function objectInfo($object_array)
{
reset($object_array);
while (list($key, $value) = each($object_array)) {
$this->{$key} = olc_db_prepare_input($value);
}
}
function loadTransactionSessionInfo($txn_sign)
{
$txn_signature = olc_db_prepare_input($txn_sign);
$orders_session_query = olc_db_query("select orders_id, content_type, payment_title, language, language_id, billto, sendto, currency, currency_value, payment_amount, payment_currency, affiliate_id, affiliate_clickthroughs_id, affiliate_date, affiliate_browser, affiliate_ipaddress from " . TABLE_ORDERS_SESSION_INFO . " where txn_signature ='" . olc_db_input($txn_signature) . "' limit 1");
if (olc_db_num_rows($orders_session_query)) {
$orders_session = olc_db_fetch_array($orders_session_query);
$this->setCommonVars($orders_session);
$this->setOrderID($orders_session['orders_id']);
$this->payment_amount = $orders_session['payment_amount'];
$this->payment_currency = $orders_session['payment_currency'];
}
}
function query($txn_id)
{
$transaction_id = olc_db_prepare_input($txn_id);
$info = array('txn_type', 'reason_code', 'payment_type', 'payment_status', 'pending_reason', 'invoice', 'payment_date', 'payment_time_zone', 'business', 'receiver_email', 'receiver_id', 'txn_id', 'parent_txn_id', 'notify_version', 'last_modified', 'date_added', 'for_auction', 'auction_closing_date');
$txn = array('num_cart_items', 'mc_currency', 'mc_gross', 'mc_fee', 'payment_gross', 'payment_fee', 'settle_amount', 'settle_currency', 'exchange_rate');
$customer = array('first_name', 'last_name', 'payer_business_name', 'address_name', 'address_street', 'address_city', 'address_state', 'address_zip', 'address_country', 'address_status', 'payer_email', 'payer_id', 'auction_buyer_id', 'payer_status', 'memo');
$ipn_query = olc_db_query("select " . implode(',', array_merge($info, $txn, $customer)) . " from " . olc_db_input($this->paymentTableName) . " where txn_id = '" . olc_db_input($transaction_id) . APOS);
if (olc_db_num_rows($ipn_query)) {
$ipn = olc_db_fetch_array($ipn_query);
$this->info = $this->getSQLDataElements($ipn, $info);
$this->txn = $this->getSQLDataElements($ipn, $txn);
$this->customer = $this->getSQLDataElements($ipn, $customer);
}
}
function olc_db_prepare_input($string)
{
if (is_string($string)) {
//return trim(stripslashes($string));
return trim(addslashes($string));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = olc_db_prepare_input($value);
}
return $string;
} else {
return trim($string);
}
}
function query($order_id)
{
$order_id = olc_db_prepare_input($order_id);
$order_query = olc_db_query(SELECT_ALL . TABLE_ORDERS . " where\n\t\torders_id = '" . olc_db_input($order_id) . APOS);
$order = olc_db_fetch_array($order_query);
$totals_query = olc_db_query("\n\t\tselect\n\t\ttitle,\n\t\ttext,\n\t\tvalue\n\t\tfrom " . TABLE_ORDERS_TOTAL . " where orders_id = '" . olc_db_input($order_id) . "' order by sort_order");
while ($totals = olc_db_fetch_array($totals_query)) {
$this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'value' => $totals['value']);
}
// begin PayPal_Shopping_Cart_IPN
$order_total_query = olc_db_query("select text, value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_total'");
// end PayPal_Shopping_Cart_IPN
$order_total = olc_db_fetch_array($order_total_query);
//begin PayPal_Shopping_Cart_IPN
$shipping_method_query = "select title, value from " . TABLE_ORDERS_TOTAL . " where orders_id = " . $order_id . " and class = 'ot_shipping'";
$shipping_method_query = olc_db_query($shipping_method_query);
//end PayPal_Shopping_Cart_IPN $shipping_method = olc_db_fetch_array($shipping_method_query);
$shipping_method = olc_db_fetch_array($shipping_method_query);
$order_status_query = olc_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . SESSION_LANGUAGE_ID . APOS);
$order_status = olc_db_fetch_array($order_status_query);
$shipping_method_text = strip_tags($shipping_method['title']);
if (substr($shipping_method_text, -1) == ':') {
$shipping_method_text = substr($shipping_method_text, 0, -1);
}
$this->info = array('order_id' => $order_id, 'currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'cc_start' => $order['cc_start'], 'cc_issue' => $order['cc_issue'], 'cc_cvv' => $order['cc_cvv'], 'date_purchased' => $order['date_purchased'], 'orders_status_id' => $order['orders_status'], 'total_value' => $order_total['value'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'orders_trackcode' => $order['orders_trackcode'], 'total' => strip_tags($order_total['text']), 'shipping_cost' => $shipping_method['value'], 'shipping_class' => $order['shipping_class'], 'shipping_method' => $shipping_method_text, 'orders_trackcode' => $order['orders_trackcode'], 'comments' => $order['comments'], 'language' => $order['language'], 'customers_order_reference' => $order['customers_order_reference']);
$this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'csID' => $order['customers_cid'], 'cIP' => $order['customers_ip'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address'], 'email_type' => $order['customers_email_type']);
$this->delivery = array('name' => $order['delivery_name'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id'], 'delivery_packingslip_number' => $order['delivery_packingslip_number'], 'delivery_packingslip_date' => $order['delivery_packingslip_date']);
if (empty($this->delivery['name'])) {
if (empty($this->delivery['street_address'])) {
$this->delivery = false;
}
}
$this->billing = array('name' => $order['billing_name'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id'], 'billing_invoice_number' => $order['billing_invoice_number'], 'billing_invoice_date' => $order['billing_invoice_date']);
$index = 0;
$orders_products_query = olc_db_query("\n\t\tselect\n\t\torders_products_id,\n\t\tproducts_id,\n\t\tproducts_name,\n\t\tproducts_model,\n\t\tproducts_price,\n\t\tproducts_tax,\n\t\tproducts_quantity,\n\t\tfinal_price,\n\t\tallow_tax,\n\t\tproducts_discount_made\n\t\tfrom " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . olc_db_input($order_id) . APOS);
while ($orders_products = olc_db_fetch_array($orders_products_query)) {
$this->products[$index] = array('id' => $orders_products['products_id'], 'orders_products_id' => $orders_products['orders_products_id'], 'qty' => $orders_products['products_quantity'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'discount' => $orders_products['products_discount_made'], 'final_price' => $orders_products['final_price'], 'allow_tax' => $orders_products['allow_tax']);
$subindex = 0;
$attributes_query = olc_db_query("\n\t\t\t\tselect\n\t\t\t\tproducts_options,\n\t\t\t\tproducts_options_values,\n\t\t\t\tproducts_options_id,\n\t\t\t\tproducts_options_values_id,\n\t\t\t\toptions_values_price,\n\t\t\t\tprice_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . olc_db_input($order_id) . "' and orders_products_id = '" . $orders_products['orders_products_id'] . APOS);
if (olc_db_num_rows($attributes_query)) {
while ($attributes = olc_db_fetch_array($attributes_query)) {
$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'option_id' => $attributes['products_options_id'], 'value_id' => $attributes['products_options_values_id'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']);
$subindex++;
}
}
$index++;
}
}
function olc_address_summary($customers_id, $address_id)
{
$customers_id = olc_db_prepare_input($customers_id);
$address_id = olc_db_prepare_input($address_id);
$address_query = olc_db_query("select ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_state, ab.entry_country_id, ab.entry_zone_id, c.countries_name, c.address_format_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_COUNTRIES . " c where ab.address_book_id = '" . olc_db_input($address_id) . "' and ab.customers_id = '" . olc_db_input($customers_id) . "' and ab.entry_country_id = c.countries_id");
$address = olc_db_fetch_array($address_query);
$street_address = $address['entry_street_address'];
$suburb = $address['entry_suburb'];
$postcode = $address['entry_postcode'];
$city = $address['entry_city'];
$state = olc_get_zone_code($address['entry_country_id'], $address['entry_zone_id'], $address['entry_state']);
$country = $address['countries_name'];
$address_format_query = olc_db_query("select address_summary from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . $address['address_format_id'] . APOS);
$address_format = olc_db_fetch_array($address_format_query);
// eval("\$address = \"{$address_format['address_summary']}\";");
$address_summary = $address_format['address_summary'];
eval("\$address = \"{$address_summary}\";");
return $address;
}
function olc_get_categories($categories_array = '', $parent_id = '0', $indent = '')
{
$parent_id = olc_db_prepare_input($parent_id);
if (!is_array($categories_array)) {
$categories_array = array();
}
$sql = SELECT . "\n\tc.categories_id,\n\tcd.categories_name,\n\tcd.categories_heading_title,\n\tcd.categories_description\n\tfrom " . TABLE_CATEGORIES . " c,\t" . TABLE_CATEGORIES_DESCRIPTION . " cd\n\twhere\n\tparent_id = '" . olc_db_input($parent_id) . "'\n\tand c.categories_id = cd.categories_id\n\tand c.categories_status != 0\n\tand cd.language_id = '" . SESSION_LANGUAGE_ID . "'\n\torder by sort_order, cd.categories_name";
$categories_query = olc_db_query($sql);
$indent_two_nbsp = $indent . HTML_NBSP . HTML_NBSP;
while ($categories = olc_db_fetch_array($categories_query)) {
$name = $categories['categories_name'];
$title = $categories['categories_heading_title'];
if ($title == EMPTY_STRING) {
$title = $name;
}
$categories_id = $categories['categories_id'];
$categories_array[] = array('id' => $categories_id, 'text' => $indent . $name, 'title' => $title);
if ($categories_id != $parent_id) {
$categories_array = olc_get_categories($categories_array, $categories_id, $indent_two_nbsp);
}
}
return $categories_array;
}
function tep_db_prepare_input($x)
{
return olc_db_prepare_input($x);
}
?>
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading"><?php
echo HEADING_TITLE;
?>
</td>
<td class="main"><?php
echo olc_draw_form('status', FILENAME_COUPON_ADMIN, '', 'get');
$status_array[] = array('id' => 'Y', 'text' => TEXT_COUPON_ACTIVE);
$status_array[] = array('id' => 'N', 'text' => TEXT_COUPON_INACTIVE);
$status_array[] = array('id' => '*', 'text' => TEXT_COUPON_ALL);
if ($_GET['status']) {
$status = olc_db_prepare_input($_GET['status']);
} else {
$status = 'Y';
}
echo HEADING_TITLE_STATUS . BLANK . olc_draw_pull_down_menu('status', $status_array, $status, 'onchange="this.form.submit();"');
?>
</form>
</td>
</tr>
</table></td>
</tr>
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr class="dataTableHeadingRow">
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
//require(BOXES);
// include needed functions
require_once DIR_FS_INC . 'olc_draw_hidden_field.inc.php';
require_once DIR_FS_INC . 'olc_draw_password_field.inc.php';
require_once DIR_FS_INC . 'olc_validate_password.inc.php';
require_once DIR_FS_INC . 'olc_encrypt_password.inc.php';
require_once DIR_FS_INC . 'olc_image_button.inc.php';
if (!isset($_SESSION['customer_id'])) {
olc_redirect(olc_href_link(FILENAME_LOGIN));
}
if (isset($_POST['action']) && $_POST['action'] == 'process') {
$password_current = olc_db_prepare_input($_POST['password_current']);
$password_new = olc_db_prepare_input($_POST['password_new']);
$password_confirmation = olc_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = olc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . APOS);
$check_customer = olc_db_fetch_array($check_customer_query);
if (olc_validate_password($password_current, $check_customer['customers_password'])) {
//if ($action == 'save')
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = olc_array_merge($sql_data_array, $update_sql_data);
olc_db_perform(TABLE_MANUFACTURERS, $sql_data_array, 'update', $manufacturers_id_sql);
}
$dir_manufacturers = DIR_FS_CATALOG_IMAGES . "/manufacturers";
if ($manufacturers_image = new upload('manufacturers_image', $dir_manufacturers)) {
if ($manufacturers_image->filename) {
olc_db_query(SQL_UPDATE . TABLE_MANUFACTURERS . "\n\t\t\t\tset manufacturers_image ='manufacturers/" . $manufacturers_image->filename . "' where " . $manufacturers_id_sql);
}
}
$languages = olc_get_languages();
$manufacturers_url_array = $_POST['manufacturers_url'];
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('manufacturers_url' => olc_db_prepare_input($manufacturers_url_array[$language_id]));
if ($is_insert) {
$insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id);
$sql_data_array = olc_array_merge($sql_data_array, $insert_sql_data);
olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array);
} else {
//if ($action == 'save') {
olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', $manufacturers_id_sql . " and languages_id = '" . $language_id . APOS);
}
}
if (USE_CACHE == TRUE_STRING_S) {
olc_reset_cache_block('manufacturers');
}
//olc_redirect(olc_href_link(FILENAME_MANUFACTURERS, $page_parameter.'&mID='.$manufacturers_id));
$mID = $manufacturers_id;
break;
<td class="pageHeading"><?php
echo HEADING_TITLE;
?>
</td>
<td class="pageHeading" align="right"><?php
echo olc_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT);
?>
</td>
</tr>
</table></td>
</tr>
<?php
if ($_GET['action'] == 'new') {
$form_action = 'insert';
if ($_GET['abID']) {
$abID = olc_db_prepare_input($_GET['abID']);
$form_action = 'update';
$affiliate_banner_query = olc_db_query("select * from " . TABLE_AFFILIATE_BANNERS . " where affiliate_banners_id = '" . olc_db_input($abID) . APOS);
$affiliate_banner = olc_db_fetch_array($affiliate_banner_query);
$abInfo = new objectInfo($affiliate_banner);
} elseif ($_POST) {
$abInfo = new objectInfo($_POST);
} else {
$abInfo = new objectInfo(array());
}
$groups_array = array();
$groups_query = olc_db_query("select distinct affiliate_banners_group from " . TABLE_AFFILIATE_BANNERS . " order by affiliate_banners_group");
while ($groups = olc_db_fetch_array($groups_query)) {
$groups_array[] = array('id' => $groups['affiliate_banners_group'], 'text' => $groups['affiliate_banners_group']);
}
?>
function send($newsletter_id)
{
$audience = array();
if ($_POST['global'] == TRUE_STRING_S) {
$products_query = olc_db_query("select distinct pn.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn where c.customers_id = pn.customers_id");
while ($products = olc_db_fetch_array($products_query)) {
$audience[$products['customers_id']] = array('firstname' => $products['customers_firstname'], 'lastname' => $products['customers_lastname'], 'email_address' => $products['customers_email_address']);
}
$customers_query = olc_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci where c.customers_id = ci.customers_info_id and ci.global_product_notifications = '1'");
while ($customers = olc_db_fetch_array($customers_query)) {
$audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']);
}
} else {
$chosen = $_POST['chosen'];
$ids = implode(',', $chosen);
$products_query = olc_db_query("select distinct pn.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn where c.customers_id = pn.customers_id and pn.products_id in (" . $ids . RPAREN);
while ($products = olc_db_fetch_array($products_query)) {
$audience[$products['customers_id']] = array('firstname' => $products['customers_firstname'], 'lastname' => $products['customers_lastname'], 'email_address' => $products['customers_email_address']);
}
$customers_query = olc_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci where c.customers_id = ci.customers_info_id and ci.global_product_notifications = '1'");
while ($customers = olc_db_fetch_array($customers_query)) {
$audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']);
}
}
$mimemessage = new email(array('X-Mailer: osCommerce bulk mailer'));
$mimemessage->add_text($this->content);
$mimemessage->build_message();
reset($audience);
while (list($key, $value) = each($audience)) {
$mimemessage->send($value['firstname'] . BLANK . $value['lastname'], $value['email_address'], '', EMAIL_FROM, $this->title);
}
$newsletter_id = olc_db_prepare_input($newsletter_id);
olc_db_query(SQL_UPDATE . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1' where newsletters_id = '" . olc_db_input($newsletter_id) . APOS);
}
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
//require(BOXES);
// include needed functions
require_once DIR_FS_INC . 'olc_draw_hidden_field.inc.php';
require_once DIR_FS_INC . 'olc_draw_checkbox_field.inc.php';
require_once DIR_FS_INC . 'olc_draw_selection_field.inc.php';
require_once DIR_FS_INC . 'olc_image_button.inc.php';
if (!isset($_SESSION['customer_id'])) {
olc_redirect(olc_href_link(FILENAME_LOGIN, '', SSL));
}
$global_query = olc_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int) $_SESSION['customer_id'] . APOS);
$global = olc_db_fetch_array($global_query);
if (isset($_POST['action']) && $_POST['action'] == 'process') {
if (isset($_POST['product_global']) && is_numeric($_POST['product_global'])) {
$product_global = olc_db_prepare_input($_POST['product_global']);
} else {
$product_global = '0';
}
(array) ($products = $_POST['products']);
if ($product_global != $global['global_product_notifications']) {
$product_global = $global['global_product_notifications'] == '1' ? '0' : '1';
olc_db_query(SQL_UPDATE . TABLE_CUSTOMERS_INFO . " set global_product_notifications = '" . (int) $product_global . "' where customers_info_id = '" . (int) $_SESSION['customer_id'] . APOS);
} elseif (sizeof($products) > 0) {
$products_parsed = array();
for ($i = 0, $n = sizeof($products); $i < $n; $i++) {
if (is_numeric($products[$i])) {
$products_parsed[] = $products[$i];
}
}
if (sizeof($products_parsed) > 0) {
// if ($_GET['action'] == 'insert') {
// $insert_sql_data = array('manufacturers_id' => $manufacturers_id,
// 'languages_id' => $language_id);
// $sql_data_array = olc_array_merge($sql_data_array, $insert_sql_data);
// olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array);
// } elseif ($_GET['action'] == 'save') {
// olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . olc_db_input($manufacturers_id) . "' and languages_id = '" . $language_id . APOS);
// }
// }
if (USE_CACHE == TRUE_STRING_S) {
olc_reset_cache_block('blacklist');
}
olc_redirect(olc_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'] . '&bID=' . $blacklist_id));
break;
case 'deleteconfirm':
$blacklist_id = olc_db_prepare_input($_GET['bID']);
/* if ($_POST['delete_image'] == 'on') {
$manufacturer_query = olc_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . olc_db_input($manufacturers_id) . APOS);
$manufacturer = olc_db_fetch_array($manufacturer_query);
$image_location = DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG_IMAGES . $manufacturer['manufacturers_image'];
if (file_exists($image_location)) @unlink($image_location);
}
*/
olc_db_query(DELETE_FROM . TABLE_BLACKLIST . " where blacklist_id = '" . olc_db_input($blacklist_id) . APOS);
// olc_db_query(DELETE_FROM . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . olc_db_input($manufacturers_id) . APOS);
/* if ($_POST['delete_products'] == 'on') {
$products_query = olc_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . olc_db_input($manufacturers_id) . APOS);
while ($products = olc_db_fetch_array($products_query)) {
olc_remove_product($products['products_id']);
}
} else {
$_SESSION['payment'] = $_POST['payment'];
}
//Get all POST-vars into variables! Payment modules rely on register globals ON, which might not be true!!!
//So we create the variables ourselves
foreach ($_POST as $key => $value) {
${$key} = strip_tags($value);
global ${$key};
}
foreach ($_GET as $key => $value) {
${$key} = strip_tags($value);
global ${$key};
}
$_SESSION['customers_order_reference'] = $_POST['customers_order_reference'];
$comments = $_POST['comments'];
if ($comments) {
$_SESSION['comments'] = olc_db_prepare_input($comments);
}
unset($_SESSION['paypal_payment']);
//-- TheMedia Begin check if display conditions on checkout page is true
if (isset($_POST['cot_gv'])) {
$_SESSION['cot_gv'] = true;
}
//---PayPal WPP Modification START ---//
// W. Kaiser
$ec_enabled = olc_paypal_wpp_enabled();
if ($ec_enabled) {
$show_payment_page = MODULE_PAYMENT_PAYPAL_DP_DISPLAY_PAYMENT_PAGE == 'Yes';
if (!($_SESSION['paypal_ec_token'] or $_SESSION['paypal_ec_payer_id'] or $_SESSION['paypal_ec_payer_info'])) {
$ec_checkout = false;
$show_payment_page = true;
} else {
$tax_class_title = olc_db_prepare_input($_POST['tax_class_title']);
$tax_class_description = olc_db_prepare_input($_POST['tax_class_description']);
$date_added = olc_db_prepare_input($_POST['date_added']);
olc_db_query(INSERT_INTO . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . olc_db_input($tax_class_title) . "', '" . olc_db_input($tax_class_description) . "', now())");
olc_redirect(olc_href_link(FILENAME_TAX_CLASSES));
break;
case 'save':
$tax_class_id = olc_db_prepare_input($_GET['tID']);
$tax_class_title = olc_db_prepare_input($_POST['tax_class_title']);
$tax_class_description = olc_db_prepare_input($_POST['tax_class_description']);
$last_modified = olc_db_prepare_input($_POST['last_modified']);
olc_db_query(SQL_UPDATE . TABLE_TAX_CLASS . " set tax_class_id = '" . olc_db_input($tax_class_id) . "', tax_class_title = '" . olc_db_input($tax_class_title) . "', tax_class_description = '" . olc_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . olc_db_input($tax_class_id) . APOS);
olc_redirect(olc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id));
break;
case 'deleteconfirm':
$tax_class_id = olc_db_prepare_input($_GET['tID']);
olc_db_query(DELETE_FROM . TABLE_TAX_CLASS . " where tax_class_id = '" . olc_db_input($tax_class_id) . APOS);
olc_redirect(olc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page']));
break;
}
}
require DIR_WS_INCLUDES . 'header.php';
?>
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td class="columnLeft2" nowrap="nowrap" valign="top"><table border="0" cellspacing="1" cellpadding="1" class="columnLeft" nowrap="nowrap">
<!-- left_navigation //-->
<?php
require DIR_WS_INCLUDES . 'column_left.php';
?>
<!-- left_navigation_eof //-->
Released under the GNU General Public License
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// include needed functions
require_once DIR_FS_INC . 'olc_draw_hidden_field.inc.php';
require_once DIR_FS_INC . 'olc_draw_checkbox_field.inc.php';
require_once DIR_FS_INC . 'olc_draw_selection_field.inc.php';
require_once DIR_FS_INC . 'olc_image_button.inc.php';
if (!isset($_SESSION['customer_id'])) {
olc_redirect(olc_href_link(FILENAME_LOGIN, '', SSL));
}
$newsletter_query = olc_db_query("select customers_newsletter from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . APOS);
$newsletter = olc_db_fetch_array($newsletter_query);
if (isset($_POST['action']) && $_POST['action'] == 'process') {
if (isset($_POST['newsletter_general']) && is_numeric($_POST['newsletter_general'])) {
$newsletter_general = olc_db_prepare_input($_POST['newsletter_general']);
} else {
$newsletter_general = '0';
}
if ($newsletter_general != $newsletter['customers_newsletter']) {
$newsletter_general = $newsletter['customers_newsletter'] == '1' ? '0' : '1';
olc_db_query(SQL_UPDATE . TABLE_CUSTOMERS . " set customers_newsletter = '" . (int) $newsletter_general . "' where customers_id = '" . (int) $_SESSION['customer_id'] . APOS);
}
$messageStack->add_session('account', SUCCESS_NEWSLETTER_UPDATED, 'success');
olc_redirect(olc_href_link(FILENAME_ACCOUNT));
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_NEWSLETTERS, olc_href_link(FILENAME_ACCOUNT, '', SSL));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_NEWSLETTERS, olc_href_link(FILENAME_ACCOUNT_NEWSLETTERS, '', SSL));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', olc_draw_form('account_newsletter', olc_href_link(FILENAME_ACCOUNT_NEWSLETTERS, '', SSL)) . olc_draw_hidden_field('action', 'process'));
$smarty->assign('CHECKBOX', olc_draw_checkbox_field('newsletter_general', '1', $newsletter['customers_newsletter'] == '1' ? true : false, 'onclick="javascript:checkBox(\'newsletter_general\')"'));
Copyright (c) 2004 OL-Commerce , 2006 Dipl.-Ing.(TH) Winfried Kaiser (w.kaiser@fortune.de, info@seifenparadies.de)
--------------------------------------------------------------
based on:
(c) 2000-2001 The Exchange Project (earlier name of osCommerce)
(c) 2002-2003 osCommerce(popup_image.php,v 1.6 2002/05/20); www.oscommerce.com
(c) 2003 nextcommerce (popup_image.php,v 1.7 2003/08/18); www.nextcommerce.org
(c) 2004 XT - Commerce; www.xt-commerce.com
Released under the GNU General Public License
--------------------------------------------------------------*/
require 'includes/application_top.php';
reset($_GET);
while (list($key, ) = each($_GET)) {
switch ($key) {
case 'banner':
$banners_id = olc_db_prepare_input($_GET['banner']);
$banner_query = olc_db_query("select banners_title, banners_image, banners_html_text from " . TABLE_BANNERS . " where banners_id = '" . olc_db_input($banners_id) . APOS);
$banner = olc_db_fetch_array($banner_query);
$page_title = $banner['banners_title'];
if ($banner['banners_html_text']) {
$image_source = $banner['banners_html_text'];
} elseif ($banner['banners_image']) {
$image_source = olc_image(DIR_WS_CATALOG_IMAGES . $banner['banners_image'], $page_title);
}
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
define($filename_affiliate_help_u . '5', $affiliate_help_u . '5.php');
define($filename_affiliate_help_u . '6', $affiliate_help_u . '6.php');
define($filename_affiliate_help_u . '7', $affiliate_help_u . '7.php');
define($filename_affiliate_help_u . '8', $affiliate_help_u . '8.php');
define($filename_affiliate_u . 'INVOICE', $affiliate_u . 'invoice.php');
define($filename_affiliate_u . 'PAYMENT', $affiliate_u . 'payment.php');
define($filename_affiliate_u . 'POPUP_IMAGE', $affiliate_u . 'popup_image.php');
define($filename_affiliate_u . 'SALES', $affiliate_u . 'sales.php');
define($filename_affiliate_u . 'STATISTICS', $affiliate_u . 'statistics.php');
define($filename_affiliate_u . 'SUMMARY', $affiliate_u . 'summary.php');
define($filename_affiliate_u . 'RESET', $affiliate_u . 'reset.php');
define('FILENAME_CATALOG_AFFILIATE_PAYMENT_INFO', FILENAME_AFFILIATE_PAYMENT);
define('FILENAME_CATALOG_PRODUCT_INFO', FILENAME_PRODUCT_INFO);
$affiliate_u = TABLE_PREFIX_INDIVIDUAL . $affiliate_u;
$table_affiliate = 'TABLE_AFFILIATE';
$table_affiliate_u = $table_affiliate . "_";
define($table_affiliate, $affiliate_u . $affiliate);
define($table_affiliate_u . 'BANNERS', $affiliate_u . 'banners');
define($table_affiliate_u . 'BANNERS_HISTORY', TABLE_AFFILIATE_BANNERS . '_history');
define($table_affiliate_u . 'CLICKTHROUGHS', $affiliate_u . 'clickthroughs');
define($table_affiliate_u . 'PAYMENT', $affiliate_u . 'payment');
define($table_affiliate_u . 'PAYMENT_STATUS', TABLE_AFFILIATE_PAYMENT . '_status');
define($table_affiliate_u . 'PAYMENT_STATUS_HISTORY', TABLE_AFFILIATE_PAYMENT_STATUS . '_history');
define($table_affiliate_u . 'SALES', $affiliate_u . 'sales');
// include the language translations
require DIR_FS_LANGUAGES . SESSION_LANGUAGE . '/admin/affiliate_' . SESSION_LANGUAGE . PHP;
// If an order is deleted delete the sale too (optional)
if ($_GET['action'] == 'deleteconfirm' && basename($_SERVER['SCRIPT_FILENAME']) == FILENAME_ORDERS && AFFILIATE_DELETE_ORDERS == TRUE_STRING_S) {
$affiliate_oID = olc_db_prepare_input($_GET['oID']);
olc_db_query(DELETE_FROM . TABLE_AFFILIATE_SALES . " where affiliate_orders_id = '" . olc_db_input($affiliate_oID) . "' and affiliate_billing_status != 1");
}
function olc_array_merge($array1, $array2, $array3 = '')
{
if ($array3 == '') {
$array3 = array();
}
if (function_exists('array_merge')) {
$array_merged = array_merge($array1, $array2, $array3);
} else {
while (list($key, $val) = each($array1)) {
$array_merged[$key] = $val;
}
while (list($key, $val) = each($array2)) {
$array_merged[$key] = $val;
}
if (sizeof($array3) > 0) {
while (list($key, $val) = each($array3)) {
$array_merged[$key] = $val;
}
}
}
return (array) $array_merged;
}
$cn_query = olc_db_query("select * from " . TABLE_CUSTOMERS . " where customers_newsletter= '1' ");
while ($cn = olc_db_fetch_array($cn_query)) {
$key = olc_encrypt_password($cn['customers_email_address']);
$sql_data_array = array('customers_email_address' => olc_db_prepare_input($cn['customers_email_address']), 'customers_id' => olc_db_prepare_input($cn['customers_id']), 'customers_status' => olc_db_prepare_input($cn['customers_status']), 'customers_firstname' => olc_db_prepare_input($cn['customers_firstname']), 'customers_lastname' => olc_db_prepare_input($cn['customers_lastname']), 'mail_status' => '1', 'mail_key' => $key);
$insert_sql_data = array('date_added' => 'now()');
$sql_data_array = olc_array_merge($sql_data_array, $insert_sql_data);
olc_db_perform(TABLE_NEWSLETTER_RECIPIENTS, $sql_data_array);
}
echo 'DONE';
olc_db_query(INSERT_INTO . TABLE_TAX_RATES . " (tax_zone_id, tax_class_id, tax_rate, tax_description, tax_priority, date_added) values ('" . olc_db_input($tax_zone_id) . "', '" . olc_db_input($tax_class_id) . "', '" . olc_db_input($tax_rate) . "', '" . olc_db_input($tax_description) . "', '" . olc_db_input($tax_priority) . "', now())");
olc_redirect(olc_href_link(FILENAME_TAX_RATES));
break;
case 'save':
$tax_rates_id = olc_db_prepare_input($_GET['tID']);
$tax_zone_id = olc_db_prepare_input($_POST['tax_zone_id']);
$tax_class_id = olc_db_prepare_input($_POST['tax_class_id']);
$tax_rate = olc_db_prepare_input($_POST['tax_rate']);
$tax_description = olc_db_prepare_input($_POST['tax_description']);
$tax_priority = olc_db_prepare_input($_POST['tax_priority']);
$last_modified = olc_db_prepare_input($_POST['last_modified']);
olc_db_query(SQL_UPDATE . TABLE_TAX_RATES . " set tax_rates_id = '" . olc_db_input($tax_rates_id) . "', tax_zone_id = '" . olc_db_input($tax_zone_id) . "', tax_class_id = '" . olc_db_input($tax_class_id) . "', tax_rate = '" . olc_db_input($tax_rate) . "', tax_description = '" . olc_db_input($tax_description) . "', tax_priority = '" . olc_db_input($tax_priority) . "', last_modified = now() where tax_rates_id = '" . olc_db_input($tax_rates_id) . APOS);
olc_redirect(olc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id));
break;
case 'deleteconfirm':
$tax_rates_id = olc_db_prepare_input($_GET['tID']);
olc_db_query(DELETE_FROM . TABLE_TAX_RATES . " where tax_rates_id = '" . olc_db_input($tax_rates_id) . APOS);
olc_redirect(olc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page']));
break;
}
}
require DIR_WS_INCLUDES . 'header.php';
?>
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td class="columnLeft2" nowrap="nowrap" valign="top"><table border="0" cellspacing="1" cellpadding="1" class="columnLeft" nowrap="nowrap">
<!-- left_navigation //-->
<?php
require DIR_WS_INCLUDES . 'column_left.php';
?>
<!-- left_navigation_eof //-->
<td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading"><?php
echo HEADING_TITLE;
?>
</td>
<td class="pageHeading" align="right"><?php
echo olc_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT);
?>
</td>
</tr>
</table></td>
</tr>
<?php
if ($_GET['action'] == 'edit') {
$rID = olc_db_prepare_input($_GET['rID']);
$reviews_query = olc_db_query("select r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, rd.reviews_text, r.reviews_rating from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd where r.reviews_id = '" . olc_db_input($rID) . "' and r.reviews_id = rd.reviews_id");
$reviews = olc_db_fetch_array($reviews_query);
$products_query = olc_db_query("select products_image from " . TABLE_PRODUCTS . " where products_id = '" . $reviews['products_id'] . APOS);
$products = olc_db_fetch_array($products_query);
$products_name_query = olc_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . $reviews['products_id'] . "' and language_id = '" . SESSION_LANGUAGE_ID . APOS);
$products_name = olc_db_fetch_array($products_name_query);
$rInfo_array = olc_array_merge($reviews, $products, $products_name);
$rInfo = new objectInfo($rInfo_array);
?>
<tr><?php
echo olc_draw_form('review', FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $_GET['rID'] . '&action=preview');
?>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="main" valign="top"><b><?php
olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID']));
}
if ($_GET['action'] == "product_option_delete") {
olc_db_query(DELETE_FROM . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . olc_db_input($_POST['oID']) . "' and orders_products_attributes_id = '" . olc_db_input($_POST['opAID']) . APOS);
$products_query = olc_db_query("select products_id, products_price, products_tax_class_id from " . TABLE_PRODUCTS . " where products_id = '" . $_POST['pID'] . APOS);
$products = olc_db_fetch_array($products_query);
$products_a_query = olc_db_query("select options_values_price, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . $_POST['oID'] . "' and orders_products_id = '" . $_POST['opID'] . APOS);
while ($products_a = olc_db_fetch_array($products_a_query)) {
$total_price += $products_a['price_prefix'] . $products_a['options_values_price'];
}
$sa_price = olc_oe_get_products_attribute_price($total_price, $products['products_tax_class_id'], $price_special = '0', 1, $_POST['prefix'], $calculate_currencies = TRUE_STRING_S, $customers_status);
$sp_price = olc_oe_products_price($_POST['pID'], $price_special = '0', 1, $customers_status);
$inp_price = $sa_price + $sp_price;
$final_price = $inp_price * $_POST['qTY'];
$sql_data_array = array('products_price' => olc_db_prepare_input($inp_price));
$update_sql_data = array('final_price' => olc_db_prepare_input($final_price));
$sql_data_array = olc_array_merge($sql_data_array, $update_sql_data);
olc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array, 'update', 'orders_products_id = \'' . olc_db_input($_POST['opID']) . '\'');
olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID']));
}
if ($_GET['action'] == "shipping_del") {
olc_db_query(DELETE_FROM . TABLE_ORDERS_TOTAL . " where orders_total_id = '" . olc_db_input($_POST['otID']) . APOS);
olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=shipping&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID']));
}
if ($_GET['action'] == "cod_del") {
olc_db_query(DELETE_FROM . TABLE_ORDERS_TOTAL . " where orders_total_id = '" . olc_db_input($_POST['otID']) . APOS);
olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=shipping&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID']));
}
// Löschfunktionen Ende
require DIR_WS_INCLUDES . 'header.php';
?>
$id_post = olc_db_prepare_input((int) $_POST['id']);
$status_all = olc_db_prepare_input($_POST['status_all']);
if ($newsletter_title == EMPTY_STRING) {
$newsletter_title = 'no title';
}
$customers_status = olc_get_customers_statuses();
$rzp = EMPTY_STRING;
for ($i = 0, $n = sizeof($customers_status); $i < $n; $i++) {
if (olc_db_prepare_input($_POST['status'][$i]) == 'yes') {
if ($rzp != EMPTY_STRING) {
$rzp .= ',';
}
$rzp .= $customers_status[$i]['id'];
}
}
if (olc_db_prepare_input($_POST['status_all']) == 'yes') {
$rzp .= ',all';
}
$error = false;
// reset error flag
if ($error == false) {
$sql_data_array = array('title' => $newsletter_title, 'status' => '0', 'bc' => $rzp, 'date' => 'now()', 'body' => $body);
if ($id_post != EMPTY_STRING) {
olc_db_perform(TABLE_MODULE_NEWSLETTER, $sql_data_array, 'update', "newsletter_id = '" . $id_post . APOS);
} else {
olc_db_perform(TABLE_MODULE_NEWSLETTER, $sql_data_array);
// create temp table
$id_post = olc_db_insert_id();
}
// create temp table
$create_query = TABLE_MODULE_NEWSLETTER_TEMP . $id_post;
Copyright (c) 2004 OL-Commerce , 2006 Dipl.-Ing.(TH) Winfried Kaiser (w.kaiser@fortune.de, info@seifenparadies.de)
--------------------------------------------------------------
based on:
(c) 2000-2001 The Exchange Project (earlier name of osCommerce)
(c) 2002-2003 osCommercecoding standards www.oscommerce.com
(c) 2004 XT - Commerce; www.xt-commerce.com
Released under the GNU General Public License
--------------------------------------------------------------*/
require 'includes/application_top.php';
include DIR_FS_LANGUAGES . SESSION_LANGUAGE . '/admin/customers.php';
if ($_GET['action']) {
switch ($_GET['action']) {
case 'save':
$memo_title = olc_db_prepare_input($_POST['memo_title']);
$memo_text = olc_db_prepare_input($_POST['memo_text']);
if ($memo_text != '' && $memo_title != '') {
$sql_data_array = array('customers_id' => $_POST['id'], 'memo_date' => date("Y-m-d"), 'memo_title' => $memo_title, 'memo_text' => nl2br($memo_text), 'poster_id' => $_SESSION['customer_id']);
olc_db_perform(TABLE_CUSTOMERS_MEMO, $sql_data_array);
}
break;
case 'remove':
olc_db_query(DELETE_FROM . TABLE_CUSTOMERS_MEMO . " WHERE memo_id = '" . $_GET['mID'] . APOS);
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
default:
if (is_numeric($_POST['customers_email_address'])) {
$mail_query = olc_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_status = " . $_POST['customers_email_address']);
$sent_to_query = olc_db_query("select customers_status_name from " . TABLE_CUSTOMERS_STATUS . " WHERE customers_status_id = '" . $_POST['customers_email_address'] . "' AND language_id='" . SESSION_LANGUAGE_ID . APOS);
$sent_to = olc_db_fetch_array($sent_to_query);
$mail_sent_to = $sent_to['customers_status_name'];
} else {
$customers_email_address = olc_db_prepare_input($_POST['customers_email_address']);
$mail_query = olc_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_email_address = '" . olc_db_input($customers_email_address) . APOS);
$mail_sent_to = $_POST['customers_email_address'];
}
break;
}
$from = olc_db_prepare_input($_POST['from']);
$subject = olc_db_prepare_input($_POST['subject']);
$message = olc_db_prepare_input($_POST['message']);
//Let's build a message object using the email class
$mimemessage = new email(array('X-Mailer: OL-Commerce bulk mailer'));
// add the message to the object
$mimemessage->add_text($message);
$mimemessage->build_message();
while ($mail = olc_db_fetch_array($mail_query)) {
$mimemessage->send($mail['customers_firstname'] . BLANK . $mail['customers_lastname'], $mail['customers_email_address'], '', $from, $subject);
}
olc_redirect(olc_href_link(FILENAME_MAIL, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['customers_email_address']) {
$messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($_GET['mail_sent_to']) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
$countries_iso_code_3 = olc_db_prepare_input($_POST['countries_iso_code_3']);
$address_format_id = olc_db_prepare_input($_POST['address_format_id']);
olc_db_query(INSERT_INTO . TABLE_COUNTRIES . " (countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id) values ('" . olc_db_input($countries_name) . "', '" . olc_db_input($countries_iso_code_2) . "', '" . olc_db_input($countries_iso_code_3) . "', '" . olc_db_input($address_format_id) . "')");
olc_redirect(olc_href_link(FILENAME_COUNTRIES));
break;
case 'save':
$countries_id = olc_db_prepare_input($_GET['cID']);
$countries_name = olc_db_prepare_input($_POST['countries_name']);
$countries_iso_code_2 = olc_db_prepare_input($_POST['countries_iso_code_2']);
$countries_iso_code_3 = olc_db_prepare_input($_POST['countries_iso_code_3']);
$address_format_id = olc_db_prepare_input($_POST['address_format_id']);
olc_db_query(SQL_UPDATE . TABLE_COUNTRIES . " set countries_name = '" . olc_db_input($countries_name) . "', countries_iso_code_2 = '" . olc_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . olc_db_input($countries_iso_code_3) . "', address_format_id = '" . olc_db_input($address_format_id) . "' where countries_id = '" . olc_db_input($countries_id) . APOS);
olc_redirect(olc_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id));
break;
case 'deleteconfirm':
$countries_id = olc_db_prepare_input($_GET['cID']);
olc_db_query(DELETE_FROM . TABLE_COUNTRIES . " where countries_id = '" . olc_db_input($countries_id) . APOS);
olc_redirect(olc_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
break;
}
}
require DIR_WS_INCLUDES . 'header.php';
?>
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td class="columnLeft2" nowrap="nowrap" valign="top">
<table border="0" cellspacing="1" cellpadding="1" class="columnLeft" nowrap="nowrap">
<!-- left_navigation //-->
<?php
require DIR_WS_INCLUDES . 'column_left.php';
?>
}
$date_scheduled = olc_db_prepare_input($_POST['date_scheduled']);
if ($date_scheduled) {
list($day, $month, $year) = explode('.', $date_scheduled);
$date_scheduled = $year . (strlen($month) == 1 ? '0' . $month : $month) . (strlen($day) == 1 ? '0' . $day : $day);
$sql_update .= ", status = '0', date_scheduled = '" . $date_scheduled;
}
olc_db_query(SQL_UPDATE . TABLE_BANNERS . $sql_update . " where banners_id = '" . $banners_id . APOS);
olc_redirect(olc_href_link(FILENAME_BANNER_MANAGER, $page_parameter . '&bID=' . $banners_id));
} else {
$action = 'new';
}
break;
case 'deleteconfirm':
$banners_id = $bID;
$delete_image = olc_db_prepare_input($_POST['delete_image']);
if ($delete_image == 'on') {
$sql_where = " where banners_id = '" . $banners_id . APOS;
$banner_query = olc_db_query("select banners_image from " . TABLE_BANNERS . $sql_where);
$banner = olc_db_fetch_array($banner_query);
$file = DIR_FS_CATALOG_IMAGES . $banner['banners_image'];
if (is_file($file)) {
if (is_writeable($file)) {
unlink($file);
} else {
$messageStack->add_session(ERROR_IMAGE_IS_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add_session(ERROR_IMAGE_DOES_NOT_EXIST, 'error');
}
}
$a_level = olc_db_prepare_input($_GET['a_level']);
$level_clause = " AND a.affiliate_level = '" . $a_level . APOS;
}
$affiliate_sales_raw = "select a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent,\n a.affiliate_payment, a.affiliate_level AS level,\n o.orders_status as orders_status_id, os.orders_status_name as orders_status, \n MONTH(aa.affiliate_date_account_created) as start_month, YEAR(aa.affiliate_date_account_created) as start_year\n from " . TABLE_AFFILIATE . " aa\n left join " . TABLE_AFFILIATE_SALES . " a on (aa.affiliate_id = a.affiliate_id )\n left join " . TABLE_ORDERS . " o on (a.affiliate_orders_id = o.orders_id) \n left join " . TABLE_ORDERS_STATUS . " os on (o.orders_status = os.orders_status_id and language_id = '" . SESSION_LANGUAGE_ID . "')\n where a.affiliate_id = '" . $_SESSION['affiliate_id'] . "' " . $period_clause . $status_clause . $level_clause . " \n group by aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, \n a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, \n o.orders_status, os.orders_status_name\n order by affiliate_date DESC";
$count_key = 'aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, o.orders_status, os.orders_status_name';
$affiliate_sales_split = new splitPageResults($affiliate_sales_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $count_key);
if ($affiliate_sales_split->number_of_rows > 0) {
$affiliate_sales_values = olc_db_query($affiliate_sales_split->sql_query);
$affiliate_sales = olc_db_fetch_array($affiliate_sales_values);
} else {
$affiliate_sales_values = olc_db_query("select MONTH(affiliate_date_account_created) as start_month,\n YEAR(affiliate_date_account_created) as start_year\n FROM " . TABLE_AFFILIATE . " WHERE affiliate_id = '" . $_SESSION['affiliate_id'] . APOS);
$affiliate_sales = olc_db_fetch_array($affiliate_sales_values);
}
$smarty->assign('period_selector', affiliate_period('a_period', $affiliate_sales['start_year'], $affiliate_sales['start_month'], true, olc_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"'));
$smarty->assign('status_selector', affiliate_get_status_list('a_status', olc_db_prepare_input($_GET['a_status']), 'onchange="this.form.submit();"'));
$smarty->assign('level_selector', affiliate_get_level_list('a_level', olc_db_prepare_input($_GET['a_level']), 'onchange="this.form.submit();"'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('affiliate_sales_split_numbers', $affiliate_sales_split->number_of_rows);
$smarty->assign('FORM_ACTION', olc_draw_form('params', olc_href_link(FILENAME_AFFILIATE_SALES), 'get', SSL));
$affiliate_sales_table = '';
if ($affiliate_sales_split->number_of_rows > 0) {
$number_of_sales = 0;
$sum_of_earnings = 0;
do {
$number_of_sales++;
if ($affiliate_sales['orders_status_id'] >= AFFILIATE_PAYMENT_ORDER_MIN_STATUS) {
$sum_of_earnings += $affiliate_sales['affiliate_payment'];
}
if ($number_of_sales / 2 == floor($number_of_sales / 2)) {
$affiliate_sales_table .= '<tr class="productListing-even">';
} else {
