function payment_action()
{
global $order, $insert_id;
if (!isset($insert_id) || $insert_id == '') {
$insert_id = $_SESSION['tmp_oID'];
}
$this->payone->log("(pre-)authorizing {$this->code} payment");
$standard_parameters = parent::_standard_parameters();
$this->personal_data = new Payone_Api_Request_Parameter_Authorization_PersonalData();
parent::_set_customers_standard_params();
$this->delivery_data = new Payone_Api_Request_Parameter_Authorization_DeliveryData();
parent::_set_customers_shipping_params();
$this->payment_method = new Payone_Api_Request_Parameter_Authorization_PaymentMethod_Wallet();
$this->payment_method->setWallettype('PPE');
$this->payment_method->setSuccessurl((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG . FILENAME_CHECKOUT_PROCESS . '?' . xtc_session_name() . '=' . xtc_session_id());
$this->payment_method->setBackurl((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG . FILENAME_CHECKOUT_PAYMENT . '?' . xtc_session_name() . '=' . xtc_session_id());
$this->payment_method->setErrorurl((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG . FILENAME_CHECKOUT_PAYMENT . '?' . xtc_session_name() . '=' . xtc_session_id() . '&payment_error=' . $this->code);
// set order_id for deleting canceld order
$_SESSION['tmp_payone_oID'] = $_SESSION['tmp_oID'];
$request_parameters = parent::_request_parameters('wlt');
$this->params = array_merge($standard_parameters, $request_parameters);
$this->builder = new Payone_Builder($this->payone->getPayoneConfig());
parent::_build_service_authentification('wlt');
parent::_parse_response_payone_api();
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'));
}
function __construct($var)
{
if (!isset($_var) && !is_array($var)) {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'NONSSL'));
} else {
$this->response_string = array();
$this->response_string['response'] = $var['response'];
$this->response_string['order_id'] = $var['order_id'];
$this->response_string['payment_method'] = $var['payment_method'];
$this->response_string['lang'] = $var['lang'];
$this->response_string['controlkey'] = $var['controlkey'];
if ($this->checkResponse()) {
if (isset($_SESSION['cart_Masterpayment_ID']) && !empty($_SESSION['cart_Masterpayment_ID']) or substr($_SESSION['payment'], 0, strpos($_SESSION['payment'], '_')) == 'masterpayment') {
if ($this->response_string['response'] == 'success') {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PROCESS, '', 'NONSSL'));
} elseif ($this->response_string['response'] == 'failed') {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=masterpayment_' . $this->response_string['payment_method'], 'NONSSL'));
} elseif ($this->response_string['response'] == 'cancelled') {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'NONSSL'));
}
} elseif ($this->response_string['response'] == 'success') {
$this->sendMail();
}
} else {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'NONSSL'));
}
}
}
function xtc_Security()
{
// Cross-Site Scripting attack defense - Sent by larsneo
// some syntax checking against injected javascript
// extended by Neo
if (count($_GET) > 0) {
// Lets now sanitize the GET vars
// echo '<pre>';
//print_r ($_GET);
//echo '</pre>';
foreach ($_GET as $secvalue) {
if (!is_array($secvalue)) {
// BOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue)) {
// EOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
xtcMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
xtc_redirect(FILENAME_DEFAULT);
}
}
}
}
// Lets now sanitize the POST vars
if (count($_POST) > 0) {
foreach ($_POST as $secvalue) {
if (!is_array($secvalue)) {
// BOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
if (preg_match("<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue)) {
// EOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
xtcMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
xtc_redirect(FILENAME_DEFAULT);
}
}
}
}
// Lets now sanitize the COOKIE vars
if (count($_COOKIE) > 0) {
foreach ($_COOKIE as $secvalue) {
if (!is_array($secvalue)) {
// BOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue)) {
// EOF - Hetfield - 2009-08-19 - replaced deprecated function eregi with preg_match to be ready for PHP >= 5.3
xtcMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
xtc_redirect(FILENAME_DEFAULT);
}
}
}
}
}
function credit_risk_check()
{
$config = $this->_payone->getConfig();
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['noconfirm'])) {
if ($config['credit_risk']['timeofcheck'] == 'before') {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'p1crskip=1', 'SSL'));
} else {
$_SESSION['payone_error'] = CREDIT_RISK_FAILED;
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
}
// A/B testing: only perform scoring every n-th time
$do_score = true;
if ($config['credit_risk']['abtest']['active'] == 'true') {
$ab_value = max(1, (int) $config['credit_risk']['abtest']['value']);
$score_count = (int) MODULE_PAYMENT_PAYONE_AB_TESTING;
$do_score = $score_count % $ab_value == 0;
xtc_db_query("UPDATE " . TABLE_CONFIGURATION . " SET configuration_value='" . ($score_count + 1) . "', last_modified = NOW() where configuration_key='MODULE_PAYMENT_PAYONE_AB_TESTING'");
}
if ($do_score) {
$score = $this->_payone->scoreCustomer($_SESSION['billto']);
} else {
$score = false;
}
if ($score instanceof Payone_Api_Response_Consumerscore_Valid) {
switch ((string) $score->getScore()) {
case 'G':
$_SESSION['payone_cr_result'] = 'green';
break;
case 'Y':
$_SESSION['payone_cr_result'] = 'yellow';
break;
case 'R':
$_SESSION['payone_cr_result'] = 'red';
break;
default:
$_SESSION['payone_cr_result'] = $config['credit_risk']['newclientdefault'];
}
$_SESSION['payone_cr_hash'] = $this->_payone->getAddressHash($_SESSION['billto']);
} else {
// could not get a score value
$_SESSION['payone_cr_result'] = $config['credit_risk']['newclientdefault'];
$_SESSION['payone_cr_hash'] = $this->_payone->getAddressHash($_SESSION['billto']);
}
}
function payment_action()
{
global $order, $insert_id;
if (!isset($insert_id) || $insert_id == '') {
$insert_id = $_SESSION['tmp_oID'];
}
$this->payone->log("(pre-)authorizing {$this->code} payment");
$standard_parameters = parent::_standard_parameters();
$this->personal_data = new Payone_Api_Request_Parameter_Authorization_PersonalData();
parent::_set_customers_standard_params();
$this->delivery_data = new Payone_Api_Request_Parameter_Authorization_DeliveryData();
parent::_set_customers_shipping_params();
$this->payment_method = array();
$request_parameters = parent::_request_parameters('vor');
unset($request_parameters['payment']);
$this->params = array_merge($standard_parameters, $request_parameters);
$this->builder = new Payone_Builder($this->payone->getPayoneConfig());
parent::_build_service_authentification('vor');
parent::_parse_response_payone_api();
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'));
}
}
$messageStack->add_session(DELETE_CACHE_SUCCESSFUL, 'success');
xtc_redirect(xtc_href_link(FILENAME_CONFIGURATION, 'gID=' . (int) $_GET['gID']));
break;
case 'deltempcache':
$path = DIR_FS_CATALOG . 'templates_c/';
if ($dir = opendir($path)) {
while (($file = readdir($dir)) !== false) {
if (is_file($path . $file) && $file != "index.html" && $file != ".htaccess") {
unlink($path . $file);
}
}
closedir($dir);
}
$messageStack->add_session(DELETE_TEMP_CACHE_SUCCESSFUL, 'success');
xtc_redirect(xtc_href_link(FILENAME_CONFIGURATION, 'gID=' . (int) $_GET['gID']));
break;
}
}
$cfg_group_query = xtc_db_query("select configuration_group_title, configuration_group_id from " . TABLE_CONFIGURATION_GROUP . " where configuration_group_id = '" . (int) $_GET['gID'] . "'");
// Hetfield - 2010-01-15 - multilanguage title in configuration
$cfg_group = xtc_db_fetch_array($cfg_group_query);
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onLoad="SetFocus();">
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$check_affiliate_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_password, affiliate_id from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . $_POST['email_address'] . "'");
if (xtc_db_num_rows($check_affiliate_query)) {
$check_affiliate = xtc_db_fetch_array($check_affiliate_query);
// Crypted password mods - create a new password, update the database and mail it to them
$newpass = xtc_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = xtc_encrypt_password($newpass);
xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . $check_affiliate['affiliate_id'] . "'");
xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $_POST['email_address'], $check_affiliate['affiliate_firstname'] . " " . $check_affiliate['affiliate_lastname'], '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', EMAIL_PASSWORD_REMINDER_SUBJECT, nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)), nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)));
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
} else {
echo $mail_error;
}
} else {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'email=nonexistent', 'SSL'));
}
} else {
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_PASSWORD_FORGOTTEN, xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', xtc_draw_form('password_forgotten', xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'action=process', 'SSL')));
$smarty->assign('INPUT_EMAIL', xtc_draw_input_field('email_address', '', 'maxlength="96"'));
$smarty->assign('LINK_AFFILIATE', '<a href="' . xtc_href_link(FILENAME_AFFILIATE, '', 'SSL') . '">' . xtc_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>');
$smarty->assign('BUTTON_SUBMIT', xtc_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE));
if (isset($_GET['email']) && $_GET['email'] == 'nonexistent') {
$smarty->assign('email_nonexistent', 'true');
}
}
$smarty->assign('language', $_SESSION['language']);
$smarty->caching = 0;
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2002 - 2003 osCommerce
Released under the GNU General Public License
---------------------------------------------------------------------------*/
require 'includes/application_top.php';
// include needed functions
require_once DIR_FS_INC . 'xtc_date_short.inc.php';
// create smarty elements
$smarty = new Smarty();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
if (!isset($_SESSION['affiliate_id'])) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_PAYMENT, xtc_href_link(FILENAME_AFFILIATE_PAYMENT, '', 'SSL'));
if (!isset($_GET['page'])) {
$_GET['page'] = 1;
}
$affiliate_payment_raw = "select p.* , s.affiliate_payment_status_name\n from " . TABLE_AFFILIATE_PAYMENT . " p, " . TABLE_AFFILIATE_PAYMENT_STATUS . " s \n where p.affiliate_payment_status = s.affiliate_payment_status_id \n and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "'\n and p.affiliate_id = '" . $_SESSION['affiliate_id'] . "'\n order by p.affiliate_payment_id DESC";
$affiliate_payment_split = new splitPageResults($affiliate_payment_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS);
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('affiliate_payment_split_number', $affiliate_payment_split->number_of_rows);
$affiliate_payment_table = '';
if ($affiliate_payment_split->number_of_rows > 0) {
$affiliate_payment_values = xtc_db_query($affiliate_payment_split->sql_query);
$number_of_payment = 0;
while ($affiliate_payment = xtc_db_fetch_array($affiliate_payment_values)) {
(c) 2003 nextcommerce (account_history.php,v 1.13 2003/08/17); www.nextcommerce.org
Released under the GNU General Public License
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// create smarty elements
$smarty = new Smarty();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'xtc_count_customer_orders.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
require_once DIR_FS_INC . 'xtc_image_button.inc.php';
require_once DIR_FS_INC . 'xtc_get_all_get_params.inc.php';
if (!isset($_SESSION['customer_id'])) {
xtc_redirect(xtc_href_link(FILENAME_LOGIN, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_HISTORY, xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_HISTORY, xtc_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$module_content = array();
if (($orders_total = xtc_count_customer_orders()) > 0) {
$history_query_raw = "select o.orders_id, \n o.date_purchased,\n o.delivery_name,\n o.billing_name,\n ot.text as order_total,\n s.orders_status_name\n from " . TABLE_ORDERS . " o,\n " . TABLE_ORDERS_TOTAL . " ot,\n " . TABLE_ORDERS_STATUS . " s \n where o.customers_id = " . (int) $_SESSION['customer_id'] . "\n and o.orders_id = ot.orders_id\n and ot.class = 'ot_total'\n and o.orders_status = s.orders_status_id\n and s.language_id = " . (int) $_SESSION['languages_id'] . "\n order by orders_id DESC";
$history_split = new splitPageResults($history_query_raw, isset($_GET['page']) ? $_GET['page'] : 0, MAX_DISPLAY_ORDER_HISTORY);
$history_query = xtc_db_query($history_split->sql_query);
while ($history = xtc_db_fetch_array($history_query)) {
$products_query = xtc_db_query("select count(*) as count from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . $history['orders_id'] . "'");
$products = xtc_db_fetch_array($products_query);
if (xtc_not_null($history['delivery_name'])) {
$order_type = TEXT_ORDER_SHIPPED_TO;
$order_name = $history['delivery_name'];
}
//BOF - web28 - 2011-01-15 - //FIX Neuberechnung aus TABLE_ORDERS_RECALCULATE
//$total_query = xtc_db_query("select SUM(value) as value from ".TABLE_ORDERS_TOTAL." where orders_id = '".$_POST['oID']."' and class != 'ot_subtotal_no_tax' and class != 'ot_tax' and class != 'ot_total'");
$total_query = xtc_db_query("select SUM(" . $price . ") as value from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "'");
//EOF - web28 - 2011-01-15 - //FIX Neuberechnung aus TABLE_ORDERS_RECALCULATE
$total = xtc_db_fetch_array($total_query);
$total_final = $total['value'] + $add_tax;
//Mwst hinzurechnen
$total_text = '<b>' . $xtPrice->xtcFormat($total_final, true) . '</b>';
xtc_db_query("update " . TABLE_ORDERS_TOTAL . "\n set text = '" . $total_text . "',\n value = '" . $total_final . "'\n where orders_id = '" . (int) $_POST['oID'] . "'\n and class = 'ot_total'");
//EOF web28 - 2010-12-04 Errechne neue Gesamtsumme für Artikel
// Löschen des Zwischenspeichers Anfang
//EXIT; //DEBUG
xtc_db_query("delete from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . xtc_db_input($_POST['oID']) . "'");
// Löschen des Zwischenspeichers Ende
xtc_redirect(xtc_href_link(FILENAME_ORDERS, 'action=edit&oID=' . (int) $_POST['oID']));
}
// Rückberechnung Ende
//---------------------------------//
function get_customers_taxprice_status()
{
global $order, $lang;
$status_query = xtc_db_query("SELECT customers_status_show_price_tax,\n customers_status_add_tax_ot,\n customers_status_discount,\n customers_status_discount_attributes\n FROM " . TABLE_CUSTOMERS_STATUS . "\n WHERE customers_status_id = '" . $order->info['status'] . "'\n AND language_id ='" . (int) $lang['languages_id'] . "'\n ");
return xtc_db_fetch_array($status_query);
}
//BOF - web28 - 2010-01-15 - Steuersatz Coupon/Rabatt neu berechnen
//Der Steuersatz muss anhand der Posten mit unterschiedlichen Steuersätzen anteilig berechnet werden
function calculate_tax($amount)
{
global $xtPrice, $status;
$price = 'b_price';
function after_process()
{
global $order, $insert_id;
unset($_SESSION['discount_value']);
unset($_SESSION['discount_name']);
unset($_SESSION['voucher_value']);
unset($_SESSION['voucher_name']);
unset($_SESSION['coupon_value']);
unset($_SESSION['coupon_name']);
unset($_SESSION['lofee_value']);
unset($_SESSION['lofee_name']);
$token = $_GET['token'];
if ($this->response->ack == 'OK' && $this->response->status == 'ACCEPTED') {
if ($this->order_status) {
xtc_db_query('UPDATE ' . TABLE_ORDERS . ' SET orders_status = "' . xtc_db_input($this->order_status) . '" WHERE orders_id = "' . xtc_db_input($insert_id) . '"');
}
$customer = $this->response->customer;
xtc_db_query('INSERT INTO billsafe_orders_2 (id, orderid, transactionid, token, billsafeStatus, type, paymentStatus, date) VALUES (NULL,"' . xtc_db_input($insert_id) . '", "' . xtc_db_input($this->response->transactionId) . '", "' . $token . '", "' . xtc_db_input($this->response->status) . '", "installment", NULL, "' . date('Y-m-d H:i:s') . '")');
$resultQuery = xtc_db_query('SELECT id FROM billsafe_orders_2 WHERE transactionId = "' . xtc_db_input($this->response->transactionId) . '"');
$result = xtc_db_fetch_array($resultQuery);
xtc_db_query('INSERT INTO billsafe_orders_user_2 (id, bsorders_id, gender, company, firstname, lastname, street, housenumber, postcode, city, country, dateofbirth, email, phone) VALUES (NULL, "' . xtc_db_input($result['id']) . '", "' . xtc_db_input($customer->gender) . '", "' . xtc_db_input($customer->firstname) . '", "' . xtc_db_input($customer->company) . '", "' . xtc_db_input($customer->lastname) . '", "' . xtc_db_input($customer->street) . '", "' . xtc_db_input($customer->housenumber) . '", "' . xtc_db_input($customer->postcode) . '", "' . xtc_db_input($customer->city) . '", "' . xtc_db_input($customer->country) . '", "0000-00-00", "' . xtc_db_input($customer->email) . '", "' . xtc_db_input($customer->phone) . '")');
$bs = new Billsafe_Sdk(DIR_FS_CATALOG . 'includes/external/billsafe/classes/billsafe_2/ini.php');
//DokuMan - 2012-06-19 - move billsafe to external directory
if ($_SESSION['language_charset'] == 'iso-8859-1' || $_SESSION['language_charset'] == 'iso-8859-15') {
$bs->setUtf8Mode(false);
} else {
$bs->setUtf8Mode(true);
}
if (MODULE_PAYMENT_BILLSAFE_2HP_SERVER == 'Live') {
$bs->setMode("LIVE");
} else {
$bs->setMode("SANDBOX");
}
$bs->setCredentials(array('merchantId' => MODULE_PAYMENT_BILLSAFE_2HP_MERCHANT_ID, 'merchantLicenseSandbox' => MODULE_PAYMENT_BILLSAFE_2HP_MERCHANT_LICENSE, 'merchantLicenseLive' => MODULE_PAYMENT_BILLSAFE_2HP_MERCHANT_LICENSE, 'applicationSignature' => $this->applicationSignature, 'applicationVersion' => $this->application_version));
$params = array('transactionId' => $this->response->transactionId);
$response = $bs->callMethod('getArticleList', $params);
$article = $response->articleList;
for ($i = 0, $n = sizeof($article); $i < $n; $i++) {
for ($ii = 0, $nn = intval($article[$i]->quantity); $ii < $nn; $ii++) {
$article[$i]->name = str_replace("\"", "\\\"", $article[$i]->name);
$article[$i]->name = str_replace("\\'", "\\\\'", $article[$i]->name);
xtc_db_query('INSERT INTO billsafe_orders_details_2 (ordernumber, product_id, articletype, articlenumber, articlename, articleprice, articletax, bsorders_id) values("' . xtc_db_input($insert_id) . '", "' . xtc_db_input($order->products[$i]['id']) . '", "' . xtc_db_input($article[$i]->type) . '", "' . xtc_db_input($article[$i]->number) . '", "' . xtc_db_input($article[$i]->name) . '", "' . xtc_db_input($article[$i]->grossPrice) . '", "' . xtc_db_input($article[$i]->tax) . '", "' . xtc_db_input($result['id']) . '")');
}
}
$comments = MODULE_PAYMENT_BILLSAFE_2HP_STATUS_TEXT . ': ' . $this->response->status . '; ' . MODULE_PAYMENT_BILLSAFE_2HP_TRANSACTIONID . ': ' . $this->response->transactionId;
xtc_db_query('INSERT INTO orders_status_history (orders_status_history_id, orders_id, orders_status_id, date_added, customer_notified, comments) VALUES (NULL, "' . xtc_db_input($insert_id) . '", "1", "' . date('Y-m-d H:i:s') . '", "0", "' . xtc_db_input($comments) . '")');
$params = array('transactionId' => xtc_db_input($this->response->transactionId), 'orderNumber' => xtc_db_input($insert_id));
$response = $bs->callMethod('setOrderNumber', $params);
if ($response->ack == 'OK') {
} else {
}
} else {
$_SESSION['billsafe_status'] = 'declined';
$message = $this->get_error_message($response);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code . '&error_message=' . stripslashes(urlencode(html_entity_decode($message))), 'SSL'));
}
return false;
}
/**
* Handle the $_POST variable and return a KlarnaAddr object
*
* @param string $option payment option, invoice, part or spec
*
* @return KlarnaAddr address object
*/
public function handlePost($option)
{
$addrHandler = new KlarnaAddressXtc();
$errors = array();
$lang = self::getLanguageCode();
$address = new KlarnaAddr();
if (strtolower($this->_country) == 'se') {
try {
$address = $addrHandler->getMatchingAddress($errors, $option);
} catch (Exception $e) {
$this->setError(htmlentities($e->getMessage()) . " (#" . $e->getCode() . ")", $option);
xtc_redirect($this->errorLink(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
}
if (strtolower($this->_country) != "se") {
try {
$aKlarnaAddress = $addrHandler->addressArrayFromPost($option);
$address = $addrHandler->buildKlarnaAddressFromArray($aKlarnaAddress, $this->_country);
} catch (Exception $e) {
$this->setError(htmlentities($e->getMessage()) . " (#" . $e->getCode() . ")", $option);
xtc_redirect($this->errorLink(FILENAME_CHECKOUT_PAYMENT, '', 'SSL', true, false));
}
$_SESSION['klarna_data'] = $aKlarnaAddress;
if (KiTT_CountryLogic::needConsent($this->_country) && $_POST["klarna_{$option}_consent"] != 'consent') {
$errors[] = "no_consent";
}
if (KiTT_CountryLogic::needDateOfBirth($this->_country)) {
$_SESSION['klarna_data']["pno"] = $_POST["klarna_{$option}_birth_day"] . $_POST["klarna_{$option}_birth_month"] . $_POST["klarna_{$option}_birth_year"];
$_SESSION['klarna_data']['gender'] = $_POST["klarna_{$option}_gender"];
}
}
if (!empty($errors)) {
foreach ($errors as $err) {
$translated[] = $this->translate($err, $lang);
}
$this->setError(htmlentities(implode(',', $translated), ENT_COMPAT, 'UTF-8'), $option);
xtc_redirect($this->errorLink(FILENAME_CHECKOUT_PAYMENT, "", "SSL"));
}
return $address;
}
xtc_db_query("insert into " . TABLE_CARRIERS . " (carrier_name, carrier_tracking_link, carrier_sort_order, carrier_date_added) values ('" . xtc_db_input($carrier_name) . "', '" . xtc_db_input($carrier_tracking_link) . "', '" . xtc_db_input($carrier_sort_order) . "', now())");
xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS));
break;
case 'save':
$carrier_id = xtc_db_prepare_input($_GET['carrierID']);
$carrier_name = xtc_db_prepare_input($_POST['carrier_name']);
$carrier_tracking_link = xtc_db_prepare_input($_POST['carrier_tracking_link']);
$carrier_sort_order = xtc_db_prepare_input($_POST['carrier_sort_order']);
$last_modified = xtc_db_prepare_input($_POST['carrier_last_modified']);
xtc_db_query("update " . TABLE_CARRIERS . " set carrier_id = '" . (int) $carrier_id . "', carrier_name = '" . xtc_db_input($carrier_name) . "', carrier_tracking_link = '" . xtc_db_input($carrier_tracking_link) . "', carrier_sort_order = '" . xtc_db_input($carrier_sort_order) . "', carrier_last_modified = now() where carrier_id = '" . (int) $carrier_id . "'");
xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel . '&carrierID=' . $carrier_id));
break;
case 'deleteconfirm':
$carrier_id = xtc_db_prepare_input($_GET['carrierID']);
xtc_db_query("delete from " . TABLE_CARRIERS . " where carrier_id = '" . (int) $carrier_id . "'");
xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel));
break;
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
<script type="text/javascript" src="includes/general.js"></script>
</head>
<body>
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
<!-- body //-->
function complete_payment_paypal_installment()
{
global $insert_id;
if (isset($_SESSION['paypal']['paymentId']) && isset($_SESSION['paypal']['PayerID'])) {
// auth
$apiContext = $this->apiContext();
try {
// Get the payment Object by passing paymentId
$payment = Payment::get($_SESSION['paypal']['paymentId'], $apiContext);
} catch (Exception $ex) {
$this->LoggingManager->log(print_r($ex, true), 'DEBUG');
// redirect
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
// PaymentExecution
$execution = new PaymentExecution();
$execution->setPayerId($_SESSION['paypal']['PayerID']);
try {
// Execute the payment
$payment->execute($execution, $apiContext);
} catch (Exception $ex) {
$this->LoggingManager->log(print_r($ex, true), 'DEBUG');
$this->remove_order($insert_id);
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
// capture
if (($this->transaction_type == 'order' || $this->transaction_type == 'authorize') && $this->get_config('PAYPAL_CAPTURE_MANUELL') == '0') {
$this->capture_payment($payment);
}
$sql_data_array = array('orders_id' => $insert_id, 'payment_id' => $_SESSION['paypal']['paymentId'], 'payer_id' => $_SESSION['paypal']['PayerID']);
xtc_db_perform(TABLE_PAYPAL_PAYMENT, $sql_data_array);
try {
// Get the payment Object by passing paymentId
$payment = Payment::get($_SESSION['paypal']['paymentId'], $apiContext);
} catch (Exception $ex) {
$this->LoggingManager->log(print_r($ex, true), 'DEBUG');
$this->remove_order($insert_id);
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
$status = $this->get_orders_status($payment);
$status['status_id'] = $this->get_config('PAYPAL_ORDER_STATUS_ACCEPTED_ID');
if ($status['status_id'] < 0) {
$check_query = xtc_db_query("SELECT orders_status\n FROM " . TABLE_ORDERS . " \n WHERE orders_id = '" . (int) $insert_id . "'");
$check = xtc_db_fetch_array($check_query);
$status['status_id'] = $check['orders_status'];
}
$this->update_order($status['comment'], $status['status_id'], $insert_id);
} else {
// redirect
unset($_SESSION['paypal']);
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'payment_error=' . $this->code, 'SSL'));
}
}
// include needed classes
require_once DIR_FS_EXTERNAL . 'paypal/classes/PayPalAdmin.php';
$paypal = new PayPalAdmin();
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case 'delete':
$paypal->delete_webhook($_GET['id']);
xtc_redirect(xtc_href_link(basename($PHP_SELF)));
break;
case 'update':
$paypal->update_webhook($_POST['config']);
xtc_redirect(xtc_href_link(basename($PHP_SELF)));
break;
case 'insert':
$paypal->create_webhook($_POST['config']);
xtc_redirect(xtc_href_link(basename($PHP_SELF)));
break;
}
}
$orders_statuses = array(array('id' => '-1', 'text' => TEXT_PAYPAL_NO_STATUS_CHANGE));
$orders_status_array = array('-1' => TEXT_PAYPAL_NO_STATUS_CHANGE);
$orders_status_query = xtc_db_query("SELECT orders_status_id,\n orders_status_name\n FROM " . TABLE_ORDERS_STATUS . "\n WHERE language_id = '" . $_SESSION['languages_id'] . "'\n ORDER BY sort_order");
while ($orders_status = xtc_db_fetch_array($orders_status_query)) {
$orders_statuses[] = array('id' => $orders_status['orders_status_id'], 'text' => $orders_status['orders_status_name']);
$orders_status_array[$orders_status['orders_status_id']] = $orders_status['orders_status_name'];
}
$status_array = array(array('id' => '1', 'text' => YES), array('id' => '0', 'text' => NO));
$landingpage_array = array(array('id' => 'Login', 'text' => 'Login'), array('id' => 'Payment', 'text' => 'Payment'));
//$locale_code = array(
require DIR_WS_INCLUDES . 'head.php';
?>
}
// default open navigation box
if (!isset($_SESSION['selected_box'])) {
$_SESSION['selected_box'] = 'configuration';
} else {
if (!empty($_GET['selected_box'])) {
$_SESSION['selected_box'] = $_GET['selected_box'];
}
}
// the following cache blocks are used in the Tools->Cache section
// ('language' in the filename is automatically replaced by available languages)
$cache_blocks = array(array('title' => TEXT_CACHE_CATEGORIES, 'code' => 'categories', 'file' => 'categories_box-language.cache', 'multiple' => true), array('title' => TEXT_CACHE_MANUFACTURERS, 'code' => 'manufacturers', 'file' => 'manufacturers_box-language.cache', 'multiple' => true), array('title' => TEXT_CACHE_ALSO_PURCHASED, 'code' => 'also_purchased', 'file' => 'also_purchased-language.cache', 'multiple' => true));
// check if a default currency is set
if (!defined('DEFAULT_CURRENCY')) {
$messageStack->add(ERROR_NO_DEFAULT_CURRENCY_DEFINED, 'error');
}
// check if a default language is set
if (!defined('DEFAULT_LANGUAGE')) {
$messageStack->add(ERROR_NO_DEFAULT_LANGUAGE_DEFINED, 'error');
}
// for Customers Status
xtc_get_customers_statuses();
$pagename = strtok($current_page, '.');
if (!isset($_SESSION['customer_id'])) {
xtc_redirect(xtc_href_link(FILENAME_LOGIN));
}
if (xtc_check_permission($pagename) == '0') {
xtc_redirect(xtc_href_link(FILENAME_LOGIN));
}
// Include Template Engine
require DIR_FS_CATALOG . DIR_WS_CLASSES . 'Smarty_2.6.27/Smarty.class.php';
//fsk18 lock
$fsk_lock = '';
if ($_SESSION['customers_status']['customers_fsk18_display'] == '0') {
$fsk_lock = ' and p.products_fsk18!=1';
}
if (GROUP_CHECK == 'true') {
$group_check = " and p.group_permission_" . $_SESSION['customers_status']['customers_status_id'] . "=1 ";
}
//BOF - DokuMan - 2010-01-26 - use Join on TABLE_PRODUCTS_DESCRIPTION & TABLE_SPECIALS
$specials_query_raw = "select p.products_id,\n pd.products_name,\n p.products_price,\n p.products_tax_class_id,\n p.products_shippingtime,\n p.products_image,\n p.products_vpe_status,\n p.products_vpe_value,\n p.products_vpe,\n p.products_fsk18,\n s.expires_date,\n s.specials_new_products_price\n from\n " . TABLE_PRODUCTS . " p\n left join " . TABLE_PRODUCTS_DESCRIPTION . " pd\n on p.products_id = pd.products_id\n left join " . TABLE_SPECIALS . " s\n on p.products_id = s.products_id\n where p.products_status = '1'\n and s.products_id = p.products_id\n and p.products_id = pd.products_id\n " . $group_check . "\n " . $fsk_lock . "\n and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'\n and s.status = '1'\n order by s.specials_date_added DESC";
//EOF - DokuMan - 2010-01-26 - use Join on TABLE_PRODUCTS_DESCRIPTION & TABLE_SPECIALS
$specials_split = new splitPageResults($specials_query_raw, isset($_GET['page']) ? $_GET['page'] : 0, MAX_DISPLAY_SPECIAL_PRODUCTS);
$module_content = '';
$row = 0;
if ($specials_split->number_of_rows == 0) {
xtc_redirect(xtc_href_link(FILENAME_DEFAULT));
}
require DIR_WS_INCLUDES . 'header.php';
$specials_query = xtc_db_query($specials_split->sql_query);
while ($specials = xtc_db_fetch_array($specials_query)) {
$module_content[] = $product->buildDataArray($specials);
}
if ($specials_split->number_of_rows > 0) {
//BOF - Dokuman - 2009-06-05 - replace table with div
/*
$smarty->assign('NAVBAR', '
<table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td class="smallText">'.$specials_split->display_count(TEXT_DISPLAY_NUMBER_OF_SPECIALS).'</td>
<td align="right" class="smallText">'.TEXT_RESULT_PAGE.' '.$specials_split->display_links(MAX_DISPLAY_PAGE_LINKS, xtc_get_all_get_params(array ('page', 'info', 'x', 'y'))).'</td>
</tr>
/**
* Is called when the checkout_confirmation.php page is called
*/
public function confirmation()
{
$checking = true;
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_total_amount'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_amount'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_interest_amount'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_service_charge'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_annual_percentage_rate'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_monthly_debit_interest'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_number_of_rates'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_rate'))) {
$checking = false;
} else {
if (rpData::betterEmpty(rpSession::getRpSessionEntry('ratepay_rate_last_rate'))) {
$checking = false;
}
}
}
}
}
}
}
}
}
if (!$checking) {
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=calculation_error', 'SSL'));
}
}
$use_contact_email_query = xtc_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'USE_CONTACT_EMAIL_ADDRESS'");
$use_contact_email = xtc_db_fetch_array($use_contact_email_query);
if ($use_contact_email['configuration_value'] == 'true') {
$email = trim(CONTACT_US_EMAIL_ADDRESS);
$name = CONTACT_US_NAME;
$notify = EMAIL_NOTIFY . "\n\n";
} else {
$email = trim($_POST['email']);
$name = $_POST['name'];
$notify = '';
}
// EOF - Tomcraft - 2009-11-05 - Advanced contact form (check for USE_CONTACT_EMAIL_ADDRESS)
$email_layout = sprintf(EMAIL_SENT_BY, CONTACT_US_NAME, CONTACT_US_EMAIL_ADDRESS, $datum, $uhrzeit) . "\n" . "--------------------------------------------------------------" . "\n" . $notify . EMAIL_NAME . $_POST['name'] . "\n" . EMAIL_EMAIL . trim($_POST['email']) . "\n" . $additional_fields . "\n" . EMAIL_MESSAGE . "\n " . $_POST['message_body'] . "\n";
xtc_php_mail($email, $name, CONTACT_US_EMAIL_ADDRESS, CONTACT_US_NAME, CONTACT_US_FORWARDING_STRING, $email, $name, '', '', CONTACT_US_EMAIL_SUBJECT, nl2br($email_layout), $email_layout);
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_CONTENT, 'action=success&coID=' . (int) $_GET['coID']));
} else {
$smarty->assign('error_message', $mail_error);
}
}
//EOF - web28 - 2010-04-03 - New error handling for required fileds
}
$smarty->assign('CONTACT_HEADING', $shop_content_data['content_heading']);
if (isset($_GET['action']) && $_GET['action'] == 'success') {
$smarty->assign('success', '1');
$smarty->assign('BUTTON_CONTINUE', '<a href="' . xtc_href_link(FILENAME_DEFAULT) . '">' . xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>');
} else {
if ($shop_content_data['content_file'] != '') {
ob_start();
if (strpos($shop_content_data['content_file'], '.txt')) {
echo '<pre>';
*
* $Id: confirmVorkasse.php 3751 2012-10-10 08:36:20Z gtb-modified $
*/
require_once '../../library/sofortLib.php';
chdir('../../../..');
include 'includes/application_top.php';
require_once DIR_FS_CATALOG . 'callback/sofort/helperFunctions.php';
$language = HelperFunctions::getSofortLanguage($_SESSION['language']);
include DIR_WS_LANGUAGES . $language . '/modules/payment/sofort_sofortvorkasse.php';
// create smarty elements
$smarty = new Smarty();
// include boxes
require_once DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// if the customer is not logged on, redirect them to the shopping cart page
if (!isset($_SESSION['customer_id'])) {
xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART));
}
$breadcrumb->add(NAVBAR_TITLE_1_CHECKOUT_CONFIRMATION);
$breadcrumb->add(NAVBAR_TITLE_2_CHECKOUT_CONFIRMATION);
require_once DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', xtc_draw_form('order', xtc_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')));
$smarty->assign('BUTTON_CONTINUE', xtc_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE));
$smarty->assign('BUTTON_PRINT', '<img src="' . 'templates/' . CURRENT_TEMPLATE . '/buttons/' . $_SESSION['language'] . '/button_print.gif" style="cursor:hand"
onclick="window.open(\'' . xtc_href_link(FILENAME_PRINT_ORDER, 'oID=' . $orders['orders_id']) . '\', \'popup\', \'toolbar=0, width=640, height=600\')" />');
$smarty->assign('FORM_END', '</form>');
$smarty->assign('HEADING', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_HEADING_TEXT);
$smarty->assign('TEXT', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_TEXT);
$smarty->assign('HOLDER', HelperFunctions::htmlMask($_GET['holder']));
$smarty->assign('HOLDER_TEXT', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_HOLDER_TEXT);
$smarty->assign('ACCOUNT_NUMBER', HelperFunctions::htmlMask($_GET['account_number']));
$smarty->assign('ACCOUNT_NUMBER_TEXT', MODULE_PAYMENT_SOFORT_SV_CHECKOUT_ACCOUNT_NUMBER_TEXT);
modified eCommerce Shopsoftware
http://www.modified-shop.org
Copyright (c) 2009 - 2013 [www.modified-shop.org]
-----------------------------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------------------------*/
chdir('../../');
include 'includes/application_top.php';
// include needed classes
require_once DIR_WS_CLASSES . 'order.php';
require_once DIR_FS_EXTERNAL . 'paypal/classes/PayPalPayment.php';
$paypal = new PayPalPayment('paypalcart');
$paypal->validate_payment_paypalcart();
if (!isset($_SESSION['customer_id'])) {
xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART, '', 'NONSSL'));
}
// shipping
$_SESSION['shipping'] = '';
$order = new order();
if ($order->content_type == 'virtual' || $order->content_type == 'virtual_weight' || $_SESSION['cart']->count_contents_virtual() == 0) {
$_SESSION['shipping'] = false;
$_SESSION['sendto'] = false;
}
// payment
$_SESSION['payment'] = 'paypalcart';
// billto
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_CONFIRMATION, 'conditions=true', 'NONSSL'));
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = xtc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = xtc_db_fetch_array($check_customer_query);
if (xtc_validate_password($password_current, $check_customer['customers_password'])) {
xtc_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_password = '******', customers_last_modified=now() WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xtc_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . " SET customers_info_date_account_last_modified = now() WHERE customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
xtc_redirect(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
if ($messageStack->size('account_password') > 0) {
$smarty->assign('error', $messageStack->output('account_password'));
}
$smarty->assign('FORM_ACTION', xtc_draw_form('account_password', xtc_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'), 'post', 'onsubmit="return check_form(account_password);"') . xtc_draw_hidden_field('action', 'process'));
$smarty->assign('INPUT_ACTUAL', xtc_draw_password_fieldNote(array('name' => 'password_current', 'text' => ' ' . (xtc_not_null(ENTRY_PASSWORD_CURRENT_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_CURRENT_TEXT . '</span>' : ''))));
$smarty->assign('INPUT_NEW', xtc_draw_password_fieldNote(array('name' => 'password_new', 'text' => ' ' . (xtc_not_null(ENTRY_PASSWORD_NEW_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_NEW_TEXT . '</span>' : ''))));
function payment_action()
{
xtc_redirect(xtc_href_link('checkout_payment_iframe.php', '', 'SSL'));
}
require 'includes/application_top.php';
#MN: Check if $_POST form is submited on this page
if ($_POST) {
switch ($_POST['action']) {
case 'widget_active':
xtc_db_query("update " . TABLE_WIDGETS . " set widgets_active = !widgets_active where widgets_id = '" . xtc_db_input($_POST['widgets']) . "'");
break;
case 'widget_save_position':
foreach ($_POST['widgets_id'] as $key => $widget) {
$w_x = xtc_db_prepare_input($_POST['widgets_x'][$key]);
$w_y = xtc_db_prepare_input($_POST['widgets_y'][$key]);
xtc_db_query("update " . TABLE_WIDGETS . " set widgets_x = '" . $w_x . "', widgets_y = '" . $w_y . "' where widgets_id = '" . $widget . "'");
}
break;
}
xtc_redirect(xtc_href_link(FILENAME_START));
}
require DIR_WS_INCLUDES . 'head.php';
?>
<style type="text/css">
.gridster li header {
background: #999;
display: block;
font-size: 20px;
line-height: normal;
padding: 4px 0 6px ;
margin-bottom: 20px;
cursor: move;
} else {
xtc_db_query("UPDATE " . TABLE_REVIEWS . " SET customers_id = null WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
}
xtc_db_query("DELETE FROM " . TABLE_ADDRESS_BOOK . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_INFO . " WHERE customers_info_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_BASKET . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_PRODUCTS_NOTIFICATIONS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_WHOS_ONLINE . " WHERE customer_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_STATUS_HISTORY . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_CUSTOMERS_IP . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_ADMIN_ACCESS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
xtc_db_query("DELETE FROM " . TABLE_NEWSLETTER_RECIPIENTS . " WHERE customers_id = '" . xtc_db_input($customers_id) . "'");
// DokuMan - 2011-04-15 - also delete the newsletter entry of the customer
xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array('cID', 'action'))));
break;
default:
$customers_query = xtc_db_query("\n -- admin/customers.php\n SELECT c.customers_id,\n c.customers_cid,\n c.customers_vat_id,\n c.customers_status, # DokuMan 2011-12-13 - Added missing customers_status\n c.customers_gender,\n c.customers_firstname,\n c.customers_lastname,\n c.customers_dob,\n c.customers_email_address,\n c.customers_default_address_id,\n c.customers_telephone,\n c.customers_fax,\n c.customers_newsletter,\n c.customers_symbol,\n c.payment_unallowed, # Tomcraft 2011-03-18 - Added missing payment_unallowed\n c.shipping_unallowed, # Tomcraft 2011-03-18 - Added missing payment_unallowed\n a.entry_company,\n a.entry_street_address,\n a.entry_suburb,\n a.entry_postcode,\n a.entry_city,\n a.entry_state,\n a.entry_country_id,\n a.entry_zone_id\n FROM " . TABLE_CUSTOMERS . " c\n LEFT JOIN " . TABLE_ADDRESS_BOOK . " a\n ON c.customers_default_address_id = a.address_book_id\n WHERE a.customers_id = c.customers_id\n AND c.customers_id = " . (int) $_GET['cID']);
$customers = xtc_db_fetch_array($customers_query);
$cInfo = new objectInfo($customers);
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
<?php
if ($action == 'edit' || $action == 'update') {
?>
<script type="text/javascript">
<!--
*/
if (isset($_GET['action']) && $_GET['action'] == 'update') {
if ($_POST['account_type'] != 1) {
//if ($_SESSION['account_type'] != 1) {
//BOF - web28.de - FIX redirect to NONSSL
//xtc_redirect(xtc_href_link(FILENAME_DEFAULT));
xtc_redirect(xtc_href_link(FILENAME_DEFAULT), 'NONSSL');
//EOF - web28.de - FIX redirect to NONSSL
} else {
//xtc_redirect(xtc_href_link(FILENAME_LOGOFF));
xtc_redirect(xtc_href_link(FILENAME_LOGOFF), 'NONSSL');
}
}
// if the customer is not logged on, redirect them to the shopping cart page
if (!isset($_SESSION['customer_id'])) {
xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART), 'NONSSL');
}
// EOF - GTB - 2011-04-12 - changes for Guest Account
$breadcrumb->add(NAVBAR_TITLE_1_CHECKOUT_SUCCESS);
$breadcrumb->add(NAVBAR_TITLE_2_CHECKOUT_SUCCESS);
require DIR_WS_INCLUDES . 'header.php';
$orders_query = xtc_db_query("select orders_id,\n orders_status,\n payment_class\n from " . TABLE_ORDERS . "\n where customers_id = '" . $_SESSION['customer_id'] . "'\n order by orders_id desc limit 1");
$orders = xtc_db_fetch_array($orders_query);
$last_order = $orders['orders_id'];
$order_status = $orders['orders_status'];
$payment_class = $orders['payment_class'];
//BOF - GTB - 2012-10-10 - include Vorkasse by Sofort
if (isset($_GET['vorkasse']) && $_GET['vorkasse'] == 'sofort') {
include DIR_WS_MODULES . 'sofort_vorkasse.php';
}
//EOF - GTB - 2012-10-10 - include Vorkasse by Sofort
$date_added = xtc_db_prepare_input($_POST['date_added']);
xtc_db_query("insert into " . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . xtc_db_input($tax_class_title) . "', '" . xtc_db_input($tax_class_description) . "', now())");
xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES));
break;
case 'save':
$tax_class_id = xtc_db_prepare_input($_GET['tID']);
$tax_class_title = xtc_db_prepare_input($_POST['tax_class_title']);
$tax_class_description = xtc_db_prepare_input($_POST['tax_class_description']);
$last_modified = xtc_db_prepare_input($_POST['last_modified']);
xtc_db_query("update " . TABLE_TAX_CLASS . " set tax_class_id = '" . xtc_db_input($tax_class_id) . "', tax_class_title = '" . xtc_db_input($tax_class_title) . "', tax_class_description = '" . xtc_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . xtc_db_input($tax_class_id) . "'");
xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id));
break;
case 'deleteconfirm':
$tax_class_id = xtc_db_prepare_input($_GET['tID']);
xtc_db_query("delete from " . TABLE_TAX_CLASS . " where tax_class_id = '" . xtc_db_input($tax_class_id) . "'");
xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page']));
break;
}
}
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
<!-- body //-->
function giropay_confirm($data = '')
{
// Giropay transaction
// Stand: 29.04.2009
$tkn = $data['token'] != '' ? $data['token'] : $_SESSION['nvpReqArray']['TOKEN'];
unset($_SESSION['payment']);
unset($_SESSION['nvpReqArray']);
unset($_SESSION['reshash']);
xtc_redirect($this->GIROPAY_URL . '' . urlencode($tkn));
}
}
if (isset($quote['error'])) {
unset($_SESSION['shipping']);
} else {
if (isset($quote[0]['methods'][0]['title']) && isset($quote[0]['methods'][0]['cost'])) {
$_SESSION['shipping'] = array('id' => $_SESSION['shipping'], 'title' => $free_shipping == true ? $quote[0]['methods'][0]['title'] : $quote[0]['module'] . ' (' . $quote[0]['methods'][0]['title'] . ')', 'cost' => $quote[0]['methods'][0]['cost']);
xtc_redirect(xtc_href_link(FILENAME_PAYPAL_CHECKOUT, '', 'SSL'));
}
}
} else {
unset($_SESSION['shipping']);
}
}
} else {
$_SESSION['shipping'] = false;
xtc_redirect(xtc_href_link(FILENAME_PAYPAL_CHECKOUT, '', 'SSL'));
}
}
if ($kein_versand == 1) {
$_SESSION['shipping'] = false;
}
// get all available shipping quotes
$quotes = $shipping_modules->quote();
// if no shipping method has been selected, automatically select the cheapest method.
// if the modules status was changed when none were available, to save on implementing
// a javascript force-selection method, also automatically select the cheapest shipping
// method if more than one module is now enabled
if (!isset($_SESSION['shipping']) || isset($_SESSION['shipping']) && $_SESSION['shipping'] == false && xtc_count_shipping_modules() > 1) {
$_SESSION['shipping'] = $shipping_modules->cheapest();
}
if ($kein_versand == 1) {
$content_file_name = $select_file;
}
$accepted_file_upload_files_extensions = array("xls", "xla", "hlp", "chm", "ppt", "ppz", "pps", "pot", "doc", "dot", "pdf", "rtf", "swf", "cab", "tar", "zip", "au", "snd", "mp2", "rpm", "stream", "wav", "gif", "jpeg", "jpg", "jpe", "png", "tiff", "tif", "bmp", "csv", "txt", "rtf", "tsv", "mpeg", "mpg", "mpe", "qt", "mov", "avi", "movie", "rar", "7z");
$accepted_file_upload_files_mime_types = array("application/msexcel", "application/mshelp", "application/mspowerpoint", "application/msword", "application/pdf", "application/rtf", "application/x-shockwave-flash", "application/x-tar", "application/zip", "audio/basic", "audio/x-mpeg", "audio/x-pn-realaudio-plugin", "audio/x-qt-stream", "audio/x-wav", "image/gif", "image/jpeg", "image/png", "image/tiff", "image/bmp", "text/comma-separated-values", "text/plain", "text/rtf", "text/tab-separated-values", "video/mpeg", "video/quicktime", "video/x-msvideo", "video/x-sgi-movie", "application/x-rar-compressed", "application/x-7z-compressed");
if ($content_file = xtc_try_upload('file_upload', DIR_FS_CATALOG . 'media/content/', '644', $accepted_file_upload_files_extensions, $accepted_file_upload_files_mime_types)) {
$content_file_name = $content_file->filename;
}
// update data in table
$sql_data_array = array('languages_id' => $content_language, 'content_title' => $content_title, 'content_heading' => $content_header, 'content_text' => $content_text, 'content_file' => $content_file_name, 'content_status' => $content_status, 'parent_id' => $parent_id, 'group_ids' => $group_ids, 'content_group' => $group_id, 'sort_order' => $sort_order, 'file_flag' => $file_flag, 'content_meta_title' => $content_meta_title, 'content_meta_description' => $content_meta_description, 'content_meta_keywords' => $content_meta_keywords, 'content_meta_index' => $content_meta_index, 'change_date' => $time);
if ($id == 'update') {
xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array, 'update', "content_id = '" . $coID . "'");
} else {
xtc_db_perform(TABLE_CONTENT_MANAGER, $sql_data_array);
}
// if get id
xtc_redirect(xtc_href_link(FILENAME_CONTENT_MANAGER));
}
// if error
}
// if
require DIR_WS_INCLUDES . 'head.php';
?>
</head>
<body>
<!-- header //-->
<?php
require DIR_WS_INCLUDES . 'header.php';
?>
<!-- header_eof //-->
<!-- body //-->
