function objectInfo($object_array) { reset($object_array); while (list($key, $value) = each($object_array)) { $this->{$key} = olc_db_prepare_input($value); } }
function loadTransactionSessionInfo($txn_sign) { $txn_signature = olc_db_prepare_input($txn_sign); $orders_session_query = olc_db_query("select orders_id, content_type, payment_title, language, language_id, billto, sendto, currency, currency_value, payment_amount, payment_currency, affiliate_id, affiliate_clickthroughs_id, affiliate_date, affiliate_browser, affiliate_ipaddress from " . TABLE_ORDERS_SESSION_INFO . " where txn_signature ='" . olc_db_input($txn_signature) . "' limit 1"); if (olc_db_num_rows($orders_session_query)) { $orders_session = olc_db_fetch_array($orders_session_query); $this->setCommonVars($orders_session); $this->setOrderID($orders_session['orders_id']); $this->payment_amount = $orders_session['payment_amount']; $this->payment_currency = $orders_session['payment_currency']; } }
function query($txn_id) { $transaction_id = olc_db_prepare_input($txn_id); $info = array('txn_type', 'reason_code', 'payment_type', 'payment_status', 'pending_reason', 'invoice', 'payment_date', 'payment_time_zone', 'business', 'receiver_email', 'receiver_id', 'txn_id', 'parent_txn_id', 'notify_version', 'last_modified', 'date_added', 'for_auction', 'auction_closing_date'); $txn = array('num_cart_items', 'mc_currency', 'mc_gross', 'mc_fee', 'payment_gross', 'payment_fee', 'settle_amount', 'settle_currency', 'exchange_rate'); $customer = array('first_name', 'last_name', 'payer_business_name', 'address_name', 'address_street', 'address_city', 'address_state', 'address_zip', 'address_country', 'address_status', 'payer_email', 'payer_id', 'auction_buyer_id', 'payer_status', 'memo'); $ipn_query = olc_db_query("select " . implode(',', array_merge($info, $txn, $customer)) . " from " . olc_db_input($this->paymentTableName) . " where txn_id = '" . olc_db_input($transaction_id) . APOS); if (olc_db_num_rows($ipn_query)) { $ipn = olc_db_fetch_array($ipn_query); $this->info = $this->getSQLDataElements($ipn, $info); $this->txn = $this->getSQLDataElements($ipn, $txn); $this->customer = $this->getSQLDataElements($ipn, $customer); } }
function olc_db_prepare_input($string) { if (is_string($string)) { //return trim(stripslashes($string)); return trim(addslashes($string)); } elseif (is_array($string)) { reset($string); while (list($key, $value) = each($string)) { $string[$key] = olc_db_prepare_input($value); } return $string; } else { return trim($string); } }
function query($order_id) { $order_id = olc_db_prepare_input($order_id); $order_query = olc_db_query(SELECT_ALL . TABLE_ORDERS . " where\n\t\torders_id = '" . olc_db_input($order_id) . APOS); $order = olc_db_fetch_array($order_query); $totals_query = olc_db_query("\n\t\tselect\n\t\ttitle,\n\t\ttext,\n\t\tvalue\n\t\tfrom " . TABLE_ORDERS_TOTAL . " where orders_id = '" . olc_db_input($order_id) . "' order by sort_order"); while ($totals = olc_db_fetch_array($totals_query)) { $this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'value' => $totals['value']); } // begin PayPal_Shopping_Cart_IPN $order_total_query = olc_db_query("select text, value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_total'"); // end PayPal_Shopping_Cart_IPN $order_total = olc_db_fetch_array($order_total_query); //begin PayPal_Shopping_Cart_IPN $shipping_method_query = "select title, value from " . TABLE_ORDERS_TOTAL . " where orders_id = " . $order_id . " and class = 'ot_shipping'"; $shipping_method_query = olc_db_query($shipping_method_query); //end PayPal_Shopping_Cart_IPN $shipping_method = olc_db_fetch_array($shipping_method_query); $shipping_method = olc_db_fetch_array($shipping_method_query); $order_status_query = olc_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . SESSION_LANGUAGE_ID . APOS); $order_status = olc_db_fetch_array($order_status_query); $shipping_method_text = strip_tags($shipping_method['title']); if (substr($shipping_method_text, -1) == ':') { $shipping_method_text = substr($shipping_method_text, 0, -1); } $this->info = array('order_id' => $order_id, 'currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'cc_start' => $order['cc_start'], 'cc_issue' => $order['cc_issue'], 'cc_cvv' => $order['cc_cvv'], 'date_purchased' => $order['date_purchased'], 'orders_status_id' => $order['orders_status'], 'total_value' => $order_total['value'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'orders_trackcode' => $order['orders_trackcode'], 'total' => strip_tags($order_total['text']), 'shipping_cost' => $shipping_method['value'], 'shipping_class' => $order['shipping_class'], 'shipping_method' => $shipping_method_text, 'orders_trackcode' => $order['orders_trackcode'], 'comments' => $order['comments'], 'language' => $order['language'], 'customers_order_reference' => $order['customers_order_reference']); $this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'csID' => $order['customers_cid'], 'cIP' => $order['customers_ip'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address'], 'email_type' => $order['customers_email_type']); $this->delivery = array('name' => $order['delivery_name'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id'], 'delivery_packingslip_number' => $order['delivery_packingslip_number'], 'delivery_packingslip_date' => $order['delivery_packingslip_date']); if (empty($this->delivery['name'])) { if (empty($this->delivery['street_address'])) { $this->delivery = false; } } $this->billing = array('name' => $order['billing_name'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id'], 'billing_invoice_number' => $order['billing_invoice_number'], 'billing_invoice_date' => $order['billing_invoice_date']); $index = 0; $orders_products_query = olc_db_query("\n\t\tselect\n\t\torders_products_id,\n\t\tproducts_id,\n\t\tproducts_name,\n\t\tproducts_model,\n\t\tproducts_price,\n\t\tproducts_tax,\n\t\tproducts_quantity,\n\t\tfinal_price,\n\t\tallow_tax,\n\t\tproducts_discount_made\n\t\tfrom " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . olc_db_input($order_id) . APOS); while ($orders_products = olc_db_fetch_array($orders_products_query)) { $this->products[$index] = array('id' => $orders_products['products_id'], 'orders_products_id' => $orders_products['orders_products_id'], 'qty' => $orders_products['products_quantity'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'discount' => $orders_products['products_discount_made'], 'final_price' => $orders_products['final_price'], 'allow_tax' => $orders_products['allow_tax']); $subindex = 0; $attributes_query = olc_db_query("\n\t\t\t\tselect\n\t\t\t\tproducts_options,\n\t\t\t\tproducts_options_values,\n\t\t\t\tproducts_options_id,\n\t\t\t\tproducts_options_values_id,\n\t\t\t\toptions_values_price,\n\t\t\t\tprice_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . olc_db_input($order_id) . "' and orders_products_id = '" . $orders_products['orders_products_id'] . APOS); if (olc_db_num_rows($attributes_query)) { while ($attributes = olc_db_fetch_array($attributes_query)) { $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'option_id' => $attributes['products_options_id'], 'value_id' => $attributes['products_options_values_id'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']); $subindex++; } } $index++; } }
function olc_address_summary($customers_id, $address_id) { $customers_id = olc_db_prepare_input($customers_id); $address_id = olc_db_prepare_input($address_id); $address_query = olc_db_query("select ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_state, ab.entry_country_id, ab.entry_zone_id, c.countries_name, c.address_format_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_COUNTRIES . " c where ab.address_book_id = '" . olc_db_input($address_id) . "' and ab.customers_id = '" . olc_db_input($customers_id) . "' and ab.entry_country_id = c.countries_id"); $address = olc_db_fetch_array($address_query); $street_address = $address['entry_street_address']; $suburb = $address['entry_suburb']; $postcode = $address['entry_postcode']; $city = $address['entry_city']; $state = olc_get_zone_code($address['entry_country_id'], $address['entry_zone_id'], $address['entry_state']); $country = $address['countries_name']; $address_format_query = olc_db_query("select address_summary from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . $address['address_format_id'] . APOS); $address_format = olc_db_fetch_array($address_format_query); // eval("\$address = \"{$address_format['address_summary']}\";"); $address_summary = $address_format['address_summary']; eval("\$address = \"{$address_summary}\";"); return $address; }
function olc_get_categories($categories_array = '', $parent_id = '0', $indent = '') { $parent_id = olc_db_prepare_input($parent_id); if (!is_array($categories_array)) { $categories_array = array(); } $sql = SELECT . "\n\tc.categories_id,\n\tcd.categories_name,\n\tcd.categories_heading_title,\n\tcd.categories_description\n\tfrom " . TABLE_CATEGORIES . " c,\t" . TABLE_CATEGORIES_DESCRIPTION . " cd\n\twhere\n\tparent_id = '" . olc_db_input($parent_id) . "'\n\tand c.categories_id = cd.categories_id\n\tand c.categories_status != 0\n\tand cd.language_id = '" . SESSION_LANGUAGE_ID . "'\n\torder by sort_order, cd.categories_name"; $categories_query = olc_db_query($sql); $indent_two_nbsp = $indent . HTML_NBSP . HTML_NBSP; while ($categories = olc_db_fetch_array($categories_query)) { $name = $categories['categories_name']; $title = $categories['categories_heading_title']; if ($title == EMPTY_STRING) { $title = $name; } $categories_id = $categories['categories_id']; $categories_array[] = array('id' => $categories_id, 'text' => $indent . $name, 'title' => $title); if ($categories_id != $parent_id) { $categories_array = olc_get_categories($categories_array, $categories_id, $indent_two_nbsp); } } return $categories_array; }
function tep_db_prepare_input($x) { return olc_db_prepare_input($x); }
?> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?> </td> <td class="main"><?php echo olc_draw_form('status', FILENAME_COUPON_ADMIN, '', 'get'); $status_array[] = array('id' => 'Y', 'text' => TEXT_COUPON_ACTIVE); $status_array[] = array('id' => 'N', 'text' => TEXT_COUPON_INACTIVE); $status_array[] = array('id' => '*', 'text' => TEXT_COUPON_ALL); if ($_GET['status']) { $status = olc_db_prepare_input($_GET['status']); } else { $status = 'Y'; } echo HEADING_TITLE_STATUS . BLANK . olc_draw_pull_down_menu('status', $status_array, $status, 'onchange="this.form.submit();"'); ?> </form> </td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="dataTableHeadingRow">
---------------------------------------------------------------------------------------*/ include 'includes/application_top.php'; //require(BOXES); // include needed functions require_once DIR_FS_INC . 'olc_draw_hidden_field.inc.php'; require_once DIR_FS_INC . 'olc_draw_password_field.inc.php'; require_once DIR_FS_INC . 'olc_validate_password.inc.php'; require_once DIR_FS_INC . 'olc_encrypt_password.inc.php'; require_once DIR_FS_INC . 'olc_image_button.inc.php'; if (!isset($_SESSION['customer_id'])) { olc_redirect(olc_href_link(FILENAME_LOGIN)); } if (isset($_POST['action']) && $_POST['action'] == 'process') { $password_current = olc_db_prepare_input($_POST['password_current']); $password_new = olc_db_prepare_input($_POST['password_new']); $password_confirmation = olc_db_prepare_input($_POST['password_confirmation']); $error = false; if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR); } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = olc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . APOS); $check_customer = olc_db_fetch_array($check_customer_query); if (olc_validate_password($password_current, $check_customer['customers_password'])) {
//if ($action == 'save') $update_sql_data = array('last_modified' => 'now()'); $sql_data_array = olc_array_merge($sql_data_array, $update_sql_data); olc_db_perform(TABLE_MANUFACTURERS, $sql_data_array, 'update', $manufacturers_id_sql); } $dir_manufacturers = DIR_FS_CATALOG_IMAGES . "/manufacturers"; if ($manufacturers_image = new upload('manufacturers_image', $dir_manufacturers)) { if ($manufacturers_image->filename) { olc_db_query(SQL_UPDATE . TABLE_MANUFACTURERS . "\n\t\t\t\tset manufacturers_image ='manufacturers/" . $manufacturers_image->filename . "' where " . $manufacturers_id_sql); } } $languages = olc_get_languages(); $manufacturers_url_array = $_POST['manufacturers_url']; for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; $sql_data_array = array('manufacturers_url' => olc_db_prepare_input($manufacturers_url_array[$language_id])); if ($is_insert) { $insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id); $sql_data_array = olc_array_merge($sql_data_array, $insert_sql_data); olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array); } else { //if ($action == 'save') { olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', $manufacturers_id_sql . " and languages_id = '" . $language_id . APOS); } } if (USE_CACHE == TRUE_STRING_S) { olc_reset_cache_block('manufacturers'); } //olc_redirect(olc_href_link(FILENAME_MANUFACTURERS, $page_parameter.'&mID='.$manufacturers_id)); $mID = $manufacturers_id; break;
<td class="pageHeading"><?php echo HEADING_TITLE; ?> </td> <td class="pageHeading" align="right"><?php echo olc_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?> </td> </tr> </table></td> </tr> <?php if ($_GET['action'] == 'new') { $form_action = 'insert'; if ($_GET['abID']) { $abID = olc_db_prepare_input($_GET['abID']); $form_action = 'update'; $affiliate_banner_query = olc_db_query("select * from " . TABLE_AFFILIATE_BANNERS . " where affiliate_banners_id = '" . olc_db_input($abID) . APOS); $affiliate_banner = olc_db_fetch_array($affiliate_banner_query); $abInfo = new objectInfo($affiliate_banner); } elseif ($_POST) { $abInfo = new objectInfo($_POST); } else { $abInfo = new objectInfo(array()); } $groups_array = array(); $groups_query = olc_db_query("select distinct affiliate_banners_group from " . TABLE_AFFILIATE_BANNERS . " order by affiliate_banners_group"); while ($groups = olc_db_fetch_array($groups_query)) { $groups_array[] = array('id' => $groups['affiliate_banners_group'], 'text' => $groups['affiliate_banners_group']); } ?>
function send($newsletter_id) { $audience = array(); if ($_POST['global'] == TRUE_STRING_S) { $products_query = olc_db_query("select distinct pn.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn where c.customers_id = pn.customers_id"); while ($products = olc_db_fetch_array($products_query)) { $audience[$products['customers_id']] = array('firstname' => $products['customers_firstname'], 'lastname' => $products['customers_lastname'], 'email_address' => $products['customers_email_address']); } $customers_query = olc_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci where c.customers_id = ci.customers_info_id and ci.global_product_notifications = '1'"); while ($customers = olc_db_fetch_array($customers_query)) { $audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']); } } else { $chosen = $_POST['chosen']; $ids = implode(',', $chosen); $products_query = olc_db_query("select distinct pn.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn where c.customers_id = pn.customers_id and pn.products_id in (" . $ids . RPAREN); while ($products = olc_db_fetch_array($products_query)) { $audience[$products['customers_id']] = array('firstname' => $products['customers_firstname'], 'lastname' => $products['customers_lastname'], 'email_address' => $products['customers_email_address']); } $customers_query = olc_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci where c.customers_id = ci.customers_info_id and ci.global_product_notifications = '1'"); while ($customers = olc_db_fetch_array($customers_query)) { $audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']); } } $mimemessage = new email(array('X-Mailer: osCommerce bulk mailer')); $mimemessage->add_text($this->content); $mimemessage->build_message(); reset($audience); while (list($key, $value) = each($audience)) { $mimemessage->send($value['firstname'] . BLANK . $value['lastname'], $value['email_address'], '', EMAIL_FROM, $this->title); } $newsletter_id = olc_db_prepare_input($newsletter_id); olc_db_query(SQL_UPDATE . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1' where newsletters_id = '" . olc_db_input($newsletter_id) . APOS); }
---------------------------------------------------------------------------------------*/ include 'includes/application_top.php'; //require(BOXES); // include needed functions require_once DIR_FS_INC . 'olc_draw_hidden_field.inc.php'; require_once DIR_FS_INC . 'olc_draw_checkbox_field.inc.php'; require_once DIR_FS_INC . 'olc_draw_selection_field.inc.php'; require_once DIR_FS_INC . 'olc_image_button.inc.php'; if (!isset($_SESSION['customer_id'])) { olc_redirect(olc_href_link(FILENAME_LOGIN, '', SSL)); } $global_query = olc_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int) $_SESSION['customer_id'] . APOS); $global = olc_db_fetch_array($global_query); if (isset($_POST['action']) && $_POST['action'] == 'process') { if (isset($_POST['product_global']) && is_numeric($_POST['product_global'])) { $product_global = olc_db_prepare_input($_POST['product_global']); } else { $product_global = '0'; } (array) ($products = $_POST['products']); if ($product_global != $global['global_product_notifications']) { $product_global = $global['global_product_notifications'] == '1' ? '0' : '1'; olc_db_query(SQL_UPDATE . TABLE_CUSTOMERS_INFO . " set global_product_notifications = '" . (int) $product_global . "' where customers_info_id = '" . (int) $_SESSION['customer_id'] . APOS); } elseif (sizeof($products) > 0) { $products_parsed = array(); for ($i = 0, $n = sizeof($products); $i < $n; $i++) { if (is_numeric($products[$i])) { $products_parsed[] = $products[$i]; } } if (sizeof($products_parsed) > 0) {
// if ($_GET['action'] == 'insert') { // $insert_sql_data = array('manufacturers_id' => $manufacturers_id, // 'languages_id' => $language_id); // $sql_data_array = olc_array_merge($sql_data_array, $insert_sql_data); // olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array); // } elseif ($_GET['action'] == 'save') { // olc_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . olc_db_input($manufacturers_id) . "' and languages_id = '" . $language_id . APOS); // } // } if (USE_CACHE == TRUE_STRING_S) { olc_reset_cache_block('blacklist'); } olc_redirect(olc_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'] . '&bID=' . $blacklist_id)); break; case 'deleteconfirm': $blacklist_id = olc_db_prepare_input($_GET['bID']); /* if ($_POST['delete_image'] == 'on') { $manufacturer_query = olc_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . olc_db_input($manufacturers_id) . APOS); $manufacturer = olc_db_fetch_array($manufacturer_query); $image_location = DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG_IMAGES . $manufacturer['manufacturers_image']; if (file_exists($image_location)) @unlink($image_location); } */ olc_db_query(DELETE_FROM . TABLE_BLACKLIST . " where blacklist_id = '" . olc_db_input($blacklist_id) . APOS); // olc_db_query(DELETE_FROM . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . olc_db_input($manufacturers_id) . APOS); /* if ($_POST['delete_products'] == 'on') { $products_query = olc_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . olc_db_input($manufacturers_id) . APOS); while ($products = olc_db_fetch_array($products_query)) { olc_remove_product($products['products_id']); } } else {
$_SESSION['payment'] = $_POST['payment']; } //Get all POST-vars into variables! Payment modules rely on register globals ON, which might not be true!!! //So we create the variables ourselves foreach ($_POST as $key => $value) { ${$key} = strip_tags($value); global ${$key}; } foreach ($_GET as $key => $value) { ${$key} = strip_tags($value); global ${$key}; } $_SESSION['customers_order_reference'] = $_POST['customers_order_reference']; $comments = $_POST['comments']; if ($comments) { $_SESSION['comments'] = olc_db_prepare_input($comments); } unset($_SESSION['paypal_payment']); //-- TheMedia Begin check if display conditions on checkout page is true if (isset($_POST['cot_gv'])) { $_SESSION['cot_gv'] = true; } //---PayPal WPP Modification START ---// // W. Kaiser $ec_enabled = olc_paypal_wpp_enabled(); if ($ec_enabled) { $show_payment_page = MODULE_PAYMENT_PAYPAL_DP_DISPLAY_PAYMENT_PAGE == 'Yes'; if (!($_SESSION['paypal_ec_token'] or $_SESSION['paypal_ec_payer_id'] or $_SESSION['paypal_ec_payer_info'])) { $ec_checkout = false; $show_payment_page = true; } else {
$tax_class_title = olc_db_prepare_input($_POST['tax_class_title']); $tax_class_description = olc_db_prepare_input($_POST['tax_class_description']); $date_added = olc_db_prepare_input($_POST['date_added']); olc_db_query(INSERT_INTO . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . olc_db_input($tax_class_title) . "', '" . olc_db_input($tax_class_description) . "', now())"); olc_redirect(olc_href_link(FILENAME_TAX_CLASSES)); break; case 'save': $tax_class_id = olc_db_prepare_input($_GET['tID']); $tax_class_title = olc_db_prepare_input($_POST['tax_class_title']); $tax_class_description = olc_db_prepare_input($_POST['tax_class_description']); $last_modified = olc_db_prepare_input($_POST['last_modified']); olc_db_query(SQL_UPDATE . TABLE_TAX_CLASS . " set tax_class_id = '" . olc_db_input($tax_class_id) . "', tax_class_title = '" . olc_db_input($tax_class_title) . "', tax_class_description = '" . olc_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . olc_db_input($tax_class_id) . APOS); olc_redirect(olc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id)); break; case 'deleteconfirm': $tax_class_id = olc_db_prepare_input($_GET['tID']); olc_db_query(DELETE_FROM . TABLE_TAX_CLASS . " where tax_class_id = '" . olc_db_input($tax_class_id) . APOS); olc_redirect(olc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'])); break; } } require DIR_WS_INCLUDES . 'header.php'; ?> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td class="columnLeft2" nowrap="nowrap" valign="top"><table border="0" cellspacing="1" cellpadding="1" class="columnLeft" nowrap="nowrap"> <!-- left_navigation //--> <?php require DIR_WS_INCLUDES . 'column_left.php'; ?> <!-- left_navigation_eof //-->
Released under the GNU General Public License ---------------------------------------------------------------------------------------*/ include 'includes/application_top.php'; // include needed functions require_once DIR_FS_INC . 'olc_draw_hidden_field.inc.php'; require_once DIR_FS_INC . 'olc_draw_checkbox_field.inc.php'; require_once DIR_FS_INC . 'olc_draw_selection_field.inc.php'; require_once DIR_FS_INC . 'olc_image_button.inc.php'; if (!isset($_SESSION['customer_id'])) { olc_redirect(olc_href_link(FILENAME_LOGIN, '', SSL)); } $newsletter_query = olc_db_query("select customers_newsletter from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . APOS); $newsletter = olc_db_fetch_array($newsletter_query); if (isset($_POST['action']) && $_POST['action'] == 'process') { if (isset($_POST['newsletter_general']) && is_numeric($_POST['newsletter_general'])) { $newsletter_general = olc_db_prepare_input($_POST['newsletter_general']); } else { $newsletter_general = '0'; } if ($newsletter_general != $newsletter['customers_newsletter']) { $newsletter_general = $newsletter['customers_newsletter'] == '1' ? '0' : '1'; olc_db_query(SQL_UPDATE . TABLE_CUSTOMERS . " set customers_newsletter = '" . (int) $newsletter_general . "' where customers_id = '" . (int) $_SESSION['customer_id'] . APOS); } $messageStack->add_session('account', SUCCESS_NEWSLETTER_UPDATED, 'success'); olc_redirect(olc_href_link(FILENAME_ACCOUNT)); } $breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_NEWSLETTERS, olc_href_link(FILENAME_ACCOUNT, '', SSL)); $breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_NEWSLETTERS, olc_href_link(FILENAME_ACCOUNT_NEWSLETTERS, '', SSL)); require DIR_WS_INCLUDES . 'header.php'; $smarty->assign('FORM_ACTION', olc_draw_form('account_newsletter', olc_href_link(FILENAME_ACCOUNT_NEWSLETTERS, '', SSL)) . olc_draw_hidden_field('action', 'process')); $smarty->assign('CHECKBOX', olc_draw_checkbox_field('newsletter_general', '1', $newsletter['customers_newsletter'] == '1' ? true : false, 'onclick="javascript:checkBox(\'newsletter_general\')"'));
Copyright (c) 2004 OL-Commerce , 2006 Dipl.-Ing.(TH) Winfried Kaiser (w.kaiser@fortune.de, info@seifenparadies.de) -------------------------------------------------------------- based on: (c) 2000-2001 The Exchange Project (earlier name of osCommerce) (c) 2002-2003 osCommerce(popup_image.php,v 1.6 2002/05/20); www.oscommerce.com (c) 2003 nextcommerce (popup_image.php,v 1.7 2003/08/18); www.nextcommerce.org (c) 2004 XT - Commerce; www.xt-commerce.com Released under the GNU General Public License --------------------------------------------------------------*/ require 'includes/application_top.php'; reset($_GET); while (list($key, ) = each($_GET)) { switch ($key) { case 'banner': $banners_id = olc_db_prepare_input($_GET['banner']); $banner_query = olc_db_query("select banners_title, banners_image, banners_html_text from " . TABLE_BANNERS . " where banners_id = '" . olc_db_input($banners_id) . APOS); $banner = olc_db_fetch_array($banner_query); $page_title = $banner['banners_title']; if ($banner['banners_html_text']) { $image_source = $banner['banners_html_text']; } elseif ($banner['banners_image']) { $image_source = olc_image(DIR_WS_CATALOG_IMAGES . $banner['banners_image'], $page_title); } break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS;
define($filename_affiliate_help_u . '5', $affiliate_help_u . '5.php'); define($filename_affiliate_help_u . '6', $affiliate_help_u . '6.php'); define($filename_affiliate_help_u . '7', $affiliate_help_u . '7.php'); define($filename_affiliate_help_u . '8', $affiliate_help_u . '8.php'); define($filename_affiliate_u . 'INVOICE', $affiliate_u . 'invoice.php'); define($filename_affiliate_u . 'PAYMENT', $affiliate_u . 'payment.php'); define($filename_affiliate_u . 'POPUP_IMAGE', $affiliate_u . 'popup_image.php'); define($filename_affiliate_u . 'SALES', $affiliate_u . 'sales.php'); define($filename_affiliate_u . 'STATISTICS', $affiliate_u . 'statistics.php'); define($filename_affiliate_u . 'SUMMARY', $affiliate_u . 'summary.php'); define($filename_affiliate_u . 'RESET', $affiliate_u . 'reset.php'); define('FILENAME_CATALOG_AFFILIATE_PAYMENT_INFO', FILENAME_AFFILIATE_PAYMENT); define('FILENAME_CATALOG_PRODUCT_INFO', FILENAME_PRODUCT_INFO); $affiliate_u = TABLE_PREFIX_INDIVIDUAL . $affiliate_u; $table_affiliate = 'TABLE_AFFILIATE'; $table_affiliate_u = $table_affiliate . "_"; define($table_affiliate, $affiliate_u . $affiliate); define($table_affiliate_u . 'BANNERS', $affiliate_u . 'banners'); define($table_affiliate_u . 'BANNERS_HISTORY', TABLE_AFFILIATE_BANNERS . '_history'); define($table_affiliate_u . 'CLICKTHROUGHS', $affiliate_u . 'clickthroughs'); define($table_affiliate_u . 'PAYMENT', $affiliate_u . 'payment'); define($table_affiliate_u . 'PAYMENT_STATUS', TABLE_AFFILIATE_PAYMENT . '_status'); define($table_affiliate_u . 'PAYMENT_STATUS_HISTORY', TABLE_AFFILIATE_PAYMENT_STATUS . '_history'); define($table_affiliate_u . 'SALES', $affiliate_u . 'sales'); // include the language translations require DIR_FS_LANGUAGES . SESSION_LANGUAGE . '/admin/affiliate_' . SESSION_LANGUAGE . PHP; // If an order is deleted delete the sale too (optional) if ($_GET['action'] == 'deleteconfirm' && basename($_SERVER['SCRIPT_FILENAME']) == FILENAME_ORDERS && AFFILIATE_DELETE_ORDERS == TRUE_STRING_S) { $affiliate_oID = olc_db_prepare_input($_GET['oID']); olc_db_query(DELETE_FROM . TABLE_AFFILIATE_SALES . " where affiliate_orders_id = '" . olc_db_input($affiliate_oID) . "' and affiliate_billing_status != 1"); }
function olc_array_merge($array1, $array2, $array3 = '') { if ($array3 == '') { $array3 = array(); } if (function_exists('array_merge')) { $array_merged = array_merge($array1, $array2, $array3); } else { while (list($key, $val) = each($array1)) { $array_merged[$key] = $val; } while (list($key, $val) = each($array2)) { $array_merged[$key] = $val; } if (sizeof($array3) > 0) { while (list($key, $val) = each($array3)) { $array_merged[$key] = $val; } } } return (array) $array_merged; } $cn_query = olc_db_query("select * from " . TABLE_CUSTOMERS . " where customers_newsletter= '1' "); while ($cn = olc_db_fetch_array($cn_query)) { $key = olc_encrypt_password($cn['customers_email_address']); $sql_data_array = array('customers_email_address' => olc_db_prepare_input($cn['customers_email_address']), 'customers_id' => olc_db_prepare_input($cn['customers_id']), 'customers_status' => olc_db_prepare_input($cn['customers_status']), 'customers_firstname' => olc_db_prepare_input($cn['customers_firstname']), 'customers_lastname' => olc_db_prepare_input($cn['customers_lastname']), 'mail_status' => '1', 'mail_key' => $key); $insert_sql_data = array('date_added' => 'now()'); $sql_data_array = olc_array_merge($sql_data_array, $insert_sql_data); olc_db_perform(TABLE_NEWSLETTER_RECIPIENTS, $sql_data_array); } echo 'DONE';
olc_db_query(INSERT_INTO . TABLE_TAX_RATES . " (tax_zone_id, tax_class_id, tax_rate, tax_description, tax_priority, date_added) values ('" . olc_db_input($tax_zone_id) . "', '" . olc_db_input($tax_class_id) . "', '" . olc_db_input($tax_rate) . "', '" . olc_db_input($tax_description) . "', '" . olc_db_input($tax_priority) . "', now())"); olc_redirect(olc_href_link(FILENAME_TAX_RATES)); break; case 'save': $tax_rates_id = olc_db_prepare_input($_GET['tID']); $tax_zone_id = olc_db_prepare_input($_POST['tax_zone_id']); $tax_class_id = olc_db_prepare_input($_POST['tax_class_id']); $tax_rate = olc_db_prepare_input($_POST['tax_rate']); $tax_description = olc_db_prepare_input($_POST['tax_description']); $tax_priority = olc_db_prepare_input($_POST['tax_priority']); $last_modified = olc_db_prepare_input($_POST['last_modified']); olc_db_query(SQL_UPDATE . TABLE_TAX_RATES . " set tax_rates_id = '" . olc_db_input($tax_rates_id) . "', tax_zone_id = '" . olc_db_input($tax_zone_id) . "', tax_class_id = '" . olc_db_input($tax_class_id) . "', tax_rate = '" . olc_db_input($tax_rate) . "', tax_description = '" . olc_db_input($tax_description) . "', tax_priority = '" . olc_db_input($tax_priority) . "', last_modified = now() where tax_rates_id = '" . olc_db_input($tax_rates_id) . APOS); olc_redirect(olc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id)); break; case 'deleteconfirm': $tax_rates_id = olc_db_prepare_input($_GET['tID']); olc_db_query(DELETE_FROM . TABLE_TAX_RATES . " where tax_rates_id = '" . olc_db_input($tax_rates_id) . APOS); olc_redirect(olc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'])); break; } } require DIR_WS_INCLUDES . 'header.php'; ?> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td class="columnLeft2" nowrap="nowrap" valign="top"><table border="0" cellspacing="1" cellpadding="1" class="columnLeft" nowrap="nowrap"> <!-- left_navigation //--> <?php require DIR_WS_INCLUDES . 'column_left.php'; ?> <!-- left_navigation_eof //-->
<td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?> </td> <td class="pageHeading" align="right"><?php echo olc_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?> </td> </tr> </table></td> </tr> <?php if ($_GET['action'] == 'edit') { $rID = olc_db_prepare_input($_GET['rID']); $reviews_query = olc_db_query("select r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, rd.reviews_text, r.reviews_rating from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd where r.reviews_id = '" . olc_db_input($rID) . "' and r.reviews_id = rd.reviews_id"); $reviews = olc_db_fetch_array($reviews_query); $products_query = olc_db_query("select products_image from " . TABLE_PRODUCTS . " where products_id = '" . $reviews['products_id'] . APOS); $products = olc_db_fetch_array($products_query); $products_name_query = olc_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . $reviews['products_id'] . "' and language_id = '" . SESSION_LANGUAGE_ID . APOS); $products_name = olc_db_fetch_array($products_name_query); $rInfo_array = olc_array_merge($reviews, $products, $products_name); $rInfo = new objectInfo($rInfo_array); ?> <tr><?php echo olc_draw_form('review', FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $_GET['rID'] . '&action=preview'); ?> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="main" valign="top"><b><?php
olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID'])); } if ($_GET['action'] == "product_option_delete") { olc_db_query(DELETE_FROM . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . olc_db_input($_POST['oID']) . "' and orders_products_attributes_id = '" . olc_db_input($_POST['opAID']) . APOS); $products_query = olc_db_query("select products_id, products_price, products_tax_class_id from " . TABLE_PRODUCTS . " where products_id = '" . $_POST['pID'] . APOS); $products = olc_db_fetch_array($products_query); $products_a_query = olc_db_query("select options_values_price, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . $_POST['oID'] . "' and orders_products_id = '" . $_POST['opID'] . APOS); while ($products_a = olc_db_fetch_array($products_a_query)) { $total_price += $products_a['price_prefix'] . $products_a['options_values_price']; } $sa_price = olc_oe_get_products_attribute_price($total_price, $products['products_tax_class_id'], $price_special = '0', 1, $_POST['prefix'], $calculate_currencies = TRUE_STRING_S, $customers_status); $sp_price = olc_oe_products_price($_POST['pID'], $price_special = '0', 1, $customers_status); $inp_price = $sa_price + $sp_price; $final_price = $inp_price * $_POST['qTY']; $sql_data_array = array('products_price' => olc_db_prepare_input($inp_price)); $update_sql_data = array('final_price' => olc_db_prepare_input($final_price)); $sql_data_array = olc_array_merge($sql_data_array, $update_sql_data); olc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array, 'update', 'orders_products_id = \'' . olc_db_input($_POST['opID']) . '\''); olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=products&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID'])); } if ($_GET['action'] == "shipping_del") { olc_db_query(DELETE_FROM . TABLE_ORDERS_TOTAL . " where orders_total_id = '" . olc_db_input($_POST['otID']) . APOS); olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=shipping&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID'])); } if ($_GET['action'] == "cod_del") { olc_db_query(DELETE_FROM . TABLE_ORDERS_TOTAL . " where orders_total_id = '" . olc_db_input($_POST['otID']) . APOS); olc_redirect(olc_href_link(FILENAME_ORDERS_EDIT, 'edit_action=shipping&cID=' . $_POST['cID'] . '&oID=' . $_POST['oID'])); } // Löschfunktionen Ende require DIR_WS_INCLUDES . 'header.php'; ?>
$id_post = olc_db_prepare_input((int) $_POST['id']); $status_all = olc_db_prepare_input($_POST['status_all']); if ($newsletter_title == EMPTY_STRING) { $newsletter_title = 'no title'; } $customers_status = olc_get_customers_statuses(); $rzp = EMPTY_STRING; for ($i = 0, $n = sizeof($customers_status); $i < $n; $i++) { if (olc_db_prepare_input($_POST['status'][$i]) == 'yes') { if ($rzp != EMPTY_STRING) { $rzp .= ','; } $rzp .= $customers_status[$i]['id']; } } if (olc_db_prepare_input($_POST['status_all']) == 'yes') { $rzp .= ',all'; } $error = false; // reset error flag if ($error == false) { $sql_data_array = array('title' => $newsletter_title, 'status' => '0', 'bc' => $rzp, 'date' => 'now()', 'body' => $body); if ($id_post != EMPTY_STRING) { olc_db_perform(TABLE_MODULE_NEWSLETTER, $sql_data_array, 'update', "newsletter_id = '" . $id_post . APOS); } else { olc_db_perform(TABLE_MODULE_NEWSLETTER, $sql_data_array); // create temp table $id_post = olc_db_insert_id(); } // create temp table $create_query = TABLE_MODULE_NEWSLETTER_TEMP . $id_post;
Copyright (c) 2004 OL-Commerce , 2006 Dipl.-Ing.(TH) Winfried Kaiser (w.kaiser@fortune.de, info@seifenparadies.de) -------------------------------------------------------------- based on: (c) 2000-2001 The Exchange Project (earlier name of osCommerce) (c) 2002-2003 osCommercecoding standards www.oscommerce.com (c) 2004 XT - Commerce; www.xt-commerce.com Released under the GNU General Public License --------------------------------------------------------------*/ require 'includes/application_top.php'; include DIR_FS_LANGUAGES . SESSION_LANGUAGE . '/admin/customers.php'; if ($_GET['action']) { switch ($_GET['action']) { case 'save': $memo_title = olc_db_prepare_input($_POST['memo_title']); $memo_text = olc_db_prepare_input($_POST['memo_text']); if ($memo_text != '' && $memo_title != '') { $sql_data_array = array('customers_id' => $_POST['id'], 'memo_date' => date("Y-m-d"), 'memo_title' => $memo_title, 'memo_text' => nl2br($memo_text), 'poster_id' => $_SESSION['customer_id']); olc_db_perform(TABLE_CUSTOMERS_MEMO, $sql_data_array); } break; case 'remove': olc_db_query(DELETE_FROM . TABLE_CUSTOMERS_MEMO . " WHERE memo_id = '" . $_GET['mID'] . APOS); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>
default: if (is_numeric($_POST['customers_email_address'])) { $mail_query = olc_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_status = " . $_POST['customers_email_address']); $sent_to_query = olc_db_query("select customers_status_name from " . TABLE_CUSTOMERS_STATUS . " WHERE customers_status_id = '" . $_POST['customers_email_address'] . "' AND language_id='" . SESSION_LANGUAGE_ID . APOS); $sent_to = olc_db_fetch_array($sent_to_query); $mail_sent_to = $sent_to['customers_status_name']; } else { $customers_email_address = olc_db_prepare_input($_POST['customers_email_address']); $mail_query = olc_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_email_address = '" . olc_db_input($customers_email_address) . APOS); $mail_sent_to = $_POST['customers_email_address']; } break; } $from = olc_db_prepare_input($_POST['from']); $subject = olc_db_prepare_input($_POST['subject']); $message = olc_db_prepare_input($_POST['message']); //Let's build a message object using the email class $mimemessage = new email(array('X-Mailer: OL-Commerce bulk mailer')); // add the message to the object $mimemessage->add_text($message); $mimemessage->build_message(); while ($mail = olc_db_fetch_array($mail_query)) { $mimemessage->send($mail['customers_firstname'] . BLANK . $mail['customers_lastname'], $mail['customers_email_address'], '', $from, $subject); } olc_redirect(olc_href_link(FILENAME_MAIL, 'mail_sent_to=' . urlencode($mail_sent_to))); } if ($_GET['action'] == 'preview' && !$_POST['customers_email_address']) { $messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error'); } if ($_GET['mail_sent_to']) { $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
$countries_iso_code_3 = olc_db_prepare_input($_POST['countries_iso_code_3']); $address_format_id = olc_db_prepare_input($_POST['address_format_id']); olc_db_query(INSERT_INTO . TABLE_COUNTRIES . " (countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id) values ('" . olc_db_input($countries_name) . "', '" . olc_db_input($countries_iso_code_2) . "', '" . olc_db_input($countries_iso_code_3) . "', '" . olc_db_input($address_format_id) . "')"); olc_redirect(olc_href_link(FILENAME_COUNTRIES)); break; case 'save': $countries_id = olc_db_prepare_input($_GET['cID']); $countries_name = olc_db_prepare_input($_POST['countries_name']); $countries_iso_code_2 = olc_db_prepare_input($_POST['countries_iso_code_2']); $countries_iso_code_3 = olc_db_prepare_input($_POST['countries_iso_code_3']); $address_format_id = olc_db_prepare_input($_POST['address_format_id']); olc_db_query(SQL_UPDATE . TABLE_COUNTRIES . " set countries_name = '" . olc_db_input($countries_name) . "', countries_iso_code_2 = '" . olc_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . olc_db_input($countries_iso_code_3) . "', address_format_id = '" . olc_db_input($address_format_id) . "' where countries_id = '" . olc_db_input($countries_id) . APOS); olc_redirect(olc_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id)); break; case 'deleteconfirm': $countries_id = olc_db_prepare_input($_GET['cID']); olc_db_query(DELETE_FROM . TABLE_COUNTRIES . " where countries_id = '" . olc_db_input($countries_id) . APOS); olc_redirect(olc_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'])); break; } } require DIR_WS_INCLUDES . 'header.php'; ?> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td class="columnLeft2" nowrap="nowrap" valign="top"> <table border="0" cellspacing="1" cellpadding="1" class="columnLeft" nowrap="nowrap"> <!-- left_navigation //--> <?php require DIR_WS_INCLUDES . 'column_left.php'; ?>
} $date_scheduled = olc_db_prepare_input($_POST['date_scheduled']); if ($date_scheduled) { list($day, $month, $year) = explode('.', $date_scheduled); $date_scheduled = $year . (strlen($month) == 1 ? '0' . $month : $month) . (strlen($day) == 1 ? '0' . $day : $day); $sql_update .= ", status = '0', date_scheduled = '" . $date_scheduled; } olc_db_query(SQL_UPDATE . TABLE_BANNERS . $sql_update . " where banners_id = '" . $banners_id . APOS); olc_redirect(olc_href_link(FILENAME_BANNER_MANAGER, $page_parameter . '&bID=' . $banners_id)); } else { $action = 'new'; } break; case 'deleteconfirm': $banners_id = $bID; $delete_image = olc_db_prepare_input($_POST['delete_image']); if ($delete_image == 'on') { $sql_where = " where banners_id = '" . $banners_id . APOS; $banner_query = olc_db_query("select banners_image from " . TABLE_BANNERS . $sql_where); $banner = olc_db_fetch_array($banner_query); $file = DIR_FS_CATALOG_IMAGES . $banner['banners_image']; if (is_file($file)) { if (is_writeable($file)) { unlink($file); } else { $messageStack->add_session(ERROR_IMAGE_IS_NOT_WRITEABLE, 'error'); } } else { $messageStack->add_session(ERROR_IMAGE_DOES_NOT_EXIST, 'error'); } }
$a_level = olc_db_prepare_input($_GET['a_level']); $level_clause = " AND a.affiliate_level = '" . $a_level . APOS; } $affiliate_sales_raw = "select a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent,\n a.affiliate_payment, a.affiliate_level AS level,\n o.orders_status as orders_status_id, os.orders_status_name as orders_status, \n MONTH(aa.affiliate_date_account_created) as start_month, YEAR(aa.affiliate_date_account_created) as start_year\n from " . TABLE_AFFILIATE . " aa\n left join " . TABLE_AFFILIATE_SALES . " a on (aa.affiliate_id = a.affiliate_id )\n left join " . TABLE_ORDERS . " o on (a.affiliate_orders_id = o.orders_id) \n left join " . TABLE_ORDERS_STATUS . " os on (o.orders_status = os.orders_status_id and language_id = '" . SESSION_LANGUAGE_ID . "')\n where a.affiliate_id = '" . $_SESSION['affiliate_id'] . "' " . $period_clause . $status_clause . $level_clause . " \n group by aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, \n a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, \n o.orders_status, os.orders_status_name\n order by affiliate_date DESC"; $count_key = 'aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, o.orders_status, os.orders_status_name'; $affiliate_sales_split = new splitPageResults($affiliate_sales_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $count_key); if ($affiliate_sales_split->number_of_rows > 0) { $affiliate_sales_values = olc_db_query($affiliate_sales_split->sql_query); $affiliate_sales = olc_db_fetch_array($affiliate_sales_values); } else { $affiliate_sales_values = olc_db_query("select MONTH(affiliate_date_account_created) as start_month,\n YEAR(affiliate_date_account_created) as start_year\n FROM " . TABLE_AFFILIATE . " WHERE affiliate_id = '" . $_SESSION['affiliate_id'] . APOS); $affiliate_sales = olc_db_fetch_array($affiliate_sales_values); } $smarty->assign('period_selector', affiliate_period('a_period', $affiliate_sales['start_year'], $affiliate_sales['start_month'], true, olc_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"')); $smarty->assign('status_selector', affiliate_get_status_list('a_status', olc_db_prepare_input($_GET['a_status']), 'onchange="this.form.submit();"')); $smarty->assign('level_selector', affiliate_get_level_list('a_level', olc_db_prepare_input($_GET['a_level']), 'onchange="this.form.submit();"')); require DIR_WS_INCLUDES . 'header.php'; $smarty->assign('affiliate_sales_split_numbers', $affiliate_sales_split->number_of_rows); $smarty->assign('FORM_ACTION', olc_draw_form('params', olc_href_link(FILENAME_AFFILIATE_SALES), 'get', SSL)); $affiliate_sales_table = ''; if ($affiliate_sales_split->number_of_rows > 0) { $number_of_sales = 0; $sum_of_earnings = 0; do { $number_of_sales++; if ($affiliate_sales['orders_status_id'] >= AFFILIATE_PAYMENT_ORDER_MIN_STATUS) { $sum_of_earnings += $affiliate_sales['affiliate_payment']; } if ($number_of_sales / 2 == floor($number_of_sales / 2)) { $affiliate_sales_table .= '<tr class="productListing-even">'; } else {