function tep_update_whos_online() { global $customer_id; if (tep_session_is_registered('customer_id')) { $wo_customer_id = $customer_id; $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'"); $customer = tep_db_fetch_array($customer_query); $wo_full_name = $customer['customers_firstname'] . ' ' . $customer['customers_lastname']; } else { $wo_customer_id = ''; $wo_full_name = 'Guest'; } $wo_session_id = tep_session_id(); $wo_ip_address = tep_get_ip_address(); $wo_last_page_url = tep_db_prepare_input(getenv('REQUEST_URI')); $current_time = time(); $xx_mins_ago = $current_time - 900; // remove entries that have expired tep_db_query("delete from " . TABLE_WHOS_ONLINE . " where time_last_click < '" . $xx_mins_ago . "'"); $stored_customer_query = tep_db_query("select session_id from " . TABLE_WHOS_ONLINE . " where session_id = '" . tep_db_input($wo_session_id) . "' limit 1"); if (tep_db_num_rows($stored_customer_query) > 0) { tep_db_query("update " . TABLE_WHOS_ONLINE . " set customer_id = '" . (int) $wo_customer_id . "', full_name = '" . tep_db_input($wo_full_name) . "', ip_address = '" . tep_db_input($wo_ip_address) . "', time_last_click = '" . tep_db_input($current_time) . "', last_page_url = '" . tep_db_input($wo_last_page_url) . "' where session_id = '" . tep_db_input($wo_session_id) . "'"); } else { tep_db_query("insert into " . TABLE_WHOS_ONLINE . " (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url) values ('" . (int) $wo_customer_id . "', '" . tep_db_input($wo_full_name) . "', '" . tep_db_input($wo_session_id) . "', '" . tep_db_input($wo_ip_address) . "', '" . tep_db_input($current_time) . "', '" . tep_db_input($current_time) . "', '" . tep_db_input($wo_last_page_url) . "')"); } }
function quote($method = '') { global $order, $cart, $shipping_weight, $currencies, $currency; $postcode_check_query = tep_db_query("select count(*) as total from " . TABLE_CITIES . " where city_id = '" . tep_db_input(tep_db_prepare_input($order->delivery['postcode'])) . "'"); $postcode_check = tep_db_fetch_array($postcode_check_query); $shipping_cost = 0; // if (empty($order->delivery['postcode'])) { // $this->quotes['error'] = MODULE_SHIPPING_UKRPOSTBN_NO_ZIPCODE_FOUND; // } elseif ($postcode_check['total'] < 1) { // $this->quotes['error'] = MODULE_SHIPPING_UKRPOSTBN_NO_ZIPCODE_EXISTS; // } else { $total_sum = str_replace(',', '.', round($cart->total * $currencies->currencies[$currency]['value'], $currencies->currencies[$currency]['decimal_places'])); $persentage = str_replace(',', '.', MODULE_SHIPPING_UKRPOSTBN_COST); $min_cost = str_replace(',', '.', MODULE_SHIPPING_UKRPOSTBN_MIN_COST); $add_cost = str_replace(',', '.', MODULE_SHIPPING_UKRPOSTBN_ADDITIONAL_COST); if ($persentage > 0) { $shipping_cost = $total_sum * $persentage / 100; } if ($min_cost > 0 && $shipping_cost < $min_cost) { $shipping_cost = $min_cost; } if ($add_cost > 0) { $shipping_cost += $add_cost; } $shipping_method = sprintf(MODULE_SHIPPING_UKRPOSTBN_TEXT_WEIGHT, $shipping_weight); // } if ($shipping_cost > 0) { $shipping_cost = $shipping_cost / $currencies->get_value($currency); } $this->quotes['id'] = $this->code; $this->quotes['module'] = MODULE_SHIPPING_UKRPOSTBN_TEXT_TITLE; $this->quotes['methods'] = array(array('id' => $this->code, 'title' => $shipping_method, 'cost' => $shipping_cost)); return $this->quotes; }
function after_process() { global $insert_id; parent::after_process(); tep_db_query("UPDATE pi_paymill_transaction SET preauth_id = '" . tep_db_prepare_input($_SESSION['paymill']['preauth_id']) . "' WHERE order_id = " . (int) $insert_id); unset($_SESSION['paymill']); }
function objectInfo($object_array) { reset($object_array); while (list($key, $value) = each($object_array)) { $this->{$key} = tep_db_prepare_input($value); } }
/** * @param $first_name * @param $last_name * @param $email * @return integer Customer ID */ public static function create_user($first_name, $last_name, $email) { $existing_customer = self::get_customer_id_by_email($email); if (!$existing_customer) { // Customer doesn't exist, create them. // tep_encrypt_password deals with actual hashing, this is simply generating a longer string. $password_string = md5(self::gen_random_string()); $customer_data = array('customers_firstname' => $first_name, 'customers_lastname' => $last_name, 'customers_email_address' => $email, 'customers_gender' => '', 'customers_dob' => tep_db_prepare_input('0001-01-01 00:00:00'), 'customers_telephone' => '', 'customers_newsletter' => '0', 'customers_default_address_id' => 0, 'customers_password' => tep_encrypt_password($password_string)); $cust = tep_db_perform(TABLE_CUSTOMERS, $customer_data); $cust_id = tep_db_insert_id(); if (!$cust_id) { return FALSE; } // Set an invalid password $query = "UPDATE " . TABLE_CUSTOMERS . " SET `customers_password` = :pw WHERE `customers_id` = :id"; $query = bind_vars($query, ':pw', 'LOGINWITHAMAZON00000000000000000'); $query = bind_vars($query, ':id', $cust_id); tep_db_query($query); // Add user to the Amazon users table $amazon_table_safe = tep_db_input(self::TABLE_NAME_ONLY); $cust_id_safe = tep_db_input($cust_id); $query = "INSERT INTO " . $amazon_table_safe . " (customer_id) VALUES (" . $cust_id_safe . ")"; tep_db_query($query); // Create customer info entry tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $cust_id . "', '0', now())"); return $cust_id; } else { return $existing_customer; } }
function execute() { global $sessiontoken, $login_customer_id, $messageStack, $oscTemplate; $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $sessiontoken) { $email_address = tep_db_prepare_input($_POST['email_address']); $password = tep_db_prepare_input($_POST['password']); // Check if email exists $customer_query = tep_db_query("select customers_id, customers_password from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1"); if (!tep_db_num_rows($customer_query)) { $error = true; } else { $customer = tep_db_fetch_array($customer_query); // Check that password is good if (!tep_validate_password($password, $customer['customers_password'])) { $error = true; } else { // set $login_customer_id globally and perform post login code in catalog/login.php $login_customer_id = (int) $customer['customers_id']; // migrate old hashed password to new phpass password if (tep_password_type($customer['customers_password']) != 'phpass') { tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $login_customer_id . "'"); } } } } if ($error == true) { $messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR); } ob_start(); include 'includes/modules/content/' . $this->group . '/templates/login_form.php'; $template = ob_get_clean(); $oscTemplate->addContent($template, $this->group); }
function query($order_id) { global $languages_id; $order_id = tep_db_prepare_input($order_id); // PWA BOF // added customers_dummy_account $order_query = tep_db_query("select customers_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, customers_dummy_account, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, delivery_date, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, currency, currency_value, date_purchased, orders_status, last_modified from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'"); // PWA EOF $order = tep_db_fetch_array($order_query); $totals_query = tep_db_query("select title, text from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' order by sort_order"); while ($totals = tep_db_fetch_array($totals_query)) { $this->totals[] = array('title' => $totals['title'], 'text' => $totals['text']); } $order_total_query = tep_db_query("select text from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' and class = 'ot_total'"); $order_total = tep_db_fetch_array($order_total_query); $shipping_method_query = tep_db_query("select title from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "' and class = 'ot_shipping'"); $shipping_method = tep_db_fetch_array($shipping_method_query); $order_status_query = tep_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . (int) $languages_id . "'"); $order_status = tep_db_fetch_array($order_status_query); $this->info = array('currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'date_purchased' => $order['date_purchased'], 'delivery_date' => $order['delivery_date'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total['text']), 'shipping_method' => substr($shipping_method['title'], -1) == ':' ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title'])); $this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => array('title' => $order['customers_country']), 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address'], 'is_dummy_account' => $order['customers_dummy_account']); // PWA EOF $this->delivery = array('name' => trim($order['delivery_name']), 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => array('title' => $order['delivery_country']), 'format_id' => $order['delivery_address_format_id']); if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { $this->delivery = false; } $this->billing = array('name' => $order['billing_name'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => array('title' => $order['billing_country']), 'format_id' => $order['billing_address_format_id']); $index = 0; $orders_products_query = tep_db_query("select orders_products_id, products_id, products_name, products_model, products_code, products_price, products_tax, products_quantity, final_price from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'"); while ($orders_products = tep_db_fetch_array($orders_products_query)) { $this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'code' => $orders_products['products_code'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'final_price' => $orders_products['final_price']); // BOF: MOD - Separate Pricing Per Customer global $sppc_customer_group_id; if (tep_session_is_registered('sppc_customer_group_id')) { $customer_group_id = $sppc_customer_group_id; } else { $customer_group_id = '0'; } if ($customer_group_id != '0') { $orders_customers_price = tep_db_query("select customers_group_price from " . TABLE_PRODUCTS_GROUPS . " where customers_group_id = '" . $customer_group_id . "' and products_id = '" . $products[$i]['id'] . "'"); if ($orders_customers = tep_db_fetch_array($orders_customers_price)) { $this->products[$index] = array('price' => $orders_customers['customers_group_price'], 'final_price' => $orders_customers['customers_group_price']); } } // EOF: MOD - Separate Pricing Per Customer $subindex = 0; $attributes_query = tep_db_query("select products_options, products_options_values, options_values_price, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int) $order_id . "' and orders_products_id = '" . (int) $orders_products['orders_products_id'] . "'"); if (tep_db_num_rows($attributes_query)) { while ($attributes = tep_db_fetch_array($attributes_query)) { $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']); $subindex++; } } $this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1'; $index++; } }
function print_address($x, $y, $nums) { global $pdf, $num, $billing; $pos = $y; global $orders_query; global $order; global $orders; global $languages_id; global $_POST; if ($order) { if ($billing == true) { $addressparts = explode("\n", tep_address_format($order->billing['format_id'], $order->billing, 1, '', " \n")); } else { $addressparts = explode("\n", tep_address_format($order->delivery['format_id'], $order->delivery, 1, '', " \n")); } foreach ($addressparts as $addresspart) { $fontsize = GENERAL_FONT_SIZE; while ($pdf->getTextWidth($fontsize, $addresspart) > LABEL_WIDTH) { $fontsize--; } //$addresspart = preg_replace("%,[[:space:]]*$%", "", $addresspart); $pdf->addText($x, $pos -= GENERAL_LINE_SPACING, $fontsize, $addresspart); } $pdf->addText($x + LABEL_WIDTH - ORDERIDXOFFSET - 22, $y + ORDERIDYOFFSET, ORDERIDFONTSIZE, $orders['orders_id']); if ($_POST['status'] && $_POST['status'] != $order->info['orders_status']) { $customer_notified = 0; $status = tep_db_prepare_input($_POST['status']); $notify_comments = sprintf(EMAIL_TEXT_COMMENTS_UPDATE, BATCH_COMMENTS) . "\n\n"; if ($_POST['notify']) { $status_query = tep_db_query("select orders_status_name as name from " . TABLE_ORDERS_STATUS . " where language_id = " . $languages_id . " and orders_status_id = " . tep_db_input($status)); $status_name = tep_db_fetch_array($status_query); $email = STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_ORDER_NUMBER . ' ' . $orders['orders_id'] . "\n" . EMAIL_TEXT_DATE_ORDERED . ' ' . tep_date_long($order->info['date_purchased']) . "\n\n" . $notify_comments . sprintf(EMAIL_TEXT_STATUS_UPDATE, $status_name['name']); tep_mail($order->customer['name'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, nl2br($email), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); $customer_notified = '1'; } tep_db_query("update " . TABLE_ORDERS . " set orders_status = '" . tep_db_input($status) . "', last_modified = now() where orders_id = '" . $orders['orders_id'] . "'"); tep_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) \r\n values ('" . $orders['orders_id'] . "', '" . tep_db_input($status) . "', now(), '" . $customer_notified . "', '" . $notify_comments . "')"); } if ($nums % NUM_LABELS_PER_PAGE == NUM_LABELS_PER_PAGE - 1) { $order = false; return false; } else { if ($orders = tep_db_fetch_array($orders_query)) { $order = new order($orders['orders_id']); return true; } else { $order = false; return false; } } } else { return false; } }
function send($newsletter_id) { $mail_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_newsletter = '1'"); $mimemessage = new email(array('X-Mailer: osCommerce bulk mailer')); $mimemessage->add_text($this->content); $mimemessage->build_message(); while ($mail = tep_db_fetch_array($mail_query)) { $mimemessage->send($mail['customers_firstname'] . ' ' . $mail['customers_lastname'], $mail['customers_email_address'], '', EMAIL_FROM, $this->title); } $newsletter_id = tep_db_prepare_input($newsletter_id); tep_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1' where newsletters_id = '" . tep_db_input($newsletter_id) . "'"); }
function send($affiliate_newsletter_id) { $mail_query = tep_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'"); $mimemessage = new email(array('X-Mailer: osCmax Mailer')); $mimemessage->add_text($this->content); $mimemessage->build_message(); while ($mail = tep_db_fetch_array($mail_query)) { $mimemessage->send($mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], $mail['affiliate_email_address'], '', EMAIL_FROM, $this->title); } $affiliate_newsletter_id = tep_db_prepare_input($affiliate_newsletter_id); tep_db_query("update " . TABLE_AFFILIATE_NEWSLETTERS . " set date_sent = now(), status = '1' where affiliate_newsletters_id = '" . tep_db_input($affiliate_newsletter_id) . "'"); }
function objectInfo($object_array) { reset($object_array); while (list($key, $value) = each($object_array)) { // Check if value is defined if (defined($value) && constant($value) != null) { $this->{$key} = constant($value); } else { $this->{$key} = tep_db_prepare_input($value); } } }
public function recordFirstStep($orderId, $paramsSAR, $responseSAR) { $datetime = new DateTime('NOW'); if ($this->_getStep($orderId) == self::FIRST_STEP) { $requestKey = $responseSAR['RequestKey']; $publicRequestKey = $responseSAR['PublicRequestKey']; $query = "UPDATE todopago_transaccion SET first_step = '" . $datetime->format('Y-m-d H:i:s') . "', params_SAR = '" . tep_db_input(tep_db_prepare_input(json_encode($paramsSAR))) . "', response_SAR = '" . tep_db_input(tep_db_prepare_input(json_encode($responseSAR))) . "', request_key = '" . tep_db_input(tep_db_prepare_input($requestKey)) . "', public_request_key = '" . tep_db_input(tep_db_prepare_input($publicRequestKey)) . "' WHERE id_orden = " . $orderId; tep_db_query($query); return $query; } else { return 0; } }
function retrieveDetail($products_linking_id, $prepared = false) { if (!$prepared) { $products_linking_id = tep_db_prepare_input($products_linking_id); } $load_query = "SELECT pl.*, p.products_image"; $load_query .= " FROM products_linking pl"; $load_query .= " LEFT JOIN products p ON p.products_id=pl.links_id"; $load_query .= " WHERE pl.products_linking_id={$products_linking_id}"; $load_result = tep_db_query($load_query); $pl = tep_db_fetch_array($load_result); return $pl; }
function send($newsletter_id) { $mail_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_newsletter = '1'"); while ($mail = tep_db_fetch_array($mail_query)) { $mimemessage = new email(array('X-Mailer: osCommerce bulk mailer')); // Préparation de l'envoie du mail en HTML $mimemessage->add_html_newsletter($this->header . "\n\n" . $this->content . "\n\n" . $this->unsubscribea . " " . '<a href="' . HTTP_SERVER . DIR_WS_CATALOG . FILENAME_UNSUBSCRIBE . "?email=" . $mail['customers_email_address'] . '">' . HTTP_SERVER . DIR_WS_CATALOG . FILENAME_UNSUBSCRIBE . "?email=" . $mail['customers_email_address'] . '</a>' . "\n\n" . $this->unsubscribeb); $mimemessage->build_message(); // ################# END - Contribution Newsletter v050 ############## $mimemessage->send($mail['customers_firstname'] . ' ' . $mail['customers_lastname'], $mail['customers_email_address'], '', EMAIL_FROM, $this->title); } $newsletter_id = tep_db_prepare_input($newsletter_id); tep_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1' where newsletters_id = '" . tep_db_input($newsletter_id) . "'"); }
function create_update_list($post_update_list, $db_update_list) { $set_update = ''; foreach ($post_update_list as $key => $value) { if (postOK($value)) { if (empty($set_update)) { $set_update .= $db_update_list[$key] . ' = "' . tep_db_prepare_input($_POST[$value]) . '"'; } else { $set_update .= ',' . $db_update_list[$key] . ' = "' . tep_db_prepare_input($_POST[$value]) . '"'; } } } return $set_update; }
protected function index() { $this->data['button_confirm'] = $this->language->get('button_confirm'); $this->data['button_back'] = $this->language->get('button_back'); if (!$this->config->get('paypal_express_test')) { $this->data['action'] = 'https://www.paypal_express.com/cgi-bin/webscr'; } else { $this->data['action'] = 'https://www.sandbox.paypal_express.com/cgi-bin/webscr'; } $this->load->model('checkout/order'); $order_info = $this->model_checkout_order->getOrder($this->session->data['order_id']); if (empty($comments)) { if (isset($HTTP_POST_VARS['ppecomments']) && tep_not_null($HTTP_POST_VARS['ppecomments'])) { $comments = tep_db_prepare_input($HTTP_POST_VARS['ppecomments']); $order->info['comments'] = $comments; } } if (MODULE_PAYMENT_PAYPAL_EXPRESS_TRANSACTION_SERVER == 'Live') { $api_url = 'https://api-3t.paypal.com/nvp'; } else { $api_url = 'https://api-3t.sandbox.paypal.com/nvp'; } $params = array('USER' => MODULE_PAYMENT_PAYPAL_EXPRESS_API_USERNAME, 'PWD' => MODULE_PAYMENT_PAYPAL_EXPRESS_API_PASSWORD, 'VERSION' => '3.2', 'SIGNATURE' => MODULE_PAYMENT_PAYPAL_EXPRESS_API_SIGNATURE, 'METHOD' => 'DoExpressCheckoutPayment', 'TOKEN' => $ppe_token, 'PAYMENTACTION' => MODULE_PAYMENT_PAYPAL_EXPRESS_TRANSACTION_METHOD == 'Sale' ? 'Sale' : 'Authorization', 'PAYERID' => $ppe_payerid, 'AMT' => $this->format_raw($order->info['total']), 'CURRENCYCODE' => $order->info['currency'], 'BUTTONSOURCE' => 'osCommerce22_Default_EC'); if (is_numeric($sendto) && $sendto > 0) { $params['SHIPTONAME'] = $order->delivery['firstname'] . ' ' . $order->delivery['lastname']; $params['SHIPTOSTREET'] = $order->delivery['street_address']; $params['SHIPTOCITY'] = $order->delivery['city']; $params['SHIPTOSTATE'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['state']); $params['SHIPTOCOUNTRYCODE'] = $order->delivery['country']['iso_code_2']; $params['SHIPTOZIP'] = $order->delivery['postcode']; } $post_string = ''; foreach ($params as $key => $value) { $post_string .= $key . '=' . urlencode(trim($value)) . '&'; } $post_string = substr($post_string, 0, -1); $response = $this->sendTransactionToGateway($api_url, $post_string); $response_array = array(); parse_str($response, $response_array); if ($response_array['ACK'] != 'Success' && $response_array['ACK'] != 'SuccessWithWarning') { tep_redirect(tep_href_link(FILENAME_SHOPPING_CART, 'error_message=' . stripslashes($response_array['L_LONGMESSAGE0']), 'SSL')); } $this->data['back'] = $this->url->https('checkout/payment'); $this->id = 'payment'; $this->template = $this->config->get('config_template') . 'payment/paypal_express.tpl'; $this->render(); }
function send($newsletter_id) { $mail_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_newsletter = '1'"); $mimemessage = new email(array('X-Mailer: osCmax Mailer')); // BOF: MOD - WYSIWYG HTML Area (Send TEXT Newsletter v1.7 when WYSIWYG Disabled) if (HTML_AREA_WYSIWYG_DISABLE_NEWSLETTER == 'Disable') { $mimemessage->add_text($this->content); // orginal OSC line } else { $mimemessage->add_html($this->content); } // EOF: MOD - WYSIWYG HTML Area (Send TEXT Newsletter v1.7 when WYSIWYG Disabled) $mimemessage->build_message(); while ($mail = tep_db_fetch_array($mail_query)) { $mimemessage->send($mail['customers_firstname'] . ' ' . $mail['customers_lastname'], $mail['customers_email_address'], '', EMAIL_FROM, $this->title); } $newsletter_id = tep_db_prepare_input($newsletter_id); tep_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1' where newsletters_id = '" . tep_db_input($newsletter_id) . "'"); }
function tep_update_information_languages($language_id = 0) { global $languages, $languages_id, $gID; if ($language_id == 0) { $language_id = $languages_id; } // Count all items $information_query = tep_db_query("select count(*) as information_count from " . TABLE_INFORMATION . " where information_group_id = '" . (int) $gID . "'"); $information = tep_db_fetch_array($information_query); $information_count_all = $information['information_count']; // Count items for main language $information_query = tep_db_query("select count(*) as information_count from " . TABLE_INFORMATION . " where information_group_id = '" . (int) $gID . "' and language_id = '" . (int) $language_id . "'"); $information = tep_db_fetch_array($information_query); $information_count_single = $information['information_count']; if ($information_count_all != $information_count_single * sizeof($languages)) { // Create array of language id's in information table $information_query = tep_db_query("select language_id from " . TABLE_INFORMATION . " where information_group_id = '" . (int) $gID . "' group by language_id"); while ($information_language = tep_db_fetch_array($information_query)) { $information_languages[] = $information_language['language_id']; } // Create array of language id's in languages foreach ($languages as $language) { $languages_ids[] = $language['id']; } // Remove entries with languages no longer being used foreach ($information_languages as $_language_id) { if (!in_array($_language_id, $languages_ids)) { tep_db_query("delete from " . TABLE_INFORMATION . " where information_group_id = '" . (int) $gID . "' and language_id = '" . (int) $_language_id . "'"); } } $information_query = tep_db_query("select * from " . TABLE_INFORMATION . " where information_group_id = '" . (int) $gID . "' and language_id = '" . (int) $language_id . "'"); while ($information = tep_db_fetch_array($information_query)) { foreach ($languages_ids as $_language_id) { if (!in_array($_language_id, $information_languages)) { $sql_data_array = array('language_id' => $_language_id, 'visible' => tep_db_prepare_input($information['visible']), 'show_in_infobox' => tep_db_prepare_input($information['show_in_infobox']), 'sort_order' => tep_db_prepare_input($information['sort_order']), 'information_id' => tep_db_prepare_input($information['information_id']), 'information_group_id' => tep_db_prepare_input($information['information_group_id']), 'information_title' => tep_db_prepare_input($information['information_title']), 'information_description' => tep_db_prepare_input($information['information_description']), 'information_url' => tep_db_prepare_input($information['information_url']), 'information_target' => tep_db_prepare_input($information['information_target']), 'info_cg_hide' => tep_db_prepare_input($information['info_cg_hide'])); tep_db_perform(TABLE_INFORMATION, $sql_data_array); } } } } }
function changeOrderStatus($order_id, $order_status, $comment = '') { $sql_data_array['orders_id'] = $order_id; $sql_data_array['orders_status_id'] = $order_status; $sql_data_array['date_added'] = 'now()'; if ($comment != 'Comment for new status' && $comment != '') { $sql_data_array['comments'] = tep_db_prepare_input($comment); } tep_db_perform('orders_status_history', $sql_data_array); tep_db_query("UPDATE orders SET orders_status={$order_status}, last_modified=now() WHERE orders_id={$order_id}"); }
$pifile2download = $file; //} } if ($pifile2download != '' && fileReadyForDownload($pi_cache_path . $pi_to_download)) { return $pifile2download; } } } } } return null; } if (isset($_POST['username']) && isset($_POST['pi_delete'])) { //DELETE PI THAT ALREADY DOWNLOADED $username = tep_db_prepare_input($_POST['username']); $pi_delete = $pi_on_download_path . tep_db_prepare_input($_POST['pi_delete']); //pi_delete ex: SP-XXXX or JG-XXXX or DP-XXXX if (is_file($pi_delete)) { unlink($pi_delete); } } else { $search_new_file = true; /* //"activate this if we want to download multi pi batches for a product only to a single station" as well as same comments like this on line above $last_downloaded_file = tep_db_prepare_input($_POST['last_downloaded']); if($last_downloaded_file!='') { //check for next increment batches file to be downloaded $tmp = explode('_', $last_downloaded_file); if(count($tmp)>0) { $file_counter = str_replace('.pdf', '', $tmp[2]); $next_counter = $file_counter + 1; $tmp[2] = $next_counter;
$check_address = tep_db_fetch_array($check_address_query); if ($check_address['total'] != '1') { $billto = $customer_default_address_id; if (tep_session_is_registered('payment')) { tep_session_unregister('payment'); } } } } require DIR_WS_CLASSES . 'order.php'; $order = new order(); if (!tep_session_is_registered('comments')) { tep_session_register('comments'); } if (isset($HTTP_POST_VARS['comments']) && tep_not_null($HTTP_POST_VARS['comments'])) { $comments = tep_db_prepare_input($HTTP_POST_VARS['comments']); } $total_weight = $cart->show_weight(); $total_count = $cart->count_contents(); // load all enabled payment modules require DIR_WS_CLASSES . 'payment.php'; $payment_modules = new payment(); require DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_PAYMENT; $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); require DIR_WS_INCLUDES . 'template_top.php'; ?> <script><!-- var selected;
$result = array(); $result['notifications_id'] = $notifications_id; $result['not_class'] = $not_class; ajaxReturn($result); exit; } elseif ($_POST['me_action'] == 'CLOSEFEEDBACK') { $ids = $_POST['ids']; list($notifications_id, $not_class) = split('-', $ids); $notifications->closeOpenFeedback($notifications_id); $result = array(); $result['ids'] = $ids; $result['notifications_id'] = $notifications_id; ajaxReturn($result); exit; } elseif ($_POST['me_action'] == 'REFRESHFILTERS') { $sender = tep_db_prepare_input($_POST['sender']); $filter = isset($_POST['sender']) && $_POST['sender'] != '' ? "AND posted_by = '{$sender}'" : ""; } } $date_oldest = date('Y-m-d', strtotime("-14 day")); $date_today = date('j M Y'); $date_yesterday = date('j M Y', strtotime("-1 day")); $n_lists = $notifications->retrieveListGeneralQuery("muhn.user_id={$session_userinfo['id']} AND (muhn.status=0 OR muhn.need_feedback=1 OR muhn.posted_date>='{$date_oldest}') {$filter}", 'muhn.posted_date DESC, muhn.posted_by'); $notifications_new = array(); $printed_date = ''; $previous_date = ''; //$dbposted = tep_db_query("SELECT DISTINCT posted_by FROM minierp_users_has_notifications WHERE user_id = '$session_userinfo[id]'"); //while($r=tep_db_fetch_array($dbposted))$postedusers[$r['posted_by']] = $r['posted_by']; $postedusers = array(); foreach ($n_lists as $n) { if (!isset($postedusers[$n['posted_by']])) {
if (!isset($_SESSION['customer_id'])) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } if (MODULE_CONTENT_ACCOUNT_SET_PASSWORD_ALLOW_PASSWORD != 'True') { tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); } $check_customer_query = tep_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'"); $check_customer = tep_db_fetch_array($check_customer_query); if (!empty($check_customer['customers_password'])) { tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); } // needs to be included earlier to set the success message in the messageStack require DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/content/account/cm_account_set_password.php'; if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $password_new = tep_db_prepare_input($_POST['password_new']); $password_confirmation = tep_db_prepare_input($_POST['password_confirmation']); $error = false; if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $customer_id . "'"); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'"); $messageStack->add_session('account', MODULE_CONTENT_ACCOUNT_SET_PASSWORD_SUCCESS_PASSWORD_SET, 'success'); tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); } }
tep_redirect(tep_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $page_info)); break; case 'delete_option': $option_id = tep_db_prepare_input($HTTP_GET_VARS['option_id']); tep_db_query("delete from " . TABLE_PRODUCTS_OPTIONS . " where products_options_id = '" . (int) $option_id . "'"); tep_redirect(tep_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $page_info)); break; case 'delete_value': $value_id = tep_db_prepare_input($HTTP_GET_VARS['value_id']); tep_db_query("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where products_options_values_id = '" . (int) $value_id . "'"); tep_db_query("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where products_options_values_id = '" . (int) $value_id . "'"); tep_db_query("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " where products_options_values_id = '" . (int) $value_id . "'"); tep_redirect(tep_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $page_info)); break; case 'delete_attribute': $attribute_id = tep_db_prepare_input($HTTP_GET_VARS['attribute_id']); tep_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_attributes_id = '" . (int) $attribute_id . "'"); // added for DOWNLOAD_ENABLED. Always try to remove attributes, even if downloads are no longer enabled tep_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " where products_attributes_id = '" . (int) $attribute_id . "'"); tep_redirect(tep_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $page_info)); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php
function runElementQuery($outsourced_flag) { global $class_ea, $ecats, $all_period; if (isset($_GET['shipwin_month'])) { $month = str_pad(tep_db_prepare_input($_GET['shipwin_month']), 2, '0', STR_PAD_LEFT); $year = date('Y'); $shipwin_start = $year . "-{$month}-01"; $eom_date = date('t', strtotime($shipwin_start)); $shipwin_end = date('Y') . "-{$month}-{$eom_date}"; $shipwin_filter = "AND joi.shipping_window_open BETWEEN '{$shipwin_start}' AND '{$shipwin_end}'"; } else { $shipwin_filter = ""; } $whid = WAREHOUSE_ID_ELEMENTS; $element_list = array(); $order_date_start = '2013-08-13'; $order_date_end = '2013-08-14'; $q = "SELECT\n e.elements_image\n , e.attribute_category_id AS ecatid\n , MONTH(joi.shipping_window_open) AS period\n , IF(IFNULL(paue.elements_id, 0)>0, paue.elements_id, pue.elements_id) AS elements_id\n , SUM(joi.order_quantity * IF(IFNULL(paue.quantity,0)>0, paue.quantity, pue.quantity)) AS elements_needed\n , etes.price_quantity_type AS unit, etes.pieces_per_qty_type AS unit_multiplier\n , es.stock\n FROM jng_sp_orders jo\n LEFT JOIN jng_sp_orders_items joi ON joi.jng_sp_orders_id=jo.jng_sp_orders_id\n LEFT JOIN products p ON p.products_id=joi.products_id\n LEFT JOIN products_use_elements pue ON pue.products_id=joi.products_id\n LEFT JOIN products_articles_use_elements paue ON paue.products_use_elements_id=pue.products_use_elements_id AND paue.products_articles_id=joi.products_articles_id\n LEFT JOIN element e ON e.elements_id=IF(IFNULL(paue.elements_id, 0)>0, paue.elements_id, pue.elements_id)\n LEFT JOIN elements_to_elements_suppliers etes ON etes.elements_id=e.elements_id AND is_default='1'\n LEFT JOIN elements_stock es ON es.jng_warehouses_id={$whid} AND es.elements_id=e.elements_id\n WHERE jo.jng_sp_id=5\n AND jo.order_date BETWEEN '{$order_date_start}' AND '{$order_date_end}'\n {$shipwin_filter}\n AND p.is_outsourced='{$outsourced_flag}'\n GROUP BY elements_id, period\n ORDER BY ecatid, elements_id, period"; $r = tep_db_query($q); $elements_total = array(); $elements_unit = array(); $elements_unit_multiplier = array(); while ($row = tep_db_fetch_array($r)) { $cid = $row['ecatid']; $eid = $row['elements_id']; $p = $row['period']; if (!isset($ecats[$cid])) { $c = $class_ea->retrieveDetail('cat', $cid); $ecats[$cid] = $c[0]['name']; } if (!in_array($p, $all_period)) { $all_period[] = $p; } if (!isset($element_list[$cid])) { $element_list[$cid] = array(); } if (!isset($element_list[$cid][$eid])) { $element_list[$cid][$eid] = array(); } if (!isset($element_list[$cid][$eid]['id'])) { $element_list[$cid][$eid]['id'] = '<div>' . $eid . '</div>'; } if (!isset($element_list[$cid][$eid]['image'])) { $element_list[$cid][$eid]['image'] = '<div>' . webImage($row['elements_image'], IMAGE_SIZE_THUMBNAIL_1, IMAGE_SIZE_THUMBNAIL_1, "Element {$eid}") . '</div>'; } if (!isset($element_list[$cid][$eid]['stock'])) { $element_list[$cid][$eid]['stock'] = '<div>' . $row['stock'] . '</div>'; } if (!isset($element_list[$cid][$eid]['order'])) { $element_list[$cid][$eid]['order'] = '<div>' . elements_order::openOrdersQuantity($eid) . '</div>'; } $element_list[$cid][$eid][$p] = '<div>' . $row['elements_needed'] . '</div>'; if (!isset($elements_total[$eid])) { $elements_total[$eid] = 0; } $elements_total[$eid] += $row['elements_needed']; if (!isset($elements_unit[$eid])) { $elements_unit[$eid] = $row['unit']; } if (!isset($elements_unit_multiplier[$eid])) { $elements_unit_multiplier[$eid] = $row['unit_multiplier']; } } foreach ($element_list as $cid => $elist) { foreach ($elist as $eid => $el) { foreach ($all_period as $p) { if (!isset($el[$p])) { $element_list[$cid][$eid][$p] = '<div>0</div>'; } } $element_list[$cid][$eid]['total'] = '<div>' . $elements_total[$eid] . '</div>'; $element_list[$cid][$eid]['unitm'] = '<div>' . $elements_unit_multiplier[$eid] . '</div>'; $element_list[$cid][$eid]['totalunit'] = '<div>' . ceil($elements_total[$eid] / $elements_unit_multiplier[$eid]) . '</div>'; $element_list[$cid][$eid]['unit'] = '<div>' . $elements_unit[$eid] . '</div>'; } } return $element_list; }
$countries_iso_code_3 = tep_db_prepare_input($HTTP_POST_VARS['countries_iso_code_3']); $address_format_id = tep_db_prepare_input($HTTP_POST_VARS['address_format_id']); tep_db_query("insert into " . TABLE_COUNTRIES . " (countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id) values ('" . tep_db_input($countries_name) . "', '" . tep_db_input($countries_iso_code_2) . "', '" . tep_db_input($countries_iso_code_3) . "', '" . (int) $address_format_id . "')"); tep_redirect(tep_href_link('countries.php')); break; case 'save': $countries_id = tep_db_prepare_input($HTTP_GET_VARS['cID']); $countries_name = tep_db_prepare_input($HTTP_POST_VARS['countries_name']); $countries_iso_code_2 = tep_db_prepare_input($HTTP_POST_VARS['countries_iso_code_2']); $countries_iso_code_3 = tep_db_prepare_input($HTTP_POST_VARS['countries_iso_code_3']); $address_format_id = tep_db_prepare_input($HTTP_POST_VARS['address_format_id']); tep_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . tep_db_input($countries_name) . "', countries_iso_code_2 = '" . tep_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . tep_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'"); tep_redirect(tep_href_link('countries.php', 'page=' . $HTTP_GET_VARS['page'] . '&cID=' . $countries_id)); break; case 'deleteconfirm': $countries_id = tep_db_prepare_input($HTTP_GET_VARS['cID']); tep_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'"); tep_redirect(tep_href_link('countries.php', 'page=' . $HTTP_GET_VARS['page'])); break; } } require 'includes/template_top.php'; ?> <table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?>
public function findCustomer($customerEmail) { $result = tep_db_query('SELECT * FROM ' . TABLE_CUSTOMERS . ' WHERE customers_email_address = "' . tep_db_prepare_input($customerEmail) . '"'); return tep_db_num_rows($result) > 0 ? tep_db_fetch_array($result) : null; }
$use_meta_tags = tep_db_prepare_input($_POST['use_meta_tags']); $use_partial_total = tep_db_prepare_input($_POST['use_partial_total']); require DIR_WS_FUNCTIONS . 'seo_density.php'; $ttl_words = 0; if (!empty($density_url)) { if (!($dens = kda($density_url, $ttl_words, $use_meta_tags, $use_partial_total))) { $error = 'Failed to read url: ' . $density_url; $messageStack->add($error); } } } elseif (tep_not_null($action_check_links)) { require DIR_WS_FUNCTIONS . FILENAME_SEO_ASSISTANT; $badLinks = array(); $idx = 0; $totalLinks = 0; $url = tep_db_prepare_input($_POST['check_page']); if (FALSE === strpos($url, 'http://')) { $link = 'http://' . $url; } CheckLinks($link, $idx); /* $files = ListFiles(); for($i=0; $i<count($files); $i++) { if (FALSE === strpos($files[$i], '.php') || FALSE !== strpos($files[$i], 'search') || FALSE !== strpos($files[$i], 'login') || FALSE !== strpos($files[$i], 'checkout_') ) continue; // echo $files[$i].'<br>'; $link = $url . $files[$i]; break;
$affiliate_newsletter = tep_db_fetch_array($affiliate_newsletter_query); $nInfo = new objectInfo($affiliate_newsletter); include DIR_WS_LANGUAGES . $language . '/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); include DIR_WS_MODULES . 'newsletters/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><?php echo $module->confirm(); ?> </td> </tr> <?php } elseif ($action == 'confirm_send') { $nID = tep_db_prepare_input($_GET['nID']); $affiliate_newsletter_query = tep_db_query("select affiliate_newsletters_id, title, content, module from " . TABLE_AFFILIATE_NEWSLETTERS . " where affiliate_newsletters_id = '" . (int) $nID . "'"); $affiliate_newsletter = tep_db_fetch_array($affiliate_newsletter_query); $nInfo = new objectInfo($affiliate_newsletter); include DIR_WS_LANGUAGES . $language . '/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); include DIR_WS_MODULES . 'newsletters/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><table border="0" cellspacing="0" cellpadding="2"> <tr> <td class="main" valign="middle"><?php echo tep_image(DIR_WS_ICONS . 'ani_send_email.gif', IMAGE_ANI_SEND_EMAIL); ?> </td>
$newsletter = tep_db_fetch_array($newsletter_query); $nInfo = new objectInfo($newsletter); include DIR_WS_LANGUAGES . 'lang/modules/newsletters/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); include DIR_WS_MODULES . 'newsletters/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><?php echo $module->confirm(); ?> </td> </tr> <?php } elseif ($action == 'confirm_send') { $nID = tep_db_prepare_input($HTTP_GET_VARS['nID']); $newsletter_query = tep_db_query("select newsletters_id, title, content, module from " . TABLE_NEWSLETTERS . " where newsletters_id = '" . (int) $nID . "'"); $newsletter = tep_db_fetch_array($newsletter_query); $nInfo = new objectInfo($newsletter); include DIR_WS_LANGUAGES . 'lang/modules/newsletters/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); include DIR_WS_MODULES . 'newsletters/' . $nInfo->module . substr($PHP_SELF, strrpos($PHP_SELF, '.')); $module_name = $nInfo->module; $module = new $module_name($nInfo->title, $nInfo->content); ?> <tr> <td><table border="0" cellspacing="0" cellpadding="2"> <tr> <td class="main" valign="middle"><?php echo tep_image(DIR_WS_IMAGES . 'ani_send_email.gif', IMAGE_ANI_SEND_EMAIL); ?> </td>