public function authentication()
{
if (!isset($_POST['admin_name']) || empty($_POST['admin_name']) || !isset($_POST['admin_pass']) || empty($_POST['admin_pass'])) {
$this->authenticed = false;
$this->addError('"name" and "password" invalid.');
} else {
$admin_name = zen_db_prepare_input($_POST['admin_name']);
$admin_pass = zen_db_prepare_input($_POST['admin_pass']);
$sql = "select admin_id, admin_name, admin_pass from " . TABLE_ADMIN . " where admin_name = '" . zen_db_input($admin_name) . "'";
$result = $this->db->Execute($sql);
if (isset($result->fields) && $admin_name == $result->fields['admin_name'] && zen_validate_password($admin_pass, $result->fields['admin_pass'])) {
$this->authenticed = true;
} else {
if (!isset($result->fields) || !($admin_name == $result->fields['admin_name'])) {
$this->authenticed = false;
$this->addError('"name" invalid.');
}
if (!isset($result->fields) || !zen_validate_password($admin_pass, $result->fields['admin_pass'])) {
$this->authenticed = false;
$this->addError('"password" invalid.');
}
}
}
return $this->authenticed;
}
/**
* @package ZenCart_Functions
*/
function zen_update_whos_online()
{
global $gBitDb;
if (!empty($_SESSION['customer_id'])) {
$wo_customer_id = $_SESSION['customer_id'];
$customer_query = "select `customers_firstname`, `customers_lastname`\n from " . TABLE_CUSTOMERS . "\n where `customers_id` = '" . (int) $_SESSION['customer_id'] . "'";
$customer = $gBitDb->Execute($customer_query);
$wo_full_name = $customer->fields['customers_firstname'] . ' ' . $customer->fields['customers_lastname'];
} else {
$wo_customer_id = '';
$wo_full_name = 'Guest';
}
$wo_session_id = zen_session_id();
$wo_ip_address = $_SERVER['REMOTE_ADDR'];
$wo_last_page_url = $_SERVER['REQUEST_URI'];
$wo_user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']) : '-';
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$sql = "delete from " . TABLE_WHOS_ONLINE . "\n where `time_last_click` < '" . $xx_mins_ago . "'";
$gBitDb->Execute($sql);
$stored_customer_query = 'select count(*) as "count"
from ' . TABLE_WHOS_ONLINE . "\n where `session_id` = '" . zen_db_input($wo_session_id) . "'";
$stored_customer = $gBitDb->Execute($stored_customer_query);
if (empty($wo_customer_id)) {
$wo_customer_id = NULL;
}
if ($stored_customer->fields['count'] > 0) {
$sql = "update " . TABLE_WHOS_ONLINE . "\n set `customer_id` = ?, `full_name` = ?, `ip_address` = ?, `time_last_click` = ?, `last_page_url` = ?, `host_address` = ?, `user_agent` = ?\n where `session_id` = ?";
$gBitDb->query($sql, array($wo_customer_id, $wo_full_name, $wo_ip_address, $current_time, substr($wo_last_page_url, 0, 255), $_SESSION['customers_host_address'], substr($wo_user_agent, 0, 255), $wo_session_id));
} else {
$sql = "insert into " . TABLE_WHOS_ONLINE . "\n (`customer_id`, `full_name`, `session_id`, `ip_address`, `time_entry`,\n `time_last_click`, `last_page_url`, `host_address`, `user_agent`)\n values ( ?, ?, ?, ?, ?, ?, ?, ?, ? )";
$gBitDb->query($sql, array($wo_customer_id, $wo_full_name, $wo_session_id, $wo_ip_address, $current_time, $current_time, $wo_last_page_url, $_SESSION['customers_host_address'], $wo_user_agent));
}
}
function storeManufacturer(&$pParamHash)
{
$sql_data_array = array('manufacturers_name' => zen_db_prepare_input($pParamHash['manufacturers_name']));
$sql_data_array['manufacturers_image'] = !empty($pParamHash['manufacturers_image']) ? $pParamHash['manufacturers_image'] : NULL;
if (!empty($pParamHash['manufacturers_id']) && $this->manufacturerExists($pParamHash['manufacturers_id'])) {
$sql_data_array['last_modified'] = $gBitDb->NOW();
$manufacturers_id = zen_db_prepare_input($pParamHash['manufacturers_id']);
$gBitDb->associateInsert(TABLE_MANUFACTURERS, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "'");
} else {
if (!empty($pParamHash['manufacturers_id'])) {
$sql_data_array['manufacturers_id'] = $pParamHash['manufacturers_id'];
}
$sql_data_array['date_added'] = $gBitDb->NOW();
$gBitDb->associateInsert(TABLE_MANUFACTURERS, $sql_data_array);
if (!empty($pParamHash['manufacturers_id'])) {
$sql_data_array['manufacturers_id'] = $pParamHash['manufacturers_id'];
}
}
$languages = zen_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$manufacturers_url_array = $pParamHash['manufacturers_url'];
$language_id = $languages[$i]['id'];
$sql_data_array = array('manufacturers_url' => zen_db_prepare_input($manufacturers_url_array[$language_id]));
if ($action == 'insert') {
$insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
$gBitDb->associateInsert(TABLE_MANUFACTURERS_INFO, $sql_data_array);
} elseif ($action == 'save') {
$gBitDb->associateInsert(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'");
}
}
}
function notifierUpdate($notifier)
{
global $db;
global $order;
switch ($notifier) {
case 'NOTIFY_HEADER_START_CHECKOUT_SHIPPING':
if (zen_not_null($_POST['calendar_hope_delivery_day'])) {
$_SESSION['calendar_hope_delivery_day'] = zen_db_prepare_input($_POST['calendar_hope_delivery_day']);
}
if (zen_not_null($_POST['calendar_hope_delivery_time'])) {
$_SESSION['calendar_hope_delivery_time'] = zen_db_prepare_input($_POST['calendar_hope_delivery_time']);
}
break;
case 'NOTIFY_CHECKOUT_PROCESS_AFTER_PAYMENT_MODULES_BEFOREPROCESS':
//
// 希望配送日時をコメントへ付加する
$order->info['comments'] = MODULE_CALENDAR_HOPE_DELIVERY_DAY_HEADER . ":" . $_SESSION['calendar_hope_delivery_day'] . "\n" . MODULE_CALENDAR_HOPE_DELIVERY_TIME_HEADER . ":" . $_SESSION['calendar_hope_delivery_time'] . "\n" . $order->info['comments'];
break;
case 'NOTIFY_CHECKOUT_PROCESS_AFTER_SEND_ORDER_EMAIL':
$_SESSION['calendar_hope_delivery_day'] = '';
$_SESSION['calendar_hope_delivery_time'] = '';
unset($_SESSION['calendar_hope_delivery_day']);
unset($_SESSION['calendar_hope_delivery_time']);
break;
}
}
/**
* @package ZenCart_Functions
*/
function zen_update_whos_online()
{
global $db;
if ($_SESSION['customer_id']) {
$wo_customer_id = $_SESSION['customer_id'];
$customer_query = "select customers_firstname, customers_lastname\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$customer = $db->Execute($customer_query);
$wo_full_name = $customer->fields['customers_firstname'] . ' ' . $customer->fields['customers_lastname'];
} else {
$wo_customer_id = '';
$wo_full_name = 'Guest';
}
$wo_session_id = zen_session_id();
$wo_ip_address = $_SERVER['REMOTE_ADDR'];
$wo_last_page_url = $_SERVER['REQUEST_URI'];
$wo_user_agent = zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']);
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$sql = "delete from " . TABLE_WHOS_ONLINE . "\r\n where time_last_click < '" . $xx_mins_ago . "'";
$db->Execute($sql);
$stored_customer_query = "select count(*) as count\r\n from " . TABLE_WHOS_ONLINE . "\r\n where session_id = '" . zen_db_input($wo_session_id) . "'";
$stored_customer = $db->Execute($stored_customer_query);
if ($stored_customer->fields['count'] > 0) {
$sql = "update " . TABLE_WHOS_ONLINE . "\r\n set customer_id = '" . (int) $wo_customer_id . "',\r\n full_name = '" . zen_db_input($wo_full_name) . "',\r\n ip_address = '" . zen_db_input($wo_ip_address) . "',\r\n time_last_click = '" . zen_db_input($current_time) . "',\r\n last_page_url = '" . zen_db_input($wo_last_page_url) . "',\r\n host_address = '" . zen_db_input($_SESSION['customers_host_address']) . "',\r\n user_agent = '" . zen_db_input($wo_user_agent) . "'\r\n where session_id = '" . zen_db_input($wo_session_id) . "'";
$db->Execute($sql);
} else {
$sql = "insert into " . TABLE_WHOS_ONLINE . "\r\n (customer_id, full_name, session_id, ip_address, time_entry,\r\n time_last_click, last_page_url, host_address, user_agent)\r\n values ('" . (int) $wo_customer_id . "', '" . zen_db_input($wo_full_name) . "', '" . zen_db_input($wo_session_id) . "', '" . zen_db_input($wo_ip_address) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($wo_last_page_url) . "', '" . zen_db_input($_SESSION['customers_host_address']) . "', '" . zen_db_input($wo_user_agent) . "')";
$db->Execute($sql);
}
}
function send($newsletter_id)
{
global $db;
$audience_select = get_audience_sql_query($this->query_name, 'newsletters');
$audience = $db->Execute($audience_select['query_string']);
$records = $audience->RecordCount();
if ($records == 0) {
return 0;
}
$i = 0;
while (!$audience->EOF) {
$i++;
$html_msg['EMAIL_FIRST_NAME'] = $audience->fields['customers_firstname'];
$html_msg['EMAIL_LAST_NAME'] = $audience->fields['customers_lastname'];
$html_msg['EMAIL_GREET'] = EMAIL_GREET;
$html_msg['EMAIL_MESSAGE_HTML'] = $this->content_html;
zen_mail($audience->fields['customers_firstname'] . ' ' . $audience->fields['customers_lastname'], $audience->fields['customers_email_address'], $this->title, $this->content, STORE_NAME, EMAIL_FROM, $html_msg, 'newsletters');
echo zen_image(DIR_WS_ICONS . 'tick.gif', $audience->fields['customers_email_address']);
//force output to the screen to show status indicator each time a message is sent...
if (function_exists('ob_flush')) {
@ob_flush();
}
@flush();
$audience->MoveNext();
}
$newsletter_id = zen_db_prepare_input($newsletter_id);
$db->Execute("update " . TABLE_NEWSLETTERS . "\r\n set date_sent = now(), status = '1'\r\n where newsletters_id = '" . zen_db_input($newsletter_id) . "'");
return $records;
//return number of records processed whether successful or not
}
function objectInfo($object_array)
{
//this line should be added, but should be tested first:
// if (!is_array($object_array)) return;
reset($object_array);
while (list($key, $value) = each($object_array)) {
$this->{$key} = zen_db_prepare_input($value);
}
}
function googlebase()
{
global $db;
$result = $db->Execute("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key='GOOGLEBASE_BULK_OPTIONS'");
if (!$result->EOF) {
$this->_options = unserialize(zen_db_prepare_input($result->fields['configuration_value']));
} else {
$this->_options = array();
}
}
/**
* @param $object_array
*/
function updateObjectInfo($object_array)
{
if (!is_array($object_array)) {
return;
}
reset($object_array);
while (list($key, $value) = each($object_array)) {
$this->{$key} = zen_db_prepare_input($value);
}
}
function zen_visitors_update_visitors_data($customers_id, $customers_email_address)
{
global $db;
$customers_id = zen_db_prepare_input($customers_id);
$customers_email_address = zen_db_prepare_input($customers_email_address);
$check_email = $db->Execute("select customers_email_address\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_email_address = '" . zen_db_input($customers_email_address) . "'\r\n and customers_id != '" . (int) $customers_id . "'");
if (!$check_email->RecordCount()) {
$sql_data_array = array('visitors_email_address' => $customers_email_address, 'visitors_info_date_account_last_modified' => 'now()');
zen_db_perform(TABLE_VISITORS, $sql_data_array, 'update', "visitors_id = '" . (int) $customers_id . "'");
}
}
function update_status($oID, $new_status, $notified = 0, $comments = '')
{
global $db;
if ($notified == -1) {
$cust_notified = -1;
} elseif ($notified == 1) {
$cust_notified = 1;
} else {
$cust_notified = 0;
}
$db->Execute("INSERT INTO " . TABLE_ORDERS_STATUS_HISTORY . "\n (orders_id, orders_status_id, date_added, customer_notified, comments)\n VALUES ('" . (int) $oID . "',\n '" . $new_status . "',\n now(),\n '" . $cust_notified . "',\n '" . zen_db_prepare_input($comments) . "')");
$db->Execute("UPDATE " . TABLE_ORDERS . " SET\n orders_status = '" . $new_status . "', last_modified = now()\n WHERE orders_id = '" . (int) $oID . "'");
}
function zen_db_prepare_input($string)
{
if (is_string($string)) {
return trim(stripslashes($string));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = zen_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
public function recordFirstStep($orderId, $paramsSAR, $responseSAR)
{
global $db;
$datetime = new DateTime('NOW');
if ($this->_getStep($orderId) == self::FIRST_STEP) {
$requestKey = $responseSAR['RequestKey'];
$publicRequestKey = $responseSAR['PublicRequestKey'];
$query = "UPDATE todopago_transaccion SET first_step = '" . $datetime->format('Y-m-d H:i:s') . "', params_SAR = '" . zen_db_input(zen_db_prepare_input(json_encode($paramsSAR))) . "', response_SAR = '" . zen_db_input(zen_db_prepare_input(json_encode($responseSAR))) . "', request_key = '" . zen_db_input(zen_db_prepare_input($requestKey)) . "', public_request_key = '" . zen_db_input(zen_db_prepare_input($publicRequestKey)) . "' WHERE id_orden = " . $orderId;
$db->Execute($query);
return $query;
} else {
return 0;
}
}
/**
* zen_update_whos_online
*/
function zen_update_whos_online()
{
global $db;
if (isset($_SESSION['customer_id']) && $_SESSION['customer_id']) {
$wo_customer_id = $_SESSION['customer_id'];
$customer_query = "select customers_firstname, customers_lastname\n from " . TABLE_CUSTOMERS . "\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$customer = $db->Execute($customer_query);
$wo_full_name = $customer->fields['customers_lastname'] . ', ' . $customer->fields['customers_firstname'];
} else {
$wo_customer_id = '';
$wo_full_name = '¥' . 'Guest';
}
$wo_session_id = zen_session_id();
$wo_ip_address = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'Unknown';
$wo_user_agent = substr(zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']), 0, 254);
$_SERVER['QUERY_STRING'] = isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '' ? $_SERVER['QUERY_STRING'] : zen_get_all_get_params();
if (isset($_SERVER['REQUEST_URI'])) {
$uri = $_SERVER['REQUEST_URI'];
} else {
if (isset($_SERVER['QUERY_STRING'])) {
$uri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
} else {
$uri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0];
}
}
if (substr($uri, -1) == '?') {
$uri = substr($uri, 0, strlen($uri) - 1);
}
$wo_last_page_url = zen_not_null($uri) ? substr($uri, 0, 254) : 'Unknown';
$current_time = time();
$xx_mins_ago = $current_time - 900;
// remove entries that have expired
$sql = "delete from " . TABLE_WHOS_ONLINE . "\n where time_last_click < '" . $xx_mins_ago . "'";
$db->Execute($sql);
$stored_customer_query = "select count(*) as count\n from " . TABLE_WHOS_ONLINE . "\n where session_id = '" . zen_db_input($wo_session_id) . "' and ip_address='" . zen_db_input($wo_ip_address) . "'";
$stored_customer = $db->Execute($stored_customer_query);
if (empty($wo_session_id)) {
$wo_full_name = '¥' . 'Spider';
}
if ($stored_customer->fields['count'] > 0) {
$sql = "update " . TABLE_WHOS_ONLINE . "\n set customer_id = '" . (int) $wo_customer_id . "',\n full_name = '" . zen_db_input($wo_full_name) . "',\n ip_address = '" . zen_db_input($wo_ip_address) . "',\n time_last_click = '" . zen_db_input($current_time) . "',\n last_page_url = '" . zen_db_input($wo_last_page_url) . "',\n host_address = '" . zen_db_input($_SESSION['customers_host_address']) . "',\n user_agent = '" . zen_db_input($wo_user_agent) . "'\n where session_id = '" . zen_db_input($wo_session_id) . "' and ip_address='" . zen_db_input($wo_ip_address) . "'";
$db->Execute($sql);
} else {
$sql = "insert into " . TABLE_WHOS_ONLINE . "\n (customer_id, full_name, session_id, ip_address, time_entry,\n time_last_click, last_page_url, host_address, user_agent)\n values ('" . (int) $wo_customer_id . "', '" . zen_db_input($wo_full_name) . "', '" . zen_db_input($wo_session_id) . "', '" . zen_db_input($wo_ip_address) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($current_time) . "', '" . zen_db_input($wo_last_page_url) . "', '" . zen_db_input($_SESSION['customers_host_address']) . "', '" . zen_db_input($wo_user_agent) . "')";
$db->Execute($sql);
}
}
function zen_get_not_setuped_layout_pages($template_dir)
{
global $db;
$setuped_pages_id = array();
$setuped_pages = $db->Execute("SELECT layout_page FROM " . TABLE_LAYOUT_BOXES . " WHERE layout_template = '" . zen_db_prepare_input($template_dir) . "' GROUP BY layout_page");
while (!$setuped_pages->EOF) {
$setuped_pages_id[] = $setuped_pages->fields['layout_page'];
$setuped_pages->MoveNext();
}
$not_setuped_pages = array();
$all_pages = zen_get_all_layout_pages();
foreach ($all_pages as $page) {
if (!in_array($page['id'], $setuped_pages_id)) {
$not_setuped_pages[] = $page;
}
}
return $not_setuped_pages;
}
function execute_sql_file($upload_query)
{
global $messageStack;
$query_string = $upload_query;
if (@get_magic_quotes_runtime() > 0) {
$query_string = zen_db_prepare_input($upload_query);
}
$success = false;
if ($query_string != '') {
$query_results = $this->executeSql($query_string, DB_DATABASE, DB_PREFIX);
if ($query_results['queries'] > 0 && $query_results['queries'] != $query_results['ignored']) {
$messageStack->add($query_results['queries'] . ' statements processed.', 'success');
$success = true;
} else {
$messageStack->add('Failed: ' . $query_results['queries'], 'error');
}
if (zen_not_null($query_results['errors'])) {
foreach ($query_results['errors'] as $value) {
$messageStack->add('ERROR: ' . $value, 'error');
}
}
if ($query_results['ignored'] != 0) {
$messageStack->add('Note: ' . $query_results['ignored'] . ' statements ignored. See "upgrade_exceptions" table for additional details.', 'caution');
}
if (zen_not_null($query_results['output'])) {
foreach ($query_results['output'] as $value) {
if (zen_not_null($value)) {
$messageStack->add('ERROR: ' . $value, 'error');
}
}
}
} else {
$messageStack->add(ERROR_NOTHING_TO_DO, 'error');
}
return $success;
}
$duplicate_option .= ' <b>' . strtoupper(zen_get_language_name($languages[$i]['id'])) . '</b> : ' . $option_name;
}
}
if (!empty($duplicate_option)) {
$messageStack->add_session(ATTRIBUTE_POSSIBLE_OPTIONS_NAME_WARNING_DUPLICATE . ' ' . $option_id . ' - ' . $duplicate_option, 'caution');
}
zen_redirect(zen_href_link(FILENAME_OPTIONS_NAME_MANAGER, $_SESSION['page_info'] . '&option_order_by=' . $option_order_by));
break;
case 'delete_option':
// demo active test
if (zen_admin_demo()) {
$_GET['action'] = '';
$messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
zen_redirect(zen_href_link(FILENAME_OPTIONS_NAME_MANAGER, $_SESSION['page_info'] . '&option_order_by=' . $option_order_by));
}
$option_id = zen_db_prepare_input($_GET['option_id']);
$remove_option_values = $db->Execute("select products_options_id, products_options_values_id from " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " where products_options_id='" . (int) $option_id . "'");
while (!$remove_option_values->EOF) {
$db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where products_options_values_id='" . $remove_option_values->fields['products_options_values_id'] . "' and products_options_values_id !=0");
$remove_option_values->MoveNext();
}
$db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS . "\n where products_options_id = '" . (int) $option_id . "'");
$db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES_TO_PRODUCTS_OPTIONS . " where products_options_id = '" . (int) $option_id . "'");
zen_redirect(zen_href_link(FILENAME_OPTIONS_NAME_MANAGER, $_SESSION['page_info'] . '&option_order_by=' . $option_order_by));
break;
/////////////////////////////////////
// additional features
/////////////////////////////////////
// additional features
case 'update_options_values':
// get products to update with at least one option_value for selected options_name
function send($newsletter_id)
{
global $_POST, $db;
$audience = array();
if (isset($_POST['global']) && $_POST['global'] == 'true') {
$products = $db->Execute("select distinct pn.customers_id, c.customers_firstname,\r\n c.customers_lastname, c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn\r\n where c.customers_id = pn.customers_id");
while (!$products->EOF) {
$audience[$products->fields['customers_id']] = array('firstname' => $products->fields['customers_firstname'], 'lastname' => $products->fields['customers_lastname'], 'email_address' => $products->fields['customers_email_address']);
$products->MoveNext();
}
$customers = $db->Execute("select c.customers_id, c.customers_firstname, c.customers_lastname,\r\n c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci\r\n where c.customers_id = ci.customers_info_id\r\n and ci.global_product_notifications = '1'");
while (!$customers->EOF) {
$audience[$customers->fields['customers_id']] = array('firstname' => $customers->fields['customers_firstname'], 'lastname' => $customers->fields['customers_lastname'], 'email_address' => $customers['customers_email_address']);
$customers->MoveNext();
}
} else {
//not global==true; instead, process all selected products
$chosen = $_POST['chosen'];
$ids = implode(',', $chosen);
$products = $db->Execute("select distinct pn.customers_id, c.customers_firstname,\r\n c.customers_lastname, c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn\r\n where c.customers_id = pn.customers_id\r\n and pn.products_id in (" . $ids . ")");
while (!$products->EOF) {
$audience[$products->fields['customers_id']] = array('firstname' => $products->fields['customers_firstname'], 'lastname' => $products->fields['customers_lastname'], 'email_address' => $products->fields['customers_email_address']);
$products->MoveNext();
}
$customers = $db->Execute("select c.customers_id, c.customers_firstname, c.customers_lastname,\r\n c.customers_email_address\r\n from " . TABLE_CUSTOMERS . " c, " . TABLE_CUSTOMERS_INFO . " ci\r\n where c.customers_id = ci.customers_info_id\r\n and ci.global_product_notifications = '1'");
while (!$customers->EOF) {
$audience[$customers->fields['customers_id']] = array('firstname' => $customers->fields['customers_firstname'], 'lastname' => $customers->fields['customers_lastname'], 'email_address' => $customers->fields['customers_email_address']);
$customers->MoveNext();
}
}
//send emails
reset($audience);
$i = 0;
while (list($key, $value) = each($audience)) {
$i++;
$html_msg['EMAIL_FIRST_NAME'] = $value['firstname'];
$html_msg['EMAIL_LAST_NAME'] = $value['lastname'];
$html_msg['EMAIL_GREET'] = EMAIL_GREET;
$html_msg['EMAIL_MESSAGE_HTML'] = $this->content_html;
zen_mail($value['firstname'] . ' ' . $value['lastname'], $value['email_address'], $this->title, $this->content, STORE_NAME, EMAIL_FROM, $html_msg, 'product_notification', '');
echo zen_image(DIR_WS_ICONS . 'tick.gif', $value['email_address']);
//force output to the screen to show status indicator each time a message is sent...
if (function_exists('ob_flush')) {
@ob_flush();
}
@flush();
}
$newsletter_id = zen_db_prepare_input($newsletter_id);
$db->Execute("update " . TABLE_NEWSLETTERS . "\r\n set date_sent = now(), status = '1'\r\n where newsletters_id = '" . zen_db_input($newsletter_id) . "'");
return $i;
//return number of records processed whether successful or not
}
$lastname = zen_db_prepare_input($_POST['lastname']);
// ->furikana
if (FURIKANA_NESESSARY) {
$firstname_kana = zen_db_prepare_input($_POST['firstname_kana']);
$lastname_kana = zen_db_prepare_input($_POST['lastname_kana']);
}
// <-furikana
if (ACCOUNT_DOB == 'true') {
$dob = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_db_prepare_input($_POST['dob']);
}
$email_address = zen_db_prepare_input($_POST['email_address']);
$telephone = zen_db_prepare_input($_POST['telephone']);
$fax = zen_db_prepare_input($_POST['fax']);
$email_format = zen_db_prepare_input($_POST['email_format']);
if (CUSTOMERS_REFERRAL_STATUS == '2' and $_POST['customers_referral'] != '') {
$customers_referral = zen_db_prepare_input($_POST['customers_referral']);
}
$error = false;
if (ACCOUNT_GENDER == 'true') {
if ($gender != 'm' && $gender != 'f') {
$error = true;
$messageStack->add('account_edit', ENTRY_GENDER_ERROR);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_FIRST_NAME_ERROR);
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_LAST_NAME_ERROR);
function zen_mail_archive_write($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject, $email_html, $email_text, $module)
{
// this function stores sent emails into a table in the database as a log record of email activity. This table CAN get VERY big!
// To disable this function, set the "Email Archives" switch to 'false' in ADMIN!
global $db;
$to_name = zen_db_prepare_input($to_name);
$to_email_address = zen_db_prepare_input($to_email_address);
$from_email_name = zen_db_prepare_input($from_email_name);
$from_email_address = zen_db_prepare_input($from_email_address);
$email_subject = zen_db_prepare_input($email_subject);
$email_html = EMAIL_USE_HTML == 'true' ? zen_db_prepare_input($email_html) : zen_db_prepare_input('HTML disabled in admin');
$email_text = zen_db_prepare_input($email_text);
$module = zen_db_prepare_input($module);
$db->Execute("insert into " . TABLE_EMAIL_ARCHIVE . "\r\n (email_to_name, email_to_address, email_from_name, email_from_address, email_subject, email_html, email_text, date_sent, module)\r\n values ('" . zen_db_input($to_name) . "',\r\n '" . zen_db_input($to_email_address) . "',\r\n '" . zen_db_input($from_email_name) . "',\r\n '" . zen_db_input($from_email_address) . "',\r\n '" . zen_db_input($email_subject) . "',\r\n '" . zen_db_input($email_html) . "',\r\n '" . zen_db_input($email_text) . "',\r\n now() ,\r\n '" . zen_db_input($module) . "')");
return $db;
}
function query($order_id)
{
global $db;
$order_id = zen_db_prepare_input($order_id);
$this->queryReturnFlag = NULL;
$this->notify('NOTIFY_ORDER_BEFORE_QUERY', array(), $order_id);
if ($this->queryReturnFlag === TRUE) {
return;
}
$order_query = "select customers_id, customers_name, customers_company,\n customers_street_address, customers_suburb, customers_city,\n customers_postcode, customers_state, customers_country,\n customers_telephone, customers_email_address, customers_address_format_id,\n delivery_name, delivery_company, delivery_street_address, delivery_suburb,\n delivery_city, delivery_postcode, delivery_state, delivery_country,\n delivery_address_format_id, billing_name, billing_company,\n billing_street_address, billing_suburb, billing_city, billing_postcode,\n billing_state, billing_country, billing_address_format_id,\n payment_method, payment_module_code, shipping_method, shipping_module_code,\n coupon_code, cc_type, cc_owner, cc_number, cc_expires, currency, currency_value,\n date_purchased, orders_status, last_modified, order_total, order_tax, ip_address\n from " . TABLE_ORDERS . "\n where orders_id = '" . (int) $order_id . "'";
$order = $db->Execute($order_query);
$totals_query = "select title, text, class\n from " . TABLE_ORDERS_TOTAL . "\n where orders_id = '" . (int) $order_id . "'\n order by sort_order";
$totals = $db->Execute($totals_query);
while (!$totals->EOF) {
if ($totals->fields['class'] == 'ot_coupon') {
$coupon_link_query = "SELECT coupon_id\n from " . TABLE_COUPONS . "\n where coupon_code ='" . $order->fields['coupon_code'] . "'";
$coupon_link = $db->Execute($coupon_link_query);
$zc_coupon_link = '<a href="javascript:couponpopupWindow(\'' . zen_href_link(FILENAME_POPUP_COUPON_HELP, 'cID=' . $coupon_link->fields['coupon_id']) . '\')">';
}
$this->totals[] = array('title' => $totals->fields['class'] == 'ot_coupon' ? $zc_coupon_link . $totals->fields['title'] . '</a>' : $totals->fields['title'], 'text' => $totals->fields['text'], 'class' => $totals->fields['class']);
$totals->MoveNext();
}
$order_total_query = "select text, value\n from " . TABLE_ORDERS_TOTAL . "\n where orders_id = '" . (int) $order_id . "'\n and class = 'ot_total'";
$order_total = $db->Execute($order_total_query);
$shipping_method_query = "select title, value\n from " . TABLE_ORDERS_TOTAL . "\n where orders_id = '" . (int) $order_id . "'\n and class = 'ot_shipping'";
$shipping_method = $db->Execute($shipping_method_query);
$order_status_query = "select orders_status_name\n from " . TABLE_ORDERS_STATUS . "\n where orders_status_id = '" . $order->fields['orders_status'] . "'\n and language_id = '" . (int) $_SESSION['languages_id'] . "'";
$order_status = $db->Execute($order_status_query);
$this->info = array('currency' => $order->fields['currency'], 'currency_value' => $order->fields['currency_value'], 'payment_method' => $order->fields['payment_method'], 'payment_module_code' => $order->fields['payment_module_code'], 'shipping_method' => $order->fields['shipping_method'], 'shipping_module_code' => $order->fields['shipping_module_code'], 'coupon_code' => $order->fields['coupon_code'], 'cc_type' => $order->fields['cc_type'], 'cc_owner' => $order->fields['cc_owner'], 'cc_number' => $order->fields['cc_number'], 'cc_expires' => $order->fields['cc_expires'], 'date_purchased' => $order->fields['date_purchased'], 'orders_status' => $order_status->fields['orders_status_name'], 'last_modified' => $order->fields['last_modified'], 'total' => $order->fields['order_total'], 'tax' => $order->fields['order_tax'], 'ip_address' => $order->fields['ip_address']);
$this->customer = array('id' => $order->fields['customers_id'], 'name' => $order->fields['customers_name'], 'company' => $order->fields['customers_company'], 'street_address' => $order->fields['customers_street_address'], 'suburb' => $order->fields['customers_suburb'], 'city' => $order->fields['customers_city'], 'postcode' => $order->fields['customers_postcode'], 'state' => $order->fields['customers_state'], 'country' => $order->fields['customers_country'], 'format_id' => $order->fields['customers_address_format_id'], 'telephone' => $order->fields['customers_telephone'], 'email_address' => $order->fields['customers_email_address']);
$this->delivery = array('name' => $order->fields['delivery_name'], 'company' => $order->fields['delivery_company'], 'street_address' => $order->fields['delivery_street_address'], 'suburb' => $order->fields['delivery_suburb'], 'city' => $order->fields['delivery_city'], 'postcode' => $order->fields['delivery_postcode'], 'state' => $order->fields['delivery_state'], 'country' => $order->fields['delivery_country'], 'format_id' => $order->fields['delivery_address_format_id']);
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) {
$this->delivery = false;
}
$this->billing = array('name' => $order->fields['billing_name'], 'company' => $order->fields['billing_company'], 'street_address' => $order->fields['billing_street_address'], 'suburb' => $order->fields['billing_suburb'], 'city' => $order->fields['billing_city'], 'postcode' => $order->fields['billing_postcode'], 'state' => $order->fields['billing_state'], 'country' => $order->fields['billing_country'], 'format_id' => $order->fields['billing_address_format_id']);
$index = 0;
$orders_products_query = "select orders_products_id, products_id, products_name,\n products_model, products_price, products_tax,\n products_quantity, final_price,\n onetime_charges,\n products_priced_by_attribute, product_is_free, products_discount_type,\n products_discount_type_from\n from " . TABLE_ORDERS_PRODUCTS . "\n where orders_id = '" . (int) $order_id . "'\n order by orders_products_id";
$orders_products = $db->Execute($orders_products_query);
while (!$orders_products->EOF) {
// convert quantity to proper decimals - account history
if (QUANTITY_DECIMALS != 0) {
$fix_qty = $orders_products->fields['products_quantity'];
switch (true) {
case !strstr($fix_qty, '.'):
$new_qty = $fix_qty;
break;
default:
$new_qty = preg_replace('/[0]+$/', '', $orders_products->fields['products_quantity']);
break;
}
} else {
$new_qty = $orders_products->fields['products_quantity'];
}
$new_qty = round($new_qty, QUANTITY_DECIMALS);
if ($new_qty == (int) $new_qty) {
$new_qty = (int) $new_qty;
}
$this->products[$index] = array('qty' => $new_qty, 'id' => $orders_products->fields['products_id'], 'name' => $orders_products->fields['products_name'], 'model' => $orders_products->fields['products_model'], 'tax' => $orders_products->fields['products_tax'], 'price' => $orders_products->fields['products_price'], 'final_price' => $orders_products->fields['final_price'], 'onetime_charges' => $orders_products->fields['onetime_charges'], 'products_priced_by_attribute' => $orders_products->fields['products_priced_by_attribute'], 'product_is_free' => $orders_products->fields['product_is_free'], 'products_discount_type' => $orders_products->fields['products_discount_type'], 'products_discount_type_from' => $orders_products->fields['products_discount_type_from']);
$subindex = 0;
$attributes_query = "select products_options_id, products_options_values_id, products_options, products_options_values,\n options_values_price, price_prefix from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . "\n where orders_id = '" . (int) $order_id . "'\n and orders_products_id = '" . (int) $orders_products->fields['orders_products_id'] . "'";
$attributes = $db->Execute($attributes_query);
if ($attributes->RecordCount()) {
while (!$attributes->EOF) {
$this->products[$index]['attributes'][$subindex] = array('option' => $attributes->fields['products_options'], 'value' => $attributes->fields['products_options_values'], 'option_id' => $attributes->fields['products_options_id'], 'value_id' => $attributes->fields['products_options_values_id'], 'prefix' => $attributes->fields['price_prefix'], 'price' => $attributes->fields['options_values_price']);
$subindex++;
$attributes->MoveNext();
}
}
$this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';
$index++;
$orders_products->MoveNext();
}
$this->notify('NOTIFY_ORDER_AFTER_QUERY', array(), $order_id);
}
} elseif ($action == 'save') {
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = array_merge($sql_data_array, $update_sql_data);
zen_db_perform(TABLE_GROUP_PRICING, $sql_data_array, 'update', "group_id = '" . (int) $group_id . "'");
}
}
zen_redirect(zen_href_link(FILENAME_GROUP_PRICING, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'gID=' . $group_id));
break;
case 'deleteconfirm':
if (zen_admin_demo()) {
$_GET['action'] = '';
$messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
zen_redirect(zen_href_link(FILENAME_GROUP_PRICING, 'page=' . $_GET['page']));
}
$delete_cust_confirmed = isset($_POST['delete_customers']) && $_POST['delete_customers'] == 'on' ? true : false;
$group_id = zen_db_prepare_input($_GET['gID']);
$customers_query = $db->Execute("select customers_id from " . TABLE_CUSTOMERS . " where customers_group_pricing = '" . (int) $group_id . "'");
if ($customers_query->RecordCount() > 0 && $delete_cust_confirmed == true) {
$db->Execute("delete from " . TABLE_GROUP_PRICING . " where group_id = '" . (int) $group_id . "'");
$db->Execute("update " . TABLE_CUSTOMERS . " set customers_group_pricing=0 where customers_group_pricing = '" . (int) $group_id . "'");
} elseif ($customers_query->RecordCount() > 0 && $delete_cust_confirmed == false) {
$messageStack->add_session(ERROR_GROUP_PRICING_CUSTOMERS_EXIST, 'error');
} elseif ($customers_query->RecordCount() == 0) {
$db->Execute("delete from " . TABLE_GROUP_PRICING . " where group_id = '" . (int) $group_id . "'");
}
zen_redirect(zen_href_link(FILENAME_GROUP_PRICING, 'page=' . $_GET['page']));
break;
}
}
$query = $db->Execute("select count(*) as count from " . TABLE_GROUP_PRICING);
if ($query->fields['count'] > 0 && (!defined('MODULE_ORDER_TOTAL_GROUP_PRICING_STATUS') || MODULE_ORDER_TOTAL_GROUP_PRICING_STATUS != 'true')) {
<td class="dataTableHeadingContent"><?php
echo TABLE_TEXT_MAX_DAYS;
?>
</td>
<td class="dataTableHeadingContent"><?php
echo TABLE_TEXT_MAX_COUNT;
?>
</td>
<td class="dataTableHeadingContent"> </td>
</tr>
<?php
// create search filter
$search = '';
if (isset($_GET['search']) && zen_not_null($_GET['search'])) {
$keywords = zen_db_input(zen_db_prepare_input($_GET['search']));
$search = " and pd.products_name like '%" . $keywords . "%' or pad.products_attributes_filename like '%" . $keywords . "%' or pd.products_description like '%" . $keywords . "%' or p.products_model like '%" . $keywords . "%'";
}
// order of display
$order_by = " order by pd.products_name ";
// create split page control
$products_downloads_query_raw = "select pad.*, pa.*, pd.*, p.* from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad left join " . TABLE_PRODUCTS_ATTRIBUTES . " pa on pad.products_attributes_id = pa.products_attributes_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on pa.products_id = pd.products_id and pd.language_id ='" . (int) $_SESSION['languages_id'] . "' left join " . TABLE_PRODUCTS . " p on p.products_id= pd.products_id " . " where pa.products_attributes_id = pad.products_attributes_id" . $search . $order_by;
$products_downloads_split = new splitPageResults($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS_DOWNLOADS_MANAGER, $products_downloads_query_raw, $products_downloads_query_numrows);
$products_downloads_query = $db->Execute($products_downloads_query_raw);
while (!$products_downloads_query->EOF) {
if ((!isset($_GET['padID']) || isset($_GET['padID']) && $_GET['padID'] == $products_downloads_query->fields['products_attributes_id']) && !isset($padInfo)) {
$padInfo_array = $products_downloads_query->fields;
$padInfo = new objectInfo($padInfo_array);
}
// Moved to /admin/includes/configure.php
if (!defined('DIR_FS_DOWNLOAD')) {
function update_refund($refund_id, $payment_id = false, $refund_number = false, $refund_name = false, $refund_amount = false, $refund_type = false, $orders_id = false)
{
$update_refund = array();
$update_refund['last_modified'] = 'now()';
if (is_numeric($payment_id)) {
$update_refund['payment_id'] = (int) $payment_id;
}
if ($refund_number && $refund_number != '') {
$update_refund['refund_number'] = zen_db_prepare_input($refund_number);
}
if ($refund_name && $refund_name != '') {
$update_refund['refund_name'] = zen_db_prepare_input($refund_name);
}
if ($refund_amount && $refund_amount != '') {
$update_refund['refund_amount'] = zen_db_prepare_input($refund_amount);
}
if ($refund_type && $refund_type != '') {
$update_refund['refund_type'] = zen_db_prepare_input($refund_type);
}
if ($orders_id && $orders_id != '') {
$update_refund['orders_id'] = (int) $orders_id;
}
zen_db_perform(TABLE_SO_REFUNDS, $update_refund, 'update', "refund_id = '" . $refund_id . "'");
}
// | to obtain it through the world-wide-web, please send a note to |
// | license@zen-cart.com so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Do Not Remove: Coded for Zen-Cart by geeks4u.com |
// | Dedicated to Memory of Amelita "Emmy" Abordo Gelarderes |
// +----------------------------------------------------------------------+
// $Id: tpl_news_scroll_box.php,v 1.2 2004/08/26
//
// Begin of News Sidebox Config
$layout = 1;
// 0 = Java Script Fader | 1 = Static 10 last news
$shown_news = 10;
// Number of Shown News
// End of News Sidebox Config
// No need to change anything under this line
$languages_id = zen_db_prepare_input((int) $_SESSION['languages_id']);
$news_box_query = $db->Execute("select n.box_news_id, nc.languages_id, \r\n nc.news_title, nc.news_content, n.more_news_page, n.news_added_date, n.news_start_date\r\n\t\t\t\t\t\t\t\tfrom " . TABLE_BOX_NEWS_CONTENT . " nc, " . TABLE_BOX_NEWS . " n\r\n\t\t\t\t\t\t\t\twhere n.box_news_id = nc.box_news_id and nc.languages_id = " . $languages_id . " and n.news_status = 1 and now() between n.news_start_date and n.news_end_date \r\n\t\t\t\t\t\t\t\torder by n.news_start_date desc, n.news_added_date desc\r\n\t\t\t\t\t\t\t\tlimit " . $shown_news);
(int) ($news_box_char_count = NEWS_BOX_CHAR_COUNT ? NEWS_BOX_CHAR_COUNT : 0);
$p_class_open = '<div id="newsBox">';
$p_class_close = '</div>';
(int) ($p_class_len = strlen(addslashes($p_class_open . $p_class_close)));
function prepString($prep_string)
{
$ret_string = '';
}
if ($layout == 0) {
while (!$news_box_query->EOF) {
if ($news_box_query->fields['news_title'] || $news_box_query->fields['news_content']) {
$i++;
$char_cnt = strlen(strip_tags(ereg_replace("(\r\n|\n|\r)", "", $news_box_query->fields['news_title'] . $news_box_query->fields['news_content'])));
$newsId = 'news_id=' . $news_box_query->fields['box_news_id'];
$_SESSION['navigation']->remove_current_page();
if (isset($_GET['action']) && $_GET['action'] == 'process') {
// Slam prevention:
if ($_SESSION['login_attempt'] > 9) {
header('HTTP/1.1 406 Not Acceptable');
exit(0);
}
// BEGIN SLAM PREVENTION
if ($_POST['email_address'] != '') {
if (!isset($_SESSION['login_attempt'])) {
$_SESSION['login_attempt'] = 0;
}
$_SESSION['login_attempt']++;
}
// END SLAM PREVENTION
$email_address = zen_db_prepare_input($_POST['email_address']);
$check_customer_query = "SELECT customers_firstname, customers_lastname, customers_password, customers_id\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = :emailAddress";
$check_customer_query = $db->bindVars($check_customer_query, ':emailAddress', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);
if ($check_customer->RecordCount() > 0) {
$zco_notifier->notify('NOTIFY_PASSWORD_FORGOTTEN_VALIDATED');
$new_password = zen_create_PADSS_password(ENTRY_PASSWORD_MIN_LENGTH > 0 ? ENTRY_PASSWORD_MIN_LENGTH : 5);
$crypted_password = zen_encrypt_password($new_password);
$sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID";
$sql = $db->bindVars($sql, ':password', $crypted_password, 'string');
$sql = $db->bindVars($sql, ':customersID', $check_customer->fields['customers_id'], 'integer');
$db->Execute($sql);
$html_msg['EMAIL_CUSTOMERS_NAME'] = $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'];
$html_msg['EMAIL_MESSAGE_HTML'] = sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password);
// send the email
zen_mail($check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten');
<?php
/**
* @package admin
* @copyright Copyright 2003-2011 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: invoice.php 19136 2011-07-18 16:56:18Z wilt $
*/
require 'includes/application_top.php';
require DIR_WS_CLASSES . 'currencies.php';
$currencies = new currencies();
$oID = zen_db_prepare_input($_GET['oID']);
include DIR_WS_CLASSES . 'order.php';
$order = new order($oID);
// prepare order-status pulldown list
$orders_statuses = array();
$orders_status_array = array();
$orders_status = $db->Execute("select orders_status_id, orders_status_name\n from " . TABLE_ORDERS_STATUS . "\n where language_id = '" . (int) $_SESSION['languages_id'] . "'");
while (!$orders_status->EOF) {
$orders_statuses[] = array('id' => $orders_status->fields['orders_status_id'], 'text' => $orders_status->fields['orders_status_name'] . ' [' . $orders_status->fields['orders_status_id'] . ']');
$orders_status_array[$orders_status->fields['orders_status_id']] = $orders_status->fields['orders_status_name'];
$orders_status->MoveNext();
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
while (!$manufacturers->EOF) {
$manufacturers_array[] = array('id' => $manufacturers->fields['manufacturers_id'], 'text' => $manufacturers->fields['manufacturers_name']);
$manufacturers->MoveNext();
}
// eof get manufacturers
// bof get category_tree
$quick_updates_category_tree = zen_get_category_tree();
// eof get category_tree
// bof Update database
switch ($_GET['action']) {
case 'update':
// bof prepare al new data for database input
if (sizeof($_POST['quick_updates_new']) > 0) {
foreach ($_POST['quick_updates_new'] as $key => $value) {
// $value is an array here (contains values like ['products_model'][$products_id] = '1' for example)
$_POST['quick_updates_new'][$key] = zen_db_prepare_input($value);
}
}
// eof prepare al new data for database input
$quick_updates_count = array();
if ($_POST['quick_updates_new']['products_model']) {
foreach ($_POST['quick_updates_new']['products_model'] as $products_id => $new_value) {
if (trim($_POST['quick_updates_new']['products_model'][$products_id]) != trim($_POST['quick_updates_old']['products_model'][$products_id])) {
$quick_updates_count['products_model'][$products_id] = $products_id;
$db->Execute("UPDATE " . TABLE_PRODUCTS . " SET products_model='" . zen_db_input($new_value) . "', products_last_modified=NOW() WHERE products_id=" . (int) $products_id);
}
}
}
// added for QUICKUPDATES_NEW_COLUMN_1
if ($_POST['quick_updates_new'][QUICKUPDATES_NEW_COLUMN_1]) {
foreach ($_POST['quick_updates_new'][QUICKUPDATES_NEW_COLUMN_1] as $products_id => $new_value) {
zen_remove_category($categories[$i]['id']);
}
// end for loop
}
zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath));
break;
// eof delete new
/////////////////////////////////
// @@TODO where is delete_product_confirm
// eof delete new
/////////////////////////////////
// @@TODO where is delete_product_confirm
case 'move_category_confirm':
if (isset($_POST['categories_id']) && $_POST['categories_id'] != $_POST['move_to_category_id']) {
$categories_id = zen_db_prepare_input($_POST['categories_id']);
$new_parent_id = zen_db_prepare_input($_POST['move_to_category_id']);
$path = explode('_', zen_get_generated_category_path_ids($new_parent_id));
if (in_array($categories_id, $path)) {
$messageStack->add_session(ERROR_CANNOT_MOVE_CATEGORY_TO_PARENT, 'error');
zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $cPath));
} else {
$sql = "select count(*) as count from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id='" . (int) $new_parent_id . "'";
$zc_count_products = $db->Execute($sql);
if ($zc_count_products->fields['count'] > 0) {
$messageStack->add_session(ERROR_CATEGORY_HAS_PRODUCTS, 'error');
} else {
$messageStack->add_session(SUCCESS_CATEGORY_MOVED, 'success');
}
$db->Execute("update " . TABLE_CATEGORIES . "\n set parent_id = '" . (int) $new_parent_id . "', last_modified = now()\n where categories_id = '" . (int) $categories_id . "'");
// fix here - if this is a category with subcats it needs to know to loop through
// reset all products_price_sorter for moved category products
function get_audience_sql_query($selected_entry, $query_category = 'email')
{
// This is used to take the query_name selected in the drop-down menu or singular customer email address and
// generate the SQL Select query to be used to build the list of email addresses to be sent to
// it only returns a query name and query string (SQL SELECT statement)
// the query string is then used in a $db->Execute() command for later parsing and emailing.
global $db;
$query_name = '';
$queries_list = $db->Execute("select query_name, query_string from " . TABLE_QUERY_BUILDER . " " . "where query_category like '%" . $query_category . "%'");
// "where query_category = '" . $query_category . "'");
while (!$queries_list->EOF) {
if ($selected_entry == $queries_list->fields['query_name']) {
$query_name = $queries_list->fields['query_name'];
$query_string = parsed_query_string($queries_list->fields['query_string']);
//echo 'GET_AUD_EM_ADDR_QRY:<br />query_name='.$query_name.'<br />query_string='.$query_string;
}
$queries_list->MoveNext();
}
//if no match found against queries listed in database, then $selected_entry must be an email address
if ($query_name == '' && $query_category == 'email') {
$cust_email_address = zen_db_prepare_input($selected_entry);
$query_name = $cust_email_address;
$query_string = "select customers_firstname, customers_lastname, customers_email_address\n from " . TABLE_CUSTOMERS . "\n where customers_email_address = '" . zen_db_input($cust_email_address) . "'";
}
//send back a 1-row array containing the query_name and the SQL query_string
return array('query_name' => $query_name, 'query_string' => $query_string);
}
