function affiliate_insert($sql_data_array, $affiliate_parent = 0) { // LOCK TABLES @mysql_query("LOCK TABLES " . TABLE_AFFILIATE . " WRITE"); if ($affiliate_parent > 0) { $affiliate_root_query = xtc_db_query("select affiliate_root, affiliate_rgt, affiliate_lft�from " . TABLE_AFFILIATE . " where affiliate_id = '" . $affiliate_parent . "' "); // Check if we have a parent affiliate if ($affiliate_root_array = xtc_db_fetch_array($affiliate_root_query)) { xtc_db_query("update " . TABLE_AFFILIATE . " SET affiliate_lft = affiliate_lft + 2 WHERE affiliate_root = '" . $affiliate_root_array['affiliate_root'] . "' and affiliate_lft > " . $affiliate_root_array['affiliate_rgt'] . " AND affiliate_rgt >= " . $affiliate_root_array['affiliate_rgt'] . " "); xtc_db_query("update " . TABLE_AFFILIATE . " SET affiliate_rgt = affiliate_rgt + 2 WHERE affiliate_root = '" . $affiliate_root_array['affiliate_root'] . "' and affiliate_rgt >= " . $affiliate_root_array['affiliate_rgt'] . " "); $sql_data_array['affiliate_root'] = $affiliate_root_array['affiliate_root']; $sql_data_array['affiliate_lft'] = $affiliate_root_array['affiliate_rgt']; $sql_data_array['affiliate_rgt'] = $affiliate_root_array['affiliate_rgt'] + 1; xtc_db_perform(TABLE_AFFILIATE, $sql_data_array); $affiliate_id = xtc_db_insert_id(); } // no parent -> new root } else { $sql_data_array['affiliate_lft'] = '1'; $sql_data_array['affiliate_rgt'] = '2'; xtc_db_perform(TABLE_AFFILIATE, $sql_data_array); $affiliate_id = xtc_db_insert_id(); xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_root = '" . $affiliate_id . "' where affiliate_id = '" . $affiliate_id . "' "); } // UNLOCK TABLES @mysql_query("UNLOCK TABLES"); return $affiliate_id; }
/** * All PaymentMethods without SR: Fill table sofort_orders_notification * @param int $sofortOrdersId - key from table sofort_orders * @return last insert_id * @see insertSofortOrdersNotification() */ function updateTimeline($sofortOrdersId, $orderStatus, $comment) { if (!$sofortOrdersId) { return false; } $sqlDataArray = array('sofort_orders_id' => $sofortOrdersId, 'items' => '', 'amount' => 0, 'customer_comment' => $comment, 'seller_comment' => $comment, 'status_id' => 0, 'status' => $orderStatus, 'status_reason' => '', 'invoice_status' => '', 'invoice_objection' => ''); xtc_db_query(HelperFunctions::getEscapedInsertInto('sofort_orders_notification', $sqlDataArray)); return xtc_db_insert_id(); // fetch and return the last insert id }
function CustomersUpdate() { global $_POST, $Lang_folder; $customers_id = -1; // include PW function require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php'; if (isset($_POST['cID'])) { $customers_id = xtc_db_prepare_input($_POST['cID']); } // security check, if user = admin, dont allow to perform changes if ($customers_id != -1) { $sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'"); $sec_data = xtc_db_fetch_array($sec_query); if ($sec_data['customers_status'] == 0) { print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', ''); return; } } $sql_customers_data_array = array(); if (isset($_POST['customers_cid'])) { $sql_customers_data_array['customers_cid'] = $_POST['customers_cid']; } if (isset($_POST['customers_firstname'])) { $sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname']; } if (isset($_POST['customers_lastname'])) { $sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname']; } if (isset($_POST['customers_dob'])) { $sql_customers_data_array['customers_dob'] = $_POST['customers_dob']; } if (isset($_POST['customers_email'])) { $sql_customers_data_array['customers_email_address'] = $_POST['customers_email']; } if (isset($_POST['customers_tele'])) { $sql_customers_data_array['customers_telephone'] = $_POST['customers_tele']; } if (isset($_POST['customers_fax'])) { $sql_customers_data_array['customers_fax'] = $_POST['customers_fax']; } if (isset($_POST['customers_gender'])) { $sql_customers_data_array['customers_gender'] = $_POST['customers_gender']; } if (file_exists('cao_custupd_1.php')) { include 'cao_custupd_1.php'; } if (isset($_POST['customers_password'])) { $sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']); } $sql_address_data_array = array(); if (isset($_POST['customers_firstname'])) { $sql_address_data_array['entry_firstname'] = $_POST['customers_firstname']; } if (isset($_POST['customers_lastname'])) { $sql_address_data_array['entry_lastname'] = $_POST['customers_lastname']; } if (isset($_POST['customers_company'])) { $sql_address_data_array['entry_company'] = $_POST['customers_company']; } if (isset($_POST['customers_street'])) { $sql_address_data_array['entry_street_address'] = $_POST['customers_street']; } if (isset($_POST['customers_city'])) { $sql_address_data_array['entry_city'] = $_POST['customers_city']; } if (isset($_POST['customers_postcode'])) { $sql_address_data_array['entry_postcode'] = $_POST['customers_postcode']; } if (isset($_POST['customers_gender'])) { $sql_address_data_array['entry_gender'] = $_POST['customers_gender']; } if (isset($_POST['customers_country_id'])) { $country_code = $_POST['customers_country_id']; } $country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1"; $country_result = xtc_db_query($country_query); $row = xtc_db_fetch_array($country_result); $sql_address_data_array['entry_country_id'] = $row['countries_id']; $count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1"); $check = xtc_db_fetch_array($count_query); if ($check['count'] > 0) { $mode = 'UPDATE'; $address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1"); $customer = xtc_db_fetch_array($address_book_result); xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1"); xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1"); xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1"); } else { $mode = 'APPEND'; if (strlen($_POST['customers_password']) == 0) { // generate PW if empty $pw = xtc_RandomString(8); $sql_customers_data_array['customers_password'] = xtc_create_password($pw); } else { $pw = $_POST['customers_password']; } xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array); $customers_id = xtc_db_insert_id(); $sql_address_data_array['customers_id'] = $customers_id; xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array); $address_id = xtc_db_insert_id(); xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'"); //JP20080401 if (!isset($_POST['customers_price_level'])) { xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'"); } xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())"); } if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') { // generate mail for customer if customer=new require_once DIR_WS_CLASSES . 'class.phpmailer.php'; require_once DIR_FS_INC . 'xtc_php_mail.inc.php'; require_once DIR_FS_INC . 'xtc_add_tax.inc.php'; require_once DIR_FS_INC . 'xtc_not_null.inc.php'; require_once DIR_FS_INC . 'xtc_href_link.inc.php'; require_once DIR_FS_INC . 'xtc_date_long.inc.php'; require_once DIR_FS_INC . 'xtc_check_agent.inc.php'; require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php'; //JP 20080102 $smarty = new Smarty(); //$smarty->assign('language', $check_status['language']); $smarty->assign('language', $Lang_folder); $smarty->caching = false; $smarty->template_dir = DIR_FS_CATALOG . 'templates'; $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c'; $smarty->config_dir = DIR_FS_CATALOG . 'lang'; //BOF - GTB - 2010-08-03 - Security Fix - Base $smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/'); //$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/'); //EOF - GTB - 2010-08-03 - Security Fix - Base $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/'); $smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']); $smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']); $smarty->assign('PASSWORD', $pw); //$smarty->assign('language', $Lang_folder); $smarty->assign('content', $module_content); $smarty->caching = false; $html_mail = $smarty->fetch('db:create_account_mail_admin.html'); $txt_mail = $smarty->fetch('db:create_account_mail_admin.txt'); // send mail with html/txt template xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail); } print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id); }
} if ($_POST['products_id']) { $affiliate_products_id = $_POST['products_id']; } if ($_GET['affiliate_banner_id']) { $affiliate_banner_id = $_GET['affiliate_banner_id']; } if ($_POST['affiliate_banner_id']) { $affiliate_banner_id = $_POST['affiliate_banner_id']; } if (!$link_to) { $link_to = "0"; } $sql_data_array = array('affiliate_id' => $_SESSION['affiliate_ref'], 'affiliate_clientdate' => $affiliate_clientdate, 'affiliate_clientbrowser' => $affiliate_clientbrowser, 'affiliate_clientip' => $affiliate_clientip, 'affiliate_clientreferer' => $affiliate_clientreferer, 'affiliate_products_id' => $affiliate_products_id, 'affiliate_banner_id' => $affiliate_banner_id); xtc_db_perform(TABLE_AFFILIATE_CLICKTHROUGHS, $sql_data_array); $_SESSION['affiliate_clickthroughs_id'] = xtc_db_insert_id(); // Banner has been clicked, update stats: if ($affiliate_banner_id && $_SESSION['affiliate_ref']) { $today = date('Y-m-d'); $sql = "select * from " . TABLE_AFFILIATE_BANNERS_HISTORY . " where affiliate_banners_id = '" . $affiliate_banner_id . "' and affiliate_banners_affiliate_id = '" . $_SESSION['affiliate_ref'] . "' and affiliate_banners_history_date = '" . $today . "'"; $banner_stats_query = xtc_db_query($sql); // Banner has been shown today if (xtc_db_fetch_array($banner_stats_query)) { xtc_db_query("update " . TABLE_AFFILIATE_BANNERS_HISTORY . " set affiliate_banners_clicks = affiliate_banners_clicks + 1 where affiliate_banners_id = '" . $affiliate_banner_id . "' and affiliate_banners_affiliate_id = '" . $_SESSION['affiliate_ref'] . "' and affiliate_banners_history_date = '" . $today . "'"); // Initial entry if banner has not been shown } else { $sql_data_array = array('affiliate_banners_id' => $affiliate_banner_id, 'affiliate_banners_products_id' => $affiliate_products_id, 'affiliate_banners_affiliate_id' => $_SESSION['affiliate_ref'], 'affiliate_banners_clicks' => '1', 'affiliate_banners_history_date' => $today); xtc_db_perform(TABLE_AFFILIATE_BANNERS_HISTORY, $sql_data_array); } } // Set Cookie if the customer comes back and orders it counts
xtc_db_query("delete from " . TABLE_ZONES_TO_GEO_ZONES . " where association_id = '" . xtc_db_input($sID) . "'"); xtc_redirect(xtc_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&action=list&spage=' . $_GET['spage'])); break; } switch ($_GET['action']) { case 'insert_zone': $error = array(); $geo_zone_name = xtc_db_prepare_input($_POST['geo_zone_name']); $geo_zone_description = xtc_db_prepare_input($_POST['geo_zone_description']); $check_if_name_exist = xtc_db_find_database_field(TABLE_GEO_ZONES, 'geo_zone_name', $geo_zone_name, 'geo_zone_name'); if (!$geo_zone_name || $check_if_name_exist) { $error[] = ERROR_TEXT_NAME; } if (empty($error)) { xtc_db_query("insert into " . TABLE_GEO_ZONES . " (geo_zone_name, geo_zone_description, date_added) values ('" . xtc_db_input($geo_zone_name) . "', '" . xtc_db_input($geo_zone_description) . "', now())"); $new_zone_id = xtc_db_insert_id(); xtc_redirect(xtc_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id)); } else { $_SESSION['repopulate_form'] = $_REQUEST; $_SESSION['errors'] = $error; xtc_redirect(xtc_href_link(FILENAME_GEO_ZONES, 'page=' . $_GET['page'] . '&action=new_zone&errors=1')); } break; case 'save_zone': $error = array(); $zID = xtc_db_prepare_input($_GET['zID']); $geo_zone_name = xtc_db_prepare_input($_POST['geo_zone_name']); $geo_zone_description = xtc_db_prepare_input($_POST['geo_zone_description']); $check_if_name_exist = xtc_db_find_database_field(TABLE_GEO_ZONES, 'geo_zone_name', $geo_zone_name); if (!$geo_zone_name || $check_if_name_exist) { if ($check_if_name_exist['geo_zone_id'] != $zID) {
/** * insert article in shop order (e.g. during an undo operation) * @param object $sofortItem * @param int $ordersId * @param string $lng */ protected function _insertShopOrderArticle($sofortItem, $ordersId, $lng) { $itemId = $sofortItem->itemId; $splitItemId = explode('{', $itemId); $productId = $splitItemId[0]; if (count($splitItemId) == '1') { $hasAttributes = false; } else { $hasAttributes = true; for ($i = 1; $i < count($splitItemId); ++$i) { $attrId = explode('}', $splitItemId[$i]); $attributes[] = array('optionsId' => $attrId[0], 'optionsValuesId' => $attrId[1]); } } $data = array('orders_id' => $ordersId, 'products_id' => $productId, 'products_model' => $sofortItem->productNumber, 'products_name' => HelperFunctions::convertEncoding($sofortItem->title, 2), 'products_price' => $sofortItem->unitPrice, 'final_price' => $sofortItem->unitPrice * $sofortItem->quantity, 'products_tax' => $sofortItem->tax, 'products_quantity' => $sofortItem->quantity, 'allow_tax' => '1'); shopDbPerform(TABLE_ORDERS_PRODUCTS, $data); $insertId = xtc_db_insert_id(); shopDbQuery('UPDATE sofort_products SET orders_products_id ="' . $insertId . '" WHERE orders_id = "' . $ordersId . '" AND item_id = "' . $itemId . '"'); if ($hasAttributes) { $lngId = shopDbFetchArray(shopDbQuery("SELECT languages_id FROM " . TABLE_LANGUAGES . " WHERE code = '" . $lng . "'")); foreach ($attributes as $attribute) { $queryTpa = shopDbQuery("SELECT options_values_price, price_prefix FROM " . TABLE_PRODUCTS_ATTRIBUTES . " WHERE products_id ='" . $productId . "' AND options_id = '" . $attribute['optionsId'] . "' AND options_values_id ='" . $attribute['optionsValuesId'] . "'"); $resultTpa = shopDbFetchArray($queryTpa); $queryTpo = shopDbQuery("SELECT products_options_name FROM " . TABLE_PRODUCTS_OPTIONS . " WHERE products_options_id = '" . $attribute['optionsId'] . "' AND language_id = '" . $lngId['languages_id'] . "'"); $resultTpo = shopDbFetchArray($queryTpo); $queryTpov = shopDbQuery("SELECT products_options_values_name FROM " . TABLE_PRODUCTS_OPTIONS_VALUES . " WHERE products_options_values_id = '" . $attribute['optionsValuesId'] . "' AND language_id = '" . $lngId['languages_id'] . "'"); $resultTpov = shopDbFetchArray($queryTpov); $data = array('orders_id' => $ordersId, 'orders_products_id' => $insertId, 'products_options' => $resultTpo['products_options_name'], 'products_options_values' => $resultTpov['products_options_values_name'], 'options_values_price' => $resultTpa['options_values_price'], 'price_prefix' => $resultTpa['price_prefix']); shopDbPerform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $data); } } }
} if (!$campaigns_name || $check_if_name_exist) { if ($_GET['action'] == 'save') { if ($check_if_name_exist['campaigns_id'] != $campaigns_id) { $error[] = ERROR_TEXT_NAME; } } else { $error[] = ERROR_TEXT_NAME; } } if (empty($error)) { if ($_GET['action'] == 'insert') { $insert_sql_data = array('date_added' => 'now()'); $sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_CAMPAIGNS, $sql_data_array); $campaigns_id = xtc_db_insert_id(); } elseif ($_GET['action'] == 'save') { $update_sql_data = array('last_modified' => 'now()'); $sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data); xtc_db_perform(TABLE_CAMPAIGNS, $sql_data_array, 'update', "campaigns_id = '" . xtc_db_input($campaigns_id) . "'"); } xtc_redirect(xtc_href_link(FILENAME_CAMPAIGNS, 'page=' . $_GET['page'] . '&cID=' . $campaigns_id)); } else { $_SESSION['repopulate_form'] = $_REQUEST; $_SESSION['errors'] = $error; xtc_redirect(xtc_href_link(FILENAME_CAMPAIGNS, 'page=' . $_GET['page'] . '&cID=' . $campaigns_id . '&action=' . $url_action . '&errors=1')); } break; case 'deleteconfirm': $campaigns_id = xtc_db_prepare_input($_GET['cID']); xtc_db_query("delete from " . TABLE_CAMPAIGNS . " where campaigns_id = '" . xtc_db_input($campaigns_id) . "'");
/** * Handle the result from the reserveAmount call * * @param string $option payment option * @param array $result response array * @param string $country country * * @return void */ private function _handleResponse($option, $result, $country) { global $order, $customer_id, $sendto, $billto; $link_db = xtc_db_connect(); switch ($option) { case KiTT::PART: $module = "MODULE_PAYMENT_KLARNA_PARTPAYMENT"; break; case KiTT::SPEC: $module = "MODULE_PAYMENT_KLARNA_SPECCAMP"; break; case KiTT::INVOICE: $module = "MODULE_PAYMENT_KLARNA_INVOICE"; break; } $orderStatusQuery = null; $orderStatusId = (int) constant("{$module}_ORDER_STATUS_PENDING_ID"); if ($result[1] == KlarnaFlags::PENDING && $orderStatusId > 0) { $orderStatusQuery = $this->_klarnaDB->query("SELECT orders_status_name FROM " . TABLE_ORDERS_STATUS . " WHERE orders_status_id = {$orderStatusId}"); } else { $orderStatusId = (int) constant("{$module}_ORDER_STATUS_ID"); $orderStatusQuery = $this->_klarnaDB->query("SELECT orders_status_name FROM " . TABLE_ORDERS_STATUS . " WHERE orders_status_id = {$orderStatusId}"); } $orderStatus = $orderStatusQuery->getArray(); $_SESSION['klarna_orderstatus'] = $orderStatus['orders_status_name']; // insert address in address book to get correct address in // confirmation mail (or fetch correct address from address book // if it exists) $q = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '{$country}'"; $check_country_query = $this->_klarnaDB->query($q); $check_country = $check_country_query->getArray(); $cid = $check_country['countries_id']; $q = "SELECT address_book_id FROM " . TABLE_ADDRESS_BOOK . " WHERE customers_id = '" . (int) $customer_id . "' AND entry_firstname = '" . mysqli_real_escape_string($link_db, $order->delivery['firstname']) . "' AND entry_lastname = '" . mysqli_real_escape_string($link_db, $order->delivery['lastname']) . "' AND entry_street_address = '" . mysqli_real_escape_string($link_db, $order->delivery['street_address']) . "' AND entry_postcode = '" . mysqli_real_escape_string($link_db, $order->delivery['postcode']) . "' AND entry_city = '" . mysqli_real_escape_string($link_db, $order->delivery['city']) . "' AND entry_company = '" . mysqli_real_escape_string($link_db, $order->delivery['company']) . "'"; $check_address_query = $this->_klarnaDB->query($q); $check_address = $check_address_query->getArray(); if (is_array($check_address) && $check_address_query->count() > 0) { $sendto = $billto = $check_address['address_book_id']; } else { $sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $order->delivery['firstname'], 'entry_lastname' => $order->delivery['lastname'], 'entry_company' => $order->delivery['company'], 'entry_street_address' => $order->delivery['street_address'], 'entry_postcode' => $order->delivery['postcode'], 'entry_city' => $order->delivery['city'], 'entry_country_id' => $cid); xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $sendto = $billto = xtc_db_insert_id(); } $_SESSION['klarna_refno'] = $result[0]; }
//BOC - web28 - 2012-04-08 - set order addresses to customers default address $customers_query = xtc_db_query("SELECT * FROM " . TABLE_ADDRESS_BOOK . "\n WHERE customers_id = '" . (int) $_GET['cID'] . "'\n AND address_book_id = '" . (int) $customers1['customers_default_address_id'] . "'\n "); //EOC - web28 - 2012-04-08 - set order addresses to customers default address //TODO set order addresses to last orders addresses (customers, delivery, billing) $customers = xtc_db_fetch_array($customers_query); //BOF - web28 - 2011-06-10 add missing iso_code2 $country_query = xtc_db_query("SELECT countries_name,\n countries_iso_code_2,\n address_format_id\n FROM " . TABLE_COUNTRIES . "\n WHERE countries_id = '" . (int) $customers['entry_country_id'] . "'"); //EOF - web28 - 2011-06-10 add missing iso_code2 $country = xtc_db_fetch_array($country_query); $stat_query = xtc_db_query("SELECT * FROM " . TABLE_CUSTOMERS_STATUS . " WHERE customers_status_id = '" . (int) $customers1['customers_status'] . "' "); $stat = xtc_db_fetch_array($stat_query); // BOF - DokuMan - 2009-05-22 - BUGFIX: first and last name were not saved when creating manual orders $sql_data_array = array('customers_id' => xtc_db_prepare_input($customers['customers_id']), 'customers_cid' => xtc_db_prepare_input($customers1['customers_cid']), 'customers_vat_id' => xtc_db_prepare_input($customers1['customers_vat_id']), 'customers_status' => xtc_db_prepare_input($customers1['customers_status']), 'customers_status_name' => xtc_db_prepare_input($stat['customers_status_name']), 'customers_status_image' => xtc_db_prepare_input($stat['customers_status_image']), 'customers_status_discount' => xtc_db_prepare_input($stat['customers_status_discount']), 'customers_name' => xtc_db_prepare_input($customers['entry_firstname'] . ' ' . $customers['entry_lastname']), 'customers_lastname' => xtc_db_prepare_input($customers['entry_lastname']), 'customers_firstname' => xtc_db_prepare_input($customers['entry_firstname']), 'customers_company' => xtc_db_prepare_input($customers['entry_company']), 'customers_street_address' => xtc_db_prepare_input($customers['entry_street_address']), 'customers_suburb' => xtc_db_prepare_input($customers['entry_suburb']), 'customers_city' => xtc_db_prepare_input($customers['entry_city']), 'customers_postcode' => xtc_db_prepare_input($customers['entry_postcode']), 'customers_state' => xtc_db_prepare_input($customers['entry_state']), 'customers_country' => xtc_db_prepare_input($country['countries_name']), 'customers_telephone' => xtc_db_prepare_input($customers1['customers_telephone']), 'customers_email_address' => xtc_db_prepare_input($customers1['customers_email_address']), 'customers_address_format_id' => xtc_db_prepare_input($country['address_format_id']), 'delivery_name' => xtc_db_prepare_input($customers['entry_firstname'] . ' ' . $customers['entry_lastname']), 'delivery_lastname' => xtc_db_prepare_input($customers['entry_lastname']), 'delivery_firstname' => xtc_db_prepare_input($customers['entry_firstname']), 'delivery_company' => xtc_db_prepare_input($customers['entry_company']), 'delivery_street_address' => xtc_db_prepare_input($customers['entry_street_address']), 'delivery_suburb' => xtc_db_prepare_input($customers['entry_suburb']), 'delivery_city' => xtc_db_prepare_input($customers['entry_city']), 'delivery_postcode' => xtc_db_prepare_input($customers['entry_postcode']), 'delivery_state' => xtc_db_prepare_input($customers['entry_state']), 'delivery_country' => xtc_db_prepare_input($country['countries_name']), 'delivery_country_iso_code_2' => xtc_db_prepare_input($country['countries_iso_code_2']), 'delivery_address_format_id' => xtc_db_prepare_input($country['address_format_id']), 'billing_name' => xtc_db_prepare_input($customers['entry_firstname'] . ' ' . $customers['entry_lastname']), 'billing_lastname' => xtc_db_prepare_input($customers['entry_lastname']), 'billing_firstname' => xtc_db_prepare_input($customers['entry_firstname']), 'billing_company' => xtc_db_prepare_input($customers['entry_company']), 'billing_street_address' => xtc_db_prepare_input($customers['entry_street_address']), 'billing_suburb' => xtc_db_prepare_input($customers['entry_suburb']), 'billing_city' => xtc_db_prepare_input($customers['entry_city']), 'billing_postcode' => xtc_db_prepare_input($customers['entry_postcode']), 'billing_state' => xtc_db_prepare_input($customers['entry_state']), 'billing_country' => xtc_db_prepare_input($country['countries_name']), 'billing_country_iso_code_2' => xtc_db_prepare_input($country['countries_iso_code_2']), 'billing_address_format_id' => xtc_db_prepare_input($country['address_format_id']), 'payment_method' => 'cod', 'comments' => '', 'last_modified' => 'now()', 'date_purchased' => 'now()', 'orders_status' => '1', 'orders_date_finished' => '', 'currency' => DEFAULT_CURRENCY, 'currency_value' => '1.0000', 'account_type' => '0', 'payment_class' => 'cod', 'shipping_method' => MODULE_SHIPPING_FLAT_TEXT_TITLE, 'shipping_class' => 'flat_flat', 'customers_ip' => '', 'language' => $_SESSION['language']); // EOF - DokuMan - 2009-05-22 - BUGFIX: first and last name were not saved when creating manual orders xtc_db_perform(TABLE_ORDERS, $sql_data_array); $orders_id = xtc_db_insert_id(); //BOC - Web28 - 2012-02-26 - BUGFIX: Use Session language require_once DIR_FS_LANGUAGES . $_SESSION['language'] . '/modules/order_total/ot_total.php'; $sql_data_array = array('orders_id' => (int) $orders_id, 'title' => MODULE_ORDER_TOTAL_TOTAL_TITLE . ':', 'text' => '0', 'value' => '0', 'class' => 'ot_total'); //EOC - Web28 - 2012-02-26 - BUGFIX: Use Session language $insert_sql_data = array('sort_order' => MODULE_ORDER_TOTAL_TOTAL_SORT_ORDER); $sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); //BOC - Web28 - 2012-02-26 - BUGFIX: Use Session language require_once DIR_FS_LANGUAGES . $_SESSION['language'] . '/modules/order_total/ot_subtotal.php'; $sql_data_array = array('orders_id' => (int) $orders_id, 'title' => '<b>' . MODULE_ORDER_TOTAL_SUBTOTAL_TITLE . '</b>:', 'text' => '0', 'value' => '0', 'class' => 'ot_subtotal'); //EOC - Web28 - 2012-02-26 - BUGFIX: Use Session language $insert_sql_data = array('sort_order' => MODULE_ORDER_TOTAL_SUBTOTAL_SORT_ORDER); $sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); xtc_redirect(xtc_href_link(FILENAME_ORDERS, 'oID=' . (int) $orders_id . '&action=edit'));
$affiliate_banner_error = true; $_GET['action'] = 'new'; } else { $image_location = DIR_FS_CATALOG_IMAGES . $_FILES['affiliate_banners_image']['name']; move_uploaded_file($_FILES['affiliate_banners_image']['tmp_name'], $image_location); @chmod($image_location, 0644); $db_image_location = $_FILES['affiliate_banners_image']['name']; if (!$affiliate_products_id) { $affiliate_products_id = "0"; } $sql_data_array = array('affiliate_banners_title' => $affiliate_banners_title, 'affiliate_products_id' => $affiliate_products_id, 'affiliate_banners_image' => $db_image_location, 'affiliate_banners_group' => $affiliate_banners_group); if ($_GET['action'] == 'insert') { $insert_sql_data = array('affiliate_date_added' => 'now()', 'affiliate_status' => '1'); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_AFFILIATE_BANNERS, $sql_data_array); $affiliate_banners_id = xtc_db_insert_id(); // Banner ID 1 is generic Product Banner if ($affiliate_banners_id == 1) { xtc_db_query("update " . TABLE_AFFILIATE_BANNERS . " set affiliate_banners_id = affiliate_banners_id + 1"); } $messageStack->add_session(SUCCESS_BANNER_INSERTED, 'success'); } elseif ($_GET['action'] == 'update') { $insert_sql_data = array('affiliate_date_status_change' => 'now()'); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_AFFILIATE_BANNERS, $sql_data_array, 'update', 'affiliate_banners_id = \'' . $affiliate_banners_id . '\''); $messageStack->add_session(SUCCESS_BANNER_UPDATED, 'success'); } xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_BANNER_MANAGER, 'page=' . $_GET['page'] . '&abID=' . $affiliate_banners_id)); } } break;
$affiliate_billing_query = xtc_db_query($sql); $affiliate_billing = xtc_db_fetch_array($affiliate_billing_query); // Get affiliate Informations $sql = "\n SELECT a.*, c.countries_id, c.countries_name, c.countries_iso_code_2, c.countries_iso_code_3, c.address_format_id \n from " . TABLE_AFFILIATE . " a \n left join " . TABLE_ZONES . " z on (a.affiliate_zone_id = z.zone_id) \n left join " . TABLE_COUNTRIES . " c on (a.affiliate_country_id = c.countries_id)\n WHERE affiliate_id = '" . $affiliate_payment['affiliate_id'] . "' \n "; $affiliate_query = xtc_db_query($sql); $affiliate = xtc_db_fetch_array($affiliate_query); // Get need tax informations for the affiliate $affiliate_tax_rate = xtc_get_affiliate_tax_rate(AFFILIATE_TAX_ID, $affiliate['affiliate_country_id'], $affiliate['affiliate_zone_id']); $affiliate_tax = xtc_round($affiliate_billing['affiliate_payment'] * $affiliate_tax_rate / 100, 2); // Netto-Provision $affiliate_payment_total = $affiliate_billing['affiliate_payment']; // Bill the order $affiliate['affiliate_state'] = xtc_get_zone_code($affiliate['affiliate_country_id'], $affiliate['affiliate_zone_id'], $affiliate['affiliate_state']); $sql_data_array = array('affiliate_id' => $affiliate_payment['affiliate_id'], 'affiliate_payment' => $affiliate_billing['affiliate_payment'] - $affiliate_tax, 'affiliate_payment_tax' => $affiliate_tax, 'affiliate_payment_total' => $affiliate_payment_total, 'affiliate_payment_date' => 'now()', 'affiliate_payment_status' => '0', 'affiliate_firstname' => $affiliate['affiliate_firstname'], 'affiliate_lastname' => $affiliate['affiliate_lastname'], 'affiliate_street_address' => $affiliate['affiliate_street_address'], 'affiliate_suburb' => $affiliate['affiliate_suburb'], 'affiliate_city' => $affiliate['affiliate_city'], 'affiliate_country' => $affiliate['countries_name'], 'affiliate_postcode' => $affiliate['affiliate_postcode'], 'affiliate_company' => $affiliate['affiliate_company'], 'affiliate_state' => $affiliate['affiliate_state'], 'affiliate_address_format_id' => $affiliate['address_format_id']); xtc_db_perform(TABLE_AFFILIATE_PAYMENT, $sql_data_array); $insert_id = xtc_db_insert_id(); // Set the Sales to Final State xtc_db_query("update " . TABLE_AFFILIATE_SALES . " set affiliate_payment_id = '" . $insert_id . "', affiliate_billing_status = 1, affiliate_payment_date = now() where affiliate_id = '" . $affiliate_payment['affiliate_id'] . "' and affiliate_billing_status = 99"); // Notify Affiliate if (AFFILIATE_NOTIFY_AFTER_BILLING == 'true') { $check_status_query = xtc_db_query("select af.affiliate_email_address, ap.affiliate_lastname, ap.affiliate_firstname, ap.affiliate_payment_status, ap.affiliate_payment_date, ap.affiliate_payment_date from " . TABLE_AFFILIATE_PAYMENT . " ap, " . TABLE_AFFILIATE . " af where affiliate_payment_id = '" . $insert_id . "' and af.affiliate_id = ap.affiliate_id "); $check_status = xtc_db_fetch_array($check_status_query); $email = STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_AFFILIATE_PAYMENT_NUMBER . ' ' . $insert_id . "\n" . EMAIL_TEXT_INVOICE_URL . ' ' . xtc_catalog_href_link(FILENAME_CATALOG_AFFILIATE_PAYMENT_INFO, 'payment_id=' . $insert_id, 'SSL') . "\n" . EMAIL_TEXT_PAYMENT_BILLED . ' ' . xtc_date_long($check_status['affiliate_payment_date']) . "\n\n" . EMAIL_TEXT_NEW_PAYMENT; xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, EMAIL_SUPPORT_NAME, $check_status['affiliate_email_address'], $check_status['affiliate_firstname'] . ' ' . $check_status['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_TEXT_SUBJECT, nl2br($email), $email); } } $messageStack->add_session(SUCCESS_BILLING, 'success'); xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PAYMENT, xtc_get_all_get_params(array('action')) . 'action=edit')); break; case 'update_payment': $pID = xtc_db_prepare_input($_GET['pID']);
if (ACCOUNT_COMPANY == 'true') { $sql_data_array['entry_company'] = $company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = $zone_id; $sql_data_array['entry_state'] = $state; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); //SWITCH shipping/payment switch ($checkout_page) { case 'shipping': $_SESSION['sendto'] = xtc_db_insert_id(); xtc_redirect(xtc_href_link($link_checkout_shipping, $params, 'SSL')); break; case 'payment': $_SESSION['billto'] = xtc_db_insert_id(); if (isset($_SESSION['payment']) && !isset($_SESSION['paypal']['PayerID'])) { unset($_SESSION['payment']); } xtc_redirect(xtc_href_link($link_checkout_payment, $params, 'SSL')); break; } }
function duplicate_product($src_products_id, $dest_categories_id) { $src_products_id = (int) $src_products_id; $dest_categories_id = (int) $dest_categories_id; //get data $product_query = xtc_db_query("SELECT * FROM " . TABLE_PRODUCTS . "\n WHERE products_id = '" . $src_products_id . "'"); $product = xtc_db_fetch_array($product_query); if ($dest_categories_id == 0) { $startpage = 1; $products_status = 1; } else { $startpage = 0; $products_status = $product['products_status']; } //copy data $sql_data_array = $product; //set new data (overrides) unset($sql_data_array['products_id']); $sql_data_array['products_startpage'] = $startpage; $sql_data_array['products_date_added'] = 'now()'; $sql_data_array['products_status'] = $products_status; //get customers statuses and set group_permissions //not needed, because group_permissions are in $sql_data_array //write data to DB xtc_db_perform(TABLE_PRODUCTS, $sql_data_array); //get duplicate id $dup_products_id = xtc_db_insert_id(); //duplicate image if there is one if ($product['products_image'] != '') { //build new image_name for duplicate $pname_arr = explode('.', $product['products_image']); $nsuffix = array_pop($pname_arr); $dup_products_image_name = $dup_products_id . '_0' . '.' . $nsuffix; //write to DB xtc_db_query("UPDATE " . TABLE_PRODUCTS . " SET products_image = '" . $dup_products_image_name . "' WHERE products_id = '" . $dup_products_id . "'"); @copy(DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $dup_products_image_name); @copy(DIR_FS_CATALOG_INFO_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_INFO_IMAGES . '/' . $dup_products_image_name); @copy(DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $dup_products_image_name); @copy(DIR_FS_CATALOG_POPUP_IMAGES . '/' . $product['products_image'], DIR_FS_CATALOG_POPUP_IMAGES . '/' . $dup_products_image_name); //h-h-h - 2011-01-27 - set file rights $this->set_products_images_file_rights($dup_products_image_name); } else { unset($dup_products_image_name); } //get description data $description_query = xtc_db_query("SELECT * FROM " . TABLE_PRODUCTS_DESCRIPTION . "\n WHERE products_id = '" . $src_products_id . "'"); $old_products_id = $src_products_id; while ($description = xtc_db_fetch_array($description_query)) { //copy description data $sql_data_array = $description; //set description data (overrides) $sql_data_array['products_id'] = $dup_products_id; $sql_data_array['products_viewed'] = 0; //write description data to DB xtc_db_perform(TABLE_PRODUCTS_DESCRIPTION, $sql_data_array); } xtc_db_query("INSERT INTO " . TABLE_PRODUCTS_TO_CATEGORIES . "\n SET products_id = '" . $dup_products_id . "',\n categories_id = '" . $dest_categories_id . "'"); //mo_images by Novalis@eXanto.de $mo_images = xtc_get_products_mo_images($src_products_id); if (is_array($mo_images)) { foreach ($mo_images as $dummy => $mo_img) { //build new image_name for duplicate $pname_arr = explode('.', $mo_img['image_name']); $nsuffix = array_pop($pname_arr); $dup_products_image_name = $dup_products_id . '_' . $mo_img['image_nr'] . '.' . $nsuffix; //copy org images to duplicate @copy(DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_ORIGINAL_IMAGES . '/' . $dup_products_image_name); @copy(DIR_FS_CATALOG_INFO_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_INFO_IMAGES . '/' . $dup_products_image_name); @copy(DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_THUMBNAIL_IMAGES . '/' . $dup_products_image_name); @copy(DIR_FS_CATALOG_POPUP_IMAGES . '/' . $mo_img['image_name'], DIR_FS_CATALOG_POPUP_IMAGES . '/' . $dup_products_image_name); // h-h-h - 2011-01-27 - set file rights $this->set_products_images_file_rights($dup_products_image_name); //write to DB xtc_db_query("INSERT INTO " . TABLE_PRODUCTS_IMAGES . "\n SET products_id = '" . $dup_products_id . "',\n image_nr = '" . $mo_img['image_nr'] . "',\n\t\t\t\t\t\t\t\t\t\t\t image_title = '" . $mo_img['image_title'] . "',\n\t\t\t\t\t\t\t\t\t\t\t image_alt = '" . $mo_img['image_alt'] . "',\n image_name = '" . $dup_products_image_name . "'"); } } //mo_images EOF $products_id = $dup_products_id; $group_query = xtc_db_query("SELECT customers_status_id FROM " . TABLE_CUSTOMERS_STATUS . "\n WHERE language_id = '" . (int) $_SESSION['languages_id'] . "'\n AND customers_status_id != '0'"); $i = 0; while ($group_values = xtc_db_fetch_array($group_query)) { // load data into array $i++; $group_data[$i] = array('STATUS_ID' => $group_values['customers_status_id']); } for ($col = 0, $n = sizeof($group_data); $col < $n + 1; $col++) { if ($group_data[$col]['STATUS_ID'] != '') { $copy_query = xtc_db_query("SELECT quantity,\n personal_offer\n FROM personal_offers_by_customers_status_" . $group_data[$col]['STATUS_ID'] . "\n WHERE products_id = '" . $old_products_id . "'"); while ($copy_data = xtc_db_fetch_array($copy_query)) { xtc_db_query("INSERT INTO personal_offers_by_customers_status_" . $group_data[$col]['STATUS_ID'] . "\n SET price_id = '',\n products_id = '" . $products_id . "',\n quantity = '" . $copy_data['quantity'] . "',\n personal_offer = '" . $copy_data['personal_offer'] . "'"); } } } //dublicate products attributes if (isset($_POST['attr_copy']) && $_POST['attr_copy'] == 'attr_copy') { $attribute_copy_query = xtc_db_query("SELECT *\n FROM products_attributes\n WHERE products_id = '" . $old_products_id . "'\n "); while ($attribute_copy_data = xtc_db_fetch_array($attribute_copy_query)) { $sql_data_array = $attribute_copy_data; //set attributes data (overrides) unset($sql_data_array['products_attributes_id']); $sql_data_array['products_id'] = $dup_products_id; //write attributes data to DB xtc_db_perform(TABLE_PRODUCTS_ATTRIBUTES, $sql_data_array); } } }
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('install_admin_step', ENTRY_PASSWORD_ERROR); } elseif ($password != $confirmation) { $error = true; $messageStack->add('install_admin_step', ENTRY_PASSWORD_ERROR_NOT_MATCHING); } if ($error == false) { $first_admin_check_query = xtc_db_query("SELECT customers_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = 1 "); if (xtc_db_num_rows($first_admin_check_query) > 0) { xtc_db_query("insert into " . TABLE_CUSTOMERS . " (\n customers_status,\n customers_firstname,\n customers_lastname,\n customers_gender,\n customers_email_address,\n customers_telephone,\n customers_password,\n delete_user) VALUES\n ('0',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($gender) . "',\n '" . xtc_db_input($email_address) . "',\n '" . xtc_db_input($telephone) . "',\n '" . xtc_encrypt_password($password) . "',\n '0')"); $admin_id = xtc_db_insert_id(); xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('" . $admin_id . "','','','now()','','')"); xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('" . $admin_id . "',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )"); // admin address connection $address_book_id = xtc_db_insert_id(); xtc_db_query("UPDATE customers SET customers_default_address_id = '" . $address_book_id . "' WHERE customers_id = '" . $admin_id . "' "); // customers_status xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('" . $admin_id . "');"); $aa_spalten_qry = xtc_db_query("SHOW COLUMNS FROM admin_access"); while ($aa_spalten = xtc_db_fetch_array($aa_spalten_qry)) { if ($aa_spalten['Type'] == 'int(1)') { xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '1' WHERE customers_id = '" . $admin_id . "'"); } } xtc_redirect(xtc_href_link('install_additional_admins.php', '', 'NONSSL')); } else { xtc_db_query("insert into " . TABLE_CUSTOMERS . " (\n customers_id,\n customers_status,\n customers_firstname,\n customers_lastname,\n customers_gender,\n customers_email_address,\n customers_default_address_id,\n customers_telephone,\n customers_password,\n delete_user) VALUES\n ('1',\n '0',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($gender) . "',\n '" . xtc_db_input($email_address) . "',\n '1',\n '" . xtc_db_input($telephone) . "',\n '" . xtc_encrypt_password($password) . "',\n '0')"); xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('1','','','now()','','')"); xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('1',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )"); // customers_status
} } $customers_statuses_array = xtc_get_customers_statuses(); if (strstr($group_ids, 'c_all_group')) { $group_ids = 'c_all_group,'; for ($i = 0; $n = sizeof($customers_statuses_array), $i < $n; $i++) { $group_ids .= 'c_' . $customers_statuses_array[$i]['id'] . '_group,'; } } $sql_data_array = array('products_id' => $product, 'group_ids' => $group_ids, 'content_name' => $content_title, 'content_file' => $content_file_name, 'content_link' => $content_link, 'file_comment' => $file_comment, 'languages_id' => $content_language); if ($id == 'update_product') { xtc_db_perform(TABLE_PRODUCTS_CONTENT, $sql_data_array, 'update', "content_id = '" . $coID . "'"); $content_id = xtc_db_insert_id(); } else { xtc_db_perform(TABLE_PRODUCTS_CONTENT, $sql_data_array); $content_id = xtc_db_insert_id(); } // if get id // rename filename xtc_redirect(xtc_href_link(FILENAME_PRODUCTS_CONTENT, 'pID=' . $product)); } // if error } require DIR_WS_INCLUDES . 'head.php'; ?> </head> <body> <!-- header //--> <?php require DIR_WS_INCLUDES . 'header.php'; ?>
/** * Use $_SESSION to insert the order into the shop-db --- $_SESSION must contain all order-data! $GLOBALS must be set with all needed vars! * incl. attributes and stockupdate * @return array with orderId and orderProductsIds */ public function insertOrderIntoShop() { global $order, $order_total_modules, $order_totals, $insert_id; if (!is_object($order)) { //$order doesnt exist if called by notification! $order = $this->Order; } $order_total_modules = $this->orderTotalModules; $order_totals = $this->orderTotals; $tmp_status = $order->info['order_status']; if ($_SESSION['customers_status']['customers_status_ot_discount_flag'] == 1) { $discount = $_SESSION['customers_status']['customers_status_ot_discount']; } else { $discount = '0.00'; } if ($_SERVER["HTTP_X_FORWARDED_FOR"]) { $customers_ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { $customers_ip = $_SERVER["REMOTE_ADDR"]; } if ($_SESSION['credit_covers'] != '1') { $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_firstname' => $order->customer['firstname'], 'customers_lastname' => $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_firstname' => $order->delivery['firstname'], 'delivery_lastname' => $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_country_iso_code_2' => $order->delivery['country']['iso_code_2'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_firstname' => $order->billing['firstname'], 'billing_lastname' => $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_country_iso_code_2' => $order->billing['country']['iso_code_2'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'date_purchased' => 'now()', 'orders_status' => $tmp_status, 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'customers_ip' => $customers_ip, 'language' => $_SESSION['language'], 'comments' => $order->info['comments']); } else { // free gift , no paymentaddress $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_firstname' => $order->customer['firstname'], 'customers_lastname' => $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_firstname' => $order->delivery['firstname'], 'delivery_lastname' => $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_country_iso_code_2' => $order->delivery['country']['iso_code_2'], 'delivery_address_format_id' => $order->delivery['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'date_purchased' => 'now()', 'orders_status' => $tmp_status, 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'customers_ip' => $customers_ip, 'comments' => $order->info['comments']); } xtc_db_perform(TABLE_ORDERS, $sql_data_array); $insert_id = xtc_db_insert_id(); for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) { $sql_data_array = array('orders_id' => $insert_id, 'title' => $order_totals[$i]['title'], 'text' => $order_totals[$i]['text'], 'value' => $order_totals[$i]['value'], 'class' => $order_totals[$i]['code'], 'sort_order' => $order_totals[$i]['sort_order']); xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); } $customer_notification = SEND_EMAILS == 'true' ? '1' : '0'; $sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']); xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array); // initialized for the email confirmation $products_ordered = ''; $products_ordered_html = ''; $subtotal = 0; $total_tax = 0; $sofortData = array(); for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) { $sofortData[$i] = array(); $sofortData[$i]['sofortItemId'] = $order->products[$i]['id']; if (STOCK_LIMITED == 'true') { if (DOWNLOAD_ENABLED == 'true') { $stock_query_raw = "SELECT products_quantity, pad.products_attributes_filename\n\t\t\t\t\t\t\t\t FROM " . TABLE_PRODUCTS . " p\n\t\t\t\t\t\t\t\t LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n\t\t\t\t\t\t\t\t ON p.products_id=pa.products_id\n\t\t\t\t\t\t\t\t LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n\t\t\t\t\t\t\t\t ON pa.products_attributes_id=pad.products_attributes_id\n\t\t\t\t\t\t\t\t WHERE p.products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'"; // Will work with only one option for downloadable products // otherwise, we have to build the query dynamically with a loop $products_attributes = $order->products[$i]['attributes']; if (is_array($products_attributes)) { $stock_query_raw .= " AND pa.options_id = '" . HelperFunctions::escapeSql($products_attributes[0]['option_id']) . "' AND pa.options_values_id = '" . HelperFunctions::escapeSql($products_attributes[0]['value_id']) . "'"; } $stock_query = xtc_db_query($stock_query_raw); } else { $stock_query = xtc_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'"); } if (xtc_db_num_rows($stock_query) > 0) { $stock_values = xtc_db_fetch_array($stock_query); // do not decrement quantities if products_attributes_filename exists if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename']) { $stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty']; } else { $stock_left = $stock_values['products_quantity']; } // doppelbuchung der Artikel bei Rbs verhindern if ($order->info['payment_method'] != 'sofort_sofortrechnung') { xtc_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . HelperFunctions::escapeSql($stock_left) . "' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'"); } if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') { xtc_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'"); } } } // Update products_ordered (for bestsellers list) xtc_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . HelperFunctions::escapeSql(sprintf('%d', $order->products[$i]['qty'])) . " where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "'"); $sql_data_array = array('orders_id' => $insert_id, 'products_id' => xtc_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_shipping_time' => $order->products[$i]['shipping_time'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => $order->products[$i]['tax'], 'products_discount_made' => $order->products[$i]['discount_allowed'], 'products_quantity' => $order->products[$i]['qty'], 'allow_tax' => $_SESSION['customers_status']['customers_status_show_price_tax']); xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array); $order_products_id = xtc_db_insert_id(); $sofortData[$i]['sofortOrderProductsId'] = $order_products_id; // Aenderung Specials Quantity Anfang $specials_result = xtc_db_query("SELECT products_id, specials_quantity from " . TABLE_SPECIALS . " WHERE products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "' "); if (xtc_db_num_rows($specials_result)) { $spq = xtc_db_fetch_array($specials_result); $new_sp_quantity = $spq['specials_quantity'] - $order->products[$i]['qty']; if ($new_sp_quantity >= 1) { xtc_db_query("update " . TABLE_SPECIALS . " set specials_quantity = '" . HelperFunctions::escapeSql($new_sp_quantity) . "' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "' "); } else { xtc_db_query("update " . TABLE_SPECIALS . " set status = '0', specials_quantity = '" . HelperFunctions::escapeSql($new_sp_quantity) . "' where products_id = '" . HelperFunctions::escapeSql(xtc_get_prid($order->products[$i]['id'])) . "' "); } } // Aenderung Ende $order_total_modules->update_credit_account($i); // GV Code ICW ADDED FOR CREDIT CLASS SYSTEM //------insert customer choosen option to order-------- $attributes_exist = '0'; $products_ordered_attributes = ''; if (isset($order->products[$i]['attributes'])) { $attributes_exist = '1'; for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) { if (DOWNLOAD_ENABLED == 'true') { $attributes_query = "select popt.products_options_name,\n\t\t\t\t\t\t\t\t\t\t poval.products_options_values_name,\n\t\t\t\t\t\t\t\t\t\t pa.options_values_price,\n\t\t\t\t\t\t\t\t\t\t pa.price_prefix,\n\t\t\t\t\t\t\t\t\t\t pad.products_attributes_maxdays,\n\t\t\t\t\t\t\t\t\t\t pad.products_attributes_maxcount,\n\t\t\t\t\t\t\t\t\t\t pad.products_attributes_filename\n\t\t\t\t\t\t\t\t\t\t from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n\t\t\t\t\t\t\t\t\t\t left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n\t\t\t\t\t\t\t\t\t\t on pa.products_attributes_id=pad.products_attributes_id\n\t\t\t\t\t\t\t\t\t\t where pa.products_id = '" . HelperFunctions::escapeSql($order->products[$i]['id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['option_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = popt.products_options_id\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['value_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = poval.products_options_values_id\n\t\t\t\t\t\t\t\t\t\t and popt.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and poval.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'"; $attributes = xtc_db_query($attributes_query); } else { $attributes = xtc_db_query("select popt.products_options_name,\n\t\t\t\t\t\t\t\t\t\t poval.products_options_values_name,\n\t\t\t\t\t\t\t\t\t\t pa.options_values_price,\n\t\t\t\t\t\t\t\t\t\t pa.price_prefix\n\t\t\t\t\t\t\t\t\t\t from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n\t\t\t\t\t\t\t\t\t\t where pa.products_id = '" . HelperFunctions::escapeSql($order->products[$i]['id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['option_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_id = popt.products_options_id\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = '" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['value_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and pa.options_values_id = poval.products_options_values_id\n\t\t\t\t\t\t\t\t\t\t and popt.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'\n\t\t\t\t\t\t\t\t\t\t and poval.language_id = '" . HelperFunctions::escapeSql($_SESSION['languages_id']) . "'"); } // update attribute stock xtc_db_query("UPDATE " . TABLE_PRODUCTS_ATTRIBUTES . " set\n\t\t\t\t\t\t\t\t attributes_stock=attributes_stock - '" . HelperFunctions::escapeSql($order->products[$i]['qty']) . "'\n\t\t\t\t\t\t\t\t where\n\t\t\t\t\t\t\t\t products_id='" . HelperFunctions::escapeSql($order->products[$i]['id']) . "'\n\t\t\t\t\t\t\t\t and options_values_id='" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['value_id']) . "'\n\t\t\t\t\t\t\t\t and options_id='" . HelperFunctions::escapeSql($order->products[$i]['attributes'][$j]['option_id']) . "'\n\t\t\t\t\t\t\t\t "); $attributes_values = xtc_db_fetch_array($attributes); $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']); xtc_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array); if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && xtc_not_null($attributes_values['products_attributes_filename'])) { $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']); xtc_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array); } } } //------insert customer choosen option eof ---- $total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight']; $total_tax += xtc_calculate_tax($total_products_price, $products_tax) * $order->products[$i]['qty']; $total_cost += $total_products_price; } if (isset($_SESSION['tracking']['refID'])) { xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t refferers_id = '" . HelperFunctions::escapeSql($_SESSION['tracking']['refID']) . "'\n\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'"); // check if late or direct sale $customers_logon_query = "SELECT customers_info_number_of_logons\n\t\t\t\t\t\t FROM " . TABLE_CUSTOMERS_INFO . " \n\t\t\t\t\t\t WHERE customers_info_id = '" . HelperFunctions::escapeSql($_SESSION['customer_id']) . "'"; $customers_logon_query = xtc_db_query($customers_logon_query); $customers_logon = xtc_db_fetch_array($customers_logon_query); if ($customers_logon['customers_info_number_of_logons'] == 0) { // direct sale xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t conversion_type = '1'\n\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'"); } else { // late sale xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t conversion_type = '2'\n\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'"); } } else { $customers_query = xtc_db_query("SELECT refferers_id as ref FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . HelperFunctions::escapeSql($_SESSION['customer_id']) . "'"); $customers_data = xtc_db_fetch_array($customers_query); if (xtc_db_num_rows($customers_query)) { xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t refferers_id = '" . HelperFunctions::escapeSql($customers_data['ref']) . "'\n\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'"); // check if late or direct sale $customers_logon_query = "SELECT customers_info_number_of_logons\n\t\t\t\t\t\t\t FROM " . TABLE_CUSTOMERS_INFO . " \n\t\t\t\t\t\t\t WHERE customers_info_id = '" . HelperFunctions::escapeSql($_SESSION['customer_id']) . "'"; $customers_logon_query = xtc_db_query($customers_logon_query); $customers_logon = xtc_db_fetch_array($customers_logon_query); if ($customers_logon['customers_info_number_of_logons'] == 0) { // direct sale xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t\t conversion_type = '1'\n\t\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'"); } else { // late sale xtc_db_query("update " . TABLE_ORDERS . " set\n\t\t\t\t\t conversion_type = '2'\n\t\t\t\t\t where orders_id = '" . HelperFunctions::escapeSql($insert_id) . "'"); } } } $order_total_modules->apply_credit(); $return['orderId'] = $insert_id; $return['sofortData'] = $sofortData; return $return; }
} if (!$manufacturers_name || $check_if_name_exist) { if ($_GET['action'] == 'save') { if ($check_if_name_exist['manufacturers_id'] != $manufacturers_id) { $error[] = ERROR_TEXT_NAME; } } else { $error[] = ERROR_TEXT_NAME; } } if (empty($error)) { if ($_GET['action'] == 'insert') { $insert_sql_data = array('date_added' => 'now()'); $sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_MANUFACTURERS, $sql_data_array); $manufacturers_id = xtc_db_insert_id(); } elseif ($_GET['action'] == 'save') { $update_sql_data = array('last_modified' => 'now()'); $sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data); xtc_db_perform(TABLE_MANUFACTURERS, $sql_data_array, 'update', "manufacturers_id = '" . xtc_db_input($manufacturers_id) . "'"); } } else { $_SESSION['repopulate_form'] = $_REQUEST; $_SESSION['errors'] = $error; xtc_redirect(xtc_href_link(FILENAME_MANUFACTURERS, 'page=' . $_GET['page'] . '&action=' . $url_action . '&errors=1&mID=' . $manufacturers_id)); } $dir_manufacturers = DIR_FS_CATALOG_IMAGES . "/manufacturers"; if ($manufacturers_image = xtc_try_upload('manufacturers_image', $dir_manufacturers)) { xtc_db_query("update " . TABLE_MANUFACTURERS . " set\n manufacturers_image ='manufacturers/" . $manufacturers_image->filename . "'\n where manufacturers_id = '" . xtc_db_input($manufacturers_id) . "'"); } $languages = xtc_get_languages();
} else { $error[] = ERROR_TEXT_NAME; } } if (!$wholesaler_email) { $error[] = ERROR_TEXT_EMAIL; } elseif (!xtc_validate_email($wholesaler_email)) { $error[] = ERROR_TEXT_EMAIL_INVALID; } if (!$wholesaler_file) { $error[] = ERROR_TEXT_FILE; } if (empty($error)) { if ($_GET['action'] == 'insert') { xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array); $wholesaler_id = xtc_db_insert_id(); // BOF - Mail Manager Template xtc_db_query("INSERT INTO email_manager (em_name, em_language, em_body, em_delete, em_type, em_body_txt) VALUES\r\n('" . $wholesaler_file . "',\t2,\t'<p>Sehr geehrte Damen und Herren,</p>\\r\\n<p>wir möchten bitte folgende Produkte bei Ihnen Nachbestellen:</p>\\r\\n<p><br />\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}{\$order_values.products_quantity} x {\$order_values.products_name}<br />\\r\\n{/foreach}</p>',\t0,\t'wholesaler',\t'Sehr geehrte Damen und Herren,\\r\\n\\r\\nwir möchten bitte folgende Produkte bei Ihnen Nachbestellen\\r\\n\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}\\r\\n{\$order_values.products_quantity} x {\$order_values.products_name}\\r\\n{/foreach}');\r\n"); // EOF - Mail Manager Template } elseif ($_GET['action'] == 'save') { xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array, 'update', "wholesaler_id = '" . xtc_db_input($wholesaler_id) . "'"); } if (USE_CACHE == 'true') { xtc_reset_cache_block('wholesalers'); } xtc_redirect(xtc_href_link(FILENAME_WHOLESALERS, 'page=' . $_GET['page'] . '&wID=' . $wholesaler_id)); } else { $_SESSION['repopulate_form'] = $_REQUEST; $_SESSION['errors'] = $error; xtc_redirect(xtc_href_link(FILENAME_WHOLESALERS, 'page=' . $_GET['page'] . '&action=' . $url_action . '&errors=1&wID=' . $wholesaler_id)); }
function insertCategory(&$dataArray, $mode = 'insert', $pID) { if ($this->debug) { echo '<pre>'; //print_ r($this->CatTree); echo '</pre>'; } $cat = array(); $catTree = ''; for ($i = 0; $i < $this->catDepth; $i++) { if (trim($dataArray['p_cat.' . $i]) != '') { $cat[$i] = trim($dataArray['p_cat.' . $i]); $catTree .= '[\'' . addslashes($cat[$i]) . '\']'; } } $code = '$ID=$this->CatTree' . $catTree . '[\'ID\'];'; if ($this->debug) { echo $code; } eval($code); if (is_int($ID) || $ID == '0') { $this->insertPtoCconnection($pID, $ID); } else { $catTree = ''; $parTree = ''; $curr_ID = 0; for ($i = 0; $i < count($cat); $i++) { $catTree .= '[\'' . addslashes($cat[$i]) . '\']'; $code = '$ID=$this->CatTree' . $catTree . '[\'ID\'];'; eval($code); if (is_int($ID) || $ID == '0') { $curr_ID = $ID; } else { $code = '$parent=$this->CatTree' . $parTree . '[\'ID\'];'; eval($code); // check if categorie exists $cat_query = xtc_db_query("SELECT c.categories_id FROM " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t cd.categories_name='" . addslashes($cat[$i]) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t and cd.language_id='" . $this->languages[0]['id'] . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t and cd.categories_id=c.categories_id\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t and parent_id='" . $parent . "'"); if (!xtc_db_num_rows($cat_query)) { // insert categorie $categorie_data = array('parent_id' => $parent, 'categories_status' => 1, 'date_added' => 'now()', 'last_modified' => 'now()'); xtc_db_perform(TABLE_CATEGORIES, $categorie_data); $cat_id = xtc_db_insert_id(); $this->counter['cat_new']++; $code = '$this->CatTree' . $parTree . '[\'' . addslashes($cat[$i]) . '\'][\'ID\']=' . $cat_id . ';'; eval($code); $parent = $cat_id; for ($i_insert = 0; $i_insert < sizeof($this->languages); $i_insert++) { $categorie_data = array('language_id' => $this->languages[$i_insert]['id'], 'categories_id' => $cat_id, 'categories_name' => $cat[$i]); xtc_db_perform(TABLE_CATEGORIES_DESCRIPTION, $categorie_data); } } else { $this->counter['cat_touched']++; $cData = xtc_db_fetch_array($cat_query); $cat_id = $cData['categories_id']; $code = '$this->CatTree' . $parTree . '[\'' . addslashes($cat[$i]) . '\'][\'ID\']=' . $cat_id . ';'; eval($code); } } $parTree = $catTree; } $this->insertPtoCconnection($pID, $cat_id); } }
// Simple, yet effective.. loop through the selected Option Values.. find the proper price & prefix.. insert.. yadda yadda yadda. for ($i = 0; $i < sizeof($_POST['optionValues']); $i++) { $query = "SELECT * \n FROM " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " \n WHERE products_options_values_id = '" . $_POST['optionValues'][$i] . "'"; $result = xtc_db_query($query); $matches = xtc_db_num_rows($result); while ($line = xtc_db_fetch_array($result)) { $optionsID = $line['products_options_id']; } $cv_id = $_POST['optionValues'][$i]; $value_price = $_POST[$cv_id . '_price']; if (PRICE_IS_BRUTTO == 'true') { $value_price = $value_price / (xtc_get_tax_rate(xtc_get_tax_class_id($_POST['current_product_id'])) + 100) * 100; } $value_price = xtc_round($value_price, PRICE_PRECISION); //default values $sql_data_array = array('products_id' => $_POST['current_product_id'], 'options_id' => $optionsID, 'options_values_id' => $_POST['optionValues'][$i], 'options_values_price' => $value_price, 'price_prefix' => $_POST[$cv_id . '_prefix'], 'attributes_model' => xtc_db_prepare_input($_POST[$cv_id . '_model']), 'attributes_stock' => $_POST[$cv_id . '_stock'], 'options_values_weight' => $_POST[$cv_id . '_weight'], 'weight_prefix' => $_POST[$cv_id . '_weight_prefix'], 'sortorder' => $_POST[$cv_id . '_sortorder']); //additional values $add_data_array = array('attributes_ean' => xtc_db_prepare_input($_POST[$cv_id . '_ean'])); $sql_data_array = xtc_array_merge($sql_data_array, $add_data_array); xtc_db_perform(TABLE_PRODUCTS_ATTRIBUTES, $sql_data_array); $products_attributes_id = xtc_db_insert_id(); if ($_POST[$cv_id . '_download_file'] != '') { $value_download_file = $_POST[$cv_id . '_download_file']; $value_download_expire = $_POST[$cv_id . '_download_expire']; $value_download_count = $_POST[$cv_id . '_download_count']; $sql_data_array = array('products_attributes_id' => $products_attributes_id, 'products_attributes_filename' => xtc_db_prepare_input($value_download_file), 'products_attributes_maxdays' => $value_download_expire, 'products_attributes_maxcount' => $value_download_count); xtc_db_perform(TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD, $sql_data_array); } } xtc_db_query('UPDATE ' . TABLE_PRODUCTS . ' SET products_last_modified=now() WHERE products_id=' . (int) $_POST['current_product_id']); //DokuMan - 2010-09-21 - set modified date on product
function _process_order() { try { /** * Process the internal cartID to match the cartID in the $_SESSION */ if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) { if ($_SESSION['cart']->cartID != $_SESSION['cartID']) { return false; } } $order = new order(); /** * PropertiesControl Object */ $coo_properties = MainFactory::create_object('PropertiesControl'); $tmp_status = $order->info['order_status']; if ($_SESSION['customers_status']['customers_status_ot_discount_flag'] == 1) { $discount = $_SESSION['customers_status']['customers_status_ot_discount']; } else { $discount = '0.00'; } if (gm_get_conf("GM_SHOW_IP") == '1' && gm_get_conf("GM_LOG_IP") == '1') { $customers_ip = $_SESSION['user_info']['user_ip']; } $comments = ''; if (trim((string) $this->_request->comment_client) != '') { $comments .= sprintf('Customer\'s Comment: %s', trim((string) $this->_request->comment_client) . "\n"); } $comments .= sprintf('Rakuten Order No: %s', (string) $this->_request->order_no . "\n") . sprintf('Rakuten Client ID: %s', (string) $this->_request->client->client_id . "\n"); $order->info['comments'] = $comments; $order->info['rakuten_order_no'] = (string) $this->_request->order_no; $billing_addr = $this->_request->client; $order->customer['email_address'] = (string) $billing_addr->email; $order->customer['firstname'] = $this->_escape_str_revert((string) $billing_addr->first_name); $order->customer['lastname'] = $this->_escape_str_revert((string) $billing_addr->last_name); $order->customer['telephone'] = (string) $billing_addr->phone; $billing_country_result = xtc_db_query("SELECT countries_id, countries_name from " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . (string) $billing_addr->country . "' "); if (xtc_db_num_rows($billing_country_result)) { $billing_country = xtc_db_fetch_array($billing_country_result); } else { $billing_country['countries_id'] = -1; $billing_country['countries_name'] = (string) $billing_addr->country; } $order->billing['firstname'] = (string) $billing_addr->first_name; $order->billing['lastname'] = (string) $billing_addr->last_name; $order->billing['company'] = (string) $billing_addr->company; $order->billing['street_address'] = (string) $billing_addr->street . " " . (string) $billing_addr->street_no . ((string) $billing_addr->address_add ? '<br />' . (string) $billing_addr->address_add : ''); $order->billing['city'] = (string) $billing_addr->city; $order->billing['postcode'] = (string) $billing_addr->zip_code; $order->billing['country']['title'] = $billing_country['countries_name']; $order->billing['country']['iso_code_2'] = (string) $billing_addr->country; $order->billing['format_id'] = '5'; $shipping_addr = $this->_request->delivery_address; $shipping_country_result = xtc_db_query("SELECT countries_id, countries_name from " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . (string) $shipping_addr->country . "' "); if (xtc_db_num_rows($shipping_country_result)) { $shipping_country = xtc_db_fetch_array($shipping_country_result); } else { $shipping_country['countries_id'] = -1; $shipping_country['countries_name'] = (string) $shipping_addr->country; } $order->delivery['firstname'] = (string) $shipping_addr->first_name; $order->delivery['lastname'] = (string) $shipping_addr->last_name; $order->delivery['company'] = (string) $shipping_addr->company; $order->delivery['street_address'] = (string) $shipping_addr->street . " " . (string) $shipping_addr->street_no . ((string) $shipping_addr->address_add ? '<br />' . (string) $shipping_addr->address_add : ''); $order->delivery['city'] = (string) $shipping_addr->city; $order->delivery['postcode'] = (string) $shipping_addr->zip_code; $order->delivery['country']['title'] = $shipping_country['countries_name']; $order->delivery['country']['iso_code_2'] = (string) $shipping_addr->country; $order->delivery['format_id'] = '5'; $order->info['payment_method'] = 'rakuten'; $order->info['payment_class'] = ''; $order->info['shipping_method'] = 'rakuten'; $order->info['shipping_class'] = ''; $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_firstname' => $order->customer['firstname'], 'customers_lastname' => $order->customer['lastname'], 'customers_cid' => $order->customer['csID'], 'customers_vat_id' => $_SESSION['customer_vat_id'], 'customers_company' => $order->customer['company'], 'customers_status' => $_SESSION['customers_status']['customers_status_id'], 'customers_status_name' => $_SESSION['customers_status']['customers_status_name'], 'customers_status_image' => $_SESSION['customers_status']['customers_status_image'], 'customers_status_discount' => $discount, 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_firstname' => $order->delivery['firstname'], 'delivery_lastname' => $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_country_iso_code_2' => $order->delivery['country']['iso_code_2'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_firstname' => $order->billing['firstname'], 'billing_lastname' => $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_country_iso_code_2' => $order->billing['country']['iso_code_2'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'payment_class' => $order->info['payment_class'], 'shipping_method' => $order->info['shipping_method'], 'shipping_class' => $order->info['shipping_class'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'cc_start' => $order->info['cc_start'], 'cc_cvv' => $order->info['cc_cvv'], 'cc_issue' => $order->info['cc_issue'], 'date_purchased' => 'now()', 'orders_status' => $tmp_status, 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value'], 'customers_ip' => $customers_ip, 'language' => $_SESSION['language'], 'comments' => $order->info['comments'], 'rakuten_order_no' => $order->info['rakuten_order_no']); xtc_db_perform(TABLE_ORDERS, $sql_data_array); $insert_id = xtc_db_insert_id(); $_SESSION['tmp_oID'] = $insert_id; $sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_SUBTOTAL . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->total - (double) $this->_request->shipping - (double) $this->_request->total_tax_amount), 'value' => (double) $this->_request->total - (double) $this->_request->shipping - (double) $this->_request->total_tax_amount, 'class' => 'ot_subtotal', 'sort_order' => 10); xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); $sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_SHIPPING . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->shipping), 'value' => (double) $this->_request->shipping, 'class' => 'ot_shipping', 'sort_order' => 30); xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); $sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_TAX . ':', 'text' => ' ' . sprintf("%01.2f EUR", (double) $this->_request->total_tax_amount), 'value' => (double) $this->_request->total_tax_amount, 'class' => 'ot_tax', 'sort_order' => 97); xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); $sql_data_array = array('orders_id' => $insert_id, 'title' => MODULE_PAYMENT_RAKUTEN_TOTAL . ':', 'text' => sprintf("<b> %01.2f EUR</b>", (double) $this->_request->total), 'value' => (double) $this->_request->total, 'class' => 'ot_total', 'sort_order' => 99); xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array); $customer_notification = '0'; $sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']); xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array); require_once DIR_FS_CATALOG . 'gm/inc/set_shipping_status.php'; for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) { /** * Stock update */ if (STOCK_LIMITED == 'true') { if (DOWNLOAD_ENABLED == 'true') { $stock_query_raw = "SELECT p.products_quantity, pad.products_attributes_filename\n FROM " . TABLE_PRODUCTS . " p\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n ON p.products_id=pa.products_id\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n ON pa.products_attributes_id=pad.products_attributes_id\n WHERE p.products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'"; $products_attributes = $order->products[$i]['attributes']; if (is_array($products_attributes)) { $stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'"; } $stock_query = xtc_db_query($stock_query_raw); } else { $stock_query = xtc_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'"); } if (xtc_db_num_rows($stock_query) > 0) { $stock_values = xtc_db_fetch_array($stock_query); /** * Do not decrement quantities if products_attributes_filename exists */ if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename']) { $stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty']; } else { $stock_left = $stock_values['products_quantity']; } xtc_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'"); if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false' && GM_SET_OUT_OF_STOCK_PRODUCTS == 'true') { xtc_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'"); } set_shipping_status($order->products[$i]['id']); if ($stock_left <= STOCK_REORDER_LEVEL) { $gm_get_products_name = xtc_db_query("SELECT products_name\n FROM products_description\n WHERE\n products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'\n AND language_id = '" . $_SESSION['languages_id'] . "'"); $gm_stock_data = mysql_fetch_array($gm_get_products_name); $gm_subject = GM_OUT_OF_STOCK_NOTIFY_TEXT . ' ' . $gm_stock_data['products_name']; $gm_body = GM_OUT_OF_STOCK_NOTIFY_TEXT . ': ' . (double) $stock_left . "\n\n" . HTTP_SERVER . DIR_WS_CATALOG . 'product_info.php?info=p' . xtc_get_prid($order->products[$i]['id']); /** * Send the email */ xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', '', $gm_subject, nl2br(htmlentities($gm_body)), $gm_body); } } } /** * Update products_ordered (for bestsellers list) */ xtc_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . (double) $order->products[$i]['qty'] . " where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "'"); $sql_data_array = array('orders_id' => $insert_id, 'products_id' => xtc_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_shipping_time' => $order->products[$i]['shipping_time'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => xtc_get_tax_rate($order->products[$i]['tax_class_id'], $shipping_country['countries_id']), 'products_discount_made' => $order->products[$i]['discount_allowed'], 'products_quantity' => $order->products[$i]['qty'], 'allow_tax' => $_SESSION['customers_status']['customers_status_show_price_tax']); xtc_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array); $order_products_id = xtc_db_insert_id(); if (!empty($order->products[$i]['quantity_unit_id'])) { xtc_db_query("INSERT INTO orders_products_quantity_units\n SET orders_products_id = '" . (int) $order_products_id . "',\n quantity_unit_id = '" . (int) $order->products[$i]['quantity_unit_id'] . "',\n unit_name = '" . xtc_db_input($order->products[$i]['unit_name']) . "'"); } /** * Save selected properties_combi in product */ $t_combis_id = $coo_properties->extract_combis_id($order->products[$i]['id']); $GLOBALS['coo_debugger']->log('checkout_process: $order->products[$i][id] ' . $order->products[$i]['id'], 'Properties'); $GLOBALS['coo_debugger']->log('checkout_process: extract_combis_id ' . $t_combis_id, 'Properties'); if (empty($t_combis_id) == false) { $coo_properties->add_properties_combi_to_orders_product($t_combis_id, $order_products_id); /** * Update properties_combi quantity */ $t_quantity_change = $order->products[$i]['qty'] * -1; $val = $coo_properties->change_combis_quantity($t_combis_id, $t_quantity_change); } $specials_result = xtc_db_query("SELECT products_id, specials_quantity from " . TABLE_SPECIALS . " WHERE products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' "); if (xtc_db_num_rows($specials_result)) { $spq = xtc_db_fetch_array($specials_result); $new_sp_quantity = $spq['specials_quantity'] - $order->products[$i]['qty']; if ($new_sp_quantity >= 1) { xtc_db_query("update " . TABLE_SPECIALS . " set specials_quantity = '" . $new_sp_quantity . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' "); } elseif (STOCK_CHECK == 'true') { xtc_db_query("update " . TABLE_SPECIALS . " set status = '0', specials_quantity = '" . $new_sp_quantity . "' where products_id = '" . xtc_get_prid($order->products[$i]['id']) . "' "); } } if (isset($order->products[$i]['attributes'])) { $attributes_exist = '1'; for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) { if (DOWNLOAD_ENABLED == 'true') { $attributes_query = "select popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price,\n pa.price_prefix,\n pad.products_attributes_maxdays,\n pad.products_attributes_maxcount,\n pad.products_attributes_filename\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'"; $attributes = xtc_db_query($attributes_query); } else { $attributes = xtc_db_query("select popt.products_options_name,\n poval.products_options_values_name,\n pa.options_values_price,\n pa.price_prefix\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $_SESSION['languages_id'] . "'\n and poval.language_id = '" . $_SESSION['languages_id'] . "'"); } /** * update attribute stock */ xtc_db_query("UPDATE " . TABLE_PRODUCTS_ATTRIBUTES . " set\n attributes_stock=attributes_stock - '" . $order->products[$i]['qty'] . "'\n where\n products_id='" . $order->products[$i]['id'] . "'\n and options_values_id='" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and options_id='" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n "); $attributes_values = xtc_db_fetch_array($attributes); $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']); xtc_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array); if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && xtc_not_null($attributes_values['products_attributes_filename'])) { $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']); xtc_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array); } /** * BOF GM_MOD attributes stock_notifier */ $gm_get_attributes_stock = xtc_db_query("SELECT\n pd.products_name,\n pa.attributes_stock,\n po.products_options_name,\n pov.products_options_values_name\n FROM\n products_description pd,\n products_attributes pa,\n products_options po,\n products_options_values pov\n WHERE pa.products_id = '" . $order->products[$i]['id'] . "'\n AND pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n AND pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n AND po.products_options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n AND po.language_id = '" . $_SESSION['languages_id'] . "'\n AND pov.products_options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n AND pov.language_id = '" . $_SESSION['languages_id'] . "'\n AND pd.products_id = '" . $order->products[$i]['id'] . "'\n AND pd.language_id = '" . $_SESSION['languages_id'] . "'"); if (xtc_db_num_rows($gm_get_attributes_stock) == 1) { $gm_attributes_stock_data = xtc_db_fetch_array($gm_get_attributes_stock); if ($gm_attributes_stock_data['attributes_stock'] <= STOCK_REORDER_LEVEL) { $gm_subject = GM_OUT_OF_STOCK_NOTIFY_TEXT . ' ' . $gm_attributes_stock_data['products_name'] . ' - ' . $gm_attributes_stock_data['products_options_name'] . ': ' . $gm_attributes_stock_data['products_options_values_name']; $gm_body = GM_OUT_OF_STOCK_NOTIFY_TEXT . ': ' . (double) $gm_attributes_stock_data['attributes_stock'] . ' (' . $gm_attributes_stock_data['products_name'] . ' - ' . $gm_attributes_stock_data['products_options_name'] . ': ' . $gm_attributes_stock_data['products_options_values_name'] . ")\n\n" . HTTP_SERVER . DIR_WS_CATALOG . 'product_info.php?info=p' . xtc_get_prid($order->products[$i]['id']); xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', '', $gm_subject, nl2br(htmlentities($gm_body)), $gm_body); } } } } $total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight']; $total_cost += $total_products_price; } if (isset($_SESSION['tracking']['refID'])) { xtc_db_query("update " . TABLE_ORDERS . " set\n refferers_id = '" . $_SESSION['tracking']['refID'] . "'\n where orders_id = '" . $insert_id . "'"); /** * Check if late or direct sale */ $customers_logon_query = "SELECT customers_info_number_of_logons\n FROM " . TABLE_CUSTOMERS_INFO . "\n WHERE customers_info_id = '" . $_SESSION['customer_id'] . "'"; $customers_logon_query = xtc_db_query($customers_logon_query); $customers_logon = xtc_db_fetch_array($customers_logon_query); if ($customers_logon['customers_info_number_of_logons'] == 0) { /** * direct sale */ xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '1'\n where orders_id = '" . $insert_id . "'"); } else { /** * late sale */ xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '2'\n where orders_id = '" . $insert_id . "'"); } } else { $customers_query = xtc_db_query("SELECT refferers_id as ref FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . $_SESSION['customer_id'] . "'"); $customers_data = xtc_db_fetch_array($customers_query); if (xtc_db_num_rows($customers_query)) { xtc_db_query("update " . TABLE_ORDERS . " set\n refferers_id = '" . $customers_data['ref'] . "'\n where orders_id = '" . $insert_id . "'"); /** * check if late or direct sale */ $customers_logon_query = "SELECT customers_info_number_of_logons\n FROM " . TABLE_CUSTOMERS_INFO . "\n WHERE customers_info_id = '" . $_SESSION['customer_id'] . "'"; $customers_logon_query = xtc_db_query($customers_logon_query); $customers_logon = xtc_db_fetch_array($customers_logon_query); if ($customers_logon['customers_info_number_of_logons'] == 0) { /** * Direct sale */ xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '1'\n where orders_id = '" . $insert_id . "'"); } else { /** * Late sale */ xtc_db_query("update " . TABLE_ORDERS . " set\n conversion_type = '2'\n where orders_id = '" . $insert_id . "'"); } } } $_SESSION['cart']->reset(true); /** * Unregister session variables used during checkout */ unset($_SESSION['sendto']); unset($_SESSION['billto']); unset($_SESSION['shipping']); unset($_SESSION['payment']); unset($_SESSION['comments']); unset($_SESSION['last_order']); unset($_SESSION['tmp_oID']); unset($_SESSION['cc']); unset($_SESSION['nvpReqArray']); unset($_SESSION['reshash']); $last_order = $insert_id; if (isset($_SESSION['credit_covers'])) { unset($_SESSION['credit_covers']); } } catch (Exception $e) { throw $e; } return true; }
public function saveTransactionStatus($txstatus) { if (empty($txstatus['reference'])) { $this->log("received TxStatus w/o reference!"); return; } $config = $this->getConfig(); $key_valid = false; if (md5($config['global']['key']) == $txstatus['key']) { $key_valid = true; } else { $paymentgenre_identifiers = $this->getPaymentGenreIdentifiers(); foreach ($paymentgenre_identifiers as $pg_id) { if (md5($config[$pg_id]['global']['key']) == $txstatus['key']) { $key_valid = true; } } } if ($key_valid == true) { $sql_data_status_array = array('orders_id' => (int) $txstatus['reference'], 'received' => 'now()'); xtc_db_perform('payone_txstatus', $sql_data_status_array); $txstatus_id = xtc_db_insert_id(); foreach ($txstatus as $key => $value) { $sql_data_statusdata_array = array('`payone_txstatus_id`' => $txstatus_id, '`key`' => $key, '`value`' => is_array($value) ? implode('||', $value) : $value); xtc_db_perform('payone_txstatus_data', $sql_data_statusdata_array); } $sql_data_transactions_array = array('status' => strtoupper($txstatus['txaction']), 'last_modified' => 'now()'); xtc_db_perform('payone_transactions', $sql_data_transactions_array, 'update', "txid='" . $txstatus['txid'] . "'"); if (in_array($txstatus['txaction'], $this->getStatusNames())) { $sql_data_orders_array = array('orders_status' => (int) $config['orders_status'][$txstatus['txaction']], 'last_modified' => 'now()'); xtc_db_perform(TABLE_ORDERS, $sql_data_orders_array, 'update', "orders_id='" . (int) $txstatus['reference'] . "'"); $sql_data_array = array('orders_id' => (int) $txstatus['reference'], 'orders_status_id' => (int) $config['orders_status'][$txstatus['txaction']], 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => STATUS_UPDATED_BY_PAYONE, 'comments_sent' => '0'); xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array); // send Transaction Status if ($config['orders_status_redirect']['url'][$txstatus['txaction']] != '') { $this->sendTransactionStatus($config['orders_status_redirect']['url'][$txstatus['txaction']], $txstatus, $config['orders_status_redirect']['timeout'][$txstatus['txaction']]); } } } else { $this->log("received TxStatus with an invalid key! TxStatus will not be processed."); } // logging $message_parts = array(); foreach ($txstatus as $name => $value) { $message_parts[] = "{$name}={$value}"; } $message = implode('|', $message_parts); list($msec, $sec) = explode(' ', microtime()); $sql_data_array = array('event_id' => (int) (($sec + $msec) * 1000), 'date_created' => 'now()', 'log_count' => '0', 'log_level' => '0', 'message' => $message, 'customers_id' => '0'); $this->log(print_r($sql_data_array, true)); xtc_db_perform('payone_transactions_log', $sql_data_array); }
function callback_process($data, $charset) { // Keine Session da ! // Stand: 29.06.2011 global $_GET; $this->data = $data; //$this->_logTrans($data); require_once DIR_WS_CLASSES . 'class.phpmailer.php'; if (EMAIL_TRANSPORT == 'smtp') { require_once DIR_WS_CLASSES . 'class.smtp.php'; } require_once DIR_FS_INC . 'xtc_Security.inc.php'; $xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE)); if (isset($xtc_order_id) && is_numeric($xtc_order_id) && $xtc_order_id > 0) { // order suchen $order_query = xtc_db_query("SELECT currency, currency_value\n FROM " . TABLE_ORDERS . "\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'"); if (xtc_db_num_rows($order_query) > 0) { // order gefunden $ipn_charset = xtc_db_prepare_input($this->data['charset']); $ipn_data = array(); $ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']); $ipn_data['xtc_order_id'] = xtc_db_prepare_input($xtc_order_id); $ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']); $ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']); $ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']); $ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']); $ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']); $ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'], $ipn_charset, $charset)); $ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'], $ipn_charset, $charset)); $ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'], $ipn_charset, $charset)); $ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'], $ipn_charset, $charset)); $ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'], $ipn_charset, $charset)); $ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'], $ipn_charset, $charset)); $ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']); $ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'], $ipn_charset, $charset)); $ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']); $ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']); $ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']); $ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']); $ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date'])); $ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'], $ipn_charset, $charset)); $ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']); $ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']); $ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']); $ipn_data['txn_type'] = $this->ipn_determine_txn_type($this->data['txn_type']); $ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']); $ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']); $ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']); $ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']); $ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']); $ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']); $ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']); $ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']); $ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']); if ($ipn_data['num_cart_items'] > 1) { $verspos = $ipn_data['num_cart_items']; for ($p = 1; $p <= $verspos; $p++) { if ($this->data['item_name' . $p] == substr(SUB_TITLE_OT_DISCOUNT, 0, 127) || $this->data['item_name' . $p] == substr(PAYPAL_GS, 0, 127) || $this->data['item_name' . $p] == "Handling" || $this->data['item_name' . $p] == substr(PAYPAL_TAX, 0, 127) || $this->data['item_name' . $p] == "Differenz") { // Artikel Nummer aus den Details für Sonderzeilen $ipn_data['num_cart_items']--; } if ($this->data['item_name' . $p] == substr(SHIPPING_COSTS, 0, 127)) { // Versandkosten $ipn_data['mc_shipping'] = $this->data['mc_gross_' . $p]; $ipn_data['num_cart_items']--; } } } $_transQuery = "SELECT paypal_ipn_id FROM " . TABLE_PAYPAL . " WHERE txn_id = '" . $ipn_data['txn_id'] . "'"; $_transQuery = xtc_db_query($_transQuery); $_transQuery = xtc_db_fetch_array($_transQuery); if ($_transQuery['paypal_ipn_id'] != '') { $insert_id = $_transQuery['paypal_ipn_id']; $sql_data_array = array('payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'payer_email' => $ipn_data['payer_email'], 'num_cart_items' => $ipn_data['num_cart_items'], 'mc_fee' => $ipn_data['mc_fee'], 'mc_shipping' => $ipn_data['mc_shipping'], 'address_name' => $ipn_data['address_name'], 'address_street' => $ipn_data['address_street'], 'address_city' => $ipn_data['address_city'], 'address_state' => $ipn_data['address_state'], 'address_zip' => $ipn_data['address_zip'], 'address_country' => $ipn_data['address_country'], 'address_status' => $ipn_data['address_status'], 'payer_status' => $ipn_data['payer_status'], 'receiver_email' => $ipn_data['receiver_email'], 'last_modified ' => 'now()'); xtc_db_perform(TABLE_PAYPAL, $sql_data_array, 'update', "paypal_ipn_id = '" . (int) $insert_id . "'"); } else { $ipn_data['date_added'] = 'now()'; $ipn_data['last_modified'] = 'now()'; xtc_db_perform(TABLE_PAYPAL, $ipn_data); $insert_id = xtc_db_insert_id(); } $paypal_order_history = array('paypal_ipn_id' => $insert_id, 'txn_id' => $ipn_data['txn_id'], 'parent_txn_id' => $ipn_data['parent_txn_id'], 'payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'mc_amount' => $ipn_data['mc_gross'], 'date_added' => 'now()'); xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY, $paypal_order_history); $crlf = "\n"; $comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf; $comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']); if (isset($this->data['payer_status'])) { $comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']); } $comment_status .= '.' . $crlf; if (isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && $_POST['test_ipn'] > 0) { $comment_status .= '(Sandbox-Test Mode)' . $crlf; } $comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']); if (isset($this->data['pending_reason'])) { $comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']); } if (isset($this->data['reason_code'])) { $comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']); } $comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']); $comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']); if (isset($this->data['parent_txn_id'])) { $comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']); } $comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']); //Set status for default (Pending) $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID; $parameters = 'cmd=_notify-validate'; foreach ($this->data as $key => $value) { $parameters .= '&' . $key . '=' . urlencode(stripslashes($value)); } //$this->_logTransactions($parameters); // 08.01.2008 auch ohne cURL $mit_curl = 0; if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->IPN_URL); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $result = curl_exec($ch); if (!curl_errno($ch)) { $mit_curl = 1; } curl_close($ch); } // cURL fehlt oder ist fehlgeschlagen if ($mit_curl == 0) { $request_post = array('http' => array('method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $parameters)); $request = stream_context_create($request_post); $result = file_get_contents($this->IPN_URL, false, $request); } if (strtoupper($result) == 'VERIFIED' || $result == '1') { // Steht auf Warten if (strtolower($this->data['payment_status']) == 'completed') { if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) { $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID; } //Set status for Denied, Failed } elseif (strtolower($this->data['payment_status']) == 'denied' or strtolower($this->data['payment_status']) == 'failed') { $order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID; //Set status for Reversed } elseif (strtolower($this->data['payment_status']) == 'reversed') { $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID; //Set status for Canceled-Reversal } elseif (strtolower($this->data['payment_status']) == 'canceled-reversal') { $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID; //Set status for Refunded } elseif (strtolower($this->data['payment_status']) == 'refunded') { $order_status_id = DEFAULT_ORDERS_STATUS_ID; //Set status for Pendign - eigentlich nicht nötig? } elseif (strtolower($this->data['payment_status']) == 'pending') { $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID; //Set status for Processed - wann kommt das ? } elseif (strtolower($this->data['payment_status']) == 'processed') { if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) { $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID; } } } else { $order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID; $error_reason = 'Received INVALID responce but invoice and Customer matched.'; } $xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE)); xtc_db_query("UPDATE " . TABLE_ORDERS . "\n SET orders_status = '" . $order_status_id . "', last_modified = now()\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'"); $sql_data_array = array('orders_id' => xtc_db_prepare_input($xtc_order_id), 'orders_status_id' => $order_status_id, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN ' . $comment_status . ''); xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array); } else { $error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.'; } } else { $error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.'; } if (xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) { $email_body = $error_reason . "\n\n" . '<br>'; $email_body .= $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . " - " . $_SERVER['HTTP_ACCEPT'] . "\n\n" . '<br>'; $email_body .= '$_POST:' . "\n\n" . '<br>'; foreach ($this->data as $key => $value) { $email_body .= $key . '=' . $value . "\n" . '<br>'; } $email_body .= "\n" . '$_GET:' . "\n\n" . '<br>'; foreach ($_GET as $key => $value) { $email_body .= $key . '=' . $value . "\n" . '<br>'; } xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body); } }
$sql_data_array['entry_company'] = $company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = $zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $address_id = xtc_db_insert_id(); xtc_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_default_address_id = '" . (int) $address_id . "' WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xtc_db_query("INSERT INTO " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) VALUES ('" . (int) $_SESSION['customer_id'] . "', '0', now())"); if (SESSION_RECREATE == 'True') { xtc_session_recreate(); } $_SESSION['customer_first_name'] = $firstname; $_SESSION['customer_last_name'] = $lastname; $_SESSION['customer_default_address_id'] = $address_id; $_SESSION['customer_country_id'] = $country; $_SESSION['customer_zone_id'] = $zone_id; $_SESSION['customer_vat_id'] = $vat; // restore cart contents $_SESSION['cart']->restore_contents(); // campaign tracking if (isset($_SESSION['tracking']['refID'])) {
if (empty($banners_image_local)) { $accepted_banners_image_files_extensions = array("jpg", "jpeg", "jpe", "gif", "png", "bmp", "tiff", "tif", "bmp", "swf", "cab"); $accepted_banners_image_files_mime_types = array("image/jpeg", "image/gif", "image/png", "image/bmp", "application/x-shockwave-flash"); if (!($banners_image = xtc_try_upload('banners_image', DIR_FS_CATALOG_IMAGES . 'banner/' . $banners_image_target, '644', $accepted_banners_image_files_extensions, $accepted_banners_image_files_mime_types))) { $messageStack->add(ERROR_BANNER_IMAGE_REQUIRED, 'error'); $banner_error = true; } } if ($banner_error == false) { $db_image_location = xtc_not_null($banners_image_local) ? $banners_image_local : $banners_image_target . $banners_image->filename; $sql_data_array = array('banners_title' => $banners_title, 'banners_url' => $banners_url, 'banners_image' => $db_image_location, 'banners_group' => $banners_group, 'banners_html_text' => $html_text); if ($action == 'insert') { $insert_sql_data = array('date_added' => 'now()', 'status' => '1'); $sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_BANNERS, $sql_data_array); $banners_id = xtc_db_insert_id(); $messageStack->add_session(SUCCESS_BANNER_INSERTED, 'success'); } elseif ($action == 'update') { xtc_db_perform(TABLE_BANNERS, $sql_data_array, 'update', 'banners_id = \'' . (int) $banners_id . '\''); $messageStack->add_session(SUCCESS_BANNER_UPDATED, 'success'); } if ($_POST['expires_date']) { $expires_date = xtc_db_prepare_input($_POST['expires_date']); // BOF - Tomcraft - 2009-11-06 - Use "iso 8601" for the date format //list($day, $month, $year) = explode('/', $expires_date); list($year, $month, $day) = explode('-', $expires_date); // EOF - Tomcraft - 2009-11-06 - Use "iso 8601" for the date format $expires_date = $year . (strlen($month) == 1 ? '0' . $month : $month) . (strlen($day) == 1 ? '0' . $day : $day); xtc_db_query("update " . TABLE_BANNERS . " set expires_date = '" . xtc_db_input($expires_date) . "', expires_impressions = null where banners_id = '" . (int) $banners_id . "'"); } elseif ($_POST['impressions']) { $impressions = xtc_db_prepare_input($_POST['impressions']);
} if (!$imagesliders_name || $check_if_name_exist) { if ($_GET['action'] == 'save') { if ($check_if_name_exist['imagesliders_id'] != $imagesliders_id) { $error[] = ERROR_TEXT_NAME; } } else { $error[] = ERROR_TEXT_NAME; } } if (empty($error)) { if ($_GET['action'] == 'insert') { $insert_sql_data = array('date_added' => 'now()'); $sql_data_array = xtc_array_merge($sql_data_array, $insert_sql_data); xtc_db_perform(TABLE_IMAGESLIDERS, $sql_data_array); $imagesliders_id = xtc_db_insert_id(); } elseif ($_GET['action'] == 'save') { $update_sql_data = array('last_modified' => 'now()'); $sql_data_array = xtc_array_merge($sql_data_array, $update_sql_data); xtc_db_perform(TABLE_IMAGESLIDERS, $sql_data_array, 'update', "imagesliders_id = '" . xtc_db_input($imagesliders_id) . "'"); } $languages = xtc_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if ($_POST['imagesliders_image_delete' . $i] == true) { @unlink(DIR_FS_CATALOG_IMAGES . xtc_get_imageslider_image($imagesliders_id, $languages[$i]['id'])); $imagepfad = ''; } if ($image =& xtc_try_upload('imagesliders_image' . $i, DIR_FS_CATALOG_IMAGES . 'imagesliders/' . $languages[$i]['directory'] . '/')) { $imagepfad = 'imagesliders/' . $languages[$i]['directory'] . '/' . $image->filename; } else { if ($_POST['imagesliders_image_delete' . $i] == false) {