Exemple #1
0
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/
mm_showMyFileName(__FILE__);
global $ps_shopper_group, $ps_product;
global $acl, $database;
include_class('shopper');
include_class('product');
if (!isset($ps_shopper_group)) {
    $ps_shopper_group = new ps_shopper_group();
}
$user_id = intval(vmGet($_REQUEST, 'user_id'));
$cid = vmRequest::getVar('cid', array(0), '', 'array');
if (!empty($user_id)) {
    $q = "SELECT * FROM #__users AS u LEFT JOIN #__{vm}_user_info AS ui ON id=user_id ";
    $q .= "WHERE id={$user_id} ";
    $q .= "AND (address_type='BT' OR address_type IS NULL ) ";
    $q .= "AND gid <= " . $my->gid;
    $db->query($q);
    $db->next_record();
}
// Set up the CMS General User Information
$row = new mosUser($database);
$row->load((int) $user_id);
if ($user_id) {
    $query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE user_id = " . (int) $row->id;
    $database->setQuery($query);
    $contact = $database->loadObjectList();
Exemple #2
0
 function sendRecommendation(&$d)
 {
     global $vmLogger, $VM_LANG, $vendor_store_name;
     if (!$this->validate($d)) {
         return false;
     }
     $subject = sprintf($VM_LANG->_('VM_RECOMMEND_SUBJECT', false), $vendor_store_name);
     $msg = vmRequest::getVar('recommend_message', '', 'post');
     $send = vmMail($d['sender_mail'], $d['sender_name'], $d['recipient_mail'], $subject, $msg, '');
     if ($send) {
         $vmLogger->info($VM_LANG->_('VM_RECOMMEND_DONE', false));
     } else {
         $vmLogger->warning($VM_LANG->_('VM_RECOMMEND_FAILED', false));
         return false;
     }
     unset($_REQUEST['sender_name']);
     unset($_REQUEST['sender_mail']);
     unset($_REQUEST['recipient_mail']);
     unset($_REQUEST['recommend_message']);
     return true;
 }
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/
global $mosConfig_absolute_path, $product_id, $vmInputFilter, $vmLogger;
/* Load the virtuemart main parse code */
require_once dirname(__FILE__) . '/virtuemart_parser.php';
$my_page = explode('.', $page);
$modulename = $my_page[0];
$pagename = $my_page[1];
$is_popup = vmRequest::getBool('pop');
// Page Navigation Parameters
$limit = intval($vm_mainframe->getUserStateFromRequest("viewlistlimit{$page}", 'limit', $mosConfig_list_limit));
$limitstart = intval($vm_mainframe->getUserStateFromRequest("view{$keyword}{$category_id}{$pagename}limitstart", 'limitstart', 0));
/* Get all the other paramters */
$search_category = vmRequest::getVar('search_category');
// Display just the naked page without toolbar, menu and footer?
$only_page = vmRequest::getInt('only_page', 0);
if (PSHOP_IS_OFFLINE == '1' && !$perm->hasHigherPerms('storeadmin')) {
    echo PSHOP_OFFLINE_MESSAGE;
} else {
    if (PSHOP_IS_OFFLINE == '1') {
        echo '<h2>' . $VM_LANG->_('OFFLINE_MODE') . '</h2>';
    }
    if ($is_popup) {
        echo "<style type='text/css' media='print'>.vmNoPrint { display: none }</style>";
        echo vmCommonHTML::PrintIcon('', true, ' ' . $VM_LANG->_('CMN_PRINT'));
    }
    // The Vendor ID is important
    $ps_vendor_id = $_SESSION['ps_vendor_id'];
    // The authentication array
Exemple #4
0
 /**
  * Function to update product $d['product_id'] in the product table
  *
  * @param array $d The input vars
  * @return boolean True, when the product was updated, false when not
  */
 function update(&$d)
 {
     global $vmLogger, $perm, $VM_LANG;
     require_once CLASSPATH . 'ps_product_attribute.php';
     if (!$this->validate($d)) {
         return false;
     }
     if (!vmImageTools::process_images($d)) {
         return false;
     }
     $timestamp = time();
     $db = new ps_DB();
     $ps_vendor_id = $_SESSION["ps_vendor_id"];
     if ($perm->check('admin')) {
         $vendor_id = $d['vendor_id'];
     } else {
         $vendor_id = $ps_vendor_id;
     }
     $old_vendor_id = $this->get_field($d['product_id'], 'vendor_id');
     // Insert into DB
     $fields = array('vendor_id' => $vendor_id, 'product_sku' => vmGet($d, 'product_sku'), 'product_name' => vmGet($d, 'product_name'), 'product_desc' => vmRequest::getVar('product_desc', '', 'default', '', VMREQUEST_ALLOWHTML), 'product_s_desc' => vmRequest::getVar('product_s_desc', '', 'default', '', VMREQUEST_ALLOWHTML), 'product_thumb_image' => vmGet($d, 'product_thumb_image'), 'product_full_image' => vmGet($d, 'product_full_image'), 'product_publish' => $d['product_publish'], 'product_weight' => vmRequest::getFloat('product_weight'), 'product_weight_uom' => vmGet($d, 'product_weight_uom'), 'product_length' => vmRequest::getFloat('product_length'), 'product_width' => vmRequest::getFloat('product_width'), 'product_height' => vmRequest::getFloat('product_height'), 'product_lwh_uom' => vmGet($d, 'product_lwh_uom'), 'product_unit' => vmGet($d, 'product_unit'), 'product_packaging' => $d["product_box"] << 16 | $d["product_packaging"] & 0xffff, 'product_url' => vmGet($d, 'product_url'), 'product_in_stock' => vmRequest::getInt('product_in_stock'), 'attribute' => ps_product_attribute::formatAttributeX(), 'custom_attribute' => vmGet($d, 'product_custom_attribute'), 'product_available_date' => $d['product_available_date_timestamp'], 'product_availability' => vmGet($d, 'product_availability'), 'product_special' => $d['product_special'], 'child_options' => $d['child_options'], 'quantity_options' => $d['quantity_options'], 'product_discount_id' => vmRequest::getInt('product_discount_id'), 'mdate' => $timestamp, 'product_tax_id' => vmRequest::getInt('product_tax_id'), 'child_option_ids' => vmGet($d, 'included_product_id'), 'product_order_levels' => $d['order_levels']);
     $db->buildQuery('UPDATE', '#__{vm}_product', $fields, 'WHERE product_id=' . (int) $d["product_id"] . ' AND vendor_id=' . (int) $old_vendor_id);
     $db->query();
     /* notify the shoppers that the product is here */
     /* see zw_waiting_list */
     if ($d["product_in_stock"] > "0" && @$d['notify_users'] == '1' && $d['product_in_stock_old'] == '0') {
         require_once CLASSPATH . 'zw_waiting_list.php';
         $zw_waiting_list = new zw_waiting_list();
         $zw_waiting_list->notify_list($d["product_id"]);
     }
     // Check if the Manufacturer XRef is missing
     if ($this->get_manufacturer_id($d['product_id'])) {
         $q = "UPDATE #__{vm}_product_mf_xref SET ";
         $q .= 'manufacturer_id=' . vmRequest::getInt('manufacturer_id') . ' ';
         $q .= 'WHERE product_id = ' . $d['product_id'];
     } else {
         $q = "INSERT INTO #__{vm}_product_mf_xref (product_id,manufacturer_id) VALUES ('" . $d['product_id'] . "','" . vmRequest::getInt('manufacturer_id') . "')";
     }
     $db->query($q);
     /* If is Item, update attributes */
     if (!empty($d["product_parent_id"])) {
         $q = "SELECT attribute_name FROM #__{vm}_product_attribute_sku ";
         $q .= 'WHERE product_id=' . (int) $d["product_parent_id"] . ' ';
         $q .= "ORDER BY attribute_list,attribute_name";
         $db->query($q);
         $db2 = new ps_DB();
         $i = 0;
         while ($db->next_record()) {
             $i++;
             $q2 = "UPDATE #__{vm}_product_attribute SET ";
             $q2 .= "attribute_value='" . vmGet($d, 'attribute_' . $i) . "' ";
             $q2 .= "WHERE product_id = '" . $d["product_id"] . "' ";
             $q2 .= "AND attribute_name = '" . $db->f("attribute_name", false) . "' ";
             $db2->setQuery($q2);
             $db2->query();
         }
         /* If it is a Product, update Category */
     } else {
         // Handle category selection: product_category_xref
         $q = "SELECT `category_id` FROM `#__{vm}_product_category_xref` ";
         $q .= "WHERE `product_id` = '" . $d["product_id"] . "' ";
         $db->setQuery($q);
         $db->query();
         $old_categories = array();
         while ($db->next_record()) {
             $old_categories[$db->f('category_id')] = $db->f('category_id');
         }
         // NOW Insert new categories
         $new_categories = array();
         if (empty($d['product_categories']) || !is_array(@$d['product_categories'])) {
             $d['product_categories'] = explode('|', $d['category_ids']);
         }
         foreach ($d["product_categories"] as $category_id) {
             if (!in_array($category_id, $old_categories)) {
                 $db->query('SELECT MAX(`product_list`) as list_order FROM `#__{vm}_product_category_xref` WHERE `category_id`=' . (int) $category_id);
                 $db->next_record();
                 $q = "INSERT INTO #__{vm}_product_category_xref ";
                 $q .= "(category_id,product_id,product_list) ";
                 $q .= "VALUES ('" . (int) $category_id . "','" . $d["product_id"] . "', " . intval($db->f('max') + 1) . ")";
                 $db->setQuery($q);
                 $db->query();
                 $new_categories[$category_id] = $category_id;
             } else {
                 unset($old_categories[$category_id]);
             }
         }
         // The rest of the old categories can be deleted
         foreach ($old_categories as $category_id) {
             $q = "DELETE FROM `#__{vm}_product_category_xref` ";
             $q .= "WHERE `product_id` = '" . $d["product_id"] . "' ";
             $q .= "AND `category_id` = '" . $category_id . "' ";
             $db->query($q);
         }
     }
     if (!empty($d["related_products"])) {
         /* Insert Pipe separated Related Product IDs */
         $related_products = vmGet($d, "related_products");
         $q = "REPLACE INTO #__{vm}_product_relations (product_id, related_products)";
         $q .= " VALUES( '" . $d["product_id"] . "', '{$related_products}') ";
         $db->query($q);
     } else {
         $q = "DELETE FROM #__{vm}_product_relations WHERE product_id='" . $d["product_id"] . "'";
         $db->query($q);
     }
     // UPDATE THE PRICE, IF EMPTY ADD 0
     if (empty($d['product_currency'])) {
         $d['product_currency'] = $_SESSION['vendor_currency'];
     }
     // look if we have a price for this product
     $q = "SELECT product_price_id, price_quantity_start, price_quantity_end FROM #__{vm}_product_price ";
     $q .= "WHERE shopper_group_id=" . vmRequest::getInt('shopper_group_id');
     $q .= ' AND product_id = ' . $d["product_id"];
     $db->query($q);
     if ($db->next_record()) {
         $d["product_price_id"] = $db->f("product_price_id");
         require_once CLASSPATH . 'ps_product_price.php';
         $my_price = new ps_product_price();
         if (@$d['product_price'] != '') {
             // update prices
             $d["price_quantity_start"] = $db->f("price_quantity_start");
             $d["price_quantity_end"] = $db->f("price_quantity_end");
             $my_price->update($d);
         } else {
             // delete the price
             $my_price->delete($d);
         }
     } else {
         if ($d['product_price'] != '') {
             // add the price
             $d["price_quantity_start"] = 0;
             $d["price_quantity_end"] = "";
             require_once CLASSPATH . 'ps_product_price.php';
             $my_price = new ps_product_price();
             $my_price->add($d);
         }
     }
     // Product Type Parameters!
     $this->handleParameters($d);
     $vmLogger->info($VM_LANG->_('VM_PRODUCT_UPDATED', false));
     return true;
 }
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/
mm_showMyFileName(__FILE__);
if (!isset($_REQUEST["shopper_id"]) || empty($_REQUEST["shopper_id"])) {
    echo $VM_LANG->_('VM_CHECKOUT_ORDERIDNOTSET');
} else {
    include CLASSPATH . "payment/ps_ipayment.cfg.php";
    $order_number = vmrequest::getVar('shopper_id');
    $q = 'SELECT order_id,order_total,order_status,order_currency FROM #__{vm}_orders WHERE ';
    $q .= '#__{vm}_orders.user_id= ' . $auth["user_id"] . "\n";
    $q .= 'AND #__{vm}_orders.order_number=\'' . $db->getEscaped($order_number) . "'";
    $db->query($q);
    if ($db->next_record()) {
        if (vmRequest::getVar('ret_status') == 'SUCCESS') {
            ?>
 
        <img src="<?php 
            echo VM_THEMEURL;
            ?>
images/button_ok.png" align="middle" alt="<?php 
            echo $VM_LANG->_('VM_CHECKOUT_SUCCESS');
            ?>
" border="0" />
        <h2><?php 
            echo $VM_LANG->_('PHPSHOP_PAYMENT_TRANSACTION_SUCCESS');
            ?>
</h2>
    
    <?php 
require_once CLASSPATH . 'ps_product.php';
require_once CLASSPATH . 'ps_order_status.php';
require_once CLASSPATH . 'ps_checkout.php';
require_once CLASSPATH . 'ps_order_change.php';
require_once CLASSPATH . 'ps_order_change_html.php';
$ps_product = new ps_product();
$order_id = vmRequest::getInt('order_id');
$ps_order_change_html = new ps_order_change_html($order_id);
//Added Option to resend the Confirmation Mail
$resend_action = vmRequest::getVar('func');
if ($resend_action == 'resendconfirm' && $order_id) {
    ps_checkout::email_receipt($order_id);
    $redirurl = $_SERVER['PHP_SELF'];
    foreach ($_POST as $key => $value) {
        if ($value != 'resendconfirm') {
            $redirurl .= !strpos($redirurl, '?') ? '?' : '&' . $key . '=' . vmRequest::getVar($key);
        }
    }
    vmRedirect($redirurl, $VM_LANG->_('PHPSHOP_ORDER_RESEND_CONFIRMATION_MAIL_SUCCESS'));
}
if (!is_numeric($order_id)) {
    echo "<h2>The Order ID {$order_id} is not valid.</h2>";
} else {
    $dbc = new ps_DB();
    $q = "SELECT * FROM #__{vm}_orders WHERE order_id='{$order_id}'";
    $db->query($q);
    if ($db->next_record()) {
        // Print View Icon
        $print_url = $_SERVER['PHP_SELF'] . "?page=order.order_printdetails&amp;order_id={$order_id}&amp;no_menu=1&pop=1";
        if (vmIsJoomla('1.5', '>=')) {
            $print_url .= "&amp;tmpl=component";
Exemple #7
0
 /**
  * Fetches and returns a given filtered variable. The string
  * filter deletes 'bad' HTML code, if not overridden by the mask.
  * This is currently only a proxy function for getVar().
  *
  * See getVar() for more in-depth documentation on the parameters.
  *
  * @static
  * @param	string	$name		Variable name
  * @param	string	$default	Default value if the variable does not exist
  * @param	string	$hash		Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
  * @param	int		$mask		Filter mask for the variable
  * @return	string	Requested variable
  * @since	1.1
  */
 function getString($name, $default = '', $hash = 'default', $mask = 0)
 {
     // Cast to string, in case VMREQUEST_ALLOWRAW was specified for mask
     return (string) vmRequest::getVar($name, $default, $hash, 'string', $mask);
 }
 foreach ($parseToIntFields as $intField) {
     if (!empty($_REQUEST[$intField]) && is_array($_REQUEST[$intField])) {
         vmArrayToInts($_REQUEST[$intField]);
     } elseif (isset($_REQUEST[$intField])) {
         $_REQUEST[$intField] = ${$intField} = vmRequest::getInt($intField);
     }
 }
 $product_id = vmRequest::getInt('product_id');
 $vm_mainframe->setUserState('product_id', $product_id);
 if (vmIsAdminMode()) {
     $category_id = (int) $vm_mainframe->getUserStateFromRequest('category_id', 'category_id');
 } else {
     $category_id = vmRequest::getInt('category_id');
 }
 $manufacturer_id = vmRequest::getInt('manufacturer_id');
 $user_info_id = vmRequest::getVar('user_info_id');
 $myInsecureArray = array('user_info_id' => $user_info_id, 'page' => $page, 'func' => $func);
 /**
  * This InputFiler Object will help us filter malicious variable contents
  * @global vmInputFiler vmInputFiler
  */
 $GLOBALS['vmInputFilter'] = $vmInputFilter = vmInputFilter::getInstance();
 // prevent SQL injection
 if ($perm->check('admin,storeadmin')) {
     $myInsecureArray = $vmInputFilter->safeSQL($myInsecureArray);
     $myInsecureArray = $vmInputFilter->process($myInsecureArray);
     // Re-insert the escaped strings into $_REQUEST
     foreach ($myInsecureArray as $requestvar => $requestval) {
         $_REQUEST[$requestvar] = $requestval;
     }
 } else {
Exemple #9
0
 /**
  * Gets the value of a user state variable.
  *
  * @access	public
  * @param	string	The key of the user state variable.
  * @param	string	The name of the variable passed in a request.
  * @param	string	The default value for the variable if not found. Optional.
  * @param	string	Filter for the variable, for valid values see {@link JFilterInput::clean()}. Optional.
  * @return	The request user state.
  */
 function getUserStateFromRequest($key, $request, $default = null, $type = 'none')
 {
     $old_state = $this->getUserState($key);
     $cur_state = !is_null($old_state) ? $old_state : $default;
     $new_state = vmRequest::getVar($request, null, 'default', $type);
     // Save the new value only if it was set in this request
     if ($new_state !== null) {
         $this->setUserState($key, $new_state);
     } else {
         $new_state = $cur_state;
     }
     return $new_state;
 }