);
            if ($curl_status != 200) {
                $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_ARCHIVE_ORDER, 'error');
            } else {
                $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_ARCHIVE_ORDER, 'success');
        } else {
            if ($check_status['orders_status'] != GC_STATE_CANCELED && $status == GC_STATE_CANCELED && $google_order != '') {
                if ($check_status['orders_status'] != GC_STATE_NEW) {
                    list($curl_status, ) = $google_request->SendRefundOrder($google_order, 0, GOOGLECHECKOUT_STATE_STRING_ORDER_CANCELED);
                    if ($curl_status != 200) {
                        $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_REFUND_ORDER, 'error');
                    } else {
                        $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_REFUND_ORDER, 'success');
                } else {
                    // Tell google witch is the OSC's internal order Number
                    list($curl_status, ) = $google_request->SendMerchantOrderNumber($google_order, $oID);
                    if ($curl_status != 200) {
                        $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_MERCHANT_ORDER_NUMBER, 'error');
                    } else {
                        $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_MERCHANT_ORDER_NUMBER, 'success');
                // Is the order is not archive, I do it
                if ($check_status['orders_status'] != GC_STATE_SHIPPED && $check_status['orders_status'] != GC_STATE_SHIPPED_REFUNDED) {
                    list($curl_status, ) = $google_request->SendArchiveOrder($google_order);
                    if ($curl_status != 200) {
                        $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_ARCHIVE_ORDER, 'error');
                    } else {
                        $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_ARCHIVE_ORDER, 'success');
                // Cancel the order
                list($curl_status, ) = $google_request->SendCancelOrder($google_order, GOOGLECHECKOUT_STATE_STRING_ORDER_CANCELED, $notify_comments);
                if ($curl_status != 200) {
                    $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_CANCEL_ORDER, 'error');
                } else {
                    $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_CANCEL_ORDER, 'success');
            } else {
                if ($google_order != '' && $check_status['orders_status'] != $status) {
                    $statuses = array();
                    foreach ($orders_statuses as $status_array) {
                        $statuses[$status_array['id']] = $status_array['text'];
                    $messageStack->add_session(sprintf(GOOGLECHECKOUT_ERR_INVALID_STATE_TRANSITION, $statuses[$check_status['orders_status']], $statuses[$status], $statuses[$check_status['orders_status']]), 'error');
    // Send Buyer's message
    if ($cust_notify == 1 && isset($notify_comments) && !empty($notify_comments)) {
        $cust_notify_ok = '0';
        $use_cart_messaging = gc_get_configuration_value($config->useCartMessaging()) == 'True';
        if (!(strlen(htmlentities(strip_tags($notify_comments))) > GOOGLE_MESSAGE_LENGTH && $use_cart_messaging)) {
            list($curl_status, ) = $google_request->sendBuyerMessage($google_order, $notify_comments, "true");
            if ($curl_status != 200) {
                $messageStack->add_session(GOOGLECHECKOUT_ERR_SEND_MESSAGE_ORDER, 'error');
                $cust_notify_ok = '0';
            } else {
                $messageStack->add_session(GOOGLECHECKOUT_SUCCESS_SEND_MESSAGE_ORDER, 'success');
                $cust_notify_ok = '1';
            if (strlen(htmlentities(strip_tags($notify_comments))) > GOOGLE_MESSAGE_LENGTH) {
                $messageStack->add_session(sprintf(GOOGLECHECKOUT_WARNING_CHUNK_MESSAGE, GOOGLE_MESSAGE_LENGTH), 'warning');
        // Cust notified
        return $cust_notify_ok;
    // Cust notified
    return '0';
 foreach ($dbOrderItems as $dbOrderItem) {
     $ar = $assignmentsResponse[$i++];
     $subtotal = $dbOrderItem->quantity * $dbOrderItem->unitprice;
     $partialRefund = $subtotal * $ar->percentageReturned / 100;
     $refundAmount = $refundAmount + $partialRefund;
 //Google checkout orders
 if ($dbOrder->payment) {
     if ($refundAmount > 0) {
         db_setOrderRefund($dbOrder->id, $dbOrder->refund + $refundAmount);
         //Refund total or partial item price
         $gresponse = $Grequest->SendRefundOrder($dbOrder->ordernumber, $refundAmount, "Order has been refunded by the store administrator." . "Contact the administrator for further details.");
         if ($gresponse[0] == 200) {
             //If the refund amount is not the total of the orderItem,
             //item cannot be cancelled
             $gresponse = $Grequest->SendCancelOrder($dbOrder->ordernumber, "Order has been cancelled by the store." . "Contact the administrator for further details.");
             if ($gresponse[0] == 200) {
                 $success = true;
             } else {
                 $success = false;
                 $message = "Google checkout has not allowed to cancel the order " . $dbOrder->ordernumber . ".";
         } else {
             $success = false;
             $message = "Google checkout has not allowed to refund the quantity of " . $refundAmount . " to the order " . $dbOrder->ordernumber . ".";
     } else {
         $success = false;
         $message = "Order could not be cancelled because all items have been consumed by the buyer.";