function remove($products_id)
{
$this->contents[$products_id] = NULL;
// remove from database
if (vam_session_is_registered('customer_id')) {
vam_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . $_SESSION['customer_id'] . "' and products_id = '" . $products_id . "'");
vam_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . $_SESSION['customer_id'] . "' and products_id = '" . $products_id . "'");
}
// assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure
$this->cartID = $this->generate_cart_id();
}
require_once DIR_FS_ADMIN_CLASSES . 'ci_message.class.php';
$message = new message();
//Must be included after ci_message.class.php:
require_once DIR_FS_ADMIN_CLASSES . 'ci_cip_manager.class.php';
$cip_manager = new cip_manager($current_path);
require_once DIR_FS_ADMIN_FUNCTIONS . 'contrib_installer.php';
//set_current_path:
//if (defined('DIR_FS_CIP')) $current_path=DIR_FS_CIP;
//This must protect contrib_dir parameter
if (isset($_REQUEST['contrib_dir']) && $_REQUEST['action'] == 'install' && $_REQUEST['cip'] == $cip_manager->ci_cip() && is_dir($_REQUEST['contrib_dir'])) {
$current_path = $_REQUEST['contrib_dir'];
}
if (strstr($current_path, '..') or !is_dir($current_path) or defined(DIR_FS_CIP) && !preg_match('/^/' . DIR_FS_CIP, $current_path)) {
$current_path = DIR_FS_CIP;
}
if (!vam_session_is_registered('current_path')) {
vam_session_register('current_path');
}
$current_path = str_replace('//', '/', $current_path);
// Nessesary for self-install. We redirect from init_contrib_installer.php with this patameters:
if (!defined(DIR_FS_CIP) && $_REQUEST['contrib_dir']) {
define('DIR_FS_CIP', $_REQUEST['contrib_dir']);
}
//Check if ontrib Installer installed:
if (DIR_FS_CIP == 'DIR_FS_CIP') {
vam_redirect(vam_href_link(INIT_CONTRIB_INSTALLER));
}
//Check if self-install was made:
if ($_REQUEST['cip'] != $cip_manager->ci_cip() && $_REQUEST['contrib_dir'] && !$cip_manager->is_ci_installed()) {
vam_redirect(vam_href_link(INIT_CONTRIB_INSTALLER));
}
function amSessionIsRegistered($strSessionVar)
{
return vam_session_is_registered($strSessionVar);
}
} else {
session_start();
include DIR_WS_INCLUDES . 'tracking.php';
$session_started = true;
}
// check the Agent
$truncate_session_id = false;
if (CHECK_CLIENT_AGENT) {
if (vam_check_agent() == 1) {
$truncate_session_id = true;
}
}
// verify the ssl_session_id if the feature is enabled
if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started == true) {
$ssl_session_id = getenv('SSL_SESSION_ID');
if (!vam_session_is_registered('SSL_SESSION_ID')) {
$_SESSION['SESSION_SSL_ID'] = $ssl_session_id;
}
if ($_SESSION['SESSION_SSL_ID'] != $ssl_session_id) {
session_destroy();
vam_redirect(vam_href_link(FILENAME_SSL_CHECK));
}
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'True') {
$http_user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
$http_user_agent2 = strtolower(getenv("HTTP_USER_AGENT"));
$http_user_agent = $http_user_agent == $http_user_agent2 ? $http_user_agent : $http_user_agent . ';' . $http_user_agent2;
if (!isset($_SESSION['SESSION_USER_AGENT'])) {
$_SESSION['SESSION_USER_AGENT'] = $http_user_agent;
}
(c) 2000-2001 The Exchange Project (earlier name of osCommerce)
(c) 2002-2003 osCommercebased on original files from OSCommerce CVS 2.2 2002/08/28 02:14:35 www.oscommerce.com
(c) 2003 nextcommerce (loginbox.php,v 1.10 2003/08/17); www.nextcommerce.org
(c) 2004 xt:Commerce (loginbox.php,v 1.10 2003/08/13); xt-commerce.com
Released under the GNU General Public License
-----------------------------------------------------------------------------------------
Third Party contributions:
Loginbox V1.0 Aubrey Kilian <*****@*****.**>
Released under the GNU General Public License
---------------------------------------------------------------------------------------*/
$box = new vamTemplate();
$box->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$box_content = '';
require_once DIR_FS_INC . 'vam_image_submit.inc.php';
require_once DIR_FS_INC . 'vam_draw_password_field.inc.php';
if (!vam_session_is_registered('customer_id')) {
$box->assign('FORM_ACTION', '<form id="loginbox" method="post" action="' . vam_href_link(FILENAME_LOGIN, 'action=process', 'SSL') . '">');
$box->assign('FIELD_EMAIL', vam_draw_input_field('email_address', '', ''));
$box->assign('FIELD_PWD', vam_draw_password_field('password', '', ''));
$box->assign('BUTTON', vam_image_submit('login.png', IMAGE_BUTTON_LOGIN));
$box->assign('LINK_LOST_PASSWORD', vam_href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'SSL'));
$box->assign('LINK_NEW_ACCOUNT', vam_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
$box->assign('FORM_END', '</form>');
$box->assign('BOX_CONTENT', $loginboxcontent);
$box->caching = 0;
$box->assign('language', $_SESSION['language']);
$box_loginbox = $box->fetch(CURRENT_TEMPLATE . '/boxes/box_login.html');
$vamTemplate->assign('box_LOGIN', $box_loginbox);
}
function vam_get_filter_sql($filter_class, $specifications_id, $filter_array = array(), $products_column_name, $languages_id)
{
global $customer_zone_id, $customer_country_id;
$sql_array = array('from' => '', 'where' => '');
$filter_array = is_array($filter_array) ? $filter_array : array($filter_array);
// If the Show All option is set, return a blank string
if (isset($filter_array[0]) && ($filter_array[0] == '0' || $filter_array[0] == '')) {
return $sql_array;
} else {
// Scrub the filter array so apostrophes in filters don't error out.
foreach ($filter_array as $filterKey => $filterValue) {
$filter_array[$filterKey] = vam_db_input($filterValue);
}
// The Manufacturer's column contains an ID and not the name, so we have to change it
if ($products_column_name == 'manufacturers_id') {
$filter_array = vam_get_manufacturer_id($filter_array, $products_column_name);
$products_column_name = 'p.' . $products_column_name;
}
// if ($products_column_name == 'manufacturers_id')
// The final_price column doesn't actually exist, so we have to generate it
$final_price = false;
if ($products_column_name == 'final_price') {
$final_price = true;
$products_column_name = ' IF(s.status, s.specials_new_products_price, p.products_price) ';
}
// if ($products_column_name == 'final_price')
switch ($filter_class) {
case 'exact':
$filter_array = array_map('vam_set_filter_case', $filter_array);
foreach ($filter_array as $filter) {
if (isset($filter) && $filter != '0' && $filter != '') {
if (strlen($products_column_name) > 1) {
// Use an existing column
$sql_array['where'] .= " AND " . $products_column_name . " <=> " . $filter . " ";
} else {
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$sql_array['where'] .= " AND ps" . $specifications_id . ".specification <=> " . $filter . "\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
}
// if (strlen ($products_column_name ... else ...
}
// if (isset ($filter
}
// foreach ($filter_array
break;
case 'multiple':
$filter_array = array_map('vam_set_filter_case', $filter_array);
if (strlen($products_column_name) > 1) {
$sql_array['where'] .= " and " . $products_column_name . " in (";
$first = true;
foreach ($filter_array as $filter) {
if ($first == true) {
$first = false;
$sql_array['where'] .= " " . $filter . " ";
} else {
$sql_array['where'] .= ", " . $filter . " ";
}
}
$sql_array['where'] .= ") ";
} else {
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$first = true;
foreach ($filter_array as $filter) {
if ($filter != '0') {
if ($first == true) {
$first = false;
$sql_array['where'] .= " AND ps" . $specifications_id . ".specification in (" . $filter . "\n ";
} else {
$sql_array['where'] .= ", " . $filter . "\n ";
}
}
}
$sql_array['where'] .= ") AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
foreach ($filter_array as $filter) {
if ($filter == '0') {
$sql_array = array('from' => '', 'where' => '');
}
}
}
break;
case 'range':
$filters_range = explode('-', $filter_array[0]);
$filters_range = array_map('vam_set_filter_case', $filters_range);
if (!vam_session_is_registered('customer_id')) {
$country_id = STORE_COUNTRY;
$zone_id = STORE_ZONE;
} else {
$country_id = $customer_country_id;
$zone_id = $customer_zone_id;
}
if (strlen($products_column_name) > 1) {
if (count($filters_range) < 2) {
// There is only one parameter, so it is a minimum
if (DISPLAY_PRICE_WITH_TAX == 'true' && ($products_column_name == 'products_price' || $final_price == true)) {
$sql_array['from'] .= " inner join " . TABLE_TAX_RATES . " tr\n on tr.tax_class_id = p.products_tax_class_id\n left join " . TABLE_ZONES_TO_GEO_ZONES . " za\n on (tr.tax_zone_id = za.geo_zone_id)\n left join " . TABLE_GEO_ZONES . " tz\n on (tz.geo_zone_id = tr.tax_zone_id)\n ";
$sql_array['where'] .= " AND (" . $products_column_name . " * (1.0 + (tr.tax_rate / 100) ) ) > " . $filters_range[0] . "\n and (za.zone_country_id is null\n or za.zone_country_id = '0'\n or za.zone_country_id = '" . (int) $country_id . "')\n and (za.zone_id is null\n or za.zone_id = '0'\n or za.zone_id = '" . (int) $zone_id . "')\n ";
} else {
$sql_array['where'] .= " and " . $products_column_name . " > " . $filters_range[0] . " ";
}
} else {
if (DISPLAY_PRICE_WITH_TAX == 'true' && ($products_column_name == 'products_price' || $final_price == true)) {
$sql_array['from'] .= " inner join " . TABLE_TAX_RATES . " tr\n on tr.tax_class_id = p.products_tax_class_id\n left join " . TABLE_ZONES_TO_GEO_ZONES . " za\n on (tr.tax_zone_id = za.geo_zone_id)\n left join " . TABLE_GEO_ZONES . " tz\n on (tz.geo_zone_id = tr.tax_zone_id)\n ";
$sql_array['where'] .= " and ( (" . $products_column_name . " * (1.0 + (tr.tax_rate / 100) ) ) between " . $filters_range[0] . " and " . $filters_range[1] . ")\n and (za.zone_country_id is null\n or za.zone_country_id = '0'\n or za.zone_country_id = '" . (int) $country_id . "')\n and (za.zone_id is null\n or za.zone_id = '0'\n or za.zone_id = '" . (int) $zone_id . "')\n ";
} else {
$sql_array['where'] .= " and (" . $products_column_name . " between " . $filters_range[0] . " and " . $filters_range[1] . ") ";
}
}
} else {
if (count($filters_range) < 2) {
// There is only one parameter, so it is a minimum
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$sql_array['where'] .= " AND ps" . $specifications_id . ".specification > " . $filters_range[0] . "\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
} else {
// There are two parameters, so treat them as minimum and maximum
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$sql_array['where'] .= " AND (ps" . $specifications_id . ".specification between " . $filters_range[0] . " and " . $filters_range[1] . ")\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
}
}
break;
case 'reverse':
// No existing columns are set up as a reverse range, so this filter class has no provision for existing columns
$filter_array = array_map('vam_set_filter_case', $filter_array);
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$sql_array['where'] .= " AND " . $filter_array[0] . " BETWEEN SUBSTRING_INDEX(ps" . $specifications_id . ".specification,'-',1) AND SUBSTRING_INDEX(ps" . $specifications_id . ".specification,'-',-1)\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
break;
case 'start':
if (strlen($products_column_name) > 1) {
$sql_array['where'] .= " and " . $products_column_name . " like '" . $filter_array[0] . "%' ";
} else {
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$sql_array['where'] .= " AND ps" . $specifications_id . ".specification LIKE '" . $filter_array[0] . "%'\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
}
break;
case 'partial':
if (strlen($products_column_name) > 1) {
$sql_array['where'] .= " and " . $products_column_name . " like '%" . $filter_array[0] . "%' ";
} else {
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$sql_array['where'] .= " AND ps" . $specifications_id . ".specification like '%" . $filter_array[0] . "%'\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
}
break;
case 'like':
// Function currently uses 'sounds like' to do a soundex match
if (strlen($products_column_name) > 1) {
$sql_array['where'] .= " and " . $products_column_name . " sounds like '%" . $filter_array[0] . "%' ";
} else {
$sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id ";
$sql_array['where'] .= " AND ps" . $specifications_id . ".specification sounds like '" . $filter_array[0] . "'\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n ";
}
break;
case 'none':
case '':
default:
break;
}
// switch ($filter_class
}
// if (count ($filter_array) ... else ...
return $sql_array;
}
if (SESSION_CHECK_USER_AGENT == 'True') {
$http_user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
$http_user_agent2 = strtolower(getenv("HTTP_USER_AGENT"));
$http_user_agent = $http_user_agent == $http_user_agent2 ? $http_user_agent : $http_user_agent . ';' . $http_user_agent2;
if (!isset($_SESSION['SESSION_USER_AGENT'])) {
$_SESSION['SESSION_USER_AGENT'] = $http_user_agent;
}
if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) {
session_destroy();
vam_redirect(vam_href_link(FILENAME_LOGIN));
}
}
// verify the IP address if the feature is enabled
if (SESSION_CHECK_IP_ADDRESS == 'True') {
$ip_address = vam_get_ip_address();
if (!vam_session_is_registered('SESSION_IP_ADDRESS')) {
$_SESSION['SESSION_IP_ADDRESS'] = $ip_address;
}
if ($_SESSION['SESSION_IP_ADDRESS'] != $ip_address) {
session_destroy();
vam_redirect(vam_href_link(FILENAME_LOGIN));
}
}
// set the language
if (!isset($_SESSION['language']) || isset($_GET['language'])) {
include DIR_WS_CLASSES . 'language.php';
$lng = new language($_GET['language']);
if (!isset($_GET['language'])) {
$lng->get_browser_language();
}
$_SESSION['language'] = $lng->language['directory'];
function vam_collect_posts()
{
global $coupon_no, $REMOTE_ADDR, $vamPrice, $cc_id;
if (!$REMOTE_ADDR) {
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
}
if ($_POST['gv_redeem_code']) {
$gv_query = vam_db_query("select coupon_id, coupon_amount, coupon_type, coupon_minimum_order,uses_per_coupon, uses_per_user, restrict_to_products,restrict_to_categories from " . TABLE_COUPONS . " where coupon_code='" . $_POST['gv_redeem_code'] . "' and coupon_active='Y'");
$gv_result = vam_db_fetch_array($gv_query);
if (vam_db_num_rows($gv_query) != 0) {
$redeem_query = vam_db_query("select * from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $gv_result['coupon_id'] . "'");
if (vam_db_num_rows($redeem_query) != 0 && $gv_result['coupon_type'] == 'G') {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_INVALID_REDEEM_GV), 'SSL'));
}
} else {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_INVALID_REDEEM_GV), 'SSL'));
}
// GIFT CODE G START
if ($gv_result['coupon_type'] == 'G') {
$gv_amount = $gv_result['coupon_amount'];
// Things to set
// ip address of claimant
// customer id of claimant
// date
// redemption flag
// now update customer account with gv_amount
$gv_amount_query = vam_db_query("select amount from " . TABLE_COUPON_GV_CUSTOMER . " where customer_id = '" . $_SESSION['customer_id'] . "'");
$customer_gv = false;
$total_gv_amount = $gv_amount;
if ($gv_amount_result = vam_db_fetch_array($gv_amount_query)) {
$total_gv_amount = $gv_amount_result['amount'] + $gv_amount;
$customer_gv = true;
}
$gv_update = vam_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $gv_result['coupon_id'] . "'");
$gv_redeem = vam_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $gv_result['coupon_id'] . "', '" . $_SESSION['customer_id'] . "', now(),'" . $REMOTE_ADDR . "')");
if ($customer_gv) {
// already has gv_amount so update
$gv_update = vam_db_query("update " . TABLE_COUPON_GV_CUSTOMER . " set amount = '" . $total_gv_amount . "' where customer_id = '" . $_SESSION['customer_id'] . "'");
} else {
// no gv_amount so insert
$gv_insert = vam_db_query("insert into " . TABLE_COUPON_GV_CUSTOMER . " (customer_id, amount) values ('" . $_SESSION['customer_id'] . "', '" . $total_gv_amount . "')");
}
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(REDEEMED_AMOUNT . $vamPrice->Format($gv_amount, true, 0, true)), 'SSL'));
} else {
if (vam_db_num_rows($gv_query) == 0) {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_INVALID_REDEEM_COUPON), 'SSL'));
}
$date_query = vam_db_query("select coupon_start_date from " . TABLE_COUPONS . " where coupon_start_date <= now() and coupon_code='" . $_POST['gv_redeem_code'] . "'");
if (vam_db_num_rows($date_query) == 0) {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_STARTDATE_COUPON), 'SSL'));
}
$date_query = vam_db_query("select coupon_expire_date from " . TABLE_COUPONS . " where coupon_expire_date >= now() and coupon_code='" . $_POST['gv_redeem_code'] . "'");
if (vam_db_num_rows($date_query) == 0) {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_FINISDATE_COUPON), 'SSL'));
}
$coupon_count = vam_db_query("select coupon_id from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $gv_result['coupon_id'] . "'");
$coupon_count_customer = vam_db_query("select coupon_id from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $gv_result['coupon_id'] . "' and customer_id = '" . $_SESSION['customer_id'] . "'");
if (vam_db_num_rows($coupon_count) >= $gv_result['uses_per_coupon'] && $gv_result['uses_per_coupon'] > 0) {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_USES_COUPON . $gv_result['uses_per_coupon'] . TIMES), 'SSL'));
}
if (vam_db_num_rows($coupon_count_customer) >= $gv_result['uses_per_user'] && $gv_result['uses_per_user'] > 0) {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_USES_USER_COUPON . $gv_result['uses_per_user'] . TIMES), 'SSL'));
}
if ($gv_result['coupon_type'] == 'S') {
$coupon_amount = $order->info['shipping_cost'];
} else {
$coupon_amount = $gv_result['coupon_amount'] . ' ';
}
if ($gv_result['coupon_type'] == 'P') {
$coupon_amount = $gv_result['coupon_amount'] . '% ';
}
if ($gv_result['coupon_minimum_order'] > 0) {
$coupon_amount .= 'on orders greater than ' . $gv_result['coupon_minimum_order'];
}
if (!vam_session_is_registered('cc_id')) {
vam_session_register('cc_id');
}
//Fred - this was commented out before
$_SESSION['cc_id'] = $gv_result['coupon_id'];
//Fred ADDED, set the global and session variable
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(REDEEMED_COUPON), 'SSL'));
}
}
if ($_POST['submit_redeem_x'] && $gv_result['coupon_type'] == 'G') {
vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_REDEEM_CODE), 'SSL'));
}
}
