function xos_redirect($url, $change_connection = true)
{
global $request_type;
if (strstr($url, "\n") != false || strstr($url, "\r") != false) {
xos_redirect(xos_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}
if (ENABLE_SSL == 'true' && $request_type == 'SSL' && $change_connection == true) {
// We are loading an SSL page
if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) {
// NONSSL url
$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER));
// Change it to SSL
}
}
$url = str_replace('&', '&', $url);
header_remove();
header('Location: ' . $url);
exit;
}
xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where languages_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_TAX_RATES_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_CURRENCIES . " where language_id = '" . (int) $lID . "'");
$default_language_id_query = xos_db_query("select languages_id from " . TABLE_LANGUAGES . " where code = '" . DEFAULT_LANGUAGE . "'");
$default_language_id = xos_db_fetch_array($default_language_id_query);
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_language_id = '" . (int) $default_language_id['languages_id'] . "' where customers_language_id = '" . (int) $lID . "'");
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . (int) $default_language_id['languages_id'] . "' where subscriber_language_id = '" . (int) $lID . "'");
if ($_SESSION['languages_id'] == (int) $lID) {
unset($_SESSION['language']);
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page']));
break;
case 'delete':
$lID = xos_db_prepare_input($_GET['lID']);
$lng_query = xos_db_query("select code from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'");
$lng = xos_db_fetch_array($lng_query);
$remove_language = true;
if ($lng['code'] == DEFAULT_LANGUAGE) {
$remove_language = false;
$messageStack->add('header', ERROR_REMOVE_DEFAULT_LANGUAGE, 'error');
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
$current_path_array = explode('/', $_SESSION['current_path']);
$document_root_array = explode('/', $dir_fs_document_root);
$goto_array = array(array('id' => $dir_fs_document_root, 'text' => '/'));
for ($i = 0, $n = sizeof($current_path_array); $i < $n; $i++) {
if (isset($document_root_array[$i]) && $current_path_array[$i] != $document_root_array[$i] || !isset($document_root_array[$i])) {
$goto_array[] = array('id' => implode('/', array_slice($current_path_array, 0, $i + 1)), 'text' => $current_path_array[$i]);
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if ($action == 'new_file' && $directory_writeable == true || $action == 'edit') {
if (isset($_GET['info']) && strstr($_GET['info'], '..')) {
xos_redirect(xos_href_link(FILENAME_FILE_MANAGER));
}
if (!isset($file_writeable)) {
$file_writeable = true;
}
$file_contents = '';
if ($action == 'new_file') {
$filename_input_field = xos_draw_input_field('filename');
} elseif ($action == 'edit') {
if ($file_array = file($_SESSION['current_path'] . '/' . $_GET['info'])) {
$file_contents = implode('', $file_array);
}
$filename_input_field = $_GET['info'] . xos_draw_hidden_field('filename', $_GET['info']);
}
if ($file_writeable == true) {
$smarty->assign('file_writeable', true);
<?php
if (!isset($_SESSION['customer_id'])) {
$_SESSION['navigation']->remove_current_page();
$_SESSION['navigation']->set_snapshot();
xos_redirect(xos_href_link(FILENAME_LOGIN, '', 'SSL'));
}
class splitPageResultsBootstrap extends splitPageResults
{
/* class function display_links for Bootstrap pagination */
// display split-page-number-links
function display_links($max_page_links, $parameters = '')
{
global $request_type;
$display_links_string = '';
if (xos_not_null($parameters) && substr($parameters, -1) != '&') {
$parameters .= '&';
}
// previous button
if ($this->current_page_number > 1) {
$display_links_string .= '<li><a href="' . xos_href_link(basename($_SERVER['PHP_SELF']), $parameters . $this->page_name . '=' . ($this->current_page_number - 1), $request_type) . '" class="page-results" title=" ' . PREVNEXT_TITLE_PREVIOUS_PAGE . ' ">' . PREVNEXT_BUTTON_PREV . '</a></li>';
} elseif ($this->number_of_pages != 1) {
$display_links_string .= '<li class="disabled"><span><span aria-hidden="true">' . PREVNEXT_BUTTON_PREV . '</span></span></li>';
}
// check if number_of_pages > $max_page_links
$cur_window_num = intval($this->current_page_number / $max_page_links);
if ($this->current_page_number % $max_page_links) {
$cur_window_num++;
}
$max_window_num = intval($this->number_of_pages / $max_page_links);
if ($this->number_of_pages % $max_page_links) {
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$email_address = xos_db_prepare_input($_POST['email_address']);
$password = xos_db_prepare_input($_POST['password']);
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$error = true;
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
// Check that password is good
if (!xos_validate_password($password, $check_admin['login_password'])) {
$error = true;
} else {
$_SESSION['access_allowed'] = true;
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
}
}
}
if ($error == true) {
unset($_SESSION['access_allowed']);
$messageStack->add('offline', TEXT_OFFLINE_ERROR);
}
$site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_OFFLINE, '', 'SSL'));
require DIR_WS_INCLUDES . 'html_header.php';
// require(DIR_WS_INCLUDES . 'boxes.php');
// require(DIR_WS_INCLUDES . 'header.php');
// require(DIR_WS_INCLUDES . 'footer.php');
if ($messageStack->size('offline') > 0) {
$smarty->assign('message_stack', $messageStack->output('offline'));
$smarty->assign('message_stack_error', $messageStack->output('offline', 'error'));
xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'");
// reset the session variables
if (ACCOUNT_GENDER == 'true') {
$_SESSION['customer_gender'] = $gender;
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success');
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
}
$account_query = xos_db_query("select customers_gender, customers_c_id, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_language_id, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$account = xos_db_fetch_array($account_query);
$site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'));
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
if ($messageStack->size('account_edit') > 0) {
$smarty->assign('message_stack', $messageStack->output('account_edit'));
$smarty->assign('message_stack_error', $messageStack->output('account_edit', 'error'));
$smarty->assign('message_stack_warning', $messageStack->output('account_edit', 'warning'));
$smarty->assign('message_stack_success', $messageStack->output('account_edit', 'success'));
$image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image'];
@unlink($image_location);
}
}
xos_db_query("delete from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') {
$products_query = xos_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
while ($products = xos_db_fetch_array($products_query)) {
xos_remove_product($products['products_id']);
}
} else {
xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), manufacturers_id = '' where manufacturers_id = '" . (int) $manufacturers_id . "'");
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, 'page=' . $_GET['page']));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$manufacturers_query_raw = "select m.manufacturers_id, m.manufacturers_image, m.date_added, m.last_modified, mi.manufacturers_name from " . TABLE_MANUFACTURERS . " m, " . TABLE_MANUFACTURERS_INFO . " mi where m.manufacturers_id = mi.manufacturers_id and mi.languages_id = '" . (int) $_SESSION['used_lng_id'] . "' order by mi.manufacturers_name";
$manufacturers_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $manufacturers_query_raw, $manufacturers_query_numrows);
$manufacturers_query = xos_db_query($manufacturers_query_raw);
$manufacturers_array = array();
while ($manufacturers = xos_db_fetch_array($manufacturers_query)) {
if ((!isset($_GET['mID']) || isset($_GET['mID']) && $_GET['mID'] == $manufacturers['manufacturers_id']) && !isset($mInfo) && substr($action, 0, 3) != 'new') {
$manufacturer_products_query = xos_db_query("select count(*) as products_count from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers['manufacturers_id'] . "'");
$reviews_text = xos_db_prepare_input(substr(strip_tags($_POST['reviews_text']), 0, 1000));
xos_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . xos_db_input($reviews_rating) . "', last_modified = now() where reviews_id = '" . (int) $reviews_id . "'");
xos_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . xos_db_input($reviews_text) . "' where reviews_id = '" . (int) $reviews_id . "'");
$smarty_cache_control->clearCache(null, 'L3|cc_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info');
xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id));
break;
case 'deleteconfirm':
$reviews_id = xos_db_prepare_input($_GET['rID']);
xos_db_query("delete from " . TABLE_REVIEWS . " where reviews_id = '" . (int) $reviews_id . "'");
xos_db_query("delete from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . (int) $reviews_id . "'");
$smarty_cache_control->clearCache(null, 'L3|cc_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info');
xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page']));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if ($action == 'edit') {
$rID = xos_db_prepare_input($_GET['rID']);
$reviews_query = xos_db_query("select r.reviews_id, r.products_id, r.customers_name, r.date_added, r.last_modified, r.reviews_read, rd.reviews_text, r.reviews_rating from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd where r.reviews_id = '" . (int) $rID . "' and r.reviews_id = rd.reviews_id");
$reviews = xos_db_fetch_array($reviews_query);
$products_query = xos_db_query("select products_image from " . TABLE_PRODUCTS . " where products_id = '" . (int) $reviews['products_id'] . "'");
$products = xos_db_fetch_array($products_query);
$products_name_query = xos_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int) $reviews['products_id'] . "' and language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
$rate = $quote_function($currency['code']);
if (empty($rate) && xos_not_null(CURRENCY_SERVER_BACKUP)) {
$messageStack->add_session('header', sprintf(WARNING_PRIMARY_SERVER_FAILED, CURRENCY_SERVER_PRIMARY, $currency['title'], $currency['code']), 'warning');
$quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency';
$rate = $quote_function($currency['code']);
$server_used = CURRENCY_SERVER_BACKUP;
}
if (xos_not_null($rate)) {
xos_db_query("update " . TABLE_CURRENCIES . " set value = '" . $rate . "', last_updated = now() where currencies_id = '" . (int) $currency['currencies_id'] . "'");
$messageStack->add_session('header', sprintf(TEXT_INFO_CURRENCY_UPDATED, $currency['title'], $currency['code'], $server_used), 'success');
} else {
$messageStack->add_session('header', sprintf(ERROR_CURRENCY_INVALID, $currency['title'], $currency['code'], $server_used), 'error');
}
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'delete':
$currencies_id = xos_db_prepare_input($_GET['cID']);
$currency_query = xos_db_query("select code from " . TABLE_CURRENCIES . " where currencies_id = '" . (int) $currencies_id . "'");
$currency = xos_db_fetch_array($currency_query);
$remove_currency = true;
if ($currency['code'] == DEFAULT_CURRENCY) {
$remove_currency = false;
$messageStack->add('header', ERROR_REMOVE_DEFAULT_CURRENCY, 'error');
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
$my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . "");
$my_old_account = xos_db_fetch_array($my_old_account_query);
$sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()');
$admin_password = xos_db_prepare_input($_POST['admin_password']);
if (xos_not_null($admin_password)) {
$insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password));
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
}
xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
if (SEND_EMAILS == 'true') {
$email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error');
}
}
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT));
}
break;
}
}
$my_account_query = xos_db_query("select a.admin_id, a.admin_firstname, a.admin_lastname, a.admin_email_address, a.admin_created, a.admin_modified, a.admin_logdate, a.admin_lognum, g.admin_groups_name from " . TABLE_ADMIN . " a, " . TABLE_ADMIN_GROUPS . " g where a.admin_id= " . $_SESSION['login_id'] . " and g.admin_groups_id= " . $_SESSION['login_groups_id'] . "");
$myAccount = xos_db_fetch_array($my_account_query);
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require 'includes/account_check.js.php';
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if ($action == 'edit_process') {
$smarty->assign('form_begin_save_account', xos_draw_form('account', FILENAME_ADMIN_ACCOUNT, 'action=save_account', 'post', 'enctype="multipart/form-data"'));
} elseif ($action == 'check_account') {
$file = DIR_FS_SMARTY . 'catalog/languages/' . $_GET['lngdir'] . '/modules/shipping/' . $_GET['filename'];
} else {
$file = DIR_FS_SMARTY . 'catalog/languages/' . $_GET['lngdir'] . '/' . $_GET['filename'];
}
if (file_exists($file)) {
if (file_exists('bak' . $file)) {
@unlink('bak' . $file);
}
@rename($file, 'bak' . $file);
$new_file = fopen($file, 'w');
$file_contents = stripslashes($_POST['file_contents']);
fwrite($new_file, $file_contents, strlen($file_contents));
fclose($new_file);
$messageStack->add_session('header', sprintf(TEXT_FILE_UPDATED, $_GET['filename']), 'success');
}
xos_redirect(xos_href_link(FILENAME_DEFINE_LANGUAGE, 'lngdir=' . $_GET['lngdir']));
}
break;
}
}
$languages_array = array();
$languages = xos_get_languages();
$lng_exists = false;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
if ($languages[$i]['directory'] == $_GET['lngdir']) {
$lng_exists = true;
}
$languages_array[] = array('id' => $languages[$i]['directory'], 'text' => $languages[$i]['name']);
}
if (!$lng_exists) {
$_GET['lngdir'] = $_SESSION['language'];
function before_process()
{
if ($_POST['valid'] == 'true') {
if ($remote_host = getenv('REMOTE_HOST')) {
if ($remote_host != 'secpay.com') {
$remote_host = gethostbyaddr($remote_host);
}
if ($remote_host != 'secpay.com') {
xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, xos_session_name() . '=' . $_POST[xos_session_name()] . '&payment_error=' . $this->code, 'SSL', false, false));
}
} else {
xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, xos_session_name() . '=' . $_POST[xos_session_name()] . '&payment_error=' . $this->code, 'SSL', false, false));
}
}
}
// next window of pages
if ($cur_window_num < $max_window_num) {
$display_links_string .= '<li><a href="' . xos_href_link(basename($_SERVER['PHP_SELF']), $parameters . $this->page_name . '=' . ($cur_window_num * $max_page_links + 1), $request_type) . '" class="page-results" title=" ' . sprintf(PREVNEXT_TITLE_NEXT_SET_OF_NO_PAGE, $max_page_links) . ' ">...</a></li>';
}
// next button
if ($this->current_page_number < $this->number_of_pages) {
$display_links_string .= '<li><a href="' . xos_href_link(basename($_SERVER['PHP_SELF']), $parameters . 'page=' . ($this->current_page_number + 1), $request_type) . '" class="page-results" title=" ' . PREVNEXT_TITLE_NEXT_PAGE . ' ">' . PREVNEXT_BUTTON_NEXT . '</a></li>';
} elseif ($this->number_of_pages != 1) {
$display_links_string .= '<li class="disabled"><span><span aria-hidden="true">' . PREVNEXT_BUTTON_NEXT . '</span></span></li>';
}
return $display_links_string;
}
}
$product_info_query = xos_db_query("select p.products_id, p.products_model, p.products_quantity, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name, pd.products_p_unit from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and p.products_id = '" . (int) $_GET['p'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'");
if (!xos_db_num_rows($product_info_query)) {
xos_redirect(xos_href_link(FILENAME_REVIEWS));
}
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS;
$site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('lnc', 'cur', 'tpl', 'x', 'y'))));
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
if (CACHE_LEVEL > 2 && (isset($_COOKIE[session_name()]) && !isset($_GET[session_name()]) || SESSION_FORCE_COOKIE_USE == 'true')) {
$smarty->caching = 1;
$cache_id = 'L3|cc_product_reviews|' . $_SESSION['language'] . '-' . $_GET['lnc'] . '-' . $_GET[session_name()] . '-' . $session_started . '-' . SELECTED_TPL . '-' . $_SESSION['currency'] . '-' . $_SESSION['sppc_customer_group_id'] . '-' . $_SESSION['sppc_customer_group_show_tax'] . '-' . $_SESSION['sppc_customer_group_tax_exempt'] . '-' . $_GET['c'] . '-' . $_GET['m'] . '-' . $_GET['p'];
}
if (!$smarty->isCached(SELECTED_TPL . '/product_reviews.tpl', $cache_id)) {
$product_info = xos_db_fetch_array($product_info_query);
$reviews_query_raw = "select r.reviews_id, left(rd.reviews_text, 100) as reviews_text, r.reviews_rating, r.date_added, r.customers_name from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd where r.products_id = '" . (int) $product_info['products_id'] . "' and r.reviews_id = rd.reviews_id and rd.languages_id = '" . (int) $_SESSION['languages_id'] . "' order by r.reviews_id desc";
$reviews_split = new splitPageResultsBootstrap($reviews_query_raw, MAX_DISPLAY_NEW_REVIEWS);
if ($action == 'preview_email' && !$_POST['customers_email_address']) {
$action = 'email';
$messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($_GET['mail_sent_to']) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
$coupon_id = isset($_GET['cid']) ? xos_db_prepare_input($_GET['cid']) : '';
switch ($action) {
case 'setflag':
if ($_GET['flag'] == 'N' || $_GET['flag'] == 'Y') {
if (isset($_GET['cid'])) {
xos_set_coupon_status($coupon_id, $_GET['flag']);
}
}
xos_redirect(xos_href_link(FILENAME_COUPON_ADMIN, '&cid=' . $_GET['cid']));
break;
case 'confirmdelete':
xos_db_query("delete from " . TABLE_COUPONS . " where coupon_id='" . (int) $coupon_id . "'");
xos_db_query("delete from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id='" . (int) $coupon_id . "'");
break;
case 'update':
// get all POST variables and validate
$_POST['coupon_code'] = trim($_POST['coupon_code']);
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
if ($_POST['coupon_name'][$language_id]) {
$_POST['coupon_name'][$language_id] = trim($_POST['coupon_name'][$language_id]);
}
if ($_POST['coupon_desc'][$language_id]) {
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!$is_shop) {
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
} elseif (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_PRODUCT_REVIEWS_INFO) == 'overwrite_all')) {
if (PRODUCT_REVIEWS_ENABLED != 'true') {
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
}
if (isset($_GET['r']) && xos_not_null($_GET['r']) && isset($_GET['p']) && xos_not_null($_GET['p'])) {
$review_query = xos_db_query("select rd.reviews_text, r.reviews_rating, r.reviews_id, r.customers_name, r.date_added, r.reviews_read, p.products_id, p.products_price, p.products_tax_class_id, p.products_image, p.products_model, p.products_quantity, pd.products_name, pd.products_p_unit from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd, " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where c.categories_or_pages_status = '1' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id and r.reviews_id = '" . (int) $_GET['r'] . "' and r.reviews_id = rd.reviews_id and rd.languages_id = '" . (int) $_SESSION['languages_id'] . "' and r.products_id = p.products_id and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "'");
if (!xos_db_num_rows($review_query)) {
xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('r'))));
}
} else {
xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('r'))));
}
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_INFO;
$site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS_INFO, xos_get_all_get_params(array('lnc', 'cur', 'tpl', 'x', 'y'))));
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
xos_db_query("update " . TABLE_REVIEWS . " set reviews_read = reviews_read+1 where reviews_id = '" . (int) $_GET['r'] . "'");
if (CACHE_LEVEL > 2 && (isset($_COOKIE[session_name()]) && !isset($_GET[session_name()]) || SESSION_FORCE_COOKIE_USE == 'true')) {
$smarty->caching = 1;
$cache_id = 'L3|cc_product_reviews_info|' . $_SESSION['language'] . '-' . $_GET['lnc'] . '-' . $_GET[session_name()] . '-' . $session_started . '-' . SELECTED_TPL . '-' . $_SESSION['currency'] . '-' . $_SESSION['sppc_customer_group_id'] . '-' . $_SESSION['sppc_customer_group_show_tax'] . '-' . $_SESSION['sppc_customer_group_tax_exempt'] . '-' . $_GET['c'] . '-' . $_GET['m'] . '-' . $_GET['p'] . '-' . $_GET['r'];
}
if (!$smarty->isCached(SELECTED_TPL . '/product_reviews_info.tpl', $cache_id)) {
$review = xos_db_fetch_array($review_query);
$products_image_name = xos_get_product_images($review['products_image'], 'all');
@unlink($dir . $subdir . '/' . $file);
}
closedir($h2);
@rmdir($dir . $subdir);
}
closedir($h1);
}
header_remove();
// Now send the file with header() magic
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . @filesize(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']));
header('Content-Disposition: attachment; filename="' . $downloads['orders_products_filename'] . '"');
if (DOWNLOAD_BY_REDIRECT == 'true') {
// This will work only on Unix/Linux hosts
xos_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC);
$tempdir = xos_random_name();
@umask(00);
@mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777);
@symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']);
if (@file_exists(DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename'])) {
xos_redirect(xos_href_link(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename'], '', 'NONSSL', false));
}
}
// Fallback to readfile() delivery method. This will work on all systems, but will need considerable resources
@readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']);
}
}
xos_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) values ('" . (int) $oID . "', '" . xos_db_input($status) . "', now(), '" . xos_db_input($customer_notified) . "', '" . xos_db_input($comments) . "')");
$order_updated = true;
}
if ($order_updated == true) {
$messageStack->add_session('header', SUCCESS_ORDER_UPDATED, 'success');
} else {
$messageStack->add_session('header', WARNING_ORDER_NOT_UPDATED, 'warning');
}
xos_redirect(xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('action')) . 'action=edit'));
break;
case 'deleteconfirm':
$oID = xos_db_prepare_input($_GET['oID']);
$oSC = xos_db_prepare_input($_GET['oSC']);
xos_remove_order($oID, $_POST['restock'], $oSC);
xos_redirect(xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('oID', 'action'))));
break;
}
}
if ($action == 'edit' && isset($_GET['oID'])) {
$oID = xos_db_prepare_input($_GET['oID']);
$orders_query = xos_db_query("select orders_id from " . TABLE_ORDERS . " where orders_id = '" . (int) $oID . "'");
$order_exists = true;
if (!xos_db_num_rows($orders_query)) {
$order_exists = false;
$messageStack->add('header', sprintf(ERROR_ORDER_DOES_NOT_EXIST, $oID), 'error');
}
}
include DIR_WS_CLASSES . 'order.php';
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
$javascript .= '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function popupWindow(url) {' . "\n" . ' x = (screen.availWidth - 900) / 2;' . "\n" . ' y = (screen.availHeight - 750) / 2;' . "\n" . ' window.open(url,"popupWindow","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=900,height=750,screenX="+x+",screenY="+y+",top="+y+",left="+x).focus();' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
}
$_SESSION['billto'] = $_POST['address'];
$check_address_query = xos_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['billto'] . "'");
$check_address = xos_db_fetch_array($check_address_query);
if ($check_address['total'] == '1') {
if ($reset_payment == true) {
unset($_SESSION['payment']);
}
xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
} else {
unset($_SESSION['billto']);
}
// no addresses to select from - customer decided to keep the current assigned address
} else {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
xos_redirect(xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
}
// if no billing destination address was selected, use their own address as default
if (!isset($_SESSION['billto'])) {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
}
$site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
$site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL'));
$addresses_count = xos_count_customer_address_book_entries();
$add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'var selected;' . "\n\n" . 'function selectRowEffect(object, buttonSelect) {' . "\n" . ' if (!selected) {' . "\n" . ' if (document.getElementById) {' . "\n" . ' selected = document.getElementById("default-selected");' . "\n" . ' } else {' . "\n" . ' selected = document.all["default-selected"];' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (selected) selected.className = "module-row";' . "\n" . ' object.className = "module-row-selected";' . "\n" . ' selected = object;' . "\n\n" . '// one button is not an array' . "\n" . ' if (document.checkout_address.address[0]) {' . "\n" . ' document.checkout_address.address[buttonSelect].checked=true;' . "\n" . ' } else {' . "\n" . ' document.checkout_address.address.checked=true;' . "\n" . ' }' . "\n" . '}' . "\n\n" . 'function rowOverEffect(object) {' . "\n" . ' if (object.className == "module-row") object.className = "module-row-over";' . "\n" . '}' . "\n\n" . 'function rowOutEffect(object) {' . "\n" . ' if (object.className == "module-row-over") object.className = "module-row";' . "\n" . '}' . "\n\n" . '/* ]]> */' . "\n" . '</script> ' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
require DIR_WS_MODULES . 'checkout_new_address.php';
}
}
// end while
$group_shipment_allowed = substr($group_shipment_allowed, 0, strlen($group_shipment_allowed) - 1);
}
// end if ($_POST['shipment_allowed'])
$new_cg_id = LAST_CUSTOMERS_GROUPS_ID + 1;
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . (int) $new_cg_id . "', last_modified = now() where configuration_key = 'LAST_CUSTOMERS_GROUPS_ID'");
xos_db_query("insert into " . TABLE_CUSTOMERS_GROUPS . " set customers_group_id = '" . $new_cg_id . "', customers_group_name = '" . $customers_group_name . "', customers_group_discount='" . $customers_group_discount . "', customers_group_show_tax = '" . $customers_group_show_tax . "', customers_group_tax_exempt = '" . $customers_group_tax_exempt . "', group_payment_allowed = '" . $group_payment_allowed . "', group_shipment_allowed = '" . $group_shipment_allowed . "'");
$special_prices_query = xos_db_query("select products_id, specials_new_products_price, expires_date, status, error from " . TABLE_SPECIALS . " where customers_group_id = '0'");
while ($special_prices = xos_db_fetch_array($special_prices_query)) {
$special_expires_date = $special_prices['expires_date'] == null ? 'null' : xos_db_input($special_prices['expires_date']);
xos_db_perform(TABLE_SPECIALS, array('products_id' => xos_db_input($special_prices['products_id']), 'customers_group_id' => $new_cg_id, 'specials_new_products_price' => xos_db_input($special_prices['specials_new_products_price']), 'expires_date' => $special_expires_date, 'status' => xos_db_input($special_prices['status']), 'error' => xos_db_input($special_prices['error'])));
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action'))));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
if ($action == 'edit' || $action == 'new') {
$javascript .= '<script type="text/javascript">' . "\n\n" . '/* <![CDATA[ */' . "\n" . 'function check_form() {' . "\n" . ' var error = 0;' . "\n\n" . ' var customers_group_name = document.customers.customers_group_name.value;' . "\n\n" . ' if (customers_group_name == "") {' . "\n" . ' error_message = "' . ERROR_CUSTOMERS_GROUP_NAME . '";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
}
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if ($action == 'edit') {
$customers_groups_query = xos_db_query("select c.customers_group_id, c.customers_group_name, c.customers_group_discount, c.customers_group_show_tax, c.customers_group_tax_exempt, c.group_payment_allowed, c.group_shipment_allowed from " . TABLE_CUSTOMERS_GROUPS . " c where c.customers_group_id = '" . $_GET['cID'] . "'");
$customers_groups = xos_db_fetch_array($customers_groups_query);
$cInfo = new objectInfo($customers_groups);
if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) {
$check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'");
if (xos_db_num_rows($check_query) || $countries_name == '') {
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name));
}
}
xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'deleteconfirm':
$countries_id = xos_db_prepare_input($_GET['cID']);
xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'");
xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$countries_query_raw = "select countries_id, countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id from " . TABLE_COUNTRIES . " order by countries_name";
$countries_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $countries_query_raw, $countries_query_numrows);
$countries_query = xos_db_query($countries_query_raw);
$countries_array = array();
while ($countries = xos_db_fetch_array($countries_query)) {
if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $countries['countries_id']) && !isset($cInfo) && substr($action, 0, 3) != 'new' && substr($action, 0, 13) != 'new_from_list') {
$cInfo = new objectInfo($countries);
$module->install();
$modules_installed = explode(';', constant($module_key));
$modules_installed[] = $class . $file_extension;
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $modules_installed) . "' where configuration_key = '" . $module_key . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class));
} elseif ($action == 'remove') {
$module->remove();
$modules_installed = explode(';', constant($module_key));
unset($modules_installed[array_search($class . $file_extension, $modules_installed)]);
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . implode(';', $modules_installed) . "' where configuration_key = '" . $module_key . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_MODULES, 'set=' . $set));
}
}
xos_redirect(xos_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$file_extension = substr(basename($_SERVER['PHP_SELF']), strrpos(basename($_SERVER['PHP_SELF']), '.'));
$directory_array = array();
if ($dir = @dir($module_directory)) {
while ($file = $dir->read()) {
if (!is_dir($module_directory . $file)) {
if (substr($file, strrpos($file, '.')) == $file_extension) {
$directory_array[] = $file;
$mailer_error = true;
$messageStack->add_session('header', sprintf(ERROR_PHP_MAILER, $gv_email->ErrorInfo, $mail['customers_email_address']), 'error');
} else {
// Now create the coupon email entry
xos_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $amount . "', now())");
$insert_id = xos_db_insert_id();
xos_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $mail['customers_email_address'] . "', now() )");
}
$gv_email->clearAddresses();
}
$_SESSION['used_lng_id'] = $used_lang_id;
}
if ($mailer_error == false) {
$messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $mail_sent_to), 'success');
}
xos_redirect(xos_href_link(FILENAME_GV_MAIL));
}
}
$email_error = false;
$entry_email_to_error = false;
$entry_email_to_check_error = false;
if ($action == 'preview' && !empty($_POST['email_to'])) {
$email_to = xos_db_prepare_input($_POST['email_to']);
if (strlen($email_to) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$email_error = true;
$entry_email_to_error = true;
}
if (!xos_validate_email($email_to)) {
$email_error = true;
$entry_email_to_check_error = true;
}
$decoded_send_extra_order_emails_to = html_entity_decode($send_extra_order_emails_to, ENT_QUOTES, 'UTF-8');
$recipients = explode(',', $decoded_send_extra_order_emails_to);
for ($i = 0, $n = count($recipients); $i < $n; $i++) {
$address = '';
$name = '';
$pieces = explode('<', $recipients[$i]);
if (count($pieces) == 2) {
$address = trim($pieces[1], " >");
$name = trim($pieces[0]);
} elseif (count($pieces) == 1) {
$pos = stripos($pieces[0], '@');
$address = $pos ? trim($pieces[0], " >") : '';
}
$email_to_other_people = new mailer($name, $address, sprintf(EMAIL_TEXT_SUBJECT_OTHER, $insert_id, xos_date_format(DATE_FORMAT_SHORT)), $output_order_email_html, $output_order_email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SHOP_LOGO);
if (!$email_to_other_people->send()) {
$messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_other_people->ErrorInfo));
}
}
}
}
// load the after_process function from the payment modules
$payment_modules->after_process();
$_SESSION['cart']->reset(true);
// unregister session variables used during checkout
unset($_SESSION['sendto']);
unset($_SESSION['billto']);
unset($_SESSION['shipping']);
unset($_SESSION['payment']);
unset($_SESSION['comments']);
xos_redirect(xos_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
}
$attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array']));
foreach ($attributes_price_array as $key => $value) {
if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) {
$_POST['price_prefix_' . $key] = $_POST['price_prefix_' . $key] == '-' && $_POST['value_price_' . $key] > 0 ? '-' : '+';
xos_db_query("update " . TABLE_PRODUCTS_ATTRIBUTES . " set options_values_price = '" . (double) $_POST['value_price_' . $key] . "', price_prefix = '" . xos_db_input($_POST['price_prefix_' . $key]) . "' where products_attributes_id = '" . (int) $key . "'");
}
}
}
$sql_data_array = array('products_price' => serialize($prices_array));
xos_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'");
$smarty_cache_control->clearAllCache();
if ($specials_error) {
$messageStack->add_session('price_error', ERROR_NOT_ALL_NECESSARY_PRICES, 'error');
xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'product_ID=' . $products_id . '&categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '') . '&errGr=' . substr($spec_err_gr, 0, -1)));
}
xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '')));
}
$max_display_update_prices_results_array = array();
$set = false;
for ($i = 50; $i <= 500; $i = $i + 50) {
if (MAX_DISPLAY_RESULTS <= $i && $set == false) {
$max_display_update_prices_results_array[] = array('id' => MAX_DISPLAY_RESULTS, 'text' => MAX_DISPLAY_RESULTS);
$set = true;
}
if (MAX_DISPLAY_RESULTS != $i) {
$max_display_update_prices_results_array[] = array('id' => $i, 'text' => $i);
}
}
if ($set == false) {
$max_display_update_prices_results_array[] = array('id' => MAX_DISPLAY_RESULTS, 'text' => MAX_DISPLAY_RESULTS);
}
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
} else {
$check_query = xos_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int) $_GET['delete'] . "' and customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check = xos_db_fetch_array($check_query);
if ($check['total'] < 1) {
$messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
}
}
} else {
$entry = array();
}
if (!isset($_GET['delete']) && !isset($_GET['edit'])) {
if (xos_count_customer_address_book_entries() >= MAX_ADDRESS_BOOK_ENTRIES) {
$messageStack->add_session('addressbook', ERROR_ADDRESS_BOOK_FULL);
xos_redirect(xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
}
}
$site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
if (isset($_GET['edit']) && is_numeric($_GET['edit'])) {
$site_trail->add(NAVBAR_TITLE_MODIFY_ENTRY, xos_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'edit=' . $_GET['edit'], 'SSL'));
} elseif (isset($_GET['delete']) && is_numeric($_GET['delete'])) {
$site_trail->add(NAVBAR_TITLE_DELETE_ENTRY, xos_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'delete=' . $_GET['delete'], 'SSL'));
} else {
$site_trail->add(NAVBAR_TITLE_ADD_ENTRY, xos_href_link(FILENAME_ADDRESS_BOOK_PROCESS, '', 'SSL'));
}
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
$comb_str .= '|';
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "', attributes_combinations = '" . xos_db_input($comb_str) . "', " . $not_updated . " where products_id = '" . (int) $products_id . "'");
} else {
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = null, attributes_combinations = null, attributes_not_updated = null where products_id = '" . (int) $products_id . "'");
}
$smarty_cache_control->clearAllCache();
}
xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_attributes_id = '" . (int) $attribute_id . "'");
// added for DOWNLOAD_ENABLED. Always try to remove attributes, even if downloads are no longer enabled
xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " where products_attributes_id = '" . (int) $attribute_id . "'");
if ($qty < 1 && STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') {
xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $products_id . "'");
$smarty_cache_control->clearAllCache();
}
$smarty_cache_control->clearCache(null, 'L3|cc_product_info');
xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $parameter_string));
break;
}
}
define('MAX_ROW_LISTS_OPTIONS', 15);
define('MAX_PRODUCTS_IN_PULLDOWN', 50);
$max_display_rows_array = array();
$max_display_rows_array[] = array('id' => MAX_ROW_LISTS_OPTIONS, 'text' => MAX_ROW_LISTS_OPTIONS);
for ($i = 20; $i <= 200; $i = $i + 20) {
$max_display_rows_array[] = array('id' => $i, 'text' => $i);
}
$max_display_products_in_pulldown_array = array();
$max_display_products_in_pulldown_array[] = array('id' => MAX_PRODUCTS_IN_PULLDOWN, 'text' => MAX_PRODUCTS_IN_PULLDOWN);
for ($i = 100; $i <= 500; $i = $i + 50) {
$max_display_products_in_pulldown_array[] = array('id' => $i, 'text' => $i);
}
$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
$error = true;
$messageStack->add('review', JS_REVIEW_TEXT);
}
if ($rating < 1 || $rating > 5) {
$error = true;
$messageStack->add('review', JS_REVIEW_RATING);
}
if ($error == false) {
xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())");
$insert_id = xos_db_insert_id();
xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')");
$smarty->clearCache(null, 'L3|cc_reviews');
$smarty->clearCache(null, 'L3|cc_product_reviews');
xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action', 'rmp')) . 'rmp=0'), false);
}
}
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_WRITE;
$site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params()));
$add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function checkForm() {' . "\n" . ' var error = 0;' . "\n" . ' var error_message = "' . JS_ERROR . '";' . "\n\n" . ' var review = document.product_reviews_write.review.value;' . "\n\n" . ' if (review.length < ' . REVIEW_TEXT_MIN_LENGTH . ') {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_TEXT . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {' . "\n" . ' } else {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_RATING . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
$products_prices = xos_get_product_prices($product_info['products_price']);
$products_tax_rate = xos_get_tax_rate($product_info['products_tax_class_id']);
$price_breaks_array = array();
if (isset($products_prices[$customer_group_id][0])) {
$product_price = $currencies->display_price($products_prices[$customer_group_id][0]['regular'], $products_tax_rate);
$products_prices[$customer_group_id]['special_status'] == 1 && $products_prices[$customer_group_id][0]['special'] > 0 ? $product_price_special = $currencies->display_price($products_prices[$customer_group_id][0]['special'], $products_tax_rate) : ($product_price_special = '');
switch ($action) {
case 'delete':
$error = ERROR_REMOVE_UNLOCKED_NEWSLETTER;
break;
case 'new':
$error = ERROR_EDIT_UNLOCKED_NEWSLETTER;
break;
case 'send':
$error = ERROR_SEND_UNLOCKED_NEWSLETTER;
break;
case 'confirm_send':
$error = ERROR_SEND_UNLOCKED_NEWSLETTER;
break;
}
$messageStack->add_session('header', $error, 'error');
xos_redirect(xos_href_link(FILENAME_NEWSLETTERS, 'page=' . $_GET['page'] . '&nID=' . $_GET['nID']));
}
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
if ($action == 'new' && WYSIWYG_FOR_NEWSLETTER == 'true' && EMAIL_USE_HTML == 'true') {
$javascript .= '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/ckeditor/ckeditor.js"></script>' . "\n";
}
if ($action == 'confirm_send') {
$javascript .= '<script type="text/javascript">' . "\n\n" . '/* <![CDATA[ */' . "\n" . ' var http_request = false;' . "\n\n" . ' function confirmSent(url) {' . "\n\n" . ' http_request = false;' . "\n\n" . ' if (window.XMLHttpRequest) { // Mozilla, Safari,...' . "\n" . ' http_request = new XMLHttpRequest();' . "\n" . ' if (http_request.overrideMimeType) {' . "\n" . ' http_request.overrideMimeType("text/html");' . "\n" . ' }' . "\n" . ' } else if (window.ActiveXObject) { // IE' . "\n" . ' try {' . "\n" . ' http_request = new ActiveXObject("Msxml2.XMLHTTP");' . "\n" . ' } catch (e) {' . "\n" . ' try {' . "\n" . ' http_request = new ActiveXObject("Microsoft.XMLHTTP");' . "\n" . ' } catch (e) {}' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' if (!http_request) {' . "\n" . ' alert("Ende : Kann keine XMLHTTP-Instanz erzeugen");' . "\n" . ' return false;' . "\n" . ' }' . "\n" . ' http_request.onreadystatechange = response_processing;' . "\n" . ' http_request.open("GET", url, true);' . "\n" . ' http_request.send(null);' . "\n\n" . ' }' . "\n\n" . ' function response_processing() {' . "\n\n" . ' if (http_request.readyState == 4) {' . "\n" . ' if (http_request.status == 200) {' . "\n" . ' document.getElementById("infoSend").innerHTML = http_request.responseText;' . "\n" . ' } else {' . "\n" . ' alert("Bei dem Request ist ein Problem aufgetreten.");' . "\n" . ' }' . "\n" . ' }' . "\n\n" . ' }' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
}
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
function xos_session_start()
{
$sane_session_id = true;
if (isset($_GET[xos_session_name()])) {
if (preg_match('/^[a-zA-Z0-9,-]+$/', $_GET[xos_session_name()]) == false) {
unset($_GET[xos_session_name()]);
$sane_session_id = false;
}
} elseif (isset($_POST[xos_session_name()])) {
if (preg_match('/^[a-zA-Z0-9,-]+$/', $_POST[xos_session_name()]) == false) {
unset($_POST[xos_session_name()]);
$sane_session_id = false;
}
} elseif (isset($_COOKIE[xos_session_name()])) {
if (preg_match('/^[a-zA-Z0-9,-]+$/', $_COOKIE[xos_session_name()]) == false) {
$session_data = session_get_cookie_params();
setcookie(xos_session_name(), '', time() - 42000, $session_data['path'], $session_data['domain']);
unset($_COOKIE[xos_session_name()]);
$sane_session_id = false;
}
}
if ($sane_session_id == false) {
xos_redirect(xos_href_link(FILENAME_DEFAULT, '', 'SSL', false));
}
register_shutdown_function('session_write_close');
return session_start();
}
// Copyright (c) 2003 osCommerce
// filename: cache.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_CACHE) == 'overwrite_all')) {
if (isset($_GET['reset']) && xos_not_null($_GET['reset'])) {
if ($_GET['reset'] == 'all_blocks') {
$smarty_cache_control->clearAllCache();
} elseif ($_GET['reset'] == 'all_compiled_template_files') {
$smarty_cache_control->clearCompiledTemplate();
} else {
$smarty_cache_control->clearCache(null, $_GET['reset']);
}
xos_redirect(xos_href_link(FILENAME_CACHE));
}
// check if the cache directory exists
if (is_dir(DIR_FS_SMARTY . 'catalog/cache/')) {
if (!is_writable(DIR_FS_SMARTY . 'catalog/cache/')) {
$messageStack->add('header', ERROR_CACHE_DIRECTORY_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add('header', ERROR_CACHE_DIRECTORY_DOES_NOT_EXIST, 'error');
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
if (is_writable(DIR_FS_SMARTY . 'catalog/cache/')) {
