function objectInfo($object_array) { reset($object_array); while (list($key, $value) = each($object_array)) { $this->{$key} = xtc_db_prepare_input($value); } }
function xtc_db_prepare_input($string) { if (is_string($string)) { return trim(stripslashes($string)); } elseif (is_array($string)) { reset($string); while (list($key, $value) = each($string)) { $string[$key] = xtc_db_prepare_input($value); } return $string; } else { return $string; } }
function xtc_get_categories($categories_array = '', $parent_id = '0', $indent = '') { $parent_id = xtc_db_prepare_input($parent_id); if (!is_array($categories_array)) { $categories_array = array(); } $categories_query = "select\n c.categories_id,\n cd.categories_name\n from " . TABLE_CATEGORIES . " c,\n " . TABLE_CATEGORIES_DESCRIPTION . " cd\n where parent_id = '" . xtc_db_input((int) $parent_id) . "'\n and c.categories_id = cd.categories_id\n and c.categories_status != 0\n and cd.language_id = '" . xtc_db_input((int) $_SESSION['languages_id']) . "'\n order by sort_order, cd.categories_name"; $categories_query = xtDBquery($categories_query); while ($categories = xtc_db_fetch_array($categories_query, true)) { $categories_array[] = array('id' => $categories['categories_id'], 'text' => $indent . $categories['categories_name']); if ($categories['categories_id'] != $parent_id) { $categories_array = xtc_get_categories($categories_array, $categories['categories_id'], $indent . ' '); } } return $categories_array; }
function xtc_update_whos_online() { $crawler = 0; if (isset($_SESSION['customer_id'])) { $wo_customer_id = (int) $_SESSION['customer_id']; $customer_query = xtc_db_query("select\n customers_firstname,\n customers_lastname\n from " . TABLE_CUSTOMERS . "\n where customers_id = '" . $wo_customer_id . "'"); $customer = xtc_db_fetch_array($customer_query); $wo_full_name = xtc_db_prepare_input($customer['customers_firstname'] . ' ' . $customer['customers_lastname']); } else { $wo_customer_id = ''; $crawler = xtc_check_agent(); if ($crawler !== 0) { $wo_full_name = '[' . TEXT_SEARCH_ENGINE_AGENT . ']'; } else { $wo_full_name = TEXT_GUEST; } } if ($crawler !== 0) { $wo_session_id = ''; } else { $wo_session_id = xtc_session_id(); } $wo_ip_address = xtc_db_prepare_input($_SESSION['tracking']['ip']); $wo_last_page_url = xtc_db_prepare_input(strip_tags($_SERVER['REQUEST_URI'])); $wo_referer = xtc_db_prepare_input(isset($_SERVER['HTTP_REFERER']) ? strip_tags($_SERVER['HTTP_REFERER']) : '---'); $current_time = time(); $time_last_click = 900; if (defined('WHOS_ONLINE_TIME_LAST_CLICK')) { $time_last_click = (int) WHOS_ONLINE_TIME_LAST_CLICK; } $xx_mins_ago = time() - $time_last_click; // remove entries that have expired xtc_db_query("delete from " . TABLE_WHOS_ONLINE . " where time_last_click < '" . $xx_mins_ago . "'"); $stored_customer_query = xtc_db_query("select count(*) as count from " . TABLE_WHOS_ONLINE . " where session_id = '" . $wo_session_id . "'"); $stored_customer = xtc_db_fetch_array($stored_customer_query); $sql_data_array = array('customer_id' => $wo_customer_id, 'full_name' => xtc_db_prepare_input($wo_full_name), 'ip_address' => $wo_ip_address, 'time_last_click' => $current_time, 'last_page_url' => $wo_last_page_url); if ($stored_customer['count'] > 0) { xtc_db_perform(TABLE_WHOS_ONLINE, $sql_data_array, 'update', "session_id = '" . $wo_session_id . "'"); } else { $sql_data_array['time_entry'] = $current_time; $sql_data_array['session_id'] = $wo_session_id; $sql_data_array['http_referer'] = $wo_referer; xtc_db_perform(TABLE_WHOS_ONLINE, $sql_data_array); } }
function xtc_cfg_save_max_display_results($cfg_key) { if (isset($_POST[$cfg_key])) { $configuration_value = preg_replace('/[^0-9-]/', '', $_POST[$cfg_key]); $configuration_value = xtc_db_prepare_input($configuration_value); $configuration_query = xtc_db_query("SELECT configuration_key,\n configuration_value\n FROM " . TABLE_CONFIGURATION . "\n WHERE configuration_key = '" . xtc_db_input($cfg_key) . "'\n "); if (xtc_db_num_rows($configuration_query) > 0) { //update xtc_db_query("UPDATE " . TABLE_CONFIGURATION . "\n SET configuration_value ='" . xtc_db_input($configuration_value) . "',\n last_modified = NOW()\n WHERE configuration_key='" . xtc_db_input($cfg_key) . "'"); } else { //new entry $sql_data_array = array('configuration_key' => $cfg_key, 'configuration_value' => $configuration_value, 'configuration_group_id' => '1000', 'sort_order' => '-1', 'last_modified' => 'now()', 'date_added' => 'now()'); xtc_db_perform(TABLE_CONFIGURATION, $sql_data_array); } return $configuration_value; } return defined($cfg_key) && (int) constant($cfg_key) > 0 ? constant($cfg_key) : 20; }
function xtc_address_summary($customers_id, $address_id) { $customers_id = xtc_db_prepare_input($customers_id); $address_id = xtc_db_prepare_input($address_id); $address_query = xtc_db_query("select ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_state, ab.entry_country_id, ab.entry_zone_id, c.countries_name, c.address_format_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_COUNTRIES . " c where ab.address_book_id = '" . xtc_db_input((int) $address_id) . "' and ab.customers_id = '" . xtc_db_input((int) $customers_id) . "' and ab.entry_country_id = c.countries_id"); $address = xtc_db_fetch_array($address_query); $street_address = $address['entry_street_address']; $suburb = $address['entry_suburb']; $postcode = $address['entry_postcode']; $city = $address['entry_city']; $state = xtc_get_zone_code($address['entry_country_id'], $address['entry_zone_id'], $address['entry_state']); $country = $address['countries_name']; $address_format_query = xtc_db_query("select address_summary from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . (int) $address['address_format_id'] . "'"); $address_format = xtc_db_fetch_array($address_format_query); // eval("\$address = \"{$address_format['address_summary']}\";"); $address_summary = $address_format['address_summary']; eval("\$address = \"{$address_summary}\";"); return $address; }
function query($order_id) { $order_id = xtc_db_prepare_input($order_id); $order_query = xtc_db_query("SELECT\r\n *\r\n FROM " . TABLE_ORDERS . " WHERE\r\n orders_id = '" . xtc_db_input($order_id) . "'"); $order = xtc_db_fetch_array($order_query); $totals_query = xtc_db_query("SELECT * FROM " . TABLE_ORDERS_TOTAL . " where orders_id = '" . xtc_db_input($order_id) . "' order by sort_order"); while ($totals = xtc_db_fetch_array($totals_query)) { $this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'value' => $totals['value']); } $order_total_query = xtc_db_query("select text from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_total'"); $order_total = xtc_db_fetch_array($order_total_query); $shipping_method_query = xtc_db_query("select title from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_shipping'"); $shipping_method = xtc_db_fetch_array($shipping_method_query); $order_status_query = xtc_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . $_SESSION['languages_id'] . "'"); $order_status = xtc_db_fetch_array($order_status_query); //echo "ord query:<pre>"; print_r($order); echo "</pre>"; $this->info = array('currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'date_purchased' => $order['date_purchased'], 'orders_invoice_date' => $order['orders_invoice_date'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total['text']), 'shipping_method' => substr($shipping_method['title'], -1) == ':' ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title']), 'comments' => $order['comments'], 'ibn_billdate' => $order['ibn_billdate'], 'ibn_billnr' => $order['ibn_billnr'], 'ibn_pdfnotifydate' => $order['ibn_pdfnotifydate']); $this->customer = array('id' => $order['customers_id'], 'vat_id' => $order['customers_vat_id'], 'name' => $order['customers_name'], 'firstname' => $order['customers_firstname'], 'lastname' => $order['customers_lastname'], 'csID' => $order['customers_cid'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']); $this->delivery = array('name' => $order['delivery_name'], 'firstname' => $order['delivery_firstname'], 'lastname' => $order['delivery_lastname'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']); if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { $this->delivery = false; } $this->billing = array('name' => $order['billing_name'], 'firstname' => $order['billing_firstname'], 'lastname' => $order['billing_lastname'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']); $index = 0; $orders_products_query = xtc_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . xtc_db_input($order_id) . "'"); while ($orders_products = xtc_db_fetch_array($orders_products_query)) { $this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'shipping_time' => $orders_products['products_shipping_time'], 'final_price' => $orders_products['final_price']); $subindex = 0; $attributes_query = xtc_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . xtc_db_input($order_id) . "' and orders_products_id = '" . $orders_products['orders_products_id'] . "'"); if (xtc_db_num_rows($attributes_query)) { while ($attributes = xtc_db_fetch_array($attributes_query)) { $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']); $subindex++; } } $this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1'; $index++; } }
$tax_class_title = xtc_db_prepare_input($_POST['tax_class_title']); $tax_class_description = xtc_db_prepare_input($_POST['tax_class_description']); $date_added = xtc_db_prepare_input($_POST['date_added']); xtc_db_query("insert into " . TABLE_TAX_CLASS . " (tax_class_title, tax_class_description, date_added) values ('" . xtc_db_input($tax_class_title) . "', '" . xtc_db_input($tax_class_description) . "', now())"); xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES)); break; case 'save': $tax_class_id = xtc_db_prepare_input($_GET['tID']); $tax_class_title = xtc_db_prepare_input($_POST['tax_class_title']); $tax_class_description = xtc_db_prepare_input($_POST['tax_class_description']); $last_modified = xtc_db_prepare_input($_POST['last_modified']); xtc_db_query("update " . TABLE_TAX_CLASS . " set tax_class_id = '" . xtc_db_input($tax_class_id) . "', tax_class_title = '" . xtc_db_input($tax_class_title) . "', tax_class_description = '" . xtc_db_input($tax_class_description) . "', last_modified = now() where tax_class_id = '" . xtc_db_input($tax_class_id) . "'"); xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'] . '&tID=' . $tax_class_id)); break; case 'deleteconfirm': $tax_class_id = xtc_db_prepare_input($_GET['tID']); xtc_db_query("delete from " . TABLE_TAX_CLASS . " where tax_class_id = '" . xtc_db_input($tax_class_id) . "'"); xtc_redirect(xtc_href_link(FILENAME_TAX_CLASSES, 'page=' . $_GET['page'])); break; } } require DIR_WS_INCLUDES . 'head.php'; ?> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();"> <!-- header //--> <?php require DIR_WS_INCLUDES . 'header.php'; ?> <!-- header_eof //-->
function calculate_tax($amount) { global $xtPrice, $status; $price = 'b_price'; if ($status['customers_status_show_price_tax'] == 0 && $status['customers_status_add_tax_ot'] == 1) { $price = 'n_price'; } $sum_query = xtc_db_query("select SUM(" . $price . ") as price from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and class = 'products'"); $sum_total = xtc_db_fetch_array($sum_query); //Gutscheinwert/Rabatt in % berechnen, vereinheitlicht die Berechnungen if ($sum_total['price'] == 0) { return 0; } $amount_pro = $amount / $sum_total['price'] * 100; //Steuersätze alle Produkte der Bestellung feststellen $tax_rate_query = xtc_db_query("select tax_rate from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and class = 'ot_tax' GROUP BY tax_rate"); $tod_amount = 0; //Berechnungen pro Steuersatz durchführen while ($tax_rate = xtc_db_fetch_array($tax_rate_query)) { $tax_query = xtc_db_query("select SUM(tax) as value from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and tax_rate = '" . $tax_rate['tax_rate'] . "'and class = 'products'"); $tax_total = xtc_db_fetch_array($tax_query); $god_amount = $tax_total['value'] * $amount_pro / 100; $new_tax_query = xtc_db_query("select tax as value from " . TABLE_ORDERS_RECALCULATE . " where orders_id = '" . (int) $_POST['oID'] . "' and tax_rate = '" . $tax_rate['tax_rate'] . "'and class = 'ot_tax'"); $new_tax_total = xtc_db_fetch_array($new_tax_query); $new_tax = $new_tax_total['value'] + $god_amount; //web29 - 2011-08-25 - Fix negative sign //Einzelne Steuersätze neu in Kalkulationstabelle speichern xtc_db_query("UPDATE " . TABLE_ORDERS_RECALCULATE . "\n SET tax = '" . xtc_db_prepare_input($new_tax) . "'\n WHERE orders_id = '" . (int) $_POST['oID'] . "'\n AND tax_rate = '" . xtc_db_prepare_input($tax_rate['tax_rate']) . "'\n AND class = 'ot_tax'\n "); //echo $god_amount . '<br>'; $tod_amount += $god_amount; //hier wird die Steuer aufaddiert } return $tod_amount; }
function saveSpecialsData($products_id) { // decide whether to insert a new special, // or to update an existing one if ($_POST['specials_action'] == "insert" && isset($_POST['specials_price']) && !empty($_POST['specials_price'])) { // insert a new special, code taken from /admin/specials.php, and modified if (!isset($_POST['specials_quantity']) or empty($_POST['specials_quantity'])) { $_POST['specials_quantity'] = 0; } if (PRICE_IS_BRUTTO == 'true' && substr($_POST['specials_price'], -1) != '%') { $_POST['specials_price'] = $_POST['specials_price'] / ($_POST['tax_rate'] + 100) * 100; //web28 - 2010-07-27 - tax_rate from hidden field } if (substr($_POST['specials_price'], -1) == '%') { $_POST['specials_price'] = $_POST['products_price_hidden'] - $_POST['specials_price'] / 100 * $_POST['products_price_hidden']; //web28 - 2010-07-27 - products_price_hidden from hidden field } $expires_date = ''; if ($_POST['specials_expires']) { $expires_date = str_replace("-", "", $_POST['specials_expires']); } $sql_data_array = array('products_id' => $products_id, 'specials_quantity' => (int) $_POST['specials_quantity'], 'specials_new_products_price' => xtc_db_prepare_input($_POST['specials_price']), 'specials_date_added' => 'now()', 'expires_date' => $expires_date, 'status' => '1'); xtc_db_perform(TABLE_SPECIALS, $sql_data_array); } elseif ($_POST['specials_action'] == "update" && isset($_POST['specials_price']) && isset($_POST['specials_quantity'])) { // update the existing special for this product, code taken from /admin/specials.php, and modified if (PRICE_IS_BRUTTO == 'true' && substr($_POST['specials_price'], -1) != '%') { $sql = "SELECT tr.tax_rate\n FROM " . TABLE_TAX_RATES . " tr,\n " . TABLE_PRODUCTS . " p\n WHERE tr.tax_class_id = p. products_tax_class_id\n AND p.products_id = '" . $products_id . "' "; $tax_query = xtc_db_query($sql); $tax = xtc_db_fetch_array($tax_query); $_POST['specials_price'] = $_POST['specials_price'] / ($_POST['tax_rate'] + 100) * 100; //web28 - 2010-07-27 - tax_rate from hidden field } if (substr($_POST['specials_price'], -1) == '%') { $_POST['specials_price'] = $_POST['products_price_hidden'] - $_POST['specials_price'] / 100 * $_POST['products_price_hidden']; //web28 - 2010-07-27 - products_price_hidden from hidden field } $expires_date = 'NULL'; if ($_POST['specials_expires'] && $_POST['specials_status'] == 1) { //DokuMan - 2011-11-8 - from SP1b $expires_date = str_replace("-", "", $_POST['specials_expires']); } $sql_data_array = array('specials_quantity' => (int) $_POST['specials_quantity'], 'specials_new_products_price' => xtc_db_prepare_input($_POST['specials_price']), 'specials_date_added' => 'now()', 'expires_date' => $expires_date, 'status' => (int) $_POST['specials_status']); //$sql_data_array['specials_attribute'] = (int)$_POST['specials_attribute']; xtc_db_perform(TABLE_SPECIALS, $sql_data_array, 'update', "specials_id = '" . xtc_db_input($_POST['specials_id']) . "'"); } if (isset($_POST['specials_delete'])) { // delete existing special for this product, code taken from /admin/specials.php, and modified xtc_db_query("DELETE FROM " . TABLE_SPECIALS . " WHERE specials_id = '" . xtc_db_input($_POST['specials_id']) . "'"); } }
function callback_process($data, $charset) { // Keine Session da ! // Stand: 29.06.2011 global $_GET; $this->data = $data; //$this->_logTrans($data); require_once DIR_WS_CLASSES . 'class.phpmailer.php'; if (EMAIL_TRANSPORT == 'smtp') { require_once DIR_WS_CLASSES . 'class.smtp.php'; } require_once DIR_FS_INC . 'xtc_Security.inc.php'; $xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE)); if (isset($xtc_order_id) && is_numeric($xtc_order_id) && $xtc_order_id > 0) { // order suchen $order_query = xtc_db_query("SELECT currency, currency_value\n FROM " . TABLE_ORDERS . "\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'"); if (xtc_db_num_rows($order_query) > 0) { // order gefunden $ipn_charset = xtc_db_prepare_input($this->data['charset']); $ipn_data = array(); $ipn_data['reason_code'] = xtc_db_prepare_input($this->data['reason_code']); $ipn_data['xtc_order_id'] = xtc_db_prepare_input($xtc_order_id); $ipn_data['payment_type'] = xtc_db_prepare_input($this->data['payment_type']); $ipn_data['payment_status'] = xtc_db_prepare_input($this->data['payment_status']); $ipn_data['pending_reason'] = xtc_db_prepare_input($this->data['pending_reason']); $ipn_data['invoice'] = xtc_db_prepare_input($this->data['invoice']); $ipn_data['mc_currency'] = xtc_db_prepare_input($this->data['mc_currency']); $ipn_data['first_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['first_name'], $ipn_charset, $charset)); $ipn_data['last_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['last_name'], $ipn_charset, $charset)); $ipn_data['address_name'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_name'], $ipn_charset, $charset)); $ipn_data['address_street'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_street'], $ipn_charset, $charset)); $ipn_data['address_city'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_city'], $ipn_charset, $charset)); $ipn_data['address_state'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_state'], $ipn_charset, $charset)); $ipn_data['address_zip'] = xtc_db_prepare_input($this->data['address_zip']); $ipn_data['address_country'] = xtc_db_prepare_input($this->IPNdecode($this->data['address_country'], $ipn_charset, $charset)); $ipn_data['address_status'] = xtc_db_prepare_input($this->data['address_status']); $ipn_data['payer_email'] = xtc_db_prepare_input($this->data['payer_email']); $ipn_data['payer_id'] = xtc_db_prepare_input($this->data['payer_id']); $ipn_data['payer_status'] = xtc_db_prepare_input($this->data['payer_status']); $ipn_data['payment_date'] = xtc_db_prepare_input($this->datetime_to_sql_format($this->data['payment_date'])); $ipn_data['business'] = xtc_db_prepare_input($this->IPNdecode($this->data['business'], $ipn_charset, $charset)); $ipn_data['receiver_email'] = xtc_db_prepare_input($this->data['receiver_email']); $ipn_data['receiver_id'] = xtc_db_prepare_input($this->data['receiver_id']); $ipn_data['txn_id'] = xtc_db_prepare_input($this->data['txn_id']); $ipn_data['txn_type'] = $this->ipn_determine_txn_type($this->data['txn_type']); $ipn_data['parent_txn_id'] = xtc_db_prepare_input($this->data['parent_txn_id']); $ipn_data['mc_gross'] = xtc_db_prepare_input($this->data['mc_gross']); $ipn_data['mc_fee'] = xtc_db_prepare_input($this->data['mc_fee']); $ipn_data['mc_shipping'] = xtc_db_prepare_input($this->data['mc_shipping']); $ipn_data['payment_gross'] = xtc_db_prepare_input($this->data['payment_gross']); $ipn_data['payment_fee'] = xtc_db_prepare_input($this->data['payment_fee']); $ipn_data['notify_version'] = xtc_db_prepare_input($this->data['notify_version']); $ipn_data['verify_sign'] = xtc_db_prepare_input($this->data['verify_sign']); $ipn_data['num_cart_items'] = xtc_db_prepare_input($this->data['num_cart_items']); if ($ipn_data['num_cart_items'] > 1) { $verspos = $ipn_data['num_cart_items']; for ($p = 1; $p <= $verspos; $p++) { if ($this->data['item_name' . $p] == substr(SUB_TITLE_OT_DISCOUNT, 0, 127) || $this->data['item_name' . $p] == substr(PAYPAL_GS, 0, 127) || $this->data['item_name' . $p] == "Handling" || $this->data['item_name' . $p] == substr(PAYPAL_TAX, 0, 127) || $this->data['item_name' . $p] == "Differenz") { // Artikel Nummer aus den Details für Sonderzeilen $ipn_data['num_cart_items']--; } if ($this->data['item_name' . $p] == substr(SHIPPING_COSTS, 0, 127)) { // Versandkosten $ipn_data['mc_shipping'] = $this->data['mc_gross_' . $p]; $ipn_data['num_cart_items']--; } } } $_transQuery = "SELECT paypal_ipn_id FROM " . TABLE_PAYPAL . " WHERE txn_id = '" . $ipn_data['txn_id'] . "'"; $_transQuery = xtc_db_query($_transQuery); $_transQuery = xtc_db_fetch_array($_transQuery); if ($_transQuery['paypal_ipn_id'] != '') { $insert_id = $_transQuery['paypal_ipn_id']; $sql_data_array = array('payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'payer_email' => $ipn_data['payer_email'], 'num_cart_items' => $ipn_data['num_cart_items'], 'mc_fee' => $ipn_data['mc_fee'], 'mc_shipping' => $ipn_data['mc_shipping'], 'address_name' => $ipn_data['address_name'], 'address_street' => $ipn_data['address_street'], 'address_city' => $ipn_data['address_city'], 'address_state' => $ipn_data['address_state'], 'address_zip' => $ipn_data['address_zip'], 'address_country' => $ipn_data['address_country'], 'address_status' => $ipn_data['address_status'], 'payer_status' => $ipn_data['payer_status'], 'receiver_email' => $ipn_data['receiver_email'], 'last_modified ' => 'now()'); xtc_db_perform(TABLE_PAYPAL, $sql_data_array, 'update', "paypal_ipn_id = '" . (int) $insert_id . "'"); } else { $ipn_data['date_added'] = 'now()'; $ipn_data['last_modified'] = 'now()'; xtc_db_perform(TABLE_PAYPAL, $ipn_data); $insert_id = xtc_db_insert_id(); } $paypal_order_history = array('paypal_ipn_id' => $insert_id, 'txn_id' => $ipn_data['txn_id'], 'parent_txn_id' => $ipn_data['parent_txn_id'], 'payment_status' => $ipn_data['payment_status'], 'pending_reason' => $ipn_data['pending_reason'], 'mc_amount' => $ipn_data['mc_gross'], 'date_added' => 'now()'); xtc_db_perform(TABLE_PAYPAL_STATUS_HISTORY, $paypal_order_history); $crlf = "\n"; $comment_status = xtc_db_prepare_input($this->data['payment_status']) . ' ' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']) . $crlf; $comment_status .= ' ' . xtc_db_prepare_input($this->data['first_name']) . ' ' . xtc_db_prepare_input($this->data['last_name']) . ' ' . xtc_db_prepare_input($this->data['payer_email']); if (isset($this->data['payer_status'])) { $comment_status .= ' is ' . xtc_db_prepare_input($this->data['payer_status']); } $comment_status .= '.' . $crlf; if (isset($this->data['test_ipn']) && is_numeric($this->data['test_ipn']) && $_POST['test_ipn'] > 0) { $comment_status .= '(Sandbox-Test Mode)' . $crlf; } $comment_status .= 'Total=' . xtc_db_prepare_input($this->data['mc_gross']) . xtc_db_prepare_input($this->data['mc_currency']); if (isset($this->data['pending_reason'])) { $comment_status .= $crlf . ' Pending Reason=' . xtc_db_prepare_input($this->data['pending_reason']); } if (isset($this->data['reason_code'])) { $comment_status .= $crlf . ' Reason Code=' . xtc_db_prepare_input($this->data['reason_code']); } $comment_status .= $crlf . ' Payment=' . xtc_db_prepare_input($this->data['payment_type']); $comment_status .= $crlf . ' Date=' . xtc_db_prepare_input($this->data['payment_date']); if (isset($this->data['parent_txn_id'])) { $comment_status .= $crlf . ' ParentID=' . xtc_db_prepare_input($this->data['parent_txn_id']); } $comment_status .= $crlf . ' ID=' . xtc_db_prepare_input($_POST['txn_id']); //Set status for default (Pending) $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID; $parameters = 'cmd=_notify-validate'; foreach ($this->data as $key => $value) { $parameters .= '&' . $key . '=' . urlencode(stripslashes($value)); } //$this->_logTransactions($parameters); // 08.01.2008 auch ohne cURL $mit_curl = 0; if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->IPN_URL); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $result = curl_exec($ch); if (!curl_errno($ch)) { $mit_curl = 1; } curl_close($ch); } // cURL fehlt oder ist fehlgeschlagen if ($mit_curl == 0) { $request_post = array('http' => array('method' => 'POST', 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $parameters)); $request = stream_context_create($request_post); $result = file_get_contents($this->IPN_URL, false, $request); } if (strtoupper($result) == 'VERIFIED' || $result == '1') { // Steht auf Warten if (strtolower($this->data['payment_status']) == 'completed') { if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) { $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID; } //Set status for Denied, Failed } elseif (strtolower($this->data['payment_status']) == 'denied' or strtolower($this->data['payment_status']) == 'failed') { $order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID; //Set status for Reversed } elseif (strtolower($this->data['payment_status']) == 'reversed') { $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID; //Set status for Canceled-Reversal } elseif (strtolower($this->data['payment_status']) == 'canceled-reversal') { $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID; //Set status for Refunded } elseif (strtolower($this->data['payment_status']) == 'refunded') { $order_status_id = DEFAULT_ORDERS_STATUS_ID; //Set status for Pendign - eigentlich nicht nötig? } elseif (strtolower($this->data['payment_status']) == 'pending') { $order_status_id = PAYPAL_ORDER_STATUS_PENDING_ID; //Set status for Processed - wann kommt das ? } elseif (strtolower($this->data['payment_status']) == 'processed') { if (PAYPAL_ORDER_STATUS_SUCCESS_ID > 0) { $order_status_id = PAYPAL_ORDER_STATUS_SUCCESS_ID; } } } else { $order_status_id = PAYPAL_ORDER_STATUS_REJECTED_ID; $error_reason = 'Received INVALID responce but invoice and Customer matched.'; } $xtc_order_id = (int) substr($this->data['invoice'], strlen(PAYPAL_INVOICE)); xtc_db_query("UPDATE " . TABLE_ORDERS . "\n SET orders_status = '" . $order_status_id . "', last_modified = now()\n WHERE orders_id = '" . xtc_db_prepare_input($xtc_order_id) . "'"); $sql_data_array = array('orders_id' => xtc_db_prepare_input($xtc_order_id), 'orders_status_id' => $order_status_id, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => 'PayPal IPN ' . $comment_status . ''); xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array); } else { $error_reason = 'IPN-Fehler: Keine Order Nr.=' . xtc_db_prepare_input($this->data['invoice']) . ' mit Kunden=' . (int) $this->data['custom'] . ' gefunden.'; } } else { $error_reason = 'IPN-Fehler: Keine Order gefunden zu den empfangenen Daten.'; } if (xtc_not_null(EMAIL_SUPPORT_ADDRESS) && strlen($error_reason)) { $email_body = $error_reason . "\n\n" . '<br>'; $email_body .= $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['HTTP_REFERER'] . " - " . $_SERVER['HTTP_ACCEPT'] . "\n\n" . '<br>'; $email_body .= '$_POST:' . "\n\n" . '<br>'; foreach ($this->data as $key => $value) { $email_body .= $key . '=' . $value . "\n" . '<br>'; } $email_body .= "\n" . '$_GET:' . "\n\n" . '<br>'; foreach ($_GET as $key => $value) { $email_body .= $key . '=' . $value . "\n" . '<br>'; } xtc_php_mail(EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_ADDRESS, '', EMAIL_BILLING_ADDRESS, EMAIL_BILLING_NAME, false, false, 'PayPal IPN Invalid Process', $email_body, $email_body); } }
<?php require 'includes/application_top.php'; #MN: Check if $_POST form is submited on this page if ($_POST) { switch ($_POST['action']) { case 'widget_active': xtc_db_query("update " . TABLE_WIDGETS . " set widgets_active = !widgets_active where widgets_id = '" . xtc_db_input($_POST['widgets']) . "'"); break; case 'widget_save_position': foreach ($_POST['widgets_id'] as $key => $widget) { $w_x = xtc_db_prepare_input($_POST['widgets_x'][$key]); $w_y = xtc_db_prepare_input($_POST['widgets_y'][$key]); xtc_db_query("update " . TABLE_WIDGETS . " set widgets_x = '" . $w_x . "', widgets_y = '" . $w_y . "' where widgets_id = '" . $widget . "'"); } break; } xtc_redirect(xtc_href_link(FILENAME_START)); } require DIR_WS_INCLUDES . 'head.php'; ?> <style type="text/css"> .gridster li header { background: #999; display: block; font-size: 20px; line-height: normal; padding: 4px 0 6px ;
$carrier_sort_order = xtc_db_prepare_input($_POST['carrier_sort_order']); $date_added = xtc_db_prepare_input($_POST['carrier_date_added']); xtc_db_query("insert into " . TABLE_CARRIERS . " (carrier_name, carrier_tracking_link, carrier_sort_order, carrier_date_added) values ('" . xtc_db_input($carrier_name) . "', '" . xtc_db_input($carrier_tracking_link) . "', '" . xtc_db_input($carrier_sort_order) . "', now())"); xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS)); break; case 'save': $carrier_id = xtc_db_prepare_input($_GET['carrierID']); $carrier_name = xtc_db_prepare_input($_POST['carrier_name']); $carrier_tracking_link = xtc_db_prepare_input($_POST['carrier_tracking_link']); $carrier_sort_order = xtc_db_prepare_input($_POST['carrier_sort_order']); $last_modified = xtc_db_prepare_input($_POST['carrier_last_modified']); xtc_db_query("update " . TABLE_CARRIERS . " set carrier_id = '" . (int) $carrier_id . "', carrier_name = '" . xtc_db_input($carrier_name) . "', carrier_tracking_link = '" . xtc_db_input($carrier_tracking_link) . "', carrier_sort_order = '" . xtc_db_input($carrier_sort_order) . "', carrier_last_modified = now() where carrier_id = '" . (int) $carrier_id . "'"); xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel . '&carrierID=' . $carrier_id)); break; case 'deleteconfirm': $carrier_id = xtc_db_prepare_input($_GET['carrierID']); xtc_db_query("delete from " . TABLE_CARRIERS . " where carrier_id = '" . (int) $carrier_id . "'"); xtc_redirect(xtc_href_link(FILENAME_PARCEL_CARRIERS, 'page=' . $page_parcel)); break; } } require DIR_WS_INCLUDES . 'head.php'; ?> <script type="text/javascript" src="includes/general.js"></script> </head> <body> <!-- header //--> <?php require DIR_WS_INCLUDES . 'header.php'; ?> <!-- header_eof //-->
protected function after_process() { if (isset($this->document->document->documentNumber) && xtc_not_null($this->document->document->documentNumber)) { $process_array = array('orders_id' => xtc_db_prepare_input($this->info['order_id']), 'customers_id' => xtc_db_prepare_input($this->customer['id']), 'easybill_customers_id' => xtc_db_prepare_input($this->customers->customerID), 'billing_id' => xtc_db_prepare_input($this->document->document->documentNumber), 'billing_date' => 'now()'); xtc_db_perform(TABLE_EASYBILL, $process_array); if (MODULE_EASYBILL_DO_STATUS_CHANGE == 'True') { $status_array = array('orders_id' => $this->info['order_id'], 'orders_status_id' => MODULE_EASYBILL_STATUS_CHANGE, 'date_added' => 'now()', 'customer_notified' => '0', 'comments' => EASYBILL_STATUS_CHANGE_COMMENT); xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $status_array); xtc_db_query("UPDATE " . TABLE_ORDERS . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSET orders_status = " . MODULE_EASYBILL_STATUS_CHANGE . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tlast_modified = now()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE orders_id = " . $this->info['order_id']); } } }
function shopDbPrepareInput($string) { return xtc_db_prepare_input($string); }
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?> </td> </tr> <?php if ($_GET['cID']) { $cID = xtc_db_prepare_input($_GET['cID']); // BOF - Tomcraft - 2009-10-11 - BUGFIX: #0000247 view orders query bug in admin //$orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.orders_status, s.orders_status_name, ot.text as order_total from ".TABLE_ORDERS." o left join ".TABLE_ORDERS_TOTAL." ot on (o.orders_id = ot.orders_id), ".TABLE_ORDERS_STATUS." s where o.customers_id = '".xtc_db_input($cID)."' and (o.orders_status = s.orders_status_id and s.language_id = '".$_SESSION['languages_id']."' and ot.class = 'ot_total') or (o.orders_status = '0' and ot.class = 'ot_total' and s.orders_status_id = '1' and s.language_id = '".$_SESSION['languages_id']."') order by orders_id DESC"; $orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.orders_status, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . xtc_db_input($cID) . "' and ((o.orders_status = s.orders_status_id) or (o.orders_status = '0' and s.orders_status_id = '1')) and ot.class = 'ot_total' and s.language_id = '" . $_SESSION['languages_id'] . "' order by orders_id DESC"; // EOF - Tomcraft - 2009-10-11 - BUGFIX: #0000247 view orders query bug in admin } elseif ($_GET['status'] == '0') { $orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.orders_status, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id) where o.orders_status = '0' and ot.class = 'ot_total' order by o.orders_id DESC"; } elseif ($_GET['status']) { $status = xtc_db_prepare_input($_GET['status']); $orders_query_raw = "select o.orders_id, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . $_SESSION['languages_id'] . "' and s.orders_status_id = '" . xtc_db_input($status) . "' and ot.class = 'ot_total' order by o.orders_id DESC"; } elseif ($_GET['action'] == 'search' && $_GET['oID']) { //$orders_query_raw siehe oben //EOF - web28 - 2010-04-10 added for ADMIN SEARCH BAR } else { $orders_query_raw = "select o.orders_id, o.orders_status, o.afterbuy_success, o.afterbuy_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where (o.orders_status = s.orders_status_id and s.language_id = '" . $_SESSION['languages_id'] . "' and ot.class = 'ot_total') or (o.orders_status = '0' and ot.class = 'ot_total' and s.orders_status_id = '1' and s.language_id = '" . $_SESSION['languages_id'] . "') order by o.orders_id DESC"; } $orders_split = new splitPageResults($_GET['page'], '20', $orders_query_raw, $orders_query_numrows); $orders_query = xtc_db_query($orders_query_raw); while ($orders = xtc_db_fetch_array($orders_query)) { if ((!$_GET['oID'] || $_GET['oID'] == $orders['orders_id']) && !$oInfo) { $oInfo = new objectInfo($orders); } if (is_object($oInfo) && $orders['orders_id'] == $oInfo->orders_id) { echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'pointer\'" onclick="document.location.href=\'' . xtc_href_link(FILENAME_ORDERS, xtc_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id . '&action=edit') . '\'">' . "\n";
@version 05.10.2014 - 00:32 ---------------------------------------------------------------------------------------*/ chdir('../../'); require_once 'includes/application_top.php'; // include easymarketing api header require_once DIR_FS_CATALOG . 'api/easymarketing/includes/header.php'; // include easymarketing functions require_once 'includes/functions.php'; $parent_id = isset($_GET['parent_id']) ? (int) $_GET['parent_id'] : NULL; $oLanguage = new language($_GET['lang']); // process request if (isset($parent_id)) { // init array $categories_array = array(); // sql query for categories $categories_query_raw = "SELECT c.categories_id,\n cd.categories_name\n FROM " . TABLE_CATEGORIES . " c\n JOIN " . TABLE_CATEGORIES_DESCRIPTION . " cd\n ON (c.categories_id = cd.categories_id\n AND cd.language_id = '" . $oLanguage->language['id'] . "')\n WHERE c.categories_status = '1'\n AND c.categories_id = '" . xtc_db_prepare_input($parent_id) . "'"; // make sql query $categories_query_result = xtc_db_query($categories_query_raw); // check for result if (xtc_db_num_rows($categories_query_result) > 0) { while ($categories = xtc_db_fetch_array($categories_query_result)) { // build categories array $categories_array = array('id' => $categories['categories_id'], 'name' => mod_convert_string($categories['categories_name']), 'url' => xtc_href_link(FILENAME_DEFAULT, xtc_category_link($categories['categories_id'], $categories['categories_name']), 'NONSSL', false), 'children' => mod_get_sub_categories($categories['categories_id'])); } } elseif ($parent_id == '0') { // build categories array $categories_array = array('id' => $parent_id, 'name' => mod_convert_string(STORE_NAME), 'url' => xtc_href_link(FILENAME_DEFAULT, '', 'NONSSL', false), 'children' => mod_get_sub_categories($parent_id)); } // output categories mod_stream_response($categories_array); } else {
function install() { if (isset($_GET['autoinstall']) && $_GET['autoinstall'] == '1') { // Module already installed if (defined('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_STATUS') && MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_STATUS == 'true') { xtc_redirect(xtc_href_link_admin('admin/modules.php', 'set=payment&module=pn_sofortueberweisung', 'SSL')); } print $this->autoinstall(); exit; } else { $user_id = !empty($_GET['user_id']) ? xtc_db_prepare_input($_GET['user_id']) : '10000'; $project_id = !empty($_GET['project_id']) ? xtc_db_prepare_input($_GET['project_id']) : '500000'; if (!empty($_GET['consumer_protection']) && xtc_db_prepare_input($_GET['consumer_protection']) == '1') { $consumer_protection = 'true'; } else { $consumer_protection = 'false'; } if (isset($_SESSION['pn_sofortueberweisung_pw']) && !empty($_SESSION['pn_sofortueberweisung_pw'])) { $project_password = $_SESSION['pn_sofortueberweisung_pw']; unset($_SESSION['pn_sofortueberweisung_pw']); } else { $project_password = ''; } if (isset($_SESSION['pn_sofortueberweisung_pw2']) && !empty($_SESSION['pn_sofortueberweisung_pw2'])) { $project_password2 = $_SESSION['pn_sofortueberweisung_pw2']; unset($_SESSION['pn_sofortueberweisung_pw2']); } else { $project_password2 = ''; } if (isset($_SESSION['pn_sofortueberweisung_hashAlgorithm']) && !empty($_SESSION['pn_sofortueberweisung_hashAlgorithm'])) { $hashAlgorithm = $_SESSION['pn_sofortueberweisung_hashAlgorithm']; unset($_SESSION['pn_sofortueberweisung_hashAlgorithm']); } else { $hashAlgorithm = $this->pnSofortueberweisung->getSupportedHashAlgorithm(); } xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_STATUS', 'true', '6', '3', 'xtc_cfg_select_option(array(\\'true\\', \\'false\\'), ', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_KS_STATUS', '" . $consumer_protection . "', '6', '3', 'xtc_cfg_select_option(array(\\'true\\', \\'false\\'), ', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_ALLOWED', '', '6', '0', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_USER_ID', '" . (int) $user_id . "', '6', '4', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_PROJECT_ID', '" . (int) $project_id . "', '6', '4', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_PROJECT_PASSWORD', '" . $project_password . "', '6', '4', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_PROJECT_NOTIF_PASSWORD', '" . $project_password2 . "', '6', '4', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_HASH_ALGORITHM', '" . $hashAlgorithm . "', '6', '4', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_SORT_ORDER', '1', '6', '20', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, use_function, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_ZONE', '0', '6', '2', 'xtc_get_zone_class_title', 'xtc_cfg_pull_down_zone_classes(', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_ORDER_STATUS_ID', '0', '6', '10', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_TMP_STATUS_ID', '0', '6', '8', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_UNC_STATUS_ID', '0', '6', '9', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_RECEIVED_STATUS_ID', '0', '6', '11', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, use_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_LOSS_STATUS_ID', '0', '6', '12', 'xtc_cfg_pull_down_order_statuses(', 'xtc_get_order_status_name', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_REASON_1', 'Nr. {{order_id}} Kd-Nr. {{customer_id}}', '6', '4', 'xtc_cfg_select_option(array(\\'Nr. {{order_id}} Kd-Nr. {{customer_id}}\\',\\'-TRANSACTION-\\'), ', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_TEXT_REASON_2', '" . addslashes(STORE_NAME) . "', '6', '4', now())"); xtc_db_query("INSERT INTO " . TABLE_CONFIGURATION . " ( configuration_key, configuration_value, configuration_group_id, sort_order, set_function, date_added) values ('MODULE_PAYMENT_PN_SOFORTUEBERWEISUNG_IMAGE', 'Infographic', '6', '6', 'xtc_cfg_select_option(array(\\'Infographic\\',\\'Logo & Text\\',\\'Logo\\'), ', now())"); } }
---------------------------------------------------------------------------------------*/ include 'includes/application_top.php'; // create smarty elements $smarty = new Smarty(); // include boxes require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php'; // include needed functions require_once DIR_FS_INC . 'xtc_validate_password.inc.php'; require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php'; if (!isset($_SESSION['customer_id'])) { xtc_redirect(xtc_href_link(FILENAME_LOGIN, '', 'SSL')); } if (isset($_POST['action']) && $_POST['action'] == 'process') { $password_current = xtc_db_prepare_input($_POST['password_current']); $password_new = xtc_db_prepare_input($_POST['password_new']); $password_confirmation = xtc_db_prepare_input($_POST['password_confirmation']); $error = false; if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR); } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = xtc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $check_customer = xtc_db_fetch_array($check_customer_query); if (xtc_validate_password($password_current, $check_customer['customers_password'])) {
} } xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page'] . '&oID=' . $cross_sell_id)); } else { $_SESSION['repopulate_form'] = $_REQUEST; $_SESSION['errors'] = $error; xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page'] . '&oID=' . $cross_sell_id . '&action=' . $url_action . '&errors=1')); } break; case 'deleteconfirm': $oID = xtc_db_prepare_input($_GET['oID']); xtc_db_query("delete from " . TABLE_PRODUCTS_XSELL_GROUPS . " where products_xsell_grp_name_id = '" . xtc_db_input($oID) . "'"); xtc_redirect(xtc_href_link(FILENAME_XSELL_GROUPS, 'page=' . $_GET['page'])); break; case 'delete': $oID = xtc_db_prepare_input($_GET['oID']); $cross_sell_query = xtc_db_query("select count(*) as count from " . TABLE_PRODUCTS_XSELL . " where products_xsell_grp_name_id = '" . xtc_db_input($oID) . "'"); $status = xtc_db_fetch_array($cross_sell_query); $remove_status = true; if ($status['count'] > 0) { $remove_status = false; $messageStack->add(ERROR_STATUS_USED_IN_CROSS_SELLS, 'error'); } break; } require DIR_WS_INCLUDES . 'head.php'; ?> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();"> <!-- header //-->
$a_level = xtc_db_prepare_input($_GET['a_level']); $level_clause = " AND a.affiliate_level = '" . $a_level . "'"; } $affiliate_sales_raw = "select a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent,\n a.affiliate_payment, a.affiliate_level AS level,\n o.orders_status as orders_status_id, os.orders_status_name as orders_status, \n MONTH(aa.affiliate_date_account_created) as start_month, YEAR(aa.affiliate_date_account_created) as start_year\n from " . TABLE_AFFILIATE . " aa\n left join " . TABLE_AFFILIATE_SALES . " a on (aa.affiliate_id = a.affiliate_id )\n left join " . TABLE_ORDERS . " o on (a.affiliate_orders_id = o.orders_id) \n left join " . TABLE_ORDERS_STATUS . " os on (o.orders_status = os.orders_status_id and language_id = '" . $_SESSION['languages_id'] . "')\n where a.affiliate_id = '" . $_SESSION['affiliate_id'] . "' " . $period_clause . $status_clause . $level_clause . " \n group by aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, \n a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, \n o.orders_status, os.orders_status_name\n order by affiliate_date DESC"; $count_key = 'aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, o.orders_status, os.orders_status_name'; $affiliate_sales_split = new splitPageResults($affiliate_sales_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $count_key); if ($affiliate_sales_split->number_of_rows > 0) { $affiliate_sales_values = xtc_db_query($affiliate_sales_split->sql_query); $affiliate_sales = xtc_db_fetch_array($affiliate_sales_values); } else { $affiliate_sales_values = xtc_db_query("select MONTH(affiliate_date_account_created) as start_month,\n YEAR(affiliate_date_account_created) as start_year\n FROM " . TABLE_AFFILIATE . " WHERE affiliate_id = '" . $_SESSION['affiliate_id'] . "'"); $affiliate_sales = xtc_db_fetch_array($affiliate_sales_values); } $smarty->assign('period_selector', affiliate_period('a_period', $affiliate_sales['start_year'], $affiliate_sales['start_month'], true, xtc_db_prepare_input($_GET['a_period']), 'onChange="this.form.submit();"')); $smarty->assign('status_selector', affiliate_get_status_list('a_status', xtc_db_prepare_input($_GET['a_status']), 'onChange="this.form.submit();"')); $smarty->assign('level_selector', affiliate_get_level_list('a_level', xtc_db_prepare_input($_GET['a_level']), 'onChange="this.form.submit();"')); require DIR_WS_INCLUDES . 'header.php'; $smarty->assign('affiliate_sales_split_numbers', $affiliate_sales_split->number_of_rows); $smarty->assign('FORM_ACTION', xtc_draw_form('params', xtc_href_link(FILENAME_AFFILIATE_SALES), 'get', 'SSL')); $affiliate_sales_table = ''; if ($affiliate_sales_split->number_of_rows > 0) { $number_of_sales = 0; $sum_of_earnings = 0; do { $number_of_sales++; if ($affiliate_sales['orders_status_id'] >= AFFILIATE_PAYMENT_ORDER_MIN_STATUS) { $sum_of_earnings += $affiliate_sales['affiliate_payment']; } if ($number_of_sales / 2 == floor($number_of_sales / 2)) { $affiliate_sales_table .= '<tr class="productListing-even">'; } else {
Copyright (c) 2003 XT-Commerce -------------------------------------------------------------- based on: (c) 2000-2001 The Exchange Project (earlier name of osCommerce) (c) 2002-2003 osCommerce(popup_image.php,v 1.6 2002/05/20); www.oscommerce.com (c) 2003 nextcommerce (popup_image.php,v 1.7 2003/08/18); www.nextcommerce.org Released under the GNU General Public License --------------------------------------------------------------*/ require 'includes/application_top.php'; reset($_GET); while (list($key, ) = each($_GET)) { switch ($key) { case 'banner': $banners_id = xtc_db_prepare_input($_GET['banner']); $banner_query = xtc_db_query("select banners_title, banners_image, banners_html_text from " . TABLE_BANNERS . " where banners_id = '" . xtc_db_input($banners_id) . "'"); $banner = xtc_db_fetch_array($banner_query); $page_title = $banner['banners_title']; if ($banner['banners_html_text']) { $image_source = $banner['banners_html_text']; } elseif ($banner['banners_image']) { $image_source = xtc_image(HTTP_CATALOG_SERVER . DIR_WS_CATALOG_IMAGES . $banner['banners_image'], $page_title); } break; } } require DIR_WS_INCLUDES . 'head.php'; ?> <script type="text/javascript"><!-- var i=0;
$parent_check = xtc_db_prepare_input($_POST['parent_check']); $parent_id = xtc_db_prepare_input($_POST['parent']); $time = xtc_db_prepare_input(date("Y-m-d H:i:s")); $content_query = xtc_db_query("SELECT MAX(content_group) AS content_group FROM " . TABLE_CONTENT_MANAGER . ""); $content_data = mysqli_fetch_row($content_query); if ($_POST['content_group'] == '0' || $_POST['content_group'] == '') { $group_id = $content_data[0] + 1; } else { $group_id = xtc_db_prepare_input($_POST['content_group']); } $group_ids = $group_ids; $sort_order = xtc_db_prepare_input($_POST['sort_order']); $content_meta_title = xtc_db_prepare_input($_POST['cont_meta_title']); $content_meta_description = xtc_db_prepare_input($_POST['cont_meta_description']); $content_meta_keywords = xtc_db_prepare_input($_POST['cont_meta_keywords']); $content_meta_index = xtc_db_prepare_input($_POST['cont_meta_index']); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { if ($languages[$i]['code'] == $content_language) { $content_language = $languages[$i]['id']; } } // for $error = false; // reset error flag if (strlen($content_title) < 1) { $error = true; $messageStack->add(ERROR_TITLE, 'error'); } // if if ($content_status == 'yes') { $content_status = 1;
<?php if (isset($_GET['cID'])) { $cID = (int) $_GET['cID']; $orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . ",\n s.orders_status_name\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN (" . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s)\n ON (o.orders_id = ot.orders_id\n AND (o.orders_status = s.orders_status_id\n OR (o.orders_status = '0' AND s.orders_status_id = '1')\n )\n )\n WHERE o.customers_id = '" . xtc_db_input($cID) . "'\n AND ot.class = 'ot_total'\n AND s.language_id = '" . (int) $_SESSION['languages_id'] . "'\n ORDER BY orders_id DESC"; } elseif (isset($_GET['status']) && $_GET['status'] == '0') { $orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . "\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN " . TABLE_ORDERS_TOTAL . " ot ON (o.orders_id = ot.orders_id)\n WHERE o.orders_status = '0'\n AND ot.class = 'ot_total'\n ORDER BY o.orders_id DESC"; } elseif (isset($_GET['status']) && xtc_not_null($_GET['status']) || isset($_GET['payment_method']) && xtc_not_null($_GET['payment_method'])) { //web28 - 2012-04-14 - FIX xtc_not_null($_GET['status']) $status_query_string = ""; if (isset($_GET['status']) && xtc_not_null($_GET['status'])) { $status = xtc_db_prepare_input($_GET['status']); $status_query_string = "AND s.orders_status_id = '" . xtc_db_input($status) . "' "; } $payment_method_query_string = ""; if (isset($_GET['payment_method']) && xtc_not_null($_GET['payment_method'])) { $payment_method = xtc_db_prepare_input($_GET['payment_method']); $payment_method_query_string = "AND o.payment_method = '" . xtc_db_input($payment_method) . "' "; } $orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . ",\n s.orders_status_name\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN (" . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s)\n ON (o.orders_id = ot.orders_id AND o.orders_status = s.orders_status_id)\n WHERE s.language_id = '" . (int) $_SESSION['languages_id'] . "'\n " . $status_query_string . "\n " . $payment_method_query_string . "\n AND ot.class = 'ot_total'\n ORDER BY o.orders_id DESC"; } elseif ($action == 'search' && $oID) { // ADMIN SEARCH BAR $orders_query_raw moved it to the top } else { $orders_query_raw = "-- /admin/orders.php\n SELECT " . $order_select_fields . ",\n s.orders_status_name\n FROM " . TABLE_ORDERS . " o\n LEFT JOIN (" . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s)\n ON (o.orders_id = ot.orders_id AND o.orders_status = s.orders_status_id)\n WHERE (s.language_id = '" . (int) $_SESSION['languages_id'] . "'\n AND ot.class = 'ot_total')\n OR (o.orders_status = '0'\n AND ot.class = 'ot_total'\n AND s.orders_status_id = '1'\n AND s.language_id = '" . (int) $_SESSION['languages_id'] . "')\n ORDER BY o.orders_id DESC"; } $orders_split = new splitPageResults($_GET['page'], MAX_DISPLAY_ORDER_RESULTS, $orders_query_raw, $orders_query_numrows); $orders_query = xtc_db_query($orders_query_raw); while ($orders = xtc_db_fetch_array($orders_query)) { if ((!xtc_not_null($oID) || isset($oID) && $oID == $orders['orders_id']) && !isset($oInfo)) { //web28 - 2012-04-14 - FIX !xtc_not_null($oID) $oInfo = new objectInfo($orders); }
$old_fields = array(array('FIRST_NAME', ENTRY_FIRST_NAME_MIN_LENGTH, ENTRY_FIRST_NAME_ERROR, TEXT_FIRSTNAME), array('LAST_NAME', ENTRY_LAST_NAME_MIN_LENGTH, ENTRY_LAST_NAME_ERROR, TEXT_LASTNAME), array('EMAIL_ADRESS', ENTRY_EMAIL_ADDRESS_MIN_LENGTH, ENTRY_EMAIL_ADDRESS_ERROR, TEXT_EMAIL), array('STREET_ADRESS', ENTRY_STREET_ADDRESS_MIN_LENGTH, ENTRY_STREET_ADDRESS_ERROR, TEXT_STREET), array('POST_CODE', ENTRY_POSTCODE_MIN_LENGTH, ENTRY_POST_CODE_ERROR, TEXT_POSTCODE), array('CITY', ENTRY_CITY_MIN_LENGTH, ENTRY_CITY_ERROR, TEXT_CITY), array(EMPTY_STRING, 0, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING), array('TELEPHONE', ENTRY_TELEPHONE_MIN_LENGTH, ENTRY_TELEPHONE_NUMBER_ERROR, TEXT_TEL), array('PASSWORD', ENTRY_PASSWORD_MIN_LENGTH, ENTRY_PASSWORD_ERROR, TEXT_PASSWORD), array('PASSWORD_CONFIRMATION', ENTRY_PASSWORD_MIN_LENGTH, ENTRY_PASSWORD_ERROR, TEXT_PASSWORD_CONF)); $old_fields_count = sizeof($old_fields); $old_fields_1 = array(array('STORE_NAME', ENTRY_LAST_NAME_MIN_LENGTH, ENTRY_STORE_NAME_ERROR, TEXT_STORE), array('COMPANY', ENTRY_LAST_NAME_MIN_LENGTH, ENTRY_COMPANY_ERROR, TEXT_COMPANY), array('EMAIL_ADRESS_FROM', ENTRY_EMAIL_ADDRESS_MIN_LENGTH, ENTRY_EMAIL_ADDRESS_FROM_ERROR, TEXT_EMAIL_FROM)); $old_fields_1_count = sizeof($old_fields_1); $new_fields = array(array('STORE_BANK_NAME', 0, EMPTY_STRING), array('STORE_BANK_BLZ', 0, EMPTY_STRING), array('STORE_BANK_ACCOUNT', 0, EMPTY_STRING), array('STORE_BANK_BIC', 0, EMPTY_STRING), array('STORE_BANK_IBAN', 0, EMPTY_STRING), array('STORE_USTID', 0, EMPTY_STRING), array('STORE_TAXNR', 0, EMPTY_STRING), array('STORE_REGISTER', 0, EMPTY_STRING), array('STORE_REGISTER_NR', 0, EMPTY_STRING), array('STORE_MANAGER', 0, EMPTY_STRING), array('STORE_DIRECTOR', 0, EMPTY_STRING)); $new_fields_count = sizeof($new_fields); if ($process) { for ($i = 0; $i < $old_fields_count; $i++) { $old_field = $old_fields[$i]; $field_name = $old_field[0]; if ($field_name) { $variable_name = strtolower($field_name); ${$variable_name} = get_check_input($field_name, $old_field[1], $old_field[2]); } } $zone_setup = xtc_db_prepare_input($_POST[$zone_setup_text]); if ($password != $password_confirmation) { $error = true; $messageStack->add($install_step, ENTRY_PASSWORD_ERROR_NOT_MATCHING); } for ($i = 0; $i < $old_fields_1_count; $i++) { $old_field = $old_fields_1[$i]; $field_name = $old_field[0]; if ($field_name) { $variable_name = strtolower($field_name); ${$variable_name} = get_check_input($field_name, $old_field[1], $old_field[2]); } } for ($i = 0; $i < $new_fields_count; $i++) { $new_field = $new_fields[$i]; $field_name = $new_field[0];
function saveMappings() { foreach ($_POST['mappingFields'] as $mappingField => $mappingFieldValues) { xtc_db_query("UPDATE easymarketing_mappings SET mapping_field_values = '" . $mappingFieldValues . "', mapping_field_default_value = '" . xtc_db_prepare_input($_POST['mappingDefaultFields'][$mappingField]) . "' WHERE mapping_field = '" . $mappingField . "'"); } }
$contents[] = array('text' => '<br />' . TEXT_DATE_ACCOUNT_LAST_MODIFIED . ' ' . xtc_date_short($cInfo->date_account_last_modified)); // BOF - Tomcraft - 2011-01-16 - Additionally show time for customers last logon time //$contents[] = array ('text' => '<br />'.TEXT_INFO_DATE_LAST_LOGON.' '.xtc_date_short($cInfo->date_last_logon)); $contents[] = array('text' => '<br />' . TEXT_INFO_DATE_LAST_LOGON . ' ' . xtc_datetime_short($cInfo->date_last_logon)); // EOF - Tomcraft - 2011-01-16 - Additionally show time for customers last logon time $contents[] = array('text' => '<br />' . TEXT_INFO_NUMBER_OF_LOGONS . ' ' . $cInfo->number_of_logons); $contents[] = array('text' => '<br />' . TEXT_INFO_COUNTRY . ' ' . $cInfo->countries_name); $contents[] = array('text' => '<br />' . TEXT_INFO_NUMBER_OF_REVIEWS . ' ' . $cInfo->number_of_reviews); //BOF - DokuMan - 2010-11-02 - Workaround for customer details not showing on iplog-Box } //EOF - DokuMan - 2010-11-02 - Workaround for customer details not showing on iplog-Box } if ($action == 'iplog') { if (isset($_GET['cID'])) { $contents[] = array('text' => '<br /><b>IPLOG :'); $customers_id = xtc_db_prepare_input($_GET['cID']); $customers_log_info_array = xtc_get_user_info($customers_id); if (xtc_db_num_rows($customers_log_info_array)) { while ($customers_log_info = xtc_db_fetch_array($customers_log_info_array)) { $contents[] = array('text' => '<tr>' . "\n" . '<td class="smallText">' . $customers_log_info['customers_ip_date'] . ' ' . $customers_log_info['customers_ip'] . ' ' . $customers_log_info['customers_advertiser']); } } } } break; } if (xtc_not_null($heading) && xtc_not_null($contents)) { echo ' <div class="col-lg-2 col-md-12 hidden-sm hidden-xs pull-right">' . "\n"; #col-sm-12 col-xs-12 $box = new box(); echo $box->infoBox($heading, $contents);
function getNext() { switch ($this->mode) { // yearly case '1': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd), date("Y", $sd) + 1); break; // monthly // monthly case '2': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd) + 1, 1, date("Y", $sd)); break; // weekly // weekly case '3': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 7, date("Y", $sd)); break; // daily // daily case '4': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 1, date("Y", $sd)); break; } if ($ed > $this->endDate) { $ed = $this->endDate; } $filterString = ""; if ($this->statusFilter > 0) { $filterString .= " AND o.orders_status = " . $this->statusFilter . " "; } if (!is_numeric($this->paymentFilter)) { $filterString .= " AND o.payment_method ='" . xtc_db_prepare_input($this->paymentFilter) . "' "; } $rqOrders = xtc_db_query($this->queryOrderCnt . " WHERE o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString); $order = xtc_db_fetch_array($rqOrders); $rqShipping = xtc_db_query($this->queryShipping . " AND o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString); $shipping = xtc_db_fetch_array($rqShipping); $rqItems = xtc_db_query($this->queryItemCnt . " AND o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString . " group by pid " . $this->sortString); // set the return values $this->actDate = $ed; $this->showDate = $sd; $this->showDateEnd = $ed - 60 * 60 * 24; // execute the query $cnt = 0; $itemTot = 0; $sumTot = 0; while ($resp[$cnt] = xtc_db_fetch_array($rqItems)) { // to avoid rounding differences round for every quantum // multiply with the number of items afterwords. $price = $resp[$cnt]['psum'] / $resp[$cnt]['pquant']; // products_attributes // are there any attributes for this order_id ? $rqAttr = xtc_db_query($this->queryAttr . " AND o.date_purchased >= '" . xtc_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . xtc_db_input(date("Y-m-d\\TH:i:s", $ed)) . "' AND op.products_id = " . $resp[$cnt]['pid'] . $filterString . " group by products_options_values order by orders_products_id"); $i = 0; while ($attr[$i] = xtc_db_fetch_array($rqAttr)) { $i++; } // values per date if ($i > 0) { $price2 = 0; $price3 = 0; $option = array(); $k = -1; $ord_pro_id_old = 0; for ($j = 0; $j < $i; $j++) { if ($attr[$j]['price_prefix'] == "-") { $price2 += -1 * $attr[$j]['options_values_price']; $price3 = -1 * $attr[$j]['options_values_price']; $prefix = "-"; } else { $price2 += $attr[$j]['options_values_price']; $price3 = $attr[$j]['options_values_price']; $prefix = "+"; } $ord_pro_id = $attr[$j]['orders_products_id']; if ($ord_pro_id != $ord_pro_id_old) { $k++; $l = 0; // set values $option[$k]['quant'] = $attr[$j]['attr_cnt']; $option[$k]['options'][0] = $attr[$j]['products_options']; $option[$k]['options_values'][0] = $attr[$j]['products_options_values']; if ($price3 != 0) { //$option[$k]['price'][0] = xtc_add_tax($price3, $resp[$cnt]['ptax']); $option[$k]['price'][0] = $price3; } else { $option[$k]['price'][0] = 0; } } else { $l++; // update values $option[$k]['options'][$l] = $attr[$j]['products_options']; $option[$k]['options_values'][$l] = $attr[$j]['products_options_values']; if ($price3 != 0) { //$option[$k]['price'][$l] = xtc_add_tax($price3, $resp[$cnt]['ptax']); $option[$k]['price'][$l] = $price3; } else { $option[$k]['price'][$l] = 0; } } $ord_pro_id_old = $ord_pro_id; } // set attr value $resp[$cnt]['attr'] = $option; } else { $resp[$cnt]['attr'] = ""; } //$resp[$cnt]['price'] = xtc_add_tax($price, $resp[$cnt]['ptax']); //$resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * xtc_add_tax($price, $resp[$cnt]['ptax']); $resp[$cnt]['price'] = $price; $resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * $price; $resp[$cnt]['order'] = $order['order_cnt']; $resp[$cnt]['shipping'] = $shipping['shipping']; // values per date and item $sumTot += $resp[$cnt]['psum']; $itemTot += $resp[$cnt]['pquant']; // add totsum and totitem until current row $resp[$cnt]['totsum'] = $sumTot; $resp[$cnt]['totitem'] = $itemTot; $cnt++; } return $resp; }
} } //// zahlungsweise in session schreiben $_SESSION['payment'] = 'paypalexpress'; if (isset($_POST['act_shipping'])) { $_SESSION['act_shipping'] = 'true'; } if (isset($_POST['act_payment'])) { $_SESSION['act_payment'] = 'true'; } if (isset($_POST['payment'])) { $_SESSION['payment'] = xtc_db_prepare_input($_POST['payment']); } if (!empty($_POST['comments_added'])) { //Dokuman - 2012-05-31 - fix paypal_checkout notices $_SESSION['comments'] = xtc_db_prepare_input($_POST['comments']); } //-- TheMedia Begin check if display conditions on checkout page is true if (isset($_POST['cot_gv'])) { $_SESSION['cot_gv'] = true; } // if there is nothing in the customers cart, redirect them to the shopping cart page if ($_SESSION['cart']->count_contents() < 1) { xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART)); } // Kein Token mehr da durch Back im Browser auf die Seite if (!$_SESSION['nvpReqArray']['TOKEN'] or !$_SESSION['reshash']['PAYERID']) { unset($_SESSION['payment']); unset($_SESSION['nvpReqArray']); unset($_SESSION['reshash']); unset($_SESSION['sendto']);
xtc_db_query("insert into " . TABLE_TAX_RATES . " (tax_zone_id, tax_class_id, tax_rate, tax_description, tax_priority, date_added) values ('" . xtc_db_input($tax_zone_id) . "', '" . xtc_db_input($tax_class_id) . "', '" . xtc_db_input($tax_rate) . "', '" . xtc_db_input($tax_description) . "', '" . xtc_db_input($tax_priority) . "', now())"); xtc_redirect(xtc_href_link(FILENAME_TAX_RATES)); break; case 'save': $tax_rates_id = xtc_db_prepare_input($_GET['tID']); $tax_zone_id = xtc_db_prepare_input($_POST['tax_zone_id']); $tax_class_id = xtc_db_prepare_input($_POST['tax_class_id']); $tax_rate = xtc_db_prepare_input($_POST['tax_rate']); $tax_description = xtc_db_prepare_input($_POST['tax_description']); $tax_priority = xtc_db_prepare_input($_POST['tax_priority']); $last_modified = xtc_db_prepare_input($_POST['last_modified']); xtc_db_query("update " . TABLE_TAX_RATES . " set tax_rates_id = '" . xtc_db_input($tax_rates_id) . "', tax_zone_id = '" . xtc_db_input($tax_zone_id) . "', tax_class_id = '" . xtc_db_input($tax_class_id) . "', tax_rate = '" . xtc_db_input($tax_rate) . "', tax_description = '" . xtc_db_input($tax_description) . "', tax_priority = '" . xtc_db_input($tax_priority) . "', last_modified = now() where tax_rates_id = '" . xtc_db_input($tax_rates_id) . "'"); xtc_redirect(xtc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id)); break; case 'deleteconfirm': $tax_rates_id = xtc_db_prepare_input($_GET['tID']); xtc_db_query("delete from " . TABLE_TAX_RATES . " where tax_rates_id = '" . xtc_db_input($tax_rates_id) . "'"); xtc_redirect(xtc_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'])); break; } } require DIR_WS_INCLUDES . 'head.php'; ?> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();"> <!-- header //--> <?php require DIR_WS_INCLUDES . 'header.php'; ?> <!-- header_eof //-->