PHP vam_redirect примеры использования

Пример #1

Файл: vam_Security.inc.php Проект: nomadcomanche/zdorov_shop

function vam_Security()
{
    // Cross-Site Scripting attack defense - Sent by larsneo
    // some syntax checking against injected javascript
    // extended by Neo
    if (count($_GET) > 0) {
        //        Lets now sanitize the GET vars
        //      echo '<pre>';
        //print_r ($_GET);
        //echo '</pre>';
        foreach ($_GET as $secvalue) {
            if (!is_array($secvalue)) {
                if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue)) {
                    vamMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
                    vam_redirect(FILENAME_DEFAULT);
                }
            }
        }
    }
    //        Lets now sanitize the POST vars
    if (count($_POST) > 0) {
        foreach ($_POST as $secvalue) {
            if (!is_array($secvalue)) {
                if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue)) {
                    vamMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
                    vam_redirect(FILENAME_DEFAULT);
                }
            }
        }
    }
    //        Lets now sanitize the COOKIE vars
    if (count($_COOKIE) > 0) {
        foreach ($_COOKIE as $secvalue) {
            if (!is_array($secvalue)) {
                if (preg_match("/<[^>]*script.*\"?[^>]*>/i", $secvalue) || preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue) || preg_match("/<[^>]*object.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*iframe.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*applet.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*meta.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*style.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*form.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*alert.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*cookie.*\"?[^>]*>/i", $secvalue) || preg_match("/<[^>]*img.*\"?[^>]*>/i", $secvalue)) {
                    vamMailHackAttempt(__FILE__, __LINE__, 'xt:C Security Alert', 'Intrusion detection.');
                    vam_redirect(FILENAME_DEFAULT);
                }
            }
        }
    }
}

Пример #2

Файл: categories.php Проект: nomadcomanche/zdorov_shop

                        } elseif (vam_not_null($_POST['dest_category_id'])) {
                            $dest_category_id = vam_db_prepare_input($_POST['dest_category_id']);
                            if ($_POST['copy_as'] == 'link') {
                                $catfunc->link_product($product_id, $dest_category_id);
                            } elseif ($_POST['copy_as'] == 'duplicate') {
                                $catfunc->duplicate_product($product_id, $dest_category_id);
                            } else {
                                $messageStack->add_session('Copy type not specified.', 'error');
                            }
                        }
                    }
                }
                vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $dest_category_id . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
            }
            // --- MULTI COPY ENDS ---
            vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $_GET['cPath'] . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
            break;
            #EOB multi_action_confirm
    }
    //EOB switch action
}
//EOB if action
// check if the catalog image directory exists
if (is_dir(DIR_FS_CATALOG_IMAGES)) {
    if (!is_writeable(DIR_FS_CATALOG_IMAGES)) {
        $messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_NOT_WRITEABLE, 'error');
    }
} else {
    $messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_DOES_NOT_EXIST, 'error');
}
// end of pre-checks and actions, HTML output follows

Пример #3

Файл: new_attributes.php Проект: nomadcomanche/zdorov_shop

   Released under the GNU General Public License
   --------------------------------------------------------------
   Third Party contributions:
   New Attribute Manager v4b                                Autor: Mike G | mp3man@internetwork.net | http://downloads.ephing.com
   copy attributes                          Autor: Hubi | http://www.netz-designer.de

   Released under the GNU General Public License
   --------------------------------------------------------------*/
require 'includes/application_top.php';
require DIR_WS_MODULES . 'new_attributes_config.php';
require DIR_FS_INC . 'vam_findTitle.inc.php';
require_once DIR_FS_INC . 'vam_format_filesize.inc.php';
if ($_POST['cpath'] != '' && $_POST['action'] == 'change') {
    include DIR_WS_MODULES . 'new_attributes_change.php';
    vam_redirect('./' . FILENAME_CATEGORIES . '?cPath=' . $_POST['cpath'] . '&pID=' . $_POST['current_product_id']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
">
<title><?php 
echo TITLE;
?>

Пример #4

Файл: product_reviews_info.php Проект: nomadcomanche/zdorov_shop

include 'includes/application_top.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'vam_break_string.inc.php';
require_once DIR_FS_INC . 'vam_date_long.inc.php';
// lets retrieve all $HTTP_GET_VARS keys and values..
$get_params = vam_get_all_get_params(array('reviews_id'));
$get_params = substr($get_params, 0, -1);
//remove trailing &
$reviews_query = "select rd.reviews_text, r.reviews_rating, r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, p.products_id, pd.products_name, p.products_image from " . TABLE_REVIEWS . " r left join " . TABLE_PRODUCTS . " p on (r.products_id = p.products_id) left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on (p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'), " . TABLE_REVIEWS_DESCRIPTION . " rd where r.reviews_id = '" . (int) $_GET['reviews_id'] . "' and r.reviews_id = rd.reviews_id and p.products_status = '1'";
$reviews_query = vam_db_query($reviews_query);
if (!vam_db_num_rows($reviews_query)) {
    vam_redirect(vam_href_link(FILENAME_REVIEWS));
}
$reviews = vam_db_fetch_array($reviews_query);
$breadcrumb->add(NAVBAR_TITLE_PRODUCT_REVIEWS, vam_href_link(FILENAME_PRODUCT_REVIEWS, $get_params));
vam_db_query("update " . TABLE_REVIEWS . " set reviews_read = reviews_read+1 where reviews_id = '" . $reviews['reviews_id'] . "'");
$reviews_text = vam_break_string(htmlspecialchars($reviews['reviews_text']), 60, '-<br />');
require DIR_WS_INCLUDES . 'header.php';
$vamTemplate->assign('PRODUCTS_NAME', $reviews['products_name']);
$vamTemplate->assign('AUTHOR', $reviews['customers_name']);
$vamTemplate->assign('DATE', vam_date_long($reviews['date_added']));
$vamTemplate->assign('REVIEWS_TEXT', nl2br($reviews_text));
$vamTemplate->assign('RATING', vam_image('templates/' . CURRENT_TEMPLATE . '/img/stars_' . $reviews['reviews_rating'] . '.gif', sprintf(TEXT_OF_5_STARS, $reviews['reviews_rating'])));
$vamTemplate->assign('PRODUCTS_LINK', vam_href_link(FILENAME_PRODUCT_INFO, vam_product_link($reviews['products_id'], $reviews['products_name'])));
$vamTemplate->assign('BUTTON_BACK', '<a class="button" href="' . vam_href_link(FILENAME_PRODUCT_REVIEWS, $get_params) . '">' . vam_image_button('back.png', IMAGE_BUTTON_BACK) . '</a>');
$vamTemplate->assign('BUTTON_BUY_NOW', '<a class="button" href="' . vam_href_link(FILENAME_DEFAULT, 'action=buy_now&BUYproducts_id=' . $reviews['products_id']) . '">' . vam_image_button('buy.png', IMAGE_BUTTON_IN_CART) . '</a>');
$products_image = DIR_WS_THUMBNAIL_IMAGES . $reviews['products_image'];

Пример #5

Файл: authors.php Проект: nomadcomanche/zdorov_shop

        case 'deleteconfirm':
            $authors_id = vam_db_prepare_input($_GET['auID']);
            vam_db_query("delete from " . TABLE_AUTHORS . " where authors_id = '" . (int) $authors_id . "'");
            vam_db_query("delete from " . TABLE_AUTHORS_INFO . " where authors_id = '" . (int) $authors_id . "'");
            if (isset($_POST['delete_articles']) && $_POST['delete_articles'] == 'on') {
                $articles_query = vam_db_query("select articles_id from " . TABLE_ARTICLES . " where authors_id = '" . (int) $authors_id . "'");
                while ($articles = vam_db_fetch_array($articles_query)) {
                    vam_remove_article($articles['articles_id']);
                }
            } else {
                vam_db_query("update " . TABLE_ARTICLES . " set authors_id = '' where authors_id = '" . (int) $authors_id . "'");
            }
            if (USE_CACHE == 'true') {
                vam_reset_cache_block('authors');
            }
            vam_redirect(vam_href_link(FILENAME_AUTHORS, 'page=' . $_GET['page']));
            break;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
"> 
<title><?php 

Пример #6

Файл: yandex_merchant.php Проект: nomadcomanche/zdorov_shop

 function before_process()
 {
     global $customer_id, $order, $vamPrice, $order_totals, $sendto, $billto, $languages_id, $payment, $currencies, $cart;
     global ${$payment};
     $order_id = substr($_SESSION['cart_yandex_id'], strpos($_SESSION['cart_yandex_id'], '-') + 1);
     // initialized for the email confirmation
     $products_ordered = '';
     $subtotal = 0;
     $total_tax = 0;
     for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
         // Stock Update - Joao Correia
         if (STOCK_LIMITED == 'true') {
             if (DOWNLOAD_ENABLED == 'true') {
                 $stock_query_raw = "SELECT products_quantity, pad.products_attributes_filename, pad.products_attributes_is_pin \n                                FROM " . TABLE_PRODUCTS . " p\n                                LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n                                ON p.products_id=pa.products_id\n                                LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n                                ON pa.products_attributes_id=pad.products_attributes_id\n                                WHERE p.products_id = '" . vam_get_prid($order->products[$i]['id']) . "'";
                 // Will work with only one option for downloadable products
                 // otherwise, we have to build the query dynamically with a loop
                 $products_attributes = $order->products[$i]['attributes'];
                 if (is_array($products_attributes)) {
                     $stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'";
                 }
                 $stock_query = vam_db_query($stock_query_raw);
             } else {
                 $stock_query = vam_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
             }
             if (vam_db_num_rows($stock_query) > 0) {
                 $stock_values = vam_db_fetch_array($stock_query);
                 // do not decrement quantities if products_attributes_filename exists
                 if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename'] || $stock_values['products_attributes_is_pin'] == 1) {
                     $stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];
                 } else {
                     $stock_left = $stock_values['products_quantity'];
                 }
                 vam_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
                 if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
                     vam_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
                 }
             }
         }
         // Update products_ordered (for bestsellers list)
         vam_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . vam_get_prid($order->products[$i]['id']) . "'");
         //------insert customer choosen option to order--------
         $attributes_exist = '0';
         $products_ordered_attributes = '';
         if (isset($order->products[$i]['attributes'])) {
             $attributes_exist = '1';
             for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
                 if (DOWNLOAD_ENABLED == 'true') {
                     $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename, pad.products_attributes_is_pin\n                                   from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n                                   left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n                                   on pa.products_attributes_id=pad.products_attributes_id\n                                   where pa.products_id = '" . $order->products[$i]['id'] . "'\n                                   and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n                                   and pa.options_id = popt.products_options_id\n                                   and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n                                   and pa.options_values_id = poval.products_options_values_id\n                                   and popt.language_id = '" . $_SESSION['languages_id'] . "'\n                                   and poval.language_id = '" . $_SESSION['languages_id'] . "'";
                     $attributes = vam_db_query($attributes_query);
                 } else {
                     $attributes = vam_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $_SESSION['languages_id'] . "' and poval.language_id = '" . $_SESSION['languages_id'] . "'");
                 }
                 $attributes_values = vam_db_fetch_array($attributes);
                 $products_ordered_attributes .= "\n\t" . $attributes_values['products_options_name'] . ' ' . $attributes_values['products_options_values_name'];
             }
         }
         //------insert customer choosen option eof ----
         $total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight'];
         $total_tax += vam_calculate_tax($total_products_price, $products_tax) * $order->products[$i]['qty'];
         $total_cost += $total_products_price;
         $products_ordered .= $order->products[$i]['qty'] . ' x ' . $order->products[$i]['name'] . ' (' . $order->products[$i]['model'] . ') = ' . $vamPrice->Format($order->products[$i]['final_price'], true) . $products_ordered_attributes . "\n";
     }
     // initialize templates
     $vamTemplate = new vamTemplate();
     $vamTemplate->assign('address_label_customer', vam_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'));
     $vamTemplate->assign('address_label_shipping', vam_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'));
     if ($_SESSION['credit_covers'] != '1') {
         $vamTemplate->assign('address_label_payment', vam_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'));
     }
     $vamTemplate->assign('csID', $order->customer['csID']);
     $it = 0;
     $semextrfields = vamDBquery("select * from " . TABLE_EXTRA_FIELDS . " where fields_required_email = '1'");
     while ($dataexfes = vam_db_fetch_array($semextrfields, true)) {
         $cusextrfields = vamDBquery("select * from " . TABLE_CUSTOMERS_TO_EXTRA_FIELDS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and fields_id = '" . $dataexfes['fields_id'] . "'");
         $rescusextrfields = vam_db_fetch_array($cusextrfields, true);
         $extrfieldsinf = vamDBquery("select fields_name from " . TABLE_EXTRA_FIELDS_INFO . " where fields_id = '" . $dataexfes['fields_id'] . "' and languages_id = '" . $_SESSION['languages_id'] . "'");
         $extrfieldsres = vam_db_fetch_array($extrfieldsinf, true);
         $extra_fields .= $extrfieldsres['fields_name'] . ' : ' . $rescusextrfields['value'] . "\n";
         $vamTemplate->assign('customer_extra_fields', $extra_fields);
     }
     $order_total = $order->getTotalData($order_id);
     $vamTemplate->assign('order_data', $order->getOrderData($order_id));
     $vamTemplate->assign('order_total', $order_total['data']);
     // assign language to template for caching
     $vamTemplate->assign('language', $_SESSION['language']);
     $vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
     $vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
     $vamTemplate->assign('oID', $order_id);
     if ($order->info['payment_method'] != '' && $order->info['payment_method'] != 'no_payment') {
         include DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/payment/' . $order->info['payment_method'] . '.php';
         $payment_method = constant(strtoupper('MODULE_PAYMENT_' . $order->info['payment_method'] . '_TEXT_TITLE'));
     }
     $vamTemplate->assign('PAYMENT_METHOD', $payment_method);
     if ($order->info['shipping_method'] != '') {
         $shipping_method = $order->info['shipping_method'];
     }
     $vamTemplate->assign('SHIPPING_METHOD', $shipping_method);
     $vamTemplate->assign('DATE', vam_date_long($order->info['date_purchased']));
     $vamTemplate->assign('NAME', $order->customer['firstname'] . ' ' . $order->customer['lastname']);
     $vamTemplate->assign('COMMENTS', $order->info['comments']);
     $vamTemplate->assign('EMAIL', $order->customer['email_address']);
     $vamTemplate->assign('PHONE', $order->customer['telephone']);
     // dont allow cache
     $vamTemplate->caching = false;
     $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.html');
     $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.txt');
     // create subject
     $order_subject = str_replace('{$nr}', $order_id, EMAIL_BILLING_SUBJECT_ORDER);
     $order_subject = str_replace('{$date}', strftime(DATE_FORMAT_LONG), $order_subject);
     $order_subject = str_replace('{$lastname}', $order->customer['lastname'], $order_subject);
     $order_subject = str_replace('{$firstname}', $order->customer['firstname'], $order_subject);
     // send mail to admin
     vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, $order->customer['email_address'], $order->customer['firstname'], '', '', $order_subject, $html_mail, $txt_mail);
     // send mail to customer
     vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $order_subject, $html_mail, $txt_mail);
     // load the after_process function from the payment modules
     $this->after_process();
     require_once DIR_WS_INCLUDES . 'affiliate_checkout_process.php';
     $_SESSION['cart']->reset(true);
     // unregister session variables used during checkout
     unset($_SESSION['sendto']);
     unset($_SESSION['billto']);
     unset($_SESSION['shipping']);
     unset($_SESSION['payment']);
     unset($_SESSION['comments']);
     unset($_SESSION['cart_yandex_id']);
     vam_redirect(vam_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
 }

Пример #7

Файл: validateSwedPayment.php Проект: nomadcomanche/zdorov_shop

            } else {
                //do nothing
                $cart->reset(true);
                // unregister session variables used during checkout
                vam_session_unregister('sendto');
                vam_session_unregister('billto');
                vam_session_unregister('shipping');
                vam_session_unregister('payment');
                vam_session_unregister('comments');
                vam_redirect(vam_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
            }
        }
        //redirect
    } else {
        //finally redirect to index
        vam_redirect(vam_href_link(FILENAME_DEFAULT, '', 'SSL'));
    }
}
/**
debug function, html formatted
*/
function d($var, $echo = true)
{
    $r = '<pre>';
    $r .= htmlspecialchars(print_r($var, true));
    $r .= '</pre>';
    if ($echo) {
        echo $r;
    }
    return $r;
}

Пример #8

Файл: modules.php Проект: nomadcomanche/zdorov_shop

        vam_redirect(vam_href_link(FILENAME_MODULES, 'set=' . $_GET['set'] . '&module=' . $_GET['module']));
        break;
    case 'install':
    case 'remove':
        $file_extension = substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.'));
        $class = basename($_GET['module']);
        if (file_exists($module_directory . $class . $file_extension)) {
            include $module_directory . $class . $file_extension;
            $module = new $class(0);
            if ($_GET['action'] == 'install') {
                $module->install();
            } elseif ($_GET['action'] == 'remove') {
                $module->remove();
            }
        }
        vam_redirect(vam_href_link(FILENAME_MODULES, 'set=' . $_GET['set'] . '&module=' . $class));
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
"> 
<title><?php 
echo TITLE;

Пример #9

Файл: blacklist.php Проект: nomadcomanche/zdorov_shop

            $update_sql_data = array('last_modified' => 'now()');
            $sql_data_array = vam_array_merge($sql_data_array, $update_sql_data);
            vam_db_perform(TABLE_BLACKLIST, $sql_data_array, 'update', "blacklist_id = '" . vam_db_input($blacklist_id) . "'");
        }
        if (USE_CACHE == 'true') {
            vam_reset_cache_block('blacklist');
        }
        vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'] . '&bID=' . $blacklist_id));
        break;
    case 'deleteconfirm':
        $blacklist_id = vam_db_prepare_input($_GET['bID']);
        vam_db_query("delete from " . TABLE_BLACKLIST . " where blacklist_id = '" . vam_db_input($blacklist_id) . "'");
        if (USE_CACHE == 'true') {
            vam_reset_cache_block('manufacturers');
        }
        vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page']));
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
">
<title><?php 
echo TITLE;

Пример #10

Файл: account_password.php Проект: nomadcomanche/zdorov_shop

        $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
    } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }
    if ($error == false) {
        $check_customer_query = vam_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
        $check_customer = vam_db_fetch_array($check_customer_query);
        if (vam_validate_password($password_current, $check_customer['customers_password'])) {
            vam_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_password = '******', customers_last_modified=now() WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'");
            vam_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . " SET customers_info_date_account_last_modified = now() WHERE customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
            $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
            vam_redirect(vam_href_link(FILENAME_ACCOUNT, '', 'SSL'));
        } else {
            $error = true;
            $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, vam_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, vam_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
if ($messageStack->size('account_password') > 0) {
    $vamTemplate->assign('error', $messageStack->output('account_password'));
}
$vamTemplate->assign('FORM_ACTION', vam_draw_form('account_password', vam_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'), 'post', 'onsubmit="return checkform(this);"') . vam_draw_hidden_field('action', 'process') . vam_draw_hidden_field('required', 'password_current,password_new,password_confirmation', 'id="required"'));
$vamTemplate->assign('INPUT_ACTUAL', vam_draw_password_fieldNote(array('name' => 'password_current', 'text' => '&nbsp;' . (vam_not_null(ENTRY_PASSWORD_CURRENT_TEXT) ? '<span class="Requirement">' . ENTRY_PASSWORD_CURRENT_TEXT . '</span>' : '')), '', 'id="password_current"'));
$vamTemplate->assign('ENTRY_PASSWORD_CURRENT_ERROR', ENTRY_PASSWORD_CURRENT_ERROR);

Пример #11

Файл: gv_redeem.php Проект: nomadcomanche/zdorov_shop

if (isset($_GET['gv_no'])) {
    $error = true;
    $gv_query = vam_db_query("select c.coupon_id, c.coupon_amount from " . TABLE_COUPONS . " c, " . TABLE_COUPON_EMAIL_TRACK . " et where coupon_code = '" . vam_db_input($_GET['gv_no']) . "' and c.coupon_id = et.coupon_id");
    if (vam_db_num_rows($gv_query) > 0) {
        $coupon = vam_db_fetch_array($gv_query);
        $redeem_query = vam_db_query("select coupon_id from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $coupon['coupon_id'] . "'");
        if (vam_db_num_rows($redeem_query) == 0) {
            // check for required session variables
            $_SESSION['gv_id'] = $coupon['coupon_id'];
            $error = false;
        } else {
            $error = true;
        }
    }
} else {
    vam_redirect(FILENAME_DEFAULT);
}
if (!$error && isset($_SESSION['customer_id'])) {
    // Update redeem status
    $gv_query = vam_db_query("insert into  " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $_SESSION['customer_id'] . "', now(),'" . $REMOTE_ADDR . "')");
    $gv_update = vam_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'");
    vam_gv_account_update($_SESSION['customer_id'], $_SESSION['gv_id']);
    unset($_SESSION['gv_id']);
}
$breadcrumb->add(NAVBAR_GV_REDEEM);
$coupon_r = $vamPrice->CalculateCurr($coupon['coupon_amount']);
// if we get here then either the url gv_no was not set or it was invalid
// so output a message.
$vamTemplate->assign('coupon_amount', $vamPrice->Format($coupon_r, true));
$vamTemplate->assign('error', $error);
$vamTemplate->assign('LINK_DEFAULT', '<a class="button" href="' . vam_href_link(FILENAME_DEFAULT) . '">' . vam_image_button('submit.png', IMAGE_BUTTON_CONTINUE) . '</a>');

Пример #12

Файл: yml_import.php Проект: nomadcomanche/zdorov_shop

                vam_db_perform(TABLE_PRODUCTS, array('products_id' => $products_id, 'products_last_modified' => 'now()', 'products_price' => $products_price, 'products_image' => $products_image, 'group_permission_0' => 1, 'group_permission_1' => 1, 'group_permission_2' => 1, 'group_permission_3' => 1, 'products_startpage' => 1, 'products_status' => $products_status, 'products_quantity' => $products_quantity, 'products_date_available' => 'now()'));
                vam_db_perform(TABLE_PRODUCTS_DESCRIPTION, array('products_id' => $products_id, 'products_name' => $products_name, 'products_description' => $products_description, 'language_id' => $_SESSION['languages_id']));
                vam_db_perform(TABLE_PRODUCTS_TO_CATEGORIES, array('products_id' => $products_id, 'categories_id' => $categoryId));
                $count_add++;
            }
            $count++;
        }
        $messageStack->add_session(TEXT_YML_UPDATED . $count_upd, 'success');
        $messageStack->add_session(TEXT_YML_CHANGED . ($count - $count_upd), 'success');
        $messageStack->add_session(TEXT_YML_ADDED . $count_add, 'success');
        $messageStack->add_session(TEXT_YML_CAT_ADDED . $count_cat_add, 'success');
        $messageStack->add_session(TEXT_YML_CAT_UPDATED . $count_cat_upd, 'success');
    } else {
        $messageStack->add_session(TEXT_YML_ERROR, 'error');
    }
    vam_redirect(vam_href_link(FILENAME_YML_IMPORT));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
"> 
<title><?php 
echo TITLE;
?>

Пример #13

Файл: checkout_alternative.php Проект: nomadcomanche/zdorov_shop

            $link = vam_href_link(FILENAME_NEWSLETTER, 'action=activate&email=' . $email_address . '&key=' . $vlcode, 'NONSSL');
            $sql_data_array = array('customers_email_address' => vam_db_input($email_address), 'customers_id' => vam_db_input($_SESSION['customer_id']), 'customers_status' => 2, 'customers_firstname' => vam_db_input($firstname), 'customers_lastname' => vam_db_input($lastname), 'mail_status' => '1', 'mail_key' => vam_db_input($vlcode), 'date_added' => 'now()');
            vam_db_perform(TABLE_NEWSLETTER_RECIPIENTS, $sql_data_array);
            // assign vars
            $vamTemplate->assign('LINK', $link);
        } else {
            $vamTemplate->assign('LINK', false);
        }
        $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/create_account_mail.html');
        $vamTemplate->caching = 0;
        $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/create_account_mail.txt');
        vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $email_address, $name, EMAIL_SUPPORT_FORWARDING_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
        if (!isset($_SESSION['sendto'])) {
            $_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
        }
        vam_redirect(vam_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL'));
    }
}
if ($messageStack->size('checkout_alternative') > 0) {
    $vamTemplate->assign('error', $messageStack->output('checkout_alternative'));
}
if (ACCOUNT_GENDER == 'true') {
    $vamTemplate->assign('gender', '1');
    $vamTemplate->assign('INPUT_MALE', vam_draw_radio_field(array('name' => 'gender', 'suffix' => MALE), 'm', '', 'id="gender" checked="checked"'));
    $vamTemplate->assign('INPUT_FEMALE', vam_draw_radio_field(array('name' => 'gender', 'suffix' => FEMALE, 'text' => vam_not_null(ENTRY_GENDER_TEXT) ? '<span class="Requirement">' . ENTRY_GENDER_TEXT . '</span>' : ''), 'f', '', 'id="gender"'));
} else {
    $vamTemplate->assign('gender', '0');
}
$vamTemplate->assign('INPUT_FIRSTNAME', vam_draw_input_fieldNote(array('name' => 'firstname', 'text' => '&nbsp;' . (vam_not_null(ENTRY_FIRST_NAME_TEXT) ? '<span class="Requirement">' . ENTRY_FIRST_NAME_TEXT . '</span>' : '')), '', 'id="firstname"'));
if (ACCOUNT_SECOND_NAME == 'true') {
    $vamTemplate->assign('secondname', '1');

Пример #14

Файл: checkout_payment_address.php Проект: nomadcomanche/zdorov_shop

        }
        $_SESSION['billto'] = vam_db_prepare_input($_POST['address']);
        $check_address_query = vam_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $_SESSION['customer_id'] . "' and address_book_id = '" . $_SESSION['billto'] . "'");
        $check_address = vam_db_fetch_array($check_address_query);
        if ($check_address['total'] == '1') {
            if ($reset_payment == true) {
                unset($_SESSION['payment']);
            }
            vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
        } else {
            unset($_SESSION['billto']);
        }
        // no addresses to select from - customer decided to keep the current assigned address
    } else {
        $_SESSION['billto'] = $_SESSION['customer_default_address_id'];
        vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
    }
}
// if no billing destination address was selected, use their own address as default
if (!isset($_SESSION['billto'])) {
    $_SESSION['billto'] = $_SESSION['customer_default_address_id'];
}
$breadcrumb->add(NAVBAR_TITLE_1_PAYMENT_ADDRESS, vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_PAYMENT_ADDRESS, vam_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL'));
$addresses_count = vam_count_customer_address_book_entries();
require DIR_WS_INCLUDES . 'header.php';
$vamTemplate->assign('FORM_ACTION', vam_draw_form('checkout_address', vam_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL'), 'post', 'onsubmit="return checkform(this);"') . vam_draw_hidden_field('required', 'gender,firstname,lastname,address,postcode,city,state,country', 'id="required"'));
if ($messageStack->size('checkout_address') > 0) {
    $vamTemplate->assign('error', $messageStack->output('checkout_address'));
}
if ($process == false) {

Пример #15

Файл: edit_orders.php Проект: nomadcomanche/zdorov_shop

     // dont allow cache
     $vamTemplate->caching = false;
     $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.html');
     $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/order_mail.txt');
     // create subject
     $order_subject = str_replace('{$nr}', $oID, EMAIL_BILLING_SUBJECT_ORDER);
     $order_subject = str_replace('{$date}', strftime(DATE_FORMAT_LONG), $order_subject);
     $order_subject = str_replace('{$lastname}', $order->customer['lastname'], $order_subject);
     $order_subject = str_replace('{$firstname}', $order->customer['firstname'], $order_subject);
     // send mail to admin
     vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_BILLING_ADDRESS, STORE_NAME, EMAIL_BILLING_FORWARDING_STRING, $order->customer['email_address'], $order->customer['firstname'], '', '', $order_subject, $html_mail, $txt_mail);
     // send mail to customer
     vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $order->customer['email_address'], $order->customer['firstname'] . ' ' . $order->customer['lastname'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', $order_subject, $html_mail, $txt_mail);
     //do the dirty
     $messageStack->add_session(SUCCESS_EMAIL_SENT, 'success');
     vam_redirect(vam_href_link(FILENAME_ORDERS_EDIT, vam_get_all_get_params(array('action')) . 'action=edit'));
     break;
     ////
     // Edit Order
 ////
 // Edit Order
 case 'edit':
     if (!isset($_GET['oID'])) {
         $messageStack->add(ERROR_NO_ORDER_SELECTED, 'error');
         break;
     }
     $oID = vam_db_prepare_input($_GET['oID']);
     $orders_query = vam_db_query("select orders_id from " . TABLE_ORDERS . " where orders_id = '" . (int) $oID . "'");
     $order_exists = true;
     if (!vam_db_num_rows($orders_query)) {
         $order_exists = false;

Пример #16

Файл: recover_cart_sales.php Проект: nomadcomanche/zdorov_shop

   --------------------------------------------------------------*/
require 'includes/application_top.php';
require_once DIR_FS_CATALOG . 'includes/external/phpmailer/class.phpmailer.php';
require_once DIR_FS_INC . 'vam_php_mail.inc.php';
// initiate template engine for mail
$vamTemplate = new vamTemplate();
require DIR_WS_CLASSES . 'currencies.php';
$currencies = new currencies();
$custid = $_POST['custid'];
// Delete Entry Begin
if ($_GET['action'] == 'delete') {
    $reset_query_raw = "delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id={$_GET['customer_id']}";
    vam_db_query($reset_query_raw);
    $reset_query_raw2 = "delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id={$_GET['customer_id']}";
    vam_db_query($reset_query_raw2);
    vam_redirect(vam_href_link(FILENAME_RECOVER_CART_SALES, 'delete=1&customer_id=' . $_GET['customer_id'] . '&tdate=' . $_GET['tdate']));
}
if ($_GET['delete']) {
    $messageStack->add(MESSAGE_STACK_CUSTOMER_ID . $_GET['customer_id'] . MESSAGE_STACK_DELETE_SUCCESS, 'success');
}
// Delete Entry End
/**
 * CONFIGURATION VARIABLES
 */
// E-mail Time to Live :: Default=90
$EMAIL_TTL = 90;
// Default number of days to look back from today for
// abadoned carts, today equals 0 (zero) :: Default=10
$BASE_DAYS = 10;
// Display item attributes. Some sites have attributes
// for their items some do not, if you need them

Пример #17

Файл: general.php Проект: nomadcomanche/zdorov_shop

function vam_check_permission($pagename)
{
    if ($pagename != 'index') {
        $access_permission_query = vam_db_query("select `" . $pagename . "` from " . TABLE_ADMIN_ACCESS . " where customers_id = '" . $_SESSION['customer_id'] . "'");
        $access_permission = vam_db_fetch_array($access_permission_query);
        if ($_SESSION['customers_status']['customers_status_id'] == '0' && $access_permission[$pagename] == '1') {
            return true;
        } else {
            return false;
        }
    } else {
        vam_redirect(vam_href_link(FILENAME_LOGIN));
    }
}

Пример #18

Файл: account_history.php Проект: nomadcomanche/zdorov_shop

   (c) 2004	 xt:Commerce (account_history.php,v 1.13 2003/08/17); xt-commerce.com

   Released under the GNU General Public License 
   ---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'vam_count_customer_orders.inc.php';
require_once DIR_FS_INC . 'vam_date_long.inc.php';
require_once DIR_FS_INC . 'vam_image_button.inc.php';
require_once DIR_FS_INC . 'vam_get_all_get_params.inc.php';
if (!isset($_SESSION['customer_id'])) {
    vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_HISTORY, vam_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_HISTORY, vam_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$module_content = array();
if (($orders_total = vam_count_customer_orders()) > 0) {
    $history_query_raw = "select o.orders_id, o.date_purchased, o.delivery_name, o.billing_name, ot.text as order_total, s.orders_status_name from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int) $_SESSION['customer_id'] . "' and o.orders_id = ot.orders_id and ot.class = 'ot_total' and o.orders_status = s.orders_status_id and s.language_id = '" . (int) $_SESSION['languages_id'] . "' order by orders_id DESC";
    $history_split = new splitPageResults($history_query_raw, $_GET['page'], MAX_DISPLAY_ORDER_HISTORY);
    $history_query = vam_db_query($history_split->sql_query);
    while ($history = vam_db_fetch_array($history_query)) {
        $products_query = vam_db_query("select count(*) as count from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . $history['orders_id'] . "'");
        $products = vam_db_fetch_array($products_query);
        if (vam_not_null($history['delivery_name'])) {
            $order_type = TEXT_ORDER_SHIPPED_TO;
            $order_name = $history['delivery_name'];

Пример #19

Файл: shipping_status.php Проект: nomadcomanche/zdorov_shop

            vam_db_query("update " . TABLE_SHIPPING_STATUS . " set shipping_status_image = '" . $shipping_status_image->filename . "' where shipping_status_id = '" . vam_db_input($shipping_status_id) . "'");
        }
        if ($_POST['default'] == 'on') {
            vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . vam_db_input($shipping_status_id) . "' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
        }
        vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page'] . '&oID=' . $shipping_status_id));
        break;
    case 'deleteconfirm':
        $oID = vam_db_prepare_input($_GET['oID']);
        $shipping_status_query = vam_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
        $shipping_status = vam_db_fetch_array($shipping_status_query);
        if ($shipping_status['configuration_value'] == $oID) {
            vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
        }
        vam_db_query("delete from " . TABLE_SHIPPING_STATUS . " where shipping_status_id = '" . vam_db_input($oID) . "'");
        vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page']));
        break;
    case 'delete':
        $oID = vam_db_prepare_input($_GET['oID']);
        $remove_status = true;
        if ($oID == DEFAULT_SHIPPING_STATUS_ID) {
            $remove_status = false;
            $messageStack->add(ERROR_REMOVE_DEFAULT_SHIPPING_STATUS, 'error');
        } else {
        }
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;

Пример #20

Файл: geo_zones.php Проект: nomadcomanche/zdorov_shop

        vam_db_query("insert into " . TABLE_GEO_ZONES . " (geo_zone_name, geo_zone_description, date_added) values ('" . vam_db_input($geo_zone_name) . "', '" . vam_db_input($geo_zone_description) . "', now())");
        $new_zone_id = vam_db_insert_id();
        vam_redirect(vam_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $new_zone_id));
        break;
    case 'save_zone':
        $zID = vam_db_prepare_input($_GET['zID']);
        $geo_zone_name = vam_db_prepare_input($_POST['geo_zone_name']);
        $geo_zone_description = vam_db_prepare_input($_POST['geo_zone_description']);
        vam_db_query("update " . TABLE_GEO_ZONES . " set geo_zone_name = '" . vam_db_input($geo_zone_name) . "', geo_zone_description = '" . vam_db_input($geo_zone_description) . "', last_modified = now() where geo_zone_id = '" . vam_db_input($zID) . "'");
        vam_redirect(vam_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage'] . '&zID=' . $_GET['zID']));
        break;
    case 'deleteconfirm_zone':
        $zID = vam_db_prepare_input($_GET['zID']);
        vam_db_query("delete from " . TABLE_GEO_ZONES . " where geo_zone_id = '" . vam_db_input($zID) . "'");
        vam_db_query("delete from " . TABLE_ZONES_TO_GEO_ZONES . " where geo_zone_id = '" . vam_db_input($zID) . "'");
        vam_redirect(vam_href_link(FILENAME_GEO_ZONES, 'zpage=' . $_GET['zpage']));
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
"> 
<title><?php 
echo TITLE;

Пример #21

Файл: affiliate_contact.php Проект: nomadcomanche/zdorov_shop

        //        $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
        //        $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
        //        break;
        default:
            $affiliate_email_address = vam_db_prepare_input($_POST['affiliate_email_address']);
            $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . vam_db_input($affiliate_email_address) . "'");
            $mail_sent_to = $_POST['affiliate_email_address'];
            break;
    }
    $from = vam_db_prepare_input($_POST['from']);
    $subject = vam_db_prepare_input($_POST['subject']);
    $message = vam_db_prepare_input($_POST['message']);
    while ($mail = vam_db_fetch_array($mail_query)) {
        vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $mail['affiliate_email_address'], $mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $subject, $message, $message);
    }
    vam_redirect(vam_href_link(FILENAME_AFFILIATE_CONTACT, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['affiliate_email_address']) {
    $messageStack->add(ERROR_NO_AFFILIATE_SELECTED, 'error');
}
if (vam_not_null($_GET['mail_sent_to'])) {
    $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset="<?php 

Пример #22

Файл: orders.php Проект: nomadcomanche/zdorov_shop

                    $txt_mail_admin = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/accumulated_discount_admin.txt');
                    vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_ACC_SUBJECT, $html_mail_admin, $txt_mail_admin);
                    //email to customer
                    $html_mail_customer = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/accumulated_discount_customer.html');
                    $txt_mail_customer = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $order->info['language'] . '/accumulated_discount_customer.txt');
                    vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $check_status['customers_email_address'], $check_status['customers_name'], '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_ACC_SUBJECT, $html_mail_customer, $txt_mail_customer);
                }
            }
        }
        // eof denuz added accumulated discount
        vam_redirect(vam_href_link(FILENAME_ORDERS, vam_get_all_get_params(array('action')) . 'action=edit'));
        break;
    case 'deleteconfirm':
        $oID = vam_db_prepare_input($_GET['oID']);
        vam_remove_order($oID, $_POST['restock']);
        vam_redirect(vam_href_link(FILENAME_ORDERS, vam_get_all_get_params(array('oID', 'action'))));
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
">
<title><?php 
echo TITLE;

Пример #23

Файл: pm2checkout.php Проект: nomadcomanche/zdorov_shop

 function before_process()
 {
     if ($_POST['credit_card_processed'] != 'Y') {
         vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(MODULE_PAYMENT_PM2CHECKOUT_TEXT_ERROR_MESSAGE), 'SSL', true, false));
     }
 }

Пример #24

Файл: download.php Проект: nomadcomanche/zdorov_shop

// Die if remaining count is <=0
if ($downloads['download_count'] <= 0) {
    die;
}
// Die if file is not there
if (!file_exists(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'])) {
    die;
}
// Now decrement counter
vam_db_query("update " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " set download_count = download_count-1 where orders_products_download_id = '" . (int) $_GET['id'] . "'");
// Now send the file with header() magic
header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: Application/octet-stream");
header("Content-Length: " . filesize(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']));
header("Content-disposition: attachment; filename=\"" . $downloads['orders_products_filename'] . "\"");
if (DOWNLOAD_BY_REDIRECT == 'true') {
    // This will work only on Unix/Linux hosts
    vam_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC);
    $tempdir = vam_random_name();
    umask(00);
    mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777);
    symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']);
    vam_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']);
} else {
    // This will work on all systems, but will need considerable resources
    // We could also loop with fread($fp, 4096) to save memory
    readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']);
}

Пример #25

Файл: password_double_opt.php Проект: nomadcomanche/zdorov_shop

        vam_db_query("update " . TABLE_CUSTOMERS . " set password_request_key = '' where customers_id = '" . $check_customer['customers_id'] . "'");
        // assign language to template for caching
        $vamTemplate->assign('language', $_SESSION['language']);
        $vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
        $vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
        // assign vars
        $vamTemplate->assign('EMAIL', $check_customer['customers_email_address']);
        $vamTemplate->assign('NEW_PASSWORD', $newpass);
        // dont allow cache
        $vamTemplate->caching = false;
        // create mails
        $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/new_password_mail.html');
        $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/mail/' . $_SESSION['language'] . '/new_password_mail.txt');
        vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $check_customer['customers_email_address'], '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_PASSWORD_NEW_PASSWORD, $html_mail, $txt_mail);
        if (!isset($mail_error)) {
            vam_redirect(vam_href_link(FILENAME_LOGIN, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_PASSWORD_DOUBLE_OPT, vam_href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'NONSSL'));
require DIR_WS_INCLUDES . 'header.php';
switch ($case) {
    case first_opt_in:
        $vamTemplate->assign('text_heading', HEADING_PASSWORD_FORGOTTEN);
        $vamTemplate->assign('info_message', $info_message);
        $vamTemplate->assign('info_message', TEXT_LINK_MAIL_SENDED);
        $vamTemplate->assign('language', $_SESSION['language']);
        $vamTemplate->caching = 0;
        $main_content = $vamTemplate->fetch(CURRENT_TEMPLATE . '/module/password_messages.html');
        break;
    case second_opt_in:

Пример #26

Файл: reviews.php Проект: nomadcomanche/zdorov_shop

if ($_GET['action']) {
    switch ($_GET['action']) {
        case 'update':
            $reviews_id = vam_db_prepare_input($_GET['rID']);
            $reviews_rating = vam_db_prepare_input($_POST['reviews_rating']);
            $last_modified = vam_db_prepare_input($_POST['last_modified']);
            $reviews_text = vam_db_prepare_input($_POST['reviews_text']);
            vam_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . vam_db_input($reviews_rating) . "', last_modified = now() where reviews_id = '" . vam_db_input($reviews_id) . "'");
            vam_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . vam_db_input($reviews_text) . "' where reviews_id = '" . vam_db_input($reviews_id) . "'");
            vam_redirect(vam_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id));
            break;
        case 'deleteconfirm':
            $reviews_id = vam_db_prepare_input($_GET['rID']);
            vam_db_query("delete from " . TABLE_REVIEWS . " where reviews_id = '" . vam_db_input($reviews_id) . "'");
            vam_db_query("delete from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . vam_db_input($reviews_id) . "'");
            vam_redirect(vam_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page']));
            break;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $_SESSION['language_charset'];
?>
"> 
<title><?php 

Пример #27

Файл: affiliate_payment.php Проект: nomadcomanche/zdorov_shop

                vam_php_mail(AFFILIATE_EMAIL_ADDRESS, EMAIL_SUPPORT_NAME, $check_status['affiliate_email_address'], $check_status['affiliate_firstname'] . ' ' . $check_status['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_TEXT_SUBJECT, nl2br($email), $email);
                $affiliate_notified = '1';
            }
            vam_db_query("insert into " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " (affiliate_payment_id, affiliate_new_value, affiliate_old_value, affiliate_date_added, affiliate_notified) values ('" . vam_db_input($pID) . "', '" . vam_db_input($status) . "', '" . $check_status['affiliate_payment_status'] . "', now(), '" . $affiliate_notified . "')");
            $order_updated = true;
        }
        if ($order_updated) {
            $messageStack->add_session(SUCCESS_PAYMENT_UPDATED, 'success');
        }
        vam_redirect(vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('action')) . 'action=edit'));
        break;
    case 'deleteconfirm':
        $pID = vam_db_prepare_input($_GET['pID']);
        vam_db_query("delete from " . TABLE_AFFILIATE_PAYMENT . " where affiliate_payment_id = '" . vam_db_input($pID) . "'");
        vam_db_query("delete from " . TABLE_AFFILIATE_PAYMENT_STATUS_HISTORY . " where affiliate_payment_id = '" . vam_db_input($pID) . "'");
        vam_redirect(vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID', 'action'))));
        break;
}
if ($_GET['action'] == 'edit' && vam_not_null($_GET['pID'])) {
    $pID = vam_db_prepare_input($_GET['pID']);
    $payments_query = vam_db_query("select p.*,  a.affiliate_payment_check, a.affiliate_payment_paypal, a.affiliate_payment_bank_name, a.affiliate_payment_bank_branch_number, a.affiliate_payment_bank_swift_code, a.affiliate_payment_bank_account_name, a.affiliate_payment_bank_account_number from " . TABLE_AFFILIATE_PAYMENT . " p, " . TABLE_AFFILIATE . " a where affiliate_payment_id = '" . vam_db_input($pID) . "' and a.affiliate_id = p.affiliate_id");
    $payments_exists = true;
    if (!($payments = vam_db_fetch_array($payments_query))) {
        $payments_exists = false;
        $messageStack->add(sprintf(ERROR_PAYMENT_DOES_NOT_EXIST, $pID), 'error');
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;

Пример #28

Файл: affiliate_sales.php Проект: nomadcomanche/zdorov_shop

   Released under the GNU General Public License
   ---------------------------------------------------------------------------*/
require 'includes/application_top.php';
// create smarty elements
$vamTemplate = new vamTemplate();
// include needed functions
require_once DIR_FS_INC . 'affiliate_period.inc.php';
require_once DIR_FS_INC . 'affiliate_get_status_list.inc.php';
require_once DIR_FS_INC . 'affiliate_get_status_array.inc.php';
require_once DIR_FS_INC . 'affiliate_get_level_list.inc.php';
require_once DIR_FS_INC . 'vam_date_short.inc.php';
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
if (!isset($_SESSION['affiliate_id'])) {
    vam_redirect(vam_href_link(FILENAME_AFFILIATE, '', 'SSL'));
}
$breadcrumb->add(NAVBAR_TITLE, vam_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_SALES, vam_href_link(FILENAME_AFFILIATE_SALES, '', 'SSL'));
if (!isset($_GET['page'])) {
    $_GET['page'] = 1;
}
if (vam_not_null($_GET['a_period'])) {
    $period_split = preg_split('/-/', vam_db_prepare_input($_GET['a_period']));
    $period_clause = " AND year(a.affiliate_date) = " . $period_split[0] . " and month(a.affiliate_date) = " . $period_split[1];
}
if (vam_not_null($_GET['a_status'])) {
    $a_status = vam_db_prepare_input($_GET['a_status']);
    $status_clause = " AND o.orders_status = '" . $a_status . "'";
}
if (is_numeric($_GET['a_level'])) {

Пример #29

Файл: redirect.php Проект: nomadcomanche/zdorov_shop

        } else {
            vam_redirect(vam_href_link(FILENAME_DEFAULT));
        }
        break;
    case 'manufacturer':
        if (isset($_GET['manufacturers_id'])) {
            $manufacturer_query = vam_db_query("select manufacturers_url from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and languages_id = '" . (int) $_SESSION['languages_id'] . "'");
            if (!vam_db_num_rows($manufacturer_query)) {
                // no url exists for the selected language, lets use the default language then
                $manufacturer_query = vam_db_query("select mi.languages_id, mi.manufacturers_url from " . TABLE_MANUFACTURERS_INFO . " mi, " . TABLE_LANGUAGES . " l where mi.manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and mi.languages_id = l.languages_id and l.code = '" . DEFAULT_LANGUAGE . "'");
                if (!vam_db_num_rows($manufacturer_query)) {
                    // no url exists, return to the site
                    vam_redirect(vam_href_link(FILENAME_DEFAULT));
                } else {
                    $manufacturer = vam_db_fetch_array($manufacturer_query);
                    vam_db_query("update " . TABLE_MANUFACTURERS_INFO . " set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and languages_id = '" . $manufacturer['languages_id'] . "'");
                }
            } else {
                // url exists in selected language
                $manufacturer = vam_db_fetch_array($manufacturer_query);
                vam_db_query("update " . TABLE_MANUFACTURERS_INFO . " set url_clicked = url_clicked+1, date_last_click = now() where manufacturers_id = '" . (int) $_GET['manufacturers_id'] . "' and languages_id = '" . $_SESSION['languages_id'] . "'");
            }
            vam_redirect($manufacturer['manufacturers_url']);
        } else {
            vam_redirect(vam_href_link(FILENAME_DEFAULT));
        }
        break;
    default:
        vam_redirect(vam_href_link(FILENAME_DEFAULT));
        break;
}

Пример #30

Файл: gv_mail.php Проект: nomadcomanche/zdorov_shop

        $vamTemplate->assign('WEBSITE', HTTP_SERVER . DIR_WS_CATALOG);
        if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
            $link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '/gv_no,' . $id1;
        } else {
            $link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no=' . $id1;
        }
        $vamTemplate->assign('GIFT_LINK', $link);
        $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.html');
        $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.txt');
        vam_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, $_POST['email_to'], '', '', EMAIL_BILLING_REPLY_ADDRESS, EMAIL_BILLING_REPLY_ADDRESS_NAME, '', '', EMAIL_BILLING_SUBJECT, $html_mail, $txt_mail);
        // Now create the coupon email entry
        $insert_query = vam_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $_POST['amount'] . "', now())");
        $insert_id = vam_db_insert_id($insert_query);
        $insert_query = vam_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $_POST['email_to'] . "', now() )");
    }
    vam_redirect(vam_href_link(FILENAME_GV_MAIL, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['customers_email_address'] && !$_POST['email_to']) {
    $messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($_GET['action'] == 'preview' && !$_POST['amount']) {
    $messageStack->add(ERROR_NO_AMOUNT_SELECTED, 'error');
}
if ($_GET['mail_sent_to']) {
    $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php 
echo HTML_PARAMS;
?>