function Comments_adminDelete()
{
$id = (int) $_REQUEST['id'];
dbQuery('delete from comments where id=' . $id);
Core_cacheClear('comments');
return array('status' => 1, 'id' => $id);
}
/**
* save a panel
*
* @return null
*/
function Panels_adminSave()
{
$id = (int) $_REQUEST['id'];
$widgets = addslashes($_REQUEST['data']);
dbQuery("update panels set body='{$widgets}' where id={$id}");
Core_cacheClear('panels');
Core_cacheClear('pages');
}
/**
* mark a meeting as complete
*
* @return null
*/
function Meetings_complete()
{
if (!isset($_SESSION['userdata'])) {
return;
}
$id = (int) $_REQUEST['id'];
dbQuery('update meetings set is_complete=1 where id=' . $id);
Core_cacheClear('meetings');
}
/**
* retrieve the search page, or create one if it doesn't exist
*
* @return object search page
*/
function Search_getPage()
{
if (isset($_GET['s'])) {
$_GET['search'] = $_GET['s'];
}
$p = Page::getInstanceByType(5);
if (!$p || !isset($p->id)) {
dbQuery('insert into pages set cdate=now(),edate=now(),name="__search",' . 'alias="__search",body="",type=5,special=2,ord=5000');
Core_cacheClear('pages', 'page_by_type_5');
$p = Page::getInstanceByType(5);
}
return $p->id;
}
static function deleteByAdminId($name, $id = false)
{
$adminId = '';
if ($id !== false) {
if ($id < 0) {
$adminId = ' and admin_id>0';
} else {
$adminId = ' and admin_id=' . $id;
}
}
dbQuery('delete from admin_vars where varname="' . addslashes($name) . '"' . $adminId);
Core_cacheClear('admin_vars');
}
/**
* Update the comments table
*
* @return null
*/
function Comments_update()
{
$id = $_REQUEST['id'];
$comment = $_REQUEST['comment'];
$allowed = in_array($id, $_SESSION['comment_ids']);
if (!$allowed) {
die('You do not have permission to do this');
}
if (!is_numeric($id)) {
Core_quit('Invalid id');
}
dbQuery('update comments set comment = "' . addslashes($comment) . '" where id = ' . (int) $id);
Core_cacheClear('comments');
return array('status' => 1, 'id' => $id, 'comment' => $comment);
}
<?php
require $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
if (!Core_isAdmin()) {
die(__('access denied'));
}
if (isset($_REQUEST['id']) && isset($_REQUEST['vis']) && isset($_REQUEST['hid'])) {
$id = (int) $_REQUEST['id'];
$vis = '[' . addslashes($_REQUEST['vis']) . ']';
$hid = '[' . addslashes($_REQUEST['hid']) . ']';
dbQuery("update panels set visibility='{$vis}',hidden='{$hid}' where id={$id}");
Core_cacheClear('panels');
}
function OnlineStoreEbay_adminImportOrders()
{
require_once 'eBaySession.php';
error_reporting(E_ALL);
$rs = dbAll('select * from online_store_vars where name like "ebay%"');
$vs = array();
foreach ($rs as $r) {
$vs[$r['name']] = $r['val'];
}
$production = (int) $vs['ebay_status'];
if ($production) {
$devID = $vs['ebay_devid'];
$appID = $vs['ebay_appid'];
$certID = $vs['ebay_certid'];
$serverUrl = 'https://api.ebay.com/ws/api.dll';
// server URL different for prod and sandbox
$userToken = $vs['ebay_usertoken'];
} else {
$devID = $vs['ebay_sandbox_devid'];
$appID = $vs['ebay_sandbox_appid'];
$certID = $vs['ebay_sandbox_certid'];
$serverUrl = 'https://api.sandbox.ebay.com/ws/api.dll';
$userToken = $vs['ebay_sandbox_usertoken'];
}
$compatabilityLevel = 827;
// eBay API version
$siteToUseID = 205;
$sess = new eBaySession($userToken, $devID, $appID, $certID, $serverUrl, $compatabilityLevel, $siteToUseID, 'GetOrders');
$xml = '<?xml version="1.0" encoding="utf-8"?>' . '<GetOrdersRequest xmlns="urn:ebay:apis:eBLBaseComponents">' . ' <RequesterCredentials>' . ' <eBayAuthToken>' . $userToken . '</eBayAuthToken>' . ' </RequesterCredentials>' . ' <NumberOfDays>10</NumberOfDays>' . ' <OrderRole>Seller</OrderRole>' . ' <OrderStatus>Completed</OrderStatus>' . ' <DetailLevel>ReturnAll</DetailLevel>' . ' <SortingOrder>Descending</SortingOrder>' . ' <WarningLevel>High</WarningLevel>' . '</GetOrdersRequest>';
$xmlstr = $sess->sendHttpRequest($xml);
$reply = new SimpleXMLElement($xmlstr);
if (isset($reply->Errors)) {
return array('sent' => $xml, 'reply' => new SimpleXMLElement($xmlstr), 'errors' => $reply->Errors);
}
$imported = 0;
foreach ($reply->OrderArray->Order as $order) {
$order = json_decode(json_encode($order));
$ebayOrderId = $order->OrderID;
$r = dbOne('select id from online_store_orders where ebayOrderId="' . $ebayOrderId . '"' . ' limit 1', 'id');
if ($r) {
continue;
}
$address = $order->ShippingAddress;
if ($address->PostalCode == '') {
$address->PostalCode = 'na';
}
$form_vals = array('FirstName' => preg_replace('/ .*/', '', $address->Name), 'Surname' => preg_replace('/.*? /', '', $address->Name), 'Phone' => $address->Phone, 'Email' => '*****@*****.**', 'Street' => $address->Street1, 'Street2' => $address->Street2, 'Town' => $address->CityName, 'County' => $address->StateOrProvince, 'PostCode' => $address->PostalCode, 'Country' => $address->CountryName, 'CountryCode' => $address->Country);
$form_vals = json_encode($form_vals);
$total = (double) $order->Total;
$date_created = date('Y-m-d h:i:s', strtotime($order->CreatedTime));
$transactions = array();
$tArr = $order->TransactionArray->Transaction;
if (!is_array($tArr)) {
$transactions = array($tArr);
} else {
$transactions = $tArr;
}
$items = array();
foreach ($transactions as $transaction) {
$item = $transaction->Item;
if (isset($item->ApplicationData)) {
$appData = json_decode(htmlspecialchars_decode($item->ApplicationData));
$itemId = $appData->productId;
} else {
$itemId = dbOne('select id from products where link="' . addslashes($item->Title) . '"', 'id');
}
$key = 'products_' . $itemId;
if (!isset($items[$key])) {
$items[$key] = array();
$r = dbRow('select * from products where id=' . $itemId . ' limit 1');
$items[$key] = array('short_desc' => $r['name'], 'id' => $itemId, 'amt' => 0);
}
$items[$key]['amt'] += $transaction->QuantityPurchased;
}
$jitems = json_encode($items);
// { create the order entry
dbQuery('insert into online_store_orders set total="' . $total . '"' . ', items="' . addslashes($jitems) . '"' . ', ebayOrderId="' . $ebayOrderId . '"' . ', form_vals="' . addslashes($form_vals) . '"' . ', date_created="' . addslashes($date_created) . '"' . ', status=1');
$id = dbLastInsertId();
// }
dbQuery('update online_store_orders set invoice_num=id where id=' . $id);
Core_cacheClear('online_store_orders');
OnlineStore_updateProductSales($id, $items, $date_created);
$imported++;
}
return array('imported' => $imported, 'reply' => new SimpleXMLElement($xmlstr));
}
/**
* edit a single value of a user
*
* @return array status
*/
function Core_adminUserEditVal()
{
$id = (int) $_REQUEST['id'];
$name = $_REQUEST['name'];
$value = $_REQUEST['val'];
$contact_fields = array('contact_name', 'business_phone', 'business_email', 'phone', 'website', 'mobile', 'skype', 'facebook', 'twitter', 'linkedin', 'blog');
if (in_array($name, array('name', 'email'))) {
dbQuery('update user_accounts set ' . $name . '="' . addslashes($value) . '" where id=' . $id);
} elseif (in_array($name, $contact_fields)) {
$c = json_decode(dbOne('select contact from user_accounts where id=' . $id, 'contact'), true);
$c[$name] = $value;
dbQuery('update user_accounts set contact="' . addslashes(json_encode($c)) . '"' . ' where id=' . $id);
}
Core_cacheClear();
return array('ok' => 1);
}
/**
* save a mailing list
*
* @return status
*/
function Mailinglists_adminListSave()
{
$id = (int) $_REQUEST['vals']['id'];
$sql = 'mailinglists_lists set ' . 'name="' . addslashes($_REQUEST['vals']['name']) . '",' . 'meta="' . addslashes(json_encode($_REQUEST['meta'])) . '"';
if ($id) {
dbQuery('update ' . $sql . ' where id=' . $id);
} else {
dbQuery('insert into ' . $sql);
}
Core_cacheClear('mailinglists');
return array('ok' => 1);
}
<?php
/**
* Deletes a comment
*
* PHP Version 5.3
*
* @category CommentsPlugin
* @package WebworksWebme
* @subpackage CommentsPlugin
* @author Belinda Hamilton <*****@*****.**>
* @license GPL Version 2
* @link www.kvweb.me
**/
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
$id = $_REQUEST['id'];
$allowed = Core_isAdmin() || in_array($id, $_SESSION['comment_ids']);
if (!$allowed) {
die('You do not have permission to delete this comment');
}
if (!is_numeric($id)) {
Core_quit('Invalid id');
}
dbQuery('delete from comments where id = ' . $id);
Core_cacheClear('comments');
if (dbOne('select id from comments where id = ' . $id, 'id')) {
echo '{"status":0}';
} else {
echo '{"status":1, "id":' . $id . '}';
}
function products_adminFixOrphanedCategories()
{
$rs = dbAll('select id,name,parent_id from products_categories');
foreach ($rs as $r) {
if ($r['parent_id'] == '0') {
continue;
}
$pid = dbOne('select id from products_categories where id=' . $r['parent_id'], 'id');
if (!$pid) {
$sql = 'update products_categories set parent_id=0 where id=' . $r['id'];
dbQuery($sql);
echo $sql . "<br/>";
} else {
echo 'product_category ' . $r['name'] . ' is okay.<br/>';
}
}
Core_cacheClear('products_categories');
exit;
}
}
}
}
$data = addslashes(json_encode($data));
$sql = "messaging_notifier set data='{$data}'";
if ($id) {
$sql = "update {$sql} where id={$id}";
dbQuery($sql);
} else {
$sql = "insert into {$sql}";
dbQuery($sql);
$id = dbOne('select last_insert_id() as id', 'id');
}
$ret = array('id' => $id, 'id_was' => $id_was, 'datastr' => $_REQUEST['data'], 'dataobj' => $data);
echo json_encode($ret);
Core_cacheClear('messaging_notifier');
Core_quit();
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
} else {
$id = 0;
}
echo '<a href="javascript:;" id="messaging_notifier_editlink_' . $id . '" class="button messaging_notifier_editlink">view or edit feeds</a><br />';
// { show story title
echo '<strong>hide story title</strong><br />' . '<select name="hide_story_title"><option value="0">No</option>' . '<option value="1"';
if (@$_REQUEST['hide_story_title'] == 1) {
echo ' selected="selected"';
}
echo '>Yes</option></select><br />';
// }
// { if theme fails check, remove temp dir and throw error
$msg = '';
if (!$failure_message) {
$msg = Theme_findErrors($theme_folder);
}
if ($msg || $failure_message) {
shell_exec('rm -rf ' . $temp_dir);
echo '<script>parent.themes_dialog("<em>installation failed: ' . $failure_message . $msg . '</em>");</script>';
Core_quit();
}
// }
// { get variant
if (is_dir($theme_folder . '/cs')) {
$variant = Theme_getFirstVariant($theme_folder . '/cs/');
}
// }
// { remove temp dir and extract to themes-personal
shell_exec('rm -rf ' . $themes_personal . '/' . $name);
rename($temp_dir . '/' . $name, $themes_personal . '/' . $name);
shell_exec('rm -rf ' . $temp_dir);
if (isset($_POST['install-theme'])) {
$DBVARS['theme'] = $name;
if (isset($variant)) {
$DBVARS['theme_variant'] = $variant;
}
Core_configRewrite();
Core_cacheClear('pages');
$_SESSION['theme_selected'] = 1;
}
// }
echo '<script>parent.document.location="step7.php";</script>';
/**
* upload a new category image
*
* @return null
*/
function ClassifiedAds_adminCategoryUploadImage()
{
$id = (int) $_REQUEST['id'];
if (!file_exists(USERBASE . '/f/classified-ads/categories/' . $id)) {
mkdir(USERBASE . '/f/classified-ads/categories/' . $id, 0777, true);
}
$imgs = new DirectoryIterator(USERBASE . '/f/classified-ads/categories/' . $id);
foreach ($imgs as $img) {
if ($img->isDot()) {
continue;
}
unlink($img->getPathname());
}
$from = $_FILES['Filedata']['tmp_name'];
$ext = preg_replace('/.*\\./', '', $_FILES['Filedata']['name']);
$url = '/classified-ads/categories/' . $id . '/icon.' . $ext;
$to = USERBASE . '/f' . $url;
move_uploaded_file($from, $to);
dbQuery('update classifiedads_categories set' . ' icon="' . $url . '" where id=' . $id);
Core_cacheClear();
echo $url;
Core_quit();
}
<?php
/**
* create a new poll
*
* PHP version 5.2
*
* @category None
* @package None
* @author Kae Verens <*****@*****.**>
* @license GPL 2.0
* @link http://kvsites.ie/
*/
dbQuery("insert into poll set name='" . addslashes($_REQUEST['name']) . "'" . ",body='" . addslashes($_REQUEST['body']) . "'" . ",enabled=" . (int) $_REQUEST['enabled']);
$id = dbOne('select last_insert_id() as id', 'id');
$answers = $_REQUEST['answers'];
for ($i = 0; $i < count($answers); ++$i) {
$answer = $answers[$i];
dbQuery("insert into poll_answer set poll_id={$id}" . ",num={$i},answer='" . addslashes($answer) . "'");
}
echo '<em>Poll created</em>';
Core_cacheClear('polls');
$id = (int) $_REQUEST['id'];
$id_was = $id;
$directory = addslashes($_REQUEST['directory']);
$trans_type = addslashes($_REQUEST['trans_type']);
$pause = (int) $_REQUEST['pause'];
$width = (int) $_REQUEST['width'];
$height = (int) $_REQUEST['height'];
$url = (int) $_REQUEST['url'];
if (!$pause) {
$pause = 3000;
}
$sql = 'image_transitions set directory="' . $directory . '",trans_type="' . $trans_type . '",pause="' . $pause . '",url="' . $url . '",width=' . $width . ',height=' . $height;
if ($id && dbOne('select id from image_transitions where id=' . $id, 'id')) {
$sql = "update {$sql} where id={$id}";
dbQuery($sql);
} else {
$sql = "insert into {$sql}";
dbQuery($sql);
$id = dbOne('select last_insert_id() as id', 'id');
}
$ret = array('id' => $id, 'id_was' => $id_was);
echo json_encode($ret);
Core_cacheClear('image-transitions');
Core_quit();
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
} else {
$id = 0;
}
echo '<a href="javascript:;" id="image_transition_editlink_' . $id . '" class="image_transition_editlink">' . __('view or edit image transition details') . '</a>';
$id_was = $id;
$parent = (int) $_REQUEST['parent'];
$direction = (int) $_REQUEST['direction'];
$type = (int) $_REQUEST['type'];
$background = addslashes($_REQUEST['background']);
$opacity = (double) $_REQUEST['opacity'];
$columns = (int) $_REQUEST['columns'];
$style_from = (int) $_REQUEST['style_from'];
$state = (int) $_REQUEST['state'];
$cache = (int) $_REQUEST['cache'];
$html_type = (int) $_REQUEST['html_type'];
$sql = "menus set type='{$type}',parent='{$parent}',direction='{$direction}'," . "background='{$background}',opacity={$opacity},columns={$columns}" . ', cache=' . $cache . ",style_from={$style_from},state={$state}, html_type={$html_type}";
if ($id) {
$sql = "update {$sql} where id={$id}";
dbQuery($sql);
} else {
$sql = "insert into {$sql}";
dbQuery($sql);
$id = dbOne('select last_insert_id() as id', 'id');
}
Core_cacheClear('menus');
$ret = array('id' => $id, 'id_was' => $id_was);
echo json_encode($ret);
Core_quit();
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
} else {
$id = 0;
}
echo '<a href="javascript:;" id="menu_editlink_' . $id . '" ' . 'class="menu_editlink">' . __('view or edit menu') . '</a>';
$errors = array();
if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') {
$errors[] = 'You must fill in the <strong>Name</strong>.';
}
if (count($errors)) {
echo '<em>' . join('<br />', $errors) . '</em>';
} else {
$sql = 'set name="' . addslashes($_REQUEST['name']) . '",one_way=' . (int) $_REQUEST['one_way'];
if ($id) {
dbQuery("update products_relation_types {$sql} where id={$id}");
} else {
dbQuery("insert into products_relation_types {$sql}");
$id = dbOne('select last_insert_id() as id', 'id');
}
echo '<em>Relation Type saved</em>';
Core_cacheClear('products/relation-types');
}
}
if ($id) {
$sql = 'select * from products_relation_types where id=' . $id;
$tdata = dbRow($sql, 'products_relation_types');
if (!$tdata) {
die('<em>No relation type with that ID exists.</em>');
}
} else {
$tdata = array('id' => 0, 'name' => '', 'one_way' => 0);
}
echo '<form action="' . $_url . '&id=' . $id . '" method="POST" enctype="multip' . 'art/form-data"><input type="hidden" name="action" value="save" />' . '<table><tr><th>Name</th><td><input class="not-empty" name="name" value="' . htmlspecialchars($tdata['name']) . '" /></td></tr><tr><th>One-Way</th><td>' . '<select name="one_way"><option value="0">No</option><option value="1"';
if ($tdata['one_way']) {
echo ' selected="selected"';
}
$details = array();
foreach ($_REQUEST['details'] as $k => $n) {
$details[$k] = $n;
}
$q = 'message="' . addslashes($_REQUEST['message']) . '",' . 'template="' . addslashes($_REQUEST['template']) . '",' . 'directory="' . addslashes($_REQUEST['directory']) . '",' . 'recipient_email="' . addslashes($_REQUEST['recipient_email']) . '",' . 'details="' . addslashes(json_encode($details)) . '"';
if ($id) {
dbQuery("update protected_files set {$q} where id={$id}");
} else {
dbQuery("insert into protected_files set {$q}");
$id = dbOne("select last_insert_id() as id", 'id');
}
} elseif ($_REQUEST['action'] == 'delete') {
dbQuery("delete from protected_files where id={$id}");
$id = 0;
}
Core_cacheClear('protected_files');
}
$r = dbRow('select * from protected_files where id=' . $id);
$details = json_decode($r['details'], true);
switch (@$_REQUEST['view']) {
case 'log':
// {
echo '<table><tr><th>Filename</th><th>Completed</th><th>Email</th><th>D' . 'ate/Time</th></tr>';
$fs = dbAll('select file,success,email,last_access from protected_files_log where' . ' pf_id=' . $id . ' order by last_access desc');
foreach ($fs as $f) {
echo '<tr><td>' . htmlspecialchars($f['file']) . '</td><td>' . ($f['success'] ? 'yes' : 'no') . '</td><td><a href="mailto:' . $f['email'] . '">' . $f['email'] . '</a></td><td>' . $f['last_access'] . '</td></tr>';
}
echo '</table>';
break;
// }
// }
// currency
$DBVARS['online_store_currency'] = 'EUR';
$version = 4;
}
if ($version == 4) {
// callback
/* allow a callback to be set in the database to be called when
* a payment has been completed
*/
dbQuery('alter table online_store_orders add callback text');
$version = 5;
}
if ($version == 5) {
// clear caches
Core_cacheClear('pages');
Core_cacheClear('products');
$version = 6;
}
if ($version == 6) {
// change _apply_vat to _vatfree
$rs = dbAll('select id,online_store_fields from products');
if ($rs !== false) {
foreach ($rs as $r) {
$f = str_replace('"_apply_vat":"0"', '"_vatfree":"1"', $r['online_store_fields']);
$f = str_replace('"_apply_vat":"1"', '"_vatfree":"0"', $f);
dbQuery('update products set online_store_fields="' . addslashes($f) . '" where id=' . $r['id']);
}
}
$version = 7;
}
if ($version == 7) {
static function clearCache()
{
self::$prodsByCid = array();
self::$catsByPid = array();
self::$activeCategories = false;
Core_cacheClear('products_categories_products');
}
/**
* rewrite the config file
*
* @return null
*/
function Core_configRewrite()
{
global $DBVARS;
$tmparr = $DBVARS;
$tmparr['plugins'] = join(',', $DBVARS['plugins']);
$tmparr2 = array();
foreach ($tmparr as $name => $val) {
$tmparr2[] = '\'' . addslashes($name) . '\'=>\'' . addslashes($val) . '\'';
}
$config = "<?php\n\$DBVARS=array(\n\t" . join(",\n\t", $tmparr2) . "\n);";
file_put_contents(CONFIG_FILE, $config);
Core_cacheClear('core');
}
$sql = 'set html="' . addslashes($html) . '",name="' . addslashes($_POST['name']) . '",pages=' . (count($pages) ? 1 : 0);
if ($id) {
dbQuery("update banners_images {$sql} where id={$id}");
} else {
dbQuery("insert into banners_images {$sql}");
$id = dbOne('select last_insert_id() as id', 'id');
$_REQUEST['id'] = $id;
}
dbQuery("delete from banners_pages where bannerid={$id}");
if (is_array($pages)) {
foreach ($pages as $k => $v) {
dbQuery('insert into banners_pages set pageid=' . (int) $v . ",bannerid={$id}");
}
}
$updated = 'Banner Saved';
Core_cacheClear('banner-images');
}
if (isset($updated)) {
echo '<em>' . $updated . '</em>';
}
if (!is_dir(USERBASE . '/f/skin_files')) {
mkdir(USERBASE . '/f/skin_files');
}
if (!is_dir(USERBASE . '/f/skin_files/banner-image')) {
mkdir(USERBASE . '/f/skin_files/banner-image');
}
// { show left menu
echo '<div class="sub-nav">';
$rs = dbAll('select id,name from banners_images');
foreach ($rs as $r) {
echo '<a href="/ww.admin/plugin.php?_plugin=banner-image&id=' . $r['id'] . '&_page=index">' . htmlspecialchars($r['name']) . '</a>';
* @package None
* @author Kae Verens <*****@*****.**>
* @license GPL 2.0
* @link http://kvsites.ie/
*/
if ($version < 1) {
// add table
dbQuery('create table if not exists content_snippets(' . 'id int auto_increment not null primary key,' . 'html text' . ') default charset=utf8;');
$version = 1;
}
if ($version == '1') {
// convert to accordion
dbQuery('alter table content_snippets add accordion smallint default 0');
dbQuery('alter table content_snippets ' . 'add accordion_direction smallint default 0');
// 0 is horizontal
$rs = dbAll('select * from content_snippets');
if (count($rs) && isset($rs[0]['html'])) {
foreach ($rs as $r) {
$arr = array(array('title' => '', 'html' => $r['html']));
dbQuery('update content_snippets set html="' . addslashes(json_encode($arr)) . '" where id=' . $r['id']);
}
Core_cacheClear('content_snippets');
}
dbQuery('alter table content_snippets change html content text');
$version = 2;
}
if ($version == '2') {
// add directory of images
dbQuery('alter table content_snippets add images_directory text');
$version = 3;
}
* PHP Version 5
*
* @category None
* @package None
* @author Kae Verens <*****@*****.**>
* @license GPL Version 2
* @link www.kvweb.me
*/
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'Save') {
// { online_store_vars
foreach ($_REQUEST['ebayVals'] as $k => $v) {
dbQuery('delete from online_store_vars where name="ebay_' . addslashes($k) . '"');
dbQuery('insert into online_store_vars set name="ebay_' . addslashes($k) . '"' . ', val="' . addslashes($v) . '"');
}
// }
Core_cacheClear('online-store');
echo '<em>Saved</em>';
}
echo '<form method="post" action="' . $_url . '" />' . '<div class="accordion">';
// { main
echo '<h2>' . __('Main Details') . '</h2><div><table>' . '<tr><th>What paypal address to use</th>' . '<td><input name="ebayVals[paypal_address]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_paypal_address"', 'val')) . '"/></td></tr>' . '<tr><th>Status</th><td><select name="ebayVals[status]">' . '<option value="0">Sandbox</option>' . '<option value="1"' . (dbOne('select val from online_store_vars where name="ebay_status"', 'val') ? ' selected="selected"' : '') . '>Production</option>' . '</select></td></tr>' . '<tr><th>What country your products come from (2-letter code)</th>' . '<td><input name="ebayVals[country_from]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_country_from"', 'val')) . '"/></td></tr>' . '<tr><th>What location in the country?</th>' . '<td><input name="ebayVals[location]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_location"', 'val')) . '"/></td></tr>' . '<tr><th>How many days to dispatch</th>' . '<td><input name="ebayVals[dispatch_days]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_dispatch_days"', 'val')) . '"/></td></tr>' . '</table></div>';
// }
// { sandbox authentication
echo '<h2>' . __('Sandbox Authentication') . '</h2><div>' . '<p>You must get a developer account from' . ' <a href="https://developer.ebay.com/">eBay</a>.</p>' . '<table>' . '<tr><th>Dev ID</th><td><input name="ebayVals[sandbox_devid]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_sandbox_devid"', 'val')) . '"/></td>' . '<th rowspan="3">User Token</th><td rowspan="3">' . '<textarea name="ebayVals[sandbox_usertoken]">' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_sandbox_usertoken"', 'val')) . '</textarea></td></tr>' . '<tr><th>App ID</th><td><input name="ebayVals[sandbox_appid]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_sandbox_appid"', 'val')) . '"/></td>' . '<tr><th>Cert ID</th><td><input name="ebayVals[sandbox_certid]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_sandbox_certid"', 'val')) . '"/></td></tr>' . '</table></div>';
// }
// { production authentication
echo '<h2>' . __('Production Authentication') . '</h2><div>' . '<p>You must get a developer account from' . ' <a href="https://developer.ebay.com/">eBay</a>.</p><table>' . '<tr><th>Dev ID</th><td><input name="ebayVals[devid]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_devid"', 'val')) . '"/></td>' . '<th rowspan="3">User Token</th><td rowspan="3">' . '<textarea name="ebayVals[usertoken]">' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_usertoken"', 'val')) . '</textarea></td></tr>' . '<tr><th>App ID</th><td><input name="ebayVals[appid]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_appid"', 'val')) . '"/></td></tr>' . '<tr><th>Cert ID</th><td><input name="ebayVals[certid]" value="' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_certid"', 'val')) . '"/></td></tr>' . '</table></div>';
// }
// { description afterword
echo '<h2>' . __('Description Afterword') . '</h2><div><table>' . '<tr><textarea name="ebayVals[description_afterword]">' . htmlspecialchars(dbOne('select val from online_store_vars where name="ebay_description_afterword"', 'val')) . '</textarea></td></tr>' . '</table></div>';
// }
$files = glob($newdir . '/logo-*');
foreach ($files as $f) {
unlink($f);
}
CoreGraphics::convert($_FILES['site_logo']['tmp_name'], $newdir . '/logo.png');
}
$pageLengthLimit = $_REQUEST['site_page_length_limit'];
if (!empty($pageLengthLimit) && is_numeric($pageLengthLimit)) {
$DBVARS['site_page_length_limit'] = $pageLengthLimit;
} else {
if (isset($DBVARS['site_page_length_limit'])) {
unset($DBVARS['site_page_length_limit']);
}
}
Core_configRewrite();
Core_cacheClear();
echo '<em>' . __('options updated') . '</em>';
}
if ($action == 'remove_logo') {
unlink(USERBASE . '/f/skin_files/logo.png');
}
// }
// { form
echo '<form method="post" action="siteoptions.php?page=general" enctype="mu' . 'ltipart/form-data"><input type="hidden" name="MAX_FILE_SIZE" value="999' . '9999" /><table>';
// { website title and subtitle
echo '<tr><th>' . __('Website Title') . '</th><td><input name="site_title" value="' . htmlspecialchars($DBVARS['site_title']) . '" /></td></tr>' . '<tr><th>' . __('Website Subtitle') . '</th><td><input name="site_subtitle" value="' . htmlspecialchars($DBVARS['site_subtitle']) . '" /></td></tr>';
// }
// { canonical domain name
$canonical_name = @$DBVARS['canonical_name'] ? ' value="' . htmlspecialchars($DBVARS['canonical_name']) . '"' : '';
echo '<tr><th>' . __('Canonical Domain Name') . '</th><td><input name="canonical_name" ' . 'placeholder="' . __('leave blank to accept multiple domain names') . '"' . $canonical_name . ' /></td></tr>';
// }
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'save') {
$id = (int) $_REQUEST['id'];
$id_was = $id;
$directory = addslashes($_REQUEST['directory']);
$gallery_type = addslashes($_REQUEST['gallery_type']);
$thumbsize = (int) $_REQUEST['thumbsize'];
$image_size = (int) $_REQUEST['image_size'];
$rows = (int) $_REQUEST['rows'];
$columns = (int) $_REQUEST['columns'];
$sql = 'image_gallery_widget set directory="' . $directory . '",gallery_type="' . $gallery_type . '",thumbsize="' . $thumbsize . '",image_size="' . $image_size . '",
rows="' . $rows . '",columns="' . $columns . '"';
if ($id && dbOne('select id from image_gallery_widget where id=' . $id, 'id')) {
$sql = "update {$sql} where id={$id}";
dbQuery($sql);
} else {
$sql = "insert into {$sql}";
dbQuery($sql);
$id = dbOne('select last_insert_id() as id', 'id');
}
$ret = array('id' => $id, 'id_was' => $id_was);
echo json_encode($ret);
Core_cacheClear('image-gallery');
Core_quit();
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
} else {
$id = 0;
}
echo '<a href="javascript:;" id="image_gallery_editlink_' . $id . '" class="image_gallery_editlink">' . 'view or edit image gallery details</a>';
/**
* move a page
*
* @return array status of the move
*/
function Core_adminPageMove()
{
$id = (int) $_REQUEST['id'];
$to = (int) $_REQUEST['parent_id'];
$order = $_REQUEST['order'];
dbQuery("update pages set parent={$to} where id={$id}");
for ($i = 0; $i < count($order); ++$i) {
$pid = (int) $order[$i];
dbQuery("update pages set ord={$i} where id={$pid}");
}
Core_cacheClear();
dbQuery('update page_summaries set rss=""');
return array('ok' => 1);
}
/**
* exports to file if the status is right
*
* @param int $id ID of the order
* @param array $order details of the order
*
* @return null
*/
function OnlineStore_exportToFile($id)
{
$order = dbRow("SELECT * FROM online_store_orders WHERE id={$id}");
$sendAt = (int) dbOne('select val from online_store_vars where name="export_at_what_point"', 'val');
if ($sendAt == 0 && $order['status'] != '1') {
return;
}
if ($sendAt == 1) {
// never send
return;
}
if ($sendAt == 2 && $order['status'] != '2') {
return;
}
if ($sendAt == 3 && $order['status'] != '4') {
return;
}
$form_vals = json_decode($order['form_vals']);
$items = json_decode($order['items']);
// { start export
$export = dbOne('select val from online_store_vars where name="export_dir"', 'val');
// TODO: ability to edit these values in the admin
$exportcsv = array('"Phone Number","Customer Name","Address 1","Address 2","Postcode",' . '"Email","Stock Number","Amt","Price","Item ID"');
// }
// { handle item-specific stuff (vouchers, stock control)
foreach ($items as $item_index => $item) {
if (!$item->id) {
continue;
}
$p = Product::getInstance($item->id);
$exportcsv[] = '"' . str_replace('"', '""', @$form_vals->Billing_Phone) . '","' . str_replace('"', '""', @$form_vals->Billing_FirstName . ' ' . @$form_vals->Billing_Surname) . '","' . str_replace('"', '""', @$form_vals->Billing_Street) . '","' . str_replace('"', '""', @$form_vals->Billing_Street2) . '","' . str_replace('"', '""', @$form_vals->Billing_Postcode) . ' ' . str_replace('"', '""', @$form_vals->Billing_Town) . '","' . str_replace('"', '""', @$form_vals->Billing_Email) . '","' . str_replace('"', '""', @$p->Billing_stock_number) . '","' . $item->amt . '","' . $item->cost . '","' . $item->id . '"';
// }
}
// }
Core_cacheClear('products');
if ($export && strpos($export, '..') === false) {
$customer = dbOne('select val from online_store_vars where name="export_customers"', 'val');
if ($customer && strpos($customer, '..') === false) {
$customer_filename = dbOne('select val from online_store_vars' . ' where name="export_customer_filename"', 'val');
if (!$customer_filename) {
$customer_filename = 'customer-{{$Billing_Email}}.csv';
}
$customer_filename = str_replace(array('/', '..'), '', $customer_filename);
$bits = preg_match_all('/{{\\$([^}]*)}}/', $customer_filename, $matches, PREG_SET_ORDER);
foreach ($matches as $bit) {
$customer_filename = str_replace('{{$' . $bit[1] . '}}', @$form_vals->{$bit[1]}, $customer_filename);
}
$customer_filename = str_replace(array('..', '/'), '', $customer_filename);
@mkdir(USERBASE . '/' . $customer, 0777, true);
$phone = preg_replace('/[^0-9\\(\\)\\+]/', '', @$form_vals->Billing_Phone);
// TODO: must be able to edit values in the admin
$fcontent = '"Name","Street","Street 2","Postcode","Email","Phone"' . "\n" . '"' . str_replace('"', '""', @$form_vals->Billing_FirstName . ' ' . @$form_vals->Billing_Surname) . '","' . str_replace('"', '""', @$form_vals->Billing_Street) . '","' . str_replace('"', '""', @$form_vals->Billing_Street2) . '","' . str_replace('"', '""', @$form_vals->Billing_Postcode) . '","' . str_replace('"', '""', @$form_vals->Billing_Email) . '","' . str_replace('"', '""', $form_vals->Billing_Phone) . '"';
file_put_contents(USERBASE . '/' . $customer . '/' . $customer_filename, "" . $fcontent);
}
@mkdir(USERBASE . '/' . $export, 0777, true);
file_put_contents(USERBASE . '/' . $export . '/order' . $id . '.csv', "" . join("\r\n", $exportcsv));
}
}