$r->set_value("cc_number", ""); } elseif ($cc_number_security > 0) { $r->set_value("cc_number", va_encrypt($r->get_value("cc_number"))); } if ($cc_code_security == 0) { $r->set_value("cc_security_code", ""); } elseif ($cc_code_security > 0) { $r->set_value("cc_security_code", va_encrypt($cc_security_code)); } if ($r->update_record()) { // update order status $cc_order_status = 2; update_order_status($order_id, $cc_order_status, true, "", $status_error); $op = new VA_Record($table_prefix . "orders_properties"); $op->add_textbox("order_id", INTEGER); $op->set_value("order_id", $order_id); $op->add_textbox("property_id", INTEGER); $op->add_textbox("property_order", INTEGER); $op->add_textbox("property_type", INTEGER); $op->add_textbox("property_name", TEXT); $op->add_textbox("property_value_id", INTEGER); $op->add_textbox("property_value", TEXT); $op->add_textbox("property_price", FLOAT); $op->add_textbox("property_weight", FLOAT); $op->add_textbox("tax_free", INTEGER); foreach ($custom_options as $property_id => $property_values) { // delete first all saved values $sql = " DELETE FROM " . $table_prefix . "orders_properties "; $sql .= " WHERE order_id=" . $db->tosql($order_id, INTEGER); $sql .= " AND property_id =" . $db->tosql($property_id, INTEGER); $db->query($sql);
if (isset($_POST[$delete_param])) { unset($_POST[$delete_param]); } } set_session("session_settings", ""); // show success message $t->parse("success_block", false); } } } else { foreach ($r->parameters as $key => $value) { $sql = " SELECT setting_value FROM " . $table_prefix . "global_settings "; $sql .= " WHERE setting_type='products' AND setting_name='" . $key . "'"; $sql .= " AND ( site_id=1 OR site_id=" . $db->tosql($param_site_id, INTEGER) . ") "; $sql .= " ORDER BY site_id DESC "; $r->set_value($key, get_db_value($sql)); } // check data for categories columns $cc_eg->set_value("category_id", 0); $cc_eg->change_property("column_id", USE_IN_SELECT, true); $cc_eg->change_property("column_id", USE_IN_WHERE, false); $cc_eg->change_property("category_id", USE_IN_WHERE, true); $cc_eg->change_property("category_id", USE_IN_SELECT, true); $columns_number = $cc_eg->get_db_values(); } if ($columns_number == 0) { $columns_number = 5; } // set parameters $r->set_parameters(); $t->set_var("rp", htmlspecialchars($return_page));
if ($db_type == "mysql") { $new_template_id = get_db_value(" SELECT LAST_INSERT_ID() "); $r->set_value("template_id", $new_template_id); } elseif ($db_type == "access") { $new_template_id = get_db_value(" SELECT @@IDENTITY "); $r->set_value("template_id", $new_template_id); } elseif ($db_type == "db2") { $new_template_id = get_db_value(" SELECT PREVVAL FOR seq_" . $table_prefix . "export_templates FROM " . $table_prefix . "export_templates"); $r->set_value("template_id", $new_template_id); } if (strlen($new_template_id)) { // start adding fields $fld = new VA_Record($table_prefix . "export_fields"); $fld->add_where("field_id", INTEGER); $fld->add_textbox("template_id", INTEGER); $fld->set_value("template_id", $new_template_id); $fld->add_textbox("field_order", INTEGER); $fld->add_textbox("field_title", TEXT); $fld->add_textbox("field_source", TEXT); $field_order = 0; $total_columns = get_param("total_columns"); for ($col = 1; $col <= $total_columns; $col++) { $field_title = get_param("column_title_" . $col); $field_source = get_param("field_source_" . $col); $column_checked = get_param("db_column_" . $col); if ($column_checked) { // if there is column title we can save this field even if it source empty $field_order++; $fld->set_value("field_order", $field_order); $fld->set_value("field_title", $field_title); $fld->set_value("field_source", $field_source);
$sql .= " WHERE setting_type='order_confirmation'"; if (isset($site_id)) { $sql .= " AND (site_id=1 OR site_id=" . $db->tosql($site_id, INTEGER, true, false) . ")"; $sql .= " ORDER BY site_id ASC "; } else { $sql .= " AND site_id=1 "; } $db->query($sql); while ($db->next_record()) { $order_confirmation[$db->f("setting_name")] = $db->f("setting_value"); } $confirmed_order_status = 3; $r = new VA_Record($table_prefix . "orders"); $r->errors = $order_errors; $r->add_where("order_id", INTEGER); $r->set_value("order_id", $order_id); $r->add_textbox("is_confirmed", INTEGER); $r->change_property("is_confirmed", USE_IN_UPDATE, false); $r->add_textbox("error_message", TEXT); $r->add_textbox("pending_message", TEXT); $r->add_textbox("transaction_id", TEXT); $r->change_property("transaction_id", USE_IN_UPDATE, false); $r->add_textbox("authorization_code", TEXT); // AVS fields $r->add_textbox("avs_response_code", TEXT); $r->add_textbox("avs_message", TEXT); $r->add_textbox("avs_address_match", TEXT); $r->add_textbox("avs_zip_match", TEXT); $r->add_textbox("cvv2_match", TEXT); // 3D fields $r->add_textbox("secure_3d_check", TEXT);
$r->change_property("same_as_personal", USE_IN_INSERT, false); $r->change_property("same_as_personal", USE_IN_UPDATE, false); if ($personal_number < 1 || $delivery_number < 1) { $r->change_property("same_as_personal", SHOW, false); } $r->add_checkbox("subscribe", INTEGER); $r->change_property("subscribe", USE_IN_SELECT, false); $r->change_property("subscribe", USE_IN_INSERT, false); $r->change_property("subscribe", USE_IN_UPDATE, false); if ($subscribe_block && ($login_field_type == 2 || $r->parameter_exists("email") && $r->get_property_value("email", SHOW) || $r->parameter_exists("delivery_email") && $r->get_property_value("delivery_email", SHOW))) { $r->change_property("subscribe", SHOW, true); } else { $r->change_property("subscribe", SHOW, false); } $r->get_form_values(); $r->set_value("user_type_id", $type_id); $r->set_value("type", $type_id); $r->set_value("registration_last_step", $registration_last_step); $r->set_value("registration_total_steps", $registration_total_steps); $r->set_value("is_sms_allowed", $group_sms_allowed); if ($r->parameter_exists("birth_date")) { //$r->change_property("birth_date", REQUIRED, false); if (!$r->is_empty("birth_month") || !$r->is_empty("birth_day") || !$r->is_empty("birth_year")) { $r->change_property("birth_month", REQUIRED, true); $r->change_property("birth_day", REQUIRED, true); $r->change_property("birth_year", REQUIRED, true); $birth_month = $r->get_value("birth_month"); $birth_day = $r->get_value("birth_day"); $birth_year = $r->get_value("birth_year"); if ($birth_month && $birth_day > 0 && $birth_day < 32 && $birth_year > 1900 && $birth_year < date("Y")) { $birth_date = $birth_year . "-" . $birth_month . "-" . $birth_day;
$where .= " o.order_placed_date<" . $db->tosql($day_after_end, DATE); } $t->set_var("status_select_style", ""); $t->set_var("status_checkboxes_style", "style='display:none;'"); if (!$r->is_empty("s_os_list")) { if (strlen($where)) { $where .= " AND "; } $s_os_list = $r->get_value("s_os_list"); if (count($s_os_list) > 1) { $where .= " o.order_status IN(" . $db->tosql($s_os_list, INTEGERS_LIST) . ")"; $t->set_var("status_select_style", "style='display:none;'"); $t->set_var("status_checkboxes_style", ""); } else { $s_os = $s_os_list[0]; $r->set_value("s_os", $s_os); $r->parameters["s_os_list"][3] = array(); $where .= " o.order_status=" . $db->tosql($s_os, INTEGER); } } elseif (!$r->is_empty("s_os")) { $s_os = $r->get_value("s_os"); if (strlen($where)) { $where .= " AND "; } $where .= " o.order_status=" . $db->tosql($s_os, INTEGER); } else { if ($r->is_empty("s_on")) { if (strlen($where)) { $where .= " AND "; } $where .= " (os.is_list=1 OR os.is_list IS NULL) ";
// check if payment system support 3D secure $secure_3d = false; // include payment module only if total order value greater than zero if ($order_total > 0) { // use php library to validate transaction $order_step = "final"; if (file_exists($validation_php_lib)) { include_once $validation_php_lib; } else { $error_message = APPROPRIATE_LIBRARY_ERROR_MSG . ": " . $validation_php_lib; } } if ($update_order_data) { $r = new VA_Record($table_prefix . "orders"); $r->add_where("order_id", INTEGER); $r->set_value("order_id", $order_id); $r->add_textbox("error_message", TEXT); $r->add_textbox("pending_message", TEXT); $r->add_textbox("transaction_id", TEXT); $r->change_property("transaction_id", USE_IN_UPDATE, false); $r->add_textbox("authorization_code", TEXT); // AVS fields $r->add_textbox("avs_response_code", TEXT); $r->add_textbox("avs_message", TEXT); $r->add_textbox("avs_address_match", TEXT); $r->add_textbox("avs_zip_match", TEXT); $r->add_textbox("cvv2_match", TEXT); // 3D fields $r->add_textbox("secure_3d_check", TEXT); $r->add_textbox("secure_3d_status", TEXT); $r->add_textbox("secure_3d_md", TEXT);
$r_id->set_value("order_id", $order_id); $r_id->add_textbox("user_id", INTEGER); $r_id->set_value("user_id", $user_id); $r_id->add_textbox("order_item_id", INTEGER); $r_id->add_textbox("item_id", INTEGER); $r_id->add_textbox("download_path", TEXT); $r_id->add_textbox("activated", INTEGER); $r_id->add_textbox("max_downloads", INTEGER); // how many times from different IPs user can download product during the month $r_id->add_textbox("download_added", DATETIME); $r_id->add_textbox("download_expiry", DATETIME); $r_id->add_textbox("download_limit", INTEGER); // how many times user can download product $ois = new VA_Record($table_prefix . "orders_items_serials"); $ois->add_textbox("order_id", INTEGER); $ois->set_value("order_id", $order_id); $ois->add_textbox("user_id", INTEGER); $ois->set_value("user_id", $user_id); $ois->add_textbox("order_item_id", INTEGER); $ois->add_textbox("item_id", INTEGER); $ois->add_textbox("serial_number", TEXT); $ois->add_textbox("activated", INTEGER); $ois->add_textbox("activations_number", INTEGER); $ois->add_textbox("serial_added", DATETIME); $ois->add_textbox("serial_expiry", DATETIME); $sql = " SELECT setting_value FROM " . $table_prefix . "global_settings "; $sql .= " WHERE setting_type='download_info' "; $sql .= " AND setting_name='max_downloads' "; if (isset($site_id)) { $sql .= " AND (site_id=1 OR site_id=" . $db->tosql($site_id, INTEGER, true, false) . ")"; $sql .= " ORDER BY site_id DESC ";
} $r->validate(); $password_encrypt = get_setting_value($settings, "password_encrypt", 0); if (!$r->is_empty("current_password")) { $current_password = $r->get_value("current_password"); if ($password_encrypt == 1) { $password_match = md5($current_password); } else { $password_match = $current_password; } $sql = " SELECT password FROM " . $table_prefix . "users WHERE user_id=" . $db->tosql($user_id, INTEGER); $sql .= " AND password="******"{field_name}", $r->parameters["current_password"][CONTROL_DESC], INCORRECT_VALUE_MESSAGE); } } if (!strlen($r->errors)) { if ($password_encrypt) { $r->set_value("password", md5($r->get_value("password"))); } $r->set_value("user_id", $user_id); $r->set_value("modified_date", va_time()); $r->update_record(); header("Location: " . $return_page . "?updated=password"); exit; } } $r->set_parameters(); $block_parsed = true; $t->parse("block_body", false);