// Released under the GNU General Public License //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_MANUFACTURERS) == 'overwrite_all')) { $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'insert': case 'save': if (isset($_GET['mID'])) { $manufacturers_id = xos_db_prepare_input($_GET['mID']); } if ($action == 'insert') { $sql_data_array = array('date_added' => 'now()'); xos_db_perform(TABLE_MANUFACTURERS, $sql_data_array); $manufacturers_id = xos_db_insert_id(); } elseif ($action == 'save') { $sql_data_array = array('last_modified' => 'now()'); xos_db_perform(TABLE_MANUFACTURERS, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "'"); } if (!empty($_FILES['manufacturers_image']['name'])) { $manufacturers_image = new upload('manufacturers_image', DIR_FS_CATALOG_IMAGES . 'manufacturers/', '777', array('jpg', 'jpeg', 'gif', 'png')); if ($manufacturers_image->parse() && $manufacturers_image->save()) { $duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($_POST['current_manufacturer_image']) . "'"); $duplicate_image = xos_db_fetch_array($duplicate_image_query); if ($duplicate_image['total'] < 2 & !($_POST['current_manufacturer_image'] == $manufacturers_image->filename)) { @unlink(DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $_POST['current_manufacturer_image']); } xos_db_query("update " . TABLE_MANUFACTURERS . " set manufacturers_image = '" . $manufacturers_image->filename . "' where manufacturers_id = '" . (int) $manufacturers_id . "'"); } } elseif ($_POST['delete_manufacturer_image'] == 'true') {
if ($stock_values['products_quantity'] < 1 && STOCK_ALLOW_CHECKOUT == 'false') { xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'"); $smarty->clearAllCache(); } } } } // Update products_ordered (for bestsellers list) xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . xos_get_prid($order->products[$i]['id']) . "'"); $attributes_sting = null; if (strpos($order->products[$i]['id'], '-') !== false) { list($prid, $attributes_sting) = explode('-', $order->products[$i]['id']); } $sql_data_array = array('orders_id' => $insert_id, 'products_id' => xos_get_prid($order->products[$i]['id']), 'products_attributes_sting' => $attributes_sting, 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_p_unit' => $order->products[$i]['packaging_unit'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_price_text' => $order->products[$i]['price_formated'], 'final_price_text' => $order->products[$i]['final_price_formated'], 'total_price_text' => $order->products[$i]['total_price_formated'], 'products_tax' => $order->products[$i]['tax'], 'products_quantity' => $order->products[$i]['qty']); xos_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array); $order_products_id = xos_db_insert_id(); //------insert customer choosen option to order-------- $attributes_exist = '0'; $attributes_options_values_price = false; if (isset($order->products[$i]['attributes'])) { $attributes_exist = '1'; $order_attributes_array = array(); for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) { if (DOWNLOAD_ENABLED == 'true') { $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename \n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa \n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "' \n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' \n and pa.options_id = popt.products_options_id \n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' \n and pa.options_values_id = poval.products_options_values_id \n and popt.language_id = '" . $_SESSION['languages_id'] . "' \n and poval.language_id = '" . $_SESSION['languages_id'] . "'"; $attributes = xos_db_query($attributes_query); } else { $attributes = xos_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'"); } $attributes_values = xos_db_fetch_array($attributes); $sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $order->products[$i]['attributes'][$j]['price'], 'options_values_price_text' => $order->products[$i]['attributes'][$j]['price'] != 0 ? $order->products[$i]['attributes'][$j]['price_formated'] : '', 'price_prefix' => $attributes_values['price_prefix']);
$price_prefix = $_POST['price_prefix'] == '-' && $value_price > 0 ? '-' : '+'; $count_query = xos_db_query("select options_values_id, options_sort_order from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int) $products_id . "' and options_id = '" . (int) $options_id . "'"); $existing_option = false; $existing_value = false; $options_sort_order = 0; while ($count = xos_db_fetch_array($count_query)) { if ($count['options_values_id'] == $values_id) { $existing_value = true; } $existing_option = true; $options_sort_order = $count['options_sort_order']; } if (isset($_POST['values_id']) && !$existing_value) { xos_db_query("insert into " . TABLE_PRODUCTS_ATTRIBUTES . " values (null, '" . (int) $products_id . "', '" . (int) $options_id . "', '" . (int) $values_id . "', '" . max(1, (int) $options_sort_order) . "', 1, '" . (double) xos_db_input($value_price) . "', '" . xos_db_input($price_prefix) . "')"); if (DOWNLOAD_ENABLED == 'true') { $products_attributes_id = xos_db_insert_id(); $products_attributes_filename = xos_db_prepare_input($_POST['products_attributes_filename']); $products_attributes_maxdays = xos_db_prepare_input($_POST['products_attributes_maxdays']); $products_attributes_maxcount = xos_db_prepare_input($_POST['products_attributes_maxcount']); if (xos_not_null($products_attributes_filename)) { xos_db_query("insert into " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " values (" . (int) $products_attributes_id . ", '" . xos_db_input($products_attributes_filename) . "', '" . xos_db_input($products_attributes_maxdays) . "', '" . xos_db_input($products_attributes_maxcount) . "')"); } } if (!$existing_option) { xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '0', products_last_modified = now(), attributes_quantity = null, attributes_combinations = null, attributes_not_updated = null where products_id = '" . (int) $products_id . "'"); if (STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') { xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $products_id . "'"); } $smarty_cache_control->clearAllCache(); } else { $attributes_query = xos_db_query("select attributes_combinations, attributes_not_updated from " . TABLE_PRODUCTS . " where products_id = '" . (int) $products_id . "'");
} if (empty($newsletter_module)) { $messageStack->add('header', ERROR_NEWSLETTER_MODULE, 'error'); $newsletter_error = true; } if ($newsletter_error == false) { $sql_data_array = array('title' => $title, 'language_id' => $language_id, 'content_text_plain' => $content_text_plain, 'module' => $newsletter_module); if (isset($content_text_htlm)) { $sql_data_array['content_text_htlm'] = $content_text_htlm; } if ($action == 'insert') { $sql_data_array['date_added'] = 'now()'; $sql_data_array['status'] = '0'; $sql_data_array['locked'] = '0'; xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array); $newsletter_id = xos_db_insert_id(); } elseif ($action == 'update') { xos_db_perform(TABLE_NEWSLETTERS, $sql_data_array, 'update', "newsletters_id = '" . (int) $newsletter_id . "'"); } xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'nID=' . $newsletter_id)); } else { $action = 'new'; } break; case 'deleteconfirm': $newsletter_id = xos_db_prepare_input($_GET['nID']); xos_db_query("delete from " . TABLE_NEWSLETTERS . " where newsletters_id = '" . (int) $newsletter_id . "'"); xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page'])); break; case 'send': case 'confirm_send':
$symbol_left_array = $_POST['symbol_left']; $symbol_right_array = $_POST['symbol_right']; $decimal_point_array = $_POST['decimal_point']; $thousands_point_array = $_POST['thousands_point']; $code = xos_db_prepare_input($_POST['code']); $decimal_places = xos_db_prepare_input($_POST['decimal_places']); $value = xos_db_prepare_input($_POST['value']); $languages = xos_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; $sql_data_array = array('title' => xos_db_prepare_input(htmlspecialchars($title_array[$language_id])), 'code' => $code, 'symbol_left' => xos_db_prepare_input(htmlspecialchars($symbol_left_array[$language_id])), 'symbol_right' => xos_db_prepare_input(htmlspecialchars($symbol_right_array[$language_id])), 'decimal_point' => xos_db_prepare_input($decimal_point_array[$language_id]), 'thousands_point' => xos_db_prepare_input($thousands_point_array[$language_id]), 'decimal_places' => $decimal_places, 'value' => $value, 'last_updated' => 'now()'); if ($action == 'insert') { $insert_sql_data = array('currencies_id' => (int) $currency_id, 'language_id' => (int) $language_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); xos_db_perform(TABLE_CURRENCIES, $sql_data_array); $currency_id = xos_db_insert_id(); } elseif ($action == 'save') { xos_db_perform(TABLE_CURRENCIES, $sql_data_array, 'update', "currencies_id = '" . (int) $currency_id . "' and language_id = '" . (int) $language_id . "'"); } } if (isset($_POST['default']) && $_POST['default'] == 'on') { xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($code) . "' where configuration_key = 'DEFAULT_CURRENCY'"); } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id)); break; case 'deleteconfirm': $currencies_id = xos_db_prepare_input($_GET['cID']); $currency_query = xos_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . DEFAULT_CURRENCY . "'"); $currency = xos_db_fetch_array($currency_query); if ($currency['currencies_id'] == $currencies_id) {
$sql_data_array['entry_company'] = $company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = $zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $_SESSION['billto'] = xos_db_insert_id(); if (isset($_SESSION['payment'])) { unset($_SESSION['payment']); } xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } // process the selected billing destination } elseif (isset($_POST['address'])) { $reset_payment = false; if (isset($_SESSION['billto'])) { if ($_SESSION['billto'] != $_POST['address']) { if (isset($_SESSION['payment'])) { $reset_payment = true; } } }
} break; case 'group_new': $admin_groups_name = ucwords(strtolower(xos_db_prepare_input($_POST['admin_groups_name']))); $name_replace = preg_replace("/ /", "%", $admin_groups_name); if ($admin_groups_name == '' || NULL || strlen($admin_groups_name) <= 5) { xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET[gID] . '&gName=false&action=new_group')); } else { $check_groups_name_query = xos_db_query("select admin_groups_name as group_name_new from " . TABLE_ADMIN_GROUPS . " where admin_groups_name like '%" . $name_replace . "%'"); $check_duplicate = xos_db_num_rows($check_groups_name_query); if ($check_duplicate > 0) { xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $_GET['gID'] . '&gName=used&action=new_group')); } else { $sql_data_array = array('admin_groups_name' => $admin_groups_name); xos_db_perform(TABLE_ADMIN_GROUPS, $sql_data_array); $admin_groups_id = xos_db_insert_id(); $set_groups_id = xos_db_prepare_input($_POST['set_groups_id']); $add_group_id = $set_groups_id . ',\'' . $admin_groups_id . '\''; xos_db_query("alter table " . TABLE_ADMIN_FILES . " change admin_groups_id admin_groups_id set( " . $add_group_id . ") NOT NULL DEFAULT '1' "); xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'gID=' . $admin_groups_id)); } } break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require 'includes/account_check.js.php'; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php';
xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&action=list&spage=' . $_GET['spage'])); break; } } $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'insert_zone': $geo_zone_name = xos_db_prepare_input($_POST['geo_zone_name']); $geo_zone_description = xos_db_prepare_input($_POST['geo_zone_description']); $check_query = xos_db_query("select geo_zone_name from " . TABLE_GEO_ZONES . " where geo_zone_name = '" . xos_db_input($geo_zone_name) . "'"); if (xos_db_num_rows($check_query) || $geo_zone_name == '') { xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&geo_zone_name=' . $geo_zone_name . '&geo_zone_description=' . $geo_zone_description . '&action=new_zone&error_name=' . $geo_zone_name)); } xos_db_query("insert into " . TABLE_GEO_ZONES . " (geo_zone_name, geo_zone_description, date_added) values ('" . xos_db_input($geo_zone_name) . "', '" . xos_db_input($geo_zone_description) . "', now())"); $new_zone_id = xos_db_insert_id(); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id)); break; case 'save_zone': $zID = xos_db_prepare_input($_GET['zID']); $geo_zone_name = xos_db_prepare_input($_POST['geo_zone_name']); $actual_geo_zone_name = xos_db_prepare_input($_POST['actual_geo_zone_name']); $geo_zone_description = xos_db_prepare_input($_POST['geo_zone_description']); if (mb_strtolower($actual_geo_zone_name) != mb_strtolower($geo_zone_name)) { $check_query = xos_db_query("select geo_zone_name from " . TABLE_GEO_ZONES . " where geo_zone_name = '" . xos_db_input($geo_zone_name) . "'"); if (xos_db_num_rows($check_query) || $geo_zone_name == '') { xos_redirect(xos_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID'] . '&geo_zone_name=' . $geo_zone_name . '&geo_zone_description=' . $geo_zone_description . '&action=edit_zone&error_name=' . $geo_zone_name)); } } xos_db_query("update " . TABLE_GEO_ZONES . " set geo_zone_name = '" . xos_db_input($geo_zone_name) . "', geo_zone_description = '" . xos_db_input($geo_zone_description) . "', last_modified = now() where geo_zone_id = '" . (int) $zID . "'");
// Released under the GNU General Public License //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_TAX_CLASSES) == 'overwrite_all')) { $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'insert': $tax_class_title = xos_db_prepare_input($_POST['tax_class_title']); $tax_class_description = xos_db_prepare_input($_POST['tax_class_description']); $check_query = xos_db_query("select tax_class_title from " . TABLE_TAX_CLASS . " where tax_class_title = '" . xos_db_input($tax_class_title) . "'"); if (xos_db_num_rows($check_query) || $tax_class_title == '') { xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $_GET['tID'] . '&tax_class_title=' . $tax_class_title . '&tax_class_description=' . $tax_class_description . '&action=new&error_title=' . $tax_class_title)); } xos_db_query("insert into " . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . xos_db_input($tax_class_title) . "', '" . xos_db_input($tax_class_description) . "', now())"); $new_tax_class_id = xos_db_insert_id(); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $new_tax_class_id)); break; case 'save': $tax_class_id = xos_db_prepare_input($_GET['tID']); $tax_class_title = xos_db_prepare_input($_POST['tax_class_title']); $actual_tax_class_title = xos_db_prepare_input($_POST['actual_tax_class_title']); $tax_class_description = xos_db_prepare_input($_POST['tax_class_description']); if (mb_strtolower($actual_tax_class_title) != mb_strtolower($tax_class_title)) { $check_query = xos_db_query("select tax_class_title from " . TABLE_TAX_CLASS . " where tax_class_title = '" . xos_db_input($tax_class_title) . "'"); if (xos_db_num_rows($check_query) || $tax_class_title == '') { xos_redirect(xos_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $_GET['tID'] . '&tax_class_title=' . $tax_class_title . '&tax_class_description=' . $tax_class_description . '&action=edit&error_title=' . $tax_class_title)); } } xos_db_query("update " . TABLE_TAX_CLASS . " set tax_class_id = '" . (int) $tax_class_id . "', tax_class_title = '" . xos_db_input($tax_class_title) . "', tax_class_description = '" . xos_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . (int) $tax_class_id . "'");
$banner_error = true; } $languages = xos_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if (empty($banners_title[$languages[$i]['id']])) { $messageStack->add('header', ERROR_BANNER_TITLE_REQUIRED, 'error'); $banner_error = true; } } if ($banner_error == false) { $sql_data_array = array('banners_group' => $banners_group); if ($action == 'insert') { $insert_sql_data = array('date_added' => 'now()', 'status' => '1'); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); xos_db_perform(TABLE_BANNERS, $sql_data_array); $banners_id = xos_db_insert_id(); $messageStack->add_session('header', SUCCESS_BANNER_INSERTED, 'success'); } elseif ($action == 'update') { xos_db_perform(TABLE_BANNERS, $sql_data_array, 'update', "banners_id = '" . (int) $banners_id . "'"); $messageStack->add_session('header', SUCCESS_BANNER_UPDATED, 'success'); } for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if (!empty($_FILES['banners_image_' . $languages[$i]['id']]['name'])) { $banners_image = new upload('banners_image_' . $languages[$i]['id'], DIR_FS_CATALOG_IMAGES . 'banners/', '777', array('jpg', 'jpeg', 'gif', 'png')); if ($banners_image->parse() && $banners_image->save()) { $duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_BANNERS_CONTENT . " where banners_image = '" . xos_db_input($current_banners_image[$languages[$i]['id']]) . "'"); $duplicate_image = xos_db_fetch_array($duplicate_image_query); if ($duplicate_image['total'] < 2 & !($current_banners_image[$languages[$i]['id']] == $banners_image->filename)) { @unlink(DIR_FS_CATALOG_IMAGES . 'banners/' . $current_banners_image[$languages[$i]['id']]); } }
$sql_data_array['entry_company'] = $company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = $zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $_SESSION['sendto'] = xos_db_insert_id(); if (isset($_SESSION['shipping'])) { unset($_SESSION['shipping']); } xos_redirect(xos_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); } // process the selected shipping destination } elseif (isset($_POST['address'])) { $reset_shipping = false; if (isset($_SESSION['sendto'])) { if ($_SESSION['sendto'] != $_POST['address']) { if (isset($_SESSION['shipping'])) { $reset_shipping = true; } } }
$sort_order = xos_db_prepare_input($_POST['sort_order']); $content_error = false; $languages = xos_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if (!xos_not_null($_POST['name'][$languages[$i]['id']])) { $messageStack->add('header', ERROR_CONTENT_NAME, 'error'); $content_error = true; } } if ($content_error == false) { $sql_data_array = array('type' => $type, 'link_request_type' => $link_request_type, 'sort_order' => $sort_order); if ($action == 'insert') { $sql_data_array['status'] = '0'; $sql_data_array['date_added'] = 'now()'; xos_db_perform(TABLE_CONTENTS, $sql_data_array); $content_id = xos_db_insert_id(); } elseif ($action == 'update') { xos_set_content_status($content_id, $status, $type); $sql_data_array['last_modified'] = 'now()'; xos_db_perform(TABLE_CONTENTS, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "'"); } for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $sql_data_array = array('name' => xos_db_prepare_input(htmlspecialchars_decode($_POST['name'][$languages[$i]['id']])), 'heading_title' => xos_db_prepare_input(htmlspecialchars($_POST['heading_title'][$languages[$i]['id']])), 'content' => preg_replace_callback(array('#href=\\"?(([^\\" >]*?)(\\.php)([^\\" >]*?))#siU', '#href=\\"?(([^\\" >]*?)(\\.html/[a-r])([^\\" >]*?))#siU'), 'internal_link_replacement', trim(str_replace(' ', '', strip_tags(xos_db_prepare_input($_POST['content'][$languages[$i]['id']]), '<img>'))) != '' ? xos_db_prepare_input($_POST['content'][$languages[$i]['id']]) : ''), 'php_source' => xos_db_prepare_input($_POST['php_source'][$languages[$i]['id']])); if ($action == 'insert') { $sql_data_array['content_id'] = $content_id; $sql_data_array['language_id'] = $languages[$i]['id']; xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array); } elseif ($action == 'update') { xos_db_perform(TABLE_CONTENTS_DATA, $sql_data_array, 'update', "content_id = '" . (int) $content_id . "' and language_id = '" . (int) $languages[$i]['id'] . "'"); } }
$tax_description_error = array(); $error_description = false; for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $check_query = xos_db_query("select tax_description from " . TABLE_TAX_RATES_DESCRIPTION . " where language_id = '" . (int) $languages[$i]['id'] . "' and tax_description = '" . xos_db_input(htmlspecialchars($tax_description[$languages[$i]['id']])) . "'"); if (xos_db_num_rows($check_query) || $tax_description[$languages[$i]['id']] == '') { $error_description = true; $tax_description_error[$languages[$i]['id']] = $tax_description[$languages[$i]['id']]; } } if ($error_description) { $tax_description_error_array = urlencode(serialize($tax_description_error)); $tax_description_array = urlencode(serialize($tax_description)); xos_redirect(xos_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $_GET['tID'] . '&tax_class_id=' . $tax_class_id . '&tax_description=' . $tax_description_array . '&tax_zone_id=' . $tax_zone_id . '&tax_rate=' . $tax_rate . '&tax_priority=' . $tax_priority . '&action=new&error_description=' . $tax_description_error_array)); } else { xos_db_query("insert into " . TABLE_TAX_RATES . " (tax_zone_id, tax_class_id, tax_rate, tax_priority, date_added) values ('" . (int) $tax_zone_id . "', '" . (int) $tax_class_id . "', '" . xos_db_input($tax_rate) . "', '" . xos_db_input($tax_priority) . "', now())"); $new_tax_rates_id = xos_db_insert_id(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { xos_db_query("insert into " . TABLE_TAX_RATES_DESCRIPTION . " (tax_rates_id, language_id, tax_description) values ('" . (int) $new_tax_rates_id . "', '" . (int) $languages[$i]['id'] . "', '" . xos_db_input(htmlspecialchars($tax_description[$languages[$i]['id']])) . "')"); } xos_update_table_tax_rates_final(); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $new_tax_rates_id)); } break; case 'save': $tax_rates_id = xos_db_prepare_input($_GET['tID']); $tax_zone_id = xos_db_prepare_input($_POST['tax_zone_id']); $tax_class_id = xos_db_prepare_input($_POST['tax_class_id']); $tax_description = xos_db_prepare_input($_POST['tax_description']); $actual_tax_description = xos_db_prepare_input($_POST['actual_tax_description']); $tax_rate = xos_db_prepare_input($_POST['tax_rate']);
$_SESSION['customer_country_id'] = $country; $_SESSION['customer_zone_id'] = $zone_id > 0 ? (int) $zone_id : '0'; $_SESSION['customer_default_address_id'] = (int) $_GET['edit']; $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_default_address_id' => (int) $_GET['edit']); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'"); } $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success'); } } else { if (xos_count_customer_address_book_entries() < MAX_ADDRESS_BOOK_ENTRIES) { $sql_data_array['customers_id'] = (int) $_SESSION['customer_id']; xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $new_address_book_id = xos_db_insert_id(); // reregister session variables if (isset($_POST['primary']) && $_POST['primary'] == 'on') { if (ACCOUNT_GENDER == 'true') { $_SESSION['customer_gender'] = $gender; } $_SESSION['customer_first_name'] = $firstname; $_SESSION['customer_lastname'] = $lastname; $_SESSION['customer_country_id'] = $country; $_SESSION['customer_zone_id'] = $zone_id > 0 ? (int) $zone_id : '0'; $_SESSION['customer_default_address_id'] = $new_address_book_id; $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } $sql_data_array['customers_default_address_id'] = $new_address_book_id;
$current_categories_or_pages_status = xos_db_prepare_input($_POST['current_categories_or_pages_status']); $sql_data_array = array('link_request_type' => $link_request_type, 'sort_order' => (int) $sort_order, 'is_page' => 'true', 'page_not_in_menu' => (int) $page_not_in_menu, 'categories_or_pages_status' => (int) $categories_or_pages_status); $languages = xos_get_languages(); $page_error = false; for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if (!xos_not_null($_POST['categories_or_pages_name'][$languages[$i]['id']])) { $messageStack->add('header', ERROR_PAGE_NAME, 'error'); $page_error = true; } } if ($page_error == false) { if ($action == 'insert_page') { $insert_sql_data = array('parent_id' => $current_page_id, 'date_added' => 'now()'); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); xos_db_perform(TABLE_CATEGORIES_OR_PAGES, $sql_data_array); $categories_or_pages_id = xos_db_insert_id(); } elseif ($action == 'update_page') { $update_sql_data = array('last_modified' => 'now()'); $sql_data_array = array_merge($sql_data_array, $update_sql_data); xos_db_perform(TABLE_CATEGORIES_OR_PAGES, $sql_data_array, 'update', "categories_or_pages_id = '" . (int) $categories_or_pages_id . "'"); if ($categories_or_pages_status != $current_categories_or_pages_status) { $tree = xos_get_page_tree($categories_or_pages_id); for ($i = 1; $i < sizeof($tree); $i++) { xos_db_query("update " . TABLE_CATEGORIES_OR_PAGES . " set categories_or_pages_status = '" . (int) $categories_or_pages_status . "', last_modified = now() where categories_or_pages_id = '" . $tree[$i]['id'] . "'"); } } } $categories_or_pages_name_array = $_POST['categories_or_pages_name']; $categories_or_pages_heading_title_array = $_POST['categories_or_pages_heading_title']; $categories_or_pages_content_array = $_POST['categories_or_pages_content']; $categories_or_pages_php_source_array = $_POST['categories_or_pages_php_source'];
$customer = xos_db_fetch_array($customer_query); if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $rating = xos_db_prepare_input($_POST['rating']); $review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000)); $error = false; if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) { $error = true; $messageStack->add('review', JS_REVIEW_TEXT); } if ($rating < 1 || $rating > 5) { $error = true; $messageStack->add('review', JS_REVIEW_RATING); } if ($error == false) { xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())"); $insert_id = xos_db_insert_id(); xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')"); $smarty->clearCache(null, 'L3|cc_reviews'); $smarty->clearCache(null, 'L3|cc_product_reviews'); xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action', 'rmp')) . 'rmp=0'), false); } } require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_WRITE; $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params())); $add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function checkForm() {' . "\n" . ' var error = 0;' . "\n" . ' var error_message = "' . JS_ERROR . '";' . "\n\n" . ' var review = document.product_reviews_write.review.value;' . "\n\n" . ' if (review.length < ' . REVIEW_TEXT_MIN_LENGTH . ') {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_TEXT . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {' . "\n" . ' } else {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_RATING . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php'; $products_prices = xos_get_product_prices($product_info['products_price']); $products_tax_rate = xos_get_tax_rate($product_info['products_tax_class_id']);
$sql_data_array['entry_company_tax_id'] = $company_tax_id; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = $zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $address_id = xos_db_insert_id(); xos_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $_SESSION['customer_id'] . "', '0', now())"); $check_subscriber_query = xos_db_query("select subscriber_id, newsletter_status from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "'"); if (xos_db_num_rows($check_subscriber_query)) { $check_subscriber = xos_db_fetch_array($check_subscriber_query); if ($newsletter == '1' && $check_subscriber['newsletter_status'] == '0') { xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "', newsletter_status = '" . xos_db_input($newsletter) . "', newsletter_status_change = now() where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'"); } else { xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "' where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'"); } } else { $identity_code = xos_create_random_value(12); xos_db_query("insert into " . TABLE_NEWSLETTER_SUBSCRIBERS . " (customers_id, subscriber_language_id, subscriber_email_address, subscriber_identity_code, newsletter_status, subscriber_date_added) values ('" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($language_id) . "', '" . xos_db_input($email_address) . "', '" . $identity_code . "', '" . xos_db_input($newsletter) . "', now())"); } if (SESSION_RECREATE == 'true') {