public function authentication() { if (!isset($_POST['admin_name']) || empty($_POST['admin_name']) || !isset($_POST['admin_pass']) || empty($_POST['admin_pass'])) { $this->authenticed = false; $this->addError('"name" and "password" invalid.'); } else { $admin_name = zen_db_prepare_input($_POST['admin_name']); $admin_pass = zen_db_prepare_input($_POST['admin_pass']); $sql = "select admin_id, admin_name, admin_pass from " . TABLE_ADMIN . " where admin_name = '" . zen_db_input($admin_name) . "'"; $result = $this->db->Execute($sql); if (isset($result->fields) && $admin_name == $result->fields['admin_name'] && zen_validate_password($admin_pass, $result->fields['admin_pass'])) { $this->authenticed = true; } else { if (!isset($result->fields) || !($admin_name == $result->fields['admin_name'])) { $this->authenticed = false; $this->addError('"name" invalid.'); } if (!isset($result->fields) || !zen_validate_password($admin_pass, $result->fields['admin_pass'])) { $this->authenticed = false; $this->addError('"password" invalid.'); } } } return $this->authenticed; }
/** * @package ZenCart_Functions */ function zen_update_whos_online() { global $gBitDb; if (!empty($_SESSION['customer_id'])) { $wo_customer_id = $_SESSION['customer_id']; $customer_query = "select `customers_firstname`, `customers_lastname`\n from " . TABLE_CUSTOMERS . "\n where `customers_id` = '" . (int) $_SESSION['customer_id'] . "'"; $customer = $gBitDb->Execute($customer_query); $wo_full_name = $customer->fields['customers_firstname'] . ' ' . $customer->fields['customers_lastname']; } else { $wo_customer_id = ''; $wo_full_name = 'Guest'; } $wo_session_id = zen_session_id(); $wo_ip_address = $_SERVER['REMOTE_ADDR']; $wo_last_page_url = $_SERVER['REQUEST_URI']; $wo_user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']) : '-'; $current_time = time(); $xx_mins_ago = $current_time - 900; // remove entries that have expired $sql = "delete from " . TABLE_WHOS_ONLINE . "\n where `time_last_click` < '" . $xx_mins_ago . "'"; $gBitDb->Execute($sql); $stored_customer_query = 'select count(*) as "count" from ' . TABLE_WHOS_ONLINE . "\n where `session_id` = '" . zen_db_input($wo_session_id) . "'"; $stored_customer = $gBitDb->Execute($stored_customer_query); if (empty($wo_customer_id)) { $wo_customer_id = NULL; } if ($stored_customer->fields['count'] > 0) { $sql = "update " . TABLE_WHOS_ONLINE . "\n set `customer_id` = ?, `full_name` = ?, `ip_address` = ?, `time_last_click` = ?, `last_page_url` = ?, `host_address` = ?, `user_agent` = ?\n where `session_id` = ?"; $gBitDb->query($sql, array($wo_customer_id, $wo_full_name, $wo_ip_address, $current_time, substr($wo_last_page_url, 0, 255), $_SESSION['customers_host_address'], substr($wo_user_agent, 0, 255), $wo_session_id)); } else { $sql = "insert into " . TABLE_WHOS_ONLINE . "\n (`customer_id`, `full_name`, `session_id`, `ip_address`, `time_entry`,\n `time_last_click`, `last_page_url`, `host_address`, `user_agent`)\n values ( ?, ?, ?, ?, ?, ?, ?, ?, ? )"; $gBitDb->query($sql, array($wo_customer_id, $wo_full_name, $wo_session_id, $wo_ip_address, $current_time, $current_time, $wo_last_page_url, $_SESSION['customers_host_address'], $wo_user_agent)); } }
function storeManufacturer(&$pParamHash) { $sql_data_array = array('manufacturers_name' => zen_db_prepare_input($pParamHash['manufacturers_name'])); $sql_data_array['manufacturers_image'] = !empty($pParamHash['manufacturers_image']) ? $pParamHash['manufacturers_image'] : NULL; if (!empty($pParamHash['manufacturers_id']) && $this->manufacturerExists($pParamHash['manufacturers_id'])) { $sql_data_array['last_modified'] = $gBitDb->NOW(); $manufacturers_id = zen_db_prepare_input($pParamHash['manufacturers_id']); $gBitDb->associateInsert(TABLE_MANUFACTURERS, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "'"); } else { if (!empty($pParamHash['manufacturers_id'])) { $sql_data_array['manufacturers_id'] = $pParamHash['manufacturers_id']; } $sql_data_array['date_added'] = $gBitDb->NOW(); $gBitDb->associateInsert(TABLE_MANUFACTURERS, $sql_data_array); if (!empty($pParamHash['manufacturers_id'])) { $sql_data_array['manufacturers_id'] = $pParamHash['manufacturers_id']; } } $languages = zen_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $manufacturers_url_array = $pParamHash['manufacturers_url']; $language_id = $languages[$i]['id']; $sql_data_array = array('manufacturers_url' => zen_db_prepare_input($manufacturers_url_array[$language_id])); if ($action == 'insert') { $insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); $gBitDb->associateInsert(TABLE_MANUFACTURERS_INFO, $sql_data_array); } elseif ($action == 'save') { $gBitDb->associateInsert(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'"); } } }
function notifierUpdate($notifier) { global $db; global $order; switch ($notifier) { case 'NOTIFY_HEADER_START_CHECKOUT_SHIPPING': if (zen_not_null($_POST['calendar_hope_delivery_day'])) { $_SESSION['calendar_hope_delivery_day'] = zen_db_prepare_input($_POST['calendar_hope_delivery_day']); } if (zen_not_null($_POST['calendar_hope_delivery_time'])) { $_SESSION['calendar_hope_delivery_time'] = zen_db_prepare_input($_POST['calendar_hope_delivery_time']); } break; case 'NOTIFY_CHECKOUT_PROCESS_AFTER_PAYMENT_MODULES_BEFOREPROCESS': // // 希望配送日時をコメントへ付加する $order->info['comments'] = MODULE_CALENDAR_HOPE_DELIVERY_DAY_HEADER . ":" . $_SESSION['calendar_hope_delivery_day'] . "\n" . MODULE_CALENDAR_HOPE_DELIVERY_TIME_HEADER . ":" . $_SESSION['calendar_hope_delivery_time'] . "\n" . $order->info['comments']; break; case 'NOTIFY_CHECKOUT_PROCESS_AFTER_SEND_ORDER_EMAIL': $_SESSION['calendar_hope_delivery_day'] = ''; $_SESSION['calendar_hope_delivery_time'] = ''; unset($_SESSION['calendar_hope_delivery_day']); unset($_SESSION['calendar_hope_delivery_time']); break; } }
/** * @package ZenCart_Functions */ function zen_update_whos_online() { global $db; if ($_SESSION['customer_id']) { $wo_customer_id = $_SESSION['customer_id']; $customer_query = "select customers_firstname, customers_lastname\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'"; $customer = $db->Execute($customer_query); $wo_full_name = $customer->fields['customers_firstname'] . ' ' . $customer->fields['customers_lastname']; } else { $wo_customer_id = ''; $wo_full_name = 'Guest'; } $wo_session_id = zen_session_id(); $wo_ip_address = $_SERVER['REMOTE_ADDR']; $wo_last_page_url = $_SERVER['REQUEST_URI']; $wo_user_agent = zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']); $current_time = time(); $xx_mins_ago = $current_time - 900; // remove entries that have expired $sql = "delete from " . TABLE_WHOS_ONLINE . "\r\n where time_last_click < '" . $xx_mins_ago . "'"; $db->Execute($sql); $stored_customer_query = "select count(*) as count\r\n from " . TABLE_WHOS_ONLINE . "\r\n where session_id = '" . zen_db_input($wo_session_id) . "'"; $stored_customer = $db->Execute($stored_customer_query); if ($stored_customer->fields['count'] > 0) { $sql = "update " . TABLE_WHOS_ONLINE . "\r\n set customer_id = '" . (int) $wo_customer_id . "',\r\n full_name = '" . zen_db_input($wo_full_name) . "',\r\n ip_address = '" . zen_db_input($wo_ip_address) . "',\r\n time_last_click = '" . zen_db_input($current_time) . "',\r\n last_page_url = '" . zen_db_input($wo_last_page_url) . "',\r\n host_address = '" . zen_db_input($_SESSION['customers_host_address']) . "',\r\n user_agent = '" . zen_db_input($wo_user_agent) . "'\r\n where session_id = '" . zen_db_input($wo_session_id) . "'"; $db->Execute($sql); } else { $sql = "insert into " . TABLE_WHOS_ONLINE . "\r\n (customer_id, full_name, session_id, ip_address, time_entry,\r\n time_last_click, last_page_url, host_address, user_agent)\r\n values ('" . (int) $wo_customer_id . "', '" . zen_db_input($wo_full_name) . "', '" . zen_db_input($wo_session_id) . "', '" . zen_db_input($wo_ip_address) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($wo_last_page_url) . "', '" . zen_db_input($_SESSION['customers_host_address']) . "', '" . zen_db_input($wo_user_agent) . "')"; $db->Execute($sql); } }
function send($newsletter_id) { global $db; $audience_select = get_audience_sql_query($this->query_name, 'newsletters'); $audience = $db->Execute($audience_select['query_string']); $records = $audience->RecordCount(); if ($records == 0) { return 0; } $i = 0; while (!$audience->EOF) { $i++; $html_msg['EMAIL_FIRST_NAME'] = $audience->fields['customers_firstname']; $html_msg['EMAIL_LAST_NAME'] = $audience->fields['customers_lastname']; $html_msg['EMAIL_GREET'] = EMAIL_GREET; $html_msg['EMAIL_MESSAGE_HTML'] = $this->content_html; zen_mail($audience->fields['customers_firstname'] . ' ' . $audience->fields['customers_lastname'], $audience->fields['customers_email_address'], $this->title, $this->content, STORE_NAME, EMAIL_FROM, $html_msg, 'newsletters'); echo zen_image(DIR_WS_ICONS . 'tick.gif', $audience->fields['customers_email_address']); //force output to the screen to show status indicator each time a message is sent... if (function_exists('ob_flush')) { @ob_flush(); } @flush(); $audience->MoveNext(); } $newsletter_id = zen_db_prepare_input($newsletter_id); $db->Execute("update " . TABLE_NEWSLETTERS . "\r\n set date_sent = now(), status = '1'\r\n where newsletters_id = '" . zen_db_input($newsletter_id) . "'"); return $records; //return number of records processed whether successful or not }
function objectInfo($object_array) { //this line should be added, but should be tested first: // if (!is_array($object_array)) return; reset($object_array); while (list($key, $value) = each($object_array)) { $this->{$key} = zen_db_prepare_input($value); } }
function googlebase() { global $db; $result = $db->Execute("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key='GOOGLEBASE_BULK_OPTIONS'"); if (!$result->EOF) { $this->_options = unserialize(zen_db_prepare_input($result->fields['configuration_value'])); } else { $this->_options = array(); } }
/** * @param $object_array */ function updateObjectInfo($object_array) { if (!is_array($object_array)) { return; } reset($object_array); while (list($key, $value) = each($object_array)) { $this->{$key} = zen_db_prepare_input($value); } }
function zen_visitors_update_visitors_data($customers_id, $customers_email_address) { global $db; $customers_id = zen_db_prepare_input($customers_id); $customers_email_address = zen_db_prepare_input($customers_email_address); $check_email = $db->Execute("select customers_email_address\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_email_address = '" . zen_db_input($customers_email_address) . "'\r\n and customers_id != '" . (int) $customers_id . "'"); if (!$check_email->RecordCount()) { $sql_data_array = array('visitors_email_address' => $customers_email_address, 'visitors_info_date_account_last_modified' => 'now()'); zen_db_perform(TABLE_VISITORS, $sql_data_array, 'update', "visitors_id = '" . (int) $customers_id . "'"); } }
function update_status($oID, $new_status, $notified = 0, $comments = '') { global $db; if ($notified == -1) { $cust_notified = -1; } elseif ($notified == 1) { $cust_notified = 1; } else { $cust_notified = 0; } $db->Execute("INSERT INTO " . TABLE_ORDERS_STATUS_HISTORY . "\n (orders_id, orders_status_id, date_added, customer_notified, comments)\n VALUES ('" . (int) $oID . "',\n '" . $new_status . "',\n now(),\n '" . $cust_notified . "',\n '" . zen_db_prepare_input($comments) . "')"); $db->Execute("UPDATE " . TABLE_ORDERS . " SET\n orders_status = '" . $new_status . "', last_modified = now()\n WHERE orders_id = '" . (int) $oID . "'"); }
function zen_db_prepare_input($string) { if (is_string($string)) { return trim(stripslashes($string)); } elseif (is_array($string)) { reset($string); while (list($key, $value) = each($string)) { $string[$key] = zen_db_prepare_input($value); } return $string; } else { return $string; } }
public function recordFirstStep($orderId, $paramsSAR, $responseSAR) { global $db; $datetime = new DateTime('NOW'); if ($this->_getStep($orderId) == self::FIRST_STEP) { $requestKey = $responseSAR['RequestKey']; $publicRequestKey = $responseSAR['PublicRequestKey']; $query = "UPDATE todopago_transaccion SET first_step = '" . $datetime->format('Y-m-d H:i:s') . "', params_SAR = '" . zen_db_input(zen_db_prepare_input(json_encode($paramsSAR))) . "', response_SAR = '" . zen_db_input(zen_db_prepare_input(json_encode($responseSAR))) . "', request_key = '" . zen_db_input(zen_db_prepare_input($requestKey)) . "', public_request_key = '" . zen_db_input(zen_db_prepare_input($publicRequestKey)) . "' WHERE id_orden = " . $orderId; $db->Execute($query); return $query; } else { return 0; } }
/** * zen_update_whos_online */ function zen_update_whos_online() { global $db; if (isset($_SESSION['customer_id']) && $_SESSION['customer_id']) { $wo_customer_id = $_SESSION['customer_id']; $customer_query = "select customers_firstname, customers_lastname\n from " . TABLE_CUSTOMERS . "\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'"; $customer = $db->Execute($customer_query); $wo_full_name = $customer->fields['customers_lastname'] . ', ' . $customer->fields['customers_firstname']; } else { $wo_customer_id = ''; $wo_full_name = '¥' . 'Guest'; } $wo_session_id = zen_session_id(); $wo_ip_address = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'Unknown'; $wo_user_agent = substr(zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']), 0, 254); $_SERVER['QUERY_STRING'] = isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '' ? $_SERVER['QUERY_STRING'] : zen_get_all_get_params(); if (isset($_SERVER['REQUEST_URI'])) { $uri = $_SERVER['REQUEST_URI']; } else { if (isset($_SERVER['QUERY_STRING'])) { $uri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; } else { $uri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0]; } } if (substr($uri, -1) == '?') { $uri = substr($uri, 0, strlen($uri) - 1); } $wo_last_page_url = zen_not_null($uri) ? substr($uri, 0, 254) : 'Unknown'; $current_time = time(); $xx_mins_ago = $current_time - 900; // remove entries that have expired $sql = "delete from " . TABLE_WHOS_ONLINE . "\n where time_last_click < '" . $xx_mins_ago . "'"; $db->Execute($sql); $stored_customer_query = "select count(*) as count\n from " . TABLE_WHOS_ONLINE . "\n where session_id = '" . zen_db_input($wo_session_id) . "' and ip_address='" . zen_db_input($wo_ip_address) . "'"; $stored_customer = $db->Execute($stored_customer_query); if (empty($wo_session_id)) { $wo_full_name = '¥' . 'Spider'; } if ($stored_customer->fields['count'] > 0) { $sql = "update " . TABLE_WHOS_ONLINE . "\n set customer_id = '" . (int) $wo_customer_id . "',\n full_name = '" . zen_db_input($wo_full_name) . "',\n ip_address = '" . zen_db_input($wo_ip_address) . "',\n time_last_click = '" . zen_db_input($current_time) . "',\n last_page_url = '" . zen_db_input($wo_last_page_url) . "',\n host_address = '" . zen_db_input($_SESSION['customers_host_address']) . "',\n user_agent = '" . zen_db_input($wo_user_agent) . "'\n where session_id = '" . zen_db_input($wo_session_id) . "' and ip_address='" . zen_db_input($wo_ip_address) . "'"; $db->Execute($sql); } else { $sql = "insert into " . TABLE_WHOS_ONLINE . "\n (customer_id, full_name, session_id, ip_address, time_entry,\n time_last_click, last_page_url, host_address, user_agent)\n values ('" . (int) $wo_customer_id . "', '" . zen_db_input($wo_full_name) . "', '" . zen_db_input($wo_session_id) . "', '" . zen_db_input($wo_ip_address) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($wo_last_page_url) . "', '" . zen_db_input($_SESSION['customers_host_address']) . "', '" . zen_db_input($wo_user_agent) . "')"; $db->Execute($sql); } }
function zen_get_not_setuped_layout_pages($template_dir) { global $db; $setuped_pages_id = array(); $setuped_pages = $db->Execute("SELECT layout_page FROM " . TABLE_LAYOUT_BOXES . " WHERE layout_template = '" . zen_db_prepare_input($template_dir) . "' GROUP BY layout_page"); while (!$setuped_pages->EOF) { $setuped_pages_id[] = $setuped_pages->fields['layout_page']; $setuped_pages->MoveNext(); } $not_setuped_pages = array(); $all_pages = zen_get_all_layout_pages(); foreach ($all_pages as $page) { if (!in_array($page['id'], $setuped_pages_id)) { $not_setuped_pages[] = $page; } } return $not_setuped_pages; }
function execute_sql_file($upload_query) { global $messageStack; $query_string = $upload_query; if (@get_magic_quotes_runtime() > 0) { $query_string = zen_db_prepare_input($upload_query); } $success = false; if ($query_string != '') { $query_results = $this->executeSql($query_string, DB_DATABASE, DB_PREFIX); if ($query_results['queries'] > 0 && $query_results['queries'] != $query_results['ignored']) { $messageStack->add($query_results['queries'] . ' statements processed.', 'success'); $success = true; } else { $messageStack->add('Failed: ' . $query_results['queries'], 'error'); } if (zen_not_null($query_results['errors'])) { foreach ($query_results['errors'] as $value) { $messageStack->add('ERROR: ' . $value, 'error'); } } if ($query_results['ignored'] != 0) { $messageStack->add('Note: ' . $query_results['ignored'] . ' statements ignored. See "upgrade_exceptions" table for additional details.', 'caution'); } if (zen_not_null($query_results['output'])) { foreach ($query_results['output'] as $value) { if (zen_not_null($value)) { $messageStack->add('ERROR: ' . $value, 'error'); } } } } else { $messageStack->add(ERROR_NOTHING_TO_DO, 'error'); } return $success; }
$duplicate_option .= ' <b>' . strtoupper(zen_get_language_name($languages[$i]['id'])) . '</b> : ' . $option_name; } } if (!empty($duplicate_option)) { $messageStack->add_session(ATTRIBUTE_POSSIBLE_OPTIONS_NAME_WARNING_DUPLICATE . ' ' . $option_id . ' - ' . $duplicate_option, 'caution'); } zen_redirect(zen_href_link(FILENAME_OPTIONS_NAME_MANAGER, $_SESSION['page_info'] . '&option_order_by=' . $option_order_by)); break; case 'delete_option': // demo active test if (zen_admin_demo()) { $_GET['action'] = ''; $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution'); zen_redirect(zen_href_link(FILENAME_OPTIONS_NAME_MANAGER, $_SESSION['page_info'] . '&option_order_by=' . $option_order_by)); } $option_id = zen_db_prepare_input($_GET['option_id']); $remove_option_values = $db->Execute("select products_options_id, products_options_values_id from " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " where products_options_id='" . (int) $option_id . "'"); while (!$remove_option_values->EOF) { $db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where products_options_values_id='" . $remove_option_values->fields['products_options_values_id'] . "' and products_options_values_id !=0"); $remove_option_values->MoveNext(); } $db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS . "\n where products_options_id = '" . (int) $option_id . "'"); $db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " where products_options_id = '" . (int) $option_id . "'"); zen_redirect(zen_href_link(FILENAME_OPTIONS_NAME_MANAGER, $_SESSION['page_info'] . '&option_order_by=' . $option_order_by)); break; ///////////////////////////////////// // additional features ///////////////////////////////////// // additional features case 'update_options_values': // get products to update with at least one option_value for selected options_name
function send($newsletter_id) { global $_POST, $db; $audience = array(); if (isset($_POST['global']) && $_POST['global'] == 'true') { $products = $db->Execute("select distinct pn.customers_id, c.customers_firstname,\r\n c.customers_lastname, c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn\r\n where c.customers_id = pn.customers_id"); while (!$products->EOF) { $audience[$products->fields['customers_id']] = array('firstname' => $products->fields['customers_firstname'], 'lastname' => $products->fields['customers_lastname'], 'email_address' => $products->fields['customers_email_address']); $products->MoveNext(); } $customers = $db->Execute("select c.customers_id, c.customers_firstname, c.customers_lastname,\r\n c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci\r\n where c.customers_id = ci.customers_info_id\r\n and ci.global_product_notifications = '1'"); while (!$customers->EOF) { $audience[$customers->fields['customers_id']] = array('firstname' => $customers->fields['customers_firstname'], 'lastname' => $customers->fields['customers_lastname'], 'email_address' => $customers['customers_email_address']); $customers->MoveNext(); } } else { //not global==true; instead, process all selected products $chosen = $_POST['chosen']; $ids = implode(',', $chosen); $products = $db->Execute("select distinct pn.customers_id, c.customers_firstname,\r\n c.customers_lastname, c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn\r\n where c.customers_id = pn.customers_id\r\n and pn.products_id in (" . $ids . ")"); while (!$products->EOF) { $audience[$products->fields['customers_id']] = array('firstname' => $products->fields['customers_firstname'], 'lastname' => $products->fields['customers_lastname'], 'email_address' => $products->fields['customers_email_address']); $products->MoveNext(); } $customers = $db->Execute("select c.customers_id, c.customers_firstname, c.customers_lastname,\r\n c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci\r\n where c.customers_id = ci.customers_info_id\r\n and ci.global_product_notifications = '1'"); while (!$customers->EOF) { $audience[$customers->fields['customers_id']] = array('firstname' => $customers->fields['customers_firstname'], 'lastname' => $customers->fields['customers_lastname'], 'email_address' => $customers->fields['customers_email_address']); $customers->MoveNext(); } } //send emails reset($audience); $i = 0; while (list($key, $value) = each($audience)) { $i++; $html_msg['EMAIL_FIRST_NAME'] = $value['firstname']; $html_msg['EMAIL_LAST_NAME'] = $value['lastname']; $html_msg['EMAIL_GREET'] = EMAIL_GREET; $html_msg['EMAIL_MESSAGE_HTML'] = $this->content_html; zen_mail($value['firstname'] . ' ' . $value['lastname'], $value['email_address'], $this->title, $this->content, STORE_NAME, EMAIL_FROM, $html_msg, 'product_notification', ''); echo zen_image(DIR_WS_ICONS . 'tick.gif', $value['email_address']); //force output to the screen to show status indicator each time a message is sent... if (function_exists('ob_flush')) { @ob_flush(); } @flush(); } $newsletter_id = zen_db_prepare_input($newsletter_id); $db->Execute("update " . TABLE_NEWSLETTERS . "\r\n set date_sent = now(), status = '1'\r\n where newsletters_id = '" . zen_db_input($newsletter_id) . "'"); return $i; //return number of records processed whether successful or not }
$lastname = zen_db_prepare_input($_POST['lastname']); // ->furikana if (FURIKANA_NESESSARY) { $firstname_kana = zen_db_prepare_input($_POST['firstname_kana']); $lastname_kana = zen_db_prepare_input($_POST['lastname_kana']); } // <-furikana if (ACCOUNT_DOB == 'true') { $dob = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_db_prepare_input($_POST['dob']); } $email_address = zen_db_prepare_input($_POST['email_address']); $telephone = zen_db_prepare_input($_POST['telephone']); $fax = zen_db_prepare_input($_POST['fax']); $email_format = zen_db_prepare_input($_POST['email_format']); if (CUSTOMERS_REFERRAL_STATUS == '2' and $_POST['customers_referral'] != '') { $customers_referral = zen_db_prepare_input($_POST['customers_referral']); } $error = false; if (ACCOUNT_GENDER == 'true') { if ($gender != 'm' && $gender != 'f') { $error = true; $messageStack->add('account_edit', ENTRY_GENDER_ERROR); } } if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) { $error = true; $messageStack->add('account_edit', ENTRY_FIRST_NAME_ERROR); } if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) { $error = true; $messageStack->add('account_edit', ENTRY_LAST_NAME_ERROR);
function zen_mail_archive_write($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject, $email_html, $email_text, $module) { // this function stores sent emails into a table in the database as a log record of email activity. This table CAN get VERY big! // To disable this function, set the "Email Archives" switch to 'false' in ADMIN! global $db; $to_name = zen_db_prepare_input($to_name); $to_email_address = zen_db_prepare_input($to_email_address); $from_email_name = zen_db_prepare_input($from_email_name); $from_email_address = zen_db_prepare_input($from_email_address); $email_subject = zen_db_prepare_input($email_subject); $email_html = EMAIL_USE_HTML == 'true' ? zen_db_prepare_input($email_html) : zen_db_prepare_input('HTML disabled in admin'); $email_text = zen_db_prepare_input($email_text); $module = zen_db_prepare_input($module); $db->Execute("insert into " . TABLE_EMAIL_ARCHIVE . "\r\n (email_to_name, email_to_address, email_from_name, email_from_address, email_subject, email_html, email_text, date_sent, module)\r\n values ('" . zen_db_input($to_name) . "',\r\n '" . zen_db_input($to_email_address) . "',\r\n '" . zen_db_input($from_email_name) . "',\r\n '" . zen_db_input($from_email_address) . "',\r\n '" . zen_db_input($email_subject) . "',\r\n '" . zen_db_input($email_html) . "',\r\n '" . zen_db_input($email_text) . "',\r\n now() ,\r\n '" . zen_db_input($module) . "')"); return $db; }
function query($order_id) { global $db; $order_id = zen_db_prepare_input($order_id); $this->queryReturnFlag = NULL; $this->notify('NOTIFY_ORDER_BEFORE_QUERY', array(), $order_id); if ($this->queryReturnFlag === TRUE) { return; } $order_query = "select customers_id, customers_name, customers_company,\n customers_street_address, customers_suburb, customers_city,\n customers_postcode, customers_state, customers_country,\n customers_telephone, customers_email_address, customers_address_format_id,\n delivery_name, delivery_company, delivery_street_address, delivery_suburb,\n delivery_city, delivery_postcode, delivery_state, delivery_country,\n delivery_address_format_id, billing_name, billing_company,\n billing_street_address, billing_suburb, billing_city, billing_postcode,\n billing_state, billing_country, billing_address_format_id,\n payment_method, payment_module_code, shipping_method, shipping_module_code,\n coupon_code, cc_type, cc_owner, cc_number, cc_expires, currency, currency_value,\n date_purchased, orders_status, last_modified, order_total, order_tax, ip_address\n from " . TABLE_ORDERS . "\n where orders_id = '" . (int) $order_id . "'"; $order = $db->Execute($order_query); $totals_query = "select title, text, class\n from " . TABLE_ORDERS_TOTAL . "\n where orders_id = '" . (int) $order_id . "'\n order by sort_order"; $totals = $db->Execute($totals_query); while (!$totals->EOF) { if ($totals->fields['class'] == 'ot_coupon') { $coupon_link_query = "SELECT coupon_id\n from " . TABLE_COUPONS . "\n where coupon_code ='" . $order->fields['coupon_code'] . "'"; $coupon_link = $db->Execute($coupon_link_query); $zc_coupon_link = '<a href="javascript:couponpopupWindow(\'' . zen_href_link(FILENAME_POPUP_COUPON_HELP, 'cID=' . $coupon_link->fields['coupon_id']) . '\')">'; } $this->totals[] = array('title' => $totals->fields['class'] == 'ot_coupon' ? $zc_coupon_link . $totals->fields['title'] . '</a>' : $totals->fields['title'], 'text' => $totals->fields['text'], 'class' => $totals->fields['class']); $totals->MoveNext(); } $order_total_query = "select text, value\n from " . TABLE_ORDERS_TOTAL . "\n where orders_id = '" . (int) $order_id . "'\n and class = 'ot_total'"; $order_total = $db->Execute($order_total_query); $shipping_method_query = "select title, value\n from " . TABLE_ORDERS_TOTAL . "\n where orders_id = '" . (int) $order_id . "'\n and class = 'ot_shipping'"; $shipping_method = $db->Execute($shipping_method_query); $order_status_query = "select orders_status_name\n from " . TABLE_ORDERS_STATUS . "\n where orders_status_id = '" . $order->fields['orders_status'] . "'\n and language_id = '" . (int) $_SESSION['languages_id'] . "'"; $order_status = $db->Execute($order_status_query); $this->info = array('currency' => $order->fields['currency'], 'currency_value' => $order->fields['currency_value'], 'payment_method' => $order->fields['payment_method'], 'payment_module_code' => $order->fields['payment_module_code'], 'shipping_method' => $order->fields['shipping_method'], 'shipping_module_code' => $order->fields['shipping_module_code'], 'coupon_code' => $order->fields['coupon_code'], 'cc_type' => $order->fields['cc_type'], 'cc_owner' => $order->fields['cc_owner'], 'cc_number' => $order->fields['cc_number'], 'cc_expires' => $order->fields['cc_expires'], 'date_purchased' => $order->fields['date_purchased'], 'orders_status' => $order_status->fields['orders_status_name'], 'last_modified' => $order->fields['last_modified'], 'total' => $order->fields['order_total'], 'tax' => $order->fields['order_tax'], 'ip_address' => $order->fields['ip_address']); $this->customer = array('id' => $order->fields['customers_id'], 'name' => $order->fields['customers_name'], 'company' => $order->fields['customers_company'], 'street_address' => $order->fields['customers_street_address'], 'suburb' => $order->fields['customers_suburb'], 'city' => $order->fields['customers_city'], 'postcode' => $order->fields['customers_postcode'], 'state' => $order->fields['customers_state'], 'country' => $order->fields['customers_country'], 'format_id' => $order->fields['customers_address_format_id'], 'telephone' => $order->fields['customers_telephone'], 'email_address' => $order->fields['customers_email_address']); $this->delivery = array('name' => $order->fields['delivery_name'], 'company' => $order->fields['delivery_company'], 'street_address' => $order->fields['delivery_street_address'], 'suburb' => $order->fields['delivery_suburb'], 'city' => $order->fields['delivery_city'], 'postcode' => $order->fields['delivery_postcode'], 'state' => $order->fields['delivery_state'], 'country' => $order->fields['delivery_country'], 'format_id' => $order->fields['delivery_address_format_id']); if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { $this->delivery = false; } $this->billing = array('name' => $order->fields['billing_name'], 'company' => $order->fields['billing_company'], 'street_address' => $order->fields['billing_street_address'], 'suburb' => $order->fields['billing_suburb'], 'city' => $order->fields['billing_city'], 'postcode' => $order->fields['billing_postcode'], 'state' => $order->fields['billing_state'], 'country' => $order->fields['billing_country'], 'format_id' => $order->fields['billing_address_format_id']); $index = 0; $orders_products_query = "select orders_products_id, products_id, products_name,\n products_model, products_price, products_tax,\n products_quantity, final_price,\n onetime_charges,\n products_priced_by_attribute, product_is_free, products_discount_type,\n products_discount_type_from\n from " . TABLE_ORDERS_PRODUCTS . "\n where orders_id = '" . (int) $order_id . "'\n order by orders_products_id"; $orders_products = $db->Execute($orders_products_query); while (!$orders_products->EOF) { // convert quantity to proper decimals - account history if (QUANTITY_DECIMALS != 0) { $fix_qty = $orders_products->fields['products_quantity']; switch (true) { case !strstr($fix_qty, '.'): $new_qty = $fix_qty; break; default: $new_qty = preg_replace('/[0]+$/', '', $orders_products->fields['products_quantity']); break; } } else { $new_qty = $orders_products->fields['products_quantity']; } $new_qty = round($new_qty, QUANTITY_DECIMALS); if ($new_qty == (int) $new_qty) { $new_qty = (int) $new_qty; } $this->products[$index] = array('qty' => $new_qty, 'id' => $orders_products->fields['products_id'], 'name' => $orders_products->fields['products_name'], 'model' => $orders_products->fields['products_model'], 'tax' => $orders_products->fields['products_tax'], 'price' => $orders_products->fields['products_price'], 'final_price' => $orders_products->fields['final_price'], 'onetime_charges' => $orders_products->fields['onetime_charges'], 'products_priced_by_attribute' => $orders_products->fields['products_priced_by_attribute'], 'product_is_free' => $orders_products->fields['product_is_free'], 'products_discount_type' => $orders_products->fields['products_discount_type'], 'products_discount_type_from' => $orders_products->fields['products_discount_type_from']); $subindex = 0; $attributes_query = "select products_options_id, products_options_values_id, products_options, products_options_values,\n options_values_price, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . "\n where orders_id = '" . (int) $order_id . "'\n and orders_products_id = '" . (int) $orders_products->fields['orders_products_id'] . "'"; $attributes = $db->Execute($attributes_query); if ($attributes->RecordCount()) { while (!$attributes->EOF) { $this->products[$index]['attributes'][$subindex] = array('option' => $attributes->fields['products_options'], 'value' => $attributes->fields['products_options_values'], 'option_id' => $attributes->fields['products_options_id'], 'value_id' => $attributes->fields['products_options_values_id'], 'prefix' => $attributes->fields['price_prefix'], 'price' => $attributes->fields['options_values_price']); $subindex++; $attributes->MoveNext(); } } $this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1'; $index++; $orders_products->MoveNext(); } $this->notify('NOTIFY_ORDER_AFTER_QUERY', array(), $order_id); }
} elseif ($action == 'save') { $update_sql_data = array('last_modified' => 'now()'); $sql_data_array = array_merge($sql_data_array, $update_sql_data); zen_db_perform(TABLE_GROUP_PRICING, $sql_data_array, 'update', "group_id = '" . (int) $group_id . "'"); } } zen_redirect(zen_href_link(FILENAME_GROUP_PRICING, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'gID=' . $group_id)); break; case 'deleteconfirm': if (zen_admin_demo()) { $_GET['action'] = ''; $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution'); zen_redirect(zen_href_link(FILENAME_GROUP_PRICING, 'page=' . $_GET['page'])); } $delete_cust_confirmed = isset($_POST['delete_customers']) && $_POST['delete_customers'] == 'on' ? true : false; $group_id = zen_db_prepare_input($_GET['gID']); $customers_query = $db->Execute("select customers_id from " . TABLE_CUSTOMERS . " where customers_group_pricing = '" . (int) $group_id . "'"); if ($customers_query->RecordCount() > 0 && $delete_cust_confirmed == true) { $db->Execute("delete from " . TABLE_GROUP_PRICING . " where group_id = '" . (int) $group_id . "'"); $db->Execute("update " . TABLE_CUSTOMERS . " set customers_group_pricing=0 where customers_group_pricing = '" . (int) $group_id . "'"); } elseif ($customers_query->RecordCount() > 0 && $delete_cust_confirmed == false) { $messageStack->add_session(ERROR_GROUP_PRICING_CUSTOMERS_EXIST, 'error'); } elseif ($customers_query->RecordCount() == 0) { $db->Execute("delete from " . TABLE_GROUP_PRICING . " where group_id = '" . (int) $group_id . "'"); } zen_redirect(zen_href_link(FILENAME_GROUP_PRICING, 'page=' . $_GET['page'])); break; } } $query = $db->Execute("select count(*) as count from " . TABLE_GROUP_PRICING); if ($query->fields['count'] > 0 && (!defined('MODULE_ORDER_TOTAL_GROUP_PRICING_STATUS') || MODULE_ORDER_TOTAL_GROUP_PRICING_STATUS != 'true')) {
<td class="dataTableHeadingContent"><?php echo TABLE_TEXT_MAX_DAYS; ?> </td> <td class="dataTableHeadingContent"><?php echo TABLE_TEXT_MAX_COUNT; ?> </td> <td class="dataTableHeadingContent"> </td> </tr> <?php // create search filter $search = ''; if (isset($_GET['search']) && zen_not_null($_GET['search'])) { $keywords = zen_db_input(zen_db_prepare_input($_GET['search'])); $search = " and pd.products_name like '%" . $keywords . "%' or pad.products_attributes_filename like '%" . $keywords . "%' or pd.products_description like '%" . $keywords . "%' or p.products_model like '%" . $keywords . "%'"; } // order of display $order_by = " order by pd.products_name "; // create split page control $products_downloads_query_raw = "select pad.*, pa.*, pd.*, p.* from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad left join " . TABLE_PRODUCTS_ATTRIBUTES . " pa on pad.products_attributes_id = pa.products_attributes_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on pa.products_id = pd.products_id and pd.language_id ='" . (int) $_SESSION['languages_id'] . "' left join " . TABLE_PRODUCTS . " p on p.products_id= pd.products_id " . " where pa.products_attributes_id = pad.products_attributes_id" . $search . $order_by; $products_downloads_split = new splitPageResults($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS_DOWNLOADS_MANAGER, $products_downloads_query_raw, $products_downloads_query_numrows); $products_downloads_query = $db->Execute($products_downloads_query_raw); while (!$products_downloads_query->EOF) { if ((!isset($_GET['padID']) || isset($_GET['padID']) && $_GET['padID'] == $products_downloads_query->fields['products_attributes_id']) && !isset($padInfo)) { $padInfo_array = $products_downloads_query->fields; $padInfo = new objectInfo($padInfo_array); } // Moved to /admin/includes/configure.php if (!defined('DIR_FS_DOWNLOAD')) {
function update_refund($refund_id, $payment_id = false, $refund_number = false, $refund_name = false, $refund_amount = false, $refund_type = false, $orders_id = false) { $update_refund = array(); $update_refund['last_modified'] = 'now()'; if (is_numeric($payment_id)) { $update_refund['payment_id'] = (int) $payment_id; } if ($refund_number && $refund_number != '') { $update_refund['refund_number'] = zen_db_prepare_input($refund_number); } if ($refund_name && $refund_name != '') { $update_refund['refund_name'] = zen_db_prepare_input($refund_name); } if ($refund_amount && $refund_amount != '') { $update_refund['refund_amount'] = zen_db_prepare_input($refund_amount); } if ($refund_type && $refund_type != '') { $update_refund['refund_type'] = zen_db_prepare_input($refund_type); } if ($orders_id && $orders_id != '') { $update_refund['orders_id'] = (int) $orders_id; } zen_db_perform(TABLE_SO_REFUNDS, $update_refund, 'update', "refund_id = '" . $refund_id . "'"); }
// | to obtain it through the world-wide-web, please send a note to | // | license@zen-cart.com so we can mail you a copy immediately. | // +----------------------------------------------------------------------+ // | Do Not Remove: Coded for Zen-Cart by geeks4u.com | // | Dedicated to Memory of Amelita "Emmy" Abordo Gelarderes | // +----------------------------------------------------------------------+ // $Id: tpl_news_scroll_box.php,v 1.2 2004/08/26 // // Begin of News Sidebox Config $layout = 1; // 0 = Java Script Fader | 1 = Static 10 last news $shown_news = 10; // Number of Shown News // End of News Sidebox Config // No need to change anything under this line $languages_id = zen_db_prepare_input((int) $_SESSION['languages_id']); $news_box_query = $db->Execute("select n.box_news_id, nc.languages_id, \r\n nc.news_title, nc.news_content, n.more_news_page, n.news_added_date, n.news_start_date\r\n\t\t\t\t\t\t\t\tfrom " . TABLE_BOX_NEWS_CONTENT . " nc, " . TABLE_BOX_NEWS . " n\r\n\t\t\t\t\t\t\t\twhere n.box_news_id = nc.box_news_id and nc.languages_id = " . $languages_id . " and n.news_status = 1 and now() between n.news_start_date and n.news_end_date \r\n\t\t\t\t\t\t\t\torder by n.news_start_date desc, n.news_added_date desc\r\n\t\t\t\t\t\t\t\tlimit " . $shown_news); (int) ($news_box_char_count = NEWS_BOX_CHAR_COUNT ? NEWS_BOX_CHAR_COUNT : 0); $p_class_open = '<div id="newsBox">'; $p_class_close = '</div>'; (int) ($p_class_len = strlen(addslashes($p_class_open . $p_class_close))); function prepString($prep_string) { $ret_string = ''; } if ($layout == 0) { while (!$news_box_query->EOF) { if ($news_box_query->fields['news_title'] || $news_box_query->fields['news_content']) { $i++; $char_cnt = strlen(strip_tags(ereg_replace("(\r\n|\n|\r)", "", $news_box_query->fields['news_title'] . $news_box_query->fields['news_content']))); $newsId = 'news_id=' . $news_box_query->fields['box_news_id'];
$_SESSION['navigation']->remove_current_page(); if (isset($_GET['action']) && $_GET['action'] == 'process') { // Slam prevention: if ($_SESSION['login_attempt'] > 9) { header('HTTP/1.1 406 Not Acceptable'); exit(0); } // BEGIN SLAM PREVENTION if ($_POST['email_address'] != '') { if (!isset($_SESSION['login_attempt'])) { $_SESSION['login_attempt'] = 0; } $_SESSION['login_attempt']++; } // END SLAM PREVENTION $email_address = zen_db_prepare_input($_POST['email_address']); $check_customer_query = "SELECT customers_firstname, customers_lastname, customers_password, customers_id\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = :emailAddress"; $check_customer_query = $db->bindVars($check_customer_query, ':emailAddress', $email_address, 'string'); $check_customer = $db->Execute($check_customer_query); if ($check_customer->RecordCount() > 0) { $zco_notifier->notify('NOTIFY_PASSWORD_FORGOTTEN_VALIDATED'); $new_password = zen_create_PADSS_password(ENTRY_PASSWORD_MIN_LENGTH > 0 ? ENTRY_PASSWORD_MIN_LENGTH : 5); $crypted_password = zen_encrypt_password($new_password); $sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID"; $sql = $db->bindVars($sql, ':password', $crypted_password, 'string'); $sql = $db->bindVars($sql, ':customersID', $check_customer->fields['customers_id'], 'integer'); $db->Execute($sql); $html_msg['EMAIL_CUSTOMERS_NAME'] = $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname']; $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password); // send the email zen_mail($check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten');
<?php /** * @package admin * @copyright Copyright 2003-2011 Zen Cart Development Team * @copyright Portions Copyright 2003 osCommerce * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 * @version $Id: invoice.php 19136 2011-07-18 16:56:18Z wilt $ */ require 'includes/application_top.php'; require DIR_WS_CLASSES . 'currencies.php'; $currencies = new currencies(); $oID = zen_db_prepare_input($_GET['oID']); include DIR_WS_CLASSES . 'order.php'; $order = new order($oID); // prepare order-status pulldown list $orders_statuses = array(); $orders_status_array = array(); $orders_status = $db->Execute("select orders_status_id, orders_status_name\n from " . TABLE_ORDERS_STATUS . "\n where language_id = '" . (int) $_SESSION['languages_id'] . "'"); while (!$orders_status->EOF) { $orders_statuses[] = array('id' => $orders_status->fields['orders_status_id'], 'text' => $orders_status->fields['orders_status_name'] . ' [' . $orders_status->fields['orders_status_id'] . ']'); $orders_status_array[$orders_status->fields['orders_status_id']] = $orders_status->fields['orders_status_name']; $orders_status->MoveNext(); } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head>
while (!$manufacturers->EOF) { $manufacturers_array[] = array('id' => $manufacturers->fields['manufacturers_id'], 'text' => $manufacturers->fields['manufacturers_name']); $manufacturers->MoveNext(); } // eof get manufacturers // bof get category_tree $quick_updates_category_tree = zen_get_category_tree(); // eof get category_tree // bof Update database switch ($_GET['action']) { case 'update': // bof prepare al new data for database input if (sizeof($_POST['quick_updates_new']) > 0) { foreach ($_POST['quick_updates_new'] as $key => $value) { // $value is an array here (contains values like ['products_model'][$products_id] = '1' for example) $_POST['quick_updates_new'][$key] = zen_db_prepare_input($value); } } // eof prepare al new data for database input $quick_updates_count = array(); if ($_POST['quick_updates_new']['products_model']) { foreach ($_POST['quick_updates_new']['products_model'] as $products_id => $new_value) { if (trim($_POST['quick_updates_new']['products_model'][$products_id]) != trim($_POST['quick_updates_old']['products_model'][$products_id])) { $quick_updates_count['products_model'][$products_id] = $products_id; $db->Execute("UPDATE " . TABLE_PRODUCTS . " SET products_model='" . zen_db_input($new_value) . "', products_last_modified=NOW() WHERE products_id=" . (int) $products_id); } } } // added for QUICKUPDATES_NEW_COLUMN_1 if ($_POST['quick_updates_new'][QUICKUPDATES_NEW_COLUMN_1]) { foreach ($_POST['quick_updates_new'][QUICKUPDATES_NEW_COLUMN_1] as $products_id => $new_value) {
zen_remove_category($categories[$i]['id']); } // end for loop } zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath)); break; // eof delete new ///////////////////////////////// // @@TODO where is delete_product_confirm // eof delete new ///////////////////////////////// // @@TODO where is delete_product_confirm case 'move_category_confirm': if (isset($_POST['categories_id']) && $_POST['categories_id'] != $_POST['move_to_category_id']) { $categories_id = zen_db_prepare_input($_POST['categories_id']); $new_parent_id = zen_db_prepare_input($_POST['move_to_category_id']); $path = explode('_', zen_get_generated_category_path_ids($new_parent_id)); if (in_array($categories_id, $path)) { $messageStack->add_session(ERROR_CANNOT_MOVE_CATEGORY_TO_PARENT, 'error'); zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath)); } else { $sql = "select count(*) as count from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id='" . (int) $new_parent_id . "'"; $zc_count_products = $db->Execute($sql); if ($zc_count_products->fields['count'] > 0) { $messageStack->add_session(ERROR_CATEGORY_HAS_PRODUCTS, 'error'); } else { $messageStack->add_session(SUCCESS_CATEGORY_MOVED, 'success'); } $db->Execute("update " . TABLE_CATEGORIES . "\n set parent_id = '" . (int) $new_parent_id . "', last_modified = now()\n where categories_id = '" . (int) $categories_id . "'"); // fix here - if this is a category with subcats it needs to know to loop through // reset all products_price_sorter for moved category products
function get_audience_sql_query($selected_entry, $query_category = 'email') { // This is used to take the query_name selected in the drop-down menu or singular customer email address and // generate the SQL Select query to be used to build the list of email addresses to be sent to // it only returns a query name and query string (SQL SELECT statement) // the query string is then used in a $db->Execute() command for later parsing and emailing. global $db; $query_name = ''; $queries_list = $db->Execute("select query_name, query_string from " . TABLE_QUERY_BUILDER . " " . "where query_category like '%" . $query_category . "%'"); // "where query_category = '" . $query_category . "'"); while (!$queries_list->EOF) { if ($selected_entry == $queries_list->fields['query_name']) { $query_name = $queries_list->fields['query_name']; $query_string = parsed_query_string($queries_list->fields['query_string']); //echo 'GET_AUD_EM_ADDR_QRY:<br />query_name='.$query_name.'<br />query_string='.$query_string; } $queries_list->MoveNext(); } //if no match found against queries listed in database, then $selected_entry must be an email address if ($query_name == '' && $query_category == 'email') { $cust_email_address = zen_db_prepare_input($selected_entry); $query_name = $cust_email_address; $query_string = "select customers_firstname, customers_lastname, customers_email_address\n from " . TABLE_CUSTOMERS . "\n where customers_email_address = '" . zen_db_input($cust_email_address) . "'"; } //send back a 1-row array containing the query_name and the SQL query_string return array('query_name' => $query_name, 'query_string' => $query_string); }