function __construct($module, $user_id = null, $user_name = null)
{
global $PHP_SELF;
$this->lang = Registry::get('Language');
$module = HTML::sanitize(str_replace(' ', '', $module));
if (defined('MODULE_ACTION_RECORDER_INSTALLED') && tep_not_null(MODULE_ACTION_RECORDER_INSTALLED)) {
if (tep_not_null($module) && in_array($module . '.' . substr($PHP_SELF, strrpos($PHP_SELF, '.') + 1), explode(';', MODULE_ACTION_RECORDER_INSTALLED))) {
if (!class_exists($module)) {
if (is_file('includes/modules/action_recorder/' . $module . '.' . substr($PHP_SELF, strrpos($PHP_SELF, '.') + 1))) {
$this->lang->loadDefinitions('modules/action_recorder/' . $module);
include 'includes/modules/action_recorder/' . $module . '.' . substr($PHP_SELF, strrpos($PHP_SELF, '.') + 1);
} else {
return false;
}
}
} else {
return false;
}
} else {
return false;
}
$this->_module = $module;
if (!empty($user_id) && is_numeric($user_id)) {
$this->_user_id = $user_id;
}
if (!empty($user_name)) {
$this->_user_name = $user_name;
}
$GLOBALS[$this->_module] = new $module();
$GLOBALS[$this->_module]->setIdentifier();
}
function execute()
{
global $login_customer_id, $messageStack, $oscTemplate;
$OSCOM_Db = Registry::get('Db');
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = HTML::sanitize($_POST['email_address']);
$password = HTML::sanitize($_POST['password']);
// Check if email exists
$Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
if ($Qcustomer->fetch() === false) {
$error = true;
} else {
// Check that password is good
if (!tep_validate_password($password, $Qcustomer->value('customers_password'))) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = $Qcustomer->valueInt('customers_id');
// migrate old hashed password to new phpass password
if (tep_password_type($Qcustomer->value('customers_password')) != 'phpass') {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password)], ['customers_id' => $login_customer_id]);
}
}
}
}
if ($error == true) {
$messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
}
ob_start();
include DIR_WS_MODULES . 'content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
function execute()
{
global $login_customer_id, $messageStack, $oscTemplate;
$OSCOM_Db = Registry::get('Db');
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = HTML::sanitize($_POST['email_address']);
$password = HTML::sanitize($_POST['password']);
// Check if email exists
$Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
if ($Qcustomer->fetch() === false) {
$error = true;
} else {
// Check that password is good
if (!Hash::verify($password, $Qcustomer->value('customers_password'))) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = $Qcustomer->valueInt('customers_id');
// migrate old hashed password to new php password_hash
if (Hash::needsRehash($Qcustomer->value('customers_password'))) {
$OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password)], ['customers_id' => $login_customer_id]);
}
}
}
}
if ($error == true) {
$messageStack->add('login', OSCOM::getDef('module_content_login_text_login_error'));
}
ob_start();
include 'includes/modules/content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
public static function link($page, $parameters = null, $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true)
{
global $request_type;
$page = HTML::sanitize($page);
if (!in_array($connection, ['NONSSL', 'SSL', 'AUTO'])) {
$connection = 'NONSSL';
}
if (!is_bool($add_session_id)) {
$add_session_id = true;
}
if (!is_bool($search_engine_safe)) {
$search_engine_safe = true;
}
if ($connection == 'AUTO') {
$connection = $request_type == 'SSL' ? 'SSL' : 'NONSSL';
}
if ($connection == 'SSL' && ENABLE_SSL !== true) {
$connection = 'NONSSL';
}
if ($connection == 'NONSSL') {
$link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
} else {
$link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
}
$link .= $page;
if (!empty($parameters)) {
$link .= '?' . HTML::sanitize($parameters);
$separator = '&';
} else {
$separator = '?';
}
while (substr($link, -1) == '&' || substr($link, -1) == '?') {
$link = substr($link, 0, -1);
}
// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ($add_session_id == true && session_status() === PHP_SESSION_ACTIVE && SESSION_FORCE_COOKIE_USE == 'False') {
if (defined('SID') && !empty(SID)) {
$_sid = SID;
} elseif ($request_type == 'NONSSL' && $connection == 'SSL' || $request_type == 'SSL' && $connection == 'NONSSL') {
if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
$_sid = session_name() . '=' . session_id();
}
}
}
if (isset($_sid)) {
$link .= $separator . HTML::sanitize($_sid);
}
while (strpos($link, '&&') !== false) {
$link = str_replace('&&', '&', $link);
}
if (SEARCH_ENGINE_FRIENDLY_URLS == 'true' && $search_engine_safe == true) {
$link = str_replace(['?', '&', '='], '/', $link);
}
return $link;
}
public function runActions()
{
$furious_pete = [];
if (count($_GET) > $this->site->actions_index) {
$furious_pete = array_keys(array_slice($_GET, $this->site->actions_index, null, true));
}
foreach ($furious_pete as $action) {
$action = HTML::sanitize(basename($action));
$this->actions_run[] = $action;
// get namespace from class name
$class = (new \ReflectionClass($this))->getNamespaceName() . '\\Actions\\' . implode('\\', $this->actions_run);
if (!in_array($action, $this->ignored_actions) && $this->actionExists($class)) {
$action = new $class($this);
$action->execute();
if ($action->isRPC()) {
$this->is_rpc = true;
}
} else {
array_pop($this->actions_run);
break;
}
}
}
switch ($action) {
case 'insert':
$tax_class_title = HTML::sanitize($_POST['tax_class_title']);
$tax_class_description = HTML::sanitize($_POST['tax_class_description']);
$OSCOM_Db->save('tax_class', ['tax_class_title' => $tax_class_title, 'tax_class_description' => $tax_class_description, 'date_added' => 'now()']);
OSCOM::redirect(FILENAME_TAX_CLASSES);
break;
case 'save':
$tax_class_id = HTML::sanitize($_GET['tID']);
$tax_class_title = HTML::sanitize($_POST['tax_class_title']);
$tax_class_description = HTML::sanitize($_POST['tax_class_description']);
$OSCOM_Db->save('tax_class', ['tax_class_title' => $tax_class_title, 'tax_class_description' => $tax_class_description, 'last_modified' => 'now()'], ['tax_class_id' => (int) $tax_class_id]);
OSCOM::redirect(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id);
break;
case 'deleteconfirm':
$tax_class_id = HTML::sanitize($_GET['tID']);
$OSCOM_Db->delete('tax_class', ['tax_class_id' => (int) $tax_class_id]);
OSCOM::redirect(FILENAME_TAX_CLASSES, 'page=' . $_GET['page']);
break;
}
}
require $oscTemplate->getFile('template_top.php');
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading"><?php
echo OSCOM::getDef('heading_title');
?>
$appModuleType = 'Payment';
break;
case 'shipping':
$appModuleType = 'Shipping';
break;
case 'order_total':
$appModuleType = 'OrderTotal';
break;
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (tep_not_null($action)) {
switch ($action) {
case 'save':
foreach ($_POST['configuration'] as $key => $value) {
$key = HTML::sanitize($key);
$value = HTML::sanitize($value);
$OSCOM_Db->save('configuration', ['configuration_value' => $value], ['configuration_key' => $key]);
}
OSCOM::redirect(FILENAME_MODULES, 'set=' . $set . '&module=' . $_GET['module']);
break;
case 'install':
case 'remove':
if (strpos($_GET['module'], '\\') !== false) {
$class = Apps::getModuleClass($_GET['module'], $appModuleType);
if (class_exists($class)) {
$file_extension = '';
$module = new $class();
$class = $_GET['module'];
}
} else {
$file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
if (isset($_POST['default']) && $_POST['default'] == 'on') {
$OSCOM_Db->save('configuration', ['configuration_value' => $code], ['configuration_key' => 'DEFAULT_CURRENCY']);
}
OSCOM::redirect(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id);
break;
case 'deleteconfirm':
$currencies_id = HTML::sanitize($_GET['cID']);
$Qcurrency = $OSCOM_Db->get('currencies', 'currencies_id', ['code' => DEFAULT_CURRENCY]);
if ($Qcurrency->valueInt('currencies_id') === (int) $currencies_id) {
$OSCOM_Db->save('configuration', ['configuration_value' => ''], ['configuration_key' => 'DEFAULT_CURRENCY']);
}
$OSCOM_Db->delete('currencies', ['currencies_id' => (int) $currencies_id]);
OSCOM::redirect(FILENAME_CURRENCIES, 'page=' . $_GET['page']);
break;
case 'delete':
$currencies_id = HTML::sanitize($_GET['cID']);
$Qcurrency = $OSCOM_Db->get('currencies', 'code', ['currencies_id' => (int) $currencies_id]);
$remove_currency = true;
if ($Qcurrency->value('code') == DEFAULT_CURRENCY) {
$remove_currency = false;
$OSCOM_MessageStack->add(OSCOM::getDef('error_remove_default_currency'), 'error');
}
break;
}
}
$currency_select = array('USD' => array('title' => 'U.S. Dollar', 'code' => 'USD', 'symbol_left' => '$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'EUR' => array('title' => 'Euro', 'code' => 'EUR', 'symbol_left' => '', 'symbol_right' => '€', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'JPY' => array('title' => 'Japanese Yen', 'code' => 'JPY', 'symbol_left' => '¥', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'GBP' => array('title' => 'Pounds Sterling', 'code' => 'GBP', 'symbol_left' => '£', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'CHF' => array('title' => 'Swiss Franc', 'code' => 'CHF', 'symbol_left' => '', 'symbol_right' => 'CHF', 'decimal_point' => ',', 'thousands_point' => '.', 'decimal_places' => '2'), 'AUD' => array('title' => 'Australian Dollar', 'code' => 'AUD', 'symbol_left' => '$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'CAD' => array('title' => 'Canadian Dollar', 'code' => 'CAD', 'symbol_left' => '$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'SEK' => array('title' => 'Swedish Krona', 'code' => 'SEK', 'symbol_left' => '', 'symbol_right' => 'kr', 'decimal_point' => ',', 'thousands_point' => '.', 'decimal_places' => '2'), 'HKD' => array('title' => 'Hong Kong Dollar', 'code' => 'HKD', 'symbol_left' => '$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'NOK' => array('title' => 'Norwegian Krone', 'code' => 'NOK', 'symbol_left' => 'kr', 'symbol_right' => '', 'decimal_point' => ',', 'thousands_point' => '.', 'decimal_places' => '2'), 'NZD' => array('title' => 'New Zealand Dollar', 'code' => 'NZD', 'symbol_left' => '$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'MXN' => array('title' => 'Mexican Peso', 'code' => 'MXN', 'symbol_left' => '$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'SGD' => array('title' => 'Singapore Dollar', 'code' => 'SGD', 'symbol_left' => '$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'BRL' => array('title' => 'Brazilian Real', 'code' => 'BRL', 'symbol_left' => 'R$', 'symbol_right' => '', 'decimal_point' => ',', 'thousands_point' => '.', 'decimal_places' => '2'), 'CNY' => array('title' => 'Chinese RMB', 'code' => 'CNY', 'symbol_left' => '¥', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'CZK' => array('title' => 'Czech Koruna', 'code' => 'CZK', 'symbol_left' => '', 'symbol_right' => 'Kč', 'decimal_point' => ',', 'thousands_point' => '.', 'decimal_places' => '2'), 'DKK' => array('title' => 'Danish Krone', 'code' => 'DKK', 'symbol_left' => '', 'symbol_right' => 'kr', 'decimal_point' => ',', 'thousands_point' => '.', 'decimal_places' => '2'), 'HUF' => array('title' => 'Hungarian Forint', 'code' => 'HUF', 'symbol_left' => '', 'symbol_right' => 'Ft', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'ILS' => array('title' => 'Israeli New Shekel', 'code' => 'ILS', 'symbol_left' => '₪', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'INR' => array('title' => 'Indian Rupee', 'code' => 'INR', 'symbol_left' => 'Rs.', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'MYR' => array('title' => 'Malaysian Ringgit', 'code' => 'MYR', 'symbol_left' => 'RM', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'PHP' => array('title' => 'Philippine Peso', 'code' => 'PHP', 'symbol_left' => 'Php', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'PLN' => array('title' => 'Polish Zloty', 'code' => 'PLN', 'symbol_left' => '', 'symbol_right' => 'zł', 'decimal_point' => ',', 'thousands_point' => '.', 'decimal_places' => '2'), 'THB' => array('title' => 'Thai Baht', 'code' => 'THB', 'symbol_left' => '', 'symbol_right' => '฿', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'), 'TWD' => array('title' => 'Taiwan New Dollar', 'code' => 'TWD', 'symbol_left' => 'NT$', 'symbol_right' => '', 'decimal_point' => '.', 'thousands_point' => ',', 'decimal_places' => '2'));
$currency_select_array = array(array('id' => '', 'text' => OSCOM::getDef('text_info_common_currencies')));
foreach ($currency_select as $cs) {
if (!isset($currencies->currencies[$cs['code']])) {
$currency_select_array[] = array('id' => $cs['code'], 'text' => '[' . $cs['code'] . '] ' . $cs['title']);
}
if (isset($_POST['zone_id'])) {
$zone_id = HTML::sanitize($_POST['zone_id']);
} else {
$zone_id = false;
}
}
$country = HTML::sanitize($_POST['country']);
$telephone = HTML::sanitize($_POST['telephone']);
$fax = HTML::sanitize($_POST['fax']);
if (isset($_POST['newsletter'])) {
$newsletter = HTML::sanitize($_POST['newsletter']);
} else {
$newsletter = false;
}
$password = HTML::sanitize($_POST['password']);
$confirmation = HTML::sanitize($_POST['confirmation']);
$error = false;
if (ACCOUNT_GENDER == 'true') {
if ($gender != 'm' && $gender != 'f') {
$error = true;
$messageStack->add('create_account', ENTRY_GENDER_ERROR);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_FIRST_NAME_ERROR);
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_LAST_NAME_ERROR);
}
require 'includes/application_top.php';
if (!isset($_SESSION['customer_id'])) {
OSCOM::redirect('login.php', '', 'SSL');
}
if (MODULE_CONTENT_ACCOUNT_SET_PASSWORD_ALLOW_PASSWORD != 'True') {
OSCOM::redirect('account.php', '', 'SSL');
}
$Qcustomer = $OSCOM_Db - get('customers', 'customers_password', ['customers_id' => $_SESSION['customer_id']]);
if (!empty($Qcustomer->value('customers_password'))) {
OSCOM::redirect('account.php', '', 'SSL');
}
// needs to be included earlier to set the success message in the messageStack
require DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/content/account/cm_account_set_password.php';
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$password_new = HTML::sanitize($_POST['password_new']);
$password_confirmation = HTML::sanitize($_POST['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password_new)], ['customers_id' => $_SESSION['customer_id']]);
$OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => $_SESSION['customer_id']]);
$messageStack->add_session('account', MODULE_CONTENT_ACCOUNT_SET_PASSWORD_SUCCESS_PASSWORD_SET, 'success');
OSCOM::redirect('account.php', '', 'SSL');
}
}
<?php
/**
* osCommerce Online Merchant
*
* @copyright (c) 2016 osCommerce; https://www.oscommerce.com
* @license MIT; https://www.oscommerce.com/license/mit.txt
*/
use OSC\OM\HTML;
use OSC\OM\OSCOM;
require 'includes/application_top.php';
require 'includes/classes/currencies.php';
$currencies = new currencies();
$oID = HTML::sanitize($_GET['oID']);
include 'includes/classes/order.php';
$order = new order($oID);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html <?php
echo OSCOM::getDef('html_params');
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo OSCOM::getDef('charset');
?>
">
<title><?php
echo OSCOM::getDef('title', ['store_name' => STORE_NAME]);
?>
</title>
case 'insert_zone':
$geo_zone_name = HTML::sanitize($_POST['geo_zone_name']);
$geo_zone_description = HTML::sanitize($_POST['geo_zone_description']);
$OSCOM_Db->save('geo_zones', ['geo_zone_name' => $geo_zone_name, 'geo_zone_description' => $geo_zone_description, 'date_added' => 'now()']);
$new_zone_id = $OSCOM_Db->lastInsertId();
OSCOM::redirect(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id);
break;
case 'save_zone':
$zID = HTML::sanitize($_GET['zID']);
$geo_zone_name = HTML::sanitize($_POST['geo_zone_name']);
$geo_zone_description = HTML::sanitize($_POST['geo_zone_description']);
$OSCOM_Db->save('geo_zones', ['geo_zone_name' => $geo_zone_name, 'geo_zone_description' => $geo_zone_description, 'last_modified' => 'now()'], ['geo_zone_id' => (int) $zID]);
OSCOM::redirect(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID']);
break;
case 'deleteconfirm_zone':
$zID = HTML::sanitize($_GET['zID']);
$OSCOM_Db->delete('geo_zones', ['geo_zone_id' => (int) $zID]);
$OSCOM_Db->delete('zones_to_geo_zones', ['geo_zone_id' => (int) $zID]);
OSCOM::redirect(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage']);
break;
}
}
require $oscTemplate->getFile('template_top.php');
if (isset($_GET['zID']) && ($saction == 'edit' || $saction == 'new')) {
?>
<script type="text/javascript"><!--
function resetZoneSelected(theForm) {
if (theForm.state.value != '') {
theForm.zone_id.selectedIndex = '0';
if (theForm.zone_id.options.length > 0) {
theForm.state.value = '<?php
$countries_iso_code_3 = HTML::sanitize($_POST['countries_iso_code_3']);
$address_format_id = HTML::sanitize($_POST['address_format_id']);
$OSCOM_Db->save('countries', ['countries_name' => $countries_name, 'countries_iso_code_2' => $countries_iso_code_2, 'countries_iso_code_3' => $countries_iso_code_3, 'address_format_id' => (int) $address_format_id]);
OSCOM::redirect(FILENAME_COUNTRIES);
break;
case 'save':
$countries_id = HTML::sanitize($_GET['cID']);
$countries_name = HTML::sanitize($_POST['countries_name']);
$countries_iso_code_2 = HTML::sanitize($_POST['countries_iso_code_2']);
$countries_iso_code_3 = HTML::sanitize($_POST['countries_iso_code_3']);
$address_format_id = HTML::sanitize($_POST['address_format_id']);
$OSCOM_Db->save('countries', ['countries_name' => $countries_name, 'countries_iso_code_2' => $countries_iso_code_2, 'countries_iso_code_3' => $countries_iso_code_3, 'address_format_id' => (int) $address_format_id], ['countries_id' => (int) $countries_id]);
OSCOM::redirect(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id);
break;
case 'deleteconfirm':
$countries_id = HTML::sanitize($_GET['cID']);
$OSCOM_Db->delete('countries', ['countries_id' => (int) $countries_id]);
OSCOM::redirect(FILENAME_COUNTRIES, 'page=' . $_GET['page']);
break;
}
}
require $oscTemplate->getFile('template_top.php');
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading"><?php
echo OSCOM::getDef('heading_title');
?>
public static function prepareInput($string)
{
if (is_string($string)) {
return HTML::sanitize($string);
} elseif (is_array($string)) {
foreach ($string as $k => $v) {
$string[$k] = static::prepareInput($v);
}
return $string;
} else {
return $string;
}
}
*/
use OSC\OM\HTML;
use OSC\OM\HTTP;
use OSC\OM\OSCOM;
require 'includes/application_top.php';
switch ($_GET['action']) {
case 'banner':
$Qbanner = $OSCOM_Db->get('banners', 'banners_url', ['banners_id' => $_GET['goto']]);
if ($Qbanner->fetch() !== false) {
tep_update_banner_click_count($_GET['goto']);
HTTP::redirect($Qbanner->value('banners_url'));
}
break;
case 'url':
if (isset($_GET['goto']) && tep_not_null($_GET['goto'])) {
$Qcheck = $OSCOM_Db->get('products_description', 'products_url', ['products_url' => HTML::sanitize($_GET['goto'])], null, 1);
if ($Qcheck->fetch() !== false) {
HTTP::redirect('http://' . $Qcheck->value('products_url'));
}
}
break;
case 'manufacturer':
if (isset($_GET['manufacturers_id']) && is_numeric($_GET['manufacturers_id'])) {
$Qmanufacturer = $OSCOM_Db->get('manufacturers_info', 'manufacturers_url', ['manufacturers_id' => $_GET['manufacturers_id'], 'languages_id' => $OSCOM_Language->getId()]);
if ($Qmanufacturer->fetch() !== false) {
// url exists in selected language
if (!empty($Qmanufacturer->value('manufacturers_url'))) {
$Qupdate = $OSCOM_Db->prepare('update :table_manufacturers_info set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = :manufacturers_id and languages_id = :languages_id');
$Qupdate->bindInt(':manufacturers_id', $_GET['manufacturers_id']);
$Qupdate->bindInt(':languages_id', $OSCOM_Language->getId());
$Qupdate->execute();
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2015 osCommerce
Released under the GNU General Public License
*/
use OSC\OM\HTML;
use OSC\OM\OSCOM;
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $_SESSION['language'] . '/contact_us.php';
if (isset($_GET['action']) && $_GET['action'] == 'send' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$error = false;
$name = HTML::sanitize($_POST['name']);
$email_address = HTML::sanitize($_POST['email']);
$enquiry = HTML::sanitize($_POST['enquiry']);
if (!tep_validate_email($email_address)) {
$error = true;
$messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
}
$actionRecorder = new actionRecorder('ar_contact_us', isset($_SESSION['customer_id']) ? $_SESSION['customer_id'] : null, $name);
if (!$actionRecorder->canPerform()) {
$error = true;
$actionRecorder->record(false);
$messageStack->add('contact', sprintf(ERROR_ACTION_RECORDER, defined('MODULE_ACTION_RECORDER_CONTACT_US_EMAIL_MINUTES') ? (int) MODULE_ACTION_RECORDER_CONTACT_US_EMAIL_MINUTES : 15));
}
if ($error == false) {
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);
$actionRecorder->record();
OSCOM::redirect('contact_us.php', 'action=success');
}
if (tep_not_null($action)) {
switch ($action) {
case 'insert':
$username = HTML::sanitize($_POST['username']);
$password = HTML::sanitize($_POST['password']);
$Qcheck = $OSCOM_Db->get('administrators', 'id', ['user_name' => $username], null, 1);
if (!$Qcheck->check()) {
$OSCOM_Db->save('administrators', ['user_name' => $username, 'user_password' => Hash::encrypt($password)]);
} else {
$OSCOM_MessageStack->add(OSCOM::getDef('error_administrator_exists'), 'error');
}
OSCOM::redirect(FILENAME_ADMINISTRATORS);
break;
case 'save':
$username = HTML::sanitize($_POST['username']);
$password = HTML::sanitize($_POST['password']);
$Qcheck = $OSCOM_Db->get('administrators', ['id', 'user_name'], ['id' => (int) $_GET['aID']]);
// update username in current session if changed
if ($Qcheck->valueInt('id') === $_SESSION['admin']['id'] && $username !== $_SESSION['admin']['username']) {
$_SESSION['admin']['username'] = $username;
}
$OSCOM_Db->save('administrators', ['user_name' => $username], ['id' => (int) $_GET['aID']]);
if (tep_not_null($password)) {
$OSCOM_Db->save('administrators', ['user_password' => Hash::encrypt($password)], ['id' => (int) $_GET['aID']]);
}
OSCOM::redirect(FILENAME_ADMINISTRATORS, 'aID=' . (int) $_GET['aID']);
break;
case 'deleteconfirm':
$id = (int) $_GET['aID'];
$Qcheck = $OSCOM_Db->get('administrators', ['id', 'user_name'], ['id' => $id]);
if ($_SESSION['admin']['id'] === $Qcheck->valueInt('id')) {
echo OSCOM::getDef('text_good');
?>
</td>
</tr>
<tr>
<td align="right" class="smallText"><?php
echo HTML::button(OSCOM::getDef('image_preview'), 'fa fa-file-o') . HTML::button(OSCOM::getDef('image_cancel'), 'fa fa-close', OSCOM::link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $_GET['rID']));
?>
</td>
</form></tr>
<?php
} else {
if (tep_not_null($_POST)) {
$rInfo->reviews_rating = HTML::sanitize($_POST['reviews_rating']);
$rInfo->reviews_text = HTML::sanitize($_POST['reviews_text']);
$rInfo->reviews_status = HTML::sanitize($_POST['reviews_status']);
}
?>
<tr><?php
if (tep_not_null($_POST)) {
echo HTML::form('update', OSCOM::link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $_GET['rID'] . '&action=update'));
}
?>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="main" valign="top"><strong><?php
echo OSCOM::getDef('entry_product');
?>
</strong> <?php
echo $rInfo->products_name;
?>
$firstname = HTML::sanitize($_POST['firstname']);
$lastname = HTML::sanitize($_POST['lastname']);
$street_address = HTML::sanitize($_POST['street_address']);
if (ACCOUNT_SUBURB == 'true') {
$suburb = HTML::sanitize($_POST['suburb']);
}
$postcode = HTML::sanitize($_POST['postcode']);
$city = HTML::sanitize($_POST['city']);
$country = HTML::sanitize($_POST['country']);
if (ACCOUNT_STATE == 'true') {
if (isset($_POST['zone_id'])) {
$zone_id = HTML::sanitize($_POST['zone_id']);
} else {
$zone_id = false;
}
$state = HTML::sanitize($_POST['state']);
}
if (ACCOUNT_GENDER == 'true') {
if ($gender != 'm' && $gender != 'f') {
$error = true;
$messageStack->add('checkout_address', ENTRY_GENDER_ERROR);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('checkout_address', ENTRY_FIRST_NAME_ERROR);
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('checkout_address', ENTRY_LAST_NAME_ERROR);
}
use OSC\OM\Mail;
use OSC\OM\OSCOM;
require 'includes/application_top.php';
$action = isset($_GET['action']) ? $_GET['action'] : '';
if ($action == 'send_email_to_user' && isset($_POST['customers_email_address']) && !isset($_POST['back_x'])) {
switch ($_POST['customers_email_address']) {
case '***':
$Qmail = $OSCOM_Db->get('customers', ['customers_firstname', 'customers_lastname', 'customers_email_address']);
$mail_sent_to = OSCOM::getDef('text_all_customers');
break;
case '**D':
$Qmail = $OSCOM_Db->get('customers', ['customers_firstname', 'customers_lastname', 'customers_email_address'], ['customers_newsletter' => '1']);
$mail_sent_to = OSCOM::getDef('text_newsletter_customers');
break;
default:
$customers_email_address = HTML::sanitize($_POST['customers_email_address']);
$Qmail = $OSCOM_Db->get('customers', ['customers_firstname', 'customers_lastname', 'customers_email_address'], ['customers_email_address' => $customers_email_address]);
$mail_sent_to = $customers_email_address;
break;
}
$customerEmail = new Mail();
$customerEmail->setFrom($_POST['from']);
$customerEmail->setSubject($_POST['subject']);
if (!empty($_POST['message'])) {
$customerEmail->setBodyPlain($_POST['message']);
}
if (!empty($_POST['message_html'])) {
$customerEmail->setBodyHTML($_POST['message_html']);
}
while ($Qmail->fetch()) {
$customerEmail->clearTo();
<hr>
<div class="clearfix"></div>
<?php
}
?>
<div class="contentText">
<div class="row">
<p class="col-sm-3 text-right-not-xs"><strong><?php
echo SUB_TITLE_FROM;
?>
</strong></p>
<p class="col-sm-9"><?php
echo HTML::sanitize($Qcustomer->value('customers_firstname') . ' ' . $Qcustomer->value('customers_lastname'));
?>
</p>
</div>
<div class="form-group has-feedback">
<label for="inputReview" class="control-label col-sm-3"><?php
echo SUB_TITLE_REVIEW;
?>
</label>
<div class="col-sm-9">
<?php
echo HTML::textareaField('review', 60, 15, NULL, 'minlength="' . REVIEW_TEXT_MIN_LENGTH . '" required aria-required="true" id="inputReview" placeholder="' . ENTRY_REVIEW_TEXT . '"');
echo FORM_REQUIRED_INPUT;
?>
</div>
</div>
function before_process()
{
global $sagepay_server_transaction_details, $order, $order_totals;
$OSCOM_Db = Registry::get('Db');
$sagepay_server_transaction_details = null;
$error = null;
if (isset($_GET['check']) && $_GET['check'] == 'PROCESS') {
if (isset($_GET['skcode']) && isset($_SESSION['sagepay_server_skey_code']) && $_GET['skcode'] == $_SESSION['sagepay_server_skey_code']) {
$skcode = HTML::sanitize($_GET['skcode']);
$Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['verified', 'transaction_details'], ['code' => $skcode], null, 1);
if ($Qsp->fetch() !== false) {
unset($_SESSION['sagepay_server_skey_code']);
$OSCOM_Db->delete('sagepay_server_securitykeys', ['code' => $skcode]);
if ($Qsp->value('verified') == '1') {
$sagepay_server_transaction_details = $Qsp->value('transaction_details');
return true;
}
}
}
} else {
if (!isset($_SESSION['sagepay_server_skey_code'])) {
$_SESSION['sagepay_server_skey_code'] = tep_create_random_value(16);
}
$params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $_SESSION['customer_id'] . '-' . $_SESSION['cartID'], 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $_SESSION['currency'], 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(OSCOM::link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $_SESSION['sagepay_server_skey_code'], 'SSL', false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0');
$ip_address = tep_get_ip_address();
if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) {
$params['ClientIPAddress'] = $ip_address;
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') {
$params['TxType'] = 'PAYMENT';
} elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') {
$params['TxType'] = 'DEFERRED';
} else {
$params['TxType'] = 'AUTHENTICATE';
}
if ($params['BillingCountry'] == 'US') {
$params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], '');
}
if ($params['DeliveryCountry'] == 'US') {
$params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], '');
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') {
$params['Profile'] = 'LOW';
}
$contents = array();
foreach ($order->products as $product) {
$product_name = $product['name'];
if (isset($product['attributes'])) {
foreach ($product['attributes'] as $att) {
$product_name .= '; ' . $att['option'] . '=' . $att['value'];
}
}
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']);
}
foreach ($order_totals as $ot) {
$contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']);
}
$params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500);
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '=' . urlencode(trim($value)) . '&';
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') {
$gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp';
} else {
$gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp';
}
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
$string_array = explode(chr(10), $transaction_response);
$return = array();
foreach ($string_array as $string) {
if (strpos($string, '=') != false) {
$parts = explode('=', $string, 2);
$return[trim($parts[0])] = trim($parts[1]);
}
}
if ($return['Status'] == 'OK') {
$Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['id', 'securitykey'], ['code' => $_SESSION['sagepay_server_skey_code']], null, 1);
if ($Qsp->fetch() !== false) {
if ($Qsp->value('securitykey') != $return['SecurityKey']) {
$OSCOM_Db->save('sagepay_server_securitykeys', ['securitykey' => $return['SecurityKey'], 'date_added' => 'now()'], ['id' => $Qsp->valueInt('id')]);
}
} else {
$OSCOM_Db->save('sagepay_server_securitykeys', ['code' => $_SESSION['sagepay_server_skey_code'], 'securitykey' => $return['SecurityKey'], 'date_added' => 'now()']);
}
if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') {
HTTP::redirect($return['NextURL']);
} else {
$_SESSION['sage_pay_server_nexturl'] = $return['NextURL'];
OSCOM::redirect('ext/modules/payment/sage_pay/checkout.php', '', 'SSL');
}
} else {
$error = $this->getErrorMessageNumber($return['StatusDetail']);
$this->sendDebugEmail($return);
}
}
OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : ''), 'SSL');
}
$lID = HTML::sanitize($_GET['lID']);
$Qlanguage = $OSCOM_Db->get('languages', 'languages_id', ['code' => DEFAULT_LANGUAGE]);
if ($Qlanguage->valueInt('languages_id') === (int) $lID) {
$OSCOM_Db->save('configuration', ['configuration_value' => ''], ['configuration_key' => 'DEFAULT_CURRENCY']);
}
$OSCOM_Db->delete('categories_description', ['language_id' => $lID]);
$OSCOM_Db->delete('products_description', ['language_id' => $lID]);
$OSCOM_Db->delete('products_options', ['language_id' => $lID]);
$OSCOM_Db->delete('products_options_values', ['language_id' => $lID]);
$OSCOM_Db->delete('manufacturers_info', ['languages_id' => $lID]);
$OSCOM_Db->delete('orders_status', ['language_id' => $lID]);
$OSCOM_Db->delete('languages', ['languages_id' => $lID]);
OSCOM::redirect(FILENAME_LANGUAGES, 'page=' . $_GET['page']);
break;
case 'delete':
$lID = HTML::sanitize($_GET['lID']);
$Qlanguage = $OSCOM_Db->get('languages', 'code', ['languages_id' => $lID]);
$remove_language = true;
if ($Qlanguage->value('code') == DEFAULT_LANGUAGE) {
$remove_language = false;
$OSCOM_MessageStack->add(OSCOM::getDef('error_remove_default_language'), 'error');
}
break;
}
}
$icons = [];
foreach (glob(OSCOM::getConfig('dir_root', 'Shop') . 'public/third_party/flag-icon-css/flags/4x3/*.svg') as $file) {
$code = basename($file, '.svg');
$icons[] = ['id' => $code, 'text' => $code];
}
$directories = [];
public static function link($page, $parameters = null, $add_session_id = true, $search_engine_safe = true)
{
$page = HTML::sanitize($page);
$site = $req_site = static::$site;
if (strpos($page, '/') !== false && preg_match('/^([A-Z][A-Za-z0-9-_]*)\\/(.*)$/', $page, $matches) === 1 && OSCOM::siteExists($matches[1], false)) {
$req_site = $matches[1];
$page = $matches[2];
}
if (!is_bool($add_session_id)) {
$add_session_id = true;
}
if (!is_bool($search_engine_safe)) {
$search_engine_safe = true;
}
if ($add_session_id === true && $site !== $req_site) {
$add_session_id = false;
}
$link = static::getConfig('http_server', $req_site) . static::getConfig('http_path', $req_site) . $page;
if (!empty($parameters)) {
$p = HTML::sanitize($parameters);
$p = str_replace(["\\", '{', '}'], ['%5C', '%7B', '%7D'], $p);
$link .= '?' . $p;
$separator = '&';
} else {
$separator = '?';
}
while (substr($link, -1) == '&' || substr($link, -1) == '?') {
$link = substr($link, 0, -1);
}
// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ($add_session_id == true && Registry::exists('Session')) {
$OSCOM_Session = Registry::get('Session');
if ($OSCOM_Session->hasStarted() && $OSCOM_Session->isForceCookies() === false) {
if (strlen(SID) > 0 || (HTTP::getRequestType() == 'NONSSL' && parse_url(static::getConfig('http_server', $req_site), PHP_URL_SCHEME) == 'https' || HTTP::getRequestType() == 'SSL' && parse_url(static::getConfig('http_server', $req_site), PHP_URL_SCHEME) == 'http')) {
$link .= $separator . HTML::sanitize(session_name() . '=' . session_id());
}
}
}
while (strpos($link, '&&') !== false) {
$link = str_replace('&&', '&', $link);
}
if ($search_engine_safe == true && defined('SEARCH_ENGINE_FRIENDLY_URLS') && SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
$link = str_replace(['?', '&', '='], '/', $link);
}
return $link;
}
$valid_product = true;
}
}
if ($valid_product == false) {
OSCOM::redirect('index.php');
}
require DIR_WS_LANGUAGES . $_SESSION['language'] . '/tell_a_friend.php';
$from_name = null;
$from_email_address = null;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$error = false;
$to_email_address = HTML::sanitize($_POST['to_email_address']);
$to_name = HTML::sanitize($_POST['to_name']);
$from_email_address = HTML::sanitize($_POST['from_email_address']);
$from_name = HTML::sanitize($_POST['from_name']);
$message = HTML::sanitize($_POST['message']);
if (empty($from_name)) {
$error = true;
$messageStack->add('friend', ERROR_FROM_NAME);
}
if (!tep_validate_email($from_email_address)) {
$error = true;
$messageStack->add('friend', ERROR_FROM_ADDRESS);
}
if (empty($to_name)) {
$error = true;
$messageStack->add('friend', ERROR_TO_NAME);
}
if (!tep_validate_email($to_email_address)) {
$error = true;
$messageStack->add('friend', ERROR_TO_ADDRESS);
?>
</td>
</tr>
<?php
foreach ($modules['installed'] as $m) {
if (strpos($m['code'], '\\') !== false) {
$class = Apps::getModuleClass($m['code'], 'Content');
$module = new $class();
$module->code = $m['code'];
} else {
$module = new $m['code']();
}
if ((!isset($_GET['module']) || isset($_GET['module']) && $_GET['module'] == $module->code) && !isset($mInfo)) {
$module_info = array('code' => $module->code, 'title' => $module->title, 'description' => $module->description, 'signature' => isset($module->signature) ? $module->signature : null, 'api_version' => isset($module->api_version) ? $module->api_version : null, 'sort_order' => (int) $module->sort_order, 'keys' => array());
foreach ($module->keys() as $key) {
$key = HTML::sanitize($key);
$Qkeys = $OSCOM_Db->get('configuration', ['configuration_title', 'configuration_value', 'configuration_description', 'use_function', 'set_function'], ['configuration_key' => $key]);
$module_info['keys'][$key] = ['title' => $Qkeys->value('configuration_title'), 'value' => $Qkeys->value('configuration_value'), 'description' => $Qkeys->value('configuration_description'), 'use_function' => $Qkeys->value('use_function'), 'set_function' => $Qkeys->value('set_function')];
}
$mInfo = new \ArrayObject($module_info, \ArrayObject::ARRAY_AS_PROPS);
}
if (isset($mInfo) && is_object($mInfo) && $module->code == $mInfo->code) {
echo ' <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)">' . "\n";
} else {
echo ' <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href=\'' . OSCOM::link('modules_content.php', 'module=' . $module->code) . '\'">' . "\n";
}
?>
<td class="dataTableContent"><?php
echo $module->title;
?>
</td>
OSCOM::redirect('index.php', 'Account&LogIn', 'SSL');
}
// needs to be included earlier to set the success message in the messageStack
require DIR_WS_LANGUAGES . $_SESSION['language'] . '/account_edit.php';
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
if (ACCOUNT_GENDER == 'true') {
$gender = HTML::sanitize($_POST['gender']);
}
$firstname = HTML::sanitize($_POST['firstname']);
$lastname = HTML::sanitize($_POST['lastname']);
if (ACCOUNT_DOB == 'true') {
$dob = HTML::sanitize($_POST['dob']);
}
$email_address = HTML::sanitize($_POST['email_address']);
$telephone = HTML::sanitize($_POST['telephone']);
$fax = HTML::sanitize($_POST['fax']);
$error = false;
if (ACCOUNT_GENDER == 'true') {
if ($gender != 'm' && $gender != 'f') {
$error = true;
$messageStack->add('account_edit', ENTRY_GENDER_ERROR);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_FIRST_NAME_ERROR);
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_LAST_NAME_ERROR);
}
?>
"><?php
echo OSCOM::getDef('heading_title');
?>
</a></h2>
<?php
if (!empty($action)) {
if ($action == 'new') {
$show_listing = false;
$form_action = 'insert';
$parameters = array('expires_date' => '', 'date_scheduled' => '', 'banners_title' => '', 'banners_url' => '', 'banners_group' => '', 'banners_image' => '', 'banners_html_text' => '', 'expires_impressions' => '');
$bInfo = new objectInfo($parameters);
if (isset($_GET['bID'])) {
$form_action = 'update';
$bID = HTML::sanitize($_GET['bID']);
$Qbanner = $OSCOM_Db->get('banners', ['banners_title', 'banners_url', 'banners_image', 'banners_group', 'banners_html_text', 'status', 'date_format(date_scheduled, "%Y-%m-%d") as date_scheduled', 'date_format(expires_date, "%Y-%m-%d") as expires_date', 'expires_impressions', 'date_status_change'], ['banners_id' => (int) $bID]);
$bInfo->objectInfo($Qbanner->toArray());
} elseif (tep_not_null($_POST)) {
$bInfo->objectInfo($_POST);
}
$groups_array = [];
$Qgroups = $OSCOM_Db->get('banners', 'distinct banners_group', null, 'banners_group');
while ($Qgroups->fetch()) {
$groups_array[] = ['id' => $Qgroups->value('banners_group'), 'text' => $Qgroups->value('banners_group')];
}
?>
<?php
echo HTML::form('new_banner', OSCOM::link(FILENAME_BANNER_MANAGER, 'page=' . $_GET['page'] . '&action=' . $form_action), 'post', 'enctype="multipart/form-data"') . ($form_action == 'update' ? HTML::hiddenField('banners_id', $bID) : '');
?>
$tax_priority = HTML::sanitize($_POST['tax_priority']);
$OSCOM_Db->save('tax_rates', ['tax_zone_id' => (int) $tax_zone_id, 'tax_class_id' => (int) $tax_class_id, 'tax_rate' => $tax_rate, 'tax_description' => $tax_description, 'tax_priority' => (int) $tax_priority, 'date_added' => 'now()']);
OSCOM::redirect(FILENAME_TAX_RATES);
break;
case 'save':
$tax_rates_id = HTML::sanitize($_GET['tID']);
$tax_zone_id = HTML::sanitize($_POST['tax_zone_id']);
$tax_class_id = HTML::sanitize($_POST['tax_class_id']);
$tax_rate = HTML::sanitize($_POST['tax_rate']);
$tax_description = HTML::sanitize($_POST['tax_description']);
$tax_priority = HTML::sanitize($_POST['tax_priority']);
$OSCOM_Db->save('tax_rates', ['tax_zone_id' => (int) $tax_zone_id, 'tax_class_id' => (int) $tax_class_id, 'tax_rate' => $tax_rate, 'tax_description' => $tax_description, 'tax_priority' => (int) $tax_priority, 'last_modified' => 'now()'], ['tax_rates_id' => (int) $tax_rates_id]);
OSCOM::redirect(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id);
break;
case 'deleteconfirm':
$tax_rates_id = HTML::sanitize($_GET['tID']);
$OSCOM_Db->delete('tax_rates', ['tax_rates_id' => (int) $tax_rates_id]);
OSCOM::redirect(FILENAME_TAX_RATES, 'page=' . $_GET['page']);
break;
}
}
require $oscTemplate->getFile('template_top.php');
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading"><?php
echo OSCOM::getDef('heading_title');
?>
}
// avoid hack attempts during the checkout procedure by checking the internal cartID
if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) {
if ($_SESSION['cart']->cartID != $_SESSION['cartID']) {
OSCOM::redirect('checkout_shipping.php', '', 'SSL');
}
}
// if no shipping method has been selected, redirect the customer to the shipping method selection page
if (!isset($_SESSION['shipping'])) {
OSCOM::redirect('checkout_shipping.php', '', 'SSL');
}
if (isset($_POST['payment'])) {
$_SESSION['payment'] = $_POST['payment'];
}
if (isset($_POST['comments']) && tep_not_null($_POST['comments'])) {
$_SESSION['comments'] = HTML::sanitize($_POST['comments']);
}
// load the selected payment module
require DIR_WS_CLASSES . 'payment.php';
$payment_modules = new payment($_SESSION['payment']);
require DIR_WS_CLASSES . 'order.php';
$order = new order();
$payment_modules->update_status();
if ($payment_modules->selected_module != $_SESSION['payment'] || is_array($payment_modules->modules) && sizeof($payment_modules->modules) > 1 && !is_object(${$_SESSION}['payment']) || is_object(${$_SESSION}['payment']) && ${$_SESSION}['payment']->enabled == false) {
OSCOM::redirect('checkout_payment.php', 'error_message=' . urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED), 'SSL');
}
if (is_array($payment_modules->modules)) {
$payment_modules->pre_confirmation_check();
}
// load the selected shipping module
require DIR_WS_CLASSES . 'shipping.php';
