/**
* Admin Kernel
*
* @link http://www.oos-shop.de/
* @package Admin Kernel
* @author r23 <*****@*****.**>
* @copyright 2003 r23
* @version $Revision: 1.67 $ - changed by $Author: r23 $ on $Date: 2009/10/28 17:42:07 $
*/
function oos_admin_check_login()
{
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$aFilename = oos_get_filename();
if (!isset($_SESSION['login_id'])) {
oos_redirect_admin(oos_href_link_admin($aFilename['login'], '', 'SSL'));
} else {
$filename = split('\\?', basename($_SERVER['PHP_SELF']));
$filename = $filename[0];
$page_key = array_search($filename, $aFilename);
if ($filename != $aFilename['default'] && $filename != $aFilename['forbiden'] && $filename != $aFilename['logoff'] && $filename != $aFilename['admin_account'] && $filename != $aFilename['popup_image'] && $filename != $aFilename['packingslip'] && $filename != $aFilename['popup_image_product'] && $filename != $aFilename['popup_image_news'] && $filename != $aFilename['popup_subimage_product'] && $filename != $aFilename['invoice'] && $filename != $aFilename['edit_orders']) {
$admin_filestable = $oostable['admin_files'];
$query = "SELECT admin_files_name\n FROM {$admin_filestable}\n WHERE FIND_IN_SET( '" . $_SESSION['login_groups_id'] . "', admin_groups_id)\n AND admin_files_name = '" . $page_key . "'";
$result =& $dbconn->Execute($query);
if (!$result->RecordCount()) {
oos_redirect_admin(oos_href_link_admin($aFilename['forbiden']));
}
}
}
}
</td>
<td class="pageHeading" align="right"><?php
echo oos_draw_separator('trans.gif', '1', HEADING_IMAGE_HEIGHT);
?>
</td>
<td class="pageHeading" align="right"><?php
echo oos_draw_pull_down_menu('goto', $goto_array, $_SESSION['current_path'], 'onChange="this.form.submit();"');
?>
</td>
</form></tr>
</table></td>
</tr>
<?php
if ($directory_writeable && $action == 'new_file' || $action == 'edit') {
if (strstr($_GET['info'], '..')) {
oos_redirect_admin(oos_href_link_admin($aFilename['file_manager']));
}
if (!isset($file_writeable)) {
$file_writeable = true;
}
$file_contents = '';
if ($action == 'new_file') {
$filename_input_field = oos_draw_input_field('filename');
} elseif ($action == 'edit') {
if ($file_array = file($_SESSION['current_path'] . '/' . $_GET['info'])) {
$file_contents = htmlspecialchars(implode('', $file_array));
}
$filename_input_field = $_GET['info'] . oos_draw_hidden_field('filename', $_GET['info']);
}
?>
<tr>
$dbconn->Execute("DELETE FROM {$manufacturers_infotable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'");
if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') {
$productstable = $oostable['products'];
$products_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'");
while ($products = $products_result->fields) {
oos_remove_product($products['products_id']);
// Move that ADOdb pointer!
$products_result->MoveNext();
}
// Close result set
$products_result->Close();
} else {
$productstable = $oostable['products'];
$dbconn->Execute("UPDATE {$productstable} SET manufacturers_id = '' WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'");
}
oos_redirect_admin(oos_href_link_admin($aFilename['manufacturers'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
?>
" cellspacing="1" cellpadding="1" class="columnLeft">
http://www.oscommerce.com
Copyright (c) 2001 - 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
define('OOS_VALID_MOD', 'yes');
require 'includes/oos_main.php';
if (!isset($_SESSION['login_id'])) {
oos_redirect_admin(oos_href_link_admin($aFilename['login'], '', 'SSL'));
}
if ( !current_user_can('stats_low_stock') )
oos_redirect_admin(oos_href_link_admin($aFilename['forbiden']));
$no_js_general = true;
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<?php require 'includes/oos_blocks.php'; ?>
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
switch ($action) {
case 'delete':
$error = ERROR_REMOVE_UNLOCKED_NEWSLETTER;
break;
case 'new':
$error = ERROR_EDIT_UNLOCKED_NEWSLETTER;
break;
case 'send':
$error = ERROR_SEND_UNLOCKED_NEWSLETTER;
break;
case 'confirm_send':
$error = ERROR_SEND_UNLOCKED_NEWSLETTER;
break;
}
$messageStack->add_session($error, 'error');
oos_redirect_admin(oos_href_link_admin($aFilename['newsletters'], 'page=' . $_GET['page'] . '&nID=' . $_GET['nID']));
}
break;
}
}
$no_js_general = true;
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
}
if (isset($_REQUEST['page_type'])) {
reset($_REQUEST['page_type']);
foreach ($_REQUEST['page_type'] as $k => $id) {
$sql = "INSERT INTO " . $oostable['block_to_page_type'] . "\n (block_id,\n page_type_id)\n VALUES (" . $dbconn->qstr($block_content_id) . ',' . $dbconn->qstr($id) . ")";
$dbconn->Execute($sql);
}
}
oos_redirect_admin(oos_href_link_admin($aFilename['content_block'], 'page=' . $_GET['page'] . '&bID=' . $block_content_id));
break;
case 'deleteconfirm':
$block_content_id = oos_db_prepare_input($_GET['bID']);
$dbconn->Execute("DELETE FROM " . $oostable['block'] . " WHERE block_id = '" . intval($block_content_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['block_info'] . " WHERE block_id = '" . intval($block_content_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['block_to_page_type'] . " WHERE block_id = '" . intval($block_content_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['content_block'], 'page=' . $_GET['page']));
break;
}
}
$no_js_general = true;
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo block_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo block_WIDTH;
?>
$fp = fopen(OOS_FEEDS_EXPORT_PATH . $file_google, "w");
$fout = fwrite($fp, $output);
fclose($fp);
if (!$dryrun) {
$result = ftp_file($ftp_server, $ftp_user_name, $ftp_password, OOS_FEEDS_EXPORT_PATH . $file_google, $ftp_directory, $ftp_destination_file);
}
$messageStack->add(SUCCESS_EXPORT_DATABASE_SAVED, 'success');
break;
case 'deleteconfirm':
if (strstr($_GET['file'], '..')) {
oos_redirect_admin(oos_href_link_admin($aFilename['export_googlebase']));
}
oos_remove(OOS_FEEDS_EXPORT_PATH . '/' . $_GET['file']);
if (!$oos_remove_error) {
$messageStack->add_session(SUCCESS_EXPORT_DELETED, 'success');
oos_redirect_admin(oos_href_link_admin($aFilename['export_googlebase']));
}
break;
}
}
// check if the backup directory exists
$dir_ok = false;
if (is_dir(oos_get_local_path(OOS_FEEDS_EXPORT_PATH))) {
if (is_writeable(oos_get_local_path(OOS_FEEDS_EXPORT_PATH))) {
$dir_ok = true;
} else {
$messageStack->add(ERROR_EXPORT_DIRECTORY_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add(ERROR_EXPORT_DIRECTORY_DOES_NOT_EXIST, 'error');
}
header('Content-disposition: attachment; filename=' . $_GET['file']);
echo $buffer;
exit;
}
} else {
$messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error');
}
break;
case 'deleteconfirm':
if (strstr($_GET['file'], '..')) {
oos_redirect_admin(oos_href_link_admin($aFilename['export_stampit']));
}
oos_remove(OOS_EXPORT_PATH . '/' . $_GET['file']);
if (!$oos_remove_error) {
$messageStack->add_session(SUCCESS_EXPORT_DELETED, 'success');
oos_redirect_admin(oos_href_link_admin($aFilename['export_stampit']));
}
break;
}
}
// check if the backup directory exists
$dir_ok = false;
if (is_dir(oos_get_local_path(OOS_EXPORT_PATH))) {
if (is_writeable(oos_get_local_path(OOS_EXPORT_PATH))) {
$dir_ok = true;
} else {
$messageStack->add(ERROR_EXPORT_DIRECTORY_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add(ERROR_EXPORT_DIRECTORY_DOES_NOT_EXIST, 'error');
}
if (isset($_SESSION['password_forgotten'])) {
unset($_SESSION['password_forgotten']);
}
$_SESSION['login_id'] = $check_admin['login_id'];
$_SESSION['login_groups_id'] = $check_admin['login_groups_id'];
$_SESSION['login_first_name'] = $check_admin['login_firstname'];
$login_email_address = $check_admin['login_email_address'];
$login_logdate = $check_admin['login_logdate'];
$login_lognum = $check_admin['login_lognum'];
$login_modified = $check_admin['login_modified'];
//$date_now = date('Ymd');
$dbconn->Execute("UPDATE " . $oostable['admin'] . "\n SET admin_logdate = '" . date("Y-m-d H:i:s", time()) . "', admin_lognum = admin_lognum+1\n WHERE admin_id = '" . $_SESSION['login_id'] . "'");
if ($login_lognum == 0 || !$login_logdate || $login_email_address == 'admin@localhost' || $login_modified == '0000-00-00 00:00:00') {
oos_redirect_admin(oos_href_link_admin($aFilename['admin_account']));
} else {
oos_redirect_admin(oos_href_link_admin($aFilename['default']));
}
}
}
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
?>
}
$currencies = new currencies();
// Delete Entry Begin
if ($_GET['action'] == 'delete') {
$customers_baskettable = $oostable['customers_basket'];
$sql = "DELETE FROM $customers_baskettable WHERE customers_id = '" . (int)$_GET['customer_id'] . "'";
$dbconn->Execute($sql);
$customers_basket_attributestable = $oostable['customers_basket_attributes'];
$sql = "DELETE FROM $customers_basket_attributestable WHERE customers_id = '" . (int)$_GET['customer_id'] . "'";
$dbconn->Execute($sql);
oos_redirect_admin(oos_href_link_admin($aFilename['recover_cart_sales'], 'delete=1&customer_id=' . (int)$_GET['customer_id'] . '&tdate=' . $_GET['tdate']));
}
if ($_GET['delete']) {
$messageStack->add(MESSAGE_STACK_CUSTOMER_ID . (int)$_GET['customer_id'] . MESSAGE_STACK_DELETE_SUCCESS, 'success');
}
// Delete Entry End
$tdate = ($_POST['tdate']?$_POST['tdate']:RCS_BASE_DAYS);
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top">
$configurationtable = $oostable['configuration'];
$dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . intval($products_units_id) . "' WHERE configuration_key = 'DEFAULT_PRODUCTS_UNITS_ID'");
}
oos_redirect_admin(oos_href_link_admin($aFilename['products_units'], 'page=' . $_GET['page'] . '&uID=' . $products_units_id));
break;
case 'deleteconfirm':
$uID = oos_db_prepare_input($_GET['uID']);
$configurationtable = $oostable['configuration'];
$products_units_result = $dbconn->Execute("SELECT configuration_value FROM {$configurationtable} WHERE configuration_key = 'DEFAULT_PRODUCTS_UNITS_ID'");
$products_units = $products_units_result->fields;
if ($products_units['configuration_value'] == $uID) {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_PRODUCTS_UNITS_ID'");
}
$products_unitstable = $oostable['products_units'];
$dbconn->Execute("DELETE FROM {$products_unitstable} WHERE products_units_id = '" . intval($uID) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['products_units'], 'page=' . $_GET['page']));
break;
case 'delete':
$uID = oos_db_prepare_input($_GET['uID']);
$productstable = $oostable['products'];
$status_result = $dbconn->Execute("SELECT COUNT(*) AS total FROM {$productstable} WHERE products_units_id = '" . oos_db_input($uID) . "'");
$status = $status_result->fields;
$remove_status = true;
if ($uID == DEFAULT_PRODUCTS_UNITS_ID) {
$remove_status = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_PRODUCTS_UNITS, 'error');
} elseif ($status['total'] > 0) {
$remove_status = false;
$messageStack->add(ERROR_STATUS_USED_IN_PRODUCTS, 'error');
}
break;
if ($status == '1') {
return $dbconn->Execute("UPDATE " . $oostable['manual_info'] . " SET status = '1', expires_date = NULL, manual_last_modified = '" . date("Y-m-d H:i:s", time()) . "', date_status_change ='" . date("Y-m-d H:i:s", time()) . "' WHERE man_info_id = '" . $man_info_id . "'");
} elseif ($status == '0') {
return $dbconn->Execute("UPDATE " . $oostable['manual_info'] . " SET status = '0', man_key = '', man_key2 = '', manual_last_modified = '" . date("Y-m-d H:i:s", time()) . "' WHERE man_info_id = '" . $man_info_id . "'");
} else {
return -1;
}
}
$action = (isset($_GET['action']) ? $_GET['action'] : '');
if (!empty($action)) {
switch ($action) {
case 'setflag':
oos_set_login_status($_GET['id'], $_GET['flag']);
oos_redirect_admin(oos_href_link_admin($aFilename['manual_loging'], '', 'NONSSL'));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<?php require 'includes/oos_blocks.php'; ?>
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
$check_email_query = "SELECT admin_email_address FROM " . $admintable . " WHERE admin_id <> " . $admin_id . "";
$check_email_result =& $dbconn->Execute($check_email_query);
while ($check_email = $check_email_result->fields) {
$stored_email[] = $check_email['admin_email_address'];
// Move that ADOdb pointer!
$check_email_result->MoveNext();
}
// Close result set
$check_email_result->Close();
if (in_array($_POST['admin_email_address'], $stored_email)) {
oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'action=edit_process&error=email'));
} else {
$sql_data_array = array('admin_firstname' => oos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => oos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => oos_db_prepare_input($_POST['admin_email_address']), 'admin_password' => oos_encrypt_password(oos_db_prepare_input($_POST['admin_password'])), 'admin_modified' => '" . date("Y-m-d H:i:s", time()) . "');
oos_db_perform($oostable['admin'], $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
//oos_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], OOS_HTTP_SERVER . OOS_SHOP . 'admin/', $_POST['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'page=' . $_GET['page'] . '&mID=' . $admin_id));
}
break;
}
}
require 'includes/oos_header.php';
require 'includes/account_check.js.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
if ($information_id > 5) {
if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') {
$informationtable = $oostable['information'];
$informations_result = $dbconn->Execute("SELECT information_image FROM {$informationtable} WHERE information_id = '" . oos_db_input($information_id) . "'");
$informations = $informations_result->fields;
$image_location = OOS_ABSOLUTE_PATH . OOS_IMAGES . $informations['information_image'];
if (file_exists($image_location)) {
@unlink($image_location);
}
}
$informationtable = $oostable['information'];
$dbconn->Execute("DELETE FROM {$informationtable} WHERE information_id = '" . oos_db_input($information_id) . "'");
$information_descriptiontable = $oostable['information_description'];
$dbconn->Execute("DELETE FROM {$information_descriptiontable} WHERE information_id = '" . oos_db_input($information_id) . "'");
}
oos_redirect_admin(oos_href_link_admin($aFilename['information'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
?>
" cellspacing="1" cellpadding="1" class="columnLeft">
$dbconn->Execute("DELETE FROM " . $oostable['reviews'] . " WHERE customers_id = '" . intval($customers_id) . "'");
} else {
$dbconn->Execute("UPDATE " . $oostable['reviews'] . " SET customers_id = null WHERE customers_id = '" . intval($customers_id) . "'");
}
$dbconn->Execute("DELETE FROM " . $oostable['address_book'] . " WHERE customers_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers'] . " WHERE customers_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_info'] . " WHERE customers_info_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_basket'] . " WHERE customers_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_basket_attributes'] . " WHERE customers_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist'] . " WHERE customers_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist_attributes'] . " WHERE customers_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['customers_status_history'] . " WHERE customers_id = '" . intval($customers_id) . "'");
$dbconn->Execute("DELETE FROM " . $oostable['whos_online'] . " WHERE customer_id = '" . intval($customers_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['customers'], oos_get_all_get_params(array('cID', 'action'))));
break;
}
}
require 'includes/oos_header.php';
if ($action == 'edit') {
?>
<script language="javascript"><!--
function resetStateText(theForm) {
theForm.entry_state.value = '';
if (theForm.entry_zone_id.options.length > 1) {
theForm.entry_state.value = '<?php echo JS_STATE_SELECT; ?>';
}
}
case 'insert':
$tax_ratestable = $oostable['tax_rates'];
$dbconn->Execute("INSERT INTO {$tax_ratestable} (tax_zone_id, tax_class_id, tax_rate, tax_description, date_added) VALUES ('" . oos_db_input($tax_zone_id) . "', '" . oos_db_input($tax_class_id) . "', '" . oos_db_input($tax_rate) . "', '" . oos_db_input($tax_description) . "', now())");
oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates']));
break;
case 'save':
$tax_rates_id = oos_db_prepare_input($_GET['tID']);
$tax_ratestable = $oostable['tax_rates'];
$dbconn->Execute("UPDATE {$tax_ratestable} SET tax_rates_id = '" . oos_db_input($tax_rates_id) . "', tax_zone_id = '" . oos_db_input($tax_zone_id) . "', tax_class_id = '" . oos_db_input($tax_class_id) . "', tax_rate = '" . oos_db_input($tax_rate) . "', tax_description = '" . oos_db_input($tax_description) . "', tax_priority = '" . oos_db_input($tax_priority) . "', last_modified = now() WHERE tax_rates_id = '" . oos_db_input($tax_rates_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'], 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id));
break;
case 'deleteconfirm':
$tax_rates_id = oos_db_prepare_input($_GET['tID']);
$tax_ratestable = $oostable['tax_rates'];
$dbconn->Execute("DELETE FROM {$tax_ratestable} WHERE tax_rates_id = '" . oos_db_input($tax_rates_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
?>
" cellspacing="1" cellpadding="1" class="columnLeft">
if (oos_empty($_GET['categories'])) {
$categories = $current_category_id;
}
$languages = oos_get_languages();
for ($i = 0, $n = count($languages); $i < $n; $i++) {
$lang_id = $languages[$i]['id'];
$sql_data_array = array('products_name' => oos_db_prepare_input($_POST['products_name'][$lang_id]), 'products_description' => oos_db_prepare_input($_POST['products_description_' . $languages[$i]['id']]), 'products_description_meta' => oos_db_prepare_input($_POST['products_description_meta_' . $languages[$i]['id']]), 'products_keywords_meta' => oos_db_prepare_input($_POST['products_keywords_meta_' . $languages[$i]['id']]), 'products_url' => oos_db_prepare_input($_POST['products_url'][$lang_id]));
if ($action == 'insert_product') {
$insert_sql_data = array('products_id' => $products_id, 'products_languages_id' => $lang_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
oos_db_perform($oostable['products_description'], $sql_data_array);
} elseif ($action == 'update_product') {
oos_db_perform($oostable['products_description'], $sql_data_array, 'update', 'products_id = \'' . oos_db_input($products_id) . '\' and products_languages_id = \'' . $lang_id . '\'');
}
}
oos_redirect_admin(oos_href_link_admin($aFilename['categories'], 'categories=' . $categories . '&pID=' . $products_id));
}
break;
}
}
// check if the catalog image directory exists
if (is_dir(OOS_ABSOLUTE_PATH . OOS_IMAGES)) {
if (!is_writeable(OOS_ABSOLUTE_PATH . OOS_IMAGES)) {
$messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_DOES_NOT_EXIST, 'error');
}
$no_js_general = true;
require 'includes/oos_header.php';
?>
$RunningTax += $order->products[$i]['tax'] / 100 * ($order->products[$i]['qty'] * $order->products[$i]['final_price']);
}
// Tax
$Query = "update " . $oostable['orders_total'] . " set\n text = '\$" . number_format($RunningTax, 2, '.', ',') . "',\n value = '" . $RunningTax . "'\n WHERE class='ot_tax' and orders_id={$oID}";
$dbconn->Execute($Query);
// Sub-Total
$Query = "update " . $oostable['orders_total'] . " set\n text = '\$" . number_format($RunningSubTotal, 2, '.', ',') . "',\n value = '" . $RunningSubTotal . "'\n WHERE class='ot_subtotal' and orders_id={$oID}";
$dbconn->Execute($Query);
// Total
$Query = "select sum(value) as total_value from " . $oostable['orders_total'] . " WHERE class != 'ot_total' and orders_id={$oID}";
$result = $dbconn->Execute($Query);
$row = $result->fields;
$Total = $row["total_value"];
$Query = "update " . $oostable['orders_total'] . " set\n text = '<b>\$" . number_format($Total, 2, '.', ',') . "</b>',\n value = '" . $Total . "'\n WHERE class='ot_total' and orders_id={$oID}";
$dbconn->Execute($Query);
oos_redirect_admin(oos_href_link_admin("edit_orders.php", oos_get_all_get_params(array('action')) . 'action=edit'));
}
break;
}
}
if ($action == 'edit' && isset($_GET['oID'])) {
$oID = oos_db_prepare_input($_GET['oID']);
$orders_result = $dbconn->Execute("SELECT orders_id FROM " . $oostable['orders'] . " WHERE orders_id = '" . (int) $oID . "'");
$order_exists = true;
if (!$orders_result->RecordCount()) {
$order_exists = false;
$messageStack->add(sprintf(ERROR_ORDER_DOES_NOT_EXIST, $oID), 'error');
}
}
require 'includes/oos_header.php';
?>
switch ($action) {
case 'update':
$reviews_id = oos_db_prepare_input($_GET['rID']);
$reviewstable = $oostable['reviews'];
$dbconn->Execute("UPDATE {$reviewstable} SET reviews_rating = '" . oos_db_input($reviews_rating) . "', last_modified = now() WHERE reviews_id = '" . oos_db_input($reviews_id) . "'");
$reviews_descriptiontable = $oostable['reviews_description'];
$dbconn->Execute("UPDATE {$reviews_descriptiontable} SET reviews_text = '" . oos_db_input($reviews_text) . "' WHERE reviews_id = '" . oos_db_input($reviews_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['reviews'], 'page=' . $_GET['page'] . '&rID=' . $reviews_id));
break;
case 'deleteconfirm':
$reviews_id = oos_db_prepare_input($_GET['rID']);
$reviewstable = $oostable['reviews'];
$dbconn->Execute("DELETE FROM {$reviewstable} WHERE reviews_id = '" . oos_db_input($reviews_id) . "'");
$reviews_descriptiontable = $oostable['reviews_description'];
$dbconn->Execute("DELETE FROM {$reviews_descriptiontable} WHERE reviews_id = '" . oos_db_input($reviews_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['reviews'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
?>
" cellspacing="1" cellpadding="1" class="columnLeft">
$expires_date = $_POST['year'];
$expires_date .= (strlen($_POST['month']) == 1) ? '0' . $_POST['month'] : $_POST['month'];
$expires_date .= (strlen($_POST['day']) == 1) ? '0' . $_POST['day'] : $_POST['day'];
}
$dbconn->Execute("UPDATE " . $oostable['specials'] . " SET specials_new_products_price = '" . $_POST['specials_price'] . "', specials_last_modified = now(), expires_date = '" . $expires_date . "' WHERE specials_id = '" . $_POST['specials_id'] . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['specials'], 'page=' . $_GET['page'] . '&sID=' . $specials_id));
break;
case 'deleteconfirm':
$specials_id = oos_db_prepare_input($_GET['sID']);
$specialstable = $oostable['specials'];
$dbconn->Execute("DELETE FROM $specialstable WHERE specials_id = '" . oos_db_input($specials_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['specials'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
if ( ($action == 'new') || ($action == 'edit') ) {
?>
<link rel="stylesheet" type="text/css" href="includes/javascript/calendar.css">
<script language="JavaScript" src="includes/javascript/calendarcode.js"></script>
<?php
}
?>
<div id="popupcalendar" class="text"></div>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page'] . '&oID=' . $ticket_reply_id));
break;
case 'deleteconfirm':
$oID = oos_db_prepare_input($_GET['oID']);
$configurationtable = $oostable['configuration'];
$ticket_reply_result = $dbconn->Execute("SELECT configuration_value FROM $configurationtable WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'");
$ticket_reply = $ticket_reply_result->fields;
if ($ticket_reply['configuration_value'] == $oID) {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'");
}
$dbconn->Execute("DELETE FROM " . $oostable['ticket_reply'] . " WHERE ticket_reply_id = '" . oos_db_input($oID) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page']));
break;
}
}
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<?php require 'includes/oos_blocks.php'; ?>
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
if (isset($_POST['default']) && $_POST['default'] == 'on') {
$configurationtable = $oostable['configuration'];
$dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . oos_db_input($ticket_department_id) . "' WHERE configuration_key = 'TICKET_DEFAULT_DEPARTMENT_ID'");
}
oos_redirect_admin(oos_href_link_admin($aFilename['ticket_department'], 'page=' . $_GET['page'] . '&oID=' . $ticket_department_id));
break;
case 'deleteconfirm':
$oID = oos_db_prepare_input($_GET['oID']);
$configurationtable = $oostable['configuration'];
$ticket_department_result = $dbconn->Execute("SELECT configuration_value FROM {$configurationtable} WHERE configuration_key = 'TICKET_DEFAULT_DEPARTMENT_ID'");
$ticket_department = $ticket_department_result->fields;
if ($ticket_department['configuration_value'] == $oID) {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'TICKET_DEFAULT_DEPARTMENT_ID'");
}
$dbconn->Execute("DELETE FROM " . $oostable['ticket_department'] . " WHERE ticket_department_id = '" . oos_db_input($oID) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['ticket_department'], 'page=' . $_GET['page']));
break;
case 'delete':
$oID = oos_db_prepare_input($_GET['oID']);
$ticket_tickettable = $oostable['ticket_ticket'];
$department_result = $dbconn->Execute("SELECT count(*) as count FROM {$ticket_tickettable} WHERE ticket_department_id = '" . oos_db_input($oID) . "'");
$department = $department_result->fields;
$remove_department = true;
if ($oID == TICKET_DEFAULT_DEPARTMENT_ID) {
$remove_department = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_TEXT_DEPARTMENT, 'error');
} elseif ($department['count'] > 0) {
$remove_department = false;
$messageStack->add(ERROR_DEPARTMENT_USED_IN_TICKET, 'error');
} else {
$ticket_status_historytable = $oostable['ticket_status_history'];
for ($i = 0, $n = count($languages); $i < $n; $i++) {
$lang_id = $languages[$i]['id'];
$update = $dbconn->Execute("UPDATE " . $oostable['coupons_description'] . " SET coupon_name = '" . oos_db_prepare_input($_POST['coupon_name'][$lang_id]) . "', coupon_description = '" . oos_db_prepare_input($_POST['coupon_desc'][$lang_id]) . "' WHERE coupon_id = '" . intval($coupon_id) . "' and coupon_languages_id = '" . intval($lang_id) . "'");
}
} else {
$query = oos_db_perform($oostable['coupons'], $sql_data_array);
$coupon_id = $dbconn->Insert_ID();
for ($i = 0, $n = count($languages); $i < $n; $i++) {
$lang_id = $languages[$i]['id'];
$sql_data_marray[$i]['coupon_id'] = $coupon_id;
$sql_data_marray[$i]['coupon_languages_id'] = $lang_id;
oos_db_perform($oostable['coupons_description'], $sql_data_marray[$i]);
}
}
}
oos_redirect_admin(oos_href_link_admin($aFilename['coupon_admin'], 'page=' . $_GET['page'] . '&cID=' . $coupon_id));
}
}
require 'includes/oos_header.php';
?>
<link rel="stylesheet" type="text/css" href="includes/javascript/spiffyCal/spiffyCal_v2_1.css">
<script language="JavaScript" src="includes/javascript/spiffyCal/spiffyCal_v2_1.js"></script>
<script language="javascript">
var dateAvailable = new ctlSpiffyCalendarBox("dateAvailable", "new_product", "products_date_available","btnDate1","<?php
echo $pInfo->products_date_available;
?>
",scBTNMODE_CUSTOMBLUE);
</script>
<div id="spiffycalendar" class="text"></div>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
}
}
if (isset($array_position)) {
array_splice($installed, $array_position, 0, $sInstance);
} else {
$installed[] = $sInstance;
}
}
} else {
$installed[] = $sInstance;
}
$configurationtable = $oostable['configuration'];
$dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . implode(';', $installed) . "' WHERE configuration_key = 'MODULE_PLUGIN_EVENT_INSTALLED'");
}
}
oos_redirect_admin(oos_href_link_admin($aFilename['plugins'], 'plugin=' . $_GET['plugin']));
break;
}
}
$sLocaleDir = OOS_ABSOLUTE_PATH . 'includes/plugins/';
$aDirectory = array();
if (is_dir($sLocaleDir)) {
if ($dh = opendir($sLocaleDir)) {
while (($file = readdir($dh)) !== false) {
if ($file == '.' || $file == '..' || $file == '.svn' || $file == 'default' || filetype($sLocaleDir . $file) == 'file') {
continue;
}
if (filetype(realpath($sLocaleDir . $file)) == 'dir') {
$aDirectory[] = $file;
}
}
}
}
$send_mail->Subject = $subject;
$send_mail->Body = $message;
$send_mail->AddAddress($_POST['email_to'], 'Friend');
$send_mail->Send();
$send_mail->ClearAddresses();
$send_mail->ClearAttachments();
// Now create the coupon email entry
$couponstable = $oostable['coupons'];
$insert_result = $dbconn->Execute("INSERT INTO {$couponstable} (coupon_code, coupon_type, coupon_amount, date_created) VALUES ('" . $id1 . "', 'G', '" . $_POST['amount'] . "', '" . date("Y-m-d H:i:s", time()) . "')");
$insert_id = $dbconn->Insert_ID();
$coupon_email_tracktable = $oostable['coupon_email_track'];
$insert_result = $dbconn->Execute("INSERT INTO {$coupon_email_tracktable} (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) VALUES ('" . $insert_id . "', '0', 'Admin', '" . $_POST['email_to'] . "', '" . date("Y-m-d H:i:s", time()) . "' )");
}
oos_redirect_admin(oos_href_link_admin($aFilename['gv_mail'], 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($action == 'preview' && !$_POST['customers_email_address'] && !$_POST['email_to']) {
$messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($action == 'preview' && !$_POST['amount']) {
$messageStack->add(ERROR_NO_AMOUNT_SELECTED, 'error');
}
if (isset($_GET['mail_sent_to'])) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
$no_js_general = true;
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
case 'update':
$expires_date = '';
if ($_POST['day'] && $_POST['month'] && $_POST['year']) {
$expires_date = $_POST['year'];
$expires_date .= strlen($_POST['month']) == 1 ? '0' . $_POST['month'] : $_POST['month'];
$expires_date .= strlen($_POST['day']) == 1 ? '0' . $_POST['day'] : $_POST['day'];
}
$featuredtable = $oostable['featured'];
$dbconn->Execute("UPDATE {$featuredtable} SET featured_last_modified = '" . date("Y-m-d H:i:s", time()) . "', expires_date = '" . $expires_date . "' WHERE featured_id = '" . $_POST['featured_id'] . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['featured'], 'page=' . $_GET['page'] . '&fID=' . $featured_id));
break;
case 'deleteconfirm':
$featured_id = oos_db_prepare_input($_GET['fID']);
$featuredtable = $oostable['featured'];
$dbconn->Execute("DELETE FROM {$featuredtable} WHERE featured_id = '" . oos_db_input($featured_id) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['featured'], 'page=' . $_GET['page']));
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
?>
">
<title><?php
case 'update':
$currency_result = $dbconn->Execute("SELECT currencies_id, code FROM " . $oostable['currencies']);
while ($currency = $currency_result->fields) {
$quote_function = 'quote_' . CURRENCY_SERVER_PRIMARY . '_currency';
$rate = $quote_function($currency['code']);
if (empty($rate) && oos_is_not_null(CURRENCY_SERVER_BACKUP)) {
$quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency';
$rate = $quote_function($currency['code']);
}
if (oos_is_not_null($rate)) {
$dbconn->Execute("UPDATE " . $oostable['currencies'] . " SET value = '" . $rate . "', last_updated = '" . date("Y-m-d H:i:s", time()) . "' WHERE currencies_id = '" . $currency['currencies_id'] . "'");
}
// Move that ADOdb pointer!
$currency_result->MoveNext();
}
oos_redirect_admin(oos_href_link_admin($aFilename['currencies'], 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'delete':
$currencies_id = oos_db_prepare_input($_GET['cID']);
$currency_result = $dbconn->Execute("SELECT code FROM " . $oostable['currencies'] . " WHERE currencies_id = '" . oos_db_input($currencies_id) . "'");
$currency = $currency_result->fields;
$remove_currency = true;
if ($currency['code'] == DEFAULT_CURRENCY) {
$remove_currency = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_CURRENCY, 'error');
}
break;
}
}
require 'includes/oos_header.php';
?>
}
// Changes by Guido END
if (isset($_POST['default']) && $_POST['default'] == 'on') {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '" . oos_db_input($customers_status_id) . "' WHERE configuration_key = 'DEFAULT_CUSTOMERS_STATUS_ID'");
}
oos_redirect_admin(oos_href_link_admin($aFilename['customers_status'], 'page=' . $_GET['page'] . '&cID=' . $customers_status_id));
break;
case 'deleteconfirm':
$cID = oos_db_prepare_input($_GET['cID']);
$customers_status_result = $dbconn->Execute("SELECT configuration_value FROM " . $oostable['configuration'] . " WHERE configuration_key = 'DEFAULT_CUSTOMERS_STATUS_ID'");
$customers_status = $customers_status_result->fields;
if ($customers_status['configuration_value'] == $cID) {
$dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_CUSTOMERS_STATUS_ID'");
}
$dbconn->Execute("DELETE FROM " . $oostable['customers_status'] . " WHERE customers_status_id = '" . oos_db_input($cID) . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['customers_status'], 'page=' . $_GET['page']));
break;
case 'delete':
$cID = oos_db_prepare_input($_GET['cID']);
$status_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers'] . " WHERE customers_status = '" . oos_db_input($cID) . "'");
$status = $status_result->fields;
$remove_status = true;
if ($cID == DEFAULT_CUSTOMERS_STATUS_ID || $cID == DEFAULT_CUSTOMERS_STATUS_ID_GUEST || $cID == DEFAULT_CUSTOMERS_STATUS_ID_NEWSLETTER) {
$remove_status = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_CUSTOMERS_STATUS, 'error');
} elseif ($status['count'] > 0) {
$remove_status = false;
$messageStack->add(ERROR_STATUS_USED_IN_CUSTOMERS, 'error');
} else {
$history_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers_status_history'] . " WHERE '" . oos_db_input($cID) . "' in (new_value, old_value)");
$history = $history_result->fields;
oos_redirect_admin(oos_href_link_admin($aFilename['modules'], 'set=' . $_GET['set'] . '&module=' . $_GET['module']));
break;
case 'install':
case 'remove':
$file_extension = substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.'));
$class = basename($_GET['module']);
if (file_exists($module_directory . $class . $file_extension)) {
include $module_directory . $class . $file_extension;
$module = new $class();
if ($action == 'install') {
$module->install();
} elseif ($action == 'remove') {
$module->remove();
}
}
oos_redirect_admin(oos_href_link_admin($aFilename['modules'], 'set=' . $_GET['set'] . '&module=' . $class));
break;
}
}
$no_js_general = true;
require 'includes/oos_header.php';
?>
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php
echo BOX_WIDTH;
?>
" valign="top"><table border="0" width="<?php
echo BOX_WIDTH;
?>
$products_attributes_downloadtable = $oostable['products_attributes_download'];
$dbconn->Execute("UPDATE $products_attributes_downloadtable
SET products_attributes_filename='" . $_POST['products_attributes_filename'] . "',
products_attributes_maxdays='" . $_POST['products_attributes_maxdays'] . "',
products_attributes_maxcount='" . $_POST['products_attributes_maxcount'] . "'
WHERE products_attributes_id = '" . $_POST['attribute_id'] . "'");
}
oos_redirect_admin(oos_href_link_admin($aFilename['products_edit_attributes'], $page_info));
break;
case 'delete_attribute':
$products_attributestable = $oostable['products_attributes'];
$dbconn->Execute("DELETE FROM $products_attributestable WHERE products_attributes_id = '" . $_GET['attribute_id'] . "'");
$products_attributes_downloadtable = $oostable['products_attributes_download'];
$dbconn->Execute("DELETE FROM $products_attributes_downloadtable WHERE products_attributes_id = '" . $_GET['attribute_id'] . "'");
oos_redirect_admin(oos_href_link_admin($aFilename['products_edit_attributes'], $page_info));
break;
}
}
$products_options_types_list = array();
$products_options_typestable = $oostable['products_options_types'];
$products_options_types_sql = "SELECT products_options_types_id, products_options_types_name
FROM $products_options_typestable
WHERE products_options_types_languages_id = '" . intval($_SESSION['language_id']) . "'
ORDER BY products_options_types_id";
$products_options_types_result = $dbconn->Execute($products_options_types_sql);
while ($products_options_type_array = $products_options_types_result->fields) {
$products_options_types_list[$products_options_type_array['products_options_types_id']] = $products_options_type_array['products_options_types_name'];
