/**
* WP eCommerce Admin AJAX functions
*
* These are the WPSC Admin AJAX functions
*
* @package wp-e-commerce
* @since 3.7
*
* @uses update_option() Updates option in the database given key and value
* @uses wp_delete_term() Removes term from the database
* @uses fetch_rss() DEPRECATED
* @uses wpsc_member_dedeactivate_subscriptions() @todo docs
* @uses wpsc_member_deactivate_subscriptions() @todo docs
* @uses wpsc_update_purchase_log_status() Updates the status of the logs for a purchase
* @uses transaction_results() Main function for creating purchase reports
* @uses wpsc_find_purchlog_status_name() Finds name of given status
*/
function wpsc_admin_ajax()
{
if (!wpsc_is_store_admin()) {
return;
}
global $wpdb;
if (isset($_POST['action']) && $_POST['action'] == 'product-page-order') {
$current_order = get_option('wpsc_product_page_order');
$new_order = $_POST['order'];
if (isset($new_order["advanced"])) {
$current_order["advanced"] = array_unique(explode(',', $new_order["advanced"]));
}
if (isset($new_order["side"])) {
$current_order["side"] = array_unique(explode(',', $new_order["side"]));
}
update_option('wpsc_product_page_order', $current_order);
exit(print_r($order, 1));
}
if (isset($_POST['save_image_upload_state']) && $_POST['save_image_upload_state'] == 'true' && is_numeric($_POST['image_upload_state'])) {
$upload_state = (int) (bool) $_POST['image_upload_state'];
update_option('wpsc_use_flash_uploader', $upload_state);
exit("done");
}
if (isset($_POST['remove_variation_value']) && $_POST['remove_variation_value'] == "true" && is_numeric($_POST['variation_value_id'])) {
$value_id = absint($_GET['variation_value_id']);
echo wp_delete_term($value_id, 'wpsc-variation');
exit;
}
if (isset($_REQUEST['log_state']) && $_REQUEST['log_state'] == "true" && is_numeric($_POST['id']) && is_numeric($_POST['value'])) {
$newvalue = $_POST['value'];
if ($_REQUEST['suspend'] == 'true') {
if ($_REQUEST['value'] == 1 && function_exists('wpsc_member_dedeactivate_subscriptions')) {
wpsc_member_dedeactivate_subscriptions($_POST['id']);
} elseif (function_exists('wpsc_member_deactivate_subscriptions')) {
wpsc_member_deactivate_subscriptions($_POST['id']);
}
exit;
} else {
$log_data = $wpdb->get_row($wpdb->prepare("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '%d' LIMIT 1", $_POST['id']), ARRAY_A);
if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
wpsc_update_purchase_log_status($_POST['id'], $newvalue);
if ($newvalue > $log_data['processed'] && $log_data['processed'] < 2) {
transaction_results($log_data['sessionid'], false);
}
$status_name = wpsc_find_purchlog_status_name($purchase['processed']);
echo "document.getElementById(\"form_group_" . absint($_POST['id']) . "_text\").innerHTML = '" . $status_name . "';\n";
$year = date("Y");
$month = date("m");
$start_timestamp = mktime(0, 0, 0, $month, 1, $year);
$end_timestamp = mktime(0, 0, 0, $month + 1, 0, $year);
echo "document.getElementById(\"log_total_month\").innerHTML = '" . addslashes(wpsc_currency_display(admin_display_total_price($start_timestamp, $end_timestamp))) . "';\n";
echo "document.getElementById(\"log_total_absolute\").innerHTML = '" . addslashes(wpsc_currency_display(admin_display_total_price())) . "';\n";
exit;
}
}
}
function wpsc_purchlog_edit_status($purchlog_id = '', $purchlog_status = '')
{
global $wpdb;
if ($purchlog_id == '' && $purchlog_status == '') {
$purchlog_id = absint($_POST['purchlog_id']);
$purchlog_status = absint($_POST['purchlog_status']);
}
$log_data = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '{$purchlog_id}' LIMIT 1", ARRAY_A);
if ($purchlog_status == 2 && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
// if the order is marked as failed, remove the claim on the stock
if ($purchlog_status == 5) {
$wpdb->query("DELETE FROM `" . WPSC_TABLE_CLAIMED_STOCK . "` WHERE `cart_id` = '{$purchlog_id}' AND `cart_submitted` = '1'");
//echo "DELETE FROM `".WPSC_TABLE_CLAIMED_STOCK."` WHERE `cart_id` = '{$purchlog_id}' AND `cart_submitted` = '1'";
}
$wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET processed='{$purchlog_status}' WHERE id='{$purchlog_id}'");
if ($purchlog_status > $log_data['processed'] && $log_data['processed'] <= 2) {
transaction_results($log_data['sessionid'], false);
}
// exit("1");
}
function nzshpcrt_submit_ajax()
{
global $wpdb, $user_level, $wp_rewrite;
get_currentuserinfo();
if (get_option('permalink_structure') != '') {
$seperator = "?";
} else {
$seperator = "&";
}
$cartt = $_SESSION['nzshpcrt_cart'];
$cartt1 = $cartt[0]->product_id;
// if is an AJAX request, cruddy code, could be done better but getting approval would be impossible
if ($_POST['ajax'] == "true" || $_GET['ajax'] == "true") {
if ($_POST['metabox'] == 'true') {
$output .= "<div class='meta_box'>";
if (get_option('multi_add') == '1') {
$output .= TXT_WPSC_QUANTITY . ": <input type='text' name='quantity[]' size='3'><br>";
}
if (get_option('time_requested') == '1') {
$output .= TXT_WPSC_DATE_REQUESTED . ": <input type='text' class='time_requested' name='time_requested[]' size='10'><br>";
}
if (get_option('commenting') == '1') {
$output .= TXT_WPSC_COMMENT . ":<br><textarea type='text' name='comment[]'></textarea><br>";
}
$output .= TXT_WPSC_LABEL . ":<br><textarea type='text' name='label[]'></textarea><br>";
$output .= "</div>";
exit($output);
}
if ($_POST['submittogoogle']) {
$newvalue = $_POST['value'];
$amount = $_POST['amount'];
$reason = $_POST['reason'];
$comment = $_POST['comment'];
$message = $_POST['message'];
$amount = number_format($amount, 2, '.', '');
$log_data = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
$google_status = unserialize($log_data['google_status']);
switch ($newvalue) {
case "Charge":
if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
if ($amount == '') {
$google_status['0'] = 'Partially Charged';
} else {
$google_status['0'] = 'CHARGED';
$google_status['partial_charge_amount'] = $amount;
}
}
break;
case "Cancel":
if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
$google_status[0] = 'CANCELLED';
}
if ($google_status[1] != 'DELIVERED') {
$google_status[1] = 'WILL_NOT_DELIVER';
}
break;
case "Refund":
if ($amount == '') {
$google_status['0'] = 'Partially Refund';
} else {
$google_status['0'] = 'REFUND';
$google_status['partial_refund_amount'] = $amount;
}
break;
case "Ship":
if ($google_status[1] != 'WILL_NOT_DELIVER') {
$google_status[1] = 'DELIVERED';
}
break;
case "Archive":
$google_status[1] = 'ARCHIVED';
break;
}
$google_status_sql = "UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET google_status='" . serialize($google_status) . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
$wpdb->query($google_status_sql);
$merchant_id = get_option('google_id');
$merchant_key = get_option('google_key');
$server_type = get_option('google_server_type');
$currency = get_option('google_cur');
$Grequest = new GoogleRequest($merchant_id, $merchant_key, $server_type, $currency);
$google_order_number = $wpdb->get_var("SELECT google_order_number FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1");
switch ($newvalue) {
case 'Charge':
$Grequest->SendChargeOrder($google_order_number, $amount);
break;
case 'Ship':
$Grequest->SendDeliverOrder($google_order_number);
break;
case 'Archive':
$Grequest->SendArchiveOrder($google_order_number);
break;
case 'Refund':
$Grequest->SendRefundOrder($google_order_number, $amount, $reason);
break;
case 'Cancel':
$Grequest->SendCancelOrder($google_order_number, $reason, $comment);
break;
case 'Send Message':
$Grequest->SendBuyerMessage($google_order_number, $message);
break;
}
$newvalue++;
$update_sql = "UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
//$wpdb->query($update_sql);
exit;
}
/*
if(($_GET['user'] == "true") && is_numeric($_POST['prodid'])) {
if(function_exists('wpsc_members_init')) {
$memberstatus = get_product_meta($_POST['prodid'],'is_membership',true);
}
if(($memberstatus=='1') && ($_SESSION['nzshopcrt_cart']!=NULL)){
} else{
$sql = "SELECT * FROM `".WPSC_TABLE_PRODUCT_LIST."` WHERE `id`='".$_POST['prodid']."' LIMIT 1";
$item_data = $wpdb->get_results($sql,ARRAY_A);
if ($_POST['quantity']!='') {
$add_quantity = $_POST['quantity'];
}
$item_quantity = 0;
if($_SESSION['nzshpcrt_cart'] != null) {
foreach($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
if (($memberstatus[0]!='1')&&($_SESSION['nzshpcrt_cart']!=NULL)){
if($cart_item->product_id == $_POST['prodid']) {
if(($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $_POST['variation'])&&($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $_POST['extras'])) {
$item_quantity += $_SESSION['nzshpcrt_cart'][$cart_key]->quantity;
$item_variations = $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations;
}
}
}
}
}
$item_stock = null;
$variation_count = count($_POST['variation']);
if($variation_count >= 1) {
foreach($_POST['variation'] as $value_id) {
if(is_numeric($value_id)) {
$value_ids[] = (int)$value_id;
}
}
if(count($value_ids) > 0) {
$variation_ids = $wpdb->get_col("SELECT `variation_id` FROM `".WPSC_TABLE_VARIATION_VALUES."` WHERE `id` IN ('".implode("','",$value_ids)."')");
asort($variation_ids);
$all_variation_ids = implode(",", $variation_ids);
$priceandstock_id = $wpdb->get_var("SELECT `priceandstock_id` FROM `".WPSC_TABLE_VARIATION_COMBINATIONS."` WHERE `product_id` = '".(int)$_POST['prodid']."' AND `value_id` IN ( '".implode("', '",$value_ids )."' ) AND `all_variation_ids` IN('$all_variation_ids') GROUP BY `priceandstock_id` HAVING COUNT( `priceandstock_id` ) = '".count($value_ids)."' LIMIT 1");
$variation_stock_data = $wpdb->get_row("SELECT * FROM `".WPSC_TABLE_VARIATION_PROPERTIES."` WHERE `id` = '{$priceandstock_id}' LIMIT 1", ARRAY_A);
$item_stock = $variation_stock_data['stock'];
}
}
if($item_stock === null) {
$item_stock = $item_data[0]['quantity'];
}
if((($item_data[0]['quantity_limited'] == 1) && ($item_stock > 0) && ($item_stock > $item_quantity)) || ($item_data[0]['quantity_limited'] == 0)) {
$cartcount = count($_SESSION['nzshpcrt_cart']);
if(is_array($_POST['variation'])) { $variations = $_POST['variation']; } else { $variations = null; }
//if(is_array($_POST['extras'])) { $extras = $_POST['extras']; } else { $extras = null; }
$updated_quantity = false;
if($_SESSION['nzshpcrt_cart'] != null) {
foreach($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
if ((!($memberstatus[0]=='1')&&(count($_SESSION['nzshpcrt_cart'])>0))) {
if((int)$cart_item->product_id === (int)$_POST['prodid']) { // force both to integer before testing for identicality
if(($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $extras)&&($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $variations) && ((int)$_SESSION['nzshpcrt_cart'][$cart_key]->donation_price == (int)$_POST['donation_price'])) {
if ($_POST['quantity'] != ''){
if(is_array($_POST['quantity'])) {
foreach ((array)$_POST['quantity'] as $qty) {
$_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int)$qty;
}
} else {
$_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int)$_POST['quantity'];
}
} else {
$_SESSION['nzshpcrt_cart'][$cart_key]->quantity++;
}
$_SESSION['nzshpcrt_cart'][$cart_key]->comment = $_POST['comment'];
foreach((array)$_POST['label'] as $key => $label) {
if ($label != '') {
if (array_key_exists($label, $_SESSION['nzshpcrt_cart'][$cart_key]->meta)) {
$_SESSION['nzshpcrt_cart'][$cart_key]->meta[$label]+=(int)$_POST['quantity'][$key];
$_SESSION['nzshpcrt_cart'][$cart_key]->time_requested[$label] = $_POST['time_requested'][$key];
} else {
$_SESSION['nzshpcrt_cart'][$cart_key]->meta[$label] = $_POST['quantity'][$key];
$_SESSION['nzshpcrt_cart'][$cart_key]->time_requested[$label] = $_POST['time_requested'][$key];
}
}
}
$updated_quantity = true;
}
}
}
}
}
if($item_data[0]['donation'] == 1) {
$donation = $_POST['donation_price'];
} else {
$donation = false;
}
if(!(($memberstatus=='1')&&(count($_SESSION['nzshpcrt_cart'])>0))){
$status = get_product_meta($cartt1, 'is_membership', true);
if (function_exists('wpsc_members_init') && ( $status=='1')){
exit();
}
$parameters = array();
if($updated_quantity === false) {
$parameters['variation_values'] = $variations;
$parameters['provided_price'] = $donation;
$parameters['meta']=null;
if($_POST['quantity'] != '') {
$total_qty = 0;
foreach ($_POST['quantity'] as $key=>$qty) {
$total_qty+=$qty;
$label[$_POST['label'][$key]] = $qty;
$time_requested[$_POST['label'][$key]] = $_POST['time_requested'][$key];
}
$parameters['quantity'] = $total_qty;
//$new_cart_item = new wpsc_cart_item($_POST['prodid'],$variations,$total_qty, $donation,$_POST['comment'],$time_requested,$label);
} else {
$parameters['quantity'] = 1;
}
//mail('*****@*****.**', 'stuff', print_r($parameters,true));
$new_cart_item = new wpsc_cart_item($_POST['prodid'],$parameters);
$_SESSION['nzshpcrt_cart'][] = $new_cart_item;
}
}
} else {
$quantity_limit = true;
}
$cart = $_SESSION['nzshpcrt_cart'];
if (($memberstatus[0]=='1')&&(count($cart)>1)) {
} else {
$status = get_product_meta($cartt1, 'is_membership', true);
if (function_exists('wpsc_members_init') && ( $status=='1')){
exit('st');
}
//require_once(WPSC_FILE_PATH."/shopping_cart_functions.php");
echo "if(document.getElementById('shoppingcartcontents') != null)
{
document.getElementById('shoppingcartcontents').innerHTML = \"".str_replace(Array("\n","\r") , "",addslashes(nzshpcrt_shopping_basket_internals($cart,$quantity_limit))). "\";
}
";
if($_SESSION['slider_state'] == 0) {
//echo 'jQuery("#sliding_cart").css({ display: "none"});'."\n\r";
} else {
//echo 'jQuery("#sliding_cart").css({ display: "block"});'."\n\r";
}
}
}
exit();
} else if(($_POST['user'] == "true") && ($_POST['emptycart'] == "true")) {
$_SESSION['nzshpcrt_cart'] = '';
$_SESSION['nzshpcrt_cart'] = Array();
echo "if(document.getElementById('shoppingcartcontents') != null) {
document.getElementById('shoppingcartcontents').innerHTML = \"".str_replace(Array("\n","\r") , "", addslashes(nzshpcrt_shopping_basket_internals($cart))). "\";
}\n\r";
if($_POST['current_page'] == get_option('shopping_cart_url')) {
echo "window.location = '".get_option('shopping_cart_url')."';\n\r"; // if we are on the checkout page, redirect back to it to clear the non-ajax cart too
}
exit();
}*/
if ($_POST['store_list'] == "true") {
$map_data['address'] = $_POST['addr'];
$map_data['city'] = $_POST['city'];
$map_data['country'] = 'US';
$map_data['zipcode'] = '';
$map_data['radius'] = '50000';
$map_data['state'] = '';
$map_data['submit'] = 'Find Store';
$stores = getdistance($map_data);
$i = 0;
while ($rows = mysql_fetch_array($stores)) {
//echo "<pre>".print_r($rows,1)."</pre>";
if ($i == 0) {
$closest_store = $rows[5];
}
$i++;
$store_list[$i] = $rows[5];
}
foreach ($store_list as $store) {
$output .= "<option value='{$store}'>{$store}</option>";
}
echo $output;
exit;
}
if (is_numeric($_POST['currencyid'])) {
$currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `id`='" . $_POST['currencyid'] . "' LIMIT 1", ARRAY_A);
$price_out = null;
if ($currency_data[0]['symbol'] != '') {
$currency_sign = $currency_data[0]['symbol_html'];
} else {
$currency_sign = $currency_data[0]['code'];
}
echo $currency_sign;
exit;
}
if ($_POST['buynow'] == "true") {
if (is_numeric($_REQUEST['product_id']) && is_numeric($_REQUEST['price'])) {
$id = $wpdb->escape((int) $_REQUEST['product_id']);
$price = $wpdb->escape((double) $_REQUEST['price']);
$downloads = get_option('max_downloads');
$product_info = $wpdb->get_row("SELECT * FROM " . WPSC_TABLE_PRODUCT_LIST . " WHERE id = " . $id . " LIMIT 1", ARRAY_A);
if (count($product_info) > 0) {
$sessionid = mt_rand(100, 999) . time();
$sql = "INSERT INTO `" . WPSC_TABLE_PURCHASE_LOGS . "` ( `totalprice` , `sessionid` , `date`, `billing_country`, `shipping_country`,`shipping_region`, `user_ID`, `discount_value` ) VALUES ( '" . $price . "', '" . $sessionid . "', '" . time() . "', 'BuyNow', 'BuyNow', 'BuyNow' , NULL , 0)";
$wpdb->query($sql);
$log_id = $wpdb->get_var("SELECT `id` FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid` IN('" . $sessionid . "') LIMIT 1");
$cartsql = "INSERT INTO `" . WPSC_TABLE_CART_CONTENTS . "` ( `prodid` , `purchaseid`, `price`, `pnp`, `gst`, `quantity`, `donation`, `no_shipping` ) VALUES ('" . $id . "', '" . $log_id . "','" . $price . "','0', '0','1', '" . $donation . "', '1')";
$wpdb->query($cartsql);
$wpdb->query("INSERT INTO `" . WPSC_TABLE_DOWNLOAD_STATUS . "` ( `fileid` , `purchid` , `downloads` , `active` , `datetime` ) VALUES ( '" . $product_info['file'] . "', '" . $log_id . "', '{$downloads}', '0', NOW( ));");
}
}
exit;
}
/* rate item */
if ($_POST['rate_item'] == "true" && is_numeric($_POST['product_id']) && is_numeric($_POST['rating'])) {
$nowtime = time();
$prodid = $_POST['product_id'];
$ip_number = $_SERVER['REMOTE_ADDR'];
$rating = $_POST['rating'];
$cookie_data = explode(",", $_COOKIE['voting_cookie'][$prodid]);
if (is_numeric($cookie_data[0]) && $cookie_data[0] > 0) {
$vote_id = $cookie_data[0];
$wpdb->query("UPDATE `" . WPSC_TABLE_PRODUCT_RATING . "` SET `rated` = '" . $rating . "' WHERE `id` ='" . $vote_id . "' LIMIT 1 ;");
} else {
$insert_sql = "INSERT INTO `" . WPSC_TABLE_PRODUCT_RATING . "` ( `ipnum` , `productid` , `rated`, `time`) VALUES ( '" . $ip_number . "', '" . $prodid . "', '" . $rating . "', '" . $nowtime . "');";
$wpdb->query($insert_sql);
$data = $wpdb->get_results("SELECT `id`,`rated` FROM `" . WPSC_TABLE_PRODUCT_RATING . "` WHERE `ipnum`='" . $ip_number . "' AND `productid` = '" . $prodid . "' AND `rated` = '" . $rating . "' AND `time` = '" . $nowtime . "' ORDER BY `id` DESC LIMIT 1", ARRAY_A);
$vote_id = $data[0]['id'];
setcookie("voting_cookie[{$prodid}]", $vote_id . "," . $rating, time() + 60 * 60 * 24 * 360);
}
$output[1] = $prodid;
$output[2] = $rating;
echo $output[1] . "," . $output[2];
exit;
}
//written by allen
if ($_REQUEST['save_tracking_id'] == "true") {
$id = $_POST['id'];
$value = $_POST['value'];
$update_sql = "UPDATE " . WPSC_TABLE_PURCHASE_LOGS . " SET track_id = '" . $value . "' WHERE id={$id}";
$wpdb->query($update_sql);
exit;
}
if ($_POST['get_updated_price'] == "true" && is_numeric($_POST['product_id'])) {
$notax = $wpdb->get_var("SELECT `notax` FROM `" . WPSC_TABLE_PRODUCT_LIST . "` WHERE `id` IN('" . $_POST['product_id'] . "') LIMIT 1");
foreach ((array) $_POST['variation'] as $variation) {
if (is_numeric($variation)) {
$variations[] = (int) $variation;
}
}
$pm = $_POST['pm'];
echo "product_id=" . (int) $_POST['product_id'] . ";\n";
echo "price=\"" . nzshpcrt_currency_display(calculate_product_price((int) $_POST['product_id'], $variations, 'stay', $extras), $notax, true) . "\";\n";
echo "numeric_price=\"" . number_format(calculate_product_price((int) $_POST['product_id'], $variations, 'stay', $extras), 2) . "\";\n";
//exit(print_r($extras,1));
exit(" ");
}
// if(($_POST['redisplay_variation_values'] == "true")) {
// $variation_processor = new nzshpcrt_variations();
// $variations_selected = array_values(array_unique(array_merge((array)$_POST['new_variation_id'], (array)$_POST['variation_id'])));
// foreach($variations_selected as $variation_id) {
// // cast everything to integer to make sure nothing nasty gets in.
// $variation_list[] = (int)$variation_id;
// }
// echo $variation_processor->variations_add_grid_view((array)$variation_list);
// //echo "/*\n\r".print_r(array_values(array_unique($_POST['variation_id'])),true)."\n\r*/";
// exit();
// }
//
/*
* function for handling the checkout billing address
*/
if (preg_match("/[a-zA-Z]{2,4}/", $_POST['billing_country'])) {
if ($_SESSION['selected_country'] == $_POST['billing_country']) {
$do_not_refresh_regions = true;
} else {
$do_not_refresh_regions = false;
$_SESSION['selected_country'] = $_POST['billing_country'];
}
if (is_numeric($_POST['form_id'])) {
$form_id = $_POST['form_id'];
$html_form_id = "region_country_form_{$form_id}";
} else {
$html_form_id = 'region_country_form';
}
if (is_numeric($_POST['billing_region'])) {
$_SESSION['selected_region'] = $_POST['billing_region'];
}
$cart =& $_SESSION['nzshpcrt_cart'];
if ($memberstatus[0] == '1' && count($cart) > 0) {
echo "\n\r";
} else {
if ($status[0] == '1') {
exit;
}
echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t {\n\t\t\t\t\t document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t }\n\r";
if ($do_not_refresh_regions == false) {
$region_list = $wpdb->get_results("SELECT `" . WPSC_TABLE_REGION_TAX . "`.* FROM `" . WPSC_TABLE_REGION_TAX . "`, `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `" . WPSC_TABLE_CURRENCY_LIST . "`.`isocode` IN('" . $_POST['billing_country'] . "') AND `" . WPSC_TABLE_CURRENCY_LIST . "`.`id` = `" . WPSC_TABLE_REGION_TAX . "`.`country_id`", ARRAY_A);
if ($region_list != null) {
$output .= "<select name='collected_data[" . $form_id . "][1]' class='current_region' onchange='set_billing_country(\\\"{$html_form_id}\\\", \\\"{$form_id}\\\");'>";
//$output .= "<option value=''>None</option>";
foreach ($region_list as $region) {
if ($_SESSION['selected_region'] == $region['id']) {
$selected = "selected='true'";
} else {
$selected = "";
}
$output .= "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>";
}
$output .= "</select>";
echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\tdocument.getElementById('region_select_{$form_id}').innerHTML = \"" . $output . "\";\n\t\t\t\t\t\t\t}\n\r";
} else {
echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t\t\t\t\t{\n\t\t\t\t\t\tdocument.getElementById('region_select_{$form_id}').innerHTML = \"\";\n\t\t\t\t\t\t}\n\r";
}
}
}
if ($_POST['changetax'] == "true") {
if (isset($_POST['billing_region'])) {
$billing_region = $_POST['billing_region'];
} else {
$billing_region = $_SESSION['selected_region'];
}
$billing_country = $_POST['billing_country'];
$price = 0;
$tax = 0;
foreach ((array) $cart as $cart_item) {
$product_id = $cart_item->product_id;
$quantity = $cart_item->quantity;
//echo("<pre>".print_r($cart_item->product_variations,true)."</pre>");
$product = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PRODUCT_LIST . "` WHERE `id` = '{$product_id}' LIMIT 1", ARRAY_A);
if ($product['donation'] == 1) {
$price += $quantity * $cart_item->donation_price;
} else {
$product_price = $quantity * calculate_product_price($product_id, $cart_item->product_variations);
if ($product['notax'] != 1) {
$tax += nzshpcrt_calculate_tax($product_price, $billing_country, $billing_region) - $product_price;
}
$price += $product_price;
$all_donations = false;
}
if ($_SESSION['delivery_country'] != null) {
$total_shipping += nzshpcrt_determine_item_shipping($product['id'], $quantity, $_SESSION['delivery_country']);
}
}
$total_shipping += nzshpcrt_determine_base_shipping(0, $_SESSION['delivery_country']);
$total = number_format($tax + $price + $total_shipping, 2);
if ($tax > 0) {
echo "jQuery(\"tr.total_tax td\").show();\n\r";
} else {
echo "jQuery(\"tr.total_tax td\").hide();\n\r";
}
$tax = number_format($tax, 2);
echo "jQuery('#checkout_tax').html(\"<span class='pricedisplay'>\${$tax}</span>\");\n\r";
echo "jQuery('#checkout_total').html(\"<span class='pricedisplay'>\${$total}</span><input id='shopping_cart_total_price' type='hidden' value='\${$total}'>\");\n\r";
}
exit;
}
if ($_POST['get_country_tax'] == "true" && preg_match("/[a-zA-Z]{2,4}/", $_POST['country_id'])) {
$country_id = $_POST['country_id'];
$region_list = $wpdb->get_results("SELECT `" . WPSC_TABLE_REGION_TAX . "`.* FROM `" . WPSC_TABLE_REGION_TAX . "`, `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `" . WPSC_TABLE_CURRENCY_LIST . "`.`isocode` IN('" . $country_id . "') AND `" . WPSC_TABLE_CURRENCY_LIST . "`.`id` = `" . WPSC_TABLE_REGION_TAX . "`.`country_id`", ARRAY_A);
if ($region_list != null) {
echo "<select name='base_region'>\n\r";
foreach ($region_list as $region) {
if (get_option('base_region') == $region['id']) {
$selected = "selected='true'";
} else {
$selected = "";
}
echo "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>\n\r";
}
echo "</select>\n\r";
} else {
echo " ";
}
exit;
}
/* fill product form */
if ($_POST['set_slider'] == "true" && is_numeric($_POST['state'])) {
$_SESSION['slider_state'] = $_POST['state'];
exit;
}
/* fill category form */
if ($_GET['action'] == "register") {
$siteurl = get_option('siteurl');
require_once ABSPATH . WPINC . '/registration-functions.php';
if ($_POST['action'] == 'register' && get_settings('users_can_register')) {
//exit("fail for testing purposes");
$user_login = sanitize_user($_POST['user_login']);
$user_email = $_POST['user_email'];
$errors = array();
if ($user_login == '') {
exit($errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking e-mail address */
if ($user_email == '') {
exit(__('<strong>ERROR</strong>: Please type your e-mail address.'));
} else {
if (!is_email($user_email)) {
exit(__('<strong>ERROR</strong>: The email address isn’t correct.'));
$user_email = '';
}
}
if (!validate_username($user_login)) {
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
$user_login = '';
}
if (username_exists($user_login)) {
exit(__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
}
/* checking the email isn't already used by another user */
$email_exists = $wpdb->get_row("SELECT user_email FROM {$wpdb->users} WHERE user_email = '{$user_email}'");
if ($email_exists) {
die(__('<strong>ERROR</strong>: This email address is already registered, please supply another.'));
}
if (0 == count($errors)) {
$password = substr(md5(uniqid(microtime())), 0, 7);
//xit('there?');
$user_id = wp_create_user($user_login, $password, $user_email);
if (!$user_id) {
exit(sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
} else {
wp_new_user_notification($user_id, $password);
?>
<div id="login">
<h2><?php
_e('Registration Complete');
?>
</h2>
<p><?php
printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>");
?>
<br />
<?php
printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>');
?>
<br />
<?php
printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>");
?>
</p>
</div>
<?php
}
}
} else {
// onsubmit='submit_register_form(this);return false;'
echo "<div id='login'>\n <h2>Register for this blog</h2>\n <form id='registerform' action='index.php?ajax=true&action=register' onsubmit='submit_register_form(this);return false;' method='post'>\n <p><input type='hidden' value='register' name='action'/>\n <label for='user_login'>Username:</label><br/> <input type='text' value='' maxlength='20' size='20' id='user_login' name='user_login'/><br/></p>\n <p><label for='user_email'>E-mail:</label><br/> <input type='text' value='' maxlength='100' size='25' id='user_email' name='user_email'/></p>\n <p>A password will be emailed to you.</p>\n <p class='submit'><input type='submit' name='submit_form' id='submit' value='" . TXT_WPSC_REGISTER . " »'/><img id='register_loading_img' src='" . WPSC_URL . "/images/loading.gif' alt='' title=''></p>\n\n \n </form>\n </div>";
}
exit;
}
}
/*
* AJAX stuff stops here, I would put an exit here, but it may screw up other plugins
//exit();
*/
}
function wpsc_purchlog_edit_status($purchlog_id = '', $purchlog_status = '')
{
global $wpdb;
if (empty($purchlog_id) && empty($purchlog_status)) {
$purchlog_id = absint($_POST['purchlog_id']);
$purchlog_status = absint($_POST['purchlog_status']);
}
$log_data = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '{$purchlog_id}' LIMIT 1", ARRAY_A);
$is_transaction = wpsc_check_purchase_processed($log_data['processed']);
if ($is_transaction && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
//in the future when everyone is using the 2.0 merchant api, we should use the merchant class to update the staus,
// then you can get rid of this hook and have each person overwrite the method that updates the status.
do_action('wpsc_edit_order_status', array('purchlog_id' => $purchlog_id, 'purchlog_data' => $log_data, 'new_status' => $purchlog_status));
$wpdb->update(WPSC_TABLE_PURCHASE_LOGS, array('processed' => $purchlog_status), array('id' => $purchlog_id), '%d', '%d');
wpsc_clear_stock_claims();
wpsc_decrement_claimed_stock($purchlog_id);
if ($purchlog_status == 3) {
transaction_results($log_data['sessionid'], false, null);
}
}
function gateway_authorize($seperator, $sessionid)
{
global $wpdb, $wpsc_cart;
$purchase_log_sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid`= " . $sessionid . " LIMIT 1";
$purchase_log = $wpdb->get_row($purchase_log_sql, ARRAY_A);
$cart_sql = "SELECT * FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid`='" . $purchase_log['id'] . "'";
$cart = $wpdb->get_results($cart_sql, ARRAY_A);
$prodid = $cart[0]['prodid'];
$product_sql = "SELECT * FROM `" . WPSC_TABLE_PRODUCT_LIST . "` WHERE `id`='" . $prodid . "'";
$product_data = $wpdb->get_results($product_sql, ARRAY_A);
$status = get_product_meta($prodid, 'is_membership', true);
$free_trial = get_product_meta($prodid, 'free_trial', true);
if ($status[0] == 1 && function_exists('wpsc_members_init')) {
$membership_length = get_product_meta($prodid, 'membership_length', true);
$membership_length = $membership_length[0];
$length = $membership_length['length'];
$unit = $membership_length['unit'];
if ($unit == 'd') {
$unit = 'days';
} elseif ($unit == 'm') {
$unit = 'months';
}
$amount = nzshpcrt_overall_total_price($_SESSION['selected_country']);
$loginname = get_option('authorize_login');
$transactionkey = get_option("authorize_password");
$firstName = $_POST['collected_data'][get_option('authorize_form_first_name')];
$lastName = $_POST['collected_data'][get_option('authorize_form_last_name')];
$cardNumber = $_POST['card_number'];
$expirationDate = "20" . $_POST['expiry']['year'] . "-" . $_POST['expiry']['month'];
$cardCode = $_POST['card_code'];
$startDate = date('Y-m-d');
$totalOccurrences = 99;
$trialOccurrences = 1;
$amount = $product_data[0]['price'];
$trialAmount = 0;
$xml = "<?xml version='1.0' encoding='utf-8' ?>" . "<ARBCreateSubscriptionRequest xmlns='AnetApi/xml/v1/schema/AnetApiSchema.xsd'>" . "<merchantAuthentication>" . "<name>" . $loginname . "</name>" . "<transactionKey>" . $transactionkey . "</transactionKey>" . "</merchantAuthentication>" . "<refId>Instinct</refId>" . "<subscription>" . "<name>Samplesubscription</name>" . "<paymentSchedule>" . "<interval>" . "<length>" . $length . "</length>" . "<unit>" . $unit . "</unit>" . "</interval>" . "<startDate>" . $startDate . "</startDate>" . "<totalOccurrences>" . $totalOccurrences . "</totalOccurrences>" . "<trialOccurrences>" . $trialOccurrences . "</trialOccurrences>" . "</paymentSchedule>" . "<amount>" . $amount . "</amount>" . "<trialAmount>" . $trialAmount . "</trialAmount>" . "<payment>" . "<creditCard>" . "<cardNumber>" . $cardNumber . "</cardNumber>" . "<expirationDate>" . $expirationDate . "</expirationDate>" . "<cardCode>" . $cardCode . "</cardCode>" . "</creditCard>" . "</payment>" . "<billTo>" . "<firstName>" . $firstName . "</firstName>" . "<lastName>" . $lastName . "</lastName>" . "</billTo>" . "</subscription>" . "</ARBCreateSubscriptionRequest>";
// exit("<pre>".print_r($xml,1)."</pre>");
//Send the XML via curl
$response = send_request_via_curl($host, $path, $xml);
//If curl is unavilable you can try using fsockopen
/*
$response = send_request_via_fsockopen($host,$path,$content);
*/
//If the connection and send worked $response holds the return from Authorize.Net
if ($response) {
list($refId, $resultCode, $code, $text, $subscriptionId) = parse_return($response);
if ($code == 'I00001') {
$wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '2' WHERE `sessionid` = " . $sessionid . " LIMIT 1");
$results = $wpdb->get_results("select * from `" . WPSC_TABLE_LOGGED_SUBSCRIPTIONS . "` where cart_id=" . $cart[0]['id'] . "", ARRAY_A);
$sub_id = $results[0]['id'];
wpsc_member_activate_subscriptions($sub_id);
header("Location: " . get_option('transact_url') . $seperator . "sessionid=" . $sessionid);
} else {
echo " refId: {$refId}<br>";
echo " resultCode: {$resultCode} <br>";
echo " code: {$code}<br>";
echo " text: {$text}<br>";
echo " subscriptionId: {$subscriptionId} <br><br>";
}
} else {
echo "send failed <br>";
}
//Dump the response to the screen for debugging
//echo "<xmp>$response</xmp>"; //Display response SOAP
exit('');
}
if ($purchase_log['shipping_country'] != null) {
$shipping_country = $purchase_log['shipping_country'];
}
if ($purchase_log['shipping_region'] != null) {
$shipping_region = $purchase_log['shipping_region'];
} else {
$shipping_region = 0;
}
if ($purchase_log['billing_country'] != null) {
$billing_country = $purchase_log['billing_country'];
}
if ($purchase_log['billing_region'] != null) {
$billing_region = $purchase_log['billing_region'];
$billing_region = $wpdb->get_var("SELECT code FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE id='" . $billing_region . "'");
} else {
$billing_region = 0;
}
$authorize_data = array();
$authorize_data['x_Version'] = "3.1";
$authorize_data['x_Login'] = urlencode(get_option('authorize_login'));
$authorize_data['x_Password'] = urlencode(get_option("authorize_password"));
$authorize_data['x_Delim_Data'] = urlencode("TRUE");
$authorize_data['x_Delim_Char'] = urlencode(",");
$authorize_data['x_Encap_Char'] = urlencode("");
$authorize_data['x_Type'] = urlencode("AUTH_CAPTURE");
$authorize_data['x_ADC_Relay_Response'] = urlencode("FALSE");
if (get_option('authorize_testmode') == 1) {
$authorize_data['x_Test_Request'] = urlencode("TRUE");
}
$authorize_data['x_Method'] = urlencode("CC");
$authorize_data['x_Amount'] = number_format(nzshpcrt_overall_total_price($_SESSION['delivery_country'], false, false), 2);
$authorize_data['x_First_Name'] = urlencode($_POST['collected_data'][get_option('authorize_form_first_name')]);
$authorize_data['x_Last_Name'] = urlencode($_POST['collected_data'][get_option('authorize_form_last_name')]);
$authorize_data['x_Card_Num'] = urlencode($_POST['card_number']);
$authorize_data['x_Exp_Date'] = urlencode($_POST['expiry']['month'] . $_POST['expiry']['year']);
$authorize_data['x_Card_Code'] = urlencode($_POST['card_code']);
$authorize_data['x_Address'] = urlencode($_POST['collected_data'][get_option('authorize_form_address')]);
$authorize_data['x_City'] = urlencode($_POST['collected_data'][get_option('authorize_form_city')]);
$authorize_data['x_Zip'] = urlencode($_POST['collected_data'][get_option('authorize_form_post_code')]);
$authorize_data['x_State'] = urlencode($billing_region);
$authorize_data['x_Country'] = urlencode($billing_country);
$authorize_data['x_Phone'] = urlencode($_POST['collected_data'][get_option('authorize_form_phone')]);
$authorize_data['x_Email'] = urlencode($_POST['collected_data'][get_option('authorize_form_email')]);
$authorize_data['x_Email_Customer'] = urlencode("TRUE");
$authorize_data['x_Merchant_Email'] = urlencode(get_option('purch_log_email'));
// MY ADDITIONS HERE
$authorize_data['x_Description'] = urlencode(get_option('authorize_form_description'));
$authorize_data['x_invoice_num'] = $cart[0]['purchaseid'];
$authorize_data['x_cust_id'] = $cart[0]['purchaseid'];
$setstate = $_POST['collected_data'][get_option('authorize_form_country')][1];
$setstate = $wpdb->get_var("SELECT code FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE id='" . $setstate . "'");
// $authorize_data['x_State'] = urlencode($setstate);
$setcountry = $_POST['collected_data'][get_option('authorize_form_country')][0];
// $authorize_data['x_Country'] = urlencode($setcountry);
$authorize_data['x_ship_to_First_Name'] = urlencode($_POST['collected_data'][get_option('authorize_form_ship_first_name')]);
$authorize_data['x_ship_to_Last_Name'] = urlencode($_POST['collected_data'][get_option('authorize_form_ship_last_name')]);
$authorize_data['x_ship_to_Address'] = urlencode($_POST['collected_data'][get_option('authorize_form_ship_address')]);
$authorize_data['x_ship_to_City'] = urlencode($_POST['collected_data'][get_option('authorize_form_ship_city')]);
$authorize_data['x_ship_to_Zip'] = urlencode($_POST['collected_data'][get_option('authorize_form_ship_post_code')]);
$setstate = $_POST['collected_data'][get_option('authorize_form_ship_state')];
$shipping_region = $wpdb->get_var("SELECT code FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE id='" . $shipping_region . "'");
$authorize_data['x_ship_to_State'] = urlencode($shipping_region);
// $setcountry=$_POST['collected_data'][get_option('authorize_form_ship_country')];
$authorize_data['x_ship_to_Country'] = urlencode($shipping_country);
$authorize_data['x_tax'] = urlencode($wpsc_cart->total_tax);
if (wpsc_uses_shipping()) {
$authorize_data['x_freight'] = urlencode($wpsc_cart->selected_shipping_method . '<|>' . $wpsc_cart->selected_shipping_option . '<|>' . $wpsc_cart->base_shipping);
}
// Extra shopping cart data for credit card receipt
if (isset($cart[0])) {
foreach ($cart as $k => $v) {
$authorize_data['item_' . $k . '_name'] = $v['name'];
$authorize_data['item_' . $k . '_qty'] = $v['quantity'];
$authorize_data['item_' . $k . '_price'] = $v['price'];
}
}
if ($x_Password != '') {
$authorize_data['x_Password'] = $x_Password;
}
#
# Build fields string to post, nicer than the old code
#
$num = 0;
foreach ($authorize_data as $key => $value) {
if ($num > 0) {
$fields .= "&";
}
$fields .= $key . "=" . $value;
$num++;
}
#
# Start CURL session
#
$user_agent = "WP eCommerce plugin for Wordpress";
$referrer = get_option('transact_url');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://secure.authorize.net/gateway/transact.dll");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_NOPROGRESS, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_TIMEOUT, 120);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_REFERER, $referrer);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$buffer = curl_exec($ch);
curl_close($ch);
// This section of the code is the change from Version 1.
// This allows this script to process all information provided by Authorize.net...
// and not just whether if the transaction was successful or not
// Provided in the true spirit of giving by Chuck Carpenter (Chuck@MLSphotos.com)
// Be sure to email him and tell him how much you appreciate his efforts for PHP coders everywhere
$return = preg_split("/[,]+/", "{$buffer}");
// Splits out the buffer return into an array so . . .
$details = $return[0];
// This can grab the Transaction ID at position 1 in the array
$wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `transactid` = '" . $wpdb->escape($return[18]) . "' WHERE `sessionid` = " . $sessionid . " LIMIT 1");
// echo "Location: ".$transact_url.$seperator."sessionid=".$sessionid;
// exit("<pre>".print_r($return,true)."</pre>");
// Change the number to grab additional information. Consult the AIM guidelines to see what information is provided in each position.
// For instance, to get the Transaction ID from the returned information (in position 7)..
// Simply add the following:
// $x_trans_id = $return[6];
// You may then use the switch statement (or other process) to process the information provided
// Example below is to see if the transaction was charged successfully
if (get_option('permalink_structure') != '') {
$seperator = "?";
} else {
$seperator = "&";
}
switch ($details) {
case 1:
// Credit Card Successfully Charged
$processing_stage = $wpdb->get_var("SELECT `processed` FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid` = " . $sessionid . " LIMIT 1");
if ($processing_stage < 2) {
$wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed` = '2' WHERE `sessionid` = " . $sessionid . " LIMIT 1");
}
header("Location: " . get_option('transact_url') . $seperator . "sessionid=" . $sessionid);
exit;
break;
default:
// Credit Card Not Successfully Charged
$_SESSION['wpsc_checkout_misc_error_messages'][] = "Credit Card Processing Error: " . $return[3];
//. " ". print_r($return,true)
header("Location: " . get_option('shopping_cart_url') . $seperator . "total=" . nzshpcrt_overall_total_price($_POST['collected_data'][get_option('country_form_field')]));
exit;
break;
}
}
function gateway_eway($seperator, $sessionid)
{
global $wpdb, $wpsc_cart;
$purchase_log_sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `sessionid`= '" . $sessionid . "' LIMIT 1";
$purchase_log = $wpdb->get_results($purchase_log_sql, ARRAY_A);
$purchase_log = $purchase_log[0];
$cart_sql = "SELECT * FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid`='" . $purchase_log['id'] . "'";
$cart = $wpdb->get_results($cart_sql, ARRAY_A);
$member_subtype = get_product_meta($cart[0]['prodid'], 'is_permenant', true);
$member_shiptype = get_product_meta($cart[0]['prodid'], 'membership_length', true);
$member_shiptype = $member_shiptype[0];
$status = get_product_meta($cart[0]['prodid'], 'is_membership', true);
$is_member = $status;
$is_perm = $member_subtype;
if ($_POST['collected_data'][get_option('eway_form_first_name')] != '') {
$data['first_name'] = esc_attr($_POST['collected_data'][get_option('eway_form_first_name')]);
}
if ($_POST['collected_data'][get_option('eway_form_last_name')] != '') {
$data['last_name'] = esc_attr($_POST['collected_data'][get_option('eway_form_last_name')]);
}
if ($_POST['collected_data'][get_option('eway_form_address')] != '') {
$address_rows = explode("\n\r", $_POST['collected_data'][get_option('eway_form_address')]);
$data['address1'] = esc_attr(str_replace(array("\n", "\r"), '', $address_rows[0]));
unset($address_rows[0]);
if ($address_rows != null) {
$data['address2'] = implode(", ", $address_rows);
} else {
$data['address2'] = '';
}
}
//exit('<pre>'.print_r($wpsc_cart, true).'</pre>');
foreach ($wpsc_cart->cart_items as $item) {
$itemsName .= $item->product_name . ', ';
//exit('<pre>'.print_r($item,true).'</pre>');
}
if ($_POST['collected_data'][get_option('eway_form_city')] != '') {
$data['city'] = esc_attr($_POST['collected_data'][get_option('eway_form_city')]);
}
if (empty($_POST['collected_data'][get_option('eway_form_state')]) && isset($_POST['collected_data'][get_option('eway_form_country')][1]) && !empty($_POST['collected_data'][get_option('eway_form_country')][1])) {
$data['state'] = $_POST['collected_data'][get_option('eway_form_country')][1];
} elseif (!empty($_POST['collected_data'][get_option('eway_form_state')])) {
$data['state'] = $_POST['collected_data'][get_option('eway_form_state')];
}
if ($_POST['collected_data'][get_option('eway_form_country')] != '') {
$data['country'] = $_POST['collected_data'][get_option('eway_form_country')][0];
}
if (is_numeric($_POST['collected_data'][get_option('eway_form_post_code')])) {
$data['zip'] = esc_attr($_POST['collected_data'][get_option('eway_form_post_code')]);
}
if ($_POST['collected_data'][get_option('eway_form_email')]) {
$data['email'] = $_POST['collected_data'][get_option('eway_form_email')];
}
if ($_POST['collected_data'][get_option('email_form_field')] != null && $data['email'] == null) {
$data['email'] = esc_attr($_POST['collected_data'][get_option('email_form_field')]);
}
// Live or Test Server?
if (get_option('eway_test')) {
$user = '******';
$gateway = false;
} else {
$user = get_option('ewayCustomerID_id');
$gateway = true;
}
if ($is_member[0]) {
require_once WPSC_GOLD_FILE_PATH . '/ewaylib/GatewayConnector.php';
$objRebill = new RebillPayment();
$objRebill->CustomerRef($purchase_log['id']);
$objRebill->CustomerTitle('');
$objRebill->CustomerFirstName($data['first_name']);
$objRebill->CustomerLastName($data['last_name']);
$objRebill->CustomerCompany('');
$objRebill->CustomerJobDesc('');
$objRebill->CustomerEmail($data['email']);
$objRebill->CustomerAddress($data['address1']);
$objRebill->CustomerSuburb('');
$objRebill->CustomerState($data['state']);
$objRebill->CustomerPostCode($data['zip']);
$objRebill->CustomerCountry($data['country']);
$objRebill->CustomerPhone1($data['phone']);
$objRebill->CustomerPhone2('');
$objRebill->CustomerFax('');
$objRebill->CustomerURL('');
$objRebill->CustomerComments('');
$objRebill->RebillInvRef('');
$objRebill->RebillInvDesc('');
$objRebill->RebillCCname($data['first_name'] . " " . $data['last_name']);
$objRebill->RebillCCNumber($_POST['card_number']);
$objRebill->RebillInitAmt($purchase_log['totalprice']);
$objRebill->RebillInitDate(date('d/m/Y'));
$objRebill->RebillRecurAmt($purchase_log['totalprice']);
$objRebill->RebillStartDate(date('d/m/Y'));
$objRebill->RebillEndDate(date("d/m/Y", mktime(0, 0, 0, date('m'), date('d'), (int) date('Y') + 1)));
$objRebill->RebillCCExpMonth($_POST['expiry']['month']);
$objRebill->RebillCCExpYear($_POST['expiry']['year']);
$objRebill->RebillInterval($member_shiptype['length']);
switch ($member_shiptype['unit']) {
case 'd':
$member_ship_unit = '1';
break;
case 'w':
$member_ship_unit = '2';
break;
case 'm':
$member_ship_unit = '3';
break;
case 'y':
$member_ship_unit = '4';
break;
}
$objRebill->RebillIntervalType($member_ship_unit);
$objRebill->eWAYCustomerID($user);
$objConnector = new GatewayConnector($gateway);
if ($objConnector->ProcessRequest($objRebill)) {
$objResponse = $objConnector->Response();
if ($objResponse != null) {
$lblResult = $objResponse->Result();
if ($lblResult == 'Success') {
wpsc_member_activate_subscriptions($purchase_log['id']);
$_SESSION['nzshpcrt_cart'] = '';
$_SESSION['nzshpcrt_cart'] = array();
header("Location:" . get_option('product_list_url'));
}
$lblErrorDescription = $objResponse->ErrorDetails();
$lblErrorSeverity = $objResponse->ErrorSeverity();
// This is woefully inadequate!!!
exit('An Error has occured >' . $lblResult . " " . $lblErrorDescription . " " . $lblErrorSeverity);
}
} else {
exit("Rebill Gateway failed: " . $objConnector->Response());
}
} else {
require WPSC_GOLD_FILE_PATH . '/merchants/ewaylib/EwayPaymentLive.php';
//echo WPSC_GOLD_FILE_PATH.'/ewaylib/EwayPaymentLive.php';
if (get_option('eway_cvn')) {
$method = 'REAL_TIME_CVN';
} else {
$method = 'REAL_TIME';
}
$eway = new EwayPaymentLive($user, $method, $gateway);
$amount = number_format($purchase_log['totalprice'], 2, '.', '') * 100;
$eway->setTransactionData("TotalAmount", $amount);
//mandatory field
$eway->setTransactionData("CustomerFirstName", $data['first_name']);
$eway->setTransactionData("CustomerLastName", $data['last_name']);
$eway->setTransactionData("CustomerEmail", $data['email']);
$eway->setTransactionData("CustomerAddress", $data['address1'] . ' ' . $data['state']);
$eway->setTransactionData("CustomerPostcode", $data['zip']);
$eway->setTransactionData("CustomerInvoiceDescription", $itemsName);
$eway->setTransactionData("CustomerInvoiceRef", $purchase_log['id']);
$eway->setTransactionData("CardHoldersName", $data['first_name'] . ' ' . $data['last_name']);
//mandatory field
$eway->setTransactionData("CardNumber", $_POST['card_number']);
//mandatory field
$eway->setTransactionData("CardExpiryMonth", $_POST['expiry']['month']);
//mandatory field
$eway->setTransactionData("CardExpiryYear", $_POST['expiry']['year']);
//mandatory field
$eway->setTransactionData("TrxnNumber", $purchase_log['id']);
$eway->setTransactionData("Option1", "");
$eway->setTransactionData("Option2", "");
$eway->setTransactionData("Option3", "");
//for REAL_TIME_CVN
$eway->setTransactionData("CVN", $_POST['cvn']);
//for GEO_IP_ANTI_FRAUD
$eway->setTransactionData("CustomerIPAddress", $eway->getVisitorIP());
//mandatory field when using Geo-IP Anti-Fraud
$eway->setTransactionData("CustomerBillingCountry", $data['country']);
//mandatory field when using Geo-IP Anti-Fraud
//special preferences for php Curl
$eway->setCurlPreferences(CURLOPT_SSL_VERIFYPEER, 0);
//pass a long that is set to a zero value to stop curl from verifying the peer's certificate
//$eway->setCurlPreferences(CURLOPT_CAINFO, "/usr/share/ssl/certs/my.cert.crt"); //Pass a filename of a file holding one or more certificates to verify the peer with. This only makes sense when used in combination with the CURLOPT_SSL_VERIFYPEER option.
//$eway->setCurlPreferences(CURLOPT_CAPATH, "/usr/share/ssl/certs/my.cert.path");
//$eway->setCurlPreferences(CURLOPT_PROXYTYPE, CURLPROXY_HTTP); //use CURL proxy, for example godaddy.com hosting requires it
//$eway->setCurlPreferences(CURLOPT_PROXY, "http://proxy.shr.secureserver.net:3128"); //use CURL proxy, for example godaddy.com hosting requires it
$ewayResponseFields = $eway->doPayment();
//exit(print_r($ewayResponseFields,1));
//print_r($ewayResponseFields);
if ($ewayResponseFields["EWAYTRXNSTATUS"] == "False") {
$message .= "<h3>Please Check the Payment Results</h3>";
$message .= "Your transaction was not successful." . "<br><br>";
$message .= $ewayResponseFields['EWAYTRXNERROR'] . "<br><br>";
$message .= "<a href=" . get_option('shopping_cart_url') . ">Click here to go back to checkout page.</a>";
$_SESSION['eway_message'] = $message;
header("Location:" . get_option('transact_url') . $seperator . "eway=0&result=" . $sessionid . "&message=1");
//exit();
} else {
if ($ewayResponseFields["EWAYTRXNSTATUS"] == "True") {
$wpdb->query("UPDATE `" . WPSC_TABLE_PURCHASE_LOGS . "` SET `processed`='2' WHERE `sessionid`='" . $sessionid . "' LIMIT 1");
transaction_results($sessionid, false);
$message .= "Your transaction was successful." . "<br><br>";
$message .= $ewayResponseFields['EWAYTRXNERROR'] . "<br><br>";
$_SESSION['eway_message'] = $message;
header("Location:" . get_option('transact_url') . $seperator . "eway=1&result=" . $sessionid . "&message=1");
//exit();
}
}
}
//echo $_SESSION['eway_message'];
exit;
}
function nzshpcrt_submit_ajax()
{
global $wpdb, $user_level, $wp_rewrite;
get_currentuserinfo();
if (get_option('permalink_structure') != '') {
$seperator = "?";
} else {
$seperator = "&";
}
$cartt = $_SESSION['nzshpcrt_cart'];
$cartt1 = $cartt[0]->product_id;
// if is an AJAX request, cruddy code, could be done better but getting approval would be impossible
if ($_POST['ajax'] == "true" || $_GET['ajax'] == "true") {
if ($_POST['changetax'] == "true") {
if (isset($_POST['billing_region'])) {
$billing_region = $_POST['billing_region'];
} else {
$billing_region = $_SESSION['selected_region'];
}
$billing_country = $_POST['billing_country'];
foreach ($cartt as $cart_item) {
$product_id = $cart_item->product_id;
$quantity = $cart_item->quantity;
//echo("<pre>".print_r($cart_item->product_variations,true)."</pre>");
$product = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "product_list` WHERE `id` = '{$product_id}' LIMIT 1", ARRAY_A);
if ($product['donation'] == 1) {
$price = $quantity * $cart_item->donation_price;
} else {
$price = $quantity * calculate_product_price($product_id, $cart_item->product_variations);
if ($product['notax'] != 1) {
$tax += nzshpcrt_calculate_tax($price, $billing_country, $billing_region) - $price;
}
$all_donations = false;
}
if ($_SESSION['delivery_country'] != null) {
$total_shipping += nzshpcrt_determine_item_shipping($product['id'], $quantity, $_SESSION['delivery_country']);
}
}
echo $tax . ":" . $price . ":" . $total_shipping;
exit;
}
if ($_POST['submittogoogle']) {
$newvalue = $_POST['value'];
$amount = $_POST['amount'];
$reason = $_POST['reason'];
$comment = $_POST['comment'];
$message = $_POST['message'];
$amount = number_format($amount, 2, '.', '');
$log_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
$google_status = unserialize($log_data['google_status']);
switch ($newvalue) {
case "Charge":
if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
if ($amount == '') {
$google_status['0'] = 'Partially Charged';
} else {
$google_status['0'] = 'CHARGED';
$google_status['partial_charge_amount'] = $amount;
}
}
break;
case "Cancel":
if ($google_status[0] != 'CANCELLED_BY_GOOGLE') {
$google_status[0] = 'CANCELLED';
}
if ($google_status[1] != 'DELIVERED') {
$google_status[1] = 'WILL_NOT_DELIVER';
}
break;
case "Refund":
if ($amount == '') {
$google_status['0'] = 'Partially Refund';
} else {
$google_status['0'] = 'REFUND';
$google_status['partial_refund_amount'] = $amount;
}
break;
case "Ship":
if ($google_status[1] != 'WILL_NOT_DELIVER') {
$google_status[1] = 'DELIVERED';
}
break;
case "Archive":
$google_status[1] = 'ARCHIVED';
break;
}
$google_status_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET google_status='" . serialize($google_status) . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
$wpdb->query($google_status_sql);
$merchant_id = get_option('google_id');
$merchant_key = get_option('google_key');
$server_type = get_option('google_server_type');
$currency = get_option('google_cur');
$Grequest = new GoogleRequest($merchant_id, $merchant_key, $server_type, $currency);
$google_order_number = $wpdb->get_var("SELECT google_order_number FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1");
switch ($newvalue) {
case 'Charge':
$Grequest->SendChargeOrder($google_order_number, $amount);
break;
case 'Ship':
$Grequest->SendDeliverOrder($google_order_number);
break;
case 'Archive':
$Grequest->SendArchiveOrder($google_order_number);
break;
case 'Refund':
$Grequest->SendRefundOrder($google_order_number, $amount, $reason);
break;
case 'Cancel':
$Grequest->SendCancelOrder($google_order_number, $reason, $comment);
break;
case 'Send Message':
$Grequest->SendBuyerMessage($google_order_number, $message);
break;
}
$newvalue++;
$update_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
//$wpdb->query($update_sql);
exit;
}
////changes for usps
if ($_POST['uspsswitch']) {
foreach ($_SESSION['uspsQuote'] as $quotes) {
$total = $_POST['total'];
if ($quotes[$_POST['key']] != '') {
echo nzshpcrt_currency_display($total + $quotes[$_POST['key']], 1);
echo "<input type='hidden' value='" . $total . "' id='shopping_cart_total_price'>";
$_SESSION['usps_shipping'] = $quotes[$_POST['key']];
}
}
exit;
}
//changes for usps ends
if ($_GET['user'] == "true" && is_numeric($_POST['prodid'])) {
$memberstatus = get_product_meta($_POST['prodid'], 'is_membership', true);
if ($memberstatus[0] == '1' && $_SESSION['nzshopcrt_cart'] != NULL) {
} else {
$sql = "SELECT * FROM `" . $wpdb->prefix . "product_list` WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1";
$item_data = $wpdb->get_results($sql, ARRAY_A);
$item_quantity = 0;
if ($_SESSION['nzshpcrt_cart'] != null) {
foreach ($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
if ($memberstatus[0] != '1' && $_SESSION['nzshpcrt_cart'] != NULL) {
if ($cart_item->product_id == $_POST['prodid']) {
if ($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $_POST['variation'] && $_SESSION['nzshpcrt_cart'][$cart_key]->extras === $_POST['extras']) {
$item_quantity += $_SESSION['nzshpcrt_cart'][$cart_key]->quantity;
$item_variations = $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations;
}
}
}
}
}
$item_stock = null;
$variation_count = count($_POST['variation']);
if ($variation_count >= 1 && $variation_count <= 2) {
foreach ($_POST['variation'] as $variation_id) {
if (is_numeric($variation_id)) {
$variation_ids[] = (int) $variation_id;
}
}
if (count($variation_ids) == 2) {
$variation_stock_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "variation_priceandstock` WHERE `product_id` = '" . $_POST['prodid'] . "' AND (`variation_id_1` = '" . $variation_ids[0] . "' AND `variation_id_2` = '" . $variation_ids[1] . "') OR (`variation_id_1` = '" . $variation_ids[1] . "' AND `variation_id_2` = '" . $variation_ids[0] . "') LIMIT 1", ARRAY_A);
$item_stock = $variation_stock_data['stock'];
} else {
if (count($variation_ids) == 1) {
$variation_stock_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "variation_priceandstock` WHERE `product_id` = '" . $_POST['prodid'] . "' AND (`variation_id_1` = '" . $variation_ids[0] . "' AND `variation_id_2` = '0') LIMIT 1", ARRAY_A);
$item_stock = $variation_stock_data['stock'];
}
}
}
if ($item_stock === null) {
$item_stock = $item_data[0]['quantity'];
}
if ($item_data[0]['quantity_limited'] == 1 && $item_stock > 0 && $item_stock > $item_quantity || $item_data[0]['quantity_limited'] == 0) {
$cartcount = count($_SESSION['nzshpcrt_cart']);
if (is_array($_POST['variation'])) {
$variations = $_POST['variation'];
} else {
$variations = null;
}
if (is_array($_POST['extras'])) {
$extras = $_POST['extras'];
} else {
$extras = null;
}
$updated_quantity = false;
if ($_SESSION['nzshpcrt_cart'] != null) {
foreach ($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
if (!($memberstatus[0] == '1') && count($_SESSION['nzshpcrt_cart']) > 0) {
if ((int) $cart_item->product_id === (int) $_POST['prodid']) {
// force both to integer before testing for identicality
if ($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $extras && $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $variations && (int) $_SESSION['nzshpcrt_cart'][$cart_key]->donation_price == (int) $_POST['donation_price']) {
if (is_numeric($_POST['quantity'])) {
$_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int) $_POST['quantity'];
} else {
$_SESSION['nzshpcrt_cart'][$cart_key]->quantity++;
}
$updated_quantity = true;
}
}
}
}
}
if ($item_data[0]['donation'] == 1) {
$donation = $_POST['donation_price'];
} else {
$donation = false;
}
if (!($memberstatus[0] == '1' && count($_SESSION['nzshpcrt_cart']) > 0)) {
$status = get_product_meta($cartt1, 'is_membership', true);
if ($status[0] == '1') {
exit;
}
if ($updated_quantity === false) {
if (is_numeric($_POST['quantity'])) {
if ($_POST['quantity'] > 0) {
$new_cart_item = new cart_item($_POST['prodid'], $variations, $_POST['quantity'], $donation, $extras);
}
} else {
//echo "correct";
$new_cart_item = new cart_item($_POST['prodid'], $variations, 1, $donation, $extras);
}
$_SESSION['nzshpcrt_cart'][] = $new_cart_item;
}
}
} else {
$quantity_limit = true;
}
$cart = $_SESSION['nzshpcrt_cart'];
if ($memberstatus[0] == '1' && count($cart) > 1) {
} else {
$status = get_product_meta($cartt1, 'is_membership', true);
if ($status[0] == '1') {
exit('st');
}
echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t {\n\t\t\t\t\t document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t }\n\t\t\t\t\t";
if ($_POST['prodid'] != null && get_option('fancy_notifications') == 1) {
echo "if(document.getElementById('fancy_notification_content') != null)\n\t\t\t\t\t {\n\t\t\t\t\t document.getElementById('fancy_notification_content').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(fancy_notification_content($_POST['prodid'], $quantity_limit))) . "\";\n\t\t\t\t\t jQuery('#loading_animation').css('display', 'none');\n\t\t\t\t\t jQuery('#fancy_notification_content').css('display', 'block'); \n\t\t\t\t\t }\n\t\t\t\t\t";
}
if ($_SESSION['slider_state'] == 0) {
echo 'jQuery("#sliding_cart").css({ display: "none"});' . "\n\r";
} else {
echo 'jQuery("#sliding_cart").css({ display: "block"});' . "\n\r";
}
}
}
exit;
} else {
if ($_POST['user'] == "true" && $_POST['emptycart'] == "true") {
//exit("/* \n\r ".get_option('shopping_cart_url')." \n\r ".print_r($_POST,true)." \n\r */");
$_SESSION['nzshpcrt_cart'] = '';
$_SESSION['nzshpcrt_cart'] = array();
echo "if(document.getElementById('shoppingcartcontents') != null) { \n\t\t\tdocument.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart))) . "\";\n\t\t\t}\n\r";
if ($_POST['current_page'] == get_option('shopping_cart_url')) {
echo "window.location = '" . get_option('shopping_cart_url') . "';\n\r";
// if we are on the checkout page, redirect back to it to clear the non-ajax cart too
}
exit;
}
}
if ($_POST['store_list'] == "true") {
$map_data['address'] = $_POST['addr'];
$map_data['city'] = $_POST['city'];
$map_data['country'] = 'US';
$map_data['zipcode'] = '';
$map_data['radius'] = '50000';
$map_data['state'] = '';
$map_data['submit'] = 'Find Store';
$stores = getdistance($map_data);
$i = 0;
while ($rows = mysql_fetch_array($stores)) {
//echo "<pre>".print_r($rows,1)."</pre>";
if ($i == 0) {
$closest_store = $rows[5];
}
$i++;
$store_list[$i] = $rows[5];
}
foreach ($store_list as $store) {
$output .= "<option value='{$store}'>{$store}</option>";
}
echo $output;
exit;
}
if ($_POST['admin'] == "true") {
if (is_numeric($_POST['prodid'])) {
/* fill product form */
echo nzshpcrt_getproductform($_POST['prodid']);
exit;
} else {
if (is_numeric($_POST['catid'])) {
/* fill category form */
echo nzshpcrt_getcategoryform($_POST['catid']);
exit;
} else {
if (is_numeric($_POST['brandid'])) {
/* fill brand form */
echo nzshpcrt_getbrandsform($_POST['brandid']);
exit;
} else {
if (is_numeric($_POST['variation_id'])) {
echo nzshpcrt_getvariationform($_POST['variation_id']);
exit;
}
}
}
}
if ($_POST['hide_ecom_dashboard'] == 'true') {
require_once ABSPATH . WPINC . '/rss.php';
$rss = fetch_rss('http://www.instinct.co.nz/feed/');
$rss->items = array_slice($rss->items, 0, 5);
$rss_hash = sha1(serialize($rss->items));
update_option('wpsc_ecom_news_hash', $rss_hash);
exit(1);
}
if ($_POST['remove_meta'] == 'true' && is_numeric($_POST['meta_id'])) {
$meta_id = (int) $_POST['meta_id'];
$selected_meta = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}') ", ARRAY_A);
if ($selected_meta != null) {
if ($wpdb->query("DELETE FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}') LIMIT 1")) {
echo $meta_id;
exit;
}
}
echo 0;
exit;
}
exit;
}
if (is_numeric($_POST['currencyid'])) {
$currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `" . $wpdb->prefix . "currency_list` WHERE `id`='" . $_POST['currencyid'] . "' LIMIT 1", ARRAY_A);
$price_out = null;
if ($currency_data[0]['symbol'] != '') {
$currency_sign = $currency_data[0]['symbol_html'];
} else {
$currency_sign = $currency_data[0]['code'];
}
echo $currency_sign;
exit;
}
//echo "--==->";
if ($_POST['buynow'] == "true") {
$id = $_REQUEST['product_id'];
$price = $_REQUEST['price'];
$downloads = get_option('max_downloads');
$product_sql = "SELECT * FROM " . $wpdb->prefix . "product_list WHERE id = " . $id . " LIMIT 1";
$product_info = $wpdb->get_results($product_sql, ARRAY_A);
$product_info = $product_info[0];
$sessionid = mt_rand(100, 999) . time();
$sql = "INSERT INTO `" . $wpdb->prefix . "purchase_logs` ( `totalprice` , `sessionid` , `date`, `billing_country`, `shipping_country`,`shipping_region`, `user_ID`, `discount_value` ) VALUES ( '" . $price . "', '" . $sessionid . "', '" . time() . "', 'BuyNow', 'BuyNow', 'BuyNow' , NULL , 0)";
$wpdb->query($sql);
$log_id = $wpdb->get_var("SELECT `id` FROM `" . $wpdb->prefix . "purchase_logs` WHERE `sessionid` IN('" . $sessionid . "') LIMIT 1");
$cartsql = "INSERT INTO `" . $wpdb->prefix . "cart_contents` ( `prodid` , `purchaseid`, `price`, `pnp`, `gst`, `quantity`, `donation`, `no_shipping` ) VALUES ('" . $id . "', '" . $log_id . "','" . $price . "','0', '0','1', '" . $donation . "', '1')";
$wpdb->query($cartsql);
$wpdb->query("INSERT INTO `" . $wpdb->prefix . "download_status` ( `fileid` , `purchid` , `downloads` , `active` , `datetime` ) VALUES ( '" . $product_info['file'] . "', '" . $log_id . "', '{$downloads}', '0', NOW( ));");
exit;
}
if ($_POST['changeorder'] == "true" && is_numeric($_POST['category_id'])) {
$category_id = (int) $_POST['category_id'];
$hash = $_POST['sort1'];
$order = 1;
foreach ($hash as $id) {
$wpdb->query("UPDATE `" . $wpdb->prefix . "product_order` SET `order`={$order} WHERE `product_id`=" . (int) $id . " AND `category_id`=" . (int) $category_id . " LIMIT 1");
$order++;
}
exit(" ");
}
/* rate item */
if ($_POST['rate_item'] == "true" && is_numeric($_POST['product_id']) && is_numeric($_POST['rating'])) {
$nowtime = time();
$prodid = $_POST['product_id'];
$ip_number = $_SERVER['REMOTE_ADDR'];
$rating = $_POST['rating'];
$cookie_data = explode(",", $_COOKIE['voting_cookie'][$prodid]);
if (is_numeric($cookie_data[0]) && $cookie_data[0] > 0) {
$vote_id = $cookie_data[0];
$wpdb->query("UPDATE `" . $wpdb->prefix . "product_rating` SET `rated` = '" . $rating . "' WHERE `id` ='" . $vote_id . "' LIMIT 1 ;");
} else {
$insert_sql = "INSERT INTO `" . $wpdb->prefix . "product_rating` ( `ipnum` , `productid` , `rated`, `time`) VALUES ( '" . $ip_number . "', '" . $prodid . "', '" . $rating . "', '" . $nowtime . "');";
$wpdb->query($insert_sql);
$data = $wpdb->get_results("SELECT `id`,`rated` FROM `" . $wpdb->prefix . "product_rating` WHERE `ipnum`='" . $ip_number . "' AND `productid` = '" . $prodid . "' AND `rated` = '" . $rating . "' AND `time` = '" . $nowtime . "' ORDER BY `id` DESC LIMIT 1", ARRAY_A);
$vote_id = $data[0]['id'];
setcookie("voting_cookie[{$prodid}]", $vote_id . "," . $rating, time() + 60 * 60 * 24 * 360);
}
$output[1] = $prodid;
$output[2] = $rating;
echo $output[1] . "," . $output[2];
exit;
}
//written by allen
if ($_REQUEST['save_tracking_id'] == "true") {
$id = $_POST['id'];
$value = $_POST['value'];
$update_sql = "UPDATE " . $wpdb->prefix . "purchase_logs SET track_id = '" . $value . "' WHERE id={$id}";
$wpdb->query($update_sql);
exit;
}
if ($_POST['get_rating_count'] == "true" && is_numeric($_POST['product_id'])) {
$prodid = $_POST['product_id'];
$data = $wpdb->get_results("SELECT COUNT(*) AS `count` FROM `" . $wpdb->prefix . "product_rating` WHERE `productid` = '" . $prodid . "'", ARRAY_A);
echo $data[0]['count'] . "," . $prodid;
exit;
}
/// Pointless AJAX call is pointless
// if(isset($_POST['changeperpage'])) {
// $item_per_page = $_POST['changeperpage'];
// echo $item_per_page;
// exit();
// }
if ($_POST['remove_variation_value'] == "true" && is_numeric($_POST['variation_value_id'])) {
$wpdb->query("DELETE FROM `" . $wpdb->prefix . "variation_values_associations` WHERE `value_id` = '" . $_POST['variation_value_id'] . "'");
$wpdb->query("DELETE FROM `" . $wpdb->prefix . "variation_values` WHERE `id` = '" . $_POST['variation_value_id'] . "' LIMIT 1");
exit;
}
if ($_POST['get_updated_price'] == "true" && is_numeric($_POST['product_id'])) {
$notax = $wpdb->get_var("SELECT `notax` FROM `" . $wpdb->prefix . "product_list` WHERE `id` IN('" . $_POST['product_id'] . "') LIMIT 1");
foreach ((array) $_POST['variation'] as $variation) {
if (is_numeric($variation)) {
$variations[] = $variation;
}
}
foreach ((array) $_POST['extra'] as $extra) {
if (is_numeric($extra)) {
$extras[] = $extra;
}
}
$pm = $_POST['pm'];
echo "product_id=" . $_POST['product_id'] . ";\n";
echo "price=\"" . nzshpcrt_currency_display(calculate_product_price($_POST['product_id'], $variations, 'stay', $extras), $notax) . "\";\n";
//exit(print_r($extras,1));
exit;
}
if ($_REQUEST['log_state'] == "true" && is_numeric($_POST['id']) && is_numeric($_POST['value'])) {
$newvalue = $_POST['value'];
if ($_REQUEST['suspend'] == 'true') {
if ($_REQUEST['value'] == 1) {
wpsc_member_dedeactivate_subscriptions($_POST['id']);
} else {
wpsc_member_deactivate_subscriptions($_POST['id']);
}
exit;
} else {
$log_data = $wpdb->get_row("SELECT * FROM `" . $wpdb->prefix . "purchase_logs` WHERE `id` = '" . $_POST['id'] . "' LIMIT 1", ARRAY_A);
if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
$update_sql = "UPDATE `" . $wpdb->prefix . "purchase_logs` SET `processed` = '" . $newvalue . "' WHERE `id` = '" . $_POST['id'] . "' LIMIT 1";
$wpdb->query($update_sql);
//echo("/*");
if ($newvalue > $log_data['processed'] && $log_data['processed'] < 2) {
transaction_results($log_data['sessionid'], false);
}
//echo("*/");
$stage_sql = "SELECT * FROM `" . $wpdb->prefix . "purchase_statuses` WHERE `id`='" . $newvalue . "' AND `active`='1' LIMIT 1";
$stage_data = $wpdb->get_row($stage_sql, ARRAY_A);
echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").innerHTML = '" . $stage_data['name'] . "';\n";
echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").style.color = '#" . $stage_data['colour'] . "';\n";
$year = date("Y");
$month = date("m");
$start_timestamp = mktime(0, 0, 0, $month, 1, $year);
$end_timestamp = mktime(0, 0, 0, $month + 1, 0, $year);
echo "document.getElementById(\"log_total_month\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price($start_timestamp, $end_timestamp), 1)) . "';\n";
echo "document.getElementById(\"log_total_absolute\").innerHTML = '" . addslashes(nzshpcrt_currency_display(admin_display_total_price(), 1)) . "';\n";
exit;
}
}
if ($_POST['list_variation_values'] == "true" && is_numeric($_POST['new_variation_id'])) {
$variation_processor = new nzshpcrt_variations();
echo "variation_value_id = \"" . $_POST['new_variation_id'] . "\";\n";
echo "variation_value_html = \"" . $variation_processor->display_variation_values($_POST['prefix'], $_POST['new_variation_id']) . "\";\n";
$variations_selected = array_values(array_unique(array_merge((array) $_POST['new_variation_id'], (array) $_POST['variation_id'])));
echo "variation_subvalue_html = \"" . str_replace("\n\r", '\\n\\r', $variation_processor->variations_add_grid_view((array) $variations_selected)) . "\";\n";
//echo "/*\n\r".print_r(array_values(array_unique(array_merge((array)$_POST['new_variation_id'], $_POST['variation_id']))),true)."\n\r*/";
exit;
}
if ($_POST['redisplay_variation_values'] == "true") {
$variation_processor = new nzshpcrt_variations();
$variations_selected = array_values(array_unique(array_merge((array) $_POST['new_variation_id'], (array) $_POST['variation_id'])));
foreach ($variations_selected as $variation_id) {
// cast everything to integer to make sure nothing nasty gets in.
$variation_list[] = (int) $variation_id;
}
echo $variation_processor->variations_add_grid_view((array) $variation_list);
//echo "/*\n\r".print_r(array_values(array_unique($_POST['variation_id'])),true)."\n\r*/";
exit;
}
if ($_POST['edit_variation_value_list'] == 'true' && is_numeric($_POST['variation_id']) && is_numeric($_POST['product_id'])) {
$variation_id = (int) $_POST['variation_id'];
$product_id = (int) $_POST['product_id'];
$variations_processor = new nzshpcrt_variations();
$variation_values = $variations_processor->falsepost_variation_values($variation_id);
if (is_array($variation_values)) {
//echo(print_r($variation_values,true));
$check_variation_added = $wpdb->get_var("SELECT `id` FROM `" . $wpdb->prefix . "variation_associations` WHERE `type` IN ('product') AND `associated_id` IN ('{$product_id}') AND `variation_id` IN ('{$variation_id}') LIMIT 1");
if ($check_variation_added == null) {
$variations_processor->add_to_existing_product($product_id, $variation_values);
}
echo $variations_processor->display_attached_variations($product_id);
echo $variations_processor->variations_grid_view($product_id);
} else {
echo "false";
}
exit;
}
if ($_POST['remove_form_field'] == "true" && is_numeric($_POST['form_id'])) {
//exit(print_r($user,true));
if (current_user_can('level_7')) {
$wpdb->query("UPDATE `" . $wpdb->prefix . "collect_data_forms` SET `active` = '0' WHERE `id` ='" . $_POST['form_id'] . "' LIMIT 1 ;");
exit(' ');
}
}
/*
* function for handling the checkout billing address
*/
if (preg_match("/[a-zA-Z]{2,4}/", $_POST['billing_country'])) {
if ($_SESSION['selected_country'] == $_POST['billing_country']) {
$do_not_refresh_regions = true;
} else {
$do_not_refresh_regions = false;
$_SESSION['selected_country'] = $_POST['billing_country'];
}
if (is_numeric($_POST['form_id'])) {
$form_id = $_POST['form_id'];
$html_form_id = "region_country_form_{$form_id}";
} else {
$html_form_id = 'region_country_form';
}
if (is_numeric($_POST['billing_region'])) {
$_SESSION['selected_region'] = $_POST['billing_region'];
}
$cart =& $_SESSION['nzshpcrt_cart'];
if ($memberstatus[0] == '1' && count($cart) > 0) {
echo "\n\t\t\t";
} else {
if ($status[0] == '1') {
exit;
}
echo "if(document.getElementById('shoppingcartcontents') != null)\n\t\t\t\t\t {\n\t\t\t\t\t document.getElementById('shoppingcartcontents').innerHTML = \"" . str_replace(array("\n", "\r"), "", addslashes(nzshpcrt_shopping_basket_internals($cart, $quantity_limit))) . "\";\n\t\t\t\t\t }\n\t\t\t\t\t";
if ($do_not_refresh_regions == false) {
$region_list = $wpdb->get_results("SELECT `" . $wpdb->prefix . "region_tax`.* FROM `" . $wpdb->prefix . "region_tax`, `" . $wpdb->prefix . "currency_list` WHERE `" . $wpdb->prefix . "currency_list`.`isocode` IN('" . $_POST['billing_country'] . "') AND `" . $wpdb->prefix . "currency_list`.`id` = `" . $wpdb->prefix . "region_tax`.`country_id`", ARRAY_A);
if ($region_list != null) {
$output .= "<select name='collected_data[" . $form_id . "][1]' class='current_region' onchange='set_billing_country(\\\"{$html_form_id}\\\", \\\"{$form_id}\\\");'>";
//$output .= "<option value=''>None</option>";
foreach ($region_list as $region) {
if ($_SESSION['selected_region'] == $region['id']) {
$selected = "selected='true'";
} else {
$selected = "";
}
$output .= "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>";
}
$output .= "</select>";
echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t {\n\t\t document.getElementById('region_select_{$form_id}').innerHTML = \"" . $output . "\";\n\t\t }\n\t\t";
} else {
echo "if(document.getElementById('region_select_{$form_id}') != null)\n\t\t {\n\t\t document.getElementById('region_select_{$form_id}').innerHTML = \"\";\n\t\t }\n\t\t";
}
}
}
exit;
}
if ($_POST['get_country_tax'] == "true" && preg_match("/[a-zA-Z]{2,4}/", $_POST['country_id'])) {
$country_id = $_POST['country_id'];
$region_list = $wpdb->get_results("SELECT `" . $wpdb->prefix . "region_tax`.* FROM `" . $wpdb->prefix . "region_tax`, `" . $wpdb->prefix . "currency_list` WHERE `" . $wpdb->prefix . "currency_list`.`isocode` IN('" . $country_id . "') AND `" . $wpdb->prefix . "currency_list`.`id` = `" . $wpdb->prefix . "region_tax`.`country_id`", ARRAY_A);
if ($region_list != null) {
echo "<select name='base_region'>\n\r";
foreach ($region_list as $region) {
if (get_option('base_region') == $region['id']) {
$selected = "selected='true'";
} else {
$selected = "";
}
echo "<option value='" . $region['id'] . "' {$selected}>" . $region['name'] . "</option>\n\r";
}
echo "</select>\n\r";
} else {
echo " ";
}
exit;
}
/* fill product form */
if ($_POST['set_slider'] == "true" && is_numeric($_POST['state'])) {
$_SESSION['slider_state'] = $_POST['state'];
exit;
}
/* fill category form */
if ($_GET['action'] == "register") {
$siteurl = get_option('siteurl');
require_once ABSPATH . WPINC . '/registration-functions.php';
if ($_POST['action'] == 'register' && get_settings('users_can_register')) {
//exit("fail for testing purposes");
$user_login = sanitize_user($_POST['user_login']);
$user_email = $_POST['user_email'];
$errors = array();
if ($user_login == '') {
exit($errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking e-mail address */
if ($user_email == '') {
exit(__('<strong>ERROR</strong>: Please type your e-mail address.'));
} else {
if (!is_email($user_email)) {
exit(__('<strong>ERROR</strong>: The email address isn’t correct.'));
$user_email = '';
}
}
if (!validate_username($user_login)) {
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
$user_login = '';
}
if (username_exists($user_login)) {
exit(__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
}
/* checking the email isn't already used by another user */
$email_exists = $wpdb->get_row("SELECT user_email FROM {$wpdb->users} WHERE user_email = '{$user_email}'");
if ($email_exists) {
die(__('<strong>ERROR</strong>: This email address is already registered, please supply another.'));
}
if (0 == count($errors)) {
$password = substr(md5(uniqid(microtime())), 0, 7);
//xit('there?');
$user_id = wp_create_user($user_login, $password, $user_email);
if (!$user_id) {
exit(sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
} else {
wp_new_user_notification($user_id, $password);
?>
<div id="login">
<h2><?php
_e('Registration Complete');
?>
</h2>
<p><?php
printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>");
?>
<br />
<?php
printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>');
?>
<br />
<?php
printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>");
?>
</p>
</div>
<?php
}
}
} else {
// onsubmit='submit_register_form(this);return false;'
echo "<div id='login'>\n <h2>Register for this blog</h2>\n <form id='registerform' action='index.php?ajax=true&action=register' onsubmit='submit_register_form(this);return false;' method='post'>\n <p><input type='hidden' value='register' name='action'/>\n <label for='user_login'>Username:</label><br/> <input type='text' value='' maxlength='20' size='20' id='user_login' name='user_login'/><br/></p>\n <p><label for='user_email'>E-mail:</label><br/> <input type='text' value='' maxlength='100' size='25' id='user_email' name='user_email'/></p>\n <p>A password will be emailed to you.</p>\n <p class='submit'><input type='submit' name='submit_form' id='submit' value='Register »'/><img id='register_loading_img' src='" . WPSC_URL . "/images/loading.gif' alt='' title=''></p>\n \n </form>\n </div>";
}
exit;
}
}
/*
* AJAX stuff stops here, I would put an exit here, but it may screw up other plugins
//exit();
*/
}
function wpsc_purchlog_edit_status($purchlog_id = '', $purchlog_status = '')
{
global $wpdb;
if (empty($purchlog_id) && empty($purchlog_status)) {
$purchlog_id = absint($_POST['id']);
$purchlog_status = absint($_POST['new_status']);
}
$log_data = $wpdb->get_row("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '{$purchlog_id}' LIMIT 1", ARRAY_A);
$is_transaction = wpsc_check_purchase_processed($log_data['processed']);
if ($is_transaction && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
//in the future when everyone is using the 2.0 merchant api, we should use the merchant class to update the staus,
// then you can get rid of this hook and have each person overwrite the method that updates the status.
do_action('wpsc_edit_order_status', array('purchlog_id' => $purchlog_id, 'purchlog_data' => $log_data, 'new_status' => $purchlog_status));
$wpdb->update(WPSC_TABLE_PURCHASE_LOGS, array('processed' => $purchlog_status), array('id' => $purchlog_id), '%d', '%d');
wpsc_clear_stock_claims();
wpsc_decrement_claimed_stock($purchlog_id);
if ($purchlog_status == 3) {
transaction_results($log_data['sessionid'], false, null);
}
if (defined('DOING_AJAX') && DOING_AJAX) {
set_current_screen('dashboard_page_wpsc-sales-logs');
require_once WPSC_FILE_PATH . '/wpsc-admin/includes/purchase-log-list-table-class.php';
$purchaselog_table = new WPSC_Purchase_Log_List_Table();
$purchaselog_table->views();
exit;
}
}