/**
* Validates the Input Parameters onBeforeModuleUpdate
*
* @param array $d
* @return boolean
*/
function validate_update(&$d)
{
global $vmLogger, $VM_LANG;
if (empty($d['module_name'])) {
$vmLogger->err($VM_LANG->_('VM_MODULE_ERR_NAME'));
return False;
} else {
$db = new ps_DB();
$q = "SELECT COUNT(*) AS rowcnt FROM #__{vm}_module WHERE module_name='" . $db->getEscaped($d['module_name']) . "' AND module_id <> " . (int) $d['module_id'];
$db->query($q);
$db->next_record();
if ($db->f("rowcnt") > 0) {
$vmLogger->err($VM_LANG->_('VM_MODULE_ERR_EXISTS'));
return False;
}
}
if (empty($d['module_perms'])) {
$vmLogger->err($VM_LANG->_('VM_MODULE_ERR_PERMS'));
return false;
}
if (empty($d['list_order'])) {
$d['list_order'] = "99";
}
return True;
}
/**
* Validates the Input Parameters onBeforeShopperGroupAdd
*
* @param array $d
* @return boolean
*/
function validate_add(&$d)
{
global $VM_LANG;
$db = new ps_DB();
$ps_vendor_id = $_SESSION["ps_vendor_id"];
if (empty($d["shopper_group_name"])) {
$GLOBALS['vmLogger']->err($VM_LANG->_('SHOPPER_GROUP_MISSING_NAME'));
return False;
} else {
$q = "SELECT COUNT(*) as num_rows FROM #__{vm}_shopper_group";
$q .= " WHERE shopper_group_name='" . $db->getEscaped(vmGet($d, 'shopper_group_name')) . "'";
$q .= " AND vendor_id='" . $ps_vendor_id . "'";
$db->query($q);
$db->next_record();
if ($db->f("num_rows") > 0) {
$GLOBALS['vmLogger']->err($VM_LANG->_('SHOPPER_GROUP_ALREADY_EXISTS'));
return False;
}
}
if (empty($d["shopper_group_discount"])) {
$d["shopper_group_discount"] = 0;
}
$d["show_price_including_tax"] = isset($d["show_price_including_tax"]) ? $d["show_price_including_tax"] : 0;
return True;
}
function validate_update(&$d)
{
global $VM_LANG;
if (!$this->validate($d)) {
return false;
}
$db = $this->get(intval($d["order_status_id"]));
if ($db->f('order_status_code')) {
$order_status_code = $db->f('order_status_code');
// Check if the Order Status Code of protected Order Statuses is to be changed
if (in_array($order_status_code, $this->_protected_status_codes) && $order_status_code != $d["order_status_code"]) {
$vmLogger->err($VM_LANG->_('VM_ORDERSTATUS_CHANGE_ERR_CORE'));
return False;
}
if ($order_status_code != $d["order_status_code"]) {
// If the order Status Code has changed, we need to update all orders with this order status to use the new Status Code
$dbo = new ps_DB();
$dbo->query('UPDATE #__{vm}_orders SET
order_status=\'' . $dbo->getEscaped($d["order_status_code"]) . '\'
WHERE order_status=\'' . $order_status_code . '\'');
}
return true;
} else {
return false;
}
}
/**
* Validates the input parameters onCountryAdd
*
* @param array $d
* @return boolean
*/
function validate_add($d)
{
global $vmLogger;
$db = new ps_DB();
if (!$d["country_name"]) {
$vmLogger->err("You must enter a name for the country.");
return False;
}
if (!$d["country_2_code"]) {
$vmLogger->err("You must enter a 2 symbol code for the country.");
return False;
}
if (!$d["country_3_code"]) {
$vmLogger->err('You must enter a 3 symbol code for the country.');
return False;
}
if ($d["country_name"]) {
$q = "SELECT count(*) as rowcnt from #__{vm}_country where";
$q .= " country_name='" . $db->getEscaped($d["country_name"]) . "'";
$db->query($q);
$db->next_record();
if ($db->f("rowcnt") > 0) {
$vmLogger->err("The given country name already exists.");
return False;
}
}
return True;
}
function validateOnSave(&$d)
{
global $vmLogger, $VM_LANG;
/*
if( !$this->validate($d)) {
return false;
}*/
switch ($d['type']) {
case 'date':
$d['cType'] = 'DATE';
break;
case 'editorta':
case 'textarea':
case 'multiselect':
case 'multicheckbox':
$d['cType'] = 'MEDIUMTEXT';
break;
case 'letterman_subscription':
case 'yanc_subscription':
case 'anjel_subscription':
case 'ccnewsletter_subscription':
// Set params =
$d['params'] = 'newsletter=' . substr($d['type'], 0, strpos($d['type'], '_')) . "\n";
$d['type'] = 'checkbox';
case 'checkbox':
$d['cType'] = 'TINYINT';
break;
case 'euvatid':
$d['params'] = 'shopper_group_id=' . $d['shopper_group_id'] . "\n";
$d['cType'] = 'VARCHAR(255)';
break;
case 'age_verification':
$d['params'] = 'minimum_age=' . (int) $d['minimum_age'] . "\n";
default:
$d['cType'] = 'VARCHAR(255)';
break;
}
$db = new ps_DB();
$sql = "SELECT COUNT(*) as num_rows FROM `#__{vm}_userfield` WHERE name='" . $db->getEscaped($d['name']) . "'";
if (!empty($d['fieldid'])) {
$sql .= ' AND fieldid != ' . intval($d['fieldid']);
}
$db->query($sql);
$db->next_record();
if ($db->f('num_rows')) {
$vmLogger->err(sprintf($VM_LANG->_('VM_USERFIELD_ERR_ALREADY'), $d['name']));
return false;
}
return true;
}
/**
* Validates the input parameters onBeforeCreditCardAdd
*
* @param array $d
* @return boolean
*/
function validate_add($d)
{
global $vmLogger, $VM_LANG;
$db = new ps_DB();
if (!$d["creditcard_name"]) {
$vmLogger->err($VM_LANG->_('VM_CREDITCARD_ERR_NAME'));
return False;
}
if (!$d["creditcard_code"]) {
$vmLogger->err($VM_LANG->_('VM_CREDITCARD_ERR_CODE'));
return False;
}
$q = "SELECT count(*) as rowcnt FROM `#__{vm}_creditcard` WHERE";
$q .= " creditcard_name='" . $db->getEscaped($d["creditcard_name"]) . "' OR ";
$q .= " creditcard_code='" . $db->getEscaped($d["creditcard_code"]) . "'";
$db->query($q);
$db->next_record();
if ($db->f("rowcnt") > 0) {
$vmLogger->err($VM_LANG->_('VM_CREDITCARD_EXISTS'));
return False;
}
return True;
}
/**
* Retrieves a record with the specified ID from the table associated with this entitiy type
* In case of success, returns a ps_DB object with a prepared recordset
* In case of failure returns false
* @param mixed $id
* @return mixed
*/
function get($id)
{
$key = $this->getKey();
$table = $this->getTable();
$db = new ps_DB();
if (!empty($id)) {
$query = 'SELECT * FROM `' . $table . '` WHERE `' . $key . '`=';
if (is_numeric($id)) {
$query .= (int) $id;
} else {
$query .= '\'' . $db->getEscaped($id) . '\'';
}
$db->query($query);
$db->next_record();
}
return $db;
}
/**
* Validate the Input Parameters onBeforeManufacturerCategoryAdd
*
* @param array $d
* @return boolean
*/
function validate_add($d)
{
global $VM_LANG;
$db = new ps_DB();
if (!$d["mf_category_name"]) {
$GLOBALS['vmLogger']->err($VM_LANG->_('VM_MANUF_CAT_ERR_NAME'));
return False;
} else {
$q = "SELECT count(*) as rowcnt from #__{vm}_manufacturer_category where";
$q .= " mf_category_name='" . $db->getEscaped($d["mf_category_name"]) . "'";
$db->query($q);
$db->next_record();
if ($db->f("rowcnt") > 0) {
$GLOBALS['vmLogger']->err($VM_LANG->_('VM_MANUF_CAT_ERR_EXISTS'));
return False;
}
}
return True;
}
/**
* Validates the Input Parameters onBeforeShopperGroupAdd
*
* @param array $d
* @return boolean
*/
function validate_add(&$d)
{
$db = new ps_DB();
$ps_vendor_id = $_SESSION["ps_vendor_id"];
if (empty($d["shopper_group_name"])) {
$GLOBALS['vmLogger']->err('You must enter a shopper group name.');
return False;
} else {
$q = "SELECT COUNT(*) as num_rows FROM #__{vm}_shopper_group";
$q .= " WHERE shopper_group_name='" . $db->getEscaped(vmGet($d, 'shopper_group_name')) . "'";
$q .= " AND vendor_id='" . $ps_vendor_id . "'";
$db->query($q);
$db->next_record();
if ($db->f("num_rows") > 0) {
$GLOBALS['vmLogger']->err('Shopper group already exists for this vendor.');
return False;
}
}
if (empty($d["shopper_group_discount"])) {
$d["shopper_group_discount"] = 0;
}
$d["show_price_including_tax"] = isset($d["show_price_including_tax"]) ? $d["show_price_including_tax"] : 0;
return True;
}
/**
* Gets the username from joomla if there is one associated to the paypal express payerID
* @param string $payerID
* @return string, False on failure
*/
function ppex_getUsername($payerID)
{
global $vmLogger;
if (empty($payerID)) {
$vmLogger->debug("Error: No PayerID Given");
return false;
}
$db = new ps_DB();
$dbb = new ps_DB();
$q = "SELECT * FROM #__{vm}_user_info WHERE extra_field_3 = '" . $db->getEscaped($payerID) . "' ORDER by mdate DESC";
$db->query($q);
if ($db->num_rows() > 0) {
while ($db->next_record()) {
$uid = $db->f('user_id');
//Now lets try and see if the uid has a real username with joomla
$q2 = "SELECT * FROM #__users WHERE `id` = '" . $db->getEscaped($uid) . "'";
$dbb->query($q2);
if ($dbb->num_rows() > 0) {
$dbb->next_record();
$username = $dbb->f('username');
if (!empty($username)) {
return $username;
}
}
}
}
return false;
}
/**
* Updates a Shipping Adress for the specified user info ID
*
* @param array $d
* @return boolean
*/
function update(&$d)
{
global $perm, $VM_LANG;
require_once CLASSPATH . 'ps_userfield.php';
$db = new ps_DB();
$timestamp = time();
if (!$this->validate_update($d)) {
return false;
}
// Get all fields which where shown to the user
$shippingFields = ps_userfield::getUserFields('shipping', false, '', true);
$skip_fields = ps_userfield::getSkipFields();
foreach ($shippingFields as $userField) {
if (!in_array($userField->name, $skip_fields)) {
$fields[$userField->name] = ps_userfield::prepareFieldDataSave($userField->type, $userField->name, vmGet($d, $userField->name, strtoupper($userField->name)));
}
}
// These are pre-defined fields.
$fields['user_id'] = !$perm->check("admin,storeadmin") ? $_SESSION['auth']['user_id'] : (int) $d["user_id"];
$fields['address_type'] = 'ST';
$fields['mdate'] = time();
$db->buildQuery('UPDATE', '#__{vm}_user_info', $fields, "WHERE user_info_id='" . $db->getEscaped($d["user_info_id"]) . "'" . (!$perm->check("admin,storeadmin") ? " AND user_id=" . $_SESSION['auth']['user_id'] : ''));
if ($db->query() === false) {
$GLOBALS['vmLogger']->err($VM_LANG->_('VM_USERADDRESS_UPDATED_FAILED'));
return false;
}
$GLOBALS['vmLogger']->info($VM_LANG->_('VM_USERADDRESS_UPDATED'));
vmRequest::setVar('ship_to_info_id', $d['user_info_id']);
return true;
}
/**
* Handles a download Request
*
* @param array $d
* @return boolean
*/
function download_request(&$d)
{
global $download_id, $VM_LANG, $vmLogger;
$db = new ps_DB();
$download_id = $db->getEscaped(vmGet($d, "download_id"));
$q = "SELECT * FROM #__{vm}_product_download WHERE";
$q .= " download_id = '{$download_id}'";
$db->query($q);
$db->next_record();
$download_id = $db->f("download_id");
$file_name = $db->f("file_name");
if (strncmp($file_name, 'http', 4) !== 0) {
$datei = DOWNLOADROOT . $file_name;
} else {
$datei = $file_name;
}
$download_max = $db->f("download_max");
$end_date = $db->f("end_date");
$zeit = time();
if (!$download_id) {
$vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_INV', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
} elseif ($download_max == "0") {
$q = "DELETE FROM #__{vm}_product_download";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
$vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_MAX', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
} elseif ($end_date != "0" && $zeit > $end_date) {
$q = "DELETE FROM #__{vm}_product_download";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
$vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_EXP', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
}
require_once CLASSPATH . 'connectionTools.class.php';
$download_count = true;
if (@file_exists($datei)) {
// Check if this is a request for a special range of the file (=Resume Download)
$range_request = vmConnector::http_rangeRequest(filesize($datei), false);
if ($range_request[0] == 0) {
// this is not a request to resume a download,
$download_count = true;
} else {
$download_count = false;
}
} else {
$download_count = false;
}
// Parameter to check if the file should be removed after download, which is only true,
// if we have a remote file, which was transferred to this server into a temporary file
$unlink = false;
if (strncmp($datei, 'http', 4) === 0) {
require_once CLASSPATH . 'ps_product_files.php';
$datei_local = ps_product_files::getRemoteFile($datei);
if ($datei_local !== false) {
$datei = $datei_local;
$unlink = true;
} else {
$vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false));
return false;
}
} else {
// Check, if file path is correct
// and file is
if (!@file_exists($datei)) {
$vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
}
if (!@is_readable($datei)) {
$vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTREADABLE', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
}
}
if ($download_count) {
// decrement the download_max to limit the number of downloads
$q = "UPDATE `#__{vm}_product_download` SET";
$q .= " `download_max`=`download_max` - 1";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
}
if ($end_date == "0") {
// Set the Download Expiry Date, so the download can expire after DOWNLOAD_EXPIRE seconds
$end_date = time('u') + DOWNLOAD_EXPIRE;
$q = "UPDATE #__{vm}_product_download SET";
$q .= " end_date={$end_date}";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
}
if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) {
$UserBrowser = "Opera";
} elseif (ereg('MSIE ([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) {
$UserBrowser = "IE";
} else {
$UserBrowser = '';
}
$mime_type = $UserBrowser == 'IE' || $UserBrowser == 'Opera' ? 'application/octetstream' : 'application/octet-stream';
// dump anything in the buffer
while (@ob_end_clean()) {
}
vmConnector::sendFile($datei, $mime_type, basename($file_name));
if ($unlink) {
// remove the temporarily downloaded remote file
@unlink($datei);
}
$GLOBALS['vm_mainframe']->close(true);
}
function list_rates(&$d)
{
global $VM_LANG, $CURRENCY_DISPLAY, $mosConfig_absolute_path;
$db = new ps_DB();
$dbv = new ps_DB();
$dbc = new ps_DB();
/** Read current Configuration ***/
require_once CLASSPATH . "shipping/" . __CLASS__ . ".cfg.php";
$q = "SELECT * FROM `#__{vm}_user_info`, `#__{vm}_country` WHERE user_info_id='" . $db->getEscaped($d["ship_to_info_id"]) . "' AND ( country=country_2_code OR country=country_3_code)";
$db->query($q);
$db->next_record();
$q = "SELECT * FROM #__{vm}_vendor WHERE vendor_id='" . $_SESSION['ps_vendor_id'] . "'";
$dbv->query($q);
$dbv->next_record();
$order_weight = $d['weight'];
if ($order_weight > 0) {
//USPS Username
$usps_username = USPS_USERNAME;
//USPS Password
$usps_password = USPS_PASSWORD;
//USPS Server
$usps_server = USPS_SERVER;
//USPS Path
$usps_path = USPS_PATH;
//USPS package size
$usps_packagesize = USPS_PACKAGESIZE;
//USPS Package ID
$usps_packageid = 0;
//USPS International Per Pound Rate
$usps_intllbrate = USPS_INTLLBRATE;
//USPS International handling fee
$usps_intlhandlingfee = USPS_INTLHANDLINGFEE;
//Pad the shipping weight to allow weight for shipping materials
$usps_padding = USPS_PADDING;
$usps_padding = $usps_padding * 0.01;
$order_weight = $order_weight * $usps_padding + $order_weight;
//USPS Machinable for Parcel Post
$usps_machinable = USPS_MACHINABLE;
if ($usps_machinable == '1') {
$usps_machinable = 'TRUE';
} else {
$usps_machinable = 'FALSE';
}
//USPS Shipping Options to display
$usps_ship[0] = USPS_SHIP0;
$usps_ship[1] = USPS_SHIP1;
$usps_ship[2] = USPS_SHIP2;
$usps_ship[3] = USPS_SHIP3;
$usps_ship[4] = USPS_SHIP4;
$usps_ship[5] = USPS_SHIP5;
$usps_ship[6] = USPS_SHIP6;
$usps_ship[7] = USPS_SHIP7;
$usps_ship[8] = USPS_SHIP8;
$usps_ship[9] = USPS_SHIP9;
$usps_ship[10] = USPS_SHIP10;
foreach ($usps_ship as $key => $value) {
if ($value == '1') {
$usps_ship[$key] = 'TRUE';
} else {
$usps_ship[$key] = 'FALSE';
}
}
$usps_intl[0] = USPS_INTL0;
$usps_intl[1] = USPS_INTL1;
$usps_intl[2] = USPS_INTL2;
$usps_intl[3] = USPS_INTL3;
$usps_intl[4] = USPS_INTL4;
$usps_intl[5] = USPS_INTL5;
$usps_intl[6] = USPS_INTL6;
$usps_intl[7] = USPS_INTL7;
$usps_intl[8] = USPS_INTL8;
// $usps_intl[9] = USPS_INTL9;
foreach ($usps_intl as $key => $value) {
if ($value == '1') {
$usps_intl[$key] = 'TRUE';
} else {
$usps_intl[$key] = 'FALSE';
}
}
//Title for your request
$request_title = "Shipping Estimate";
//The zip that you are shipping from
$source_zip = substr($dbv->f("vendor_zip"), 0, 5);
$shpService = 'All';
//"Priority";
//The zip that you are shipping to
$dest_country = $db->f("country_2_code");
if ($dest_country == "GB") {
$q = "SELECT state_name FROM #__{vm}_state WHERE state_2_code='" . $db->f("state") . "'";
$dbc->query($q);
$dbc->next_record();
$dest_country_name = $dbc->f("state_name");
} else {
$dest_country_name = $db->f("country_name");
}
$dest_state = $db->f("state");
$dest_zip = substr($db->f("zip"), 0, 5);
//$weight_measure
if ($order_weight < 1) {
$shipping_pounds_intl = 0;
} else {
$shipping_pounds_intl = ceil($order_weight);
}
if ($order_weight < 0.88) {
$shipping_pounds = 0;
$shipping_ounces = round(16 * ($order_weight - floor($order_weight)));
} else {
$shipping_pounds = ceil($order_weight);
$shipping_ounces = 0;
}
$os = array("Mac", "NT", "Irix", "Linux");
$states = array("AL", "AK", "AR", "AZ", "CA", "CO", "CT", "DC", "DE", "FL", "GA", "HI", "IA", "ID", "IL", "IN", "KS", "KY", "LA", "MA", "MD", "ME", "MI", "MN", "MO", "MS", "MT", "NC", "ND", "NE", "NH", "NJ", "NM", "NV", "NY", "OH", "OK", "OR", "PA", "RI", "SC", "SD", "TN", "TX", "UT", "VT", "VA", "WA", "WI", "WV", "WY");
//If weight is over 70 pounds, round down to 70 for now.
//Will update in the future to be able to split the package or something?
if ($order_weight > 70.0) {
echo "We are unable to ship USPS as the package weight exceeds the 70 pound limit,<br>please select another shipping method.";
} else {
if ($dest_country == "US" && in_array($dest_state, $states)) {
/******START OF DOMESTIC RATE******/
//the xml that will be posted to usps
$xmlPost = 'API=RateV2&XML=<RateV2Request USERID="' . $usps_username . '" PASSWORD="******">';
$xmlPost .= '<Package ID="' . $usps_packageid . '">';
$xmlPost .= "<Service>" . $shpService . "</Service>";
$xmlPost .= "<ZipOrigination>" . $source_zip . "</ZipOrigination>";
$xmlPost .= "<ZipDestination>" . $dest_zip . "</ZipDestination>";
$xmlPost .= "<Pounds>" . $shipping_pounds . "</Pounds>";
$xmlPost .= "<Ounces>" . $shipping_ounces . "</Ounces>";
$xmlPost .= "<Size>" . $usps_packagesize . "</Size>";
$xmlPost .= "<Machinable>" . $usps_machinable . "</Machinable>";
$xmlPost .= "</Package></RateV2Request>";
// echo htmlentities( $xmlPost );
$host = $usps_server;
//$host = "production.shippingapis.com";
$path = $usps_path;
//"/ups.app/xml/Rate";
//$path = "/ShippingAPI.dll";
$port = 80;
$protocol = "http";
$html = "";
//echo "<textarea>".$protocol."://".$host.$path."?API=Rate&XML=".$xmlPost."</textarea>";
// Using cURL is Up-To-Date and easier!!
if (function_exists("curl_init")) {
$CR = curl_init();
curl_setopt($CR, CURLOPT_URL, $protocol . "://" . $host . $path);
//"?API=RateV2&XML=".$xmlPost);
curl_setopt($CR, CURLOPT_POST, 1);
curl_setopt($CR, CURLOPT_FAILONERROR, true);
curl_setopt($CR, CURLOPT_POSTFIELDS, $xmlPost);
curl_setopt($CR, CURLOPT_RETURNTRANSFER, 1);
$xmlResult = curl_exec($CR);
$error = curl_error($CR);
if (!empty($error)) {
$GLOBALS['vmLogger']->err(curl_error($CR));
$html = "<br/><span class=\"message\">" . $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . " USPS.com</span>";
$error = true;
} else {
/* XML Parsing */
require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php';
$xmlDoc = new DOMIT_Lite_Document();
$xmlDoc->parseXML($xmlResult, false, true);
/* Let's check wether the response from USPS is Success or Failure ! */
if (strstr($xmlResult, "Error")) {
$error = true;
$html = "<span class=\"message\">" . $VM_LANG->_('PHPSHOP_USPS_RESPONSE_ERROR') . "</span><br/>";
$error_code = $xmlDoc->getElementsByTagName("Number");
$error_code = $error_code->item(0);
$error_code = $error_code->getText();
$html .= $VM_LANG->_('PHPSHOP_ERROR_CODE') . ": " . $error_code . "<br/>";
$error_desc = $xmlDoc->getElementsByTagName("Description");
$error_desc = $error_desc->item(0);
$error_desc = $error_desc->getText();
$html .= $VM_LANG->_('PHPSHOP_ERROR_DESC') . ": " . $error_desc . "<br/>";
}
}
curl_close($CR);
} else {
$protocol = "http";
$fp = fsockopen($protocol . "://" . $host, $errno, $errstr, $timeout = 60);
if (!$fp) {
$error = true;
$html = $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . ": {$errstr} ({$errno})";
} else {
//send the server request
fputs($fp, "POST {$path} HTTP/1.1\r\n");
fputs($fp, "Host: {$host}\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: " . strlen($xmlPost) . "\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $xmlPost . "\r\n\r\n");
$xmlResult = '';
while (!feof($fp)) {
$xmlResult .= fgets($fp, 4096);
}
if (stristr($xmlResult, "Success")) {
/* XML Parsing */
require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php';
$xmlDoc = new DOMIT_Lite_Document();
$xmlDoc->parseXML($xmlResult, false, true);
$error = false;
} else {
$html = "Error processing the Request to USPS.com";
$error = true;
}
}
}
if (DEBUG) {
echo "XML Post: <br>";
echo "<textarea cols='80'>" . $protocol . "://" . $host . $path . "?" . $xmlPost . "</textarea>";
echo "<br>";
echo "XML Result: <br>";
echo "<textarea cols='80' rows='10'>" . $xmlResult . "</textarea>";
echo "<br>";
echo "Cart Contents: " . $order_weight . " " . $weight_measure . "<br><br>\n";
}
if ($error) {
// comment out, if you don't want the Errors to be shown!!
//$vmLogger->err( $html );
// Switch to StandardShipping on Error !!!
//require_once( CLASSPATH . 'shipping/standard_shipping.php' );
//$shipping = new standard_shipping();
//$shipping->list_rates( $d );
echo "We are unable to ship USPS as the there was an error,<br> please select another shipping method.";
return;
}
// Domestic shipping - add how long it might take
$ship_commit[0] = "1 - 2 Days";
$ship_commit[1] = "1 - 2 Days";
$ship_commit[2] = "1 - 2 Days";
$ship_commit[3] = "1 - 3 Days";
$ship_commit[4] = "1 - 3 Days";
$ship_commit[5] = "1 - 3 Days";
$ship_commit[6] = "2 - 9 Days";
$ship_commit[7] = "2 - 9 Days";
$ship_commit[8] = "2 - 9 Days";
$ship_commit[9] = "2 - 9 Days";
$ship_commit[10] = "2 Days or More";
// retrieve the service and postage items
$i = 0;
if ($order_weight > 15) {
$count = 8;
$usps_ship[6] = $usps_ship[7];
$usps_ship[7] = $usps_ship[9];
$usps_ship[8] = $usps_ship[10];
} else {
if ($order_weight >= 0.86) {
$count = 9;
$usps_ship[6] = $usps_ship[7];
$usps_ship[7] = $usps_ship[8];
$usps_ship[8] = $usps_ship[9];
$usps_ship[9] = $usps_ship[10];
} else {
$count = 10;
}
}
while ($i <= $count) {
if (isset($xmlDoc)) {
$ship_service[$i] = $xmlDoc->getElementsByTagName('MailService');
$ship_service[$i] = $ship_service[$i]->item($i);
$ship_service[$i] = $ship_service[$i]->getText();
$ship_postage[$i] = $xmlDoc->getElementsByTagName('Rate');
$ship_postage[$i] = $ship_postage[$i]->item($i);
$ship_postage[$i] = $ship_postage[$i]->getText();
if (preg_match('/%$/', USPS_HANDLINGFEE)) {
$ship_postage[$i] = $ship_postage[$i] * (1 + substr(USPS_HANDLINGFEE, 0, -1) / 100);
} else {
$ship_postage[$i] = $ship_postage[$i] + USPS_HANDLINGFEE;
}
$i++;
}
}
/******END OF DOMESTIC RATE******/
} else {
/******START INTERNATIONAL RATE******/
//the xml that will be posted to usps
$xmlPost = 'API=IntlRate&XML=<IntlRateRequest USERID="' . $usps_username . '" PASSWORD="******">';
$xmlPost .= '<Package ID="' . $usps_packageid . '">';
$xmlPost .= "<Pounds>" . $shipping_pounds_intl . "</Pounds>";
$xmlPost .= "<Ounces>" . $shipping_ounces . "</Ounces>";
$xmlPost .= "<MailType>Package</MailType>";
$xmlPost .= "<Country>" . $dest_country_name . "</Country>";
$xmlPost .= "</Package></IntlRateRequest>";
// echo htmlentities( $xmlPost );
$host = $usps_server;
//$host = "production.shippingapis.com";
$path = $usps_path;
//"/ups.app/xml/Rate";
//$path = "/ShippingAPI.dll";
$port = 80;
$protocol = "http";
//echo "<textarea>".$protocol."://".$host.$path."?API=Rate&XML=".$xmlPost."</textarea>";
// Using cURL is Up-To-Date and easier!!
if (function_exists("curl_init")) {
$CR = curl_init();
curl_setopt($CR, CURLOPT_URL, $protocol . "://" . $host . $path);
//"?API=RateV2&XML=".$xmlPost);
curl_setopt($CR, CURLOPT_POST, 1);
curl_setopt($CR, CURLOPT_FAILONERROR, true);
curl_setopt($CR, CURLOPT_POSTFIELDS, $xmlPost);
curl_setopt($CR, CURLOPT_RETURNTRANSFER, 1);
$xmlResult = curl_exec($CR);
//echo "<textarea>".$xmlResult."</textarea>";
$error = curl_error($CR);
if (!empty($error)) {
$GLOBALS['vmLogger']->err(curl_error($CR));
$html = "<br/><span class=\"message\">" . $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . " USPS.com</span>";
$error = true;
} else {
/* XML Parsing */
require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php';
$xmlDoc = new DOMIT_Lite_Document();
$xmlDoc->parseXML($xmlResult, false, true);
/* Let's check wether the response from USPS is Success or Failure ! */
if (strstr($xmlResult, "Error")) {
$error = true;
$html = "<span class=\"message\">" . $VM_LANG->_('PHPSHOP_USPS_RESPONSE_ERROR') . "</span><br/>";
$error_code = $xmlDoc->getElementsByTagName("Number");
$error_code = $error_code->item(0);
$error_code = $error_code->getText();
$html .= $VM_LANG->_('PHPSHOP_ERROR_CODE') . ": " . $error_code . "<br/>";
$error_desc = $xmlDoc->getElementsByTagName("Description");
$error_desc = $error_desc->item(0);
$error_desc = $error_desc->getText();
$html .= $VM_LANG->_('PHPSHOP_ERROR_DESC') . ": " . $error_desc . "<br/>";
}
}
curl_close($CR);
} else {
$protocol = "http";
$fp = fsockopen($protocol . "://" . $host, $errno, $errstr, $timeout = 60);
if (!$fp) {
$error = true;
$html = $VM_LANG->_('PHPSHOP_INTERNAL_ERROR') . ": {$errstr} ({$errno})";
} else {
//send the server request
fputs($fp, "POST {$path} HTTP/1.1\r\n");
fputs($fp, "Host: {$host}\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: " . strlen($xmlPost) . "\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $xmlPost . "\r\n\r\n");
$xmlResult = '';
while (!feof($fp)) {
$xmlResult .= fgets($fp, 4096);
}
if (stristr($xmlResult, "Success")) {
/* XML Parsing */
require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php';
$xmlDoc = new DOMIT_Lite_Document();
$xmlDoc->parseXML($xmlResult, false, true);
$error = false;
} else {
$html = "Error processing the Request to USPS.com";
$error = true;
}
}
}
if (DEBUG) {
echo "XML Post: <br>";
echo "<textarea cols='80'>" . $protocol . "://" . $host . $path . "?" . $xmlPost . "</textarea>";
echo "<br>";
echo "XML Result: <br>";
echo "<textarea cols='80' rows='10'>" . $xmlResult . "</textarea>";
echo "<br>";
echo "Cart Contents: " . $order_weight . " " . $weight_measure . "<br><br>\n";
}
if ($error) {
// comment out, if you don't want the Errors to be shown!!
//$vmLogger->err( $html );
// Switch to StandardShipping on Error !!!
//require_once( CLASSPATH . 'shipping/standard_shipping.php' );
//$shipping = new standard_shipping();
//$shipping->list_rates( $d );
//return;
echo "We are unable to ship USPS as there was an error,<br> please select another shipping method.";
}
// retrieve the service and postage items
$i = 0;
$numChildren = 0;
$numChildren = $xmlDoc->documentElement->firstChild->childCount;
$numChildren = $numChildren - 7;
// this line removes the preceeding 6 lines of crap not needed plus 1 to make up for the $i starting at 0
while ($i <= $numChildren) {
if (isset($xmlDoc)) {
$ship_service[$i] = $xmlDoc->getElementsByTagName("SvcDescription");
$ship_service[$i] = $ship_service[$i]->item($i);
$ship_service[$i] = $ship_service[$i]->getText();
$ship_weight[$i] = $xmlDoc->getElementsByTagName("MaxWeight");
$ship_weight[$i] = $ship_weight[$i]->item($i);
$ship_weight[$i] = $ship_weight[$i]->getText($i);
}
$i++;
}
// retrieve postage for countries that support all nine shipping methods and weights
$ship_weight[8] = $ship_weight[8] / 16;
if ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5] && $ship_weight[6] && $ship_weight[7] && $ship_weight[8]) {
$count = 8;
} elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5] && $ship_weight[6] && $ship_weight[7]) {
$count = 7;
// $usps_intl[6] = $usps_intl[7];
} elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5] && $ship_weight[6]) {
$count = 6;
} elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4] && $ship_weight[5]) {
$count = 5;
} elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3] && $ship_weight[4]) {
$count = 4;
} elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2] && $ship_weight[3]) {
$count = 3;
} elseif ($order_weight <= $ship_weight[0] && $ship_weight[1] && $ship_weight[2]) {
$count = 2;
} elseif ($order_weight <= $ship_weight[0] && $ship_weight[1]) {
$count = 1;
} elseif ($order_weight <= $ship_weight[0]) {
$count = 0;
} else {
echo "We are unable to ship USPS as the package weight exceeds what your<br>country allows, please select another shipping method.";
}
$i = 0;
while ($i <= $numChildren) {
if (isset($xmlDoc)) {
$ship_service[$i] = $xmlDoc->getElementsByTagName("SvcDescription");
$ship_service[$i] = $ship_service[$i]->item($i);
$ship_service[$i] = $ship_service[$i]->getText();
$ship_commit[$i] = $xmlDoc->getElementsByTagName("SvcCommitments");
$ship_commit[$i] = $ship_commit[$i]->item($i);
$ship_commit[$i] = $ship_commit[$i]->getText();
$ship_postage[$i] = $xmlDoc->getElementsByTagName("Postage");
$ship_postage[$i] = $ship_postage[$i]->item($i);
$ship_postage[$i] = $ship_postage[$i]->getText($i);
$ship_postage[$i] = $ship_postage[$i] + USPS_INTLHANDLINGFEE;
$i++;
}
/******END INTERNATIONAL RATE******/
}
}
$i = 0;
while ($i <= $count) {
$html = "";
// USPS returns Charges in USD.
$charge[$i] = $ship_postage[$i];
$ship_postage[$i] = $CURRENCY_DISPLAY->getFullValue($charge[$i]);
$shipping_rate_id = urlencode(__CLASS__ . "|USPS|" . $ship_service[$i] . "|" . $charge[$i]);
//$checked = (@$d["shipping_rate_id"] == $value) ? "checked=\"checked\"" : "";
$html .= "\n<input type=\"radio\" name=\"shipping_rate_id\" checked=\"checked\" value=\"{$shipping_rate_id}\" id=\"{$shipping_rate_id}\" />\n";
$_SESSION[$shipping_rate_id] = 1;
$html .= "<label for=\"{$shipping_rate_id}\">";
$html .= "USPS " . $ship_service[$i] . " ";
$html .= "<strong>(" . $ship_postage[$i] . ")</strong>";
if (USPS_SHOW_DELIVERY_QUOTE == 1) {
$html .= " - " . $ship_commit[$i];
}
$html .= "</label>";
$html .= "<br />";
if ($dest_country_name == "United States" && $usps_ship[$i] == "TRUE") {
echo $html;
} else {
if ($dest_country_name != "United States" && $usps_intl[$i] == "TRUE") {
echo $html;
}
}
$i++;
}
}
}
return true;
}
function process_coupon_code($d)
{
global $VM_LANG, $vmLogger;
/* init the database */
$coupon_db = new ps_DB();
/* we need some functions from the checkout module */
require_once CLASSPATH . "ps_checkout.php";
$checkout = new ps_checkout();
if (empty($d['total'])) {
$totals = $checkout->calc_order_totals($d);
$d['total'] = $totals['order_subtotal'] + $totals['order_tax'] + $totals['order_shipping'] + $totals['order_shipping_tax'] - $totals['payment_discount'];
}
$d['coupon_code'] = trim(vmGet($_REQUEST, 'coupon_code'));
$coupon_id = vmGet($_SESSION, 'coupon_id', null);
$q = 'SELECT coupon_id, coupon_code, percent_or_total, coupon_value, coupon_type FROM #__{vm}_coupons WHERE ';
if ($coupon_id) {
/* the query to select the coupon coupon_code */
$q .= 'coupon_id = ' . intval($coupon_id);
} else {
/* the query to select the coupon coupon_code */
$q .= 'coupon_code = \'' . $coupon_db->getEscaped($d['coupon_code']) . '\'';
}
/* make the query */
$coupon_db->query($q);
/* see if we have any fields returned */
if ($coupon_db->num_rows() > 0) {
/* we have a record */
/* see if we are calculating percent or dollar discount */
if ($coupon_db->f("percent_or_total") == "percent") {
/* percent */
//$subtotal = $checkout->calc_order_subtotal( $d );
/* take the subtotal for calculation of the discount */
//$_SESSION['coupon_discount'] = round( ($subtotal * $coupon_db->f("coupon_value") / 100), 2);
$coupon_value = round($d["total"] * $coupon_db->f("coupon_value") / 100, 2);
if ($d["total"] < $coupon_value) {
$coupon_value = (double) $d['total'] + (double) $d['order_tax'];
$vmLogger->info(str_replace('{value}', $GLOBALS['CURRENCY_DISPLAY']->getFullValue($coupon_value), $VM_LANG->_('VM_COUPON_GREATER_TOTAL_SETTO')));
}
$_SESSION['coupon_discount'] = $coupon_value;
} else {
$coupon_value = $coupon_db->f("coupon_value");
/* Total Amount */
if ($d["total"] < $coupon_value) {
$coupon_value = (double) $d['total'] + (double) $d['order_tax'];
$vmLogger->info(str_replace('{value}', $GLOBALS['CURRENCY_DISPLAY']->getFullValue($coupon_value), $VM_LANG->_('VM_COUPON_GREATER_TOTAL_SETTO')));
}
$_SESSION['coupon_discount'] = $GLOBALS['CURRENCY']->convert($coupon_value);
}
/* mark this order as having used a coupon so people cant go and use coupons over and over */
$_SESSION['coupon_redeemed'] = true;
$_SESSION['coupon_id'] = $coupon_db->f("coupon_id");
$_SESSION['coupon_code'] = $coupon_db->f("coupon_code");
$_SESSION['coupon_type'] = $coupon_db->f("coupon_type");
} else {
/* no record, so coupon_code entered was not valid */
$GLOBALS['coupon_error'] = $VM_LANG->_('PHPSHOP_COUPON_CODE_INVALID');
return false;
}
}
/**
* Changes the parameter List Order
* @author Zdenek Dvorak
* @param unknown_type $d
*/
function reorder_parameter(&$d)
{
$cb = vmGet($_POST, 'parameter_name', array(0));
$product_type_id = vmGet($_POST, 'product_type_id', 0);
$db = new ps_DB();
switch ($d["task"]) {
case "orderup":
$q = "SELECT parameter_list_order FROM #__{vm}_product_type_parameter ";
$q .= "WHERE product_type_id='" . $product_type_id . "' ";
$q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'";
$db->query($q);
$db->next_record();
$currentpos = $db->f("parameter_list_order");
// Get the (former) predecessor and update it
$q = "SELECT parameter_list_order,parameter_name FROM #__{vm}_product_type_parameter WHERE ";
$q .= "parameter_list_order<'" . $currentpos . "' ";
$q .= "ORDER BY parameter_list_order DESC";
$db->query($q);
$db->next_record();
$pred = $db->f("parameter_name");
$pred_pos = $db->f("parameter_list_order");
// Update the product_type and decrease the list_order
$q = "UPDATE #__{vm}_product_type_parameter ";
$q .= "SET parameter_list_order='" . $pred_pos . "' ";
$q .= "WHERE product_type_id='" . $product_type_id . "' ";
$q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'";
$db->query($q);
$q = "UPDATE #__{vm}_product_type_parameter ";
$q .= "SET parameter_list_order='" . intval($pred_pos + 1) . "' ";
$q .= "WHERE product_type_id='" . $product_type_id . "' ";
$q .= "AND parameter_name='" . $db->getEscaped($pred) . "'";
$db->query($q);
break;
case "orderdown":
$q = "SELECT parameter_list_order FROM #__{vm}_product_type_parameter ";
$q .= "WHERE product_type_id='" . $product_type_id . "' ";
$q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'";
$db->query($q);
$db->next_record();
$currentpos = $db->f("parameter_list_order");
// Get the (former) successor and update it
$q = "SELECT parameter_list_order,parameter_name FROM #__{vm}_product_type_parameter WHERE ";
$q .= "parameter_list_order>'" . $currentpos . "' ";
$q .= "ORDER BY parameter_list_order";
$db->query($q);
$db->next_record();
$succ = $db->f("parameter_name");
$succ_pos = $db->f("parameter_list_order");
$q = "UPDATE #__{vm}_product_type_parameter ";
$q .= "SET parameter_list_order='" . $succ_pos . "' ";
$q .= "WHERE product_type_id='" . $product_type_id . "' ";
$q .= "AND parameter_name='" . $db->getEscaped($cb[0]) . "'";
$db->query($q);
$q = "UPDATE #__{vm}_product_type_parameter ";
$q .= "SET parameter_list_order='" . intval($succ_pos - 1) . "' ";
$q .= "WHERE product_type_id='" . $product_type_id . "' ";
$q .= "AND parameter_name='" . $db->getEscaped($succ) . "'";
$db->query($q);
break;
}
}
// Constructor initializes the session!
$sess = new ps_session();
/*** END VirtueMart part ***/
// Finished Initialization of the hidden_trigger script
// Check for valid ipayment Server
if (!preg_match('/\\.ipayment\\.de$/', gethostbyaddr($_SERVER["REMOTE_ADDR"]))) {
$mailsubject = "iPayment Transaction on your site: Possible fraud";
$mailbody = "Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = " . $_SERVER['REMOTE_ADDR'] . ". \r\n The remote address of the script posting to this notify script does not match a valid iPayment Server IP Address\n\r\n \r\n The Order ID received was: " . vmRequest::getVar('shopper_id');
vmMail($mosConfig_mailfrom, $mosConfig_fromname, $debug_email_address, $mailsubject, $mailbody);
exit;
}
$order_number = vmRequest::getString('shopper_id');
if (!empty($order_number)) {
$db = new ps_DB();
// Get the Order Details from the database
$qv = "SELECT `order_id`, `order_number`, `user_id`, `order_subtotal`,\r\n `order_total`, `order_currency`, `order_tax`, \r\n `order_shipping_tax`, `coupon_discount`, `order_discount`\r\n FROM `#__{vm}_orders` \r\n WHERE `order_number`='" . $db->getEscaped($order_number) . "'";
$db->query($qv);
if (!$db->next_record()) {
exit;
}
// Now check, if everything's alright here
$ret_param_checksum = vmRequest::getVar('ret_param_checksum');
$ret_param_checksum_computed = md5(IPAYMENT_APPID . round($db->f('order_total') * 100, 0) . $db->f('order_currency') . vmRequest::getVar('ret_authcode') . vmRequest::getVar('ret_booknr') . IPAYMENT_SECRET);
if ($ret_param_checksum != $ret_param_checksum_computed) {
$mailsubject = "iPayment Transaction on your site: Checksum mismatch!";
$mailbody = "When receiving a request from an iPayment Server we found that no correct checksum was submitted.\r\n \r\n The Order ID received was: " . vmRequest::getVar('shopper_id');
vmMail($mosConfig_mailfrom, $mosConfig_fromname, $debug_email_address, $mailsubject, $mailbody);
exit;
}
$order_id = $db->f("order_id");
$d['order_id'] = $order_id;
/**
* Notify Affiliates with their stats
*
* @param array $d
*/
function email(&$d)
{
global $email_status, $ps_vendor_id;
$db = new ps_DB();
$dbv = new ps_DB();
$qt = "SELECT * from #__{vm}_vendor WHERE vendor_id = {$ps_vendor_id}";
$dbv->query($qt);
$dbv->next_record();
$q = "SELECT * from #__{vm}_affiliate ";
$q .= " WHERE active ='Y' ";
if ($d["affiliate_id"] != "*") {
$q .= "AND affiliate_id = '" . $db->getEscaped($d["affiliate_id"]) . "'";
}
$db->query($q);
while ($db->next_record()) {
$i++;
if ($d["send_stats"] == "stats_on") {
$d["email"] .= "\n\n\n" . $this->get_stats(time(), $db->f("affiliate_id"));
}
$affiliate = $this->get_affiliate_details(0, $db->f("affiliate_id"));
if (!mail($affiliate["email"], $d["subject"], $d["email"], $dbv->f("contact_email"))) {
$email_status = "Failed";
} else {
$j++;
}
}
if ($i == $j) {
$email_status = "Emailed {$i} affiliates successfully - Email more ....";
}
}
/**
* Validate a selected Shipping Rate
*
* @param array $d
* @return boolean
*/
function validate(&$d)
{
global $VM_LANG, $vmLogger;
$cart = $_SESSION['cart'];
$d['shipping_rate_id'] = vmGet($_REQUEST, 'shipping_rate_id');
$d['ship_to_info_id'] = vmGet($_REQUEST, 'ship_to_info_id');
if (empty($_SESSION[$d['shipping_rate_id']])) {
return false;
}
$details = explode("|", urldecode($d['shipping_rate_id']));
$rate_id = intval($details[4]);
$totalweight = 0;
require_once CLASSPATH . 'ps_shipping_method.php';
for ($i = 0; $i < $cart["idx"]; $i++) {
$weight_subtotal = ps_shipping_method::get_weight($cart[$i]["product_id"]) * $cart[$i]['quantity'];
$totalweight += $weight_subtotal;
}
$dbu = new ps_DB();
//DB User
$q = "SELECT country,zip FROM #__{vm}_user_info WHERE user_info_id = '" . $dbu->getEscaped($d["ship_to_info_id"]) . "'";
$dbu = new ps_DB();
//DB User
$dbu->query($q);
if (!$dbu->next_record()) {
/*$vmLogger->err( $VM_LANG->_('PHPSHOP_CHECKOUT_ERR_SHIPTO_NOT_FOUND',false) );
return False;*/
}
$zip = $dbu->f("zip");
$country = $dbu->f("country");
$q = "SELECT shipping_rate_id FROM #__{vm}_shipping_rate WHERE shipping_rate_id = '{$rate_id}'";
$dbs = new ps_DB();
// DB Shiping_rate
$dbs->query($q);
if (!$dbs->next_record()) {
$vmLogger->err($VM_LANG->_('PHPSHOP_CHECKOUT_ERR_RATE_NOT_FOUND', false));
return False;
}
return $this->rate_id_valid($rate_id, $country, $zip, $totalweight);
}
$response['products'][] = array('product_id' => $db->f("product_id"), 'category' => htmlspecialchars($db->f("category_name")), 'product' => htmlspecialchars($db->f("product_name")));
}
$db->query('SELECT FOUND_ROWS() as num_rows');
$db->next_record();
$response['totalCount'] = $db->f('num_rows');
error_reporting(0);
while (@ob_end_clean()) {
}
$json = new Services_JSON();
echo $json->encode($response);
$vm_mainframe->close(true);
break;
case 'getcategories':
require_once CLASSPATH . 'JSON.php';
$db = new ps_DB();
$keyword = $db->getEscaped(vmGet($_REQUEST, 'query'));
$q = "SELECT SQL_CALC_FOUND_ROWS #__{vm}_category.category_id,category_name\r\n\t\t\tFROM `#__{vm}_category` ";
if ($keyword) {
$q .= ' WHERE category_name LIKE \'%' . $keyword . '%\'';
}
$q .= ' ORDER BY category_name,#__{vm}_category.category_id';
$q .= ' LIMIT ' . (int) $_REQUEST['start'] . ', ' . (int) $_REQUEST['limit'];
$db->query($q);
while ($db->next_record()) {
$response['categories'][] = array('category_id' => $db->f("category_id"), 'category' => htmlspecialchars($db->f("category_name")));
}
$db->query('SELECT FOUND_ROWS() as num_rows');
$db->next_record();
$response['totalCount'] = $db->f('num_rows');
error_reporting(0);
while (@ob_end_clean()) {
/**
* Updates an attribute record
*
* @param array $d
* @return boolean True when successful, false when not
*/
function update(&$d)
{
global $VM_LANG;
if (!$this->validate($d)) {
return false;
}
$db = new ps_DB();
$fields = array('attribute_name' => $d["attribute_name"], 'attribute_list' => $d["attribute_list"]);
$db->buildQuery('UPDATE', '#__{vm}_product_attribute_sku', $fields, "WHERE product_id='" . (int) $d["product_id"] . "' AND attribute_name='" . $db->getEscaped($d["old_attribute_name"]) . "'");
if ($db->query() === false) {
$GLOBALS['vmLogger']->err($VM_LANG->_('VM_PRODUCT_ATTRIBUTE_ERR_UPDATING'));
return false;
}
if ($d["old_attribute_name"] != $d["attribute_name"]) {
$ps_product = new ps_product();
$child_pid = $ps_product->get_child_product_ids($d["product_id"]);
for ($i = 0; $i < count($child_pid); $i++) {
$fields = array('attribute_name' => $d["attribute_name"]);
$db->buildQuery('UPDATE', '#__{vm}_product_attribute', $fields, "WHERE product_id='" . $child_pid[$i] . "' AND attribute_name='" . $db->getEscaped($d["old_attribute_name"]) . "' ");
$db->query();
}
}
$GLOBALS['vmLogger']->info($VM_LANG->_('VM_PRODUCT_ATTRIBUTE_UPDATED'));
return true;
}
/**
* Updates a file record
*
* @param array $d
* @return boolean
*/
function update(&$d)
{
global $VM_LANG, $vmLogger;
$db = new ps_DB();
$timestamp = time();
if (!$this->validate_update($d)) {
return False;
}
if (empty($d["file_published"])) {
$d["file_published"] = 0;
}
$is_download_attribute = false;
$q_dl = "SELECT attribute_name,attribute_value,file_id \r\n\t\t\t\t\t\tFROM #__{vm}_product_attribute,#__{vm}_product_files \r\n\t\t\t\t\t\tWHERE product_id='" . $d["product_id"] . "' AND attribute_name='download' \r\n\t\t\t\t\t\tAND file_id='" . $d["file_id"] . "' AND attribute_value=file_title";
$db->query($q_dl);
if ($db->next_record()) {
// We have found an existing downloadable file entry
$old_attribute = $db->f('attribute_value', false);
$is_download_attribute = true;
if (!empty($_FILES['file_upload']['name']) && $d['file_type'] == 'downloadable_file') {
// new file uploaded
$qu = "UPDATE #__{vm}_product_attribute ";
$qu .= "SET attribute_value = '" . $_FILES['file_upload']['name'] . "' ";
$qu .= "WHERE product_id='" . $d["product_id"] . "' AND attribute_name='download' AND attribute_value='" . $old_attribute . "'";
$db->query($qu);
} elseif ($d['file_type'] != 'downloadable_file') {
// File Type was changed, so remove the entry in the product attribute table
$qu = "DELETE FROM #__{vm}_product_attribute ";
$qu .= "WHERE attribute_value = '{$old_attribute}' ";
$qu .= "AND product_id='" . $d["product_id"] . "' AND attribute_name='download'";
$db->query($qu);
}
} elseif ($d['file_type'] == 'downloadable_file') {
if (!empty($d['file_url'])) {
$filename = vmGet($d, 'file_url');
} else {
$filename = vmGet($d, 'downloadable_file');
}
// Insert an attribute called "download", attribute_value: filename
$fields = array('product_id' => $d["product_id"], 'attribute_name' => 'download', 'attribute_value' => $db->getEscaped($filename));
$db->buildQuery('INSERT', '#__{vm}_product_attribute', $fields);
$db->query();
}
if (empty($d["file_create_thumbnail"])) {
$d["file_create_thumbnail"] = 0;
}
if (!empty($_FILES['file_upload']['name'])) {
// If we have a new uploaded file, we delete the old one and add the new file
$this->delete($d);
return $this->add($d);
} else {
// No File Upload
$is_image = $d['file_type'] == "image" ? '1' : '0';
if (!empty($d['file_url'])) {
$filename = '';
} elseif ($d['file_type'] == 'downloadable_file' && !empty($old_attribute)) {
if (!empty($d['file_url'])) {
$filename = vmGet($d, 'file_url');
$d["file_title"] = $db->getEscaped(vmGet($d, 'file_url'));
} else {
$filename = DOWNLOADROOT . @$d['downloadable_file'];
$d["file_title"] = $db->getEscaped(vmGet($d, 'downloadable_file'));
}
$qu = "UPDATE #__{vm}_product_attribute ";
$qu .= "SET attribute_value = '" . $d["file_title"] . "' ";
$qu .= "WHERE product_id='" . $d["product_id"] . "' AND attribute_name='download' AND attribute_value='" . $old_attribute . "'";
$db->query($qu);
}
$ext = "";
$upload_success = true;
$file_image_height = $file_image_width = $file_image_thumb_height = $file_image_thumb_width = "";
}
$fields = array('file_title' => $db->getEscaped($d["file_title"]), 'file_url' => $d['file_url'], 'file_published' => $d["file_published"]);
if (!empty($filename)) {
$fields['file_name'] = $db->getEscaped($filename);
}
$db->buildQuery('UPDATE', '#__{vm}_product_files', $fields, "WHERE file_id=" . (int) $d["file_id"] . " AND file_product_id=" . (int) $d["product_id"]);
$db->query();
return True;
}
/**
* Returns an information array about the function $func
*
* @param string $func
* @return mixed
*/
function get_function($func)
{
$db = new ps_DB();
$result = array();
$q = "SELECT `function_perms`, `function_class`, `function_method` \r\n\t\t\t\tFROM `#__{vm}_function` \r\n\t\t\t\tWHERE LOWER(`function_name`)='" . $db->getEscaped(strtolower($func)) . "'";
$db->query($q);
if ($db->next_record()) {
$result["perms"] = $db->f("function_perms");
$result["class"] = $db->f("function_class");
$result["method"] = $db->f("function_method");
return $result;
} else {
return False;
}
}
/**
* Returns an information array about the function $func
*
* @param string $func
* @return mixed
*/
function get_group($group)
{
$db = new ps_DB();
$result = array();
$query = 'SELECT group_id,group_name,group_level FROM `' . $this->_table_name . '`';
if (is_int($group)) {
$query .= ' WHERE group_id=' . $group;
} else {
$query .= ' WHERE group_name=\'' . $db->getEscaped($group) . '\'';
}
$db->query($query);
$db->next_record();
return $db;
}
/**
* This reformats an URL, appends "option=com_virtuemart" and "Itemid=XX"
* where XX is the Id of an entry in the table mos_menu with "link: option=com_virtuemart"
* It also calls sefRelToAbs to apply SEF formatting
*
* @param string $text THE URL
* @param boolean False: Create a URI like /joomla/index.php?....; True: Create a URI like http://www.domain.com/index.php?....
* @return string The reformatted URL
*/
function url($text, $createAbsoluteURI = false, $encodeAmpersands = true, $ignoreSEF = false)
{
global $mm_action_url, $page, $mainframe;
if (!defined('_VM_IS_BACKEND')) {
// Strip the parameters from the $text variable and parse to a temporary array
$tmp_text = str_replace('amp;', '', substr($text, strpos($text, '?')));
if (substr($tmp_text, 0, 1) == '?') {
$tmp_text = substr($tmp_text, 1);
}
parse_str($tmp_text, $ii_arr);
// Init the temp. Itemid
$tmp_Itemid = '';
$db = new ps_DB();
// Check if there is a menuitem for a product_id (highest priority)
if (!empty($ii_arr['product_id'])) {
if ($ii_product_id = intval($ii_arr['product_id'])) {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%product_id={$ii_product_id}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// Check if there is a menuitem for a category_id
// This only checks for the exact category ID, it might be good to check for parents also. But at the moment, this would produce a lot of queries
if (!empty($ii_arr['category_id'])) {
$ii_cat_id = intval($ii_arr['category_id']);
if ($ii_cat_id && $tmp_Itemid == '') {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%category_id={$ii_cat_id}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// Check if there is a menuitem for a flypage
if (!empty($ii_arr['flypage'])) {
$ii_flypage = $db->getEscaped(vmget($ii_arr, 'flypage'));
if ($ii_flypage && $tmp_Itemid == '') {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%flypage={$ii_flypage}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// Check if there is a menuitem for a page
if (!empty($ii_arr['page'])) {
$ii_page = $db->getEscaped(vmget($ii_arr, 'page'));
if ($ii_page && $tmp_Itemid == '') {
$db->query("SELECT id FROM #__menu WHERE link='index.php?option=com_virtuemart' AND params like '%page={$ii_page}%' AND published=1");
if ($db->next_record()) {
$tmp_Itemid = $db->f("id");
}
}
}
// If we haven't found an Itemid, use the standard VM-Itemid
$Itemid = "&Itemid=" . ($tmp_Itemid ? $tmp_Itemid : $this->getShopItemid());
} else {
$Itemid = NULL;
}
// split url into base ? path
$limiter = strpos($text, '?');
if ($limiter === false) {
if (!strstr($text, "=")) {
// $text recognized to be parameter-list (bug?)
$base = NULL;
$params = $text;
} else {
// text recognized to be url without parameters
$base = $mm_action_url;
$params = $text;
}
} else {
// base?params
$base = substr($text, 0, $limiter);
$params = substr($text, $limiter + 1);
}
// normalize base (cut off multislashes)
$base = str_replace("//", "/", $base);
$base = str_replace(":/", "://", $base);
// add script name to naked base url
// TODO: Improve
if ($base == URL || $base == SECUREURL) {
$base .= basename($_SERVER['SCRIPT_NAME']);
}
if (!basename($base)) {
$base .= basename($_SERVER['SCRIPT_NAME']);
}
// append "&option=com_virtuemart&Itemid=XX"
$params .= !strstr($params, $this->component_name) ? ($params ? "&" : NULL) . $this->component_name : NULL;
$params .= $Itemid;
if (vmIsAdminMode() && strstr($text, 'func') !== false) {
$params .= ($params ? "&" : NULL) . 'vmtoken=' . vmSpoofValue($this->getSessionId());
}
if (!defined('_VM_IS_BACKEND')) {
// index3.php is not available in the frontend!
$base = str_replace("index3.php", "index2.php", $base);
$url = basename($base) . "?" . $params;
// make url absolute
if ($createAbsoluteURI && !substr($url, 0, 4) != "http") {
$url = (stristr($text, SECUREURL) ? SECUREURL : URL) . substr($url, $url[0] == '/' ? 1 : 0);
}
if (class_exists('JRoute') && !$ignoreSEF && $mainframe->getCfg('sef')) {
$url = JRoute::_($url);
} else {
if (function_exists('sefRelToAbs') && !$ignoreSEF && !defined('_JLEGACY')) {
$url = sefRelToAbs($url);
}
}
} else {
// backend
$url = ($_SERVER['SERVER_PORT'] == 443 ? SECUREURL : URL) . "administrator/" . basename($base) . "?" . $params;
}
$url = $encodeAmpersands ? vmAmpReplace($url) : str_replace('&', '&', $url);
return $url;
}
/**
* Handles adding or updating parameter values for a product an its product types
* @since VirtueMart 1.1.0
* @param array $d
*/
function handleParameters(&$d)
{
global $db;
$product_id = intval($d["product_id"]);
$q = "SELECT `product_type_id` FROM `#__{vm}_product_product_type_xref` WHERE ";
$q .= "`product_id`={$product_id}";
$db->query($q);
$dbpt = new ps_DB();
$dbp = new ps_DB();
// For every Product Type
while ($db->next_record()) {
$product_type_id = $db->f("product_type_id");
$q = "SELECT * FROM #__{vm}_product_type_parameter WHERE ";
$q .= "product_type_id='{$product_type_id}' ";
$q .= "ORDER BY parameter_list_order";
$dbpt->query($q);
$q = "SELECT COUNT(`product_id`) as num_rows FROM `#__{vm}_product_type_{$product_type_id}` WHERE ";
$q .= "product_id='{$product_id}'";
$dbp->query($q);
$dbp->next_record();
if ($dbp->f('num_rows') == 0) {
// Add record if not exist (Items)
$q = "INSERT INTO #__{vm}_product_type_{$product_type_id} (product_id) ";
$q .= "VALUES ('{$product_id}')";
$dbp->query($q);
}
// Update record
$q = "UPDATE #__{vm}_product_type_{$product_type_id} SET ";
$q .= "product_id='{$product_id}'";
while ($dbpt->next_record()) {
if ($dbpt->f("parameter_type") != "B") {
// if it is not breaker
$value = $d["product_type_" . $product_type_id . "_" . $dbpt->f("parameter_name")];
if ($dbpt->f("parameter_type") == "V" && is_array($value)) {
$value = join(';', $value);
}
if ($value == "") {
$value = 'NULL';
} else {
$value = "'" . $dbpt->getEscaped($value) . "'";
}
$q .= ',`' . $dbpt->f('parameter_name', false) . '`=' . $value;
}
}
$q .= ' WHERE product_id = ' . $d['product_id'];
$dbp->query($q);
}
}
function add_product()
{
global $VM_LANG, $vmLogger, $mosConfig_offset;
require_once CLASSPATH . 'ps_product_attribute.php';
require_once CLASSPATH . 'ps_product.php';
$ps_product_attribute = new ps_product_attribute();
$ps_product = new vm_ps_product();
$product_id = vmGet($_REQUEST, 'product_id');
$order_item_id = vmGet($_REQUEST, 'order_item_id');
$add_product_validate = vmGet($_REQUEST, 'add_product_validate');
$d = $_REQUEST;
// Check if quantity is a numeric value
if ($add_product_validate == 1) {
$quantity = trim(vmGet($_REQUEST, 'product_quantity'));
if (!is_numeric($quantity) || $quantity < 1) {
$vmLogger->err($VM_LANG->_('PHPSHOP_ORDER_EDIT_ERROR_QUANTITY_MUST_BE_HIGHER_THAN_0'));
$add_product_validate = 0;
}
}
if ($add_product_validate == 1) {
$result_attributes = $ps_product_attribute->cartGetAttributes($d);
$dbp = new ps_DB();
$q = "SELECT vendor_id, product_in_stock,product_sales,product_parent_id, product_sku, product_name FROM #__{vm}_product WHERE product_id='{$product_id}'";
$dbp->query($q);
$dbp->next_record();
$vendor_id = $dbp->f("vendor_id");
$product_sku = $dbp->f("product_sku");
$product_name = $dbp->f("product_name");
$product_parent_id = $dbp->f("product_parent_id");
// Read user_info_id from db
$prod_weight = $ps_product->get_weight($product_id);
$dbu = new ps_DB();
$q = "SELECT user_info_id FROM #__{vm}_orders WHERE order_id = '" . $this->order_id . "' ";
$dbu->query($q);
$dbu->next_record();
$user_info_id = $dbu->f("user_info_id");
// On r�cup�re le prix exact du produit
$my_taxrate = $ps_product->get_product_taxrate($product_id, $prod_weight, $user_info_id);
$product_price_arr = $this->get_adjusted_attribute_price($product_id, $quantity, $d["description"], $result_attributes);
//Inf Получение стоимости товара с дочернего сайта откуда заказ
$odb = new ps_DB();
$oq = "SELECT shop_id FROM #__{vm}_orders WHERE order_id = '" . $this->order_id . "'";
$odb->query($oq);
$shop_id = $odb->f("shop_id");
//Inf Информация о магазине
require_once CLASSPATH . 'ps_multishop.php';
$ps_multishop = new ps_multishop($this->order_id);
if ($shop_id > 1) {
$_product_price_arr = file_get_contents($ps_multishop->getShop_url() . "/api/productinfo.php?sku=" . $product_sku . "&order_id=" . $this->order_id);
if ($_product_price_arr != -1) {
$product_price_arr = unserialize($_product_price_arr);
}
}
$product_price_arr["product_price"] = $GLOBALS['CURRENCY']->convert($product_price_arr["product_price"], $product_price_arr["product_currency"]);
$product_price = $product_price_arr["product_price"];
$description = $d["description"];
$description = $this->getDescriptionWithTax($description, $product_id);
// Don´t show attribute prices in descripton
$product_final_price = round($product_price * ($my_taxrate + 1), 2);
$product_currency = $product_price_arr["product_currency"];
$db = new ps_DB();
if ($product_parent_id > 0) {
$q = "SELECT attribute_name, attribute_value, product_id ";
$q .= "FROM #__{vm}_product_attribute WHERE ";
$q .= "product_id='" . $product_id . "'";
$db->setQuery($q);
$db->query();
while ($db->next_record()) {
$description .= $db->f("attribute_name") . ": " . $db->f("attribute_value") . "; ";
}
}
$q = "SELECT * FROM #__{vm}_order_item ";
$q .= " WHERE order_id=" . $this->order_id;
$db->query($q);
$db->next_record();
$user_info_id = $db->f("user_info_id");
$order_status = $db->f("order_status");
$timestamp = time() + $mosConfig_offset * 60 * 60;
$q = "SELECT order_item_id, product_quantity ";
$q .= "FROM #__{vm}_order_item WHERE order_id = '" . $this->order_id . "' ";
$q .= "AND product_id = '" . $product_id . "' ";
$q .= "AND product_attribute = '" . addslashes($description) . "'";
$db->query($q);
if ($db->next_record()) {
$this->change_item_quantity($this->order_id, $db->f('order_item_id'), $quantity + (int) $db->f('product_quantity'));
} else {
$q = "INSERT INTO #__{vm}_order_item ";
$q .= "(order_id, user_info_id, vendor_id, product_id, order_item_sku, order_item_name, ";
$q .= "product_quantity, product_item_price, product_final_price, ";
$q .= "order_item_currency, order_status, product_attribute, cdate, mdate) ";
$q .= "VALUES ('";
$q .= $this->order_id . "', '";
$q .= $user_info_id . "', '";
$q .= $vendor_id . "', '";
$q .= $product_id . "', '";
$q .= $product_sku . "', '";
$q .= $db->getEscaped($product_name) . "', '";
$q .= $quantity . "', '";
$q .= $product_price . "', '";
$q .= $product_final_price . "', '";
$q .= $product_currency . "', '";
$q .= $order_status . "', '";
// added for advanced attribute storage
$q .= $db->getEscaped($description) . "', '";
// END advanced attribute modifications
$q .= $timestamp . "','";
$q .= $timestamp . "'";
$q .= ")";
$db->query($q);
$db->next_record();
// Update Stock Level and Product Sales
$q = "UPDATE #__{vm}_product ";
$q .= "SET product_in_stock = product_in_stock - " . $quantity . ",\n\t\t\t\t\t\t\t\tproduct_sales= product_sales + " . $quantity;
$q .= " WHERE product_id='" . $product_id . "'";
$db->query($q);
}
$this->recalc_order($this->order_id);
$this->reload_from_db = 1;
$vmLogger->info($VM_LANG->_('PHPSHOP_ORDER_EDIT_PRODUCT_ADDED'));
$this->orderlog->saveLog($this->order_id, 'Добавление позиции', $product_name, 0, $quantity);
}
}
/**
* Отправка письма грузополучателю
*
* @param type $order_id
* @return boolean
*/
function sendEmail($order_id, $status = null)
{
return;
global $sess, $VM_LANG, $vmLogger;
$url = SECUREURL . "index.php?option=com_virtuemart&page=account.order_details&order_id=" . $order_id . '&order_key=' . md5('AIR' . $order_id . 'SOFT' . $order_id . 'RETAIL') . '&Itemid=' . $sess->getShopItemid();
$db = new ps_DB();
$dbv = new ps_DB();
$q = "SELECT vendor_name,contact_email FROM #__{vm}_vendor ";
$q .= "WHERE vendor_id='" . $_SESSION['ps_vendor_id'] . "'";
$dbv->query($q);
$dbv->next_record();
$q = "SELECT first_name,last_name,user_email,order_status_name FROM #__{vm}_order_user_info,#__{vm}_orders,#__{vm}_order_status ";
$q .= "WHERE #__{vm}_orders.order_id = '" . $db->getEscaped($order_id) . "' ";
$q .= "AND #__{vm}_orders.user_id = #__{vm}_order_user_info.user_id ";
$q .= "AND #__{vm}_orders.order_id = #__{vm}_order_user_info.order_id ";
$q .= "AND order_status = order_status_code ";
$db->query($q);
$db->next_record();
$providerlist = $this->getProviderlist();
$tracking = $this->getTracking($order_id);
if ($tracking->provider) {
$provider = $this->getProvider($tracking->provider);
$provider->setData($tracking);
}
$siteTrackingUrl = $provider->getSiteUrlTracking();
$provider = $tracking->provider;
$tracknumber = $tracking->tracknumber;
$date = $tracking->date;
if (!$tracknumber) {
return false;
}
$statusText = '';
$statusText = 'Следующие заказы были доставлены:';
ob_start();
require CLASSPATH . 'sc_trackingpost/tmpl/email/user_email_tracking.php';
$message = ob_get_contents();
ob_end_clean();
$mail_Body = $message;
// $mail_Body = html_entity_decode($message);
$result = vmMail($dbv->f("contact_email"), $dbv->f("vendor_name"), $db->f("user_email"), $status, $mail_Body, '', true);
return $result;
}
/**
* Validate form values prior to delete
*
* @param int $order_id
* @return boolean
*/
function validate_delete($order_id)
{
global $VM_LANG;
$db = new ps_DB();
if (empty($order_id)) {
$GLOBALS['vmLogger']->err($VM_LANG->_('VM_ORDER_DELETE_ERR_ID'));
return False;
}
// Get the order items and update the stock level
// to the number before the order was placed
$q = "SELECT product_id, product_quantity FROM #__{vm}_order_item WHERE order_id='" . $db->getEscaped($order_id) . "'";
$db->query($q);
$dbu = new ps_DB();
// Now update each ordered product
while ($db->next_record()) {
$q = "UPDATE #__{vm}_product SET product_in_stock=product_in_stock+" . $db->f("product_quantity") . ",product_sales=product_sales-" . $db->f("product_quantity") . " WHERE product_id='" . $db->f("product_id") . "'";
$dbu->query($q);
}
return True;
}
