/** * AgileBill - Open Billing Software * * This body of work is free software; you can redistribute it and/or * modify it under the terms of the Open AgileBill License * License as published at http://www.agileco.com/agilebill/license1-4.txt * * For questions, help, comments, discussion, etc., please join the * Agileco community forums at http://forum.agileco.com/ * * @link http://www.agileco.com/ * @copyright 2004-2008 Agileco, LLC. * @license http://www.agileco.com/agilebill/license1-4.txt * @author Tony Landis <*****@*****.**> * @package AgileBill * @version 1.4.93 */ function CORE_database_add($VAR, $construct, $type) { global $C_translate; # set the field list for this method: $arr = $construct->method["{$type}"]; # define the validation class include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $construct->validated = true; #################################################################### # loop through the field list to validate the required fields #################################################################### while (list($key, $value) = each($arr)) { # get the field value $field_var = $construct->module . '_' . $value; $field_name = $value; $construct->validate = true; #################################################################### # perform any field validation... #################################################################### # check if this value is unique if (isset($construct->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) { if (!$validate->validate_unique($construct->table, $field_name, "record_id", $VAR["{$field_var}"])) { $construct->validated = false; $construct->val_error[] = array('field' => $construct->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_unique', "", "")); } } # check if the submitted value meets the specifed requirements if (isset($construct->field["{$value}"]["validate"])) { if (isset($VAR["{$field_var}"])) { if ($VAR["{$field_var}"] != '') { if (!$validate->validate($field_name, $construct->field["{$value}"], $VAR["{$field_var}"], $construct->field["{$value}"]["validate"])) { $construct->validated = false; $construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $validate->error["{$field_name}"]); } } else { $construct->validated = false; $construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } else { $construct->validated = false; $construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } } #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if (!$construct->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $construct->val_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } # define any triggers if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 0, $VAR); } # strip slashes global $C_vars; $C_vars->strip_slashes_all(); return false; } else { # begin the new database class: $db =& DB(); # loop through the field list to create the sql queries $field_list = ''; $i = 0; reset($arr); while (list($key, $value) = each($arr)) { # get the field value $field_var = $construct->module . '_' . $value; $field_name = $value; if (isset($VAR["{$field_var}"])) { # check if html allowed: if (@$construct->field["{$value}"]["html"] != 1 && !is_array($VAR["{$field_var}"])) { $insert_value = htmlspecialchars($VAR["{$field_var}"]); } else { $insert_value = $VAR["{$field_var}"]; } # perform data conversions if (isset($construct->field["{$value}"]["convert"])) { $insert_value = $validate->convert($field_name, $insert_value, $construct->field["{$value}"]["convert"]); } # create the sql statement if (!empty($insert_value)) { $field_list .= ", " . $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc()); } } } # add a comma before the site_id if needed if ($field_list != '') { $field_list .= ','; } # determine the record id: $construct->record_id = $db->GenID(AGILE_DB_PREFIX . "" . $construct->table . '_id'); # define the new ID as a constant define(strtoupper('NEW_RECORD_' . $construct->table . '_ID'), $construct->record_id); # generate the full query $q = "INSERT INTO " . AGILE_DB_PREFIX . "{$construct->table}\n\t\t\t\tSET\n\t\t\t\tid = " . $db->qstr($construct->record_id) . "\n\t\t\t\t{$field_list}\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE); # execute the query $result = $db->Execute($q); ## echo $q; # error reporting: if ($result === false) { global $C_debug; $C_debug->error('database.inc.php', 'add', $db->ErrorMsg()); if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 0, $VAR); return false; } } # define any triggers: if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 1, $VAR); } global $VAR; $VAR["id"] = $construct->record_id; @($redirect_page = $VAR['_page']); if (isset($VAR["_escape"]) || isset($VAR["_escape_next"])) { $_escape = '&_escape=1&_escape_next=1'; } define('REDIRECT_PAGE', '?_page=' . $redirect_page . '&id=' . $construct->record_id . '' . @$_escape); return $construct->record_id; } }
function search($VAR) { $this->charge_construct(); $type = "search"; $this->method["{$type}"] = explode(",", $this->method["{$type}"]); $db =& DB(); include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); # set the search criteria array $arr = $VAR; # loop through the submitted field_names to get the WHERE statement $where_list = ''; $i = 0; while (list($key, $value) = each($arr)) { if ($i == 0) { if ($value != '') { $pat = "^" . $this->module . "_"; if (eregi($pat, $key)) { $field = eregi_replace($pat, "", $key); if (eregi('%', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]); } $where_list .= " WHERE " . AGILE_DB_PREFIX . "charge." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module . '_' . $field; $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]); } if ($i_arr == 0) { $where_list .= " WHERE " . AGILE_DB_PREFIX . "charge." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } else { $where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } } else { $where_list .= " WHERE " . AGILE_DB_PREFIX . "charge." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } else { if ($value != '') { $pat = "^" . $this->module . "_"; if (eregi($pat, $key)) { $field = eregi_replace($pat, "", $key); if (eregi('%', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]); } $where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module . '_' . $field; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]); } $where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } else { $where_list .= " AND " . AGILE_DB_PREFIX . "charge." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } } # Code for attribute searches: if (!empty($VAR['item_attributes'])) { $attr_arr = $VAR['item_attributes']; for ($ati = 0; $ati < count($attr_arr); $ati++) { if (!empty($attr_arr[$ati]['0'])) { if ($where_list == '') { $where_list .= ' WHERE '; } else { $where_list .= ' AND '; } $where_list .= AGILE_DB_PREFIX . "charge.attributes LIKE " . $db->qstr("%{$attr_arr[$ati]['0']}=={$attr_arr[$ati]['1']}%"); } } } #### finalize the WHERE statement if ($where_list == '') { $where_list .= ' WHERE '; } else { $where_list .= ' AND '; } # get limit type if (isset($VAR['limit'])) { $limit = $VAR['limit']; } else { $limit = $this->limit; } # get order by if (isset($VAR['order_by'])) { $order_by = $VAR['order_by']; } else { $order_by = $this->order_by; } $q = "SELECT " . AGILE_DB_PREFIX . "charge.id FROM " . AGILE_DB_PREFIX . "charge "; $q .= $where_list . " " . AGILE_DB_PREFIX . "charge.site_id = " . $db->qstr(DEFAULT_SITE); $q_save = "SELECT DISTINCT %%fieldList%%, " . AGILE_DB_PREFIX . "charge.id FROM " . AGILE_DB_PREFIX . "charge "; $q_save .= $where_list . " %%whereList%% "; #echo $q; #exit; # run the database query $result = $db->Execute($q); # error reporting if ($result === false) { global $C_debug; $C_debug->error('charge.inc.php', 'search', $db->ErrorMsg()); return false; } # get the result count: $results = $result->RecordCount(); # get the first record id: if ($results == 1) { $record_id = $result->fields['id']; } # define the DB vars as a Smarty accessible block global $smarty; # Create the definition for fast-forwarding to a single record: if ($results == 1 && !isset($this->fast_forward)) { $smarty->assign('record_id', $record_id); } # create the search record: if ($results > 0) { # create the search record include_once PATH_CORE . 'search.inc.php'; $search = new CORE_search(); $arr['module'] = $this->module; $arr['sql'] = $q_save; $arr['limit'] = $limit; $arr['order_by'] = $order_by; $arr['results'] = $results; $search->add($arr); # define the search id and other parameters for Smarty $smarty->assign('search_id', $search->id); # page: $smarty->assign('page', '1'); # limit: $smarty->assign('limit', $limit); # order_by: $smarty->assign('order_by', $order_by); } # define the result count $smarty->assign('results', $results); }
function add($VAR) { $this->construct(); global $C_debug, $C_translate; $validate = true; ## Set type: if (!empty($VAR['service_none'])) { $VAR['service_type'] = 'none'; } elseif (!empty($VAR['service_domain'])) { $VAR['service_type'] = 'domain'; } elseif (!empty($VAR['service_group'])) { if (!empty($VAR['service_hosting'])) { $VAR['service_type'] = 'host_group'; } elseif (!empty($VAR['service_product'])) { $VAR['service_type'] = 'product_group'; } else { $VAR['service_type'] = 'group'; } } elseif (!empty($VAR['service_hosting'])) { $VAR['service_type'] = 'host'; } elseif (!empty($VAR['service_product'])) { $VAR['service_type'] = 'product'; } ## Set Price Type if (!empty($VAR['billing_type'])) { $VAR['service_price_type'] = "1"; } else { $VAR['service_price_type'] = "0"; } ### loop through the field list to validate the required fields $type = 'add'; $this->method["{$type}"] = explode(",", $this->method["{$type}"]); $arr = $this->method["{$type}"]; include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $this->validated = true; while (list($key, $value) = each($arr)) { # get the field value $field_var = $this->module . '_' . $value; $field_name = $value; # check if this value is unique if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) { if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) { $this->validated = false; $this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", "")); } } if (isset($this->field["{$value}"]["validate"])) { if (isset($VAR["{$field_var}"])) { if ($VAR["{$field_var}"] != '') { if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } } # If recurring, validate & set defaults if ($VAR['service_price_type'] == 1) { if (!empty($VAR['date_last_invoice'])) { $last_invoice = $validate->DateToEpoch(DEFAULT_DATE_FORMAT, $VAR['date_last_invoice']); } else { $last_invoice = time(); } # Determine the next invoice date: $next_invoice = $this->calcNextInvoiceDate($last_invoice, @$VAR['product_price_recurr_default'], @$VAR['product_price_recurr_type'], @$VAR['product_price_recurr_weekday'], @$VAR['product_price_recurr_week']); } $active = 1; $queue = 'new'; # Product details if (!empty($VAR['service_sku'])) { $product_id = @$VAR['product_id']; $product_sku = @$VAR['service_sku']; } # Hosting Details: if (@$VAR['service_type'] == 'host' || @$VAR['service_type'] == 'host_group') { # validate domain/tld set if (empty($VAR['host_domain_name']) || empty($VAR['host_domain_tld'])) { $this->validated = false; $this->val_error[] = array('field' => 'service_domain_name', 'field_trans' => $C_translate->translate('field_domain_name', 'service', ""), 'error' => $C_translate->translate('validate_any', "", "")); } else { $domain_name = $VAR['host_domain_name']; $domain_tld = $VAR['host_domain_tld']; } } else { if (@$VAR['service_type'] == 'domain') { # validate domain/tld set if (empty($VAR['domain_name']) || empty($VAR['domain_tld']) || empty($VAR['domain_type'])) { $this->validated = false; $this->val_error[] = array('field' => 'service_domain_name', 'field_trans' => $C_translate->translate('field_domain_name', 'service', ""), 'error' => $C_translate->translate('validate_any', "", "")); } else { $domain_name = $VAR['domain_name']; $domain_tld = $VAR['domain_tld']; $domain_type = $VAR['domain_type']; # Get the host_tld_id $db =& DB(); $q = "SELECT id,default_term_new,registrar_plugin_id FROM " . AGILE_DB_PREFIX . "host_tld WHERE\n\t\t\t \t name \t\t= " . $db->qstr($domain_tld) . " AND site_id \t= " . $db->qstr(DEFAULT_SITE); $tld = $db->Execute($q); $domain_host_tld_id = $tld->fields['id']; $domain_host_registrar_id = $tld->fields['registrar_plugin_id']; $domain_term = $tld->fields['default_term_new']; $domain_date_expire = time() + $domain_term * (86400 * 365); } } } if (!$this->validated) { # errors... global $smarty; $smarty->assign('form_validation', $this->val_error); global $C_vars; $C_vars->strip_slashes_all(); return; } else { # Generate the SQL: $db =& DB(); $id = $db->GenID(AGILE_DB_PREFIX . 'service_id'); $q = "INSERT INTO " . AGILE_DB_PREFIX . "service SET\n\t\t id\t\t\t\t\t\t= " . $db->qstr($id) . ",\n\t\t site_id\t\t\t\t\t= " . $db->qstr(DEFAULT_SITE) . ",\n\t\t date_orig\t\t\t\t= " . $db->qstr(time()) . ",\n\t\t date_last\t\t\t\t= " . $db->qstr(time()) . ", \n\t\t account_id\t\t\t\t= " . $db->qstr($VAR['service_account_id']) . ",\n\t\t account_billing_id \t\t= " . $db->qstr(@$VAR['ccnum']) . ",\n\t\t product_id\t\t\t\t= " . $db->qstr(@$product_id) . ",\n\t\t sku\t\t\t\t\t\t= " . $db->qstr(@$product_sku) . ",\n\t\t active\t\t\t\t\t= " . $db->qstr('1') . ", \n\t\t type\t\t\t\t\t= " . $db->qstr($VAR['service_type']) . ",\n\t\t queue\t\t\t\t\t= " . $db->qstr('new') . ", \n\t\t price\t\t\t\t\t= " . $db->qstr(@$VAR['product_price_base']) . ",\n\t\t price_type\t\t\t\t= " . $db->qstr(@$VAR['service_price_type']) . ",\n\t\t taxable\t\t\t\t\t= " . $db->qstr(@$VAR['product_taxable']) . ", \n\t\t date_last_invoice\t\t= " . $db->qstr(@$last_invoice) . ",\n\t\t date_next_invoice\t\t= " . $db->qstr(@$next_invoice) . ",\n\t\t recur_schedule\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_default']) . ",\n\t\t recur_type\t\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_type']) . ",\n\t\t recur_weekday\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_weekday']) . ", \n\t\t recur_schedule_change \t= " . $db->qstr(@$VAR['product_price_recurr_schedule']) . ",\n\t\t recur_cancel\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_cancel']) . ", \n\t\t recur_modify\t\t\t= " . $db->qstr(@$VAR['product_price_recurr_modify']) . ", \n\t\t group_grant\t\t\t\t= " . $db->qstr(serialize(@$VAR['product_assoc_grant_group'])) . ",\n\t\t group_type\t\t\t\t= " . $db->qstr(@$VAR['product_assoc_grant_group_type']) . ",\n\t\t group_days\t\t\t\t= " . $db->qstr(@$VAR['product_assoc_grant_group_days']) . ", \n\t\t host_server_id\t\t\t= " . $db->qstr(@$VAR['product_host_server_id']) . ",\n\t\t host_provision_plugin_data=" . $db->qstr(serialize(@$VAR['product_host_provision_plugin_data'])) . ",\n\t\t host_ip\t\t\t\t\t= " . $db->qstr(@$VAR['host_ip']) . ",\n\t\t host_username\t\t\t= " . $db->qstr(@$VAR['host_username']) . ",\n\t\t host_password\t\t\t= " . $db->qstr(@$VAR['host_password']) . ", \n\t\t domain_name\t\t\t\t= " . $db->qstr(@$domain_name) . ",\n\t\t domain_tld\t\t\t\t= " . $db->qstr(@$domain_tld) . ",\n\t\t domain_term\t\t\t\t= " . $db->qstr(@$domain_term) . ",\n\t\t domain_type\t\t\t\t= " . $db->qstr(@$domain_type) . ",\n\t\t domain_date_expire\t\t= " . $db->qstr(@$domain_date_expire) . ",\n\t\t domain_host_tld_id\t\t= " . $db->qstr(@$domain_host_tld_id) . ",\n\t\t domain_host_registrar_id= " . $db->qstr(@$domain_host_registrar_id) . ",\n\t\t prod_plugin_name\t\t= " . $db->qstr(@$VAR["product_prod_plugin_file"]) . ",\n\t\t prod_plugin_data\t\t= " . $db->qstr(serialize(@$VAR["product_prod_plugin_data"])); $rs = $db->Execute($q); if ($VAR['service_type'] == 'group' || ($VAR['service_type'] = 'product' || ($VAR['service_type'] = 'product_group'))) { $this->queue_one($id, false); } global $VAR; $VAR["id"] = $id; define('FORCE_PAGE', 'service:view'); return; } }
/** * AgileBill - Open Billing Software * * This body of work is free software; you can redistribute it and/or * modify it under the terms of the Open AgileBill License * License as published at http://www.agileco.com/agilebill/license1-4.txt * * For questions, help, comments, discussion, etc., please join the * Agileco community forums at http://forum.agileco.com/ * * @link http://www.agileco.com/ * @copyright 2004-2008 Agileco, LLC. * @license http://www.agileco.com/agilebill/license1-4.txt * @author Tony Landis <*****@*****.**> * @package AgileBill * @version 1.4.93 */ function CORE_database_search($VAR, &$construct, $type) { $db =& DB(); include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); # set the search criteria array $arr = $VAR; # loop through the submitted field_names to get the WHERE statement $where_list = ''; $i = 0; while (list($key, $value) = each($arr)) { if ($i == 0) { if ($value != '') { $pat = "^" . $construct->module . "_"; if (preg_match('/' . $pat . '/i', $key)) { $field = preg_replace('/' . $pat . '/i', "", $key); if (preg_match('/%/', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($construct->field["{$field}"]["convert"])) { $value = $validate->convert($field, $value, $construct->field["{$field}"]["convert"]); } $where_list .= " WHERE " . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $construct->module . '_' . $field; $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($construct->field["{$field}"]["convert"])) { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $construct->field["{$field}"]["convert"]); } if ($i_arr == 0) { $where_list .= " WHERE " . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } else { $where_list .= " AND " . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } } else { $where_list .= " WHERE " . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } else { if ($value != '') { $pat = "^" . $construct->module . "_"; if (preg_match('/' . $pat . '/', $key)) { $field = preg_replace('/' . $pat . '/i', "", $key); if (preg_match('/%/', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($construct->field["{$field}"]["convert"])) { $value = $validate->convert($field, $value, $construct->field["{$field}"]["convert"]); } $where_list .= " AND " . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $construct->module . '_' . $field; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($construct->field["{$field}"]["convert"])) { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $construct->field["{$field}"]["convert"]); } $where_list .= " AND " . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } else { $where_list .= " AND " . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } } #### finalize the WHERE statement if ($where_list == '') { $where_list .= ' WHERE '; } else { $where_list .= ' AND '; } # get limit type if (isset($VAR['limit'])) { $limit = $VAR['limit']; } else { $limit = $construct->limit; } # get order by if (isset($VAR['order_by'])) { $order_by = $VAR['order_by']; } else { $order_by = $construct->order_by; } ### Get any addition fields to select: if (isset($construct->custom_EXP)) { for ($ei = 0; $ei < count($construct->custom_EXP); $ei++) { if ($ei == 0) { $field_list = "," . $construct->custom_EXP[$ei]['field']; } } } # generate the full query $q = "SELECT id" . $field_list . " FROM\n\t\t " . AGILE_DB_PREFIX . "{$construct->table}\n\t\t {$where_list}\n\t\t site_id = '" . DEFAULT_SITE . "'"; $q_save = "SELECT %%fieldList%% FROM %%tableList%% " . $where_list . " %%whereList%% "; $result = $db->Execute($q); //////////////// DEBUG //// #echo "<PRE>$q</PRE>"; #exit; # error reporting if ($result === false) { global $C_debug; $C_debug->error('database.inc.php', 'search', $db->ErrorMsg()); if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 0, $VAR); } return; } # get the result count: $results = $result->RecordCount(); # get the first record id: if ($results == 1) { $record_id = $result->fields['id']; } ### Run any custom validation on this result for ### this module if (isset($construct->custom_EXP)) { $results = 0; while (!$result->EOF) { for ($ei = 0; $ei < count($construct->custom_EXP); $ei++) { $field = $construct->custom_EXP[$ei]["field"]; $value = $construct->custom_EXP[$ei]["value"]; if ($result->fields["{$field}"] == $value) { //$result->MoveNext(); $ei = count($construct->custom_EXP); $results++; } } $result->MoveNext(); } } # define the DB vars as a Smarty accessible block global $smarty; # Create the definition for fast-forwarding to a single record: if ($results == 1 && !isset($construct->fast_forward)) { $smarty->assign('record_id', $record_id); } # create the search record: if ($results > 0) { # create the search record include_once PATH_CORE . 'search.inc.php'; $search = new CORE_search(); $arr['module'] = $construct->module; $arr['sql'] = $q_save; $arr['limit'] = $limit; $arr['order_by'] = $order_by; $arr['results'] = $results; $search->add($arr); # define the search id and other parameters for Smarty $smarty->assign('search_id', $search->id); # page: $smarty->assign('page', '1'); # limit: $smarty->assign('limit', $limit); # order_by: $smarty->assign('order_by', $order_by); } # define the result count $smarty->assign('results', $results); if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 1, $VAR); } }
function update_account_groups($VAR) { global $C_auth; $ii = 0; @($groups = $VAR['groups']); @($account = $VAR['account_admin_id']); # admin accounts groups cannot be altered # user cannot modify their own groups if ($account == "1" || SESS_ACCOUNT == $account) { return false; } ### Drop the current groups for this account: # generate the full query $dba =& DB(); $q = "DELETE FROM " . AGILE_DB_PREFIX . "account_group\n\t\t\t WHERE\n\t\t\t service_id IS NULL AND\n\t\t\t account_id = " . $dba->qstr($account) . " AND \n\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE); # execute the query $result = $dba->Execute($q); #loop through the array to add each account_group record for ($i = 0; $i < count($groups); $i++) { # verify the admin adding this account is authorized # for this group themselves, otherwise skip if ($C_auth->auth_group_by_id($groups[$i])) { # add the account to the selected groups... $dba =& DB(); # determine the record id: $this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id'); # determine the expiration if (!empty($VAR['account_admin_date_expire'])) { include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $expire = $validate->DateToEpoch(DEFAULT_DATE_FORMAT, $VAR['account_admin_date_expire']); } else { $expire = 0; } # generate the full query $q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\t SET\n\t\t\t\t\t id = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\t date_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\t date_expire = " . $dba->qstr($expire) . ",\n\t\t\t\t\t group_id = " . $dba->qstr($groups[$i]) . ",\n\t\t\t\t\t account_id = " . $dba->qstr($account) . ",\n\t\t\t\t\t active = " . $dba->qstr('1') . ",\n\t\t\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE); # execute the query $result = $dba->Execute($q); $ii++; # error reporting: if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg()); } } } ### Add default group if ($ii == 0) { # add the account to the selected groups... $dba =& DB(); # determine the record id: $this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id'); # generate the full query $q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\tSET\n\t\t\t\t\tid = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\tdate_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\tdate_expire = " . $dba->qstr(@$expire) . ",\n\t\t\t\t\tgroup_id = " . $dba->qstr(DEFAULT_GROUP) . ",\n\t\t\t\t\taccount_id = " . $dba->qstr($account) . ",\n\t\t\t\t\tactive = " . $dba->qstr('1') . ",\n\t\t\t\t\tsite_id = " . $dba->qstr(DEFAULT_SITE); $result = $dba->Execute($q); if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg()); } } ### Remove the user's session_auth_cache so it is regenerated on user's next pageview $db =& DB(); $q = "SELECT id FROM " . AGILE_DB_PREFIX . "session WHERE\n\t\t\t account_id = " . $db->qstr($account) . " AND\n\t\t\t site_id = " . $db->qstr(DEFAULT_SITE); $rss = $db->Execute($q); while (!$rss->EOF) { $q = "DELETE FROM " . AGILE_DB_PREFIX . "session_auth_cache WHERE\n\t\t\t\t session_id = " . $db->qstr($rss->fields['id']) . " AND \n\t\t\t\t site_id \t = " . $db->qstr(DEFAULT_SITE); $db->Execute($q); $rss->MoveNext(); } ### Do any db_mapping global $C_list; if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->account_group_sync($account); } }
function subscribe($VAR) { $LIMIT_SECONDS = 120; global $C_debug, $C_translate; ### Include the validation class include_once PATH_CORE . 'validate.inc.php'; ### store the details in a temporary database, and email the user ### a link with the time() string from the creation date of the ### record ### Check that the required variables are set: if (!isset($VAR['newsletter_id']) || gettype($VAR['newsletter_id']) != 'array') { if (isset($VAR['newsletter_type'])) { #ERROR! $C_debug->alert($C_translate->translate('subscribe_newsletter_req', 'newsletter', '')); return; } else { return; } } $newsletter_id = @$VAR['newsletter_id']; if (isset($VAR['newsletter_html'])) { $html = 1; } else { $html = 0; } if (isset($VAR['newsletter_type'])) { if (empty($VAR['newsletter_first_name'])) { #### ERROR! if (isset($VAR['newsletter_type'])) { $C_debug->alert($C_translate->translate('subscribe_name_req', 'newsletter', '')); } return; } $validate = new CORE_validate(); if (empty($VAR['newsletter_email']) || !$validate->validate_email($VAR['newsletter_email'], '')) { ### ERROR! if (isset($VAR['newsletter_type'])) { $C_debug->alert($C_translate->translate('subscribe_email_req', 'newsletter', '')); } return; } $first_name = @$VAR['newsletter_first_name']; $last_name = @$VAR['newsletter_last_name']; $email = @$VAR['newsletter_email']; } else { if (!isset($VAR['account_first_name']) || $VAR['account_first_name'] == '') { return; } $validate = new CORE_validate(); if (!isset($VAR['account_email']) || $validate->validate_email($VAR['account_email'], '') == false) { return; } $first_name = @$VAR['account_first_name']; $last_name = @$VAR['account_last_name']; $email = @$VAR['account_email']; } ### Check that this email has not been requested already ### In the last 60 seconds $db =& DB(); $sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND field1 = ' . $db->qstr($email); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { $limit = $result->fields['date_orig'] + $LIMIT_SECONDS; if ($limit > time()) { ### ERROR! if (isset($VAR['newsletter_type'])) { $error1 = $C_translate->translate("subscribe_spam_limit", "newsletter", ""); $error = ereg_replace('%limit%', "{$LIMIT_SECONDS}", $error1); $C_debug->alert($error); } return; } else { ### Delete the old request $sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND field1 = ' . $db->qstr($email); $db->Execute($sql); } } ##################################################### ### Ok to continue: $now = time(); $expire = time() + 86400 * 3; $data = serialize(array('html' => $html, 'email' => $email, 'first_name' => $first_name, 'last_name' => $last_name, 'newsletter_id' => $newsletter_id, 'var' => base64_encode(serialize(@$VAR['static_relation'])))); ##################################################### ### Create the temporary DB Record: $db =& DB(); $id = $db->GenID(AGILE_DB_PREFIX . "" . 'temporary_data_id'); $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'temporary_data SET site_id = ' . $db->qstr(DEFAULT_SITE) . ', id = ' . $db->qstr($id) . ', date_orig = ' . $db->qstr($now) . ', date_expire = ' . $db->qstr($expire) . ', field1 = ' . $db->qstr($email) . ', data = ' . $db->qstr($data); $result = $db->Execute($sql); ##################################################### ### Send the subscription confirmation email : $E['html'] = 0; $E['priority'] = 0; $E['to_email'] = $email; $E['to_name'] = $first_name; global $C_translate; $E['body_text'] = $C_translate->translate('subscribe_body', 'newsletter', ''); $E['subject'] = $C_translate->translate('subscribe_subj', 'newsletter', ''); $E['body_text'] = eregi_replace('%name%', $first_name, $E['body_text']); $E['body_text'] = eregi_replace('%email%', $email, $E['body_text']); $E['body_text'] = eregi_replace('%confirm_url%', URL . '?_page=newsletter:subscribe_confirm&email=' . $email . '&validate=' . $now, $E['body_text']); $E['body_text'] = eregi_replace('%site_name%', SITE_NAME, $E['body_text']); ##################################################### ### Get the setup email settings: $db =& DB(); $q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL); $setup_email = $db->Execute($q); if ($setup_email->fields['type'] == 0) { $type = 0; } else { $type = 1; $E['server'] = $setup_email->fields['server']; $E['account'] = $setup_email->fields['username']; $E['password'] = $setup_email->fields['password']; } $E['from_name'] = $setup_email->fields['from_name']; $E['from_email'] = $setup_email->fields['from_email']; ###################################################### ### SEND THE MESSAGE! require_once PATH_CORE . 'email.inc.php'; $email = new CORE_email(); if ($type == 0) { ### SEND THE MESSAGE $email->PHP_Mail($E); } else { ### SEND TEXT VERSION $email->SMTP_Mail($E); } ##################################################### ### Success message! if (isset($VAR['newsletter_type'])) { $message = $C_translate->translate('subscribe_confirm', 'newsletter', ''); $C_debug->alert($message); } }
function add($VAR) { $search_limit = 50; global $C_debug, $C_translate; include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $this->start_date = false; if (!empty($VAR['affiliate_commission_start_date'])) { $this->start_date = $validate->convert('', $VAR['affiliate_commission_start_date'], 'date'); } $this->end_date = false; if (!empty($VAR['affiliate_commission_end_date'])) { $this->end_date = $validate->convert('', $VAR['affiliate_commission_end_date'], 'date'); } # determine the offset & limit if (!empty($VAR['page'])) { $current_page = $VAR['page']; } else { $current_page = '1'; } # determine the offset & limit $offset = -1; if ($current_page == 1) { $offset = 0; } else { $offset = $current_page * $search_limit - $search_limit; } $db =& DB(); if ($current_page == 1) { $this->GenID = $db->GenID(AGILE_DB_PREFIX . 'affiliate_commission_id'); } else { $this->GenID = @$VAR['GenID']; } # Generate the SQL for this commission generation session: $sql = "SELECT id,affiliate_id,total_amt,tax_amt,type FROM " . AGILE_DB_PREFIX . "invoice WHERE site_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\tprocess_status = 1 AND billing_status = 1 AND\n\t\t\t\t( affiliate_id IS NOT NULL AND affiliate_id !='' ) AND \n\t\t\t\ttotal_amt > 0 "; if ($this->start_date) { $sql .= " AND date_orig\t>= " . $db->qstr($this->start_date); } if ($this->end_date) { $sql .= " AND date_orig\t<= " . $db->qstr($this->end_date); } $result = $db->SelectLimit($sql, $search_limit, $offset); #echo $sql; #echo "<BR><BR>"; #print_r($result->fields); #exit; # No more results - print link to export data: if ($result->RecordCount() == 0 && $current_page > 1) { $msg = $C_translate->translate('generated', 'affiliate_commission', ''); $msg .= ' <a href="?_page=affiliate_commission:view&id=' . $this->GenID . '">' . $C_translate->translate('submit', '', '') . '</a>'; $msg .= '<SCRIPT LANGUAGE="JavaScript"> refresh("1", "?_page=affiliate_commission:view&id=' . $this->GenID . '"); </SCRIPT>'; $C_debug->alert($msg); return; } # Loop through the results: $count = 0; while (!$result->EOF) { $do = true; $level = 1; unset($affiliate_arr); $affiliate_id = $result->fields["affiliate_id"]; # check if the commissions for this invoice have already been issued... $sql = "SELECT id FROM " . AGILE_DB_PREFIX . "invoice_commission WHERE\n\t\t\t\t\tsite_id\t\t\t= " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\tinvoice_id\t\t= " . $db->qstr($result->fields["id"]); $result2 = $db->Execute($sql); if ($result2->RecordCount() == 0) { # loop through all affiliate levels to generate the commissions... while ($level < 100 && @$affiliate_id) { for ($i = 0; $i < count(@$affiliate_arr); $i++) { if ($affiliate_arr[$i] == $affiliate_id) { $i = 100; $do = false; } } if ($do) { // get the total amount of the items after discounts and before taxes $sqli = "SELECT sum(total_amt) as invoice_amount\n\t\t\t\t\t\t\t\t FROM " . AGILE_DB_PREFIX . "invoice_item WHERE site_id = " . $db->qstr(DEFAULT_SITE) . " \n\t\t\t\t\t\t\t\t AND invoice_id = {$result->fields["id"]}\n\t\t\t\t\t\t\t\t GROUP BY invoice_id"; $rsi = $db->Execute($sqli); if ($rsi && $rsi->RecordCount()) { $invoice_amount = $rsi->fields["invoice_amount"]; $arr = $this->calc_commission($affiliate_id, $invoice_amount, $result->fields["type"], $level); if (@$arr["amount"] > 0) { $this->add_invoice_commission($arr['amount'], $affiliate_id, $result->fields["id"]); } unset($affiliate_id); if (isset($arr["affiliate_id"])) { $affiliate_id = $arr['affiliate_id']; } $count++; } } $level++; } } # add this invoice to the processed list... $result->MoveNext(); } # Create the affiliate_commission record: if ($count == 0) { $msg = $C_translate->translate('no_results', 'affiliate_commission', ''); $C_debug->alert($msg); } else { $start = $search_limit * $current_page - $search_limit; $stop = $search_limit * $current_page; $page = $current_page + 1; $C_translate->value['affiliate_commission']['start'] = $start; $C_translate->value['affiliate_commission']['stop'] = $stop; $C_translate->value['affiliate_commission']['genid'] = $this->GenID; $C_translate->value['affiliate_commission']['page'] = $page; $C_translate->value['affiliate_commission']['unixtime_start_date'] = $this->start_date; $C_translate->value['affiliate_commission']['unixtime_stop_date'] = $this->end_date; $msg = $C_translate->translate('continue', 'affiliate_commission', ''); $url = '?_page=core:blank&do[]=affiliate_commission:add&GenID=' . $this->GenID . '&page=' . $page . '&affiliate_commission_start_date=' . @$VAR['affiliate_commission_start_date'] . '&affiliate_commission_start_date=' . @$VAR['affiliate_commission_start_date']; $msg .= ' <a href="' . $url . '">' . $C_translate->translate('submit', '', '') . '</a>'; $msg .= '<script language="JavaScript">document.location = "' . $url . '";</script>'; $C_debug->alert($msg); } }
/** * AgileBill - Open Billing Software * * This body of work is free software; you can redistribute it and/or * modify it under the terms of the Open AgileBill License * License as published at http://www.agileco.com/agilebill/license1-4.txt * * For questions, help, comments, discussion, etc., please join the * Agileco community forums at http://forum.agileco.com/ * * @link http://www.agileco.com/ * @copyright 2004-2008 Agileco, LLC. * @license http://www.agileco.com/agilebill/license1-4.txt * @author Tony Landis <*****@*****.**> * @package AgileBill * @version 1.4.93 */ function CORE_database_update($VAR, &$construct, $type) { global $C_translate; # set the field list for this method: $arr = $construct->method["{$type}"]; # define the validation class include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $construct->validated = true; # define this record id $id = $VAR[$construct->module . '_id']; #################################################################### # loop through the field list to validate the required fields #################################################################### while (list($key, $value) = each($arr)) { # get the field value $field_var = $construct->module . '_' . $value; $field_name = $value; $construct->validate = true; #################################################################### # perform any field validation... #################################################################### # check if the conversion type required is not one ignored on updates: $ignore_con = false; $ignore_convert = array('sha', 'md5', 'rc5', 'crypt'); for ($ic = 0; $ic < count($ignore_convert); $ic++) { if (isset($construct->field["{$value}"]["convert"])) { if ($construct->field["{$value}"]["convert"] == $ignore_convert[$ic]) { $ignore_con = true; } } } if (!$ignore_con) { # check if this value is unique if (isset($construct->field["{$value}"]["unique"])) { if (isset($VAR["{$field_var}"])) { if (!$validate->validate_unique($construct->table, $field_name, $id, $VAR["{$field_var}"])) { $construct->validated = false; $construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_unique', "", "")); } } } # check if the submitted value meets the specifed requirements if (isset($construct->field["{$value}"]["validate"])) { if (isset($VAR["{$field_var}"])) { if ($VAR["{$field_var}"] != '') { if (!$validate->validate($field_name, $construct->field["{$value}"], $VAR["{$field_var}"], $construct->field["{$value}"]["validate"])) { $construct->validated = false; $construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $validate->error["{$field_name}"]); } } else { $construct->validated = false; $construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } else { $construct->validated = false; $construct->val_error[] = array('field' => $construct->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $construct->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } } } #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if (!$construct->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $construct->val_error); # change the page to be loaded global $VAR; $VAR['_page'] = $construct->module . ':view'; if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 0, $VAR); } # strip slashes global $C_vars; $C_vars->strip_slashes_all(); return false; } else { $db =& DB(); $field_list = ''; $i = 0; reset($arr); while (list($key, $value) = each($arr)) { # get the field value $field_var = $construct->module . '_' . $value; $field_name = $value; if (isset($VAR["{$field_var}"]) && $VAR["{$field_var}"] != 'IGNORE-ARRAY-VALUE') { # check if html allowed: if (@$construct->field["{$value}"]["html"] != 1 && !is_array($VAR["{$field_var}"])) { $insert_value = htmlspecialchars($VAR["{$field_var}"]); } else { $insert_value = $VAR["{$field_var}"]; } # perform data conversions if (isset($construct->field["{$value}"]["convert"])) { $insert_value = $validate->convert($field_name, $insert_value, $construct->field["{$value}"]["convert"]); } if ($i == 0) { $field_list .= $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc()); } else { $field_list .= ", " . $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc()); } $i++; } elseif (@$construct->field["{$value}"]["convert"] == "array" && @$VAR["{$field_var}"] != 'IGNORE-ARRAY-VALUE') { # Handle blank array string... $insert_value = serialize(array("")); if ($i == 0) { $field_list .= $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc()); } else { $field_list .= ", " . $value . "=" . $db->qstr($insert_value, get_magic_quotes_gpc()); } $i++; } } # generate the full query $q = "UPDATE " . AGILE_DB_PREFIX . "{$construct->table} SET\n\t\t\t\t{$field_list}\n\t\t\t\tWHERE\n\t\t\t\tid \t\t= " . $db->qstr($id) . "\n\t\t\t\tAND\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE); # execute the query $db =& DB(); $result = $db->Execute($q); # echo "<PRE>$q</PRE>"; # error reporting if ($result === false) { global $C_debug; $C_debug->error('database.inc.php', 'update', $db->ErrorMsg()); if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 0, $VAR); } return false; } else { if (isset($construct->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($construct->trigger["{$type}"], 1, $VAR); } return true; } } }
function add($VAR) { if (!$this->checkLimits()) { return false; } // check account limits $this->account_construct(); global $C_list, $C_translate, $C_debug, $VAR, $smarty; $this->validated = true; ### Set the hidden values: $VAR['account_date_orig'] = time(); $VAR['account_date_last'] = time(); if (defined("SESS_LANGUAGE")) { @($VAR['account_language_id'] = SESS_LANGUAGE); } else { @($VAR['account_language_id'] = DEFAULT_LANGUAGE); } if (defined("SESS_AFFILIATE")) { @($VAR['account_affiliate_id'] = SESS_AFFILIATE); } else { @($VAR['account_affiliate_id'] = DEFAULT_AFFILIATE); } if (defined("SESS_RESELLER")) { @($VAR['account_reseller_id'] = SESS_RESELLER); } else { @($VAR['account_reseller_id'] = DEFAULT_RESELLER); } if (defined("SESS_CURRENCY")) { @($VAR['account_currency_id'] = SESS_CURRENCY); } else { @($VAR['account_currency_id'] = DEFAULT_CURRENCY); } if (defined("SESS_THEME")) { @($VAR['account_theme_id'] = SESS_THEME); } else { @($VAR['account_theme_id'] = DEFAULT_THEME); } if (defined("SESS_CAMPAIGN")) { @($VAR['account_campaign_id'] = SESS_CAMPAIGN); } else { @($VAR['account_campaign_id'] = 0); } if (!isset($VAR['account_email_type']) && @$VAR['account_email_type'] != "1") { @($VAR['account_email_type'] = '0'); } ### Determine the proper account status: if (DEFAULT_ACCOUNT_STATUS != '1') { $status = '1'; } else { $status = '0'; } ## Single field login: if (defined('SINGLE_FIELD_LOGIN') && SINGLE_FIELD_LOGIN == true && empty($VAR['account_password'])) { $VAR['account_password'] = '******'; $VAR['confirm_password'] = '******'; } #################################################################### ### loop through the field list to validate the required fields #################################################################### $type = 'add'; $this->method["{$type}"] = split(",", $this->method["{$type}"]); $arr = $this->method["{$type}"]; include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $this->validated = true; while (list($key, $value) = each($arr)) { # get the field value $field_var = $this->module . '_' . $value; $field_name = $value; #################################################################### ### perform any field validation... #################################################################### # check if this value is unique if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) { if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) { $this->validated = false; $this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", "")); } } # check if the submitted value meets the specifed requirements if (isset($this->field["{$value}"]["validate"])) { if (isset($VAR["{$field_var}"])) { if ($VAR["{$field_var}"] != '') { if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } } #################################################################### ### Validate the password #################################################################### if (isset($VAR['account_password']) && $VAR['account_password'] != "") { if (isset($VAR['confirm_password']) && $VAR['account_password'] == $VAR['confirm_password']) { $password = $VAR['account_password']; $smarty->assign('confirm_account_password', $VAR["account_password"]); } else { ### ERROR: The passwords provided do not match! $smarty->assign('confirm_account_password', ''); $this->validated = false; $this->val_error[] = array('field' => 'account_confirm_password', 'field_trans' => $C_translate->translate('field_confirm_password', $this->module, ""), 'error' => $C_translate->translate('password_change_match', "account", "")); } } else { $smarty->assign('confirm_account_password', ''); } #################################################################### ### Validate that the user's IP & E-mail are not banned! #################################################################### if ($this->validated) { require_once PATH_MODULES . 'blocked_email/blocked_email.inc.php'; $blocked_email = new blocked_email(); if (!$blocked_email->is_blocked($VAR['account_email'])) { $this->val_error[] = array('field' => 'account_email', 'field_trans' => $C_translate->translate('field_email', $this->module, ""), 'error' => $C_translate->translate('validate_banned_email', "", "")); } require_once PATH_MODULES . 'blocked_ip/blocked_ip.inc.php'; $blocked_ip = new blocked_ip(); if (!$blocked_ip->is_blocked(USER_IP)) { $this->val_error[] = array('field' => 'IP Address', 'field_trans' => $C_translate->translate('ip_address', $this->module, ""), 'error' => $C_translate->translate('validate_banned_ip', "", "")); } } // validate the tax_id require_once PATH_MODULES . 'tax/tax.inc.php'; $taxObj = new tax(); $tax_arr = @$VAR['account_tax_id']; if (is_array($tax_arr)) { foreach ($tax_arr as $country_id => $tax_id) { if ($country_id == $VAR['account_country_id']) { $exempt = @$VAR["account_tax_id_exempt"][$country_id]; if (!$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) { $this->validated = false; $this->val_error[] = array('field' => 'account_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", "")); } if ($exempt) { $VAR['account_tax_id'] = false; } else { $VAR['account_tax_id'] = $tax_id; } } } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form($this->module, $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; } #################################################################### ### If validation was failed, skip the db insert & ### set the errors & origonal fields as Smarty objects, ### and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } # Stripslashes global $C_vars; $C_vars->strip_slashes_all(); return; } # Get default invoice options $db =& DB(); $invopt = $db->Execute(sqlSelect($db, "setup_invoice", "*", "")); if ($invopt && $invopt->RecordCount()) { $invoice_delivery = $invopt->fields['invoice_delivery']; $invoice_format = $invopt->fields['invoice_show_itemized']; } /* hash the password */ if (defined('PASSWORD_ENCODING_SHA')) { $password_encoded = sha1($password); } else { $password_encoded = md5($password); } #################################################################### ### Insert the account record #################################################################### $this->account_id = $db->GenID(AGILE_DB_PREFIX . 'account_id'); $validation_str = time(); /** get parent id */ $this->account_id; if (empty($this->parent_id)) { $this->parent_id = $this->account_id; } $sql = ' INSERT INTO ' . AGILE_DB_PREFIX . 'account SET id = ' . $db->qstr($this->account_id) . ', site_id = ' . $db->qstr(DEFAULT_SITE) . ', date_orig = ' . $db->qstr($validation_str) . ', date_last = ' . $db->qstr(time()) . ', language_id = ' . $db->qstr($VAR["account_language_id"]) . ', country_id = ' . $db->qstr($VAR["account_country_id"]) . ', parent_id = ' . $db->qstr($this->parent_id) . ', affiliate_id = ' . $db->qstr(@$VAR["account_affiliate_id"]) . ', campaign_id = ' . $db->qstr(@$VAR["account_campaign_id"]) . ', reseller_id = ' . $db->qstr(@$VAR["account_reseller_id"]) . ', currency_id = ' . $db->qstr($VAR["account_currency_id"]) . ', theme_id = ' . $db->qstr($VAR["account_theme_id"]) . ', username = '******', password = '******', status = ' . $db->qstr($status) . ', first_name = ' . $db->qstr($VAR["account_first_name"], get_magic_quotes_gpc()) . ', middle_name = ' . $db->qstr($VAR["account_middle_name"], get_magic_quotes_gpc()) . ', last_name = ' . $db->qstr($VAR["account_last_name"], get_magic_quotes_gpc()) . ', company = ' . $db->qstr($VAR["account_company"], get_magic_quotes_gpc()) . ', title = ' . $db->qstr($VAR["account_title"], get_magic_quotes_gpc()) . ', email = ' . $db->qstr($VAR["account_email"], get_magic_quotes_gpc()) . ', address1 = ' . $db->qstr($VAR["account_address1"], get_magic_quotes_gpc()) . ', address2 = ' . $db->qstr($VAR["account_address2"], get_magic_quotes_gpc()) . ', city = ' . $db->qstr($VAR["account_city"], get_magic_quotes_gpc()) . ', state = ' . $db->qstr($VAR["account_state"], get_magic_quotes_gpc()) . ', zip = ' . $db->qstr($VAR["account_zip"], get_magic_quotes_gpc()) . ', email_type = ' . $db->qstr($VAR["account_email_type"], get_magic_quotes_gpc()) . ', invoice_delivery= ' . $db->qstr(@$invoice_delivery) . ', invoice_show_itemized=' . $db->qstr(@$invoice_format) . ', invoice_advance_gen = ' . $db->qstr(MAX_INV_GEN_PERIOD) . ', invoice_grace = ' . $db->qstr(GRACE_PERIOD) . ', tax_id = ' . $db->qstr(@$VAR['account_tax_id']); $result = $db->Execute($sql); #################################################################### ### error reporting: #################################################################### if ($result === false) { global $C_debug; $C_debug->error('account.inc.php', 'add', $db->ErrorMsg()); if (isset($this->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($this->trigger["{$type}"], 0, $VAR); } return; } /* password logging class */ if ($C_list->is_installed('account_password_history')) { include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php'; $accountHistory = new account_password_history(); $accountHistory->setNewPassword($this->account_id, $password_encoded); } #################################################################### ### Add the account to the default group: #################################################################### $group_id = $db->GenID(AGILE_DB_PREFIX . 'account_group_id'); $sql = ' INSERT INTO ' . AGILE_DB_PREFIX . 'account_group SET id = ' . $db->qstr($group_id) . ', site_id = ' . $db->qstr(DEFAULT_SITE) . ', date_orig = ' . $db->qstr(time()) . ', group_id = ' . $db->qstr(DEFAULT_GROUP) . ', account_id = ' . $db->qstr($this->account_id) . ', active = ' . $db->qstr('1'); $db->Execute($sql); #################################################################### ### Insert the static vars: #################################################################### $static_var->add($VAR, $this->module, $this->account_id); #################################################################### ### Mail the user the new_account email template #################################################################### require_once PATH_MODULES . 'email_template/email_template.inc.php'; $my = new email_template(); if ($status == "1") { $my->send('account_registration_active', $this->account_id, $this->account_id, '', ''); } else { $validation_str = strtoupper($validation_str . ':' . $this->account_id); $my->send('account_registration_inactive', $this->account_id, '', '', $validation_str); } #################################################################### ### Add the newsletters #################################################################### if (NEWSLETTER_REGISTRATION == "1") { @($VAR['newsletter_html'] = $VAR['account_email_type']); $VAR['newsletter_email'] = $VAR['account_email']; $VAR['newsletter_first_name'] = $VAR['account_first_name']; $VAR['newsletter_last_name'] = $VAR['account_last_name']; require_once PATH_MODULES . '/newsletter/newsletter.inc.php'; $newsletter = new newsletter(); $newsletter->subscribe($VAR, $this); } #################################################################### ### Log in the user & display the welcome message #################################################################### if ($status == "1") { if ($this->parent_id == $this->account_id || empty($this->parent_id)) { $C_debug->alert($C_translate->translate("user_add_active_welcome", "account", "")); if (SESSION_EXPIRE == 0) { $exp = 99999; } else { $exp = SESSION_EXPIRE; } $date_expire = time() + SESSION_EXPIRE * 60; # update the session $db =& DB(); $q = "UPDATE " . AGILE_DB_PREFIX . "session\n\t\t\t\t\t\tSET\n\t\t\t\t\t\tip= " . $db->qstr(USER_IP) . ",\n\t\t\t\t\t\tdate_expire = " . $db->qstr($date_expire) . ",\n\t\t\t\t\t\tlogged = " . $db->qstr('1') . ",\n\t\t\t\t\t\taccount_id = " . $db->qstr($this->account_id) . "\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\tid = " . $db->qstr(SESS) . "\n\t\t\t\t\t\tAND\n\t\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE); $result = $db->Execute($q); ### constants define('FORCE_SESS_ACCOUNT', $this->account_id); define('FORCE_SESS_LOGGED', 1); ### Reload the session auth cache if (CACHE_SESSIONS == '1') { $force = true; $C_auth = new CORE_auth($force); global $C_auth2; $C_auth2 = $C_auth; } if (isset($VAR['_page_next'])) { define('REDIRECT_PAGE', '?_page=' . $VAR['_page_next']); } elseif (isset($VAR['_page'])) { define('REDIRECT_PAGE', '?_page=' . $VAR['_page']); } } #################################################################### ### Do any db_mapping #################################################################### if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); if (!empty($password)) { $db_map->plaintext_password = $password; } else { $db_map->plaintext_password = false; } $db_map->account_add($this->account_id); $db_map = new db_mapping(); $db_map->login($this->account_id); } #################################################################### ### Affiliate Auto Creation #################################################################### if (AUTO_AFFILIATE == 1 && $C_list->is_installed("affiliate")) { $VAR['affiliate_account_id'] = $this->account_id; $VAR['affiliate_template_id'] = DEFAULT_AFFILIATE_TEMPLATE; include_once PATH_MODULES . 'affiliate/affiliate.inc.php'; $affiliate = new affiliate(); $affiliate->add($VAR, $affiliate); } } else { $C_debug->alert($C_translate->translate("user_add_inactive_welcome", "account", "")); define('FORCE_PAGE', 'core:blank'); } }
function user_add($VAR) { $this->construct(); global $C_debug, $C_translate, $C_vars, $smarty; ### Strip Slashes global $VAR; $C_vars->strip_slashes_all(); #################################################################### ### Check that the required fields are set: ### ticket_department_id, ticket_subject, ticket_body #################################################################### $fields = array('priority', 'department_id', 'subject', 'body'); for ($i = 0; $i < count($fields); $i++) { $field = $fields[$i]; $field_name = $this->table . '_' . $field; if (!isset($VAR["{$field_name}"]) || trim($VAR["{$field_name}"]) == "") { $this->val_error[] = array('field' => $this->table . '_' . $field, 'field_trans' => $C_translate->translate('field_' . $field, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form($this->module, $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; } ### Validate e-mail if (!SESS_LOGGED) { include_once PATH_CORE . 'validate.inc.php'; $C_validate = new CORE_validate(); if (empty($VAR['ticket_email'])) { $this->validated = false; $smarty->assign('ticket_email', true); $all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_any', "", "")); } elseif (!$C_validate->validate_email(@$VAR['ticket_email'], false)) { $this->validated = false; $smarty->assign('ticket_email', true); $all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_email', "", "")); } $this->email = $VAR['ticket_email']; } else { # Get the e-mail addy from the user's account $db =& DB(); $sql = 'SELECT email FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr(SESS_ACCOUNT); $result = $db->Execute($sql); $VAR['ticket_email'] = $result->fields['email']; $this->email = $result->fields['email']; } ################################################################### ### Check that the user is authorized for this department $db =& DB(); $sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'ticket_department WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($VAR['ticket_department_id']) . ' AND status = ' . $db->qstr('1'); $result = $db->Execute($sql); if ($result->RecordCount() == 0) { ################################################################### ### ERROR: The selected department is inactive or invalid $C_debug->alert($C_translate->translate('department_invalid', 'ticket', '')); return false; } global $C_auth; $i = 0; $dept_auth = false; while (!$result->EOF) { $arr = unserialize($result->fields['group_id']); if (!SESS_LOGGED) { ### Check if the specified department is authorized for the 'All Users' group (0): for ($i = 0; $i < count($arr); $i++) { if ($arr[$i] == '0') { $dept_auth = true; } } if (!$dept_auth) { $C_debug->alert($C_translate->translate('login_required', '', '')); return false; } } else { for ($i = 0; $i < count($arr); $i++) { if ($C_auth->auth_group_by_id($arr[$i])) { $dept_auth = true; } } } $result->MoveNext(); } if (!$dept_auth) { ################################################################### ### ERROR: The current user does not have access to the selected department! $C_debug->alert($C_translate->translate('department_not_auth', 'ticket', '')); return false; } else { #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } global $C_vars; $C_vars->strip_slashes_all(); return; } ################################################################### ### Assemble the SQL & Insert the ticket $db =& DB(); $id = $db->GenID(AGILE_DB_PREFIX . 'ticket_id'); $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'ticket SET site_id = ' . $db->qstr(DEFAULT_SITE) . ', id = ' . $db->qstr($id) . ', date_orig = ' . $db->qstr(time()) . ', date_last = ' . $db->qstr(time()) . ', date_expire = ' . $db->qstr(time() + 86400 * 7) . ', account_id = ' . $db->qstr(SESS_ACCOUNT) . ', department_id=' . $db->qstr($VAR['ticket_department_id']) . ', status = ' . $db->qstr(0) . ', last_reply = 0, priority = ' . $db->qstr($VAR['ticket_priority']) . ', subject = ' . $db->qstr($VAR['ticket_subject']) . ', email = ' . $db->qstr($VAR['ticket_email']) . ', body = ' . $db->qstr(htmlspecialchars($VAR['ticket_body'])); $result = $db->Execute($sql); # error reporting: if ($result === false) { global $C_debug; $C_debug->error('ticket.inc.php', 'user_add', $db->ErrorMsg()); return false; } ################################################################### ### Insert the static vars... $static_var->add($VAR, $this->module, $id); ################################################################### ### Mail the user the new_ticket email template require_once PATH_MODULES . 'email_template/email_template.inc.php'; $VAR['email'] = trim($this->email); $VAR['key'] = $this->key($this->email); $my = new email_template(); $my->send('ticket_user_add', $this->email, $id, '', ''); unset($VAR['key']); unset($VAR['email']); ################################################################### ### Get any staff members who should be mailed $db =& DB(); $sql = 'SELECT id,account_id,department_avail FROM ' . AGILE_DB_PREFIX . 'staff WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND notify_new = ' . $db->qstr("1"); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { while (!$result->EOF) { @($avail = unserialize($result->fields['department_avail'])); for ($i = 0; $i < count($avail); $i++) { if ($avail[$i] == $VAR['ticket_department_id']) { ################################################################### ### Mail staff members the new_ticket email template $my = new email_template(); $my->send('ticket_user_add_staff', $result->fields['account_id'], $id, $avail[$i], 'sql3'); $i = count($avail); } } $result->MoveNext(); } } } global $C_debug, $C_translate; $C_debug->alert($C_translate->translate('user_add_success', 'ticket', '')); }
function search($VAR) { $type = "search"; $this->method["{$type}"] = split(",", $this->method["{$type}"]); $db =& DB(); include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); # set the search criteria array $arr = $VAR; # loop through the submitted field_names to get the WHERE statement $where_list = ''; $i = 0; while (list($key, $value) = each($arr)) { if ($i == 0) { if ($value != '') { $pat = "^" . $this->module . "_"; if (eregi($pat, $key)) { $field = eregi_replace($pat, "", $key); if (eregi('%', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]); } $where_list .= " WHERE " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module . '_' . $field; $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]); } if ($i_arr == 0) { $where_list .= " WHERE " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } else { $where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } } else { $where_list .= " WHERE " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } else { if ($value != '') { $pat = "^" . $this->module . "_"; if (eregi($pat, $key)) { $field = eregi_replace($pat, "", $key); if (eregi('%', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]); } $where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module . '_' . $field; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"])) { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]); } $where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } else { $where_list .= " AND " . AGILE_DB_PREFIX . "newsletter_subscriber." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } } #### finalize the WHERE statement if ($where_list == '') { $where_list .= ' WHERE '; } else { $where_list .= ' AND '; } # get limit type if (isset($VAR['limit'])) { $limit = $VAR['limit']; } else { $limit = $this->limit; } # get order by if (isset($VAR['order_by'])) { $order_by = $VAR['order_by']; } else { $order_by = $this->order_by; } $pre = AGILE_DB_PREFIX; $q = "SELECT DISTINCT " . AGILE_DB_PREFIX . "newsletter_subscriber.id FROM " . AGILE_DB_PREFIX . "newsletter_subscriber "; $q_save = "SELECT DISTINCT %%fieldList%% FROM " . AGILE_DB_PREFIX . "newsletter_subscriber "; ######## GET ANY STATIC VARS TO SEARCH ########## $join_list = ''; if (!empty($VAR["static_relation"]) && count($VAR["static_relation"] > 0)) { while (list($idx, $value) = each($VAR["static_relation"])) { if ($value != "") { $join_list .= " INNER JOIN {$pre}static_var_record AS s{$idx} ON \n\t\t\t\t\t\t( \n\t\t\t\t\t\t\ts{$idx}.record_id = {$pre}{$this->table}.id\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\ts{$idx}.static_var_relation_id = '{$idx}'\n\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\ts{$idx}.site_id = " . $db->qstr(DEFAULT_SITE) . "\t\t \t\t\t\t\n\t\t\t\t\t\t\tAND"; if (ereg("%", $value)) { $join_list .= " s{$idx}.value LIKE " . $db->qstr($VAR["static_relation"]["{$idx}"]); } else { $join_list .= " s{$idx}.value = " . $db->qstr($VAR["static_relation"]["{$idx}"]); } $join_list .= " ) "; } } } ######## END STATIC VAR SEARCH ################## # standard where list $q .= $join_list . $where_list . " " . AGILE_DB_PREFIX . "newsletter_subscriber.site_id = " . $db->qstr(DEFAULT_SITE); $q_save .= $join_list . $where_list . " %%whereList%% "; ################## DEBUG ################## #echo "<pre>" . $q; #echo "<BR><BR>" . $q_save; #exit; # run the database query $result = $db->Execute($q); # error reporting if ($result === false) { global $C_debug; $C_debug->error('newsletter_subscriber.inc.php', 'search', $db->ErrorMsg()); return false; } # get the result count: $results = $result->RecordCount(); # get the first record id: if ($results == 1) { $record_id = $result->fields['id']; } # define the DB vars as a Smarty accessible block global $smarty; # Create the definition for fast-forwarding to a single record: if ($results == 1 && !isset($this->fast_forward)) { $smarty->assign('record_id', $record_id); } # create the search record: if ($results > 0) { # create the search record include_once PATH_CORE . 'search.inc.php'; $search = new CORE_search(); $arr['module'] = $this->module; $arr['sql'] = $q_save; $arr['limit'] = $limit; $arr['order_by'] = $order_by; $arr['results'] = $results; $search->add($arr); # define the search id and other parameters for Smarty $smarty->assign('search_id', $search->id); # page: $smarty->assign('page', '1'); # limit: $smarty->assign('limit', $limit); # order_by: $smarty->assign('order_by', $order_by); } # define the result count $smarty->assign('results', $results); }
function add($VAR) { $this->construct(); global $C_translate; $type = "add"; $this->method["{$type}"] = split(",", $this->method["{$type}"]); # set the field list for this method: $arr = $this->method["{$type}"]; # define the validation class include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $this->validated = true; #################################################################### # loop through the field list to validate the required fields #################################################################### while (list($key, $value) = each($arr)) { # get the field value $field_var = $this->module . '_' . $value; $field_name = $value; $this->validate = true; #################################################################### # perform any field validation... #################################################################### # check if this value is unique if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) { if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) { $this->validated = false; $this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", "")); } } # check if the submitted value meets the specifed requirements if (isset($this->field["{$value}"]["validate"])) { if (isset($VAR["{$field_var}"])) { if ($VAR["{$field_var}"] != '') { if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } } #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $this->val_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } # define any triggers if (isset($this->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($this->trigger["{$type}"], 0, $VAR); } return; } else { # begin the new database class: $db =& DB(); # loop through the field list to create the sql queries $field_list = ''; $i = 0; reset($arr); while (list($key, $value) = each($arr)) { # get the field value $field_var = $this->module . '_' . $value; $field_name = $value; #################################################################### # perform any special actions #################################################################### # md5, rc5, pgp, gpg, time, date, date-time if (isset($this->field["{$value}"]["convert"]) && isset($VAR["{$field_var}"])) { # do the conversion... $VAR["{$field_var}"] = $validate->convert($field_name, $VAR["{$field_var}"], $this->field["{$value}"]["convert"]); } if (isset($VAR["{$field_var}"])) { $field_list .= ", " . $value . "=" . $db->qstr($VAR["{$field_var}"]); } } # add a comma before the site_id if needed if ($field_list != '') { $field_list .= ','; } # determine the record id: $this->record_id = $db->GenID(AGILE_DB_PREFIX . "" . $this->table . '_id'); # determine the record id, if it is an ACCOUNT record if ($this->table == 'account') { $this->record_id = md5($this->record_id . '' . microtime()); } # define the new ID as a constant define(strtoupper('NEW_RECORD_' . $this->table . '_ID'), $this->record_id); # generate the full query $q = "INSERT INTO " . AGILE_DB_PREFIX . "{$this->table}\n\t\t\t\t\tSET\n\t\t\t\t\tid = " . $db->qstr($this->record_id) . "\n\t\t\t\t\t{$field_list}\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE); # execute the query $result = $db->Execute($q); # error reporting: if ($result === false) { global $C_debug; $C_debug->error('database.inc.php', 'add', $db->ErrorMsg()); if (isset($this->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($this->trigger["{$type}"], 0, $VAR); } } $VAR["id"] = $this->record_id; @($redirect_page = $VAR['_page']); define('REDIRECT_PAGE', '?_page=' . $redirect_page . '&id=' . $this->record_id . '&s=' . SESS); # RUN ANY INSTALL SCRIPT! $file = $VAR['db_mapping_map_file']; if ($file != '') { include_once PATH_PLUGINS . 'db_mapping/' . $file . '.php'; eval('$_MAP = new map_' . strtoupper($file) . ';'); if (isset($_MAP->map['install']) && $_MAP->map['install'] == true) { $_MAP->install(); } } } }
/** SEARCH */ function search($VAR) { $this->invoice_construct(); $type = "search"; $this->method["{$type}"] = explode(",", $this->method["{$type}"]); $db =& DB(); include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); # set the search criteria array $arr = $VAR; # convert invoice_discount_arr if (!empty($VAR['invoice_discount_arr'])) { $arr['invoice_discount_arr'] = '%"' . $VAR['invoice_discount_arr'] . '"%'; } # loop through the submitted field_names to get the WHERE statement $where_list = ''; $i = 0; while (list($key, $value) = each($arr)) { if ($i == 0) { if ($value != '') { $pat = "^" . $this->module . "_"; if (preg_match('/' . $pat . '/', $key)) { $field = preg_replace('/' . $pat . '/', "", $key); if (preg_match('/%/', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') { $value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]); } $where_list .= " WHERE " . AGILE_DB_PREFIX . "invoice." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module . '_' . $field; $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]); } if ($i_arr == 0) { $where_list .= " WHERE " . AGILE_DB_PREFIX . "invoice." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } else { $where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } } else { $where_list .= " WHERE " . AGILE_DB_PREFIX . "invoice." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } else { if ($value != '') { $pat = "^" . $this->module . "_"; if (preg_match('/' . $pat . '/', $key)) { $field = preg_replace('/' . $pat . '/', "", $key); if (preg_match('/%/', $value)) { # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') { $value = $validate->convert($field, $value, $this->field["{$field}"]["convert"]); } $where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if (is_array($value)) { for ($i_arr = 0; $i_arr < count($value); $i_arr++) { if ($value["{$i_arr}"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module . '_' . $field; if (isset($VAR['field_option']["{$pat_field}"]["{$i_arr}"])) { $f_opt = $VAR['field_option']["{$pat_field}"]["{$i_arr}"]; # error checking, safety precaution if ($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') { $f_opt = '='; } } # do any data conversion for this field (date, encrypt, etc...) if (isset($this->field["{$field}"]["convert"]) && $this->field["{$field}"]["convert"] != 'array') { $value["{$i_arr}"] = $validate->convert($field, $value["{$i_arr}"], $this->field["{$field}"]["convert"]); } $where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " {$f_opt} " . $db->qstr($value["{$i_arr}"], get_magic_quotes_gpc()); $i++; } } } else { $where_list .= " AND " . AGILE_DB_PREFIX . "invoice." . $field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } } # Code for attribute searches: if (!empty($VAR['join_product_id']) && !empty($VAR['item_attributes'])) { $attr_arr = $VAR['item_attributes']; for ($ati = 0; $ati < count($attr_arr); $ati++) { if (!empty($attr_arr[$ati]['0'])) { if ($where_list == '') { $where_list .= ' WHERE '; } else { $where_list .= ' AND '; } $where_list .= AGILE_DB_PREFIX . "invoice_item.product_attr LIKE " . $db->qstr("%{$attr_arr[$ati]['0']}=={$attr_arr[$ati]['1']}%"); } } } # get limit type if (isset($VAR['limit'])) { $limit = $VAR['limit']; } else { $limit = $this->limit; } # get order by if (isset($VAR['order_by'])) { $order_by = $VAR['order_by']; } else { $order_by = $this->order_by; } ## SELECT FROM $p = AGILE_DB_PREFIX; $q = "SELECT DISTINCT {$p}invoice.id FROM " . AGILE_DB_PREFIX . "invoice "; $q_save = "SELECT DISTINCT %%fieldList%%,{$p}invoice.id FROM {$p}invoice "; ## LEFT JOIN if (!empty($VAR['join_product_id']) || !empty($VAR['join_service_id']) || !empty($VAR['join_domain_name']) || !empty($VAR['join_domain_tld']) || !empty($VAR['join_memo_text'])) { # JOIN ON PRODUCT DETAILS: if (!empty($VAR['join_product_id']) || !empty($VAR['join_service_id']) || !empty($VAR['join_domain_name']) || !empty($VAR['join_domain_tld'])) { $q .= " LEFT JOIN {$p}invoice_item ON {$p}invoice_item.invoice_id = {$p}invoice.id"; $q_save .= " LEFT JOIN {$p}invoice_item ON {$p}invoice_item.invoice_id = {$p}invoice.id"; if ($where_list == '') { $q .= " WHERE {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE); $q_save .= " WHERE {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE); } else { $q .= $where_list . " AND {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE); $q_save .= $where_list . " AND {$p}invoice_item.site_id = " . $db->qstr(DEFAULT_SITE); } # AND (invoice_item.product_id) if (!empty($VAR['join_product_id'])) { $q .= " AND {$p}invoice_item.product_id = " . $db->qstr($VAR['join_product_id']); $q_save .= " AND {$p}invoice_item.product_id = " . $db->qstr($VAR['join_product_id']); } # AND (invoice_item.service_id) if (!empty($VAR['join_service_id'])) { $q .= " AND {$p}invoice_item.service_id = " . $db->qstr($VAR['join_service_id']); $q_save .= " AND {$p}invoice_item.service_id = " . $db->qstr($VAR['join_service_id']); } # AND (invoice_item.domain_name) if (!empty($VAR['join_domain_name'])) { if (!preg_match('/%/', $VAR['join_domain_name'])) { $qtype = ' = '; } else { $qtype = ' LIKE '; } $q .= " AND {$p}invoice_item.domain_name {$qtype} " . $db->qstr($VAR['join_domain_name']); $q_save .= " AND {$p}invoice_item.domain_name {$qtype} " . $db->qstr($VAR['join_domain_name']); } # AND (invoice_item.domain_tld) if (!empty($VAR['join_domain_tld'])) { if (!preg_match('/%/', $VAR['join_domain_tld'])) { $qtype = ' = '; } else { $qtype = ' LIKE '; } $q .= " AND {$p}invoice_item.domain_tld {$qtype} " . $db->qstr($VAR['join_domain_tld']); $q_save .= " AND {$p}invoice_item.domain_tld {$qtype} " . $db->qstr($VAR['join_domain_tld']); } } # JOIN ON MEMO TEXT: if (!empty($VAR['join_memo_text'])) { $q .= " LEFT JOIN {$p}invoice_memo ON {$p}invoice_memo.invoice_id = {$p}invoice.id"; $q_save .= " LEFT JOIN {$p}invoice_memo ON {$p}invoice_memo.invoice_id = {$p}invoice.id"; if ($where_list == '') { $q .= " WHERE {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE); $q_save .= " WHERE {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE); } else { $q .= $where_list . " AND {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE); $q_save .= $where_list . " AND {$p}invoice_memo.site_id = " . $db->qstr(DEFAULT_SITE); } $q .= " AND {$p}invoice_memo.memo LIKE " . $db->qstr('%' . $VAR['join_memo_text'] . '%'); $q_save .= " AND {$p}invoice_memo.memo LIKE " . $db->qstr('%' . $VAR['join_memo_text'] . '%'); } $q .= " AND {$p}invoice.site_id = " . DEFAULT_SITE; $q_save .= ' AND '; } else { if ($where_list == '') { $q .= "WHERE {$p}invoice.site_id = " . DEFAULT_SITE; $q_save .= ' WHERE '; } else { $q .= $where_list . " AND {$p}invoice.site_id = " . DEFAULT_SITE; $q_save .= $where_list . ' AND '; } } ///////////////// debug #echo $q; #exit; # run the database query $result = $db->Execute($q); # error reporting if ($result === false) { global $C_debug; $C_debug->error('invoice.inc.php', 'search', $db->ErrorMsg()); return false; } # get the result count: $results = $result->RecordCount(); # get the first record id: if ($results == 1) { $record_id = $result->fields['id']; } # define the DB vars as a Smarty accessible block global $smarty; # Create the definition for fast-forwarding to a single record: if ($results == 1 && !isset($this->fast_forward)) { $smarty->assign('record_id', $record_id); } # create the search record: if ($results > 0) { # create the search record include_once PATH_CORE . 'search.inc.php'; $search = new CORE_search(); $arr['module'] = $this->module; $arr['sql'] = $q_save; $arr['limit'] = $limit; $arr['order_by'] = $order_by; $arr['results'] = $results; $search->add($arr); # define the search id and other parameters for Smarty $smarty->assign('search_id', $search->id); # page: $smarty->assign('page', '1'); # limit: $smarty->assign('limit', $limit); # order_by: $smarty->assign('order_by', $order_by); } # define the result count $smarty->assign('results', $results); }
function update($VAR) { global $C_translate, $C_debug; /* load database object */ $db = new CORE_database(); $this->construct(); $type = "update"; /* conditional fields for cc/eft */ $dbx =& DB(); $rs = $dbx->Execute(sqlSelect($dbx, "account_billing", "card_type,id,checkout_plugin_id", "id=::{$VAR['id']}::")); if (!$rs || !$rs->RecordCount()) { return false; } $billing_id = $rs->fields['id']; $checkout_plugin_id = $rs->fields['checkout_plugin_id']; if ($rs->fields['card_type'] == 'eft') { /* EFT */ $this->method["{$type}"] = $db->ignore_fields(array('card_exp_month', 'card_exp_year', 'card_num'), $this->method["{$type}"]); /* last four */ @($VAR['account_billing_card_num4'] = substr($VAR['account_billing_eft_check_acct'], strlen($VAR['account_billing_eft_check_acct']) - 4, 4)); } else { /* CC */ # Validate the exp date if (mktime(0, 0, 0, $VAR['account_billing_card_exp_month'], date('d'), $VAR['account_billing_card_exp_year']) <= time()) { $msg = $C_translate->translate('val_exp', 'account_billing', ''); $C_debug->alert($msg); return false; } # Validate the card against the card type include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); if (!$validate->validate_cc(@$VAR['account_billing_card_num'], 'card_num', @$VAR['account_billing_card_type'], false)) { $msg = $C_translate->translate('val_cc', 'account_billing', ''); $C_debug->alert($msg); return false; } $this->method["{$type}"] = $db->ignore_fields(array('eft_trn', 'eft_check_acct'), $this->method["{$type}"]); /* last four */ @($VAR['account_billing_card_num4'] = substr($VAR['account_billing_card_num'], strlen($VAR['account_billing_card_num']) - 4, 4)); } if ($db->update($VAR, $this, $type)) { # Update any invoices using this billing record $dba =& DB(); $sql = "UPDATE " . AGILE_DB_PREFIX . "invoice SET\n\t\t\t\t\t\tcheckout_plugin_id \t= " . $dba->qstr($checkout_plugin_id) . "\n\t\t\t\t\t\tWHERE site_id\t\t\t\t= " . $dba->qstr(DEFAULT_SITE) . "\n\t\t\t\t\t\tAND account_billing_id\t= " . $dba->qstr($billing_id); $result = $dba->Execute($sql); return true; } return false; }
function update($VAR, $module, $record_id) { include_once PATH_CORE . 'validate.inc.php'; #################################################################### ### $Method is the method name called to add records, so we know if we ### should use the error class, i.e: 'user_add' #################################################################### ### Get the Id for this module $db =& DB(); $sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND name = ' . $db->qstr($module); $result = $db->Execute($sql); if ($result->RecordCount() == 0) { return false; } else { $module_id = $result->fields['id']; } #################################################################### ### Get all the associated STATIC RELATION records $sql = 'SELECT id, static_var_id FROM ' . AGILE_DB_PREFIX . 'static_relation WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND module_id = ' . $db->qstr($module_id) . ' ORDER BY sort_order'; $relation = $db->Execute($sql); if ($relation->RecordCount() == 0) { return false; } else { $i = 0; $validate = new CORE_validate(); while (!$relation->EOF) { unset($value); ### Get the primary settings for this field $id = $relation->fields['id']; $static_var_relation_id = $id; $static_var_id = $relation->fields['static_var_id']; ### Get the extended details for this field from the STATIC ### VAR records $sql = 'SELECT id,name,convert_type FROM ' . AGILE_DB_PREFIX . 'static_var WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($static_var_id); $var = $db->Execute($sql); $convert = $var->fields['convert_type']; $name = $var->fields['name']; ############################################################ ### Generate the field name, translate if it exists, ### otherwise, just return the actual field name $static_relation = 'static_relation[' . $id . ']'; @($value = $VAR["static_relation"]["{$id}"]); if (!empty($VAR["static_relation"]["{$id}"]) || $value == 0) { if ($convert != 'none' && $convert != '') { $value = $validate->convert($name, $value, $convert); } ### Test record already exists: $sql = 'SELECT id,value FROM ' . AGILE_DB_PREFIX . 'static_var_record WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND record_id = ' . $db->qstr($record_id) . ' AND module_id = ' . $db->qstr($module_id) . ' AND static_var_id=' . $db->qstr($static_var_id) . ' AND static_var_relation_id= ' . $db->qstr($static_var_relation_id); $return = $db->Execute($sql); if ($return->RecordCount() == 0) { ### Create new record: $idx = $db->GenID(AGILE_DB_PREFIX . "" . 'static_var_record_id'); $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'static_var_record SET site_id = ' . $db->qstr(DEFAULT_SITE) . ', id = ' . $db->qstr($idx) . ', record_id = ' . $db->qstr($record_id) . ', module_id = ' . $db->qstr($module_id) . ', static_var_id=' . $db->qstr($static_var_id) . ', static_var_relation_id= ' . $db->qstr($static_var_relation_id) . ', value = ' . $db->qstr($value); $insert = $db->Execute($sql); if ($insert === false) { global $C_debug; $C_debug->error('static_var.inc.php', 'update', $db->ErrorMsg()); return false; } } elseif ($value != $return->fields['value']) { ### UPDATE the DB Record: $sql = 'UPDATE ' . AGILE_DB_PREFIX . 'static_var_record SET value = ' . $db->qstr($value) . ' WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($return->fields['id']); $insert = $db->Execute($sql); if ($insert === false) { global $C_debug; $C_debug->error('static_var.inc.php', 'update', $db->ErrorMsg()); return false; } } } else { ### Test record already exists: $sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'static_var_record WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND record_id = ' . $db->qstr($record_id) . ' AND module_id = ' . $db->qstr($module_id) . ' AND static_var_id=' . $db->qstr($static_var_id) . ' AND static_var_relation_id= ' . $db->qstr($static_var_relation_id); $return = $db->Execute($sql); } $relation->MoveNext(); } } }
function contact($VAR) { global $C_translate, $C_debug, $C_vars; ## Validate the required vars (account_id, message, subject) if (@$VAR['mail_email'] != "" && @$VAR['mail_name'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "") { include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); if (!$validate->validate_email($VAR['mail_email'], '')) { $C_debug->alert($C_translate->translate('validate_email', '', '')); $C_vars->strip_slashes_all(); return; } @($s = $VAR['mail_staff_id']); @($d = $VAR['mail_department_id']); if ($s > 0) { ## Nothing to do } else { if ($d > 0) { ## Verify the specified department && get the associated account: $db =& DB(); $sql = 'SELECT default_staff_id FROM ' . AGILE_DB_PREFIX . 'staff_department WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($d); $dept = $db->Execute($sql); if ($dept->RecordCount() == 0) { $C_debug->alert($C_translate->translate('error_dept_non_exist', 'staff', '')); $C_vars->strip_slashes_all(); return; } $s = $dept->fields['default_staff_id']; } else { ## staff/dept not specified $C_debug->alert($C_translate->translate('error_staff_dept', 'staff', '')); $C_vars->strip_slashes_all(); return; } } ## Verify the specified staff account && get the associated account: $db =& DB(); $sql = 'SELECT account_id FROM ' . AGILE_DB_PREFIX . 'staff WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($s); $staff = $db->Execute($sql); if ($staff->RecordCount() == 0) { $C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', '')); $C_vars->strip_slashes_all(); return; } $account_id = $staff->fields['account_id']; $sql = 'SELECT email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($account_id); $account = $db->Execute($sql); if ($account->RecordCount() == 0) { $C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', '')); $C_vars->strip_slashes_all(); return; } ### Validate any static vars, if defined $this->validated = true; if (!empty($VAR['static_relation'])) { require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form('staff', $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; # Get the fields and values and append to the message text... while (list($id, $value) = each($VAR['static_relation'])) { if (!empty($value) && !empty($id)) { # Get the name: $db =& DB(); $sql = "SELECT static_var_id FROM " . AGILE_DB_PREFIX . "static_relation WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE); $rs = $db->Execute($sql); $var_id = $rs->fields['static_var_id']; $sql = "SELECT name FROM " . AGILE_DB_PREFIX . "static_var WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($var_id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE); $rs = $db->Execute($sql); $name = $rs->fields['name']; $ul = preg_replace("/\\./", "-", $name); $VAR['mail_message'] .= "\r\n\r\n"; $VAR['mail_message'] .= "{$ul}"; $VAR['mail_message'] .= "\r\n"; $VAR['mail_message'] .= "{$name}"; $VAR['mail_message'] .= "\r\n"; $VAR['mail_message'] .= "{$ul}"; $VAR['mail_message'] .= "\r\n"; $VAR['mail_message'] .= "{$value}"; } } } } if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } global $C_vars; $C_vars->strip_slashes_all(); return; } ################################################################ ## OK to send the email: $E['from_html'] = true; $E['from_name'] = $VAR['mail_name']; $E['from_email'] = $VAR['mail_email']; $db =& DB(); $q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL); $setup_email = $db->Execute($q); $E['priority'] = $VAR['mail_priority']; $E['html'] = '0'; $E['subject'] = $VAR['mail_subject']; $E['body_text'] = $VAR['mail_message']; $E['to_email'] = $account->fields['email']; $E['to_name'] = $account->fields['first_name']; if ($setup_email->fields['type'] == 0) { $type = 0; } else { $type = 1; $E['server'] = $setup_email->fields['server']; $E['account'] = $setup_email->fields['username']; $E['password'] = $setup_email->fields['password']; } if ($setup_email->fields['cc_list'] != '') { $E['cc_list'] = explode(',', $setup_email->fields['cc_list']); } if ($setup_email->fields['bcc_list'] != '') { $E['bcc_list'] = explode(',', $setup_email->fields['bcc_list']); } ### Call the mail() or smtp() function to send require_once PATH_CORE . 'email.inc.php'; $email = new CORE_email(); if ($type == 0) { $email->PHP_Mail($E); } else { $email->SMTP_Mail($E); } } else { ## Error message: $C_debug->alert($C_translate->translate('error_req_fields', 'staff', '')); $C_vars->strip_slashes_all(); return; } ## Success message: $C_debug->alert($C_translate->translate('mail_sent', 'staff', '')); # Stripslashes $C_vars->strip_slashes_all(); }
/** * Validate the current credit card details */ function validate_card_details(&$ret) { // validate input fields if ($this->req_all_flds) { $this->req_fields_arr = array('first_name', 'last_name', 'address1', 'state', 'zip'); } if (is_array($this->req_fields_arr)) { $validate = true; global $VAR; foreach ($this->req_fields_arr as $fld) { if (empty($this->billing["{$fld}"]) && empty($this->account["{$fld}"])) { $VAR["{$fld}_error"] = true; $validate = false; } } if (!$validate) { global $C_translate; $ret['status'] = 0; $ret['msg'] = $C_translate->translate('missing_fields', 'checkout', ''); return false; } } // validate actual credit card details include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $this->billing["cc_no"] == preg_replace('/^[0-9]/', '', $this->billing["cc_no"]); if (!$validate->validate_cc($this->billing["cc_no"], false, $this->billing["card_type"], $this->cfg['card_type'])) { $ret['status'] = 0; global $C_translate; $ret['msg'] = $C_translate->translate('card_invalid', 'checkout', ''); } elseif (!$validate->validate_cc_exp(@$this->billing["exp_month"], @$this->billing["exp_year"])) { $ret['status'] = 0; global $C_translate; $ret['msg'] = $C_translate->translate('card_exp_invalid', 'checkout', ''); } else { $ret['status'] = 1; return true; } return false; }