} else {
$_SESSION['error_cart_msg'] = $aLang['error_products_quantity_order_min_text'] . $aLang['error_products_quantity_invalid'] . $cart_quantity . ' - ' . $aLang['products_order_qty_min_text_info'] . ' ' . $products_order_min;
}
}
}
if ($_SESSION['error_cart_msg'] == '') {
MyOOS_CoreApi::redirect(oos_href_link($goto_file, oos_get_all_post_parameters($parameters), 'NONSSL'));
} else {
MyOOS_CoreApi::redirect(oos_href_link($aPages['product_info'], 'products_id=' . $_POST['slave_id']));
}
}
break;
case 'add_a_quickie':
if (DECIMAL_CART_QUANTITY == '1') {
$_POST['cart_quantity'] = str_replace(',', '.', $_POST['cart_quantity']);
$cart_quantity = oos_prepare_input($_POST['cart_quantity']);
}
if (isset($_POST['cart_quantity']) && is_numeric($_POST['cart_quantity'])) {
if (isset($_POST['quickie'])) {
$productstable = $oostable['products'];
$quickie_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE (products_model = '" . addslashes($quickie) . "' OR products_ean = '" . addslashes($quickie) . "')");
if (!$quickie_result->RecordCount()) {
$productstable = $oostable['products'];
$quickie_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE (products_model LIKE '%" . addslashes($quickie) . "%' OR products_ean LIKE '%" . addslashes($quickie) . "%')");
}
if ($quickie_result->RecordCount() != 1) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['advanced_search_result'], 'keywords=' . $quickie, 'NONSSL'));
}
$products_quickie = $quickie_result->fields;
if (oos_has_product_attributes($products_quickie['products_id'])) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['product_info'], 'products_id=' . $products_quickie['products_id'], 'NONSSL'));
if (!isset($nProductsId)) {
$nProductsId = oos_get_product_id($_POST['products_id']);
}
} else {
oos_redirect(oos_href_link($aModules['main'], $aFilename['main']));
}
require 'includes/languages/' . $sLanguage . '/reviews_product_write.php';
$productstable = $oostable['products'];
$products_descriptiontable = $oostable['products_description'];
$sql = "SELECT pd.products_name, p.products_image\n FROM {$productstable} p,\n {$products_descriptiontable} pd\n WHERE p.products_id = '" . intval($nProductsId) . "'\n AND pd.products_id = p.products_id\n AND pd.products_languages_id = '" . intval($nLanguageID) . "'\n AND p.products_status >= '1'";
$product_result = $dbconn->Execute($sql);
$valid_product = $product_result->RecordCount() > 0;
$product_info = $product_result->fields;
if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
$rating = oos_prepare_input($_POST['rating']);
$review = oos_prepare_input($_POST['review']);
if ($valid_product == true) {
// We got to the process but it is an illegal product, don't write
$customersstable = $oostable['customers'];
$sql = "SELECT customers_firstname, customers_lastname\n FROM {$customersstable}\n WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'";
$customer = $dbconn->Execute($sql);
$customer_values = $customer->fields;
$firstname = $customer_values['customers_firstname'];
$lastname = ltrim($customer_values['customers_lastname']);
$lastname = substr($lastname, 0, 1);
$customers_name = $firstname . ' ' . $lastname . '. ';
$reviewstable = $oostable['reviews'];
$dbconn->Execute("INSERT INTO {$reviewstable}\n (products_id,\n customers_id,\n customers_name,\n reviews_rating,\n date_added) VALUES ('" . intval($nProductsId) . "',\n '" . intval($_SESSION['customer_id']) . "',\n '" . oos_db_input($customers_name) . "',\n '" . oos_db_input($rating) . "',\n '" . date("Y-m-d H:i:s", time()) . "')");
$insert_id = $dbconn->Insert_ID();
$reviews_descriptiontable = $oostable['reviews_description'];
$dbconn->Execute("INSERT INTO {$reviews_descriptiontable}\n (reviews_id,\n reviews_languages_id,\n reviews_text) VALUES ('" . intval($insert_id) . "',\n '" . intval($nLanguageID) . "',\n '" . oos_db_input($review) . "')");
unset($_SESSION['customer_country_id']);
unset($_SESSION['customer_zone_id']);
unset($_SESSION['comments']);
unset($_SESSION['customer_max_order']);
unset($_SESSION['gv_id']);
unset($_SESSION['cc_id']);
unset($_SESSION['man_key']);
$_SESSION['cart']->reset();
$_SESSION['member']->default_member();
}
if (isset($_POST['verif_key'])) {
$verif_key = oos_prepare_input($_POST['verif_key']);
}
require 'includes/modules/key_generate.php';
if ( empty( $verif_key ) || !is_string( $verif_key ) ) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
}
$sLanguage = oos_var_prep_for_os($_SESSION['language']);
require 'includes/languages/' . $sLanguage . '.php';
require 'includes/languages/' . $sLanguage . '/admin_create_account.php';
$manual_infotable = $oostable['manual_info'];
$login_result = $dbconn->Execute("SELECT man_key2, man_key3, status FROM $manual_infotable WHERE man_key = '" . oos_db_input($verif_key) . "' AND status = 1 ");
unset($_SESSION['comments']);
unset($_SESSION['customer_max_order']);
unset($_SESSION['gv_id']);
unset($_SESSION['cc_id']);
unset($_SESSION['man_key']);
$_SESSION['cart']->reset();
$_SESSION['member']->default_member();
}
if (isset($_POST)) {
$email_address = oos_prepare_input($_POST['email_address']);
$verif_key = oos_prepare_input($_POST['verif_key']);
}
if (isset($_POST['action']) && $_POST['action'] == 'login_process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
$email_addressb = oos_prepare_input($_POST['email_addressa']);
$keya = oos_prepare_input($_POST['keya']);
$keyb = oos_prepare_input($_POST['keyb']);
$manual_infotable = $oostable['manual_info'];
$sql = "SELECT man_name, defined\n FROM {$manual_infotable}\n WHERE man_key = '" . oos_db_input($keya) . "'\n AND man_key2 = '" . oos_db_input($keyb) . "'\n AND status = '1'";
$login_result = $dbconn->Execute($sql);
if (!$login_result->RecordCount()) {
$manual_infotable = $oostable['manual_info'];
$dbconn->Execute("UPDATE {$manual_infotable}\n SET man_key = '',\n man_key2 = ''\n WHERE man_info_id = '1'");
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
}
// Check if email exists
$customerstable = $oostable['customers'];
$sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_vat_id_status,\n customers_email_address, customers_default_address_id, customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($email_addressb) . "'";
$check_customer_result = $dbconn->Execute($sql);
if (!$check_customer_result->RecordCount()) {
$_GET['login'] = '******';
$dbconn->Execute("UPDATE " . $oostable['manual_info'] . "\n SET man_key2 = ''\n WHERE where man_info_id = '1'");
if (ACCOUNT_VAT_ID == '1') $vat_id = oos_prepare_input($_POST['vat_id']);
$street_address = oos_prepare_input($_POST['street_address']);
if (ACCOUNT_SUBURB == '1') $suburb = oos_prepare_input($_POST['suburb']);
$postcode = oos_prepare_input($_POST['postcode']);
$city = oos_prepare_input($_POST['city']);
if (ACCOUNT_STATE == '1') $state = oos_prepare_input($_POST['state']);
$country = oos_prepare_input($_POST['country']);
$telephone = oos_prepare_input($_POST['telephone']);
$fax = oos_prepare_input($_POST['fax']);
$newsletter = oos_prepare_input($_POST['newsletter']);
$password = oos_prepare_input($_POST['password']);
$confirmation = oos_prepare_input($_POST['confirmation']);
$bError = false; // reset error flag
if (ACCOUNT_GENDER == '1') {
if ( ($gender == 'm') || ($gender == 'f') ) {
$gender_error = false;
} else {
$bError = true;
$gender_error = '1';
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
}
if (strlen($sKeywords) > 0) {
if (!oos_parse_search_string(stripslashes($sKeywords), $search_keywords)) {
$errorno += 10000000;
$error = 1;
}
}
}
if ($error == 1) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['advanced_search'], 'errorno=' . $errorno . $all_get_listing));
} else {
if (isset($_GET['keywords']) && !empty($_GET['keywords'])) {
$sKeywords = oos_prepare_input($_GET['keywords']);
$pw_keywords = explode(' ',stripslashes(strtolower($sKeywords)));
$pw_boldwords = $pw_keywords;
$sql = "SELECT sws_word, sws_replacement FROM " . $oostable['searchword_swap'];
$sql_words = $dbconn->Execute($sql);
$pw_replacement = '';
while ($sql_words_result = $sql_words->fields)
{
if (stripslashes(strtolower($sKeywords)) == stripslashes(strtolower($sql_words_result['sws_word']))) {
$pw_replacement = stripslashes($sql_words_result['sws_replacement']);
$pw_link_text = '<b><i>' . stripslashes($sql_words_result['sws_replacement']) . '</i></b>';
$pw_phrase = 1;
$pw_mispell = 1;
break;
}
for ($i=0; $i<count($pw_keywords); $i++) {
}
if (!isset($_SESSION['customer_id'])) {
if (isset($_GET['action']) && $_GET['action'] == 'process' && !oos_validate_is_email(trim($from_email_address))) {
$fromemail_error = '1';
$error = '1';
}
}
if (isset($_GET['action']) && $_GET['action'] == 'process' && empty($from_name)) {
$fromname_error = '1';
$error = '1';
}
if (isset($_GET['action']) && $_GET['action'] == 'process' && $error == '0' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
$email_subject = sprintf($aLang['text_email_subject'], $from_name, STORE_NAME);
$email_body = sprintf($aLang['text_email_intro'], $friendname, $from_name, $products_name, STORE_NAME) . "\n\n";
if (!empty($_POST['yourmessage'])) {
$email_body .= oos_prepare_input($_POST['yourname']) . "\n\n";
}
$email_body .= sprintf($aLang['text_email_link'], oos_href_link($aModules['products'], $aFilename['product_info'], 'products_id=' . $_GET['products_id'])) . "\n\n" . sprintf($aLang['text_email_signature'], STORE_NAME . "\n" . OOS_HTTP_SERVER . OOS_SHOP . "\n");
oos_mail($friendname, $friendemail, $email_subject, stripslashes($email_body), '', $from_email_address);
} else {
if (isset($_SESSION['customer_id'])) {
$your_name_prompt = $account_values['customers_firstname'] . ' ' . $account_values['customers_lastname'];
$your_email_address_prompt = $account_values['customers_email_address'];
} else {
$your_name_prompt = oos_draw_input_field('yourname', $fromname_error == '1' ? $yourname : $_GET['yourname']);
if ($fromname_error == '1') {
$your_name_prompt .= ' <span class="errorText">' . $aLang['text_required'] . '</span>';
}
$your_email_address_prompt = oos_draw_input_field('from', $fromemail_error == '1' ? $from : $_GET['from']);
if ($fromemail_error == '1') {
$your_email_address_prompt .= $aLang['entry_email_address_check_error'];
function pre_confirmation_check()
{
global $banktransfer_number, $banktransfer_blz, $aLang;
if ($_POST['banktransfer_fax'] == false) {
include 'includes/classes/class_banktransfer_validation.php';
$banktransfer_validation = new AccountCheck();
$banktransfer_result = $banktransfer_validation->CheckAccount($banktransfer_number, $banktransfer_blz);
if ($banktransfer_result > 0 || $_POST['banktransfer_owner'] == '') {
if ($_POST['banktransfer_owner'] == '') {
$error = 'Name des Kontoinhabers fehlt!';
$recheckok = '';
} else {
switch ($banktransfer_result) {
case 1:
// number & blz not ok
$error = $aLang['module_payment_banktransfer_text_bank_error_1'];
$recheckok = '1';
break;
case 5:
// BLZ not found
$error = $aLang['module_payment_banktransfer_text_bank_error_5'];
$recheckok = '1';
break;
case 8:
// no blz entered
$error = $aLang['module_payment_banktransfer_text_bank_error_8'];
$recheckok = '';
break;
case 9:
// no number entered
$error = $aLang['module_payment_banktransfer_text_bank_error_9'];
$recheckok = '';
break;
default:
$error = $aLang['module_payment_banktransfer_text_bank_error_4'];
$recheckok = '1';
break;
}
}
if ($_POST['recheckok'] != '1') {
$payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error) . '&banktransfer_owner=' . urlencode($_POST['banktransfer_owner']) . '&banktransfer_number=' . urlencode($_POST['banktransfer_number']) . '&banktransfer_blz=' . urlencode($_POST['banktransfer_blz']) . '&banktransfer_bankname=' . urlencode($_POST['banktransfer_bankname']) . '&recheckok=' . $recheckok;
$aPages = oos_get_pages();
MyOOS_CoreApi::redirect(oos_href_link($aPages['checkout_payment'], $payment_error_return, 'SSL', true, false));
}
}
$this->banktransfer_owner = oos_prepare_input($_POST['banktransfer_owner']);
$this->banktransfer_blz = oos_prepare_input($_POST['banktransfer_blz']);
$this->banktransfer_number = oos_prepare_input($_POST['banktransfer_number']);
$this->banktransfer_prz = $banktransfer_validation->PRZ;
$this->banktransfer_status = $banktransfer_result;
if ($banktransfer_validation->Bankname != '') {
$this->banktransfer_bankname = $banktransfer_validation->Bankname;
} else {
$this->banktransfer_bankname = oos_prepare_input($_POST['banktransfer_bankname']);
}
}
}
}
$firstname = oos_db_prepare_input($_POST['firstname']);
$lastname = oos_db_prepare_input($_POST['lastname']);
if (ACCOUNT_COMPANY == '1') {
$company = oos_prepare_input($_POST['company']);
}
$street_address = oos_prepare_input($_POST['street_address']);
if (ACCOUNT_SUBURB == '1') {
$suburb = oos_prepare_input($_POST['suburb']);
}
$postcode = oos_prepare_input($_POST['postcode']);
$city = oos_prepare_input($_POST['city']);
if (ACCOUNT_STATE == '1') {
$state = oos_prepare_input($_POST['state']);
}
$country = oos_prepare_input($_POST['country']);
$process = '1';
if (ACCOUNT_GENDER == '1') {
if ($gender == 'm' || $gender == 'f') {
$gender_error = '0';
} else {
$gender_error = '1';
$bError = true;
}
}
if (ACCOUNT_COMPANY == '1') {
if (strlen($company) < ENTRY_COMPANY_MIN_LENGTH) {
$company_error = '1';
$bError = true;
}
}
// Used in the "Backup Manager" to compress backups
define('LOCAL_EXE_GZIP', '/usr/bin/gzip');
define('LOCAL_EXE_GUNZIP', '/usr/bin/gunzip');
define('LOCAL_EXE_ZIP', '/usr/local/bin/zip');
define('LOCAL_EXE_UNZIP', '/usr/local/bin/unzip');
require 'includes/oos_filename.php';
require '../includes/oos_tables.php';
require '../includes/functions/function_global.php';
require 'includes/functions/function_kernel.php';
require '../includes/core/classes/utilities_class.php';
require '../includes/core/classes/core_api_class.php';
// Load server utilities
require '../includes/functions/function_server.php';
if (isset($_POST)) {
foreach ($_POST as $key => $value) {
${$key} = oos_prepare_input($value);
}
}
// define how the session functions will be used
require '../includes/functions/function_session.php';
// set the session ID if it exists
if (isset($_POST[oos_session_name()])) {
oos_session_id($_POST[oos_session_name()]);
} elseif (isset($_GET[oos_session_name()])) {
oos_session_id($_GET[oos_session_name()]);
}
oos_session_name('OOSADMINSID');
oos_session_start();
if (!isset($_SESSION)) {
$_SESSION = array();
}
function oosUpdateConfigShop($db_prefs = false) {
global $reg_src, $reg_rep;
global $dbhost, $dbuname, $dbpass, $dbname, $prefix_table, $dbtype;
global $oos_server, $oos_ssl_server, $enable_ssl, $oos_root_path, $oos_shop_path, $oos_shop_dir, $oos_template_dir, $tmpsession, $tmp_session_crypt;
$static1 = oos_prepare_input($_POST['static1']);
$image01 = oos_prepare_input($_POST['image01']);
$planet = oos_prepare_input($_POST['planet']);
$tracking = oos_prepare_input($_POST['tracking']);
$wordpress = oos_prepare_input($_POST['wordpress']);
add_src_rep("OOS_HTTP_SERVER", $oos_server);
add_src_rep("OOS_HTTPS_SERVER", $oos_ssl_server);
if ($enable_ssl == 'on') {
add_src_rep("ENABLE_SSL", '1');
} else {
add_src_rep("ENABLE_SSL", '0');
}
add_src_rep("STATIC1_HTTP_SERVER", $static1);
add_src_rep("IMAGE01_HTTP_SERVER", $image01);
add_src_rep("PLANET_HTTP_SERVER", $planet);
add_src_rep("TRACKING_HTTP_SERVER", $tracking);
add_src_rep("BLOG_HTTP_SERVER", $wordpress);
add_src_rep("OOS_SHOP", $oos_shop_dir);
add_src_rep("OOS_ABSOLUTE_PATH", $oos_root_path . $oos_shop_dir);
add_src_rep("OOS_TEMP_PATH", $oos_template_dir);
add_src_rep("STORE_SESSIONS", '0');
add_src_rep("STORE_SESSIONS_CRYPT", '0');
add_src_rep("OOS_DB_TYPE", $dbtype);
add_src_rep("OOS_DB_SERVER", $dbhost);
add_src_rep("OOS_DB_USERNAME", base64_encode($dbuname));
add_src_rep("OOS_DB_PASSWORD", base64_encode($dbpass));
add_src_rep("OOS_DB_DATABASE", $dbname);
add_src_rep("OOS_DB_PREFIX", $prefix_table);
if (strstr($HTTP_ENV_VARS["OS"],"Win")) {
add_src_rep("OOS_SYSTEM", '1');
} else {
add_src_rep("OOS_SYSTEM", '0');
}
add_src_rep("OOS_ENCODED", '1');
$ret = modify_file("../includes/configure.php", "../includes/configure-old.php", $reg_src, $reg_rep);
if (preg_match("/Error/", $ret)) {
show_error_shop_info();
}
}
}
// Post-entry error checking when updating or adding an entry
$process = '0';
if (isset($_POST['action']) && ($_POST['action'] == 'process' || $_POST['action'] == 'update')) {
if (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid']) {
$gender = oos_prepare_input($_POST['gender']);
$firstname = oos_prepare_input($_POST['firstname']);
$lastname = oos_prepare_input($_POST['lastname']);
$company = oos_prepare_input($_POST['company']);
$street_address = oos_prepare_input($_POST['street_address']);
$suburb = oos_prepare_input($_POST['suburb']);
$postcode = oos_prepare_input($_POST['postcode']);
$city = oos_prepare_input($_POST['city']);
$state = oos_prepare_input($_POST['state']);
$entry_id = oos_prepare_input($_POST['entry_id']);
$suburb = oos_prepare_input($_POST['suburb']);
$process = '1';
$error = '0';
if (ACCOUNT_GENDER == '1') {
if ($gender == 'm' || $gender == 'f') {
$gender_error = '0';
} else {
$gender_error = '1';
$error = '1';
}
}
if (ACCOUNT_COMPANY == '1') {
if (strlen($company) < ENTRY_COMPANY_MIN_LENGTH) {
$company_error = '1';
$error = '1';
}
require_once '../includes/functions/function_global.php';
require_once '../includes/functions/function_kernel.php';
require_once '../includes/functions/function_password.php';
require_once '../includes/lib/adodb/adodb.inc.php';
include_once 'modify_configure.php';
include_once 'upgrade.php';
include_once 'newinstall.php';
include_once 'gui.php';
include_once 'db.php';
include_once 'check.php';
include_once 'language.php';
if (isset($_POST)) {
foreach ($_POST as $k=>$v) {
$$k = oos_prepare_input($v);
}
}
if (isset($alanguage)) {
$currentlang = $alanguage;
}
if (isset($aupdate)) {
$update = $aupdate;
}
if (!empty($encoded)) {
$dbuname = base64_decode($dbuname);
$dbpass = base64_decode($dbpass);
}
}
define('OOS_VALID_MOD', 'yes');
require_once '../includes/functions/function_global.php';
require_once '../includes/functions/function_kernel.php';
require_once '../includes/functions/function_password.php';
require_once '../includes/lib/adodb/adodb.inc.php';
include_once 'modify_configure.php';
include_once 'upgrade.php';
include_once 'newinstall.php';
include_once 'gui.php';
include_once 'db.php';
include_once 'check.php';
include_once 'language.php';
if (isset($_POST)) {
foreach ($_POST as $k => $v) {
${$k} = oos_prepare_input($v);
}
}
if (isset($alanguage)) {
$currentlang = $alanguage;
}
if (isset($aupdate)) {
$update = $aupdate;
}
if (!empty($encoded)) {
$dbuname = base64_decode($dbuname);
$dbpass = base64_decode($dbpass);
}
installer_get_language();
include_once 'header.php';
/* This starts the switch statement that filters through the form options.
if (isset($_GET['tlid'])) {
$tlid = oos_db_prepare_input($_GET['tlid']);
}
if (isset($_POST['tlid'])) {
$tlid = oos_prepare_input($_POST['tlid']);
}
if (strlen($tlid) < 10) {
unset($tlid);
}
// Form was submitted
$bError = false;
if (isset($_POST['action']) && $_POST['action'] == 'send' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid']) && isset($tlid)) {
$status = oos_prepare_input($_POST['status']);
$department = oos_prepare_input($_POST['department']);
$priority = oos_prepare_input($_POST['priority']);
$enquiry = oos_prepare_input($_POST['enquiry']);
// Check Message length
if (isset($enquiry) && strlen($enquiry) < TICKET_ENTRIES_MIN_LENGTH) {
$bError = true;
$_SESSION['error_message'] = $aLang['ticket_warning_enquiry_too_short'];
}
if ($bError === false) {
$ticket_tickettable = $oostable['ticket_ticket'];
$sql = "SELECT ticket_id, ticket_customers_name\n FROM {$ticket_tickettable}\n WHERE ticket_link_id = '" . oos_db_input($tlid) . "'";
$ticket_id_result = $dbconn->Execute($sql);
$ticket_id = $ticket_id_result->fields;
if ($ticket_id['ticket_id']) {
if (TICKET_ALLOW_CUSTOMER_TO_CHANGE_STATUS == '0' && TICKET_CUSTOMER_REPLY_STATUS_ID > 0) {
$status = TICKET_CUSTOMER_REPLY_STATUS_ID;
}
$sql_data_array = array('ticket_id' => $ticket_id['ticket_id'], 'ticket_status_id' => $status, 'ticket_priority_id' => $priority, 'ticket_department_id' => $department, 'ticket_date_modified' => 'now()', 'ticket_customer_notified' => '0', 'ticket_edited_by' => $ticket_id['ticket_customers_name'], 'ticket_comments' => $enquiry);
Max Order - 2003/04/27 JOHNSON - Copyright (c) 2003 Matti Ressler - mattifinn@optusnet.com.au
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
// DO NOT RUN THIS SCRIPT STANDALONE
if (count(get_included_files()) < 2) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: /");
exit;
}
$_SESSION['navigation']->remove_current_page();
require 'includes/languages/' . $sLanguage . '/user_login.php';
if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
$email_address = oos_prepare_input($_POST['email_address']);
$password = oos_prepare_input($_POST['password']);
if (empty($email_address) || !is_string($email_address)) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
}
// Check if email exists
$customerstable = $oostable['customers'];
$sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_language,\n customers_vat_id_status, customers_email_address, customers_default_address_id,\n customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($email_address) . "'";
$check_customer_result = $dbconn->Execute($sql);
if (!$check_customer_result->RecordCount()) {
$_GET['login'] = '******';
} else {
$check_customer = $check_customer_result->fields;
// Check that password is good
if (!oos_validate_password($password, $check_customer['customers_password'])) {
$_GET['login'] = '******';
} else {
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2002 - 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
// DO NOT RUN THIS SCRIPT STANDALONE
if (count(get_included_files()) < 2) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: /");
exit;
}
require 'includes/languages/' . $sLanguage . '/newsletters_subscription_center.php';
if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
$email_address = oos_prepare_input($_POST['email_address']);
if (empty($email_address) || !is_string($email_address)) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
}
$customerstable = $oostable['customers'];
$sql = "SELECT customers_firstname, customers_lastname, customers_id\n FROM {$customerstable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'";
$check_customer_result = $dbconn->Execute($sql);
if ($check_customer_result->RecordCount()) {
$check_customer = $check_customer_result->fields;
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_newsletter = '0'\n WHERE customers_id = '" . $check_customer['customers_id'] . "'");
MyOOS_CoreApi::redirect(oos_href_link($aPages['newsletters_unsubscribe_success']));
} else {
$maillisttable = $oostable['maillist'];
$sql = "SELECT customers_firstname\n FROM {$maillisttable}\n WHERE customers_email_address = '" . oos_db_input($email_address) . "'";
$check_mail_customer_result = $dbconn->Execute($sql);
// process the selected shipping method
if ( (isset($_POST['action']) && ($_POST['action'] == 'process')) && (isset($_SESSION['formid']) && ($_SESSION['formid'] == $_POST['formid'])) ) {
if ( (isset($_POST['comments'])) && (empty($_POST['comments'])) ) {
$_SESSION['comments'] = '';
} elseif (isset($_POST['comments'])) {
$_SESSION['comments'] = oos_db_prepare_input($_POST['comments']);
}
if (isset($_POST['campaign_id']) && is_numeric($_POST['campaign_id'])) {
$_SESSION['campaigns_id'] = intval($_POST['campaign_id']);
}
if ( (oos_count_shipping_modules() > 0) || ($free_shipping == true) ) {
if ( (isset($_POST['shipping'])) && (strpos($_POST['shipping'], '_')) ) {
$_SESSION['shipping'] = oos_prepare_input($_POST['shipping']);
list($module, $method) = preg_split("/_/", $_SESSION['shipping']);
if ( is_object($$module) || ($_SESSION['shipping'] == 'free_free') ) {
if ($_SESSION['shipping'] == 'free_free') {
$quote[0]['methods'][0]['title'] = $aLang['free_shipping_title'];
$quote[0]['methods'][0]['cost'] = '0';
} else {
$quote = $oShippingModules->quote($method, $module);
}
if (isset($quote['error'])) {
unset($_SESSION['shipping']);
} else {
if ( (isset($quote[0]['methods'][0]['title'])) && (isset($quote[0]['methods'][0]['cost'])) ) {
$_SESSION['shipping'] = array('id' => $_SESSION['shipping'],
