function remove($products_id) { $this->contents[$products_id] = NULL; // remove from database if (vam_session_is_registered('customer_id')) { vam_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . $_SESSION['customer_id'] . "' and products_id = '" . $products_id . "'"); vam_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . $_SESSION['customer_id'] . "' and products_id = '" . $products_id . "'"); } // assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure $this->cartID = $this->generate_cart_id(); }
require_once DIR_FS_ADMIN_CLASSES . 'ci_message.class.php'; $message = new message(); //Must be included after ci_message.class.php: require_once DIR_FS_ADMIN_CLASSES . 'ci_cip_manager.class.php'; $cip_manager = new cip_manager($current_path); require_once DIR_FS_ADMIN_FUNCTIONS . 'contrib_installer.php'; //set_current_path: //if (defined('DIR_FS_CIP')) $current_path=DIR_FS_CIP; //This must protect contrib_dir parameter if (isset($_REQUEST['contrib_dir']) && $_REQUEST['action'] == 'install' && $_REQUEST['cip'] == $cip_manager->ci_cip() && is_dir($_REQUEST['contrib_dir'])) { $current_path = $_REQUEST['contrib_dir']; } if (strstr($current_path, '..') or !is_dir($current_path) or defined(DIR_FS_CIP) && !preg_match('/^/' . DIR_FS_CIP, $current_path)) { $current_path = DIR_FS_CIP; } if (!vam_session_is_registered('current_path')) { vam_session_register('current_path'); } $current_path = str_replace('//', '/', $current_path); // Nessesary for self-install. We redirect from init_contrib_installer.php with this patameters: if (!defined(DIR_FS_CIP) && $_REQUEST['contrib_dir']) { define('DIR_FS_CIP', $_REQUEST['contrib_dir']); } //Check if ontrib Installer installed: if (DIR_FS_CIP == 'DIR_FS_CIP') { vam_redirect(vam_href_link(INIT_CONTRIB_INSTALLER)); } //Check if self-install was made: if ($_REQUEST['cip'] != $cip_manager->ci_cip() && $_REQUEST['contrib_dir'] && !$cip_manager->is_ci_installed()) { vam_redirect(vam_href_link(INIT_CONTRIB_INSTALLER)); }
function amSessionIsRegistered($strSessionVar) { return vam_session_is_registered($strSessionVar); }
} else { session_start(); include DIR_WS_INCLUDES . 'tracking.php'; $session_started = true; } // check the Agent $truncate_session_id = false; if (CHECK_CLIENT_AGENT) { if (vam_check_agent() == 1) { $truncate_session_id = true; } } // verify the ssl_session_id if the feature is enabled if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started == true) { $ssl_session_id = getenv('SSL_SESSION_ID'); if (!vam_session_is_registered('SSL_SESSION_ID')) { $_SESSION['SESSION_SSL_ID'] = $ssl_session_id; } if ($_SESSION['SESSION_SSL_ID'] != $ssl_session_id) { session_destroy(); vam_redirect(vam_href_link(FILENAME_SSL_CHECK)); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { $http_user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); $http_user_agent2 = strtolower(getenv("HTTP_USER_AGENT")); $http_user_agent = $http_user_agent == $http_user_agent2 ? $http_user_agent : $http_user_agent . ';' . $http_user_agent2; if (!isset($_SESSION['SESSION_USER_AGENT'])) { $_SESSION['SESSION_USER_AGENT'] = $http_user_agent; }
(c) 2000-2001 The Exchange Project (earlier name of osCommerce) (c) 2002-2003 osCommercebased on original files from OSCommerce CVS 2.2 2002/08/28 02:14:35 www.oscommerce.com (c) 2003 nextcommerce (loginbox.php,v 1.10 2003/08/17); www.nextcommerce.org (c) 2004 xt:Commerce (loginbox.php,v 1.10 2003/08/13); xt-commerce.com Released under the GNU General Public License ----------------------------------------------------------------------------------------- Third Party contributions: Loginbox V1.0 Aubrey Kilian <*****@*****.**> Released under the GNU General Public License ---------------------------------------------------------------------------------------*/ $box = new vamTemplate(); $box->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/'); $box_content = ''; require_once DIR_FS_INC . 'vam_image_submit.inc.php'; require_once DIR_FS_INC . 'vam_draw_password_field.inc.php'; if (!vam_session_is_registered('customer_id')) { $box->assign('FORM_ACTION', '<form id="loginbox" method="post" action="' . vam_href_link(FILENAME_LOGIN, 'action=process', 'SSL') . '">'); $box->assign('FIELD_EMAIL', vam_draw_input_field('email_address', '', '')); $box->assign('FIELD_PWD', vam_draw_password_field('password', '', '')); $box->assign('BUTTON', vam_image_submit('login.png', IMAGE_BUTTON_LOGIN)); $box->assign('LINK_LOST_PASSWORD', vam_href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'SSL')); $box->assign('LINK_NEW_ACCOUNT', vam_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL')); $box->assign('FORM_END', '</form>'); $box->assign('BOX_CONTENT', $loginboxcontent); $box->caching = 0; $box->assign('language', $_SESSION['language']); $box_loginbox = $box->fetch(CURRENT_TEMPLATE . '/boxes/box_login.html'); $vamTemplate->assign('box_LOGIN', $box_loginbox); }
function vam_get_filter_sql($filter_class, $specifications_id, $filter_array = array(), $products_column_name, $languages_id) { global $customer_zone_id, $customer_country_id; $sql_array = array('from' => '', 'where' => ''); $filter_array = is_array($filter_array) ? $filter_array : array($filter_array); // If the Show All option is set, return a blank string if (isset($filter_array[0]) && ($filter_array[0] == '0' || $filter_array[0] == '')) { return $sql_array; } else { // Scrub the filter array so apostrophes in filters don't error out. foreach ($filter_array as $filterKey => $filterValue) { $filter_array[$filterKey] = vam_db_input($filterValue); } // The Manufacturer's column contains an ID and not the name, so we have to change it if ($products_column_name == 'manufacturers_id') { $filter_array = vam_get_manufacturer_id($filter_array, $products_column_name); $products_column_name = 'p.' . $products_column_name; } // if ($products_column_name == 'manufacturers_id') // The final_price column doesn't actually exist, so we have to generate it $final_price = false; if ($products_column_name == 'final_price') { $final_price = true; $products_column_name = ' IF(s.status, s.specials_new_products_price, p.products_price) '; } // if ($products_column_name == 'final_price') switch ($filter_class) { case 'exact': $filter_array = array_map('vam_set_filter_case', $filter_array); foreach ($filter_array as $filter) { if (isset($filter) && $filter != '0' && $filter != '') { if (strlen($products_column_name) > 1) { // Use an existing column $sql_array['where'] .= " AND " . $products_column_name . " <=> " . $filter . " "; } else { $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $sql_array['where'] .= " AND ps" . $specifications_id . ".specification <=> " . $filter . "\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; } // if (strlen ($products_column_name ... else ... } // if (isset ($filter } // foreach ($filter_array break; case 'multiple': $filter_array = array_map('vam_set_filter_case', $filter_array); if (strlen($products_column_name) > 1) { $sql_array['where'] .= " and " . $products_column_name . " in ("; $first = true; foreach ($filter_array as $filter) { if ($first == true) { $first = false; $sql_array['where'] .= " " . $filter . " "; } else { $sql_array['where'] .= ", " . $filter . " "; } } $sql_array['where'] .= ") "; } else { $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $first = true; foreach ($filter_array as $filter) { if ($filter != '0') { if ($first == true) { $first = false; $sql_array['where'] .= " AND ps" . $specifications_id . ".specification in (" . $filter . "\n "; } else { $sql_array['where'] .= ", " . $filter . "\n "; } } } $sql_array['where'] .= ") AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; foreach ($filter_array as $filter) { if ($filter == '0') { $sql_array = array('from' => '', 'where' => ''); } } } break; case 'range': $filters_range = explode('-', $filter_array[0]); $filters_range = array_map('vam_set_filter_case', $filters_range); if (!vam_session_is_registered('customer_id')) { $country_id = STORE_COUNTRY; $zone_id = STORE_ZONE; } else { $country_id = $customer_country_id; $zone_id = $customer_zone_id; } if (strlen($products_column_name) > 1) { if (count($filters_range) < 2) { // There is only one parameter, so it is a minimum if (DISPLAY_PRICE_WITH_TAX == 'true' && ($products_column_name == 'products_price' || $final_price == true)) { $sql_array['from'] .= " inner join " . TABLE_TAX_RATES . " tr\n on tr.tax_class_id = p.products_tax_class_id\n left join " . TABLE_ZONES_TO_GEO_ZONES . " za\n on (tr.tax_zone_id = za.geo_zone_id)\n left join " . TABLE_GEO_ZONES . " tz\n on (tz.geo_zone_id = tr.tax_zone_id)\n "; $sql_array['where'] .= " AND (" . $products_column_name . " * (1.0 + (tr.tax_rate / 100) ) ) > " . $filters_range[0] . "\n and (za.zone_country_id is null\n or za.zone_country_id = '0'\n or za.zone_country_id = '" . (int) $country_id . "')\n and (za.zone_id is null\n or za.zone_id = '0'\n or za.zone_id = '" . (int) $zone_id . "')\n "; } else { $sql_array['where'] .= " and " . $products_column_name . " > " . $filters_range[0] . " "; } } else { if (DISPLAY_PRICE_WITH_TAX == 'true' && ($products_column_name == 'products_price' || $final_price == true)) { $sql_array['from'] .= " inner join " . TABLE_TAX_RATES . " tr\n on tr.tax_class_id = p.products_tax_class_id\n left join " . TABLE_ZONES_TO_GEO_ZONES . " za\n on (tr.tax_zone_id = za.geo_zone_id)\n left join " . TABLE_GEO_ZONES . " tz\n on (tz.geo_zone_id = tr.tax_zone_id)\n "; $sql_array['where'] .= " and ( (" . $products_column_name . " * (1.0 + (tr.tax_rate / 100) ) ) between " . $filters_range[0] . " and " . $filters_range[1] . ")\n and (za.zone_country_id is null\n or za.zone_country_id = '0'\n or za.zone_country_id = '" . (int) $country_id . "')\n and (za.zone_id is null\n or za.zone_id = '0'\n or za.zone_id = '" . (int) $zone_id . "')\n "; } else { $sql_array['where'] .= " and (" . $products_column_name . " between " . $filters_range[0] . " and " . $filters_range[1] . ") "; } } } else { if (count($filters_range) < 2) { // There is only one parameter, so it is a minimum $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $sql_array['where'] .= " AND ps" . $specifications_id . ".specification > " . $filters_range[0] . "\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; } else { // There are two parameters, so treat them as minimum and maximum $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $sql_array['where'] .= " AND (ps" . $specifications_id . ".specification between " . $filters_range[0] . " and " . $filters_range[1] . ")\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; } } break; case 'reverse': // No existing columns are set up as a reverse range, so this filter class has no provision for existing columns $filter_array = array_map('vam_set_filter_case', $filter_array); $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $sql_array['where'] .= " AND " . $filter_array[0] . " BETWEEN SUBSTRING_INDEX(ps" . $specifications_id . ".specification,'-',1) AND SUBSTRING_INDEX(ps" . $specifications_id . ".specification,'-',-1)\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; break; case 'start': if (strlen($products_column_name) > 1) { $sql_array['where'] .= " and " . $products_column_name . " like '" . $filter_array[0] . "%' "; } else { $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $sql_array['where'] .= " AND ps" . $specifications_id . ".specification LIKE '" . $filter_array[0] . "%'\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; } break; case 'partial': if (strlen($products_column_name) > 1) { $sql_array['where'] .= " and " . $products_column_name . " like '%" . $filter_array[0] . "%' "; } else { $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $sql_array['where'] .= " AND ps" . $specifications_id . ".specification like '%" . $filter_array[0] . "%'\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; } break; case 'like': // Function currently uses 'sounds like' to do a soundex match if (strlen($products_column_name) > 1) { $sql_array['where'] .= " and " . $products_column_name . " sounds like '%" . $filter_array[0] . "%' "; } else { $sql_array['from'] .= " INNER JOIN " . TABLE_PRODUCTS_SPECIFICATIONS . " ps" . $specifications_id . " ON p.products_id = ps" . $specifications_id . ".products_id "; $sql_array['where'] .= " AND ps" . $specifications_id . ".specification sounds like '" . $filter_array[0] . "'\n AND ps" . $specifications_id . ".specifications_id = '" . $specifications_id . "'\n AND ps" . $specifications_id . ".language_id = '" . (int) $languages_id . "'\n "; } break; case 'none': case '': default: break; } // switch ($filter_class } // if (count ($filter_array) ... else ... return $sql_array; }
if (SESSION_CHECK_USER_AGENT == 'True') { $http_user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); $http_user_agent2 = strtolower(getenv("HTTP_USER_AGENT")); $http_user_agent = $http_user_agent == $http_user_agent2 ? $http_user_agent : $http_user_agent . ';' . $http_user_agent2; if (!isset($_SESSION['SESSION_USER_AGENT'])) { $_SESSION['SESSION_USER_AGENT'] = $http_user_agent; } if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) { session_destroy(); vam_redirect(vam_href_link(FILENAME_LOGIN)); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { $ip_address = vam_get_ip_address(); if (!vam_session_is_registered('SESSION_IP_ADDRESS')) { $_SESSION['SESSION_IP_ADDRESS'] = $ip_address; } if ($_SESSION['SESSION_IP_ADDRESS'] != $ip_address) { session_destroy(); vam_redirect(vam_href_link(FILENAME_LOGIN)); } } // set the language if (!isset($_SESSION['language']) || isset($_GET['language'])) { include DIR_WS_CLASSES . 'language.php'; $lng = new language($_GET['language']); if (!isset($_GET['language'])) { $lng->get_browser_language(); } $_SESSION['language'] = $lng->language['directory'];
function vam_collect_posts() { global $coupon_no, $REMOTE_ADDR, $vamPrice, $cc_id; if (!$REMOTE_ADDR) { $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; } if ($_POST['gv_redeem_code']) { $gv_query = vam_db_query("select coupon_id, coupon_amount, coupon_type, coupon_minimum_order,uses_per_coupon, uses_per_user, restrict_to_products,restrict_to_categories from " . TABLE_COUPONS . " where coupon_code='" . $_POST['gv_redeem_code'] . "' and coupon_active='Y'"); $gv_result = vam_db_fetch_array($gv_query); if (vam_db_num_rows($gv_query) != 0) { $redeem_query = vam_db_query("select * from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $gv_result['coupon_id'] . "'"); if (vam_db_num_rows($redeem_query) != 0 && $gv_result['coupon_type'] == 'G') { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_INVALID_REDEEM_GV), 'SSL')); } } else { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_INVALID_REDEEM_GV), 'SSL')); } // GIFT CODE G START if ($gv_result['coupon_type'] == 'G') { $gv_amount = $gv_result['coupon_amount']; // Things to set // ip address of claimant // customer id of claimant // date // redemption flag // now update customer account with gv_amount $gv_amount_query = vam_db_query("select amount from " . TABLE_COUPON_GV_CUSTOMER . " where customer_id = '" . $_SESSION['customer_id'] . "'"); $customer_gv = false; $total_gv_amount = $gv_amount; if ($gv_amount_result = vam_db_fetch_array($gv_amount_query)) { $total_gv_amount = $gv_amount_result['amount'] + $gv_amount; $customer_gv = true; } $gv_update = vam_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $gv_result['coupon_id'] . "'"); $gv_redeem = vam_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $gv_result['coupon_id'] . "', '" . $_SESSION['customer_id'] . "', now(),'" . $REMOTE_ADDR . "')"); if ($customer_gv) { // already has gv_amount so update $gv_update = vam_db_query("update " . TABLE_COUPON_GV_CUSTOMER . " set amount = '" . $total_gv_amount . "' where customer_id = '" . $_SESSION['customer_id'] . "'"); } else { // no gv_amount so insert $gv_insert = vam_db_query("insert into " . TABLE_COUPON_GV_CUSTOMER . " (customer_id, amount) values ('" . $_SESSION['customer_id'] . "', '" . $total_gv_amount . "')"); } vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(REDEEMED_AMOUNT . $vamPrice->Format($gv_amount, true, 0, true)), 'SSL')); } else { if (vam_db_num_rows($gv_query) == 0) { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_INVALID_REDEEM_COUPON), 'SSL')); } $date_query = vam_db_query("select coupon_start_date from " . TABLE_COUPONS . " where coupon_start_date <= now() and coupon_code='" . $_POST['gv_redeem_code'] . "'"); if (vam_db_num_rows($date_query) == 0) { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_STARTDATE_COUPON), 'SSL')); } $date_query = vam_db_query("select coupon_expire_date from " . TABLE_COUPONS . " where coupon_expire_date >= now() and coupon_code='" . $_POST['gv_redeem_code'] . "'"); if (vam_db_num_rows($date_query) == 0) { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_FINISDATE_COUPON), 'SSL')); } $coupon_count = vam_db_query("select coupon_id from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $gv_result['coupon_id'] . "'"); $coupon_count_customer = vam_db_query("select coupon_id from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $gv_result['coupon_id'] . "' and customer_id = '" . $_SESSION['customer_id'] . "'"); if (vam_db_num_rows($coupon_count) >= $gv_result['uses_per_coupon'] && $gv_result['uses_per_coupon'] > 0) { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_USES_COUPON . $gv_result['uses_per_coupon'] . TIMES), 'SSL')); } if (vam_db_num_rows($coupon_count_customer) >= $gv_result['uses_per_user'] && $gv_result['uses_per_user'] > 0) { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_INVALID_USES_USER_COUPON . $gv_result['uses_per_user'] . TIMES), 'SSL')); } if ($gv_result['coupon_type'] == 'S') { $coupon_amount = $order->info['shipping_cost']; } else { $coupon_amount = $gv_result['coupon_amount'] . ' '; } if ($gv_result['coupon_type'] == 'P') { $coupon_amount = $gv_result['coupon_amount'] . '% '; } if ($gv_result['coupon_minimum_order'] > 0) { $coupon_amount .= 'on orders greater than ' . $gv_result['coupon_minimum_order']; } if (!vam_session_is_registered('cc_id')) { vam_session_register('cc_id'); } //Fred - this was commented out before $_SESSION['cc_id'] = $gv_result['coupon_id']; //Fred ADDED, set the global and session variable vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(REDEEMED_COUPON), 'SSL')); } } if ($_POST['submit_redeem_x'] && $gv_result['coupon_type'] == 'G') { vam_redirect(vam_href_link(FILENAME_SHOPPING_CART, 'info_message=' . urlencode(ERROR_NO_REDEEM_CODE), 'SSL')); } }