function xtc_db_error($query, $errno, $error)
{
    // Deliver 503 Error on database error (so crawlers won't index the error page)
    if (!defined('DIR_FS_ADMIN')) {
        header("HTTP/1.1 503 Service Temporarily Unavailable");
        header("Status: 503 Service Temporarily Unavailable");
        header("Connection: Close");
    }
    // Send an email to the shop owner if a sql error occurs
    if (defined('EMAIL_SQL_ERRORS') && EMAIL_SQL_ERRORS == 'true') {
        $subject = 'DATA BASE ERROR AT - ' . STORE_NAME;
        $message = '<font color="#000000"><strong>' . $errno . ' - ' . $error . '<br /><br />' . $query . '<br /><br />Request URL: ' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '<br /><br /><small><font color="#ff0000">[XT SQL Error]</font></small><br /><br /></strong></font>';
        xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '', '', STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, '', '', $subject, nl2br($message), $message);
    }
    // show the full sql error + full query only to logged-in admins or error_reporting() != 0
    if (isset($_SESSION['customers_status']['customers_status_id']) && $_SESSION['customers_status']['customers_status_id'] == 0 || error_reporting() != 0) {
        die('<font color="#000000"><strong>' . $errno . ' - ' . $error . '<br /><br />' . $query . '<br /><br /><small><font color="#ff0000">[MOD SQL Error]</font></small><br /><br /></strong></font>');
    } else {
        die('<font color="#ff0000"><strong>Es ist ein Fehler aufgetreten!<br />There was an error!<br />Il y avait une erreur!</strong></font>');
    }
}
require_once DIR_FS_INC . 'xtc_validate_email.inc.php';
require_once DIR_FS_INC . 'xtc_image_button.inc.php';
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include the mailer-class
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
// include all for the mails
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
if (!isset($_SESSION['affiliate_id'])) {
    xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
}
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'send') {
    if (xtc_validate_email(trim($_POST['email']))) {
        xtc_php_mail($_POST['email'], $_POST['name'], AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', $_POST['email'], $_POST['name'], '', '', EMAIL_SUBJECT, $_POST['enquiry'], $_POST['enquiry']);
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_CONTACT, 'action=success'));
        } else {
            echo $mail_error;
        }
    } else {
        $error = true;
    }
}
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_CONTACT, xtc_href_link(FILENAME_AFFILIATE_CONTACT));
require DIR_WS_INCLUDES . 'header.php';
if (isset($_GET['action']) && $_GET['action'] == 'success') {
    $smarty->assign('SUMMARY_LINK', '<a href="' . xtc_href_link(FILENAME_AFFILIATE_SUMMARY) . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
} else {
 function sendAdminErrorMail($importantData = array())
 {
     $subject = "Error in Payment-Modul";
     $message = "Error in Payment-Modul\r\n";
     if (isset($importantData['description'])) {
         $message .= "\r\nDescription: " . $importantData['description'];
     }
     if (isset($importantData['transactionId'])) {
         $message .= "\r\nTransaction-ID: " . $importantData['transactionId'];
     }
     if (isset($importantData['paymentmethod'])) {
         $message .= "\r\nPaymentmethod: " . $importantData['paymentmethod'];
     }
     if (isset($importantData['customerId'])) {
         $message .= "\r\nCustomer-ID: " . $importantData['customerId'];
     }
     if (isset($importantData['orderdata'])) {
         $message .= "\r\nOrder-Data: " . print_r($importantData['orderdata'], true);
     }
     $message .= "\r\n\r\nMail is sent by function " . __METHOD__ . " in file " . __FILE__;
     xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '', '', STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, '', '', $subject, nl2br($message), $message);
 }
        // EOF - Tomcraft - 2009-11-05 - Advanced contact form (additional fields)
        // BOF - Tomcraft - 2009-11-05 - Advanced contact form (check for USE_CONTACT_EMAIL_ADDRESS)
        $use_contact_email_query = xtc_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'USE_CONTACT_EMAIL_ADDRESS'");
        $use_contact_email = xtc_db_fetch_array($use_contact_email_query);
        if ($use_contact_email['configuration_value'] == 'true') {
            $email = trim(CONTACT_US_EMAIL_ADDRESS);
            $name = CONTACT_US_NAME;
            $notify = EMAIL_NOTIFY . "\n\n";
        } else {
            $email = trim($_POST['email']);
            $name = $_POST['name'];
            $notify = '';
        }
        // EOF - Tomcraft - 2009-11-05 - Advanced contact form (check for USE_CONTACT_EMAIL_ADDRESS)
        $email_layout = sprintf(EMAIL_SENT_BY, CONTACT_US_NAME, CONTACT_US_EMAIL_ADDRESS, $datum, $uhrzeit) . "\n" . "--------------------------------------------------------------" . "\n" . $notify . EMAIL_NAME . $_POST['name'] . "\n" . EMAIL_EMAIL . trim($_POST['email']) . "\n" . $additional_fields . "\n" . EMAIL_MESSAGE . "\n " . $_POST['message_body'] . "\n";
        xtc_php_mail($email, $name, CONTACT_US_EMAIL_ADDRESS, CONTACT_US_NAME, CONTACT_US_FORWARDING_STRING, $email, $name, '', '', CONTACT_US_EMAIL_SUBJECT, nl2br($email_layout), $email_layout);
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_CONTENT, 'action=success&coID=' . (int) $_GET['coID']));
        } else {
            $smarty->assign('error_message', $mail_error);
        }
    }
    //EOF - web28 - 2010-04-03 - New error handling for required fileds
}
$smarty->assign('CONTACT_HEADING', $shop_content_data['content_heading']);
if (isset($_GET['action']) && $_GET['action'] == 'success') {
    $smarty->assign('success', '1');
    $smarty->assign('BUTTON_CONTINUE', '<a href="' . xtc_href_link(FILENAME_DEFAULT) . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
} else {
    if ($shop_content_data['content_file'] != '') {
        ob_start();
Esempio n. 5
0
             // set dirs manual
             $smarty->template_dir = DIR_FS_CATALOG . 'templates';
             $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
             $smarty->config_dir = DIR_FS_CATALOG . 'lang';
             $smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
             $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
             $smarty->assign('NAME', $check_status['customers_name']);
             $smarty->assign('ORDER_NR', $oID);
             $smarty->assign('ORDER_LINK', xtc_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, 'order_id=' . $oID, 'SSL'));
             $smarty->assign('ORDER_DATE', xtc_date_long($check_status['date_purchased']));
             $smarty->assign('NOTIFY_COMMENTS', nl2br($notify_comments));
             // Tomcraft - 2009-10-10 - Fixed wordwrap in notify_comments
             $smarty->assign('ORDER_STATUS', $orders_status_array[$status]);
             $html_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.html');
             $txt_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.txt');
             xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_BILLING_SUBJECT, $html_mail, $txt_mail);
             $customer_notified = '1';
         }
         xtc_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) values ('" . xtc_db_input($oID) . "', '" . xtc_db_input($status) . "', now(), '" . $customer_notified . "', '" . xtc_db_input($comments) . "')");
         $order_updated = true;
     }
     if ($order_updated) {
         $messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
     } else {
         $messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
     }
     xtc_redirect(xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('action')) . 'action=edit'));
     break;
 case 'deleteconfirm':
     $oID = xtc_db_prepare_input($_GET['oID']);
     xtc_remove_order($oID, $_POST['restock']);
     $messageStack->add_session(SUCCESS_BILLING, 'success');
     xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('action')) . 'action=edit'));
     break;
 case 'update_payment':
     $pID = xtc_db_prepare_input($_GET['pID']);
     $status = xtc_db_prepare_input($_POST['status']);
     $payment_updated = false;
     $check_status_query = xtc_db_query("select af.affiliate_email_address, ap.affiliate_lastname, ap.affiliate_firstname, ap.affiliate_payment_status, ap.affiliate_payment_date, ap.affiliate_payment_date from " . TABLE_AFFILIATE_PAYMENT . " ap, " . TABLE_AFFILIATE . " af where affiliate_payment_id = '" . xtc_db_input($pID) . "' and af.affiliate_id = ap.affiliate_id ");
     $check_status = xtc_db_fetch_array($check_status_query);
     if ($check_status['affiliate_payment_status'] != $status) {
         xtc_db_query("update " . TABLE_AFFILIATE_PAYMENT . " set affiliate_payment_status = '" . xtc_db_input($status) . "', affiliate_last_modified = now() where affiliate_payment_id = '" . xtc_db_input($pID) . "'");
         $affiliate_notified = '0';
         // Notify Affiliate
         if ($_POST['notify'] == 'on') {
             $email = STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_AFFILIATE_PAYMENT_NUMBER . ' ' . $pID . "\n" . EMAIL_TEXT_INVOICE_URL . ' ' . xtc_catalog_href_link(FILENAME_CATALOG_AFFILIATE_PAYMENT_INFO, 'payment_id=' . $pID, 'SSL') . "\n" . EMAIL_TEXT_PAYMENT_BILLED . ' ' . xtc_date_long($check_status['affiliate_payment_date']) . "\n\n" . sprintf(EMAIL_TEXT_STATUS_UPDATE, $payments_status_array[$status]);
             xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, EMAIL_SUPPORT_NAME, $check_status['affiliate_email_address'], $check_status['affiliate_firstname'] . ' ' . $check_status['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_TEXT_SUBJECT, nl2br($email), $email);
             $affiliate_notified = '1';
         }
         xtc_db_query("insert into " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " (affiliate_payment_id, affiliate_new_value, affiliate_old_value, affiliate_date_added, affiliate_notified) values ('" . xtc_db_input($pID) . "', '" . xtc_db_input($status) . "', '" . $check_status['affiliate_payment_status'] . "', now(), '" . $affiliate_notified . "')");
         $order_updated = true;
     }
     if ($order_updated) {
         $messageStack->add_session(SUCCESS_PAYMENT_UPDATED, 'success');
     }
     xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('action')) . 'action=edit'));
     break;
 case 'deleteconfirm':
     $pID = xtc_db_prepare_input($_GET['pID']);
     xtc_db_query("delete from " . TABLE_AFFILIATE_PAYMENT . " where affiliate_payment_id = '" . xtc_db_input($pID) . "'");
     xtc_db_query("delete from " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " where affiliate_payment_id = '" . xtc_db_input($pID) . "'");
     xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('pID', 'action'))));
 $txt_mail = $smarty->fetch('db:order_mail.txt');
 //email attachments
 $email_attachments = defined('EMAIL_BILLING_ATTACHMENTS') ? EMAIL_BILLING_ATTACHMENTS : '';
 // create subject
 $order_subject = str_replace('{$nr}', $insert_id, EMAIL_BILLING_SUBJECT_ORDER);
 $order_subject = str_replace('{$date}', xtc_date_long($order->info['date_purchased']), $order_subject);
 // Tomcraft - 2011-12-28 - Use date_puchased instead of current date in E-Mail subject
 $order_subject = str_replace('{$lastname}', $order->customer['lastname'], $order_subject);
 $order_subject = str_replace('{$firstname}', $order->customer['firstname'], $order_subject);
 // send mail to admin
 xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], $email_attachments, '', $order_subject, $html_mail, $txt_mail);
 // send mail to customer
 if (SEND_EMAILS == 'true' || $send_by_admin) {
     xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, $email_attachments, '', $order_subject, $html_mail, $txt_mail);
     if (isset($sepa_html_mail)) {
         xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $banktransfer_owner_email, '', '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_BILLING_SUBJECT, $sepa_html_mail, $sepa_txt_mail);
     }
 }
 if (AFTERBUY_ACTIVATED == 'true') {
     require_once DIR_WS_CLASSES . 'afterbuy.php';
     $aBUY = new xtc_afterbuy_functions($insert_id);
     if ($aBUY->order_send()) {
         $aBUY->process_order();
     }
 }
 //BOF - web28 - 2010-03-20 - Send Order by Admin
 if (isset($send_by_admin)) {
     //DokuMan - 2010-09-18 - Undefined variable: send_by_admin
     $customer_notified = '1';
     $orders_status_id = '1';
     //Comment out the next line for setting  the $orders_status_id= '1 '- Auskommentieren der nächste Zeile, um die $orders_status_id = '1' zu setzen
function xtcMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)")
{
    $output = "Attention site admin of " . STORE_NAME . ",\n";
    $output .= "On " . @strftime(DATE_FORMAT_LONG);
    $output .= " at " . @strftime(DATE_TIME_FORMAT_SHORT);
    $output .= " the xt:C System has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n";
    $output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n";
    $output .= "Additional information given by the code which detected this: " . $message;
    $output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find  what happened and " . "maybe who did it.\n\n";
    $output .= "\n=====================================\n";
    $output .= "Information about this user:\n";
    $output .= "=====================================\n";
    if (!isset($_SESSION['customer_id'])) {
        $output .= "This person is not logged in.\n";
    } else {
        $output .= "This person is logged in!!\n Customers ID =" . $_SESSION['customer_id'];
    }
    $output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . $_SERVER['HTTP_CLIENT_IP'] . "\n\t IP according to REMOTE_ADDR: " . $_SERVER['REMOTE_ADDR'] . "\n\t IP according to GetHostByName(" . $_SERVER['REMOTE_ADDR'] . "): " . @GetHostByName($_SERVER['REMOTE_ADDR']) . "\n\n";
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_REQUEST array\n";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_REQUEST)) {
        $output .= "REQUEST * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_GET array\n";
    $output .= "This is about variables that may have been ";
    $output .= "in the URL string or in a 'GET' type form.\n";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_GET)) {
        $output .= "GET * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_POST array\n";
    $output .= "This is about visible and invisible form elements.\n";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_POST)) {
        $output .= "POST * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Browser information\n";
    $output .= "=====================================\n";
    $output .= "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
    $browser = (array) @get_browser();
    while (list($key, $value) = @each($browser)) {
        $output .= "BROWSER * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_SERVER array\n";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_SERVER)) {
        $output .= "SERVER * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_ENV array\n";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_ENV)) {
        $output .= "ENV * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_COOKIE array\n";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_COOKIE)) {
        $output .= "COOKIE * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_FILES array\n";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_FILES)) {
        $output .= "FILES * {$key} : {$value}\n";
    }
    $output .= "\n=====================================\n";
    $output .= "Information in the \$_SESSION array\n";
    $output .= "This is session info.";
    $output .= "=====================================\n";
    while (list($key, $value) = @each($_SESSION)) {
        $output .= "SESSION * {$key} : {$value}\n";
    }
    xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', 'Attempted hack on your site? (type: ' . $message . ')', nl2br($output), $output);
    return;
}
                $coupon_query = xtc_db_query("SELECT * FROM " . TABLE_COUPONS . " WHERE coupon_code = '" . $coupon_code . "'");
                $coupon = xtc_db_fetch_array($coupon_query);
                $coupon_id = $coupon['coupon_id'];
                $coupon_desc_query = xtc_db_query("SELECT * FROM " . TABLE_COUPONS_DESCRIPTION . " WHERE coupon_id = '" . $coupon_id . "' and language_id = '" . (int) $_SESSION['languages_id'] . "'");
                $coupon_desc = xtc_db_fetch_array($coupon_desc_query);
                $insert_query = xtc_db_query("INSERT INTO " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) VALUES ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )");
                $smarty->assign('SEND_COUPON', 'true');
                $smarty->assign('COUPON_DESC', $coupon_desc['coupon_description']);
                $smarty->assign('COUPON_CODE', $coupon['coupon_code']);
            }
        }
        // create templates
        $smarty->caching = 0;
        $html_mail = $smarty->fetch('db:create_account_mail.html');
        $txt_mail = $smarty->fetch('db:create_account_mail.txt');
        xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $email_address, $name, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
        if ($newsletter == 1) {
            require_once DIR_WS_CLASSES . 'class.newsletter.php';
            $newsletter = new newsletter();
            $newsletter->AddUserAuto($email_address);
        }
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART, '', 'SSL'));
        } else {
            $error = true;
            $messageStack->add('create_account', $mail_error);
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_CREATE_ACCOUNT, xtc_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
            $smarty->template_dir = DIR_FS_CATALOG . 'templates';
            $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
            $smarty->config_dir = DIR_FS_CATALOG . 'lang';
            //BOF - GTB - 2010-08-03 - Security Fix - Base
            $smarty->assign('tpl_path', DIR_WS_BASE . 'templates/' . CURRENT_TEMPLATE . '/');
            //$smarty->assign('tpl_path', 'templates/'.CURRENT_TEMPLATE.'/');
            //EOF - GTB - 2010-08-03 - Security Fix - Base
            $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
            $smarty->assign('NAME', $customers_lastname . ' ' . $customers_firstname);
            $smarty->assign('EMAIL', $customers_email_address);
            $smarty->assign('COMMENTS', $customers_mail_comments);
            $smarty->assign('PASSWORD', $customers_password_encrypted);
            $smarty->caching = 0;
            $html_mail = $smarty->fetch('db:create_account_mail_admin.html');
            $txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
            xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $customers_email_address, $customers_lastname . ' ' . $customers_firstname, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
        }
        xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, 'cID=' . $cc_id, 'SSL'));
    }
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body>
    <!-- header //-->
    <?php 
require DIR_WS_INCLUDES . 'header.php';
?>
    <!-- header_eof //-->
    <!-- body //-->
<div class="row">
        if (ACCOUNT_SUBURB == 'true') {
            $sql_data_array['affiliate_suburb'] = $a_suburb;
        }
        if (ACCOUNT_STATE == 'true') {
            if ($a_zone_id > 0) {
                $sql_data_array['affiliate_zone_id'] = $a_zone_id;
                $sql_data_array['affiliate_state'] = '';
            } else {
                $sql_data_array['affiliate_zone_id'] = '0';
                $sql_data_array['affiliate_state'] = $a_state;
            }
        }
        $sql_data_array['affiliate_date_account_created'] = 'now()';
        $_SESSION['affiliate_id'] = affiliate_insert($sql_data_array, $_SESSION['affiliate_ref']);
        $aemailbody = MAIL_AFFILIATE_HEADER . "\n" . MAIL_AFFILIATE_ID . $_SESSION['affiliate_id'] . "\n" . MAIL_AFFILIATE_USERNAME . $a_email_address . "\n" . MAIL_AFFILIATE_PASSWORD . $a_password . "\n\n" . MAIL_AFFILIATE_LINK . HTTP_SERVER . DIR_WS_CATALOG . FILENAME_AFFILIATE . "\n\n" . MAIL_AFFILIATE_FOOTER;
        xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $a_email_address, $a_firstname . ' ' . $a_lastname, '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', MAIL_AFFILIATE_SUBJECT, nl2br($aemailbody), nl2br($aemailbody));
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
        } else {
            echo $mail_error;
        }
        $_SESSION['affiliate_email'] = $a_email_address;
        $_SESSION['affiliate_name'] = $a_firstname . ' ' . $a_lastname;
        xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_SIGNUP_OK, '', 'SSL'));
    }
}
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_SIGNUP, xtc_href_link(FILENAME_AFFILIATE_SIGNUP, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', xtc_draw_form('affiliate_signup', xtc_href_link(FILENAME_AFFILIATE_SIGNUP, '', 'SSL'), 'post'));
$smarty->assign('HIDDEN_ACTION', xtc_draw_hidden_field('action', 'process'));
        $smarty->caching = false;
        // set dirs manual
        $smarty->template_dir = DIR_FS_CATALOG . 'templates';
        $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
        $smarty->config_dir = DIR_FS_CATALOG . 'lang';
        $smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
        $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
        $smarty->assign('MESSAGE', stripslashes($_POST['message']));
        //web28 2011-07-07 - Fix html email
        $smarty->assign('COUPON_ID', $coupon_result['coupon_code']);
        $smarty->assign('COUPON_AMOUNT', $coupon_amount);
        // web28 - 2011-04-13 - ADD Coupon message infos
        $smarty->assign('WEBSITE', HTTP_SERVER . DIR_WS_CATALOG);
        $html_mail = $smarty->fetch('db:send_coupon.html');
        $txt_mail = $smarty->fetch('db:send_coupon.txt');
        xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $mail['customers_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $subject, $html_mail, $txt_mail);
    }
    xtc_redirect(xtc_href_link(FILENAME_COUPON_ADMIN, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview_email' && !$_POST['customers_email_address']) {
    $_GET['action'] = 'email';
    $messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($_GET['mail_sent_to']) {
    $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'success');
    $_GET['mail_sent_to'] = '';
}
switch ($_GET['action']) {
    case 'confirmdelete':
        $delete_query = xtc_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id='" . (int) $_GET['cid'] . "'");
        break;
Esempio n. 13
0
     * -> parse email text 
     */
    $mail_text = nl2br(gm_get_content('GM_PDF_EMAIL_TEXT', $_SESSION['languages_id']));
    if (strstr($mail_text, '{CUSTOMER}')) {
        $mail_text = str_replace('{CUSTOMER}', $order_check['customers_firstname'] . ' ' . $order_check['customers_lastname'], $mail_text);
    }
    if (strstr($mail_text, '{ORDER_ID}')) {
        $mail_text = str_replace('{ORDER_ID}', $_GET['oID'], $mail_text);
    }
    if (strstr($mail_text, '{INVOICE_ID}')) {
        $mail_text = str_replace('{INVOICE_ID}', $order_check['gm_orders_code'], $mail_text);
    }
    if (strstr($mail_text, '{DATE}')) {
        $mail_text = str_replace('{DATE}', xtc_date_short($order->info['date_purchased']), $mail_text);
    }
    if (!empty($_GET['gm_quick_mail'])) {
        $order_check['customers_email_address'] = $_GET['gm_mail'];
        $order_check['customers_firstname'] = '';
        $order_check['customers_lastname'] = '';
        $subject = $_GET['gm_subject'];
    }
    if (xtc_php_mail(EMAIL_FROM, STORE_NAME, $order_check['customers_email_address'], $order_check['customers_firstname'] . ' ' . $order_check['customers_lastname'], EMAIL_BILLING_FORWARDING_STRING, '', '', DIR_FS_CATALOG . '/export/' . $pdf_filename, '', $subject, $mail_text, '')) {
        echo PDF_MAIL_SUCCESS . '<br><br><span class="button" onclick="gm_mail_close(\'INVOICE_MAIL\')" style="cursor:pointer"><strong>' . PDF_MAIL_CLOSE . '</strong></span>';
        @unlink(DIR_FS_CATALOG . '/export/' . $pdf_filename);
    }
} else {
    if ($gm_pdf_use_protection) {
        $pdf->SetProtection($gm_pdf_protection);
    }
    $pdf->Output($pdf_filename, gm_get_conf("GM_PDF_DISPLAY_OUTPUT"));
}
Esempio n. 14
0
              if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
                $link = HTTP_SERVER  . DIR_WS_CATALOG . 'gv_redeem.php' . '/gv_no,'.$id1;
              } else {
                $link = HTTP_SERVER  . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no='.$id1;
              }
        */
        $link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no=' . $id1;
        //-- SEO ShopStat
        $smarty->assign('GIFT_LINK', $link);
        $html_mail = $smarty->fetch('db:send_gift.html');
        $txt_mail = $smarty->fetch('db:send_gift.txt');
        if ($subject == '') {
            $subject = EMAIL_BILLING_SUBJECT;
        }
        //web28 - 2011-07-07 - Fix email subject
        xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $_POST['email_to'], '', '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $subject, $html_mail, $txt_mail);
        //web28 - 2011-07-07 - Fix email subject
        // Now create the coupon email entry
        $insert_query = xtc_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $_POST['amount'] . "', now())");
        $insert_id = xtc_db_insert_id();
        $insert_query = xtc_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $_POST['email_to'] . "', now() )");
    }
    xtc_redirect(xtc_href_link(FILENAME_GV_MAIL, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
$error = false;
if ($_GET['action'] == 'preview' && !$_POST['customers_email_address'] && !$_POST['email_to']) {
    $messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
    $error = true;
}
if ($_GET['action'] == 'preview' && !$_POST['amount']) {
    $messageStack->add(ERROR_NO_AMOUNT_SELECTED, 'error');
            //        break;
        //      case '**D':
        //        $mail_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
        //        $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
        //        break;
        default:
            $affiliate_email_address = xtc_db_prepare_input($_POST['affiliate_email_address']);
            $mail_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . xtc_db_input($affiliate_email_address) . "'");
            $mail_sent_to = $_POST['affiliate_email_address'];
            break;
    }
    $from = xtc_db_prepare_input($_POST['from']);
    $subject = xtc_db_prepare_input($_POST['subject']);
    $message = xtc_db_prepare_input($_POST['message']);
    while ($mail = xtc_db_fetch_array($mail_query)) {
        xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $mail['affiliate_email_address'], $mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $subject, $message, $message);
    }
    xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_CONTACT, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['affiliate_email_address']) {
    $messageStack->add(ERROR_NO_AFFILIATE_SELECTED, 'error');
}
if (xtc_not_null($_GET['mail_sent_to'])) {
    $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php 
echo HTML_PARAMS;
?>
>
        xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_email_address = '" . xtc_db_input($check_customer['customers_email_address']) . "'");
        //DokuMan - 2011-02-19 - SQL injection fix 16.02.2011
        xtc_db_query("update " . TABLE_CUSTOMERS . " set password_request_key = '' where customers_id = '" . $check_customer['customers_id'] . "'");
        // assign language to template for caching
        $smarty->assign('language', $_SESSION['language']);
        $smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
        $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
        // assign vars
        $smarty->assign('EMAIL', $check_customer['customers_email_address']);
        $smarty->assign('NEW_PASSWORD', $newpass);
        // dont allow cache
        $smarty->caching = false;
        // create mails
        $html_mail = $smarty->fetch('db:new_password_mail.html');
        $txt_mail = $smarty->fetch('db:new_password_mail.txt');
        xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $check_customer['customers_email_address'], '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_PASSWORD_NEW_PASSWORD, $html_mail, $txt_mail);
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_LOGIN, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_PASSWORD_DOUBLE_OPT, xtc_href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'NONSSL'));
require DIR_WS_INCLUDES . 'header.php';
switch ($case) {
    case 'first_opt_in':
        $smarty->assign('text_heading', HEADING_PASSWORD_FORGOTTEN);
        //$smarty->assign('info_message', $info_message); //DokuMan - 2010-08-26 - unnecessary assign
        $smarty->assign('info_message', TEXT_LINK_MAIL_SENDED);
        $smarty->assign('language', $_SESSION['language']);
        $smarty->caching = 0;
        $main_content = $smarty->fetch(CURRENT_TEMPLATE . '/module/password_messages.html');
function CustomersUpdate()
{
    global $_POST, $Lang_folder;
    $customers_id = -1;
    // include PW function
    require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
    if (isset($_POST['cID'])) {
        $customers_id = xtc_db_prepare_input($_POST['cID']);
    }
    // security check, if user = admin, dont allow to perform changes
    if ($customers_id != -1) {
        $sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'");
        $sec_data = xtc_db_fetch_array($sec_query);
        if ($sec_data['customers_status'] == 0) {
            print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', '');
            return;
        }
    }
    $sql_customers_data_array = array();
    if (isset($_POST['customers_cid'])) {
        $sql_customers_data_array['customers_cid'] = $_POST['customers_cid'];
    }
    if (isset($_POST['customers_firstname'])) {
        $sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname'];
    }
    if (isset($_POST['customers_lastname'])) {
        $sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname'];
    }
    if (isset($_POST['customers_dob'])) {
        $sql_customers_data_array['customers_dob'] = $_POST['customers_dob'];
    }
    if (isset($_POST['customers_email'])) {
        $sql_customers_data_array['customers_email_address'] = $_POST['customers_email'];
    }
    if (isset($_POST['customers_tele'])) {
        $sql_customers_data_array['customers_telephone'] = $_POST['customers_tele'];
    }
    if (isset($_POST['customers_fax'])) {
        $sql_customers_data_array['customers_fax'] = $_POST['customers_fax'];
    }
    if (isset($_POST['customers_gender'])) {
        $sql_customers_data_array['customers_gender'] = $_POST['customers_gender'];
    }
    if (file_exists('cao_custupd_1.php')) {
        include 'cao_custupd_1.php';
    }
    if (isset($_POST['customers_password'])) {
        $sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']);
    }
    $sql_address_data_array = array();
    if (isset($_POST['customers_firstname'])) {
        $sql_address_data_array['entry_firstname'] = $_POST['customers_firstname'];
    }
    if (isset($_POST['customers_lastname'])) {
        $sql_address_data_array['entry_lastname'] = $_POST['customers_lastname'];
    }
    if (isset($_POST['customers_company'])) {
        $sql_address_data_array['entry_company'] = $_POST['customers_company'];
    }
    if (isset($_POST['customers_street'])) {
        $sql_address_data_array['entry_street_address'] = $_POST['customers_street'];
    }
    if (isset($_POST['customers_city'])) {
        $sql_address_data_array['entry_city'] = $_POST['customers_city'];
    }
    if (isset($_POST['customers_postcode'])) {
        $sql_address_data_array['entry_postcode'] = $_POST['customers_postcode'];
    }
    if (isset($_POST['customers_gender'])) {
        $sql_address_data_array['entry_gender'] = $_POST['customers_gender'];
    }
    if (isset($_POST['customers_country_id'])) {
        $country_code = $_POST['customers_country_id'];
    }
    $country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1";
    $country_result = xtc_db_query($country_query);
    $row = xtc_db_fetch_array($country_result);
    $sql_address_data_array['entry_country_id'] = $row['countries_id'];
    $count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1");
    $check = xtc_db_fetch_array($count_query);
    if ($check['count'] > 0) {
        $mode = 'UPDATE';
        $address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1");
        $customer = xtc_db_fetch_array($address_book_result);
        xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1");
        xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1");
        xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "'  LIMIT 1");
    } else {
        $mode = 'APPEND';
        if (strlen($_POST['customers_password']) == 0) {
            // generate PW if empty
            $pw = xtc_RandomString(8);
            $sql_customers_data_array['customers_password'] = xtc_create_password($pw);
        } else {
            $pw = $_POST['customers_password'];
        }
        xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array);
        $customers_id = xtc_db_insert_id();
        $sql_address_data_array['customers_id'] = $customers_id;
        xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array);
        $address_id = xtc_db_insert_id();
        xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'");
        //JP20080401
        if (!isset($_POST['customers_price_level'])) {
            xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'");
        }
        xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())");
    }
    if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') {
        // generate mail for customer if customer=new
        require_once DIR_WS_CLASSES . 'class.phpmailer.php';
        require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
        require_once DIR_FS_INC . 'xtc_add_tax.inc.php';
        require_once DIR_FS_INC . 'xtc_not_null.inc.php';
        require_once DIR_FS_INC . 'xtc_href_link.inc.php';
        require_once DIR_FS_INC . 'xtc_date_long.inc.php';
        require_once DIR_FS_INC . 'xtc_check_agent.inc.php';
        require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php';
        //JP 20080102
        $smarty = new Smarty();
        //$smarty->assign('language', $check_status['language']);
        $smarty->assign('language', $Lang_folder);
        $smarty->caching = false;
        $smarty->template_dir = DIR_FS_CATALOG . 'templates';
        $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
        $smarty->config_dir = DIR_FS_CATALOG . 'lang';
        //BOF - GTB - 2010-08-03 - Security Fix - Base
        $smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/');
        //$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/');
        //EOF - GTB - 2010-08-03 - Security Fix - Base
        $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
        $smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']);
        $smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']);
        $smarty->assign('PASSWORD', $pw);
        //$smarty->assign('language', $Lang_folder);
        $smarty->assign('content', $module_content);
        $smarty->caching = false;
        $html_mail = $smarty->fetch('db:create_account_mail_admin.html');
        $txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
        // send mail with html/txt template
        xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
    }
    print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id);
}
Esempio n. 18
0
    //DokuMan - 2010-09-08 - set undefined index
}
if (isset($_POST['feedbacktext']) && $_POST['feedbacktext'] != '') {
    $feedback_text = $_POST['feedbacktext'];
    $feedback = '';
    $success_message = '';
    if (trim($feedback_text) != '') {
        $feedback_text = strip_tags($feedback_text);
        $feedback .= 'New feedback sent from: ' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '<br />';
        $feedback .= 'Shophelfer version: ' . PROJECT_VERSION . '<br />';
        $feedback .= 'Database version: ' . DB_VERSION . '<br />';
        $feedback .= 'Browser: ' . $_SERVER['HTTP_USER_AGENT'] . '<br /><br />';
        $feedback .= 'Feedback: ' . $feedback_text;
        require_once DIR_FS_CATALOG . DIR_WS_CLASSES . 'class.phpmailer.php';
        require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
        xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_ADDRESS, '*****@*****.**', '*****@*****.**', '', '', '', '', '', 'Feedback Shophelfer', $feedback, $feedback);
        $success_message = FEEDBACK_SENT;
    }
}
?>
          
<nav class="navbar navbar-default navbar-fixed-top">
	<div class="container-fluid">
		<div class="navbar-header">
			<a class="navbar-brand" href="<?php 
echo xtc_href_link('start.php', '', 'NONSSL');
?>
"><img class="img-responsive" style="height: 40px;" src="images/shophelferlogo.png" /></a>
                        <button class="navbar-toggle collapsed" aria-controls="navbar" aria-expanded="false" data-target="#navbar" data-toggle="collapse" type="button">
                        <span class="icon-bar"></span>
                        <span class="icon-bar"></span>
function shopDbMail($from_email_address, $from_email_name, $to_email_address, $to_name, $forwarding_to, $reply_address, $reply_address_name, $path_to_attachement, $path_to_more_attachements, $email_subject, $message_body_html, $message_body_plain)
{
    xtc_php_mail($from_email_address, $from_email_name, $to_email_address, $to_name, $forwarding_to, $reply_address, $reply_address_name, $path_to_attachement, $path_to_more_attachements, $email_subject, $message_body_html, $message_body_plain);
    return;
}
     $email_data[] = array('id' => $email_query_data['id'], 'firstname' => $email_query_data['customers_firstname'], 'lastname' => $email_query_data['customers_lastname'], 'email' => $email_query_data['customers_email_address'], 'key' => $email_query_data['mail_key']);
 }
 $break = 0;
 if ($limit_data['count'] < $limits) {
     $break = 1;
     unset($ajax);
 }
 $newsletters_query = xtc_db_query("SELECT title,\r\n                                            body,\r\n                                            bc,\r\n                                            cc\r\n                                       FROM " . TABLE_MODULE_NEWSLETTER . "\r\n                                      WHERE newsletter_id='" . (int) $_GET['ID'] . "'");
 $newsletters_data = xtc_db_fetch_array($newsletters_query);
 //Image path correction - absolute path needed
 $newsletters_data['body'] = str_replace('src="' . DIR_WS_CATALOG . 'images/', 'src="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . '/images/', $newsletters_data['body']);
 for ($i = 1; $i <= NEWSLETTER_EXECUTE_LIMIT; $i++) {
     if (!empty($email_data[$i - 1])) {
         $link1 = chr(13) . chr(10) . chr(13) . chr(10) . TEXT_NEWSLETTER_REMOVE . chr(13) . chr(10) . chr(13) . chr(10) . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . FILENAME_CATALOG_NEWSLETTER . '?action=remove&email=' . $email_data[$i - 1]['email'] . '&key=' . $email_data[$i - 1]['key'];
         $link2 = $link2 = '<br /><br /><hr>' . TEXT_NEWSLETTER_REMOVE . '<br /><a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . FILENAME_CATALOG_NEWSLETTER . '?action=remove&email=' . $email_data[$i - 1]['email'] . '&key=' . $email_data[$i - 1]['key'] . '">' . TEXT_REMOVE_LINK . '</a>';
         xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $email_data[$i - 1]['email'], $email_data[$i - 1]['lastname'] . ' ' . $email_data[$i - 1]['firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $newsletters_data['title'], $newsletters_data['body'] . $link2, $newsletters_data['body'] . $link1);
         xtc_db_query("UPDATE module_newsletter_temp_" . (int) $_GET['ID'] . " SET comment='send' WHERE id='" . $email_data[$i - 1]['id'] . "'");
     }
 }
 if ($break == 1) {
     // finished
     $limit1_query = xtc_db_query("SELECT count(*) as count\r\n                                FROM module_newsletter_temp_" . (int) $_GET['ID'] . "\r\n                                WHERE comment='send'");
     $limit1_data = xtc_db_fetch_array($limit1_query);
     if ($limit1_data['count'] - $limit_data['count'] <= 0) {
         xtc_db_query("UPDATE " . TABLE_MODULE_NEWSLETTER . " SET status='1' WHERE newsletter_id='" . (int) $_GET['ID'] . "'");
         xtc_redirect(xtc_href_link(FILENAME_MODULE_NEWSLETTER));
     } else {
         echo '<b>' . $limit1_data['count'] . '<b> emails send<br />';
         echo '<b>' . $limit1_data['count'] - $limit_data['count'] . '<b> emails left';
     }
 }
Esempio n. 21
0
             $smarty->config_dir = DIR_FS_CATALOG . 'lang';
             $smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
             $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
             $smarty->assign('NAME', $check_status['customers_name']);
             $smarty->assign('ORDER_NR', $billnr);
             $smarty->assign('ORDER_LINK', xtc_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, 'order_id=' . $oID, 'SSL'));
             $smarty->assign('ORDER_DATE', xtc_date_long($check_status['date_purchased']));
             $smarty->assign('NOTIFY_COMMENTS', $notify_comments);
             $smarty->assign('ORDER_STATUS', $orders_status_array[$status]);
             $html_mail = $smarty->fetch('db:invoice_mail.html');
             $txt_mail = $smarty->fetch('db:invoice_mail.txt');
             $pdffile = DIR_FS_ADMIN . get_pdf_invoice_filename($oID);
             $pdffile_downloadname = get_pdf_invoice_download_filename($oID);
             $order_subject = str_replace('{$nr}', $order->info['ibn_billnr'], EMAIL_BILLING_SUBJECT);
             $order_subject = str_replace('{$date}', strftime(DATE_FORMAT_LONG), $order_subject);
             xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, $pdffile, '', $order_subject, $html_mail, $txt_mail);
             //  $message_body_plain
             xtc_db_query("update " . TABLE_ORDERS . " set ibn_pdfnotifydate = now() where orders_id = '" . $oID . "'");
         }
     }
     // EOF - Fishnet Services - Nicolas Gemsjäger
     if ($order_updated) {
         $messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
     } else {
         $messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
     }
     xtc_redirect(xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('action')) . 'action=edit'));
     break;
 case 'resendordermail':
     break;
 case 'deleteconfirm':
        $smarty = new Smarty();
        $smarty->template_dir = DIR_FS_CATALOG . 'templates';
        $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
        $smarty->config_dir = DIR_FS_CATALOG . 'lang';
        $order_products = array();
        $sendorder = false;
        foreach ($_POST["quantity"] as $pid => $products_quantity) {
            if ($products_quantity > 0) {
                $order_products[$pid] = array("products_name" => $wInfo->products[$pid]["products_name"], "products_quantity" => $products_quantity);
                $sendorder = true;
            }
        }
        $smarty->assign('PRODUCTS', $order_products);
        $html_mail = $smarty->fetch('db:' . $wInfo->wholesaler_email_template . ".html");
        if (SEND_EMAILS == true && $sendorder == true) {
            xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $wInfo->wholesaler_email, $wInfo->wholesaler_name, '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUBJECT_WHOLESALER, $html_mail, '');
            //  $message_body_plain
            $message_stack = "Bestellung erfolgreich abgeschickt!";
        }
    }
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php 
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
 function _logTrans($data)
 {
     while (list($key, $value) = each($data)) {
         $line .= $key . ':' . $val . '|';
     }
     xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'Rakuten ROPE Invalid Process', $line, $line);
 }
Esempio n. 24
0
        $gv_email_subject = sprintf(EMAIL_GV_TEXT_SUBJECT, stripslashes($_POST['send_name']));
        $smarty->assign('language', $_SESSION['language']);
        $smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
        $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
        $smarty->assign('GIFT_LINK', xtc_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $id1, 'NONSSL', false));
        $smarty->assign('AMMOUNT', $xtPrice->xtcFormat(str_replace(",", ".", $_POST['amount']), true));
        $smarty->assign('GIFT_CODE', $id1);
        $smarty->assign('MESSAGE', $_POST['message']);
        $smarty->assign('NAME', $_POST['to_name']);
        $smarty->assign('FROM_NAME', $_POST['send_name']);
        // dont allow cache
        $smarty->caching = false;
        $html_mail = $smarty->fetch('db:send_gift_to_friend.html');
        $txt_mail = $smarty->fetch('db:send_gift_to_friend.txt');
        // send mail
        xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $_POST['email'], $_POST['to_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $gv_email_subject, $html_mail, $txt_mail);
    }
}
$breadcrumb->add(NAVBAR_GV_SEND);
require DIR_WS_INCLUDES . 'header.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    $smarty->assign('action', 'process');
    $smarty->assign('LINK_DEFAULT', '<a href="' . xtc_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
}
if (isset($_GET['action']) && $_GET['action'] == 'send' && !$error) {
    $smarty->assign('action', 'send');
    // validate entries
    $gv_amount = (double) $gv_amount;
    $gv_query = xtc_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $_SESSION['customer_id'] . "'");
    $gv_result = xtc_db_fetch_array($gv_query);
    $send_name = $gv_result['customers_firstname'] . ' ' . $gv_result['customers_lastname'];
 function callback_process($data, $charset)
 {
     // Keine Session da !
     // Stand: 29.06.2011
     global $_GET;
     $this->data = $data;
     //$this->_logTrans($data);
     require_once DIR_WS_CLASSES . 'class.phpmailer.php';
     if (EMAIL_TRANSPORT == 'smtp') {
         require_once DIR_WS_CLASSES . 'class.smtp.php';
     }
     require_once DIR_FS_INC . 'xtc_Security.inc.php';
     $xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
     if (isset($xtc_order_id) && is_numeric($xtc_order_id) && $xtc_order_id > 0) {
         // order suchen
         $order_query = xtc_db_query("SELECT currency, currency_value\n                                    FROM " . TABLE_ORDERS . "\n                                    WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
         if (xtc_db_num_rows($order_query) > 0) {
             // order gefunden
             $ipn_charset = xtc_db_prepare_input($this->data['charset']);
             $ipn_data = array();
             $ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']);
             $ipn_data['xtc_order_id'] = xtc_db_prepare_input($xtc_order_id);
             $ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']);
             $ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']);
             $ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']);
             $ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']);
             $ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']);
             $ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'], $ipn_charset, $charset));
             $ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'], $ipn_charset, $charset));
             $ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'], $ipn_charset, $charset));
             $ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'], $ipn_charset, $charset));
             $ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'], $ipn_charset, $charset));
             $ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'], $ipn_charset, $charset));
             $ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']);
             $ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'], $ipn_charset, $charset));
             $ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']);
             $ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']);
             $ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']);
             $ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']);
             $ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date']));
             $ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'], $ipn_charset, $charset));
             $ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']);
             $ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']);
             $ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']);
             $ipn_data['txn_type'] = $this->ipn_determine_txn_type($this->data['txn_type']);
             $ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']);
             $ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']);
             $ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']);
             $ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']);
             $ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']);
             $ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']);
             $ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']);
             $ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']);
             $ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']);
             if ($ipn_data['num_cart_items'] > 1) {
                 $verspos = $ipn_data['num_cart_items'];
                 for ($p = 1; $p <= $verspos; $p++) {
                     if ($this->data['item_name' . $p] == substr(SUB_TITLE_OT_DISCOUNT, 0, 127) || $this->data['item_name' . $p] == substr(PAYPAL_GS, 0, 127) || $this->data['item_name' . $p] == "Handling" || $this->data['item_name' . $p] == substr(PAYPAL_TAX, 0, 127) || $this->data['item_name' . $p] == "Differenz") {
                         // Artikel Nummer aus den Details für Sonderzeilen
                         $ipn_data['num_cart_items']--;
                     }
                     if ($this->data['item_name' . $p] == substr(SHIPPING_COSTS, 0, 127)) {
                         // Versandkosten
                         $ipn_data['mc_shipping'] = $this->data['mc_gross_' . $p];
                         $ipn_data['num_cart_items']--;
                     }
                 }
             }
             $_transQuery = "SELECT paypal_ipn_id FROM " . TABLE_PAYPAL . " WHERE txn_id = '" . $ipn_data['txn_id'] . "'";
             $_transQuery = xtc_db_query($_transQuery);
             $_transQuery = xtc_db_fetch_array($_transQuery);
             if ($_transQuery['paypal_ipn_id'] != '') {
                 $insert_id = $_transQuery['paypal_ipn_id'];
                 $sql_data_array = array('payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'payer_email' => $ipn_data['payer_email'], 'num_cart_items' => $ipn_data['num_cart_items'], 'mc_fee' => $ipn_data['mc_fee'], 'mc_shipping' => $ipn_data['mc_shipping'], 'address_name' => $ipn_data['address_name'], 'address_street' => $ipn_data['address_street'], 'address_city' => $ipn_data['address_city'], 'address_state' => $ipn_data['address_state'], 'address_zip' => $ipn_data['address_zip'], 'address_country' => $ipn_data['address_country'], 'address_status' => $ipn_data['address_status'], 'payer_status' => $ipn_data['payer_status'], 'receiver_email' => $ipn_data['receiver_email'], 'last_modified ' => 'now()');
                 xtc_db_perform(TABLE_PAYPAL, $sql_data_array, 'update', "paypal_ipn_id = '" . (int) $insert_id . "'");
             } else {
                 $ipn_data['date_added'] = 'now()';
                 $ipn_data['last_modified'] = 'now()';
                 xtc_db_perform(TABLE_PAYPAL, $ipn_data);
                 $insert_id = xtc_db_insert_id();
             }
             $paypal_order_history = array('paypal_ipn_id' => $insert_id, 'txn_id' => $ipn_data['txn_id'], 'parent_txn_id' => $ipn_data['parent_txn_id'], 'payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'mc_amount' => $ipn_data['mc_gross'], 'date_added' => 'now()');
             xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY, $paypal_order_history);
             $crlf = "\n";
             $comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf;
             $comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']);
             if (isset($this->data['payer_status'])) {
                 $comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']);
             }
             $comment_status .= '.' . $crlf;
             if (isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && $_POST['test_ipn'] > 0) {
                 $comment_status .= '(Sandbox-Test Mode)' . $crlf;
             }
             $comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']);
             if (isset($this->data['pending_reason'])) {
                 $comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']);
             }
             if (isset($this->data['reason_code'])) {
                 $comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']);
             }
             $comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']);
             $comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']);
             if (isset($this->data['parent_txn_id'])) {
                 $comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']);
             }
             $comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']);
             //Set status for default (Pending)
             $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
             $parameters = 'cmd=_notify-validate';
             foreach ($this->data as $key => $value) {
                 $parameters .= '&' . $key . '=' . urlencode(stripslashes($value));
             }
             //$this->_logTransactions($parameters);
             // 08.01.2008 auch ohne cURL
             $mit_curl = 0;
             if (function_exists('curl_init')) {
                 $ch = curl_init();
                 curl_setopt($ch, CURLOPT_URL, $this->IPN_URL);
                 curl_setopt($ch, CURLOPT_POST, 1);
                 curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
                 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                 curl_setopt($ch, CURLOPT_HEADER, 0);
                 curl_setopt($ch, CURLOPT_TIMEOUT, 30);
                 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
                 $result = curl_exec($ch);
                 if (!curl_errno($ch)) {
                     $mit_curl = 1;
                 }
                 curl_close($ch);
             }
             // cURL fehlt oder ist fehlgeschlagen
             if ($mit_curl == 0) {
                 $request_post = array('http' => array('method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $parameters));
                 $request = stream_context_create($request_post);
                 $result = file_get_contents($this->IPN_URL, false, $request);
             }
             if (strtoupper($result) == 'VERIFIED' || $result == '1') {
                 // Steht auf Warten
                 if (strtolower($this->data['payment_status']) == 'completed') {
                     if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
                         $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
                     }
                     //Set status for Denied, Failed
                 } elseif (strtolower($this->data['payment_status']) == 'denied' or strtolower($this->data['payment_status']) == 'failed') {
                     $order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
                     //Set status for Reversed
                 } elseif (strtolower($this->data['payment_status']) == 'reversed') {
                     $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
                     //Set status for Canceled-Reversal
                 } elseif (strtolower($this->data['payment_status']) == 'canceled-reversal') {
                     $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
                     //Set status for Refunded
                 } elseif (strtolower($this->data['payment_status']) == 'refunded') {
                     $order_status_id = DEFAULT_ORDERS_STATUS_ID;
                     //Set status for Pendign - eigentlich nicht nötig?
                 } elseif (strtolower($this->data['payment_status']) == 'pending') {
                     $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID;
                     //Set status for Processed - wann kommt das ?
                 } elseif (strtolower($this->data['payment_status']) == 'processed') {
                     if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) {
                         $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID;
                     }
                 }
             } else {
                 $order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID;
                 $error_reason = 'Received INVALID responce but invoice and Customer matched.';
             }
             $xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE));
             xtc_db_query("UPDATE " . TABLE_ORDERS . "\n                        SET orders_status = '" . $order_status_id . "', last_modified = now()\n                        WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'");
             $sql_data_array = array('orders_id' => xtc_db_prepare_input($xtc_order_id), 'orders_status_id' => $order_status_id, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN ' . $comment_status . '');
             xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
         } else {
             $error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.';
         }
     } else {
         $error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.';
     }
     if (xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) {
         $email_body = $error_reason . "\n\n" . '<br>';
         $email_body .= $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . " - " . $_SERVER['HTTP_ACCEPT'] . "\n\n" . '<br>';
         $email_body .= '$_POST:' . "\n\n" . '<br>';
         foreach ($this->data as $key => $value) {
             $email_body .= $key . '=' . $value . "\n" . '<br>';
         }
         $email_body .= "\n" . '$_GET:' . "\n\n" . '<br>';
         foreach ($_GET as $key => $value) {
             $email_body .= $key . '=' . $value . "\n" . '<br>';
         }
         xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body);
     }
 }
                 $customers_lastname = $check_customer['customers_lastname'];
             }
         }
         $sql_data_array = array('customers_email_address' => xtc_db_input($_POST['email']), 'customers_id' => xtc_db_input($customers_id), 'customers_status' => xtc_db_input($customers_status), 'customers_firstname' => xtc_db_input($customers_firstname), 'customers_lastname' => xtc_db_input($customers_lastname), 'mail_status' => '0', 'mail_key' => xtc_db_input($vlcode), 'date_added' => 'now()');
         xtc_db_perform(TABLE_NEWSLETTER_RECIPIENTS, $sql_data_array);
         $info_message = TEXT_EMAIL_INPUT;
         if (SEND_EMAILS == true) {
             xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($_POST['email']), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail);
         }
     } else {
         $check_mail = xtc_db_fetch_array($check_mail_query);
         if ($check_mail['mail_status'] == '0') {
             xtc_db_query("UPDATE " . TABLE_NEWSLETTER_RECIPIENTS . " SET mail_key = '" . xtc_db_input($vlcode) . "' WHERE customers_email_address='" . $_POST['email'] . "'");
             $info_message = TEXT_EMAIL_EXIST_NO_NEWSLETTER;
             if (SEND_EMAILS == true) {
                 xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($_POST['email']), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail);
             }
         } else {
             $info_message = TEXT_EMAIL_EXIST_NEWSLETTER;
         }
     }
 } else {
     //BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
     //$info_message = TEXT_WRONG_CODE;
     if (!xtc_validate_email(trim($_POST['email']))) {
         $info_message .= ERROR_EMAIL;
     }
     //EOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
 }
 //BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
 if (xtc_validate_email(trim($_POST['email'])) && isset($_POST['delete'])) {
 function _notifyTransaction($oID, $text)
 {
     $email_body = "Order ID: " . $oID . "\n" . 'Message: ' . $text . "\n\n";
     require_once DIR_WS_CLASSES . 'class.phpmailer.php';
     if (EMAIL_TRANSPORT == 'smtp') {
         require_once DIR_WS_CLASSES . 'class.smtp.php';
     }
     require_once DIR_FS_INC . 'xtc_Security.inc.php';
     xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, EMAIL_BILLING_ADDRESS, STORE_NAME, '', '', 'Moneybookers Payment Notification', $email_body, $email_body);
 }
 function sendRequestMail($mail)
 {
     $smarty = new Smarty();
     $link = xtc_href_link(FILENAME_NEWSLETTER, 'action=activate&email=' . xtc_db_input($mail) . '&key=' . $this->vlCode, 'NONSSL');
     // assign language to template for caching
     $smarty->assign('language', $_SESSION['language']);
     $smarty->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
     $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
     // assign vars
     $smarty->assign('EMAIL', xtc_db_input($mail));
     $smarty->assign('LINK', $link);
     // dont allow cache
     $smarty->caching = false;
     $html_mail = $smarty->fetch('db:newsletter_mail.html');
     $txt_mail = $smarty->fetch('db:newsletter_mail.txt');
     $email_subject = $mailer->subject;
     if (SEND_EMAILS == true) {
         xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($mail), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail);
     }
 }
require_once DIR_FS_INC . 'xtc_draw_input_field.inc.php';
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include the mailer-class
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    $check_affiliate_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_password, affiliate_id from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . $_POST['email_address'] . "'");
    if (xtc_db_num_rows($check_affiliate_query)) {
        $check_affiliate = xtc_db_fetch_array($check_affiliate_query);
        // Crypted password mods - create a new password, update the database and mail it to them
        $newpass = xtc_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
        $crypted_password = xtc_encrypt_password($newpass);
        xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . $check_affiliate['affiliate_id'] . "'");
        xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $_POST['email_address'], $check_affiliate['affiliate_firstname'] . " " . $check_affiliate['affiliate_lastname'], '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', EMAIL_PASSWORD_REMINDER_SUBJECT, nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)), nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)));
        if (!isset($mail_error)) {
            xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
        } else {
            echo $mail_error;
        }
    } else {
        xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'email=nonexistent', 'SSL'));
    }
} else {
    $breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
    $breadcrumb->add(NAVBAR_TITLE_PASSWORD_FORGOTTEN, xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, '', 'SSL'));
    require DIR_WS_INCLUDES . 'header.php';
    $smarty->assign('FORM_ACTION', xtc_draw_form('password_forgotten', xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'action=process', 'SSL')));
    $smarty->assign('INPUT_EMAIL', xtc_draw_input_field('email_address', '', 'maxlength="96"'));
    $smarty->assign('LINK_AFFILIATE', '<a href="' . xtc_href_link(FILENAME_AFFILIATE, '', 'SSL') . '">' . xtc_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>');
Esempio n. 30
0
         $smarty->assign('ORDER_LINK', xtc_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, 'order_id=' . $oID, 'SSL'));
         $smarty->assign('ORDER_DATE', xtc_date_long($check_status['date_purchased']));
         $smarty->assign('ORDER_STATUS', $orders_status_array[$status]);
         if (defined('EMAIL_SIGNATURE')) {
             $smarty->assign('EMAIL_SIGNATURE_HTML', nl2br(EMAIL_SIGNATURE));
             $smarty->assign('EMAIL_SIGNATURE_TEXT', EMAIL_SIGNATURE);
         }
         $smarty->assign('NOTIFY_COMMENTS', nl2br($notify_comments));
         $html_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.html');
         $smarty->assign('NOTIFY_COMMENTS', $notify_comments);
         $txt_mail = $smarty->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/change_order_mail.txt');
         // BOF GM_MOD
         if ($_SESSION['language'] == 'german') {
             xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', 'Ihre Bestellung ' . $oID . ', ' . xtc_date_long($check_status['date_purchased']) . ', ' . $check_status['customers_name'], $html_mail, $txt_mail);
         } else {
             xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', 'Your Order ' . $oID . ', ' . xtc_date_long($check_status['date_purchased']) . ', ' . $check_status['customers_name'], $html_mail, $txt_mail);
         }
         // EOF GM_MOD
         $customer_notified = '1';
     }
     xtc_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) values ('" . xtc_db_input($oID) . "', '" . xtc_db_input($status) . "', now(), '" . $customer_notified . "', '" . xtc_db_input($comments) . "')");
     $order_updated = true;
 }
 if ($order_updated) {
     include_once DIR_FS_DOCUMENT_ROOT . '/shopgate/plugins/gambiogx/update_order.php';
     setShopgateOrderStatus($oID, $status);
     $messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success');
 } else {
     $messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning');
 }
 xtc_redirect(xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('action')) . 'action=edit'));