* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/
mm_showMyFileName(__FILE__);
global $ps_shopper_group, $ps_product;
global $acl, $database;
include_class('shopper');
include_class('product');
if (!isset($ps_shopper_group)) {
$ps_shopper_group = new ps_shopper_group();
}
$user_id = intval(vmGet($_REQUEST, 'user_id'));
$cid = vmRequest::getVar('cid', array(0), '', 'array');
if (!empty($user_id)) {
$q = "SELECT * FROM #__users AS u LEFT JOIN #__{vm}_user_info AS ui ON id=user_id ";
$q .= "WHERE id={$user_id} ";
$q .= "AND (address_type='BT' OR address_type IS NULL ) ";
$q .= "AND gid <= " . $my->gid;
$db->query($q);
$db->next_record();
}
// Set up the CMS General User Information
$row = new mosUser($database);
$row->load((int) $user_id);
if ($user_id) {
$query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE user_id = " . (int) $row->id;
$database->setQuery($query);
$contact = $database->loadObjectList();
function sendRecommendation(&$d)
{
global $vmLogger, $VM_LANG, $vendor_store_name;
if (!$this->validate($d)) {
return false;
}
$subject = sprintf($VM_LANG->_('VM_RECOMMEND_SUBJECT', false), $vendor_store_name);
$msg = vmRequest::getVar('recommend_message', '', 'post');
$send = vmMail($d['sender_mail'], $d['sender_name'], $d['recipient_mail'], $subject, $msg, '');
if ($send) {
$vmLogger->info($VM_LANG->_('VM_RECOMMEND_DONE', false));
} else {
$vmLogger->warning($VM_LANG->_('VM_RECOMMEND_FAILED', false));
return false;
}
unset($_REQUEST['sender_name']);
unset($_REQUEST['sender_mail']);
unset($_REQUEST['recipient_mail']);
unset($_REQUEST['recommend_message']);
return true;
}
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/
global $mosConfig_absolute_path, $product_id, $vmInputFilter, $vmLogger;
/* Load the virtuemart main parse code */
require_once dirname(__FILE__) . '/virtuemart_parser.php';
$my_page = explode('.', $page);
$modulename = $my_page[0];
$pagename = $my_page[1];
$is_popup = vmRequest::getBool('pop');
// Page Navigation Parameters
$limit = intval($vm_mainframe->getUserStateFromRequest("viewlistlimit{$page}", 'limit', $mosConfig_list_limit));
$limitstart = intval($vm_mainframe->getUserStateFromRequest("view{$keyword}{$category_id}{$pagename}limitstart", 'limitstart', 0));
/* Get all the other paramters */
$search_category = vmRequest::getVar('search_category');
// Display just the naked page without toolbar, menu and footer?
$only_page = vmRequest::getInt('only_page', 0);
if (PSHOP_IS_OFFLINE == '1' && !$perm->hasHigherPerms('storeadmin')) {
echo PSHOP_OFFLINE_MESSAGE;
} else {
if (PSHOP_IS_OFFLINE == '1') {
echo '<h2>' . $VM_LANG->_('OFFLINE_MODE') . '</h2>';
}
if ($is_popup) {
echo "<style type='text/css' media='print'>.vmNoPrint { display: none }</style>";
echo vmCommonHTML::PrintIcon('', true, ' ' . $VM_LANG->_('CMN_PRINT'));
}
// The Vendor ID is important
$ps_vendor_id = $_SESSION['ps_vendor_id'];
// The authentication array
/**
* Function to update product $d['product_id'] in the product table
*
* @param array $d The input vars
* @return boolean True, when the product was updated, false when not
*/
function update(&$d)
{
global $vmLogger, $perm, $VM_LANG;
require_once CLASSPATH . 'ps_product_attribute.php';
if (!$this->validate($d)) {
return false;
}
if (!vmImageTools::process_images($d)) {
return false;
}
$timestamp = time();
$db = new ps_DB();
$ps_vendor_id = $_SESSION["ps_vendor_id"];
if ($perm->check('admin')) {
$vendor_id = $d['vendor_id'];
} else {
$vendor_id = $ps_vendor_id;
}
$old_vendor_id = $this->get_field($d['product_id'], 'vendor_id');
// Insert into DB
$fields = array('vendor_id' => $vendor_id, 'product_sku' => vmGet($d, 'product_sku'), 'product_name' => vmGet($d, 'product_name'), 'product_desc' => vmRequest::getVar('product_desc', '', 'default', '', VMREQUEST_ALLOWHTML), 'product_s_desc' => vmRequest::getVar('product_s_desc', '', 'default', '', VMREQUEST_ALLOWHTML), 'product_thumb_image' => vmGet($d, 'product_thumb_image'), 'product_full_image' => vmGet($d, 'product_full_image'), 'product_publish' => $d['product_publish'], 'product_weight' => vmRequest::getFloat('product_weight'), 'product_weight_uom' => vmGet($d, 'product_weight_uom'), 'product_length' => vmRequest::getFloat('product_length'), 'product_width' => vmRequest::getFloat('product_width'), 'product_height' => vmRequest::getFloat('product_height'), 'product_lwh_uom' => vmGet($d, 'product_lwh_uom'), 'product_unit' => vmGet($d, 'product_unit'), 'product_packaging' => $d["product_box"] << 16 | $d["product_packaging"] & 0xffff, 'product_url' => vmGet($d, 'product_url'), 'product_in_stock' => vmRequest::getInt('product_in_stock'), 'attribute' => ps_product_attribute::formatAttributeX(), 'custom_attribute' => vmGet($d, 'product_custom_attribute'), 'product_available_date' => $d['product_available_date_timestamp'], 'product_availability' => vmGet($d, 'product_availability'), 'product_special' => $d['product_special'], 'child_options' => $d['child_options'], 'quantity_options' => $d['quantity_options'], 'product_discount_id' => vmRequest::getInt('product_discount_id'), 'mdate' => $timestamp, 'product_tax_id' => vmRequest::getInt('product_tax_id'), 'child_option_ids' => vmGet($d, 'included_product_id'), 'product_order_levels' => $d['order_levels']);
$db->buildQuery('UPDATE', '#__{vm}_product', $fields, 'WHERE product_id=' . (int) $d["product_id"] . ' AND vendor_id=' . (int) $old_vendor_id);
$db->query();
/* notify the shoppers that the product is here */
/* see zw_waiting_list */
if ($d["product_in_stock"] > "0" && @$d['notify_users'] == '1' && $d['product_in_stock_old'] == '0') {
require_once CLASSPATH . 'zw_waiting_list.php';
$zw_waiting_list = new zw_waiting_list();
$zw_waiting_list->notify_list($d["product_id"]);
}
// Check if the Manufacturer XRef is missing
if ($this->get_manufacturer_id($d['product_id'])) {
$q = "UPDATE #__{vm}_product_mf_xref SET ";
$q .= 'manufacturer_id=' . vmRequest::getInt('manufacturer_id') . ' ';
$q .= 'WHERE product_id = ' . $d['product_id'];
} else {
$q = "INSERT INTO #__{vm}_product_mf_xref (product_id,manufacturer_id) VALUES ('" . $d['product_id'] . "','" . vmRequest::getInt('manufacturer_id') . "')";
}
$db->query($q);
/* If is Item, update attributes */
if (!empty($d["product_parent_id"])) {
$q = "SELECT attribute_name FROM #__{vm}_product_attribute_sku ";
$q .= 'WHERE product_id=' . (int) $d["product_parent_id"] . ' ';
$q .= "ORDER BY attribute_list,attribute_name";
$db->query($q);
$db2 = new ps_DB();
$i = 0;
while ($db->next_record()) {
$i++;
$q2 = "UPDATE #__{vm}_product_attribute SET ";
$q2 .= "attribute_value='" . vmGet($d, 'attribute_' . $i) . "' ";
$q2 .= "WHERE product_id = '" . $d["product_id"] . "' ";
$q2 .= "AND attribute_name = '" . $db->f("attribute_name", false) . "' ";
$db2->setQuery($q2);
$db2->query();
}
/* If it is a Product, update Category */
} else {
// Handle category selection: product_category_xref
$q = "SELECT `category_id` FROM `#__{vm}_product_category_xref` ";
$q .= "WHERE `product_id` = '" . $d["product_id"] . "' ";
$db->setQuery($q);
$db->query();
$old_categories = array();
while ($db->next_record()) {
$old_categories[$db->f('category_id')] = $db->f('category_id');
}
// NOW Insert new categories
$new_categories = array();
if (empty($d['product_categories']) || !is_array(@$d['product_categories'])) {
$d['product_categories'] = explode('|', $d['category_ids']);
}
foreach ($d["product_categories"] as $category_id) {
if (!in_array($category_id, $old_categories)) {
$db->query('SELECT MAX(`product_list`) as list_order FROM `#__{vm}_product_category_xref` WHERE `category_id`=' . (int) $category_id);
$db->next_record();
$q = "INSERT INTO #__{vm}_product_category_xref ";
$q .= "(category_id,product_id,product_list) ";
$q .= "VALUES ('" . (int) $category_id . "','" . $d["product_id"] . "', " . intval($db->f('max') + 1) . ")";
$db->setQuery($q);
$db->query();
$new_categories[$category_id] = $category_id;
} else {
unset($old_categories[$category_id]);
}
}
// The rest of the old categories can be deleted
foreach ($old_categories as $category_id) {
$q = "DELETE FROM `#__{vm}_product_category_xref` ";
$q .= "WHERE `product_id` = '" . $d["product_id"] . "' ";
$q .= "AND `category_id` = '" . $category_id . "' ";
$db->query($q);
}
}
if (!empty($d["related_products"])) {
/* Insert Pipe separated Related Product IDs */
$related_products = vmGet($d, "related_products");
$q = "REPLACE INTO #__{vm}_product_relations (product_id, related_products)";
$q .= " VALUES( '" . $d["product_id"] . "', '{$related_products}') ";
$db->query($q);
} else {
$q = "DELETE FROM #__{vm}_product_relations WHERE product_id='" . $d["product_id"] . "'";
$db->query($q);
}
// UPDATE THE PRICE, IF EMPTY ADD 0
if (empty($d['product_currency'])) {
$d['product_currency'] = $_SESSION['vendor_currency'];
}
// look if we have a price for this product
$q = "SELECT product_price_id, price_quantity_start, price_quantity_end FROM #__{vm}_product_price ";
$q .= "WHERE shopper_group_id=" . vmRequest::getInt('shopper_group_id');
$q .= ' AND product_id = ' . $d["product_id"];
$db->query($q);
if ($db->next_record()) {
$d["product_price_id"] = $db->f("product_price_id");
require_once CLASSPATH . 'ps_product_price.php';
$my_price = new ps_product_price();
if (@$d['product_price'] != '') {
// update prices
$d["price_quantity_start"] = $db->f("price_quantity_start");
$d["price_quantity_end"] = $db->f("price_quantity_end");
$my_price->update($d);
} else {
// delete the price
$my_price->delete($d);
}
} else {
if ($d['product_price'] != '') {
// add the price
$d["price_quantity_start"] = 0;
$d["price_quantity_end"] = "";
require_once CLASSPATH . 'ps_product_price.php';
$my_price = new ps_product_price();
$my_price->add($d);
}
}
// Product Type Parameters!
$this->handleParameters($d);
$vmLogger->info($VM_LANG->_('VM_PRODUCT_UPDATED', false));
return true;
}
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
*
* http://virtuemart.net
*/
mm_showMyFileName(__FILE__);
if (!isset($_REQUEST["shopper_id"]) || empty($_REQUEST["shopper_id"])) {
echo $VM_LANG->_('VM_CHECKOUT_ORDERIDNOTSET');
} else {
include CLASSPATH . "payment/ps_ipayment.cfg.php";
$order_number = vmrequest::getVar('shopper_id');
$q = 'SELECT order_id,order_total,order_status,order_currency FROM #__{vm}_orders WHERE ';
$q .= '#__{vm}_orders.user_id= ' . $auth["user_id"] . "\n";
$q .= 'AND #__{vm}_orders.order_number=\'' . $db->getEscaped($order_number) . "'";
$db->query($q);
if ($db->next_record()) {
if (vmRequest::getVar('ret_status') == 'SUCCESS') {
?>
<img src="<?php
echo VM_THEMEURL;
?>
images/button_ok.png" align="middle" alt="<?php
echo $VM_LANG->_('VM_CHECKOUT_SUCCESS');
?>
" border="0" />
<h2><?php
echo $VM_LANG->_('PHPSHOP_PAYMENT_TRANSACTION_SUCCESS');
?>
</h2>
<?php
require_once CLASSPATH . 'ps_product.php';
require_once CLASSPATH . 'ps_order_status.php';
require_once CLASSPATH . 'ps_checkout.php';
require_once CLASSPATH . 'ps_order_change.php';
require_once CLASSPATH . 'ps_order_change_html.php';
$ps_product = new ps_product();
$order_id = vmRequest::getInt('order_id');
$ps_order_change_html = new ps_order_change_html($order_id);
//Added Option to resend the Confirmation Mail
$resend_action = vmRequest::getVar('func');
if ($resend_action == 'resendconfirm' && $order_id) {
ps_checkout::email_receipt($order_id);
$redirurl = $_SERVER['PHP_SELF'];
foreach ($_POST as $key => $value) {
if ($value != 'resendconfirm') {
$redirurl .= !strpos($redirurl, '?') ? '?' : '&' . $key . '=' . vmRequest::getVar($key);
}
}
vmRedirect($redirurl, $VM_LANG->_('PHPSHOP_ORDER_RESEND_CONFIRMATION_MAIL_SUCCESS'));
}
if (!is_numeric($order_id)) {
echo "<h2>The Order ID {$order_id} is not valid.</h2>";
} else {
$dbc = new ps_DB();
$q = "SELECT * FROM #__{vm}_orders WHERE order_id='{$order_id}'";
$db->query($q);
if ($db->next_record()) {
// Print View Icon
$print_url = $_SERVER['PHP_SELF'] . "?page=order.order_printdetails&order_id={$order_id}&no_menu=1&pop=1";
if (vmIsJoomla('1.5', '>=')) {
$print_url .= "&tmpl=component";
/**
* Fetches and returns a given filtered variable. The string
* filter deletes 'bad' HTML code, if not overridden by the mask.
* This is currently only a proxy function for getVar().
*
* See getVar() for more in-depth documentation on the parameters.
*
* @static
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param int $mask Filter mask for the variable
* @return string Requested variable
* @since 1.1
*/
function getString($name, $default = '', $hash = 'default', $mask = 0)
{
// Cast to string, in case VMREQUEST_ALLOWRAW was specified for mask
return (string) vmRequest::getVar($name, $default, $hash, 'string', $mask);
}
foreach ($parseToIntFields as $intField) {
if (!empty($_REQUEST[$intField]) && is_array($_REQUEST[$intField])) {
vmArrayToInts($_REQUEST[$intField]);
} elseif (isset($_REQUEST[$intField])) {
$_REQUEST[$intField] = ${$intField} = vmRequest::getInt($intField);
}
}
$product_id = vmRequest::getInt('product_id');
$vm_mainframe->setUserState('product_id', $product_id);
if (vmIsAdminMode()) {
$category_id = (int) $vm_mainframe->getUserStateFromRequest('category_id', 'category_id');
} else {
$category_id = vmRequest::getInt('category_id');
}
$manufacturer_id = vmRequest::getInt('manufacturer_id');
$user_info_id = vmRequest::getVar('user_info_id');
$myInsecureArray = array('user_info_id' => $user_info_id, 'page' => $page, 'func' => $func);
/**
* This InputFiler Object will help us filter malicious variable contents
* @global vmInputFiler vmInputFiler
*/
$GLOBALS['vmInputFilter'] = $vmInputFilter = vmInputFilter::getInstance();
// prevent SQL injection
if ($perm->check('admin,storeadmin')) {
$myInsecureArray = $vmInputFilter->safeSQL($myInsecureArray);
$myInsecureArray = $vmInputFilter->process($myInsecureArray);
// Re-insert the escaped strings into $_REQUEST
foreach ($myInsecureArray as $requestvar => $requestval) {
$_REQUEST[$requestvar] = $requestval;
}
} else {
/**
* Gets the value of a user state variable.
*
* @access public
* @param string The key of the user state variable.
* @param string The name of the variable passed in a request.
* @param string The default value for the variable if not found. Optional.
* @param string Filter for the variable, for valid values see {@link JFilterInput::clean()}. Optional.
* @return The request user state.
*/
function getUserStateFromRequest($key, $request, $default = null, $type = 'none')
{
$old_state = $this->getUserState($key);
$cur_state = !is_null($old_state) ? $old_state : $default;
$new_state = vmRequest::getVar($request, null, 'default', $type);
// Save the new value only if it was set in this request
if ($new_state !== null) {
$this->setUserState($key, $new_state);
} else {
$new_state = $cur_state;
}
return $new_state;
}
