// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_MANUFACTURERS) == 'overwrite_all')) {
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'insert':
case 'save':
if (isset($_GET['mID'])) {
$manufacturers_id = xos_db_prepare_input($_GET['mID']);
}
if ($action == 'insert') {
$sql_data_array = array('date_added' => 'now()');
xos_db_perform(TABLE_MANUFACTURERS, $sql_data_array);
$manufacturers_id = xos_db_insert_id();
} elseif ($action == 'save') {
$sql_data_array = array('last_modified' => 'now()');
xos_db_perform(TABLE_MANUFACTURERS, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "'");
}
if (!empty($_FILES['manufacturers_image']['name'])) {
$manufacturers_image = new upload('manufacturers_image', DIR_FS_CATALOG_IMAGES . 'manufacturers/', '777', array('jpg', 'jpeg', 'gif', 'png'));
if ($manufacturers_image->parse() && $manufacturers_image->save()) {
$duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($_POST['current_manufacturer_image']) . "'");
$duplicate_image = xos_db_fetch_array($duplicate_image_query);
if ($duplicate_image['total'] < 2 & !($_POST['current_manufacturer_image'] == $manufacturers_image->filename)) {
@unlink(DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $_POST['current_manufacturer_image']);
}
xos_db_query("update " . TABLE_MANUFACTURERS . " set manufacturers_image = '" . $manufacturers_image->filename . "' where manufacturers_id = '" . (int) $manufacturers_id . "'");
}
} elseif ($_POST['delete_manufacturer_image'] == 'true') {
if ($stock_values['products_quantity'] < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'");
$smarty->clearAllCache();
}
}
}
}
// Update products_ordered (for bestsellers list)
xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . xos_get_prid($order->products[$i]['id']) . "'");
$attributes_sting = null;
if (strpos($order->products[$i]['id'], '-') !== false) {
list($prid, $attributes_sting) = explode('-', $order->products[$i]['id']);
}
$sql_data_array = array('orders_id' => $insert_id, 'products_id' => xos_get_prid($order->products[$i]['id']), 'products_attributes_sting' => $attributes_sting, 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_p_unit' => $order->products[$i]['packaging_unit'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_price_text' => $order->products[$i]['price_formated'], 'final_price_text' => $order->products[$i]['final_price_formated'], 'total_price_text' => $order->products[$i]['total_price_formated'], 'products_tax' => $order->products[$i]['tax'], 'products_quantity' => $order->products[$i]['qty']);
xos_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
$order_products_id = xos_db_insert_id();
//------insert customer choosen option to order--------
$attributes_exist = '0';
$attributes_options_values_price = false;
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
$order_attributes_array = array();
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename \n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa \n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "' \n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' \n and pa.options_id = popt.products_options_id \n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' \n and pa.options_values_id = poval.products_options_values_id \n and popt.language_id = '" . $_SESSION['languages_id'] . "' \n and poval.language_id = '" . $_SESSION['languages_id'] . "'";
$attributes = xos_db_query($attributes_query);
} else {
$attributes = xos_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'");
}
$attributes_values = xos_db_fetch_array($attributes);
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $order->products[$i]['attributes'][$j]['price'], 'options_values_price_text' => $order->products[$i]['attributes'][$j]['price'] != 0 ? $order->products[$i]['attributes'][$j]['price_formated'] : '', 'price_prefix' => $attributes_values['price_prefix']);
$price_prefix = $_POST['price_prefix'] == '-' && $value_price > 0 ? '-' : '+';
$count_query = xos_db_query("select options_values_id, options_sort_order from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int) $products_id . "' and options_id = '" . (int) $options_id . "'");
$existing_option = false;
$existing_value = false;
$options_sort_order = 0;
while ($count = xos_db_fetch_array($count_query)) {
if ($count['options_values_id'] == $values_id) {
$existing_value = true;
}
$existing_option = true;
$options_sort_order = $count['options_sort_order'];
}
if (isset($_POST['values_id']) && !$existing_value) {
xos_db_query("insert into " . TABLE_PRODUCTS_ATTRIBUTES . " values (null, '" . (int) $products_id . "', '" . (int) $options_id . "', '" . (int) $values_id . "', '" . max(1, (int) $options_sort_order) . "', 1, '" . (double) xos_db_input($value_price) . "', '" . xos_db_input($price_prefix) . "')");
if (DOWNLOAD_ENABLED == 'true') {
$products_attributes_id = xos_db_insert_id();
$products_attributes_filename = xos_db_prepare_input($_POST['products_attributes_filename']);
$products_attributes_maxdays = xos_db_prepare_input($_POST['products_attributes_maxdays']);
$products_attributes_maxcount = xos_db_prepare_input($_POST['products_attributes_maxcount']);
if (xos_not_null($products_attributes_filename)) {
xos_db_query("insert into " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " values (" . (int) $products_attributes_id . ", '" . xos_db_input($products_attributes_filename) . "', '" . xos_db_input($products_attributes_maxdays) . "', '" . xos_db_input($products_attributes_maxcount) . "')");
}
}
if (!$existing_option) {
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '0', products_last_modified = now(), attributes_quantity = null, attributes_combinations = null, attributes_not_updated = null where products_id = '" . (int) $products_id . "'");
if (STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') {
xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $products_id . "'");
}
$smarty_cache_control->clearAllCache();
} else {
$attributes_query = xos_db_query("select attributes_combinations, attributes_not_updated from " . TABLE_PRODUCTS . " where products_id = '" . (int) $products_id . "'");
}
if (empty($newsletter_module)) {
$messageStack->add('header', ERROR_NEWSLETTER_MODULE, 'error');
$newsletter_error = true;
}
if ($newsletter_error == false) {
$sql_data_array = array('title' => $title, 'language_id' => $language_id, 'content_text_plain' => $content_text_plain, 'module' => $newsletter_module);
if (isset($content_text_htlm)) {
$sql_data_array['content_text_htlm'] = $content_text_htlm;
}
if ($action == 'insert') {
$sql_data_array['date_added'] = 'now()';
$sql_data_array['status'] = '0';
$sql_data_array['locked'] = '0';
xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array);
$newsletter_id = xos_db_insert_id();
} elseif ($action == 'update') {
xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array, 'update', "newsletters_id = '" . (int) $newsletter_id . "'");
}
xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'nID=' . $newsletter_id));
} else {
$action = 'new';
}
break;
case 'deleteconfirm':
$newsletter_id = xos_db_prepare_input($_GET['nID']);
xos_db_query("delete from " . TABLE_NEWSLETTERS . " where newsletters_id = '" . (int) $newsletter_id . "'");
xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page']));
break;
case 'send':
case 'confirm_send':
$symbol_left_array = $_POST['symbol_left'];
$symbol_right_array = $_POST['symbol_right'];
$decimal_point_array = $_POST['decimal_point'];
$thousands_point_array = $_POST['thousands_point'];
$code = xos_db_prepare_input($_POST['code']);
$decimal_places = xos_db_prepare_input($_POST['decimal_places']);
$value = xos_db_prepare_input($_POST['value']);
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('title' => xos_db_prepare_input(htmlspecialchars($title_array[$language_id])), 'code' => $code, 'symbol_left' => xos_db_prepare_input(htmlspecialchars($symbol_left_array[$language_id])), 'symbol_right' => xos_db_prepare_input(htmlspecialchars($symbol_right_array[$language_id])), 'decimal_point' => xos_db_prepare_input($decimal_point_array[$language_id]), 'thousands_point' => xos_db_prepare_input($thousands_point_array[$language_id]), 'decimal_places' => $decimal_places, 'value' => $value, 'last_updated' => 'now()');
if ($action == 'insert') {
$insert_sql_data = array('currencies_id' => (int) $currency_id, 'language_id' => (int) $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_CURRENCIES, $sql_data_array);
$currency_id = xos_db_insert_id();
} elseif ($action == 'save') {
xos_db_perform(TABLE_CURRENCIES, $sql_data_array, 'update', "currencies_id = '" . (int) $currency_id . "' and language_id = '" . (int) $language_id . "'");
}
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($code) . "' where configuration_key = 'DEFAULT_CURRENCY'");
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id));
break;
case 'deleteconfirm':
$currencies_id = xos_db_prepare_input($_GET['cID']);
$currency_query = xos_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . DEFAULT_CURRENCY . "'");
$currency = xos_db_fetch_array($currency_query);
if ($currency['currencies_id'] == $currencies_id) {
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$_SESSION['billto'] = xos_db_insert_id();
if (isset($_SESSION['payment'])) {
unset($_SESSION['payment']);
}
xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
// process the selected billing destination
} elseif (isset($_POST['address'])) {
$reset_payment = false;
if (isset($_SESSION['billto'])) {
if ($_SESSION['billto'] != $_POST['address']) {
if (isset($_SESSION['payment'])) {
$reset_payment = true;
}
}
}
}
break;
case 'group_new':
$admin_groups_name = ucwords(strtolower(xos_db_prepare_input($_POST['admin_groups_name'])));
$name_replace = preg_replace("/ /", "%", $admin_groups_name);
if ($admin_groups_name == '' || NULL || strlen($admin_groups_name) <= 5) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET[gID] . '&gName=false&action=new_group'));
} else {
$check_groups_name_query = xos_db_query("select admin_groups_name as group_name_new from " . TABLE_ADMIN_GROUPS . " where admin_groups_name like '%" . $name_replace . "%'");
$check_duplicate = xos_db_num_rows($check_groups_name_query);
if ($check_duplicate > 0) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET['gID'] . '&gName=used&action=new_group'));
} else {
$sql_data_array = array('admin_groups_name' => $admin_groups_name);
xos_db_perform(TABLE_ADMIN_GROUPS, $sql_data_array);
$admin_groups_id = xos_db_insert_id();
$set_groups_id = xos_db_prepare_input($_POST['set_groups_id']);
$add_group_id = $set_groups_id . ',\'' . $admin_groups_id . '\'';
xos_db_query("alter table " . TABLE_ADMIN_FILES . " change admin_groups_id admin_groups_id set( " . $add_group_id . ") NOT NULL DEFAULT '1' ");
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $admin_groups_id));
}
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require 'includes/account_check.js.php';
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&action=list&spage=' . $_GET['spage']));
break;
}
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'insert_zone':
$geo_zone_name = xos_db_prepare_input($_POST['geo_zone_name']);
$geo_zone_description = xos_db_prepare_input($_POST['geo_zone_description']);
$check_query = xos_db_query("select geo_zone_name from " . TABLE_GEO_ZONES . " where geo_zone_name = '" . xos_db_input($geo_zone_name) . "'");
if (xos_db_num_rows($check_query) || $geo_zone_name == '') {
xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&geo_zone_name=' . $geo_zone_name . '&geo_zone_description=' . $geo_zone_description . '&action=new_zone&error_name=' . $geo_zone_name));
}
xos_db_query("insert into " . TABLE_GEO_ZONES . " (geo_zone_name, geo_zone_description, date_added) values ('" . xos_db_input($geo_zone_name) . "', '" . xos_db_input($geo_zone_description) . "', now())");
$new_zone_id = xos_db_insert_id();
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id));
break;
case 'save_zone':
$zID = xos_db_prepare_input($_GET['zID']);
$geo_zone_name = xos_db_prepare_input($_POST['geo_zone_name']);
$actual_geo_zone_name = xos_db_prepare_input($_POST['actual_geo_zone_name']);
$geo_zone_description = xos_db_prepare_input($_POST['geo_zone_description']);
if (mb_strtolower($actual_geo_zone_name) != mb_strtolower($geo_zone_name)) {
$check_query = xos_db_query("select geo_zone_name from " . TABLE_GEO_ZONES . " where geo_zone_name = '" . xos_db_input($geo_zone_name) . "'");
if (xos_db_num_rows($check_query) || $geo_zone_name == '') {
xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&geo_zone_name=' . $geo_zone_name . '&geo_zone_description=' . $geo_zone_description . '&action=edit_zone&error_name=' . $geo_zone_name));
}
}
xos_db_query("update " . TABLE_GEO_ZONES . " set geo_zone_name = '" . xos_db_input($geo_zone_name) . "', geo_zone_description = '" . xos_db_input($geo_zone_description) . "', last_modified = now() where geo_zone_id = '" . (int) $zID . "'");
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_TAX_CLASSES) == 'overwrite_all')) {
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'insert':
$tax_class_title = xos_db_prepare_input($_POST['tax_class_title']);
$tax_class_description = xos_db_prepare_input($_POST['tax_class_description']);
$check_query = xos_db_query("select tax_class_title from " . TABLE_TAX_CLASS . " where tax_class_title = '" . xos_db_input($tax_class_title) . "'");
if (xos_db_num_rows($check_query) || $tax_class_title == '') {
xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $_GET['tID'] . '&tax_class_title=' . $tax_class_title . '&tax_class_description=' . $tax_class_description . '&action=new&error_title=' . $tax_class_title));
}
xos_db_query("insert into " . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . xos_db_input($tax_class_title) . "', '" . xos_db_input($tax_class_description) . "', now())");
$new_tax_class_id = xos_db_insert_id();
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $new_tax_class_id));
break;
case 'save':
$tax_class_id = xos_db_prepare_input($_GET['tID']);
$tax_class_title = xos_db_prepare_input($_POST['tax_class_title']);
$actual_tax_class_title = xos_db_prepare_input($_POST['actual_tax_class_title']);
$tax_class_description = xos_db_prepare_input($_POST['tax_class_description']);
if (mb_strtolower($actual_tax_class_title) != mb_strtolower($tax_class_title)) {
$check_query = xos_db_query("select tax_class_title from " . TABLE_TAX_CLASS . " where tax_class_title = '" . xos_db_input($tax_class_title) . "'");
if (xos_db_num_rows($check_query) || $tax_class_title == '') {
xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $_GET['tID'] . '&tax_class_title=' . $tax_class_title . '&tax_class_description=' . $tax_class_description . '&action=edit&error_title=' . $tax_class_title));
}
}
xos_db_query("update " . TABLE_TAX_CLASS . " set tax_class_id = '" . (int) $tax_class_id . "', tax_class_title = '" . xos_db_input($tax_class_title) . "', tax_class_description = '" . xos_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . (int) $tax_class_id . "'");
$banner_error = true;
}
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if (empty($banners_title[$languages[$i]['id']])) {
$messageStack->add('header', ERROR_BANNER_TITLE_REQUIRED, 'error');
$banner_error = true;
}
}
if ($banner_error == false) {
$sql_data_array = array('banners_group' => $banners_group);
if ($action == 'insert') {
$insert_sql_data = array('date_added' => 'now()', 'status' => '1');
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_BANNERS, $sql_data_array);
$banners_id = xos_db_insert_id();
$messageStack->add_session('header', SUCCESS_BANNER_INSERTED, 'success');
} elseif ($action == 'update') {
xos_db_perform(TABLE_BANNERS, $sql_data_array, 'update', "banners_id = '" . (int) $banners_id . "'");
$messageStack->add_session('header', SUCCESS_BANNER_UPDATED, 'success');
}
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if (!empty($_FILES['banners_image_' . $languages[$i]['id']]['name'])) {
$banners_image = new upload('banners_image_' . $languages[$i]['id'], DIR_FS_CATALOG_IMAGES . 'banners/', '777', array('jpg', 'jpeg', 'gif', 'png'));
if ($banners_image->parse() && $banners_image->save()) {
$duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_BANNERS_CONTENT . " where banners_image = '" . xos_db_input($current_banners_image[$languages[$i]['id']]) . "'");
$duplicate_image = xos_db_fetch_array($duplicate_image_query);
if ($duplicate_image['total'] < 2 & !($current_banners_image[$languages[$i]['id']] == $banners_image->filename)) {
@unlink(DIR_FS_CATALOG_IMAGES . 'banners/' . $current_banners_image[$languages[$i]['id']]);
}
}
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$_SESSION['sendto'] = xos_db_insert_id();
if (isset($_SESSION['shipping'])) {
unset($_SESSION['shipping']);
}
xos_redirect(xos_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}
// process the selected shipping destination
} elseif (isset($_POST['address'])) {
$reset_shipping = false;
if (isset($_SESSION['sendto'])) {
if ($_SESSION['sendto'] != $_POST['address']) {
if (isset($_SESSION['shipping'])) {
$reset_shipping = true;
}
}
}
$sort_order = xos_db_prepare_input($_POST['sort_order']);
$content_error = false;
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if (!xos_not_null($_POST['name'][$languages[$i]['id']])) {
$messageStack->add('header', ERROR_CONTENT_NAME, 'error');
$content_error = true;
}
}
if ($content_error == false) {
$sql_data_array = array('type' => $type, 'link_request_type' => $link_request_type, 'sort_order' => $sort_order);
if ($action == 'insert') {
$sql_data_array['status'] = '0';
$sql_data_array['date_added'] = 'now()';
xos_db_perform(TABLE_CONTENTS, $sql_data_array);
$content_id = xos_db_insert_id();
} elseif ($action == 'update') {
xos_set_content_status($content_id, $status, $type);
$sql_data_array['last_modified'] = 'now()';
xos_db_perform(TABLE_CONTENTS, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "'");
}
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$sql_data_array = array('name' => xos_db_prepare_input(htmlspecialchars_decode($_POST['name'][$languages[$i]['id']])), 'heading_title' => xos_db_prepare_input(htmlspecialchars($_POST['heading_title'][$languages[$i]['id']])), 'content' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace(' ', '', strip_tags(xos_db_prepare_input($_POST['content'][$languages[$i]['id']]), '<img>'))) != '' ? xos_db_prepare_input($_POST['content'][$languages[$i]['id']]) : ''), 'php_source' => xos_db_prepare_input($_POST['php_source'][$languages[$i]['id']]));
if ($action == 'insert') {
$sql_data_array['content_id'] = $content_id;
$sql_data_array['language_id'] = $languages[$i]['id'];
xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array);
} elseif ($action == 'update') {
xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "' and language_id = '" . (int) $languages[$i]['id'] . "'");
}
}
$tax_description_error = array();
$error_description = false;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$check_query = xos_db_query("select tax_description from " . TABLE_TAX_RATES_DESCRIPTION . " where language_id = '" . (int) $languages[$i]['id'] . "' and tax_description = '" . xos_db_input(htmlspecialchars($tax_description[$languages[$i]['id']])) . "'");
if (xos_db_num_rows($check_query) || $tax_description[$languages[$i]['id']] == '') {
$error_description = true;
$tax_description_error[$languages[$i]['id']] = $tax_description[$languages[$i]['id']];
}
}
if ($error_description) {
$tax_description_error_array = urlencode(serialize($tax_description_error));
$tax_description_array = urlencode(serialize($tax_description));
xos_redirect(xos_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $_GET['tID'] . '&tax_class_id=' . $tax_class_id . '&tax_description=' . $tax_description_array . '&tax_zone_id=' . $tax_zone_id . '&tax_rate=' . $tax_rate . '&tax_priority=' . $tax_priority . '&action=new&error_description=' . $tax_description_error_array));
} else {
xos_db_query("insert into " . TABLE_TAX_RATES . " (tax_zone_id, tax_class_id, tax_rate, tax_priority, date_added) values ('" . (int) $tax_zone_id . "', '" . (int) $tax_class_id . "', '" . xos_db_input($tax_rate) . "', '" . xos_db_input($tax_priority) . "', now())");
$new_tax_rates_id = xos_db_insert_id();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
xos_db_query("insert into " . TABLE_TAX_RATES_DESCRIPTION . " (tax_rates_id, language_id, tax_description) values ('" . (int) $new_tax_rates_id . "', '" . (int) $languages[$i]['id'] . "', '" . xos_db_input(htmlspecialchars($tax_description[$languages[$i]['id']])) . "')");
}
xos_update_table_tax_rates_final();
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $new_tax_rates_id));
}
break;
case 'save':
$tax_rates_id = xos_db_prepare_input($_GET['tID']);
$tax_zone_id = xos_db_prepare_input($_POST['tax_zone_id']);
$tax_class_id = xos_db_prepare_input($_POST['tax_class_id']);
$tax_description = xos_db_prepare_input($_POST['tax_description']);
$actual_tax_description = xos_db_prepare_input($_POST['actual_tax_description']);
$tax_rate = xos_db_prepare_input($_POST['tax_rate']);
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id > 0 ? (int) $zone_id : '0';
$_SESSION['customer_default_address_id'] = (int) $_GET['edit'];
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_default_address_id' => (int) $_GET['edit']);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
}
$messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success');
}
} else {
if (xos_count_customer_address_book_entries() < MAX_ADDRESS_BOOK_ENTRIES) {
$sql_data_array['customers_id'] = (int) $_SESSION['customer_id'];
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$new_address_book_id = xos_db_insert_id();
// reregister session variables
if (isset($_POST['primary']) && $_POST['primary'] == 'on') {
if (ACCOUNT_GENDER == 'true') {
$_SESSION['customer_gender'] = $gender;
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id > 0 ? (int) $zone_id : '0';
$_SESSION['customer_default_address_id'] = $new_address_book_id;
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
$sql_data_array['customers_default_address_id'] = $new_address_book_id;
$current_categories_or_pages_status = xos_db_prepare_input($_POST['current_categories_or_pages_status']);
$sql_data_array = array('link_request_type' => $link_request_type, 'sort_order' => (int) $sort_order, 'is_page' => 'true', 'page_not_in_menu' => (int) $page_not_in_menu, 'categories_or_pages_status' => (int) $categories_or_pages_status);
$languages = xos_get_languages();
$page_error = false;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if (!xos_not_null($_POST['categories_or_pages_name'][$languages[$i]['id']])) {
$messageStack->add('header', ERROR_PAGE_NAME, 'error');
$page_error = true;
}
}
if ($page_error == false) {
if ($action == 'insert_page') {
$insert_sql_data = array('parent_id' => $current_page_id, 'date_added' => 'now()');
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_CATEGORIES_OR_PAGES, $sql_data_array);
$categories_or_pages_id = xos_db_insert_id();
} elseif ($action == 'update_page') {
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = array_merge($sql_data_array, $update_sql_data);
xos_db_perform(TABLE_CATEGORIES_OR_PAGES, $sql_data_array, 'update', "categories_or_pages_id = '" . (int) $categories_or_pages_id . "'");
if ($categories_or_pages_status != $current_categories_or_pages_status) {
$tree = xos_get_page_tree($categories_or_pages_id);
for ($i = 1; $i < sizeof($tree); $i++) {
xos_db_query("update " . TABLE_CATEGORIES_OR_PAGES . " set categories_or_pages_status = '" . (int) $categories_or_pages_status . "', last_modified = now() where categories_or_pages_id = '" . $tree[$i]['id'] . "'");
}
}
}
$categories_or_pages_name_array = $_POST['categories_or_pages_name'];
$categories_or_pages_heading_title_array = $_POST['categories_or_pages_heading_title'];
$categories_or_pages_content_array = $_POST['categories_or_pages_content'];
$categories_or_pages_php_source_array = $_POST['categories_or_pages_php_source'];
$customer = xos_db_fetch_array($customer_query);
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$rating = xos_db_prepare_input($_POST['rating']);
$review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000));
$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
$error = true;
$messageStack->add('review', JS_REVIEW_TEXT);
}
if ($rating < 1 || $rating > 5) {
$error = true;
$messageStack->add('review', JS_REVIEW_RATING);
}
if ($error == false) {
xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())");
$insert_id = xos_db_insert_id();
xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')");
$smarty->clearCache(null, 'L3|cc_reviews');
$smarty->clearCache(null, 'L3|cc_product_reviews');
xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action', 'rmp')) . 'rmp=0'), false);
}
}
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_WRITE;
$site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params()));
$add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function checkForm() {' . "\n" . ' var error = 0;' . "\n" . ' var error_message = "' . JS_ERROR . '";' . "\n\n" . ' var review = document.product_reviews_write.review.value;' . "\n\n" . ' if (review.length < ' . REVIEW_TEXT_MIN_LENGTH . ') {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_TEXT . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {' . "\n" . ' } else {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_RATING . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
$products_prices = xos_get_product_prices($product_info['products_price']);
$products_tax_rate = xos_get_tax_rate($product_info['products_tax_class_id']);
$sql_data_array['entry_company_tax_id'] = $company_tax_id;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = xos_db_insert_id();
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $_SESSION['customer_id'] . "', '0', now())");
$check_subscriber_query = xos_db_query("select subscriber_id, newsletter_status from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "'");
if (xos_db_num_rows($check_subscriber_query)) {
$check_subscriber = xos_db_fetch_array($check_subscriber_query);
if ($newsletter == '1' && $check_subscriber['newsletter_status'] == '0') {
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "', newsletter_status = '" . xos_db_input($newsletter) . "', newsletter_status_change = now() where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'");
} else {
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "' where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'");
}
} else {
$identity_code = xos_create_random_value(12);
xos_db_query("insert into " . TABLE_NEWSLETTER_SUBSCRIBERS . " (customers_id, subscriber_language_id, subscriber_email_address, subscriber_identity_code, newsletter_status, subscriber_date_added) values ('" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($language_id) . "', '" . xos_db_input($email_address) . "', '" . $identity_code . "', '" . xos_db_input($newsletter) . "', now())");
}
if (SESSION_RECREATE == 'true') {
