function zen_set_ezpage_status($pages_id, $status, $status_field)
{
global $db;
if ($status == '1') {
zen_record_admin_activity('EZ-Page ID ' . (int) $pages_id . ' [' . $status_field . '] changed to 0', 'info');
return $db->Execute("update " . TABLE_EZPAGES . " set " . zen_db_input($status_field) . " = '0' where pages_id = '" . (int) $pages_id . "'");
} elseif ($status == '0') {
zen_record_admin_activity('EZ-Page ID ' . (int) $pages_id . ' [' . $status_field . '] changed to 1', 'info');
return $db->Execute("update " . TABLE_EZPAGES . " set " . zen_db_input($status_field) . " = '1' where pages_id = '" . (int) $pages_id . "'");
} else {
return -1;
}
}
*/
require 'includes/application_top.php';
require DIR_WS_CLASSES . 'currencies.php';
$currencies = new currencies();
$languages = zen_get_languages();
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (zen_not_null($action)) {
switch ($action) {
case 'insert':
case 'save':
$sql = "update " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " set products_attributes_filename=:filename:, products_attributes_maxdays=:maxdays:, products_attributes_maxcount=:maxcount: where products_attributes_id='" . (int) $_GET['padID'] . "'";
$sql = $db->bindVars($sql, ':filename:', $_POST['products_attributes_filename'], 'string');
$sql = $db->bindVars($sql, ':maxdays:', $_POST['products_attributes_maxdays'], 'string');
$sql = $db->bindVars($sql, ':maxcount:', $_POST['products_attributes_maxcount'], 'string');
$db->Execute($sql);
zen_record_admin_activity('Downloads-manager details added/updated for ' . $_POST['products_attributes_filename'], 'info');
zen_redirect(zen_href_link(FILENAME_DOWNLOADS_MANAGER, 'padID=' . (int) $_GET['padID'] . '&page=' . (int) $_GET['page']));
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
?>
">
if ($rate != 1 && defined('CURRENCY_UPLIFT_RATIO') && (int) CURRENCY_UPLIFT_RATIO != 0) {
$rate = (string) ((double) $rate * (double) CURRENCY_UPLIFT_RATIO);
}
// special handling for currencies which don't support decimal places
if ($currency->fields['decimal_places'] == '0') {
$rate = (int) $rate;
}
if (zen_not_null($rate) && $rate > 0) {
$db->Execute("update " . TABLE_CURRENCIES . "\r\n set value = '" . $rate . "', last_updated = now()\r\n where currencies_id = '" . (int) $currency->fields['currencies_id'] . "'");
$messageStack->add_session(sprintf(TEXT_INFO_CURRENCY_UPDATED, $currency->fields['title'], $currency->fields['code'], $server_used), 'success');
} else {
$messageStack->add_session(sprintf(ERROR_CURRENCY_INVALID, $currency->fields['title'], $currency->fields['code'], $server_used), 'error');
}
$currency->MoveNext();
}
zen_record_admin_activity('Currency exchange rates updated via the Update button in the admin console.', 'info');
zen_redirect(zen_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'delete':
// demo active test
if (zen_admin_demo()) {
$_GET['action'] = '';
$messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
zen_redirect(zen_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
}
$currencies_id = zen_db_prepare_input($_GET['cID']);
$currency = $db->Execute("select code\r\n from " . TABLE_CURRENCIES . "\r\n where currencies_id = '" . (int) $currencies_id . "'");
$remove_currency = true;
if ($currency->fields['code'] == DEFAULT_CURRENCY) {
$remove_currency = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_CURRENCY, 'error');
function zen_remove($source)
{
global $messageStack, $zen_remove_error;
if (isset($zen_remove_error)) {
$zen_remove_error = false;
}
if (is_dir($source)) {
$dir = dir($source);
while ($file = $dir->read()) {
if ($file != '.' && $file != '..') {
if (is_writeable($source . '/' . $file)) {
zen_remove($source . '/' . $file);
} else {
$messageStack->add(sprintf(ERROR_FILE_NOT_REMOVEABLE, $source . '/' . $file), 'error');
$zen_remove_error = true;
}
}
}
$dir->close();
if (is_writeable($source)) {
rmdir($source);
zen_record_admin_activity('Removed directory from server: [' . $source . ']', 'notice');
} else {
$messageStack->add(sprintf(ERROR_DIRECTORY_NOT_REMOVEABLE, $source), 'error');
$zen_remove_error = true;
}
} else {
if (is_writeable($source)) {
unlink($source);
zen_record_admin_activity('Deleted file from server: [' . $source . ']', 'notice');
} else {
$messageStack->add(sprintf(ERROR_FILE_NOT_REMOVEABLE, $source), 'error');
$zen_remove_error = true;
}
}
}
$reviews = $db->Execute("select reviews_id\n from " . TABLE_REVIEWS . "\n where customers_id = '" . (int) $customers_id . "'");
while (!$reviews->EOF) {
$db->Execute("delete from " . TABLE_REVIEWS_DESCRIPTION . "\n where reviews_id = '" . (int) $reviews->fields['reviews_id'] . "'");
$reviews->MoveNext();
}
$db->Execute("delete from " . TABLE_REVIEWS . "\n where customers_id = '" . (int) $customers_id . "'");
} else {
$db->Execute("update " . TABLE_REVIEWS . "\n set customers_id = null\n where customers_id = '" . (int) $customers_id . "'");
}
$db->Execute("delete from " . TABLE_ADDRESS_BOOK . "\n where customers_id = '" . (int) $customers_id . "'");
$db->Execute("delete from " . TABLE_CUSTOMERS . "\n where customers_id = '" . (int) $customers_id . "'");
$db->Execute("delete from " . TABLE_CUSTOMERS_INFO . "\n where customers_info_id = '" . (int) $customers_id . "'");
$db->Execute("delete from " . TABLE_CUSTOMERS_BASKET . "\n where customers_id = '" . (int) $customers_id . "'");
$db->Execute("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . "\n where customers_id = '" . (int) $customers_id . "'");
$db->Execute("delete from " . TABLE_WHOS_ONLINE . "\n where customer_id = '" . (int) $customers_id . "'");
zen_record_admin_activity('Customer with customer ID ' . (int) $customers_id . ' deleted.', 'warning');
zen_redirect(zen_href_link(FILENAME_CUSTOMERS, zen_get_all_get_params(array('cID', 'action')), 'NONSSL'));
break;
default:
$customers = $db->Execute("select c.customers_id, c.customers_gender, c.customers_firstname,\n c.customers_lastname, c.customers_dob, c.customers_email_address,\n a.entry_company, a.entry_street_address, a.entry_suburb,\n a.entry_postcode, a.entry_city, a.entry_state, a.entry_zone_id,\n a.entry_country_id, c.customers_telephone, c.customers_fax,\n c.customers_newsletter, c.customers_default_address_id,\n c.customers_email_format, c.customers_group_pricing,\n c.customers_authorization, c.customers_referral\n from " . TABLE_CUSTOMERS . " c left join " . TABLE_ADDRESS_BOOK . " a\n on c.customers_default_address_id = a.address_book_id\n where a.customers_id = c.customers_id\n and c.customers_id = '" . (int) $customers_id . "'");
$cInfo = new objectInfo($customers->fields);
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
function zen_deregister_admin_pages($pages)
{
global $db;
if (!empty($pages)) {
if (is_array($pages)) {
$sql = "DELETE FROM " . TABLE_ADMIN_PAGES . " WHERE page_key IN (";
foreach ($pages as $page) {
$sql .= ":page_key:,";
$sql = $db->bindVars($sql, ':page_key:', $page, 'string');
}
$sql = substr($sql, 0, -1) . ")";
} else {
$sql = "DELETE FROM " . TABLE_ADMIN_PAGES . " WHERE page_key = :page_key:";
$sql = $db->bindVars($sql, ':page_key:', $pages, 'string');
}
$db->Execute($sql);
zen_record_admin_activity('Deleted admin pages for page keys: ' . print_r($pages, true), 'warning');
}
}
require 'includes/application_top.php';
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (zen_not_null($action)) {
switch ($action) {
case 'save':
$cID = zen_db_prepare_input($_GET['cID']);
// demo active test
if (zen_admin_demo()) {
$_GET['action'] = '';
$messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
zen_redirect(zen_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . (int) $cID));
}
$configuration_value = zen_db_prepare_input($_POST['configuration_value']);
$db->Execute("update " . TABLE_CONFIGURATION . "\r\n set configuration_value = '" . zen_db_input($configuration_value) . "',\r\n last_modified = now() where configuration_id = '" . (int) $cID . "'");
$result = $db->Execute("select configuration_key from " . TABLE_CONFIGURATION . " where configuration_id=" . (int) $cID . " LIMIT 1");
zen_record_admin_activity('Configuration setting changed for ' . $result->fields['configuration_key'] . ': ' . $configuration_value, 'warning');
// set the WARN_BEFORE_DOWN_FOR_MAINTENANCE to false if DOWN_FOR_MAINTENANCE = true
if (WARN_BEFORE_DOWN_FOR_MAINTENANCE == 'true' && DOWN_FOR_MAINTENANCE == 'true') {
$db->Execute("update " . TABLE_CONFIGURATION . "\r\n set configuration_value = 'false', last_modified = '" . NOW . "'\r\n where configuration_key = 'WARN_BEFORE_DOWN_FOR_MAINTENANCE'");
}
zen_redirect(zen_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . (int) $cID));
break;
}
}
$gID = isset($_GET['gID']) ? $_GET['gID'] : 1;
$_GET['gID'] = $gID;
$cfg_group = $db->Execute("select configuration_group_title\r\n from " . TABLE_CONFIGURATION_GROUP . "\r\n where configuration_group_id = '" . (int) $gID . "'");
if ($gID == 7) {
$shipping_errors = '';
if (zen_get_configuration_key_value('SHIPPING_ORIGIN_ZIP') == 'NONE' or zen_get_configuration_key_value('SHIPPING_ORIGIN_ZIP') == '') {
$shipping_errors .= '<br />' . ERROR_SHIPPING_ORIGIN_ZIP;
zen_record_admin_activity('Inserted special ' . (int) $v_products_id . ' via EP4.', 'info');
}
$specials_print .= sprintf(EASYPOPULATE_4_SPECIALS_NEW, $v_products_model, substr(strip_tags($v_products_name[$epdlanguage_id]), 0, 10), $v_products_price, $v_specials_price);
} else {
// existing product
if ($v_specials_price == '0') {
// delete of existing requested
$db->Execute("DELETE FROM " . TABLE_SPECIALS . " WHERE products_id = '" . (int) $v_products_id . "'");
$specials_print .= sprintf(EASYPOPULATE_4_SPECIALS_DELETE, $v_products_model);
continue;
}
// just make an update
$sql = "UPDATE " . TABLE_SPECIALS . " SET\n\t\t\t\t\t\tspecials_new_products_price\t= '" . $v_specials_price . "',\n\t\t\t\t\t\tspecials_last_modified\t\t= now(),\n\t\t\t\t\t\tspecials_date_available\t\t= '" . $v_specials_date_avail . "',\n\t\t\t\t\t\texpires_date\t\t\t\t= '" . $v_specials_expires_date . "',\n\t\t\t\t\t\tstatus\t\t\t\t\t\t= '1'\n\t\t\t\t\t\tWHERE products_id\t\t\t= '" . (int) $v_products_id . "'";
$result = ep_4_query($sql);
if ($result) {
zen_record_admin_activity('Updated special ' . (int) $v_products_id . ' via EP4.', 'info');
}
$specials_print .= sprintf(EASYPOPULATE_4_SPECIALS_UPDATE, $v_products_model, substr(strip_tags($v_products_name[$epdlanguage_id]), 0, 10), $v_products_price, $v_specials_price);
}
// we still have our special here
}
// end specials for this product
// this is a test chadd - 12-08-2011
// why not just update price_sorter after each product?
// better yet, why not ONLY call if pricing was updated
// ALL these affect pricing: products_tax_class_id, products_price, products_priced_by_attribute, product_is_free, product_is_call
zen_update_products_price_sorter($v_products_id);
} else {
// this record is missing the product_model
$display_output .= EASYPOPULATE_4_DISPLAY_RESULT_NO_MODEL;
foreach ($items as $col => $summary) {
$sql = $db->bindVars($sql, ':countryID:', $countries_id, 'integer');
$result = $db->Execute($sql);
if ($result->recordCount() == 0) {
$db->Execute("delete from " . TABLE_COUNTRIES . "\n where countries_id = '" . (int) $countries_id . "'");
zen_record_admin_activity('Country deleted: ' . $countries_id, 'warning');
} else {
$messageStack->add_session(ERROR_COUNTRY_IN_USE, 'error');
}
zen_redirect(zen_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
break;
case 'setstatus':
$countries_id = zen_db_prepare_input($_GET['cID']);
if (isset($_POST['current_status']) && ($_POST['current_status'] == '0' || $_POST['current_status'] == '1')) {
$sql = "update " . TABLE_COUNTRIES . " set status='" . ($_POST['current_status'] == 0 ? 1 : 0) . "' where countries_id='" . (int) $countries_id . "'";
$db->Execute($sql);
zen_record_admin_activity('Country with ID number: ' . $countries_id . ' changed status to ' . ($_POST['current_status'] == 0 ? 1 : 0), 'info');
zen_redirect(zen_href_link(FILENAME_COUNTRIES, 'cID=' . (int) $countries_id . '&page=' . $_GET['page']));
}
$action = '';
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
$tax_description = zen_db_prepare_input($_POST['tax_description']);
$tax_priority = zen_db_prepare_input((int) $_POST['tax_priority']);
$db->Execute("update " . TABLE_TAX_RATES . "\r\n set tax_rates_id = '" . (int) $tax_rates_id . "',\r\n tax_zone_id = '" . (int) $tax_zone_id . "',\r\n tax_class_id = '" . (int) $tax_class_id . "',\r\n tax_rate = '" . zen_db_input($tax_rate) . "',\r\n tax_description = '" . zen_db_input($tax_description) . "',\r\n tax_priority = '" . zen_db_input($tax_priority) . "',\r\n last_modified = now() where tax_rates_id = '" . (int) $tax_rates_id . "'");
zen_record_admin_activity('Tax Rate updated for tax-rate-id ' . $tax_rates_id, 'info');
zen_redirect(zen_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id));
break;
case 'deleteconfirm':
// demo active test
if (zen_admin_demo()) {
$_GET['action'] = '';
$messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
zen_redirect(zen_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page']));
}
$tax_rates_id = zen_db_prepare_input($_POST['tID']);
$db->Execute("delete from " . TABLE_TAX_RATES . "\r\n where tax_rates_id = '" . (int) $tax_rates_id . "'");
zen_record_admin_activity('Tax Rate deleted for tax-rate-id ' . (int) $tax_rates_id, 'notice');
zen_redirect(zen_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page']));
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
?>
">
*/
if (!file_exists(SESSION_WRITE_DIRECTORY) || !is_writable(SESSION_WRITE_DIRECTORY)) {
zen_record_admin_activity('Session directory folder not found. Will attempt to re-detect and update configuration. Old value: ' . SESSION_WRITE_DIRECTORY, 'notice');
define('DIR_FS_ROOT', realpath(dirname($_SERVER['SCRIPT_FILENAME']) . '/../') . '/');
$possible_dir[] = DIR_FS_SQL_CACHE;
$possible_dir[] = DIR_FS_CATALOG . 'cache';
$possible_dir[] = DIR_FS_ROOT . 'cache';
$selected_dir = DIR_FS_CATALOG . 'cache';
foreach ($possible_dir as $dir) {
if (!file_exists($dir)) {
unset($dir);
continue;
}
if (!is_writable($dir)) {
unset($dir);
continue;
}
$selected_dir = $dir;
}
if ($selected_dir == '') {
$selected_dir = DIR_FS_CATALOG . 'cache';
}
$sql = "update " . TABLE_CONFIGURATION . " set configuration_value = '" . $db->prepare_input(trim($selected_dir)) . "' where configuration_key = 'SESSION_WRITE_DIRECTORY'";
$db->Execute($sql);
zen_record_admin_activity('Updated SESSION_WRITE_DIRECTORY configuration setting to ' . $selected_dir, 'notice');
if (!file_exists($selected_dir) || !is_writable($selected_dir)) {
die('ALERT: Your cache directory does not exist or is not writable: ' . $selected_dir . ' ... This must be fixed before the page can load correctly.');
}
zen_redirect(zen_href_link(FILENAME_DEFAULT));
exit(1);
}
$limit = ' LIMIT ';
if ($start > 0) {
$limit .= (int) $start;
}
if ($start > 0 && $perpage > 0) {
$limit .= ', ';
}
if ($perpage > 0) {
$limit .= (int) $perpage;
}
}
$sort = '';
switch ($action) {
case 'save':
global $db;
zen_record_admin_activity(sprintf(TEXT_ACTIVITY_LOG_ACCESSED, $format, $selected_filter, $save_to_file_checked ? '(SaveToFile)' : ($format == 'HTML' ? '(Output to browser)' : '(Download to browser)')), 'warning');
if ($format == 'CSV') {
$FIELDSTART = '"';
$FIELDEND = '"';
$FIELDSEPARATOR = ',';
$LINESTART = '';
$LINEBREAK = "\n";
$sort = ' ASC ';
$limit = '';
}
if ($format == 'TXT') {
$FIELDSTART = '';
$FIELDEND = '';
$FIELDSEPARATOR = "\t";
$LINESTART = '';
$LINEBREAK = "\n";
function save($overwrite = true)
{
global $messageStack;
if (!$overwrite and file_exists($this->destination . $this->filename)) {
$messageStack->add_session(TEXT_IMAGE_OVERWRITE_WARNING . $this->filename, 'caution');
return true;
} else {
if (substr($this->destination, -1) != '/') {
$this->destination .= '/';
}
if (move_uploaded_file($this->file['tmp_name'], $this->destination . $this->filename)) {
chmod($this->destination . $this->filename, $this->permissions);
if ($this->message_location == 'direct') {
$messageStack->add(sprintf(SUCCESS_FILE_SAVED_SUCCESSFULLY, $this->filename), 'success');
} else {
$messageStack->add_session(sprintf(SUCCESS_FILE_SAVED_SUCCESSFULLY, $this->filename), 'success');
}
zen_record_admin_activity(sprintf(SUCCESS_FILE_SAVED_SUCCESSFULLY, $this->filename), 'notice');
return true;
} else {
if ($this->message_location == 'direct') {
$messageStack->add(ERROR_FILE_NOT_SAVED, 'error');
} else {
$messageStack->add_session(ERROR_FILE_NOT_SAVED, 'error');
}
return false;
}
}
}
if ((! isset($_SESSION['securityToken']) || ! isset($_POST['securityToken'])) || ($_SESSION['securityToken'] !== $_POST['securityToken']))
{
$error = true;
$message = ERROR_SECURITY_ERROR;
zen_record_admin_activity(TEXT_ERROR_ATTEMPTED_ADMIN_LOGIN_WITHOUT_CSRF_TOKEN, 'warning');
}
if ($_POST['action'] == 'do' . $_SESSION['securityToken'])
{
$admin_name = zen_db_prepare_input($_POST['admin_name']);
$admin_pass = zen_db_prepare_input($_POST['admin_pass']);
if ($admin_name == '' && $admin_pass == '')
{
sleep(4);
$error = true;
$message = ERROR_WRONG_LOGIN;
zen_record_admin_activity(TEXT_ERROR_ATTEMPTED_ADMIN_LOGIN_WITHOUT_USERNAME, 'warning');
} else
{
list($error, $expired, $message, $redirect) = zen_validate_user_login($admin_name, $admin_pass);
if ($redirect != '') zen_redirect($redirect);
}
} elseif ($_POST['action'] == 'rs' . $_SESSION['securityToken'])
{
$expired = true;
$admin_name = zen_db_prepare_input($_POST['admin_name-' . $_SESSION['securityToken']]);
$adm_old_pwd = zen_db_prepare_input($_POST['oldpwd-' . $_SESSION['securityToken']]);
$adm_new_pwd = zen_db_prepare_input($_POST['newpwd-' . $_SESSION['securityToken']]);
$adm_conf_pwd = zen_db_prepare_input($_POST['confpwd-' . $_SESSION['securityToken']]);
$errors = zen_validate_pwd_reset_request($admin_name, $adm_old_pwd, $adm_new_pwd, $adm_conf_pwd);
if (sizeof($errors) > 0)
$action = '';
zen_redirect(zen_href_link(FILENAME_DEFINE_PAGES_EDITOR));
break;
case 'save':
if ($_GET['lngdir'] && $_GET['filename']) {
if (file_exists($file)) {
if (file_exists('bak' . $file)) {
@unlink('bak' . $file);
}
@rename($file, 'bak' . $file);
$new_file = fopen($file, 'w');
$file_contents = stripslashes($_POST['file_contents']);
fwrite($new_file, $file_contents, strlen($file_contents));
fclose($new_file);
}
zen_record_admin_activity('Define-Page-Editor was used to save changes to file ' . $file, 'info');
zen_redirect(zen_href_link(FILENAME_DEFINE_PAGES_EDITOR));
}
break;
}
if (!$_SESSION['language']) {
$_SESSION['language'] = $language;
}
$languages_array = array();
$languages = zen_get_languages();
$lng_exists = false;
for ($i = 0; $i < sizeof($languages); $i++) {
if ($languages[$i]['directory'] == $_SESSION['language']) {
$lng_exists = true;
}
$languages_array[] = array('id' => $languages[$i]['directory'], 'text' => $languages[$i]['name']);
}
zen_redirect(zen_href_link(FILENAME_ORDERS, zen_get_all_get_params(array('action')) . 'action=edit', 'NONSSL'));
break;
case 'doVoid':
$order = new order($oID);
if ($order->info['payment_module_code']) {
if (file_exists(DIR_FS_CATALOG_MODULES . 'payment/' . $order->info['payment_module_code'] . '.php')) {
require_once DIR_FS_CATALOG_MODULES . 'payment/' . $order->info['payment_module_code'] . '.php';
require_once DIR_FS_CATALOG_LANGUAGES . $_SESSION['language'] . '/modules/payment/' . $order->info['payment_module_code'] . '.php';
$module = new $order->info['payment_module_code']();
if (method_exists($module, '_doVoid')) {
$module->_doVoid($oID);
}
}
}
zen_record_admin_activity('Order ' . $oID . ' void processed. See order comments for details.', 'info');
zen_redirect(zen_href_link(FILENAME_ORDERS, zen_get_all_get_params(array('action')) . 'action=edit', 'NONSSL'));
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
?>
">
$html_msg['GV_REDEEM'] = TEXT_TO_REDEEM . TEXT_WHICH_IS . ' <strong>' . $id1 . '</strong> ' . TEXT_IN_CASE;
if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
$message .= HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php/gv_redeem/gv_no/' . $id1 . "\n\n";
$html_msg['GV_CODE_URL'] = '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php/gv_redeem/gv_no/' . $id1 . '">' . TEXT_CLICK_TO_REDEEM . '</a>' . " ";
} else {
$message .= HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php?main_page=gv_redeem&gv_no=' . $id1 . "\n\n";
$html_msg['GV_CODE_URL'] = '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php?main_page=gv_redeem&gv_no=' . $id1 . '">' . TEXT_CLICK_TO_REDEEM . '</a>' . " ";
}
$message .= TEXT_OR_VISIT . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . TEXT_ENTER_CODE . "\n\n";
$html_msg['GV_CODE_URL'] .= TEXT_OR_VISIT . '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . '">' . STORE_NAME . '</a>' . TEXT_ENTER_CODE;
$html_msg['EMAIL_FIRST_NAME'] = $mail->fields['customers_firstname'];
$html_msg['EMAIL_LAST_NAME'] = $mail->fields['customers_lastname'];
// disclaimer
$message .= "\n-----\n" . sprintf(EMAIL_DISCLAIMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n";
zen_mail($mail->fields['customers_firstname'] . ' ' . $mail->fields['customers_lastname'], $mail->fields['customers_email_address'], $subject, $message, $from, $from, $html_msg, 'gv_mail');
zen_record_admin_activity('GV mail sent to ' . $mail->fields['customers_email_address'] . ' in the amount of ' . $currencies->format($_POST['amount']), 'info');
$recip_count++;
if (SEND_EXTRA_GV_ADMIN_EMAILS_TO_STATUS == '1' and SEND_EXTRA_GV_ADMIN_EMAILS_TO != '') {
zen_mail('', SEND_EXTRA_GV_ADMIN_EMAILS_TO, SEND_EXTRA_GV_ADMIN_EMAILS_TO_SUBJECT . ' ' . $subject, $message, $from, $from, $html_msg, 'gv_mail_extra');
}
// Now create the coupon main and email entry
$mail->MoveNext();
}
if ($_POST['email_to']) {
$id1 = create_coupon_code($_POST['email_to']);
$message = zen_db_prepare_input($_POST['message']);
$message .= "\n\n" . TEXT_GV_WORTH . $currencies->format($_POST['amount']) . "\n\n";
$message .= TEXT_TO_REDEEM;
$message .= TEXT_WHICH_IS . ' ' . $id1 . ' ' . TEXT_IN_CASE . "\n\n";
$html_msg['GV_WORTH'] = TEXT_GV_WORTH;
$html_msg['GV_AMOUNT'] = $currencies->format($_POST['amount']);
<?php
/**
* @package admin
* @copyright Copyright 2003-2014 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version GIT: $Id: Author: DrByte Jun 30 2014 Modified in v1.5.4 $
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
$products_id = zen_db_prepare_input($_POST['products_id']);
$new_parent_id = zen_db_prepare_input($_POST['move_to_category_id']);
$duplicate_check = $db->Execute("select count(*) as total\n from " . TABLE_PRODUCTS_TO_CATEGORIES . "\n where products_id = '" . (int) $products_id . "'\n and categories_id = '" . (int) $new_parent_id . "'");
if ($duplicate_check->fields['total'] < 1) {
$db->Execute("update " . TABLE_PRODUCTS_TO_CATEGORIES . "\n set categories_id = '" . (int) $new_parent_id . "'\n where products_id = '" . (int) $products_id . "'\n and categories_id = '" . (int) $current_category_id . "'");
// reset master_categories_id if moved from original master category
$check_master = $db->Execute("select products_id, master_categories_id from " . TABLE_PRODUCTS . " where products_id='" . (int) $products_id . "'");
if ($check_master->fields['master_categories_id'] == (int) $current_category_id) {
$db->Execute("update " . TABLE_PRODUCTS . "\n set master_categories_id='" . (int) $new_parent_id . "'\n where products_id = '" . (int) $products_id . "'");
}
// reset products_price_sorter for searches etc.
zen_update_products_price_sorter((int) $products_id);
zen_record_admin_activity('Moved product ' . (int) $products_id . ' from category ' . (int) $current_category_id . ' to category ' . (int) $new_parent_id, 'notice');
} else {
$messageStack->add_session(ERROR_CANNOT_MOVE_PRODUCT_TO_CATEGORY_SELF, 'error');
}
zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $new_parent_id . '&pID=' . $products_id . (isset($_GET['page']) ? '&page=' . $_GET['page'] : '')));
if (substr(DIR_WS_ADMIN, -7) == '/admin/' || substr(DIR_WS_HTTPS_ADMIN, -7) == '/admin/') {
zen_redirect(zen_href_link(FILENAME_ALERT_PAGE));
}
$check_path = dirname($_SERVER['SCRIPT_FILENAME']) . '/../zc_install';
if (is_dir($check_path)) {
zen_redirect(zen_href_link(FILENAME_ALERT_PAGE));
}
}
}
if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_ALERT_PAGE . '.php') {
if (strpos(strtolower($PHP_SELF), FILENAME_PASSWORD_FORGOTTEN . '.php') !== FALSE && substr_count(strtolower($PHP_SELF), '.php') > 1) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (!(basename($PHP_SELF) == FILENAME_LOGIN . ".php")) {
$page = basename($PHP_SELF, ".php");
if (!isset($_SESSION['admin_id'])) {
if (!(basename($PHP_SELF) == FILENAME_PASSWORD_FORGOTTEN . '.php')) {
zen_redirect(zen_href_link(FILENAME_LOGIN, 'camefrom=' . basename($PHP_SELF) . '&' . zen_get_all_get_params(), 'SSL'));
}
}
if (!in_array($page, array(FILENAME_DEFAULT, FILENAME_ADMIN_ACCOUNT, FILENAME_LOGOFF, FILENAME_ALERT_PAGE, FILENAME_PASSWORD_FORGOTTEN, FILENAME_DENIED, FILENAME_ALT_NAV)) && !zen_is_superuser()) {
if (check_page($page, $_GET) == FALSE) {
zen_record_admin_activity('Attempted access to unauthorized page [' . $page . ']. Redirected to DENIED page instead.', 'notice');
zen_redirect(zen_href_link(FILENAME_DENIED, '', 'SSL'));
}
}
}
if (basename($PHP_SELF) == FILENAME_LOGIN . '.php' && (substr_count(dirname($PHP_SELF), '//') > 0 || substr_count(dirname($PHP_SELF), '.php') > 0)) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
}
$message .= !empty($coupon_name->fields['coupon_description']) ? $coupon_name->fields['coupon_description'] . "\n\n" : '';
$message .= sprintf(TEXT_VISIT, HTTP_CATALOG_SERVER . DIR_WS_CATALOG);
// disclaimer
$message .= "\n-----\n" . sprintf(EMAIL_DISCLAIMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n";
$html_msg['EMAIL_FIRST_NAME'] = $mail->fields['customers_firstname'];
$html_msg['EMAIL_LAST_NAME'] = $mail->fields['customers_lastname'];
$html_msg['EMAIL_MESSAGE_HTML'] = zen_db_prepare_input($_POST['message_html']);
$html_msg['COUPON_TEXT_TO_REDEEM'] = TEXT_TO_REDEEM;
$html_msg['COUPON_TEXT_VOUCHER_IS'] = TEXT_VOUCHER_IS;
$html_msg['COUPON_CODE'] = $coupon_result->fields['coupon_code'] . $html_coupon_help;
$html_msg['COUPON_DESCRIPTION'] = !empty($coupon_name->fields['coupon_description']) ? $coupon_name->fields['coupon_description'] : '';
$html_msg['COUPON_TEXT_REMEMBER'] = TEXT_REMEMBER;
$html_msg['COUPON_REDEEM_STORENAME_URL'] = sprintf(TEXT_VISIT, '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . '">' . STORE_NAME . '</a>');
//Send the emails
zen_mail($mail->fields['customers_firstname'] . ' ' . $mail->fields['customers_lastname'], $mail->fields['customers_email_address'], $subject, $message, '', $from, $html_msg, 'coupon');
zen_record_admin_activity('Coupon code ' . $coupon_result->fields['coupon-code'] . ' emailed to customer ' . $mail->fields['customers_email_address'], 'info');
$recip_count++;
// send copy to Admin if enabled
if (SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO_STATUS == '1' and SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO != '') {
zen_mail('', SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO, SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO_SUBJECT . ' ' . $subject, $message, '', $from, $html_msg, 'coupon_extra');
}
$mail->MoveNext();
}
zen_redirect(zen_href_link(FILENAME_COUPON_ADMIN, 'mail_sent_to=' . urlencode($mail_sent_to) . '&recip_count=' . $recip_count));
}
if ($_GET['action'] == 'preview_email' && !$_POST['customers_email_address']) {
$_GET['action'] = 'email';
$messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($_GET['mail_sent_to']) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to'] . '(' . $_GET['recip_count'] . ')'), 'success');
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
zen_db_perform(TABLE_PRODUCTS, $sql_data_array);
$products_id = zen_db_insert_id();
// reset products_price_sorter for searches etc.
zen_update_products_price_sorter($products_id);
$db->Execute("insert into " . TABLE_PRODUCTS_TO_CATEGORIES . "\n (products_id, categories_id)\n values ('" . (int) $products_id . "', '" . (int) $current_category_id . "')");
zen_record_admin_activity('New product ' . (int) $products_id . ' added via admin console.', 'info');
///////////////////////////////////////////////////////
//// INSERT PRODUCT-TYPE-SPECIFIC *INSERTS* HERE //////
//// *END OF PRODUCT-TYPE-SPECIFIC INSERTS* ////////
///////////////////////////////////////////////////////
} elseif ($action == 'update_product') {
$update_sql_data = array('products_last_modified' => 'now()', 'master_categories_id' => $_POST['master_category'] > 0 ? zen_db_prepare_input($_POST['master_category']) : zen_db_prepare_input($_POST['master_categories_id']));
$sql_data_array = array_merge($sql_data_array, $update_sql_data);
zen_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'");
zen_record_admin_activity('Updated product ' . (int) $products_id . ' via admin console.', 'info');
// reset products_price_sorter for searches etc.
zen_update_products_price_sorter((int) $products_id);
///////////////////////////////////////////////////////
//// INSERT PRODUCT-TYPE-SPECIFIC *UPDATES* HERE //////
//// *END OF PRODUCT-TYPE-SPECIFIC UPDATES* ////////
///////////////////////////////////////////////////////
}
$languages = zen_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('products_name' => zen_db_prepare_input($_POST['products_name'][$language_id]), 'products_description' => zen_db_prepare_input($_POST['products_description'][$language_id]), 'products_url' => zen_db_prepare_input($_POST['products_url'][$language_id]));
if ($action == 'insert_product') {
$insert_sql_data = array('products_id' => (int) $products_id, 'language_id' => (int) $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
zen_db_perform(TABLE_PRODUCTS_DESCRIPTION, $sql_data_array);
zen_record_admin_activity('Language entry updated for language code ' . $code, 'info');
zen_redirect(zen_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page'] . '&lID=' . $_GET['lID']));
break;
case 'deleteconfirm':
// demo active test
if (zen_admin_demo()) {
$_GET['action'] = '';
$messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
zen_redirect(zen_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page']));
}
$lID = zen_db_prepare_input($_POST['lID']);
$lng = $db->Execute("select languages_id\n from " . TABLE_LANGUAGES . "\n where code = '" . zen_db_input(DEFAULT_LANGUAGE) . "'");
if ($lng->fields['languages_id'] == $lID) {
$db->Execute("update " . TABLE_CONFIGURATION . "\n set configuration_value = ''\n where configuration_key = 'DEFAULT_LANGUAGE'");
}
zen_record_admin_activity('Language with ID ' . $lID . ' deleted.', 'info');
$db->Execute("delete from " . TABLE_CATEGORIES_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_PRODUCTS_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where language_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_MANUFACTURERS_INFO . " where languages_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_COUPONS_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_META_TAGS_PRODUCTS_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
$db->Execute("delete from " . TABLE_METATAGS_CATEGORIES_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
// if we just deleted our currently-selected language, need to switch to default lang:
$lng = $db->Execute("select languages_id from " . TABLE_LANGUAGES . " where code = '" . zen_db_input(DEFAULT_LANGUAGE) . "'");
if ((int) $_SESSION['languages_id'] == (int) $_POST['lID']) {
$_SESSION['languages_id'] = $lng->fields['languages_id'];
}
// Copy attributes to duplicate product
// moved above $products_id_from=zen_db_input($products_id);
$products_id_to = $dup_products_id;
$products_id = $dup_products_id;
if ($_POST['copy_attributes'] == 'copy_attributes_yes' and $_POST['copy_as'] == 'duplicate') {
// $products_id_to= $copy_to_products_id;
// $products_id_from = $pID;
// $copy_attributes_delete_first='1';
// $copy_attributes_duplicates_skipped='1';
// $copy_attributes_duplicates_overwrite='0';
if (DOWNLOAD_ENABLED == 'true') {
$copy_attributes_include_downloads = '1';
$copy_attributes_include_filename = '1';
} else {
$copy_attributes_include_downloads = '0';
$copy_attributes_include_filename = '0';
}
zen_copy_products_attributes($products_id_from, $products_id_to);
}
// EOF: Attributes Copy on non-linked
/////////////////////////////////////////////////////////////////////
// copy product discounts to duplicate
if ($_POST['copy_discounts'] == 'copy_discounts_yes') {
zen_copy_discounts_to_product($old_products_id, (int) $dup_products_id);
}
zen_record_admin_activity('Product ' . (int) $old_products_id . ' duplicated as product ' . (int) $dup_products_id . ' via admin console.', 'info');
}
// reset products_price_sorter for searches etc.
zen_update_products_price_sorter($products_id);
}
zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $categories_id . '&pID=' . $products_id . (isset($_GET['page']) ? '&page=' . $_GET['page'] : '')));
$message .= TEXT_REDEEM_GV_MESSAGE_THANKS . "\n" . STORE_OWNER . "\n\n" . HTTP_CATALOG_SERVER . DIR_WS_CATALOG;
$message .= TEXT_REDEEM_GV_MESSAGE_BODY;
$message .= TEXT_REDEEM_GV_MESSAGE_FOOTER;
$message .= "\n-----\n" . sprintf(EMAIL_DISCLAIMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n";
$html_msg['EMAIL_FIRST_NAME'] = $mail->fields['customers_firstname'];
$html_msg['EMAIL_LAST_NAME'] = $mail->fields['customers_lastname'];
$html_msg['GV_NOTICE_HEADER'] = TEXT_REDEEM_GV_MESSAGE_HEADER;
$html_msg['GV_NOTICE_RELEASED'] = TEXT_REDEEM_GV_MESSAGE_RELEASED;
$html_msg['GV_NOTICE_AMOUNT_REDEEM'] = sprintf(TEXT_REDEEM_GV_MESSAGE_AMOUNT, '<strong>' . $currencies->format($gv_amount) . '</strong>');
$html_msg['GV_NOTICE_VALUE'] = $currencies->format($gv_amount);
$html_msg['GV_NOTICE_THANKS'] = TEXT_REDEEM_GV_MESSAGE_THANKS;
$html_msg['TEXT_REDEEM_GV_MESSAGE_BODY'] = TEXT_REDEEM_GV_MESSAGE_BODY;
$html_msg['TEXT_REDEEM_GV_MESSAGE_FOOTER'] = TEXT_REDEEM_GV_MESSAGE_FOOTER;
//send the message
zen_mail($mail->fields['customers_firstname'] . ' ' . $mail->fields['customers_lastname'], $mail->fields['customers_email_address'], TEXT_REDEEM_GV_SUBJECT . TEXT_REDEEM_GV_SUBJECT_ORDER . $gv_resulta->fields['order_id'], $message, STORE_NAME, EMAIL_FROM, $html_msg, 'gv_queue');
zen_record_admin_activity('GV Queue entry released in the amount of ' . $gv_amount . ' for ' . $mail->fields['customers_email_address'], 'info');
$gv_amount = $gv_resulta->fields['amount'];
$gv_result = $db->Execute("select amount\r\n from " . TABLE_COUPON_GV_CUSTOMER . "\r\n where customer_id='" . $gv_resulta->fields['customer_id'] . "'");
$customer_gv = false;
$total_gv_amount = 0;
if ($gv_result->RecordCount() > 0) {
$total_gv_amount = $gv_result->fields['amount'];
$customer_gv = true;
}
$total_gv_amount = $total_gv_amount + $gv_amount;
if ($customer_gv) {
$db->Execute("update " . TABLE_COUPON_GV_CUSTOMER . "\r\n set amount='" . $total_gv_amount . "'\r\n where customer_id='" . $gv_resulta->fields['customer_id'] . "'");
} else {
$db->Execute("insert into " . TABLE_COUPON_GV_CUSTOMER . "\r\n (customer_id, amount)\r\n values ('" . $gv_resulta->fields['customer_id'] . "', '" . $total_gv_amount . "')");
}
$db->Execute("update " . TABLE_COUPON_GV_QUEUE . "\r\n set release_flag= 'Y'\r\n where unique_id='" . (int) $_POST['gid'] . "'");
// is out dated for browsers use radio only
$sql_data_array['products_image'] = zen_db_prepare_input($_POST['products_image']);
$new_image = 'true';
if ($_POST['image_delete'] == 1) {
$sql_data_array['products_image'] = '';
$new_image = 'false';
}
if ($action == 'insert_product') {
$insert_sql_data = array('products_date_added' => 'now()', 'master_categories_id' => (int) $current_category_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
zen_db_perform(TABLE_PRODUCTS, $sql_data_array);
$products_id = zen_db_insert_id();
// reset products_price_sorter for searches etc.
zen_update_products_price_sorter($products_id);
$db->Execute("insert into " . TABLE_PRODUCTS_TO_CATEGORIES . "\n (products_id, categories_id)\n values ('" . (int) $products_id . "', '" . (int) $current_category_id . "')");
zen_record_admin_activity('Product ' . (int) $products_id . ' ' . ($action == 'insert_product' ? 'added' : 'updated') . ' via admin console.', 'info');
///////////////////////////////////////////////////////
//// INSERT PRODUCT-TYPE-SPECIFIC *INSERTS* HERE //////
$tmp_value = zen_db_prepare_input($_POST['artists_id']);
$artists_id = !zen_not_null($tmp_value) || $tmp_value == '' || $tmp_value == 0 ? 0 : $tmp_value;
$tmp_value = zen_db_prepare_input($_POST['record_company_id']);
$record_company_id = !zen_not_null($tmp_value) || $tmp_value == '' || $tmp_value == 0 ? 0 : $tmp_value;
$tmp_value = zen_db_prepare_input($_POST['music_genre_id']);
$music_genre_id = !zen_not_null($tmp_value) || $tmp_value == '' || $tmp_value == 0 ? 0 : $tmp_value;
$sql_data_array = array('products_id' => (int) $products_id, 'artists_id' => (int) $artists_id, 'record_company_id' => (int) $record_company_id, 'music_genre_id' => (int) $music_genre_id);
zen_db_perform(TABLE_PRODUCT_MUSIC_EXTRA, $sql_data_array);
//// *END OF PRODUCT-TYPE-SPECIFIC INSERTS* ////////
///////////////////////////////////////////////////////
} elseif ($action == 'update_product') {
$update_sql_data = array('products_last_modified' => 'now()', 'master_categories_id' => $_POST['master_category'] > 0 ? zen_db_prepare_input($_POST['master_category']) : zen_db_prepare_input($_POST['master_categories_id']));
$sql_data_array = array_merge($sql_data_array, $update_sql_data);
$lID = zen_db_prepare_input($_GET['lID']);
$lng = $db->Execute("select code from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'");
$remove_language = true;
if ($lng->fields['code'] == DEFAULT_LANGUAGE) {
$remove_language = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_LANGUAGE, 'error');
}
break;
/* BOF Zen4All Language Status 5 of 11 */
/* BOF Zen4All Language Status 5 of 11 */
case 'setstatus':
$languages_id = zen_db_prepare_input($_GET['lID']);
if (isset($_POST['current_status']) && ($_POST['current_status'] == '0' || $_POST['current_status'] == '1')) {
$sql = "update " . TABLE_LANGUAGES . " set status='" . ($_POST['current_status'] == 0 ? 1 : 0) . "' where languages_id='" . (int) $languages_id . "'";
$db->Execute($sql);
zen_record_admin_activity('Language with ID number: ' . $languages_id . ' changed status to ' . ($_POST['current_status'] == 0 ? 1 : 0), 'info');
zen_redirect(zen_href_link(FILENAME_LANGUAGES, 'lID=' . (int) $languages_id . '&page=' . $_GET['page']));
}
$action = '';
break;
/* EOF Zen4All Language Status 5 of 11 */
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
function executeSql($lines, $database, $table_prefix = '')
{
if (version_compare(PHP_VERSION, 5.4, '>=') || !get_cfg_var('safe_mode')) {
@set_time_limit(1200);
}
global $db, $debug, $messageStack;
$sql_file = 'SQLPATCH';
$newline = '';
$saveline = '';
$ignored_count = 0;
$return_output = array();
$errors = array();
foreach ($lines as $line) {
if ($_GET['debug'] == 'ON') {
echo $line . '<br />';
}
$line = trim($line);
$line = str_replace('`', '', $line);
//remove backquotes
$line = $saveline . $line;
$keep_together = 1;
// count of number of lines to treat as a single command
// split the line into words ... starts at $param[0] and so on. Also remove the ';' from end of last param if exists
$param = explode(" ", substr($line, -1) == ';' ? substr($line, 0, strlen($line) - 1) : $line);
// The following command checks to see if we're asking for a block of commands to be run at once.
// Syntax: #NEXT_X_ROWS_AS_ONE_COMMAND:6 for running the next 6 commands together (commands denoted by a ;)
if (substr($line, 0, 28) == '#NEXT_X_ROWS_AS_ONE_COMMAND:') {
$keep_together = substr($line, 28);
}
if (substr($line, 0, 1) != '#' && substr($line, 0, 1) != '-' && $line != '') {
// if ($table_prefix != -1) {
//echo '*}'.$line.'<br>';
$line_upper = strtoupper($line);
switch (true) {
case substr($line_upper, 0, 21) == 'DROP TABLE IF EXISTS ':
// if (!$checkprivs = zen_check_database_privs('DROP')) return sprintf(REASON_NO_PRIVILEGES,'DROP');
$line = 'DROP TABLE IF EXISTS ' . $table_prefix . substr($line, 21);
break;
case substr($line_upper, 0, 11) == 'DROP TABLE ' && $param[2] != 'IF':
if (!($checkprivs = zen_check_database_privs('DROP'))) {
$result = sprintf(REASON_NO_PRIVILEGES, 'DROP');
}
if (!zen_table_exists($param[2]) || zen_not_null($result)) {
zen_write_to_upgrade_exceptions_table($line, zen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST, $param[2]), $sql_file);
$ignore_line = true;
$result = zen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST, $param[2]);
//duplicated here for on-screen error-reporting
break;
} else {
$line = 'DROP TABLE ' . $table_prefix . substr($line, 11);
}
break;
case substr($line_upper, 0, 13) == 'CREATE TABLE ':
// check to see if table exists
$table = strtoupper($param[2] . ' ' . $param[3] . ' ' . $param[4]) == 'IF NOT EXISTS' ? $param[5] : $param[2];
$result = zen_table_exists($table);
if ($result == true) {
zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_ALREADY_EXISTS, $table), $sql_file);
$ignore_line = true;
$result = sprintf(REASON_TABLE_ALREADY_EXISTS, $table);
//duplicated here for on-screen error-reporting
break;
} else {
$line = strtoupper($param[2] . ' ' . $param[3] . ' ' . $param[4]) == 'IF NOT EXISTS' ? 'CREATE TABLE IF NOT EXISTS ' . $table_prefix . substr($line, 27) : 'CREATE TABLE ' . $table_prefix . substr($line, 13);
}
break;
case substr($line_upper, 0, 15) == 'TRUNCATE TABLE ':
// check to see if TRUNCATE command may be safely executed
if (!($tbl_exists = zen_table_exists($param[2]))) {
$result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!' . $param[2];
zen_write_to_upgrade_exceptions_table($line, $result, $sql_file);
$ignore_line = true;
break;
} else {
$line = 'TRUNCATE TABLE ' . $table_prefix . substr($line, 15);
}
break;
case substr($line_upper, 0, 13) == 'REPLACE INTO ':
//check to see if table prefix is going to match
if (!($tbl_exists = zen_table_exists($param[2]))) {
$result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!';
}
// check to see if INSERT command may be safely executed for "configuration" or "product_type_layout" tables
if ($param[2] == 'configuration' && ($result = zen_check_config_key($line)) or $param[2] == 'product_type_layout' && ($result = zen_check_product_type_layout_key($line)) or !$tbl_exists) {
zen_write_to_upgrade_exceptions_table($line, $result, $sql_file);
$ignore_line = true;
break;
} else {
$line = 'REPLACE INTO ' . $table_prefix . substr($line, 13);
}
break;
case substr($line_upper, 0, 12) == 'INSERT INTO ':
//check to see if table prefix is going to match
if (!($tbl_exists = zen_table_exists($param[2]))) {
$result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!';
}
// check to see if INSERT command may be safely executed for "configuration" or "product_type_layout" tables
if ($param[2] == 'configuration' && ($result = zen_check_config_key($line)) or $param[2] == 'product_type_layout' && ($result = zen_check_product_type_layout_key($line)) or !$tbl_exists) {
zen_write_to_upgrade_exceptions_table($line, $result, $sql_file);
$ignore_line = true;
break;
} else {
$line = 'INSERT INTO ' . $table_prefix . substr($line, 12);
}
break;
case substr($line_upper, 0, 19) == 'INSERT IGNORE INTO ':
//check to see if table prefix is going to match
if (!($tbl_exists = zen_table_exists($param[3]))) {
$result = sprintf(REASON_TABLE_NOT_FOUND, $param[3]) . ' CHECK PREFIXES!';
zen_write_to_upgrade_exceptions_table($line, $result, $sql_file);
$ignore_line = true;
break;
} else {
$line = 'INSERT IGNORE INTO ' . $table_prefix . substr($line, 19);
}
break;
case substr($line_upper, 0, 12) == 'ALTER TABLE ':
// check to see if ALTER command may be safely executed
if ($result = zen_check_alter_command($param)) {
zen_write_to_upgrade_exceptions_table($line, $result, $sql_file);
$ignore_line = true;
break;
} else {
$line = 'ALTER TABLE ' . $table_prefix . substr($line, 12);
}
break;
case substr($line_upper, 0, 13) == 'RENAME TABLE ':
// RENAME TABLE command cannot be parsed to insert table prefixes, so skip if zen is using prefixes
if (zen_not_null(DB_PREFIX)) {
zen_write_to_upgrade_exceptions_table($line, 'RENAME TABLE command not supported by upgrader. Please use phpMyAdmin instead.', $sql_file);
$messageStack->add('RENAME TABLE command not supported by upgrader. Please use phpMyAdmin instead.', 'caution');
$ignore_line = true;
}
break;
case substr($line_upper, 0, 7) == 'UPDATE ':
//check to see if table prefix is going to match
if (!($tbl_exists = zen_table_exists($param[1]))) {
zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_NOT_FOUND, $param[1]) . ' CHECK PREFIXES!', $sql_file);
$result = sprintf(REASON_TABLE_NOT_FOUND, $param[1]) . ' CHECK PREFIXES!';
$ignore_line = true;
break;
} else {
$line = 'UPDATE ' . $table_prefix . substr($line, 7);
}
break;
case substr($line_upper, 0, 14) == 'UPDATE IGNORE ':
//check to see if table prefix is going to match
if (!($tbl_exists = zen_table_exists($param[2]))) {
zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!', $sql_file);
$result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!';
$ignore_line = true;
break;
} else {
$line = 'UPDATE IGNORE ' . $table_prefix . substr($line, 14);
}
break;
case substr($line_upper, 0, 12) == 'DELETE FROM ':
$line = 'DELETE FROM ' . $table_prefix . substr($line, 12);
break;
case substr($line_upper, 0, 11) == 'DROP INDEX ':
// check to see if DROP INDEX command may be safely executed
if ($result = zen_drop_index_command($param)) {
zen_write_to_upgrade_exceptions_table($line, $result, $sql_file);
$ignore_line = true;
break;
} else {
$line = 'DROP INDEX ' . $param[2] . ' ON ' . $table_prefix . $param[4];
}
break;
case substr($line_upper, 0, 13) == 'CREATE INDEX ' || strtoupper($param[0]) == 'CREATE' && strtoupper($param[2]) == 'INDEX':
// check to see if CREATE INDEX command may be safely executed
if ($result = zen_create_index_command($param)) {
zen_write_to_upgrade_exceptions_table($line, $result, $sql_file);
$ignore_line = true;
break;
} else {
if (strtoupper($param[1]) == 'INDEX') {
$line = trim('CREATE INDEX ' . $param[2] . ' ON ' . $table_prefix . implode(' ', array($param[4], $param[5], $param[6], $param[7], $param[8], $param[9], $param[10], $param[11], $param[12], $param[13]))) . ';';
// add the ';' back since it was removed from $param at start
} else {
$line = trim('CREATE ' . $param[1] . ' INDEX ' . $param[3] . ' ON ' . $table_prefix . implode(' ', array($param[5], $param[6], $param[7], $param[8], $param[9], $param[10], $param[11], $param[12], $param[13])));
// add the ';' back since it was removed from $param at start
}
}
break;
case substr($line_upper, 0, 7) == 'SELECT ' && substr_count($line, 'FROM ') > 0:
$line = str_replace('FROM ', 'FROM ' . $table_prefix, $line);
break;
case substr($line_upper, 0, 10) == 'LEFT JOIN ':
$line = 'LEFT JOIN ' . $table_prefix . substr($line, 10);
break;
case substr($line_upper, 0, 5) == 'FROM ':
if (substr_count($line, ',') > 0) {
// contains FROM and a comma, thus must parse for multiple tablenames
$tbl_list = explode(',', substr($line, 5));
$line = 'FROM ';
foreach ($tbl_list as $val) {
$line .= $table_prefix . trim($val) . ',';
// add prefix and comma
}
//end foreach
if (substr($line, -1) == ',') {
$line = substr($line, 0, strlen($line) - 1);
}
// remove trailing ','
} else {
//didn't have a comma, but starts with "FROM ", so insert table prefix
$line = str_replace('FROM ', 'FROM ' . $table_prefix, $line);
}
//endif substr_count(,)
break;
default:
break;
}
//end switch
// } // endif $table_prefix
$newline .= $line . ' ';
if (substr($line, -1) == ';') {
//found a semicolon, so treat it as a full command, incrementing counter of rows to process at once
if (substr($newline, -1) == ' ') {
$newline = substr($newline, 0, strlen($newline) - 1);
}
$lines_to_keep_together_counter++;
if ($lines_to_keep_together_counter == $keep_together) {
// if all grouped rows have been loaded, go to execute.
$complete_line = true;
$lines_to_keep_together_counter = 0;
} else {
$complete_line = false;
}
}
//endif found ';'
if ($complete_line) {
if ($debug == true) {
echo (!$ignore_line ? '<br />About to execute.' : 'Ignoring statement. This command WILL NOT be executed.') . '<br />Debug info:<br>$ line=' . $line . '<br>$ complete_line=' . $complete_line . '<br>$ keep_together=' . $keep_together . '<br>SQL=' . $newline . '<br><br>';
}
if (version_compare(PHP_VERSION, 5.4, '<') && @get_magic_quotes_runtime() > 0 && $keepslashes != true) {
$newline = stripslashes($newline);
}
if (trim(str_replace(';', '', $newline)) != '' && !$ignore_line) {
$output = $db->Execute($newline);
}
$results++;
$string .= $newline . '<br />';
$return_output[] = $output;
if (zen_not_null($result)) {
$errors[] = $result;
}
// reset var's
$newline = '';
$keep_together = 1;
$complete_line = false;
if ($ignore_line) {
$ignored_count++;
}
$ignore_line = false;
// show progress bar
global $zc_show_progress;
if ($zc_show_progress == 'yes') {
$counter++;
if ($counter / 5 == (int) ($counter / 5)) {
echo '~ ';
}
if ($counter > 200) {
echo '<br /><br />';
$counter = 0;
}
@ob_flush();
@flush();
}
}
//endif $complete_line
}
//endif ! # or -
}
// end foreach $lines
zen_record_admin_activity('Admin SQL Patch tool executed a query.', 'notice');
return array('queries' => $results, 'string' => $string, 'output' => $return_output, 'ignored' => $ignored_count, 'errors' => $errors);
}
zen_record_admin_activity($msg, 'warning');
zen_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER_EMAIL_ADDRESS, TEXT_EMAIL_SUBJECT_ADMIN_SETTINGS_CHANGED, $msg, STORE_NAME, EMAIL_FROM, array('EMAIL_MESSAGE_HTML' => $msg), 'admin_settings_changed');
$result = $module->install();
}
if ($result != 'failed') {
zen_redirect(zen_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class . '&action=edit', 'NONSSL'));
}
break;
case 'removeconfirm':
$file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
$class = basename($_POST['module']);
if (file_exists($module_directory . $class . $file_extension)) {
include $module_directory . $class . $file_extension;
$module = new $class();
$msg = sprintf(TEXT_EMAIL_MESSAGE_ADMIN_MODULE_REMOVED, preg_replace('/[^\\d\\w]/', '*', $_POST['module']), $admname);
zen_record_admin_activity($msg, 'warning');
zen_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER_EMAIL_ADDRESS, TEXT_EMAIL_SUBJECT_ADMIN_SETTINGS_CHANGED, $msg, STORE_NAME, EMAIL_FROM, array('EMAIL_MESSAGE_HTML' => $msg), 'admin_settings_changed');
$result = $module->remove();
}
zen_redirect(zen_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class, 'NONSSL'));
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
case 'update_orders_id':
global $db;
$new_orders_id = zen_db_prepare_input((int) $_POST['new_orders_id']);
$result = $db->Execute("select max(orders_id) as maxorder from " . TABLE_ORDERS);
$max_order1 = $result->fields['maxorder'];
$result = $db->Execute("select max(orders_id) as maxorder from " . TABLE_ORDERS_PRODUCTS);
$max_order2 = $result->fields['maxorder'];
if ($new_orders_id <= $max_order1 || $new_orders_id <= $max_order2) {
$new_orders_id = max($max_order1, $max_order2) + 1;
$messageStack->add_session(sprintf(TEXT_MSG_NEXT_ORDER_MAX, $new_orders_id), 'caution');
} elseif ($new_orders_id > 2000000000) {
$messageStack->add_session(TEXT_MSG_NEXT_ORDER_TOO_LARGE, 'error');
} else {
$db->Execute("ALTER TABLE " . TABLE_ORDERS . " AUTO_INCREMENT = " . $new_orders_id);
$messageStack->add_session(sprintf(TEXT_MSG_NEXT_ORDER, $new_orders_id), 'success');
zen_record_admin_activity('Store Manager executed [update next order id], set to ' . $new_orders_id, 'info');
}
zen_redirect(zen_href_link(FILENAME_STORE_MANAGER));
break;
}
// eof: action
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
?>
