public function testBoolean() { isTrue(true); isFalse(false); isNull(null); isNotNull(false); isNotNull(''); isNotNull(0); isNotNull(0.0); }
if (!isNotNull($txtEmail)) { $message .= "* Email cannot be empty! <br>"; } else { if (!isValidEmail($txtEmail)) { $message .= "* Invalid email! <br>"; } } /*---------Selecting the custom fields data if exists---------------*/ $select_custom_update = "SELECT cv.nvalue_id,cf.vrequired_custom_field,vcustom_field_name\n\t\t\t\t\t\t\t FROM " . $tableprefix . "custom_fields cf," . $tableprefix . "custom_fields_value cv\n\t\t\t\t\t\t\t WHERE cf.ncustom_id = cv.ncustom_field_id\n\t\t\t\t\t\t\t\t AND cf.vcustom_field_form_id = 1\n\t\t\t\t\t\t\t\t AND cv.ncustom_table_id = " . addslashes($userid) . "\n\t\t\t\t\t\t\t\t ORDER BY cf.vcustom_sort_order"; //echo $select_custom_data; $result_custom_update = mysql_query($select_custom_update) or die(mysql_error()); if (mysql_num_rows($result_custom_update) > 0) { while ($custom_update_row = mysql_fetch_array($result_custom_update)) { $custom_name = "txtCustom_" . $custom_update_row['nvalue_id']; if ($custom_update_row['vrequired_custom_field'] == 'Y') { if (!isNotNull($_POST[$custom_name])) { $message .= "* " . ucfirst($custom_update_row['vcustom_field_name']) . " cannot be empty ! <br>"; } } } } $qry2 = "select email from " . $tableprefix . "users where email='" . addslashes($txtEmail) . "' AND user_id <> '" . addslashes($userid) . "' "; if (mysql_num_rows(mysql_query($qry2)) > 0) { $message .= "* The email address '" . htmlentities($txtEmail) . "' is already in use!. <br>"; } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert user details $sql = "UPDATE " . $tableprefix . "users SET\n\t\t\tfirst_name = '" . addslashes($txtFirstName) . "',\n\t\t\tlast_name = '" . addslashes($txtLastName) . "',\n\t\t\taddress1 = '" . addslashes($txtAddress1) . "',\n\t\t\taddress2 = '" . addslashes($txtAddress2) . "',\n\t\t\tcity = '" . addslashes($txtCity) . "',\n\t\t\tstate = '" . addslashes($txtState) . "',\n\t\t\tcountry = '" . addslashes($ddlCountry) . "',\n\t\t\tphone = '" . addslashes($txtPhone) . "',\n\t\t\tfax = '" . addslashes($txtFAX) . "',\n\t\t\tzip = '" . addslashes($txtZIP) . "',\n\t\t\tnewsLetter = '" . addslashes($check_news) . "',\n\t\t\temail = '" . addslashes($txtEmail) . "'\n\t\t\tWHERE user_id = '" . addslashes($userid) . "'\n\t\t\t";
<?php if ($_POST["postback"] == "Save Changes") { $error = false; $errormessage = ""; if (isNotNull($_POST["ddlCSS"])) { $newid = $_POST["ddlCSS"]; $ddlCSS = $_POST["ddlCSS"]; $selectedid = $ddlCSS; } else { //user name null $error = true; $errormessage .= MESSAGE_STYLE_REQUIRED . "<br>"; } if ($error) { $errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage; } else { //no error so validate $sql1 = " UPDATE sptbl_users "; $sql1 .= " SET nCSSId = '" . mysql_real_escape_string($newid) . "' WHERE nUserId = '" . $_SESSION["sess_userid"] . "' "; $result1 = executeQuery($sql1, $conn); $message = true; //update css $sql = "Select vCSSURL from sptbl_css where nCSSId='" . mysql_real_escape_string($newid) . "'"; $result = executeSelect($sql, $conn); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); $_SESSION["sess_cssurl"] = $row["vCSSURL"]; //$_SESSION["sess_cssurl"] = "./styles/AquaBlue/style.css"; } //update css
<td valign=top align="left"> <textarea name="txtArtistDescription" class="textbox" rows="8" cols="80" ><?php echo htmlentities(stripslashes($txtArtistDescription)); ?> </textarea> </td> </tr> <tr><td colspan="3"> </td></tr> <!--<tr><td align="left" valign=top ><?php echo TEXT_VENDOR; ?> Photo <span class="required">*</span></td><td > </td> <td valign=top align="left" class="blackbartextCopy"><input type="file" name="artistphoto" id="artistphoto" size="40" class="textbox" > Best Size 100X100 <div align="left"> <?php if (isNotNull($txtArtistPhoto)) { ?> Existing: <img src="<?php echo SITE_URL; ?> /portfolios/<?php echo $txtArtistPhoto; ?> " height="100" width="100"> <br> <input type="checkbox" class="checkbox" name="chkDeleteArtistPhoto"> Delete Existing <br> <?php } ?>
$styleplus = $_POST["styleplus"]; } $userId = $_SESSION['sess_userid'] ? $_SESSION['sess_userid'] : 0; if ($_POST["ddlCategory"] != "") { $ddlCategory = $_POST["ddlCategory"]; } else { $ddlCategory = $_GET["ddlCategory"]; } if ($_POST["ddlDepartment"] != "") { $ddlDepartment = $_POST["ddlDepartment"]; } else { $ddlDepartment = $_GET["ddlDepartment"]; } $error = false; $errormessage = ""; if (isNotNull($_GET["id"])) { $kbid = $_GET["id"]; settype($kbid, integer); $sql = " SELECT nKBID, vKBTitle, tKBDesc "; $sql .= " FROM sptbl_kb "; $sql .= " WHERE nKBID = '{$kbid}' "; $rs = executeSelect($sql, $conn); if (mysql_num_rows($rs) > 0) { $row = mysql_fetch_array($rs); $title = $row["vKBTitle"]; $description = $row["tKBDesc"]; } else { $error = true; $errormessage = ""; } } else {
} else { header("Location:login.php"); exit; } if (isset($_REQUEST['stat']) && $_REQUEST['stat'] == 'Y') { $message = "Your products and images saved successfully!."; } $maximagesizestringinPHP = ini_get("upload_max_filesize"); $maximagesizeinPHP = $maximagesizestringinPHP * (1024 * 1024); $sql_artists = "select artist_id,artist_name from " . $tableprefix . "artists where vapproved='Y' "; $rs_id = mysql_query($sql_artists) or die(mysql_error()); $numrows = mysql_num_rows($rs_id); if (isset($_POST['btnSave']) && $_POST['btnSave'] != '') { // check button for save $message = ""; if (!isNotNull($_FILES['txtUploadZip']['name'])) { $message .= "* Upload a CSV file ! <br>"; } $sellerid = $_POST['seller']; $uploadfile = ReplaceArrayImage($_FILES['txtUploadZip']['name']); $types = array('csv'); preg_match('/\\.([a-zA-Z]+?)$/', $uploadfile, $matches); if (!in_array(strtolower($matches[1]), $types)) { // check file format is valid or not $message .= "* Invalid file format for CSV file ! <br>"; } // end format check if (!empty($_FILES['txtUploadZip']['name'])) { // moving files to folder $filename = time() . strrchr(strtolower($_FILES['txtUploadZip']['name']), '.'); $tempFile = $_FILES['txtUploadZip']['tmp_name'];
$error = true; $errormessage .= MESSAGE_COMPANY_REQUIRED . "<br>"; } if (!isNotNull($var_departmentid)) { $error = true; $errormessage .= MESSAGE_DEPARTMENT_REQUIRED . "<br>"; } if (!isNotNull($var_catid)) { $error = true; $errormessage .= MESSAGE_CATEGORY_REQUIRED . "<br>"; } if (!isNotNull($var_kbtitle)) { $error = true; $errormessage .= MESSAGE_TITLE_REQUIRED . "<br>"; } if (!isNotNull($var_kbdesc)) { $error = true; $errormessage .= MESSAGE_DESCRIPTION_REQUIRED . "<br>"; } if (!$error) { $sql = "UPDATE sptbl_kb SET nCatId= '" . mysql_real_escape_string($var_catid) . "', nStaffId = '" . mysql_real_escape_string($_SESSION["sess_staffid"]) . "', vKBTitle='" . mysql_real_escape_string($var_kbtitle) . "', "; $sql .= " tKBDesc = '" . mysql_real_escape_string($var_kbdesc) . "', vStatus = '{$var_status}', vMetaTage_keyword = '" . mysql_real_escape_string($var_kbmetatagkeyword) . "' , vMetaTage_desc = '" . mysql_real_escape_string($var_kbmetatagdescription) . "'"; $sql .= "WHERE nKBID = '" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); //updateRoute($var_catid); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Knowledgebase','" . mysql_real_escape_string($var_id) . "',now())"; executeQuery($sql, $conn); } $message = true;
function loadCSS($userid) { global $conn; if (isNotNull($userid)) { $sql = " SELECT c.vCSSURL FROM sptbl_css c INNER JOIN sptbl_users u ON u.nCSSId = c.nCSSId "; $sql .= " WHERE u.nUserId='" . mysql_real_escape_string($userid) . "'"; $result = executeSelect($sql, $conn); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); $cssurl = $row["vCSSURL"]; } else { $cssurl = "styles/helpdesk.css"; } } else { $cssurl = "styles/helpdesk.css"; } return "<link href=\"{$cssurl}\" rel=\"stylesheet\" type=\"text/css\">"; }
} else { if (!isValidEmail($txtEmail)) { $message .= "* Invalid email! <br>"; } } $qry2 = "select email from " . $tableprefix . "users where email='" . addslashes($txtEmail) . "'"; if (mysql_num_rows(mysql_query($qry2)) > 0) { $message .= "* The email address '{$txtEmail}' is already in use!. <br>"; } /*custom fields null checking starts*/ $select_custom_qry = "SELECT * FROM " . $tableprefix . "custom_fields WHERE vcustom_display_field = 'Y'\n\t\t\t\t\t\t \t AND vcustom_delete_status !='Y' ORDER BY vcustom_sort_order"; $result_custom_qry = mysql_query($select_custom_qry) or die(mysql_error()); while ($custom_qry_row = mysql_fetch_array($result_custom_qry)) { $field_name = 'custom_field_' . $custom_qry_row['ncustom_id']; if ($custom_qry_row['vrequired_custom_field'] == 'Y') { if (!isNotNull($_POST[$field_name])) { $message .= "* " . ucfirst($custom_qry_row['vcustom_field_name']) . " cannot be empty ! <br>"; } } /*$insert_custom_fields = "INSERT INTO ".$tableprefix."custom_fields_value(ncustom_field_id,ncustom_table_id,vfield_name_value) VALUES(".$custom_qry_row['ncustom_id']."," .$userid."," .GetSQLValueString($_POST[$field_name],"text").")"; mysql_query($insert_custom_fields) or die(mysql_error());*/ } /*custom fields null checking ends*/ if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else {
} else { $content = "Message :" . stripslashes($txtMessage) . "<br><br>"; } $content_db = stripslashes($txtMessage); if (!isNotNull($contact_name)) { $message .= "* Contact name cannot be empty! <br>"; } if (!isNotNull($email_address)) { $message .= "* Email address cannot be empty! <br>"; } elseif (!isValidEmail($email_address)) { $message .= "* Email address cannot be invalid! <br>"; } if (!isNotNull($subject)) { $message .= "* Subject cannot be empty! <br>"; } if (!isNotNull($txtMessage)) { $message .= "* Message cannot be empty! <br>"; } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert user details //echo "SELECT * FROM artists WHERE artist_id = '".$artistid."'"; ////// sent message to seller.... $sql = "SELECT * FROM " . $tableprefix . "artists WHERE artist_id = '" . $sellerid . "'"; $rs = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($rs) > 0) { $sell = mysql_fetch_array($rs); $sell_email = $sell['email']; $sellerName = stripslashes($sell['first_name']) . ' ' . stripslashes($sell['last_name']);
function makeChildList($currid, $count) { static $childlist = ""; if (!isNotNull($deptid)) { $deptid = 0; } if (!isset($current_parentcat_id)) { $current_parentcat_id = 0; } $count = $count + 1; $sql = "select nDeptId as id,vDeptDesc as name from sptbl_depts where nDeptParent={$currid} "; $get_options = mysql_query($sql); $num_options = mysql_num_rows($get_options); if ($num_options > 0) { while (list($child_id, $child_name) = mysql_fetch_row($get_options)) { $childlist .= "" . $child_id . ","; makeChildList($child_id, $count); } } return $childlist; }
} } if (isset($_SESSION["sess_userid"]) && $_SESSION["sess_userid"] != "") { $userid = $_SESSION["sess_userid"]; } else { header("Location:login.php?action=postartistfeedback&artistid={$artistid}&productid={$productid}"); exit; } if ($artistid == '') { header("Location:categorydetail.php"); exit; } if ($_POST["btnPostFeedback"] == "Post Feedback") { $txtFeedback = $_POST["txtFeedback"]; $ddlRating = $_POST["ddlRating"]; if (!isNotNull($txtFeedback)) { $message .= "* Feedback cannot be empty! <br>"; } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert user details $sql = "INSERT INTO " . $tableprefix . "artist_feedbacks (\n\t\t\t\tfeedback_content,\n\t\t\t\trating,\n\t\t\t\tuser_id,\n\t\t\t\tartist_id,\n\t\t\t\tdate_added,\n\t\t\t\tpublished\n\n\t\t\t\t) VALUES (\n\t\t\t\t'" . addslashes($txtFeedback) . "',\n\t\t\t\t'" . addslashes($ddlRating) . "',\n\t\t\t\t'" . addslashes($userid) . "',\n\t\t\t\t'" . addslashes($artistid) . "',\n\t\t\t\tnow(),\n\t\t\t\t'N')\n\t\t\t\t"; //echo $sql; $message = "Thank you for posting your valuable feedback about <b>" . getArtistName($artistid) . "</b>"; $message .= "<br>Your feedback is pending for review and approval by the administrator"; mysql_query($sql); $txtFeedback = ""; $ddlRating = ""; }
if (isset($_GET["smid"]) and $_GET["smid"] != "") { $smid = $_GET["smid"]; } else { if (isset($_POST["smid"]) and $_POST["smid"] != "") { $smid = $_POST["smid"]; } } $txtSMName = $_POST["txtSMName"]; $chkPublished = $_POST["chkPublished"]; if ($chkPublished == "on") { $chkPublished = "Y"; } else { $chkPublished = "N"; } if ($_POST["btnSaveChanges"] == "Save Changes") { if (!isNotNull($txtSMName)) { $message = "* Shipping Method Name cannot be empty!<br>"; } else { $logofilename = $_FILES['txtSMLogo']['name']; $logofiletype = $_FILES['txtSMLogo']['type']; $logotempname = $_FILES['txtSMLogo']['tmp_name']; if ($_FILES['txtSMLogo']['name'] != "") { if (!isValidWebImageType($logofiletype, $logofilename, $logotempname)) { $message .= " * Invalid Shipping Logo file ! Upload an image (jpg/gif/bmp/png)" . "<br>"; $error = true; } else { $logoimagedest = "../products/" . "sm_" . time() . $logofilename; if (move_uploaded_file($_FILES['txtSMLogo']['tmp_name'], $logoimagedest)) { chmod($logoimagedest, 0777); } else { $logoimagedest = "";
?> </div></td> </tr> <tr><td colspan="3"> </td></tr> <tr> <td width="13%" align="left"> </td> <td width="26%" align="left" class="toplinks" valign="top"><?php echo TEXT_TO; ?> <font style="color:#FF0000; font-size:9px">*</font> </td> <td width="61%" align="left"> <?php $staffcompanies = getStaffCompanies($_SESSION["sess_staffid"]); $ddl = ""; if (isNotNull($staffcompanies)) { echo "<select name=\"ddlEmails[]\" id=\"ddlEmail\" class=\"comm_input input_width1a\" style=\"width:300px; height:60px!important;\" MULTIPLE size=\"10\">"; $var_listnew = makeEmailList($staffcompanies); if (count($var_listnew) > 0) { foreach ($var_listnew as $key => $value) { $ddl .= "<option value=\"{$key}\""; if ($ddlEmails == "{$key}") { $ddl .= " selected=\"selected\""; } $ddl .= ">" . $value . "</option>\n"; } echo $ddl; } echo "</select>"; //echo makeDropDownList("ddlEmails[]",makeEmailList($staffcompanies),$ddlEmails,false, "textbox", "\" MULTIPLE size=10 style=\"width:300px;\" id=\"ddlEmail","" ); } else {
} } } if ($picbigtype != "") { if (!isValidWebImageType($picbigtype, $picbigfilename, $picbigtempname)) { $message .= " * Invalid product picture (big)! Upload an image (jpg/gif/png)" . "<br>"; $error = true; } else { if (file_exists($picbigdest)) { $message .= " * Product picture (big) with the same name exists! Please rename the product picture (big) and upload! " . "<br>"; $error = true; } } } /*----Digital Product Block Starts-------*/ if (isNotNull($_FILES['txtProductZip']['name'])) { $uploadfile = ReplaceArrayImage($_FILES['txtProductZip']['name']); $types = array('zip', 'pdf', 'rar', 'psd', 'opf', 'azw', 'lit', 'pdb', 'pkg', 'mp3', 'mpeg', 'mp4', 'avi'); preg_match('/\\.([a-zA-Z]+?)$/', $uploadfile, $matches); if (!in_array(strtolower($matches[1]), $types)) { // check file format is valid or not $message .= "* Invalid file format for Digital Product! <br>"; } // end format check } /*----Digital Product Block Ends-------*/ if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert user details
} if ($_POST['ship_state'] == '' && $_POST['bill_state'] == '') { $message .= "* Shipping State cannot be empty!<br>"; } if ($_POST['ship_state'] == '') { if ($_POST['bill_state'] != '') { $txtShippingState = $_POST['bill_state']; } } if (!isNotNull($ddlShippingCountry)) { $message .= "* Shipping Country cannot be empty!<br>"; } if (!isNotNull($txtShippingZIP)) { $message .= "* Shipping ZIP cannot be empty!<br>"; } if (!isNotNull($txtShippingEmail)) { $message .= "* Shipping Email cannot be empty!<br>"; } else { if (!isValidEmail($txtShippingEmail)) { $message .= "* Invalid Shipping Email!<br>"; } } } } $quantitiesadjusted = adjustQuantities($userid); if ($quantitiesadjusted) { $message .= "<br>Some items were low on stock/just sold out! Such Item(s) deleted/Quantities adjusted from your cart!"; } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message;
function makeEmailList($complist) { static $options; global $conn; if (isNotNull($complist)) { $sql = "SELECT nUserId, vEmail"; $sql .= " FROM sptbl_users "; $sql .= " WHERE nCompId IN (" . $complist . ") "; //echo $sql; $resoptions = mysql_query($sql); $numoptions = mysql_num_rows($resoptions); if ($numoptions > 0) { while (list($uid, $uemail) = mysql_fetch_row($resoptions)) { $options[$uid] = htmlentities($uemail); } } } else { $options = ""; } return $options; }
exit; } if (isset($_GET["artistid"]) and $_GET["artistid"] != "") { $artistid = $_GET["artistid"]; } else { if (isset($_POST["artistid"]) and $_POST["artistid"] != "") { $artistid = $_POST["artistid"]; } } if (isset($_POST["portfolioid"]) and $_POST["portfolioid"] != "") { $portfolioid = $_POST["portfolioid"]; } $txtArtistDescription = trim($_POST["txtArtistDescription"]); if ($_POST["btnSaveChanges"] == "Save Changes") { $message = ""; if (!isNotNull($txtArtistDescription)) { $message .= "* Vendor policies is required! <br>"; } if ($message == "") { if (isset($portfolioid) and $portfolioid != "") { $sql = "UPDATE " . $tableprefix . "artist_portfolios SET \n\t\t\t\tartist_policies = '" . addslashes($txtArtistDescription) . "'\n\t\t\t\t"; $sql .= " WHERE artist_portfolio_id= '" . addslashes($portfolioid) . "' AND artist_id = '" . addslashes($artistid) . "' "; mysql_query($sql); $message = "Vendor policies was updated successfully!"; } else { $sql = "INSERT INTO " . $tableprefix . "artist_portfolios\n\t\t\t\t\t(\n\t\t\t\t\tartist_id,\n\t\t\t\t\tartist_policies\n\t\t\t\t\t)VALUES(\n\t\t\t\t\t'" . addslashes($artistid) . "',\n\t\t\t\t\t'" . addslashes($txtArtistDescription) . "'\n\t\t\t\t\t)"; mysql_query($sql); $portfolioid = mysql_insert_id(); $message = "Vendor policies was created successfully!"; } //mysql_query($sql);
} else { header("Location:login.php"); exit; } $txtSubject = trim(stripslashes($_POST["txtSubject"])); $txtMailContent = trim(stripslashes($_POST["txtMailContent"])); $ddlArtist = $_POST["ddlArtist"]; if ($_POST["btnSendMail"] == "Send Mail") { $message = ""; if (!isNotNull($txtSubject)) { $message .= "* Subject cannot be empty!<br>"; } if (!isNotNull($txtMailContent)) { $message .= "* Mail Content cannot be empty!<br>"; } if (!isNotNull($ddlArtist)) { $message .= "* Please select the Users to send the mail!<br>"; } if ($message == "") { $sellerlist = $_POST['ddlArtist']; foreach ($_POST['ddlArtist'] as $sellerlist) { $artistlist[] = $sellerlist; //$sellerlist[]= $ddlArtist[$count_start] . ","; } $artistlist = join(",", $artistlist); $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; $headers .= "From: " . SITE_EMAIL . "<" . SITE_EMAIL . ">" . "\r\n"; $headers .= 'Bcc: '; /*---------Multicart 2.0 Upgradation-----------*/ /*$sqlemails_to = "SELECT email,first_name,last_name
?> '>Payment Status</a></th> </tr> <?php if (isset($_GET["sort"])) { $sql = " SELECT sp.*,s.artist_name FROM " . $tableprefix . "artist_payments sp\n\t\tINNER JOIN " . $tableprefix . "artists s ON sp.artist_id = s.artist_id\n INNER JOIN " . $tableprefix . "orders o ON o.order_id = sp.order_id" . $qryopt . "\n\t\tWHERE sp.artist_id = '" . addslashes($artistid) . "' AND o.vpayment_status='C'" . $qrybtw . "order by " . $_GET["sortcol"] . " " . $_GET["sort"]; $sql = $sql . $query_string; $rs = mysql_query($sql) or die(mysql_error()); } if (mysql_num_rows($result) > 0) { $i = 1; $total = 0; while ($row = mysql_fetch_array($rs)) { $link = "<a href='viewpayment.php?paymentid=" . $row["artist_payment_id"] . "'>"; $txtPaymentDate = isNotNull($row["payment_date"] and $row["payment_date"] != "0000-00-00") ? dateFormat($row["payment_date"], "Y-m-d", "m/d/Y") : " Not Yet Settled;"; if ($row['payment_status'] == 'P') { $Paymentstatus = 'Pending'; } else { $Paymentstatus = 'Paid'; } $qryopt1 = " "; $taxtotal = 0; $sql1 = "SELECT o.*, u.user_name, u.email, od.product_discount,sum( (od.product_price-(od.product_price*product_discount/100)) * od.product_quantity) as total,sum(od.product_tax)as taxtotal\n\t\tFROM " . $tableprefix . "orders o\n\t\tINNER JOIN " . $tableprefix . "users u ON o.user_id = u.user_id\n\t\tINNER JOIN " . $tableprefix . "order_details od ON o.order_id = od.order_id\n\t\tWHERE od.artist_id = '" . addslashes($artistid) . "'\n AND o.order_id = " . $row['order_id'] . "\n\t\tAND o.vpayment_status != 'P'" . $qryopt1 . " GROUP BY o.order_id ORDER BY o.order_date,o.order_id DESC "; $sellerCurrency = getSellerCurrencySybol($artistid); $result1 = mysql_query($sql1); if (mysql_num_rows($result1) != 0) { $row1 = mysql_fetch_array($result1); $ordernumber = $row1["order_id"]; $username = $row1["user_name"]; if ($row1['vorder_currency'] != $sellerCurrency and $row1['vorder_currency'] != "USD") {
} if (isNotNull($_POST["txtName"])) { $name = $_POST["txtName"]; } else { //user name null $error = true; $errormessage .= MESSAGE_NAME_REQUIRED . "<br>"; } if (isNotNull($_POST["ddlCompany"])) { $company = $_POST["ddlCompany"]; } else { //user Company null $error = true; $errormessage .= MESSAGE_COMPANY_REQUIRED . "<br>"; } if (isNotNull($_POST["txtEmail"])) { $email = $_POST["txtEmail"]; if (!isValidEmail($email)) { $error = true; $errormessage .= MESSAGE_INVALID_EMAIL . "<br>"; } elseif (!isUniqueEmail($email, 0, $company)) { $error = true; $errormessage .= MESSAGE_NONUNIQUE_EMAIL . "<br>"; } } else { //user Email null $error = true; $errormessage .= MESSAGE_EMAIL_REQUIRED . "<br>"; } if ($error) { $errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage;
$ticketerrormessage = MESSAGE_NO_MATCH_FOUND; } } } elseif ($_GET["mt"] == "y") { if (isNotNull($_GET["email"])) { $email = trim($_GET["email"]); if (!isValidEmail($email)) { $ticketerror = true; $ticketerrormessage .= MESSAGE_INVALID_EMAIL . "<br>"; } } else { //user Email null $ticketerror = true; $ticketerrormessage .= MESSAGE_EMAIL_REQUIRED . "<br>"; } if (isNotNull($_GET["ref"])) { $ticketref = $_GET["ref"]; } else { // $ticketerror = true; $ticketerrormessage .= MESSAGE_TICKET_REF_REQUIRED . "<br>"; } if ($ticketerror) { $ticketerrormessage = MESSAGE_ERRORS_FOUND . "<br>" . $ticketerrormessage; } else { //no error so validate $sql = "SELECT u.nUserId ,u.vEmail ,t.nTicketId, t.vRefNo, t.vTitle\n\t\t FROM sptbl_users u INNER JOIN sptbl_tickets t on u.nUserId = t.nUserId "; $sql .= " WHERE u.vEmail = '" . mysql_real_escape_string($email) . "' and t.vRefNo ='" . mysql_real_escape_string($ticketref) . "' and t.vDelStatus = '0' "; $result = executeSelect($sql, $conn); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result);
echo $total; ?> </b></font></td></tr> <tr bgcolor="#FFFFFF"><td align="center" colspan="7"><?php echo $navigate[2]; ?> </td></tr> <tr bgcolor="#FFFFFF"><td align="center" colspan="7"> </td></tr> <tr class=listingband> <td colspan="7"> </td> </tr> <tr bgcolor="#FFFFFF"> <td colspan="7" align="center"> <?php if (isNotNull($check)) { ?> <input type="submit" class="button" name="btnSettleSelected" value="Settle Selected" > <?php } ?> <input type="button" name="btnBack" class="button" value="Back" onClick="window.location.href='editaffiliate.php?affiliateid=<?php echo $aid; ?> ';" > </td> </tr> </table> </td>
} if (file_exists($large_image_location)) { unlink($large_image_location); } } } } $message .= $avatarError; //Avatar End if (!isset($catid) || $catid == "") { //at the top level $parentcatid = "0"; } else { $parentcatid = $catid; } if (!isNotNull($txtCategoryName)) { $message .= "* Category Name is required! <br>"; } else { if (categoryExists($txtCategoryName, $catid)) { $message .= "Category Exists!"; } } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert category details if ($parentcatid == "0") { //top level category $sqlinsertcat = "INSERT INTO " . $tableprefix . "categories(category_name,parent_id,route,avatar)\n\t\t\t\t\t\t\t \t\t\t\t\t VALUES ('" . addslashes($txtCategoryName) . "', '" . addslashes($parentcatid) . "','0','" . addslashes($catfilename) . "') "; $resultinsertcat = mysql_query($sqlinsertcat);
$message = ""; if (!isNotNull($txtOldPassword)) { $message .= "* Old password is required! <br>"; } else { $sql = "SELECT password FROM " . $tableprefix . "users WHERE user_id = '" . addslashes($userid) . "' "; $res = mysql_query($sql); if (mysql_num_rows($res) != 0) { $row = mysql_fetch_array($res); $oldpassmd5 = $row["password"]; if (md5($txtOldPassword) != $oldpassmd5) { $message .= "* Old password mismatch! <br>"; } else { if (!isNotNull($txtPassword)) { $message .= "* New password cannot be empty! <br>"; } if (!isNotNull($txtConfirmPassword)) { $message .= "* Confirm Password cannot be empty! <br>"; } if (strcmp($txtPassword, $txtConfirmPassword) != 0) { $message .= "* New passwords does not match! <br>"; } } } } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert user details $sql = "UPDATE " . $tableprefix . "users SET\n\t\t\tpassword = '******'\n\t\t\tWHERE user_id = '" . addslashes($userid) . "'\n\t\t\t"; mysql_query($sql);
?> </td></tr> </table> <div class="clear"></div> </div> </td> </tr> <tr><td colspan="3"> </td></tr> <tr> <td colspan="3"> <h2 class="subheading_new">Order Part Details</h2> <table cellpadding="2" cellspacing="2" width="100%" class="cart_listingtbl"> <?php if (isNotNull($artists)) { echo "<div class='comic_sans_font'>This order contains " . count($artists) . " sub order(s)</legend>"; for ($i = 0; $i < count($artists); $i++) { ?> <tr> <td colspan='3'> Order Part # <?php echo $i + 1; ?> <table width='100%' border='0' cellpadding='0' cellspacing='0' class="cart_listingtbl2" > <tr class="whitebg"> <td width='100%' colspan='7' align="left" ><b><?php echo TEXT_VENDOR; ?> : <font color='RED'><?php
$message .= "* Paypal API Signature Empty<br>"; } if (!isNotNull($txtPaypalApplicationId)) { $message .= "* Paypal Application APP Id Empty<br>"; } } /* Paypal Pro Payment*/ $proMsg = ""; if ($chkPaypalPro == 'Y') { if (!isNotNull($txtPaypalProApiUsername)) { $proMsg .= "* Paypal Pro API Username Empty<br>"; } if (!isNotNull($txtPaypalProApiPassword)) { $proMsg .= "* Paypal Pro API Password Empty<br>"; } if (!isNotNull($txtPaypalProApiSignature)) { $proMsg .= "* Paypal Pro API Signature Empty<br>"; } } /*----------Google Checkout----------------- */ if ($message == "") { // error $sql = "UPDATE " . $tableprefix . "settings SET\n paypal_api_username \t\t= '" . mysql_real_escape_string($txtPaypalUsername) . "',\n\t\t\t\t\tpaypal_api_password \t\t= '" . mysql_real_escape_string($txtPaypalPassword) . "',\n\t\t\t\t\tpaypal_api_signature \t\t= '" . mysql_real_escape_string($txtPaypalSignature) . "',\n\t\t\t\t\tpaypal_application_app_id \t= '" . mysql_real_escape_string($txtPaypalApplicationId) . "',\n\t\t\t\t\tenablepaypal = '" . mysql_real_escape_string($chkPaypal) . "',\n\t\t\t\t\tenablepaypalsandbox \t\t= '" . mysql_real_escape_string($chkSandbox) . "',\n\t\t\t\t\tpaypalemail \t\t\t= '" . mysql_real_escape_string($txtPaypalEmail) . "',\n\t\t\t\t\tpaypalidentitytoken \t\t= '" . mysql_real_escape_string($txtPaypalIDTOKEN) . "' "; mysql_query($sql) or die(mysql_error()); } //echo $proMsg;exit; if ($proMsg == "") { $sql = "UPDATE " . $tableprefix . "settings SET\n paypalpro_username \t\t= '" . mysql_real_escape_string($txtPaypalProApiUsername) . "',\n\t\t\t\t\tpaypalpro_password \t\t= '" . mysql_real_escape_string($txtPaypalProApiPassword) . "',\n\t\t\t\t\tpaypalpro_signature \t\t= '" . mysql_real_escape_string($txtPaypalProApiSignature) . "',\n\t\t\t\t\tenablepaypalpro = '" . mysql_real_escape_string($chkPaypalPro) . "',\n\t\t\t\t\tenablepaypalprosandbox \t\t= '" . mysql_real_escape_string($chkProSandbox) . "'"; mysql_query($sql) or die(mysql_error()); } if ($message == "" && $proMsg == "") {
$_COOKIE = array_map('stripslashes_deep', $_COOKIE); } if (isset($_SESSION["sess_adminname"]) and $_SESSION["sess_adminname"] != "") { $adminname = $_SESSION["sess_adminname"]; } else { header("Location:login.php"); exit; } $txtSubject = trim($_POST["txtSubject"]); $txtMailContent = trim(stripslashes($_POST["txtMailContent"])); if ($_POST["btnSendMail"] == "Send Mail") { $message = ""; if (!isNotNull($txtSubject)) { $message .= "* Subject cannot be empty!<br>"; } if (!isNotNull($txtMailContent)) { $message .= "* Mail Content cannot be empty!<br>"; } if ($message == "") { /*---------Multicart 2.2 Upgradation-----------*/ $message = getNewslettersubscribersList($txtSubject, $txtMailContent); $txtSubject = ""; $txtMailContent = ""; } } if (isset($_GET["msg"]) and $_GET["msg"] != "") { $msg = $_GET["msg"]; switch ($msg) { case "deleted": $message = MSG_USER_DELETED; break;
<?php $page = 'forgotpassword'; if (isset($_POST["postback"]) && $_POST["postback"] == "Get Password") { //echo '<pre>'; print_r($_POST); echo '</pre>'; exit; $error = false; $passworderrormessage = ""; if (isNotNull($_POST["txtUserEmail"])) { $useremail = trim($_POST["txtUserEmail"]); } else { //user email null $error = true; $passworderrormessage .= MESSAGE_USER_EMAIL_REQUIRED . "<br>"; } if ($error) { $passworderrormessage = $passworderrormessage; } else { //no error so validate and send the $sql = "SELECT nUserId , vUserName , vEmail , vLogin , vPassword FROM sptbl_users "; $sql .= " WHERE vEmail = '" . mysql_real_escape_string($useremail) . "' "; $result = executeSelect($sql, $conn); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); $userid = $row["nUserId"]; $username = $row["vLogin"]; $useremail = $row["vEmail"]; $userfullname = $row["vUserName"]; $code = rand(1, 999999); $sql = "UPDATE sptbl_users "; $sql .= " SET vCodeForPass = '******' WHERE nUserId = '" . $userid . "' "; //echo $sql;
$userinfo['emailAddress'] = addslashes($txtEmail); $userinfo['firstName'] = addslashes($txtFirstName); $userinfo['lastName'] = addslashes($txtLastName); $userinfo['lists'] = Array($constantcontactSettings['constantcontactlistId']);// print_r($userinfo);exit; $_SESSION['constantparam']['data'] =$userinfo; $_SESSION['constantparam']['redirecturl'] = SITE_URL . '/index.php'; //header("location:".$constantcontactSettings['verificationURL']); //exit; } }*/ /*---------Multicart 2.0 Upgradation Starts------*/ $message = "Profile updated successfully!"; } } else { if ($_POST["btnResetPassword"] == "Reset Password") { if (!isNotNull($txtNewPassword)) { $message .= "* New password cannot be empty! <br>"; } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert user details $sql = "UPDATE " . $tableprefix . "users SET \n\t\t\tpassword = '******'\n\t\t\tWHERE user_id = '" . addslashes($userid) . "'"; mysql_query($sql); if ($chkNotify == "on") { $sql = "SELECT email,first_name,last_name,user_name FROM " . $tableprefix . "users WHERE user_id = '" . addslashes($userid) . "' "; $result = mysql_query($sql); if (mysql_num_rows($result) != 0) { $row = mysql_fetch_array($result); $email = $row["email"];