echo $return;
?>
" name="return" />
<br/>
<input type="submit" value="<?php
echo $VM_LANG->_('BUTTON_LOGIN');
?>
" class="button" name="Login" />
<?php
if (vmIsJoomla(1.5)) {
$validate = JUtility::getToken();
} elseif (function_exists('josspoofvalue')) {
$validate = josSpoofValue(1);
} else {
// used for spoof hardening
$validate = vmSpoofValue(1);
}
?>
<input type="hidden" name="<?php
echo $validate;
?>
" value="1" />
</form>
</td>
</tr>
<tr>
<td colspan="2">
<a href="<?php
echo $reset;
?>
">
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="post" name="adminForm">';
$clean_products = array();
for ($i = 0; $i < $count; $i++) {
$clean_products[$i] = intval($products[$i]);
echo '<input type="hidden" name="product_id[]" value="' . $clean_products[$i] . '" />';
}
$products = $clean_products;
$db->query('SELECT `product_name` FROM `#__{vm}_product` WHERE `product_id` IN(' . implode(',', $products) . ') ORDER BY `product_name`');
echo "\n<h1 class=\"header\">" . $VM_LANG->_('VM_PRODUCTS_MOVE_LBL') . "</h1>\n";
echo '<table class="adminform"><tr>';
echo '<th>' . $VM_LANG->_('VM_PRODUCTS_MOVE_TO_CATEGORY') . "</th>\n";
echo '<th>' . sprintf($VM_LANG->_('VM_PRODUCTS_MOVE_LIST'), $count) . "</th>\n";
echo '</tr><tr>';
echo '<td valign="top">';
$ps_product_category->list_all('category_id', 0, array(), 10, false, false, array($category_id));
echo "</td>\n";
echo "<td>\n";
echo '<ul style="text-align:left;height:250px;max-height:300px;overflow:auto;">';
while ($db->next_record()) {
echo '<li>' . $db->f('product_name') . "</li>\n";
}
echo "</ul>\n";
echo '</td></tr></table>';
echo '<input type="hidden" name="page" value="product.product_list" />
<input type="hidden" name="func" value="moveProduct" />
<input type="hidden" name="vmtoken" value="' . vmSpoofValue($sess->getSessionId()) . '" />
<input type="hidden" name="task" value="" />
<input type="hidden" name="pshop_mode" value="admin" />
<input type="hidden" name="option" value="' . $option . '" />
<input type="hidden" name="old_category_id" value="' . $category_id . '" />
</form>';
/**
* Equivalent to Joomla's josSpoofCheck function
* @author Joomla core team
*
* @param boolean $header
* @param unknown_type $alt
*/
function vmSpoofCheck($header = NULL, $alt = NULL)
{
global $vm_mainframe;
if (!empty($_GET['vmtoken']) || !empty($_POST['vmtoken'])) {
$validate_hash = vmGet($_REQUEST, 'vmtoken', null);
$validate = vmSpoofValue($alt) == $validate_hash;
} else {
$validate = vmGet($_REQUEST, vmSpoofValue($alt), 0);
}
// probably a spoofing attack
if (!$validate) {
header('HTTP/1.0 403 Forbidden');
$vm_mainframe->errorAlert('Sorry, but we could not verify your Security Token.\\nGo back and try again please.');
return false;
}
// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:
if (!isset($_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.0 403 Forbidden');
$vm_mainframe->errorAlert('Sorry, but we could not identify your web browser.\\nBut this is necessary for using this web page.');
return false;
}
/* //NOTE: this is not really necessary, because GET request should also be allowed.
// Make sure the request was done using "POST"
if (!$_SERVER['REQUEST_METHOD'] == 'POST' ) {
header( 'HTTP/1.0 403 Forbidden' );
$vm_mainframe->errorAlert( $VM_LANG->_('NOT_AUTH') );
return false;
}
*/
if ($header) {
// Attempt to defend against header injections:
$badStrings = array('Content-Type:', 'MIME-Version:', 'Content-Transfer-Encoding:', 'bcc:', 'cc:');
// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach ($_POST as $k => $v) {
foreach ($badStrings as $v2) {
if (strpos($v, $v2) !== false) {
header("HTTP/1.0 403 Forbidden");
$vm_mainframe->errorAlert('We are sorry, but using E-Mail Headers in Fields is not allowed.');
return false;
}
}
}
// Made it past spammer test, free up some memory
// and continue rest of script:
unset($k, $v, $v2, $badStrings);
}
return true;
}
/**
* Writes necessary hidden input fields
* and closes the form
*/
function finishForm($func, $page = '')
{
$no_menu = vmRequest::getInt('no_menu');
$html = '
<input type="hidden" name="vmtoken" value="' . vmSpoofValue($GLOBALS['sess']->getSessionId()) . '" />
<input type="hidden" name="func" value="' . $func . '" />
<input type="hidden" name="page" value="' . $page . '" />
<input type="hidden" name="task" value="" />
<input type="hidden" name="option" value="' . VM_COMPONENT_NAME . '" />';
if ($no_menu) {
$html .= '<input type="hidden" name="ajax_request" value="1" />';
} else {
$html .= '<input type="hidden" name="ajax_request" value="0" />';
}
$html .= '<input type="hidden" name="no_menu" value="' . $no_menu . '" />';
$html .= '<input type="hidden" name="no_toolbar" value="' . vmGet($_REQUEST, 'no_toolbar', 0) . '" />';
$html .= '<input type="hidden" name="only_page" value="' . vmGet($_REQUEST, 'only_page', 0) . '" />';
if (defined("_VM_IS_BACKEND") || @$_REQUEST['pshop_mode'] == "admin") {
$html .= '<input type="hidden" name="pshop_admin" value="admin" />';
}
$html .= '
</form>
';
echo $html;
}
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<?php
echo "<strong>" . $VM_LANG->_('PHPSHOP_ORDER_PRINT_PO_STATUS') . ": </strong>";
$ps_order_status->list_order_status($dbt->f("order_status"));
?>
<input type="submit" class="button" name="Submit" value="<?php
echo $VM_LANG->_('PHPSHOP_UPDATE');
?>
" />
<input type="hidden" name="page" value="order.order_print" />
<input type="hidden" name="func" value="orderStatusSet" />
<input type="hidden" name="vmtoken" value="<?php
echo vmSpoofValue($sess->getSessionId());
?>
" />
<input type="hidden" name="option" value="com_virtuemart" />
<input type="hidden" name="current_order_status" value="<?php
$dbt->p("order_status");
?>
" />
<input type="hidden" name="order_id" value="<?php
echo $order_id;
?>
" />
<input type="hidden" name="order_item_id" value="<?php
$dbt->p("order_item_id");
?>
" />
require_once CLASSPATH . "htmlTools.class.php";
$missing = vmGet($_REQUEST, "missing", "");
if (!empty($missing)) {
echo "<script type=\"text/javascript\">alert('" . $VM_LANG->_('CONTACT_FORM_NC', false) . "'); </script>\n";
}
// If not using NO_REGISTRATION, redirect with a warning when Joomla doesn't allow user registration
if ($mosConfig_allowUserRegistration == "0" && VM_REGISTRATION_TYPE != 'NO_REGISTRATION') {
$msg = 'User registration is disabled, it must be enabled in order to proceed.';
vmRedirect($sess->url('index.php?page=' . HOMEPAGE, true, false), $msg);
return;
}
if (vmIsJoomla('1.5')) {
// Set the validation value
$validate = JUtility::getToken();
} else {
$validate = function_exists('josspoofvalue') ? josSpoofValue(1) : vmSpoofValue(1);
}
$fields = ps_userfield::getUserFields('registration', false, '', false);
// Read-only fields on registration don't make sense.
foreach ($fields as $field) {
$field->readonly = 0;
}
$skip_fields = array();
if ($my->id > 0 || VM_REGISTRATION_TYPE != 'NORMAL_REGISTRATION' && VM_REGISTRATION_TYPE != 'OPTIONAL_REGISTRATION' && ($page == 'checkout.index' || $page == 'shop.registration')) {
// A listing of fields that are NOT shown
$skip_fields = array('username', 'password', 'password2');
if ($my->id) {
$skip_fields[] = 'email';
}
}
// This is the part that prints out ALL registration fields!
" />
<?php
} else {
?>
<input type="hidden" name="func" value="userAddressAdd" />
<?php
}
if ($vmLayout == 'extended') {
?>
<input type="hidden" name="ajax_request" value="1" />
<?php
}
?>
<input type="hidden" name="vmtoken" value="<?php
echo vmSpoofValue($GLOBALS['sess']->getSessionId());
?>
" />
<input type="hidden" name="address_type" value="ST">
<input type="hidden" name="page" value="<?php
echo $modulename;
?>
.user_form" />
<input type="hidden" name="cache" value="0" />
<input type="hidden" name="task" value="" />
<input type="hidden" name="user_id" value="<?php
echo $user_id;
?>
" />
<input type="hidden" name="cid[0]" value="<?php
echo $user_id;
/**
* This creates a header above the list table, containing a search box
* @param The Label for the list (will be used as list heading!)
* @param The core module name (e.g. "product")
* @param The page name (e.g. "product_list" )
* @param Additional varaibles to include as hidden input fields
*/
function writeSearchHeader($title, $image = "", $modulename, $pagename)
{
global $sess, $keyword, $VM_LANG;
if (!empty($keyword)) {
$keyword = urldecode($keyword);
} else {
$keyword = "";
}
$search_date = JRequest::getVar('search_date', null);
//vmGet( $_REQUEST, 'search_date', null);
$show = JRequest::getVar('show', '');
//( $_REQUEST, "show", "" );
$header = '<a name="listheader"></a>';
$header .= '<form name="adminForm" action="' . $_SERVER['PHP_SELF'] . '" method="post">
<input type="hidden" name="option" value="' . VM_COMPONENT_NAME . '" />
<input type="hidden" name="page" value="' . $modulename . '.' . $pagename . '" />
<input type="hidden" name="task" value="" />
<input type="hidden" name="func" value="" />
<input type="hidden" name="vmtoken" value="' . vmSpoofValue($sess->getSessionId()) . '" />
<input type="hidden" name="no_menu" value="' . vmRequest::getInt('no_menu') . '" />
<input type="hidden" name="no_toolbar" value="' . vmRequest::getInt('no_toolbar') . '" />
<input type="hidden" name="only_page" value="' . vmRequest::getInt('only_page') . '" />
<input type="hidden" name="boxchecked" />';
if (defined("_VM_IS_BACKEND") || @$_REQUEST['pshop_mode'] == "admin") {
$header .= "<input type=\"hidden\" name=\"pshop_mode\" value=\"admin\" />\n";
}
if ($title != "" || !empty($pagename)) {
$header .= '<table><tr>';
if ($title != "") {
$style = $image != '' ? 'style="background:url(' . $image . ') no-repeat;text-indent: 30px;line-height: 50px;"' : '';
$header .= '<td><div class="header" ' . $style . '><h2 style="margin: 0px;">' . $title . '</h2></div></td>' . "\n";
$GLOBALS['vm_mainframe']->setPageTitle($title);
}
if (!empty($pagename)) {
$header .= '<td width="20%">
<input class="inputbox" type="text" size="25" name="keyword" value="' . shopMakeHtmlSafe($keyword) . '" />
<input class="button" type="submit" name="search" value="' . $VM_LANG->_('PHPSHOP_SEARCH_TITLE') . '" />
</td>';
}
$header .= "\n</tr></table><br style=\"clear:both;\" />\n";
}
if (!empty($search_date)) {
// Changed search by date
$header .= '<input type="hidden" name="search_date" value="' . $search_date . '" />';
}
if (!empty($show)) {
$header .= "<input type=\"hidden\" name=\"show\" value=\"{$show}\" />\n";
}
echo $header;
}
/**
* This reformats an URL, appends "option=com_virtuemart" and "Itemid=XX"
* where XX is the Id of an entry in the table mos_menu with "link: option=com_virtuemart"
* It also calls sefRelToAbs to apply SEF formatting
*
* @param string $text THE URL
* @param boolean False: Create a URI like /joomla/index.php?....; True: Create a URI like http://www.domain.com/index.php?....
* @return string The reformatted URL
*/
function url($text, $createAbsoluteURI = false, $encodeAmpersands = true, $ignoreSEF = false)
{
global $mm_action_url, $page, $mainframe;
if (!defined('_VM_IS_BACKEND')) {
$Itemid = "&Itemid=" . $this->getShopItemid();
} else {
$Itemid = '';
}
switch ($text) {
case SECUREURL:
$text = SECUREURL . basename($_SERVER['SCRIPT_NAME']) . "?" . $this->component_name . $Itemid;
break;
case URL:
$text = URL . basename($_SERVER['SCRIPT_NAME']) . "?" . $this->component_name . $Itemid;
break;
default:
$limiter = strpos($text, '?');
if (!stristr($text, $_SERVER['SCRIPT_NAME']) && $limiter === false) {
$text = '?' . $text;
}
$appendix = "";
// now append "&option=com_virtuemart&Itemid=XX"
if (!strstr($text, "option=")) {
$appendix .= "&" . $this->component_name;
}
$appendix .= $Itemid;
$script = basename(substr($text, 0, $limiter));
if ($script == '') {
$script = basename($_SERVER['SCRIPT_NAME']);
}
if (!defined('_VM_IS_BACKEND')) {
if ($script == 'index3.php') {
$script = 'index2.php';
// index3.php is not available in the frontend!
}
$appendix = $script . substr($text, $limiter, strlen($text)) . $appendix;
if (class_exists('JRoute') && !$ignoreSEF && $mainframe->getCfg('sef')) {
$appendix = JRoute::_(str_replace($script . '&', $script . '?', $appendix));
} else {
if (function_exists('sefRelToAbs') && !$ignoreSEF && !defined('_JLEGACY')) {
$appendix = sefRelToAbs(str_replace($script . '&', $script . '?', $appendix));
}
}
if ($createAbsoluteURI && substr($appendix, 0, 4) != 'http' && ($ignoreSEF || !$mainframe->getCfg('sef'))) {
$appendix = URL . $appendix;
}
} elseif ($_SERVER['SERVER_PORT'] == 443) {
//$script = strstr($_SERVER['PHP_SELF'], 'index2.php') ? 'index2.php' : 'index3.php';
$appendix = SECUREURL . "administrator/{$script}" . substr($text, $limiter, strlen($text) - 1) . $appendix;
} else {
//$script = strstr($_SERVER['PHP_SELF'], 'index2.php') ? 'index2.php' : 'index3.php';
$appendix = URL . "administrator/{$script}" . substr($text, $limiter, strlen($text) - 1) . $appendix;
}
if (vmIsAdminMode() && strstr($text, 'func') !== false) {
$appendix .= '&vmtoken=' . vmSpoofValue($this->getSessionId());
}
if (stristr($text, SECUREURL)) {
$appendix = str_replace(URL, SECUREURL, $appendix);
} elseif (stristr($text, URL) && $createAbsoluteURI) {
$appendix = str_replace(SECUREURL, URL, $appendix);
}
$text = $appendix;
break;
}
if ($encodeAmpersands) {
$text = vmAmpReplace($text);
} else {
$text = str_replace('&', '&', $text);
}
return $text;
}
/**
* This reformats an URL, appends "option=com_virtuemart" and "Itemid=XX"
* where XX is the Id of an entry in the table mos_menu with "link: option=com_virtuemart"
* It also calls sefRelToAbs to apply SEF formatting
*
* @param string $text THE URL
* @param boolean False: Create a URI like /joomla/index.php?....; True: Create a URI like http://www.domain.com/index.php?....
* @return string The reformatted URL
*/
function url($text, $createAbsoluteURI = false, $encodeAmpersands = true, $ignoreSEF = false)
{
global $mm_action_url, $page, $mainframe;
if (!defined('_VM_IS_BACKEND')) {
// Strip the parameters from the $text variable and parse to a temporary array
$tmp_text = str_replace('amp;', '', substr($text, strpos($text, '?')));
if (substr($tmp_text, 0, 1) == '?') {
$tmp_text = substr($tmp_text, 1);
}
parse_str($tmp_text, $ii_arr);
// Init the temp. Itemid
$tmp_Itemid = '';
$db = new ps_DB();
// Check if there is a menuitem for a product_id (highest priority)
if (!empty($ii_arr['product_id'])) {
if ($ii_product_id = intval($ii_arr['product_id'])) {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%product_id={$ii_product_id}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// Check if there is a menuitem for a category_id
// This only checks for the exact category ID, it might be good to check for parents also. But at the moment, this would produce a lot of queries
if (!empty($ii_arr['category_id'])) {
$ii_cat_id = intval($ii_arr['category_id']);
if ($ii_cat_id && $tmp_Itemid == '') {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%category_id={$ii_cat_id}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// Check if there is a menuitem for a flypage
if (!empty($ii_arr['flypage'])) {
$ii_flypage = $db->getEscaped(vmget($ii_arr, 'flypage'));
if ($ii_flypage && $tmp_Itemid == '') {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%flypage={$ii_flypage}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// Check if there is a menuitem for a page
if (!empty($ii_arr['page'])) {
$ii_page = $db->getEscaped(vmget($ii_arr, 'page'));
if ($ii_page && $tmp_Itemid == '') {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%page={$ii_page}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// If we haven't found an Itemid, use the standard VM-Itemid
$Itemid = "&Itemid=" . ($tmp_Itemid ? $tmp_Itemid : $this->getShopItemid());
} else {
$Itemid = NULL;
}
// split url into base ? path
$limiter = strpos($text, '?');
if ($limiter === false) {
if (!strstr($text, "=")) {
// $text recognized to be parameter-list (bug?)
$base = NULL;
$params = $text;
} else {
// text recognized to be url without parameters
$base = $mm_action_url;
$params = $text;
}
} else {
// base?params
$base = substr($text, 0, $limiter);
$params = substr($text, $limiter + 1);
}
// normalize base (cut off multislashes)
$base = str_replace("//", "/", $base);
$base = str_replace(":/", "://", $base);
// add script name to naked base url
// TODO: Improve
if ($base == URL || $base == SECUREURL) {
$base .= basename($_SERVER['SCRIPT_NAME']);
}
if (!basename($base)) {
$base .= basename($_SERVER['SCRIPT_NAME']);
}
// append "&option=com_virtuemart&Itemid=XX"
$params .= !strstr($params, $this->component_name) ? ($params ? "&" : NULL) . $this->component_name : NULL;
$params .= $Itemid;
if (vmIsAdminMode() && strstr($text, 'func') !== false) {
$params .= ($params ? "&" : NULL) . 'vmtoken=' . vmSpoofValue($this->getSessionId());
}
if (!defined('_VM_IS_BACKEND')) {
// index3.php is not available in the frontend!
$base = str_replace("index3.php", "index2.php", $base);
$url = basename($base) . "?" . $params;
// make url absolute
if ($createAbsoluteURI && !substr($url, 0, 4) != "http") {
$url = (stristr($text, SECUREURL) ? SECUREURL : URL) . substr($url, $url[0] == '/' ? 1 : 0);
}
if (class_exists('JRoute') && !$ignoreSEF && $mainframe->getCfg('sef')) {
$url = JRoute::_($url);
} else {
if (function_exists('sefRelToAbs') && !$ignoreSEF && !defined('_JLEGACY')) {
$url = sefRelToAbs($url);
}
}
} else {
// backend
$url = ($_SERVER['SERVER_PORT'] == 443 ? SECUREURL : URL) . "administrator/" . basename($base) . "?" . $params;
}
$url = $encodeAmpersands ? vmAmpReplace($url) : str_replace('&', '&', $url);
return $url;
}
