/** * @return relative URL path to Root URL with slash included if needed * It is calculated based on location of file relative to root_dir * If called not from a file within aMember root, root_surl will be * returned */ function smarty_function_root_url($params, &$smarty) { $rd = ROOT_DIR; $fn = normalizePath(dirname(array_shift(get_included_files()))); // filename of the script if (($c = strpos($fn, $rd)) === FALSE) { return amConfig('root_surl'); } $fn = substr($fn, $c + strlen($rd) + 1); if ($fn == '') { return ''; } $fnn = ''; foreach (explode('/', $fn) as $f) { $fnn .= '../'; } return $fnn; }
function load_states_from_file() { print "Loading states from file..."; ob_end_flush(); $d =& amDb(); $prefix = amConfig('db.mysql.prefix'); $sql = file_get_contents(ROOT_DIR . '/sql-states.sql'); $sql = str_replace('@DB_MYSQL_PREFIX@', $prefix, $sql); $d->query($sql); $c = $d->selectCell("SELECT COUNT(*) FROM ?_states"); print "[{$c}] imported OK<br />\n"; ob_end_flush(); }
<?php include_once "../../../config.inc.php"; include_once dirname(__FILE__) . "/TwocheckoutAPI.inc.php"; $this_config = amConfig('payment.twocheckout_r'); if (!$this_config['api_username']) { fatal_error("Feature is not enabled"); } $vars = get_input_vars(); $t =& new_smarty(); //Validate info that was submited settype($vars['payment_id'], 'integer'); if (!$vars['payment_id']) { fatal_error("Payment_id empty"); } $payment = $db->get_payment($vars['payment_id']); if ($payment['member_id'] != $vars['member_id']) { fatal_error(_PLUG_PAY_CC_CORE_FERROR4); } if ($payment['paysys_id'] != 'twocheckout_r') { fatal_error('Incorrect paysys_id'); } $member = $db->get_user($vars['member_id']); //Validate hash if (md5($member['pass'] . $vars['action'] . $member['member_id'] * 12) != $vars['v']) { fatal_error(_PLUG_PAY_CC_CORE_FERROR1); } $twocheckoutAPI = new TwocheckoutAPI($this_config['api_username'], $this_config['api_password']); //get info about invoice $params = array('sale_id' => $payment['receipt_id']); $resp = $twocheckoutAPI->detail_sale($params);
function show_config_edit_field(&$field, &$vars) { $fname = $field['name']; $val = $vars[$fname]; if ($func = $field['get_func']) { $field['edit'] = $func($field, $vars); $field['special_edit']++; return; } switch ($ftype = $field['type']) { case 'text': case 'integer': if ($ftype == 'integer') { $size = 5; } else { $size = 30; if ($field['params']['size']) { $size = $field['params']['size']; } } if (!strlen($val)) { $val = $field['params']['default']; } $val = htmlspecialchars($val, ENT_QUOTES, 'UTF-8'); $field['edit'] = "\n <input type=text name=\"{$fname}\" \n value=\"{$val}\" size={$size} maxlength=255>\n "; break; case 'dbprefix': $r = split('\\.', $field['name']); $field['edit'] = ""; if (!strlen($val)) { $val = $field['params']['default']; } $val = htmlspecialchars($val, ENT_QUOTES); $hideDbText = ''; if ($r[0] == 'protect' && $r[1] && class_exists($class = 'protect_' . $r[1])) { $obj =& new $class(amConfig('protect.' . $r[1])); $options = ""; foreach ($dbs = $obj->guess_db_settings() as $s) { $sel = $val == $s ? 'selected' : ''; if ($val == $s) { $hideDbText = true; } $options .= "<option {$sel}>" . htmlentities($s) . "</option>\n"; } $user = amConfig('db.mysql.user'); $field['edit'] = <<<CUT <b>Auto-detected values for the field:</b><br /> <small>if there are no choices, it means that your third-party<br /> script database is unaccessible with aMember MySQL settings. You<br /> can fix it by going to Webhosting Control Panel -> MySQL Databases<br /> and allowing access to your third-party script table for aMember's <br /> Mysql user (<b>{$user}</b>), or your can specify MySQL database user,<br /> hostname and password on this page specially for use with <br /> the integration plugin and press <b>Save</b> button to see new choices.<br /> </small> <select id='s_db' name="{$fname}" onchange="this.selectedIndex ? \$('#f_db').hide().attr('disabled', 1) : \$('#f_db').show().attr('disabled', 0)"> <option value=''>** Use Text Field **</option> {$options} </select> <br /><br /> CUT; } if ($hideDbText) { $hideDbText = 'style="display: none;" disabled="disabled"'; } $field['edit'] .= "\n <input type=text name=\"{$fname}\" id='f_db' {$hideDbText}\n value=\"{$val}\" size={$size} maxlength=255>\n "; break; case 'color': if ($ftype == 'integer') { $size = 5; } if (!strlen($val)) { $val = $field['params']['default']; } $val = htmlspecialchars($val, ENT_QUOTES); $field['edit'] = "\n <input type=text name=\"{$fname}\" style='behavior: url(ColorPick.htc)'\n value=\"{$val}\" size={$size} maxlength=255\n onchange=\"document.getElementById('{$fname}'+'span').style.background=this.value\"\n onkeyup=\"document.getElementById('{$fname}'+'span').style.background=this.value\"\n >\n \n <span id='{$fname}span' style='font-size: 16pt; background-color: {$val}'> </span>\n "; break; case 'textarea': $cols = 40; $rows = 4; if ($field['params']['rows']) { $rows = $field['params']['rows']; } if ($field['params']['cols']) { $cols = $field['params']['cols']; } if (!strlen($val)) { $val = $field['params']['default']; } $val = htmlspecialchars($val, ENT_QUOTES); $field['edit'] = "\n <textarea name=\"{$fname}\" cols={$cols} rows={$rows}>{$val}</textarea>\n "; break; case 'password': case 'password_c': $size = 10; $field['edit'] = "\n <input type=password name=\"{$fname}\" \n size={$size} maxlength=255>\n <input type=password name=\"{$fname}_confirm\" \n size={$size} maxlength=255>\n <br /><small>enter password and confirmation><br />\n keep empty if you don't want change it</small>\n "; break; case 'select': case 'multi_select': if ($ftype == 'multi_select') { $multi = 1; } if (!isset($vars[$fname])) { $val = $field['params']['default']; } $options = ""; foreach ($field['params']['options'] as $k => $v) { $k = htmlspecialchars($k, ENT_QUOTES); $v = htmlspecialchars($v, ENT_QUOTES); $sel = $multi ? in_array($k, (array) $val) : $val == $k ? 'selected' : ''; $options .= "<option value=\"{$k}\" {$sel}>{$v}"; } $multiple = $multi ? 'multiple' : ''; $fname = $multi ? $fname . "[]" : $fname; $size = $multi ? min(10, count($field['params']['options'])) : 1; $field['edit'] = "<select name=\"{$fname}\" size={$size} {$multiple}>\n {$options}\n </select>\n "; break; case 'checkbox': if (!isset($vars[$fname])) { $val = $field['params']['default']; } $checked = $val ? 'checked' : ''; $field['edit'] = "<input type='hidden' name='{$fname}' value='' />\n <input style='border-width: 0px;' type='checkbox' name='{$fname}' value='1' {$checked} />\n "; break; case 'multi_checkbox': if (!isset($vars[$fname])) { $val = $field['params']['default']; } $size = $field['params']['size']; if (!$size) { $size = '5em'; } $field['edit'] = "<div class='checkbox_list' style='height: {$size};'>\n <table class='checkbox_list'>\n \n"; $i = -1; foreach ($field['params']['options'] as $k => $v) { $i++; $k = htmlspecialchars($k, ENT_QUOTES); $v = htmlspecialchars($v, ENT_QUOTES); $sel = in_array($k, (array) $val) ? 'checked' : ''; $class = $sel ? 'sel' : ''; $field['edit'] .= "\n <tr><td class='{$class}' nowrap='nowrap' id='td_{$fname}_{$i}'><label for='{$fname}_{$i}'>\n <input type='checkbox' id='{$fname}_{$i}' name='{$fname}[]' value='{$k}' {$sel}\n onclick='document.getElementById(\"td_{$fname}_{$i}\").className = this.checked ? \"sel\" : \"\";'>\n {$v}</label></td></tr>\n "; } $field['edit'] .= "</table></div>"; break; } }
function get_warnings() { global $db, $config, $member_additional_fields, $plugins, $plugin_error; $warn = array(); if ($config['db_version'] < $config['require_db_version'] && $config['require_db_version']) { $warn[] = "Please upgrade your SQL database, upload latest file amember/amember.sql \n then run <a href='{$config['root_url']}/admin/upgrade_db.php' target=_blank>upgrade script</a><br />\n Your database has version [{$config['db_version']}], your aMember requires [{$config['require_db_version']}]"; } if (defined("INCREMENTAL_CONTENT_PLUGIN") && !function_exists('get_incremental_plugin_files')) { $warn[] = 'You have outdated version of Incremental Content plugin installed. Please download latest plugin version from your account <a href="http://www.amember.com/amember/member.php">account</a> and reupload all files from the plugin package into your /amember/plugins/protect/incremental_content/ folder (replace existing files). If you need help with this contact us in <a href="http://www.amember.com/support/">helpdesk</a>.'; } ///check for configuration problems foreach ($member_additional_fields as $f) { if ($f['name'] == 'cc') { $has_cc_fields++; } } if ((function_exists('cc_core_init') || $has_cc_fields) && !$config['use_cron']) { $warn[] = "Enable and configure external cron (<a href=\"setup.php?notebook=Advanced\" target=_blank>aMember CP -> Setup -> Advanced</a>) if you are using credit card payment plugins"; if (!amConfig('agreed_cc_warning') && $_GET['agreed_cc_warning'] == '') { $t =& new_smarty(); $t->display('admin/cc_warning.html'); exit; } } $q = $db->query("SELECT UNIX_TIMESTAMP(MAX(time)) FROM {$db->config[prefix]}cron_run"); list($t) = mysql_fetch_row($q); $diff = time() - $t; $tt = $t ? strftime('at ' . $config['time_format'], $t) : "NEVER (oops! no records that it has been running at all!)"; if ($diff > 24 * 3600) { $warn[] = "Cron job has been running last time {$tt}, it is more than 24 hours before.<br />\n Most possible external cron job has been set incorrectly. It may cause very serious problems with the script"; } //// if (!count($db->get_products_list())) { $warn[] = "You have not added any products, your signup forms will not work until you <a href='products.php'>add at least one product</a>"; } // if ($has_cc_fields || function_exists('cc_core_init')) { if (!extension_loaded("curl") && !$config['curl']) { $warn[] = "You must <a href='setup.php'>enter cURL path into settings</a>, because your host doesn't have built-in cURL functions."; } } // check for license expiration if (!function_exists('is_trial') || !is_trial()) { global $_amember_license; $tm1 = strtotime($_amember_license['expire']); $tm2 = time(); $df = round(($tm1 - $tm2) / (3600 * 24)); if ($df >= 0 && $df <= 25) { define('AMEMBER_LICENSE_EXPIRES_SOON', $df); $t = strftime($config['date_format'], $tm1); $warn[] = "Your aMember license key will expire within {$df} days ({$t}).\n Please login into <a href='https://www.amember.com/amember/member.php' target=_blank>members area</a>,\n get your lifetime license (it is FREE) and paste it to \n \"aMember CP -> Setup -> License\""; } } //check protect plugins setup foreach ($plugins['protect'] as $plugin_name) { $func = "check_setup_" . $plugin_name; if (function_exists($func)) { $res = $func(); if ($res) { $warn[] = $res; } } //check if $plugin_error[$plugin_name] not same as result of "check_setup_" . $plugin_name if (trim($plugin_error[$plugin_name]) && trim($res) != trim($plugin_error[$plugin_name])) { $warn[] = ucfirst($plugin_name) . " plugin error: " . $plugin_error[$plugin_name]; } } return $warn; }
function guess_db_settings() { if (!$this->guess_table_pattern || !$this->guess_fields_pattern) { return array(); } if ($this->config['user'] == '' || $this->config['host'] == '' || isset($this->config['other_db']) && !$this->config['other_db']) { $config = amConfig('db.mysql'); } else { $config = $this->config; /// lets get name of first available database just for DbSimple /// because it does not work without database name $c = @mysql_connect($config['host'], $config['user'], $config['pass']); if (!$c) { return false; } $q = mysql_query("SHOW DATABASES", $c); list($db) = mysql_fetch_row($q); if ($db == '') { return false; } $config['db'] = $db; } $c = connectMysql($config); if ($c->error) { return false; } $c->setErrorHandler(null); $res = array(); foreach ($dbs = $c->selectCol("SHOW DATABASES") as $dbname) { $tables = $c->selectCol("SHOW TABLES FROM {$dbname} LIKE '%{$this->guess_table_pattern}'"); if (is_array($tables)) { foreach ($tables as $t) { // check fields here $info = $c->select("SHOW COLUMNS FROM {$dbname}.{$t}"); $infostr = ""; if (is_array($info)) { foreach ($info as $k => $v) { $infostr .= join(';', $v) . "\n"; } } $wrong = 0; foreach ($this->guess_fields_pattern as $pat) { if (!preg_match('|^' . $pat . '|m', $infostr)) { $wrong++; } } if ($wrong) { continue; } $res[] = $dbname . '.' . substr($t, 0, -strlen($this->guess_table_pattern)); } } } return $res; }
function insert_google_analytics(&$source, $resource_name, $smarty) { global $db; static $_ga_tracked, $_ga_tracked_sale; $ga = htmlentities(amConfig('google_analytics')); if (!$_ga_tracked) { $out = <<<CUT <!-- google analytics code start (insert_google_analytics()) --> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> var pageTracker = _gat._getTracker("{$ga}"); pageTracker._trackPageview(); CUT; } else { $out = <<<CUT <!-- google analytics sale start (insert_google_analytics()) --> <script type="text/javascript"> CUT; } if ($resource_name == 'thanks.html' && ($p = $smarty->get_template_vars('payment')) && $p['amount'] && $p['completed']) { $_ga_tracked++; if ($_ga_tracked_sale++) { return; } if (!$p['data']['0']['BASKET_PRICES']) { $p['data']['0']['BASKET_PRICES'] = array($p['product_id'] => $p['amount']); } foreach ($p['data']['0']['BASKET_PRICES'] as $pid => $price) { $pr = $db->get_product($pid); $pr['subtotal'] = $pr['trial1_price'] ? $pr['trial1_price'] : $pr['price']; $subtotal += $pr['subtotal']; $receipt_products[$pid] = $pr; } $user = $db->get_user($p['member_id']); $total = array_sum($p['data']['0']['BASKET_PRICES']); $city = escape_for_js($user['city']); $state = escape_for_js($user['state']); $country = escape_for_js($user['country']); $payment_id = $p['payment_id']; $tax_amount = $p['tax_amount']; $out .= <<<CUT pageTracker._addTrans( "{$payment_id}", "", "{$total}","{$tax_amount}", "", "{$city}", "{$state}", "{$country}" ); CUT; foreach ($receipt_products as $pr) { $product_id = $pr['product_id']; $subtotal = $pr['subtotal']; $title = escape_for_js($pr['title']); $out .= <<<CUT pageTracker._addItem("{$payment_id}","{$product_id}","{$title}","","{$subtotal}","1"); CUT; } $out .= <<<CUT pageTracker._trackTrans(); CUT; } else { // this is not a sale if ($_ga_tracked++) { return; } } $out .= <<<CUT </script> <!-- google analytics code end --> CUT; $source = preg_replace('|</body>|i', $out . "\n</body>", $source, 1, $count); if (!$count) { $source .= $out; } }