/** * Admin Kernel * * @link http://www.oos-shop.de/ * @package Admin Kernel * @author r23 <*****@*****.**> * @copyright 2003 r23 * @version $Revision: 1.67 $ - changed by $Author: r23 $ on $Date: 2009/10/28 17:42:07 $ */ function oos_admin_check_login() { // Get database information $dbconn =& oosDBGetConn(); $oostable =& oosDBGetTables(); $aFilename = oos_get_filename(); if (!isset($_SESSION['login_id'])) { oos_redirect_admin(oos_href_link_admin($aFilename['login'], '', 'SSL')); } else { $filename = split('\\?', basename($_SERVER['PHP_SELF'])); $filename = $filename[0]; $page_key = array_search($filename, $aFilename); if ($filename != $aFilename['default'] && $filename != $aFilename['forbiden'] && $filename != $aFilename['logoff'] && $filename != $aFilename['admin_account'] && $filename != $aFilename['popup_image'] && $filename != $aFilename['packingslip'] && $filename != $aFilename['popup_image_product'] && $filename != $aFilename['popup_image_news'] && $filename != $aFilename['popup_subimage_product'] && $filename != $aFilename['invoice'] && $filename != $aFilename['edit_orders']) { $admin_filestable = $oostable['admin_files']; $query = "SELECT admin_files_name\n FROM {$admin_filestable}\n WHERE FIND_IN_SET( '" . $_SESSION['login_groups_id'] . "', admin_groups_id)\n AND admin_files_name = '" . $page_key . "'"; $result =& $dbconn->Execute($query); if (!$result->RecordCount()) { oos_redirect_admin(oos_href_link_admin($aFilename['forbiden'])); } } } }
</td> <td class="pageHeading" align="right"><?php echo oos_draw_separator('trans.gif', '1', HEADING_IMAGE_HEIGHT); ?> </td> <td class="pageHeading" align="right"><?php echo oos_draw_pull_down_menu('goto', $goto_array, $_SESSION['current_path'], 'onChange="this.form.submit();"'); ?> </td> </form></tr> </table></td> </tr> <?php if ($directory_writeable && $action == 'new_file' || $action == 'edit') { if (strstr($_GET['info'], '..')) { oos_redirect_admin(oos_href_link_admin($aFilename['file_manager'])); } if (!isset($file_writeable)) { $file_writeable = true; } $file_contents = ''; if ($action == 'new_file') { $filename_input_field = oos_draw_input_field('filename'); } elseif ($action == 'edit') { if ($file_array = file($_SESSION['current_path'] . '/' . $_GET['info'])) { $file_contents = htmlspecialchars(implode('', $file_array)); } $filename_input_field = $_GET['info'] . oos_draw_hidden_field('filename', $_GET['info']); } ?> <tr>
$dbconn->Execute("DELETE FROM {$manufacturers_infotable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') { $productstable = $oostable['products']; $products_result = $dbconn->Execute("SELECT products_id FROM {$productstable} WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); while ($products = $products_result->fields) { oos_remove_product($products['products_id']); // Move that ADOdb pointer! $products_result->MoveNext(); } // Close result set $products_result->Close(); } else { $productstable = $oostable['products']; $dbconn->Execute("UPDATE {$productstable} SET manufacturers_id = '' WHERE manufacturers_id = '" . oos_db_input($manufacturers_id) . "'"); } oos_redirect_admin(oos_href_link_admin($aFilename['manufacturers'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?> " cellspacing="1" cellpadding="1" class="columnLeft">
http://www.oscommerce.com Copyright (c) 2001 - 2003 osCommerce ---------------------------------------------------------------------- Released under the GNU General Public License ---------------------------------------------------------------------- */ define('OOS_VALID_MOD', 'yes'); require 'includes/oos_main.php'; if (!isset($_SESSION['login_id'])) { oos_redirect_admin(oos_href_link_admin($aFilename['login'], '', 'SSL')); } if ( !current_user_can('stats_low_stock') ) oos_redirect_admin(oos_href_link_admin($aFilename['forbiden'])); $no_js_general = true; require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft"> <?php require 'includes/oos_blocks.php'; ?> </table></td> <!-- body_text //--> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr>
switch ($action) { case 'delete': $error = ERROR_REMOVE_UNLOCKED_NEWSLETTER; break; case 'new': $error = ERROR_EDIT_UNLOCKED_NEWSLETTER; break; case 'send': $error = ERROR_SEND_UNLOCKED_NEWSLETTER; break; case 'confirm_send': $error = ERROR_SEND_UNLOCKED_NEWSLETTER; break; } $messageStack->add_session($error, 'error'); oos_redirect_admin(oos_href_link_admin($aFilename['newsletters'], 'page=' . $_GET['page'] . '&nID=' . $_GET['nID'])); } break; } } $no_js_general = true; require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH;
} if (isset($_REQUEST['page_type'])) { reset($_REQUEST['page_type']); foreach ($_REQUEST['page_type'] as $k => $id) { $sql = "INSERT INTO " . $oostable['block_to_page_type'] . "\n (block_id,\n page_type_id)\n VALUES (" . $dbconn->qstr($block_content_id) . ',' . $dbconn->qstr($id) . ")"; $dbconn->Execute($sql); } } oos_redirect_admin(oos_href_link_admin($aFilename['content_block'], 'page=' . $_GET['page'] . '&bID=' . $block_content_id)); break; case 'deleteconfirm': $block_content_id = oos_db_prepare_input($_GET['bID']); $dbconn->Execute("DELETE FROM " . $oostable['block'] . " WHERE block_id = '" . intval($block_content_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['block_info'] . " WHERE block_id = '" . intval($block_content_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['block_to_page_type'] . " WHERE block_id = '" . intval($block_content_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['content_block'], 'page=' . $_GET['page'])); break; } } $no_js_general = true; require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo block_WIDTH; ?> " valign="top"><table border="0" width="<?php echo block_WIDTH; ?>
$fp = fopen(OOS_FEEDS_EXPORT_PATH . $file_google, "w"); $fout = fwrite($fp, $output); fclose($fp); if (!$dryrun) { $result = ftp_file($ftp_server, $ftp_user_name, $ftp_password, OOS_FEEDS_EXPORT_PATH . $file_google, $ftp_directory, $ftp_destination_file); } $messageStack->add(SUCCESS_EXPORT_DATABASE_SAVED, 'success'); break; case 'deleteconfirm': if (strstr($_GET['file'], '..')) { oos_redirect_admin(oos_href_link_admin($aFilename['export_googlebase'])); } oos_remove(OOS_FEEDS_EXPORT_PATH . '/' . $_GET['file']); if (!$oos_remove_error) { $messageStack->add_session(SUCCESS_EXPORT_DELETED, 'success'); oos_redirect_admin(oos_href_link_admin($aFilename['export_googlebase'])); } break; } } // check if the backup directory exists $dir_ok = false; if (is_dir(oos_get_local_path(OOS_FEEDS_EXPORT_PATH))) { if (is_writeable(oos_get_local_path(OOS_FEEDS_EXPORT_PATH))) { $dir_ok = true; } else { $messageStack->add(ERROR_EXPORT_DIRECTORY_NOT_WRITEABLE, 'error'); } } else { $messageStack->add(ERROR_EXPORT_DIRECTORY_DOES_NOT_EXIST, 'error'); }
header('Content-disposition: attachment; filename=' . $_GET['file']); echo $buffer; exit; } } else { $messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error'); } break; case 'deleteconfirm': if (strstr($_GET['file'], '..')) { oos_redirect_admin(oos_href_link_admin($aFilename['export_stampit'])); } oos_remove(OOS_EXPORT_PATH . '/' . $_GET['file']); if (!$oos_remove_error) { $messageStack->add_session(SUCCESS_EXPORT_DELETED, 'success'); oos_redirect_admin(oos_href_link_admin($aFilename['export_stampit'])); } break; } } // check if the backup directory exists $dir_ok = false; if (is_dir(oos_get_local_path(OOS_EXPORT_PATH))) { if (is_writeable(oos_get_local_path(OOS_EXPORT_PATH))) { $dir_ok = true; } else { $messageStack->add(ERROR_EXPORT_DIRECTORY_NOT_WRITEABLE, 'error'); } } else { $messageStack->add(ERROR_EXPORT_DIRECTORY_DOES_NOT_EXIST, 'error'); }
if (isset($_SESSION['password_forgotten'])) { unset($_SESSION['password_forgotten']); } $_SESSION['login_id'] = $check_admin['login_id']; $_SESSION['login_groups_id'] = $check_admin['login_groups_id']; $_SESSION['login_first_name'] = $check_admin['login_firstname']; $login_email_address = $check_admin['login_email_address']; $login_logdate = $check_admin['login_logdate']; $login_lognum = $check_admin['login_lognum']; $login_modified = $check_admin['login_modified']; //$date_now = date('Ymd'); $dbconn->Execute("UPDATE " . $oostable['admin'] . "\n SET admin_logdate = '" . date("Y-m-d H:i:s", time()) . "', admin_lognum = admin_lognum+1\n WHERE admin_id = '" . $_SESSION['login_id'] . "'"); if ($login_lognum == 0 || !$login_logdate || $login_email_address == 'admin@localhost' || $login_modified == '0000-00-00 00:00:00') { oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'])); } else { oos_redirect_admin(oos_href_link_admin($aFilename['default'])); } } } } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>
} $currencies = new currencies(); // Delete Entry Begin if ($_GET['action'] == 'delete') { $customers_baskettable = $oostable['customers_basket']; $sql = "DELETE FROM $customers_baskettable WHERE customers_id = '" . (int)$_GET['customer_id'] . "'"; $dbconn->Execute($sql); $customers_basket_attributestable = $oostable['customers_basket_attributes']; $sql = "DELETE FROM $customers_basket_attributestable WHERE customers_id = '" . (int)$_GET['customer_id'] . "'"; $dbconn->Execute($sql); oos_redirect_admin(oos_href_link_admin($aFilename['recover_cart_sales'], 'delete=1&customer_id=' . (int)$_GET['customer_id'] . '&tdate=' . $_GET['tdate'])); } if ($_GET['delete']) { $messageStack->add(MESSAGE_STACK_CUSTOMER_ID . (int)$_GET['customer_id'] . MESSAGE_STACK_DELETE_SUCCESS, 'success'); } // Delete Entry End $tdate = ($_POST['tdate']?$_POST['tdate']:RCS_BASE_DAYS); require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top">
$configurationtable = $oostable['configuration']; $dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . intval($products_units_id) . "' WHERE configuration_key = 'DEFAULT_PRODUCTS_UNITS_ID'"); } oos_redirect_admin(oos_href_link_admin($aFilename['products_units'], 'page=' . $_GET['page'] . '&uID=' . $products_units_id)); break; case 'deleteconfirm': $uID = oos_db_prepare_input($_GET['uID']); $configurationtable = $oostable['configuration']; $products_units_result = $dbconn->Execute("SELECT configuration_value FROM {$configurationtable} WHERE configuration_key = 'DEFAULT_PRODUCTS_UNITS_ID'"); $products_units = $products_units_result->fields; if ($products_units['configuration_value'] == $uID) { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_PRODUCTS_UNITS_ID'"); } $products_unitstable = $oostable['products_units']; $dbconn->Execute("DELETE FROM {$products_unitstable} WHERE products_units_id = '" . intval($uID) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['products_units'], 'page=' . $_GET['page'])); break; case 'delete': $uID = oos_db_prepare_input($_GET['uID']); $productstable = $oostable['products']; $status_result = $dbconn->Execute("SELECT COUNT(*) AS total FROM {$productstable} WHERE products_units_id = '" . oos_db_input($uID) . "'"); $status = $status_result->fields; $remove_status = true; if ($uID == DEFAULT_PRODUCTS_UNITS_ID) { $remove_status = false; $messageStack->add(ERROR_REMOVE_DEFAULT_PRODUCTS_UNITS, 'error'); } elseif ($status['total'] > 0) { $remove_status = false; $messageStack->add(ERROR_STATUS_USED_IN_PRODUCTS, 'error'); } break;
if ($status == '1') { return $dbconn->Execute("UPDATE " . $oostable['manual_info'] . " SET status = '1', expires_date = NULL, manual_last_modified = '" . date("Y-m-d H:i:s", time()) . "', date_status_change ='" . date("Y-m-d H:i:s", time()) . "' WHERE man_info_id = '" . $man_info_id . "'"); } elseif ($status == '0') { return $dbconn->Execute("UPDATE " . $oostable['manual_info'] . " SET status = '0', man_key = '', man_key2 = '', manual_last_modified = '" . date("Y-m-d H:i:s", time()) . "' WHERE man_info_id = '" . $man_info_id . "'"); } else { return -1; } } $action = (isset($_GET['action']) ? $_GET['action'] : ''); if (!empty($action)) { switch ($action) { case 'setflag': oos_set_login_status($_GET['id'], $_GET['flag']); oos_redirect_admin(oos_href_link_admin($aFilename['manual_loging'], '', 'NONSSL')); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft"> <?php require 'includes/oos_blocks.php'; ?> </table></td> <!-- body_text //--> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr>
$check_email_query = "SELECT admin_email_address FROM " . $admintable . " WHERE admin_id <> " . $admin_id . ""; $check_email_result =& $dbconn->Execute($check_email_query); while ($check_email = $check_email_result->fields) { $stored_email[] = $check_email['admin_email_address']; // Move that ADOdb pointer! $check_email_result->MoveNext(); } // Close result set $check_email_result->Close(); if (in_array($_POST['admin_email_address'], $stored_email)) { oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'action=edit_process&error=email')); } else { $sql_data_array = array('admin_firstname' => oos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => oos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => oos_db_prepare_input($_POST['admin_email_address']), 'admin_password' => oos_encrypt_password(oos_db_prepare_input($_POST['admin_password'])), 'admin_modified' => '" . date("Y-m-d H:i:s", time()) . "'); oos_db_perform($oostable['admin'], $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\''); //oos_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], OOS_HTTP_SERVER . OOS_SHOP . 'admin/', $_POST['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'page=' . $_GET['page'] . '&mID=' . $admin_id)); } break; } } require 'includes/oos_header.php'; require 'includes/account_check.js.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH;
if ($information_id > 5) { if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') { $informationtable = $oostable['information']; $informations_result = $dbconn->Execute("SELECT information_image FROM {$informationtable} WHERE information_id = '" . oos_db_input($information_id) . "'"); $informations = $informations_result->fields; $image_location = OOS_ABSOLUTE_PATH . OOS_IMAGES . $informations['information_image']; if (file_exists($image_location)) { @unlink($image_location); } } $informationtable = $oostable['information']; $dbconn->Execute("DELETE FROM {$informationtable} WHERE information_id = '" . oos_db_input($information_id) . "'"); $information_descriptiontable = $oostable['information_description']; $dbconn->Execute("DELETE FROM {$information_descriptiontable} WHERE information_id = '" . oos_db_input($information_id) . "'"); } oos_redirect_admin(oos_href_link_admin($aFilename['information'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?> " cellspacing="1" cellpadding="1" class="columnLeft">
$dbconn->Execute("DELETE FROM " . $oostable['reviews'] . " WHERE customers_id = '" . intval($customers_id) . "'"); } else { $dbconn->Execute("UPDATE " . $oostable['reviews'] . " SET customers_id = null WHERE customers_id = '" . intval($customers_id) . "'"); } $dbconn->Execute("DELETE FROM " . $oostable['address_book'] . " WHERE customers_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers'] . " WHERE customers_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_info'] . " WHERE customers_info_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_basket'] . " WHERE customers_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_basket_attributes'] . " WHERE customers_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist'] . " WHERE customers_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_wishlist_attributes'] . " WHERE customers_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['customers_status_history'] . " WHERE customers_id = '" . intval($customers_id) . "'"); $dbconn->Execute("DELETE FROM " . $oostable['whos_online'] . " WHERE customer_id = '" . intval($customers_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['customers'], oos_get_all_get_params(array('cID', 'action')))); break; } } require 'includes/oos_header.php'; if ($action == 'edit') { ?> <script language="javascript"><!-- function resetStateText(theForm) { theForm.entry_state.value = ''; if (theForm.entry_zone_id.options.length > 1) { theForm.entry_state.value = '<?php echo JS_STATE_SELECT; ?>'; } }
case 'insert': $tax_ratestable = $oostable['tax_rates']; $dbconn->Execute("INSERT INTO {$tax_ratestable} (tax_zone_id, tax_class_id, tax_rate, tax_description, date_added) VALUES ('" . oos_db_input($tax_zone_id) . "', '" . oos_db_input($tax_class_id) . "', '" . oos_db_input($tax_rate) . "', '" . oos_db_input($tax_description) . "', now())"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'])); break; case 'save': $tax_rates_id = oos_db_prepare_input($_GET['tID']); $tax_ratestable = $oostable['tax_rates']; $dbconn->Execute("UPDATE {$tax_ratestable} SET tax_rates_id = '" . oos_db_input($tax_rates_id) . "', tax_zone_id = '" . oos_db_input($tax_zone_id) . "', tax_class_id = '" . oos_db_input($tax_class_id) . "', tax_rate = '" . oos_db_input($tax_rate) . "', tax_description = '" . oos_db_input($tax_description) . "', tax_priority = '" . oos_db_input($tax_priority) . "', last_modified = now() WHERE tax_rates_id = '" . oos_db_input($tax_rates_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'], 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id)); break; case 'deleteconfirm': $tax_rates_id = oos_db_prepare_input($_GET['tID']); $tax_ratestable = $oostable['tax_rates']; $dbconn->Execute("DELETE FROM {$tax_ratestable} WHERE tax_rates_id = '" . oos_db_input($tax_rates_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['tax_rates'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?> " cellspacing="1" cellpadding="1" class="columnLeft">
if (oos_empty($_GET['categories'])) { $categories = $current_category_id; } $languages = oos_get_languages(); for ($i = 0, $n = count($languages); $i < $n; $i++) { $lang_id = $languages[$i]['id']; $sql_data_array = array('products_name' => oos_db_prepare_input($_POST['products_name'][$lang_id]), 'products_description' => oos_db_prepare_input($_POST['products_description_' . $languages[$i]['id']]), 'products_description_meta' => oos_db_prepare_input($_POST['products_description_meta_' . $languages[$i]['id']]), 'products_keywords_meta' => oos_db_prepare_input($_POST['products_keywords_meta_' . $languages[$i]['id']]), 'products_url' => oos_db_prepare_input($_POST['products_url'][$lang_id])); if ($action == 'insert_product') { $insert_sql_data = array('products_id' => $products_id, 'products_languages_id' => $lang_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); oos_db_perform($oostable['products_description'], $sql_data_array); } elseif ($action == 'update_product') { oos_db_perform($oostable['products_description'], $sql_data_array, 'update', 'products_id = \'' . oos_db_input($products_id) . '\' and products_languages_id = \'' . $lang_id . '\''); } } oos_redirect_admin(oos_href_link_admin($aFilename['categories'], 'categories=' . $categories . '&pID=' . $products_id)); } break; } } // check if the catalog image directory exists if (is_dir(OOS_ABSOLUTE_PATH . OOS_IMAGES)) { if (!is_writeable(OOS_ABSOLUTE_PATH . OOS_IMAGES)) { $messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_NOT_WRITEABLE, 'error'); } } else { $messageStack->add(ERROR_CATALOG_IMAGE_DIRECTORY_DOES_NOT_EXIST, 'error'); } $no_js_general = true; require 'includes/oos_header.php'; ?>
$RunningTax += $order->products[$i]['tax'] / 100 * ($order->products[$i]['qty'] * $order->products[$i]['final_price']); } // Tax $Query = "update " . $oostable['orders_total'] . " set\n text = '\$" . number_format($RunningTax, 2, '.', ',') . "',\n value = '" . $RunningTax . "'\n WHERE class='ot_tax' and orders_id={$oID}"; $dbconn->Execute($Query); // Sub-Total $Query = "update " . $oostable['orders_total'] . " set\n text = '\$" . number_format($RunningSubTotal, 2, '.', ',') . "',\n value = '" . $RunningSubTotal . "'\n WHERE class='ot_subtotal' and orders_id={$oID}"; $dbconn->Execute($Query); // Total $Query = "select sum(value) as total_value from " . $oostable['orders_total'] . " WHERE class != 'ot_total' and orders_id={$oID}"; $result = $dbconn->Execute($Query); $row = $result->fields; $Total = $row["total_value"]; $Query = "update " . $oostable['orders_total'] . " set\n text = '<b>\$" . number_format($Total, 2, '.', ',') . "</b>',\n value = '" . $Total . "'\n WHERE class='ot_total' and orders_id={$oID}"; $dbconn->Execute($Query); oos_redirect_admin(oos_href_link_admin("edit_orders.php", oos_get_all_get_params(array('action')) . 'action=edit')); } break; } } if ($action == 'edit' && isset($_GET['oID'])) { $oID = oos_db_prepare_input($_GET['oID']); $orders_result = $dbconn->Execute("SELECT orders_id FROM " . $oostable['orders'] . " WHERE orders_id = '" . (int) $oID . "'"); $order_exists = true; if (!$orders_result->RecordCount()) { $order_exists = false; $messageStack->add(sprintf(ERROR_ORDER_DOES_NOT_EXIST, $oID), 'error'); } } require 'includes/oos_header.php'; ?>
switch ($action) { case 'update': $reviews_id = oos_db_prepare_input($_GET['rID']); $reviewstable = $oostable['reviews']; $dbconn->Execute("UPDATE {$reviewstable} SET reviews_rating = '" . oos_db_input($reviews_rating) . "', last_modified = now() WHERE reviews_id = '" . oos_db_input($reviews_id) . "'"); $reviews_descriptiontable = $oostable['reviews_description']; $dbconn->Execute("UPDATE {$reviews_descriptiontable} SET reviews_text = '" . oos_db_input($reviews_text) . "' WHERE reviews_id = '" . oos_db_input($reviews_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['reviews'], 'page=' . $_GET['page'] . '&rID=' . $reviews_id)); break; case 'deleteconfirm': $reviews_id = oos_db_prepare_input($_GET['rID']); $reviewstable = $oostable['reviews']; $dbconn->Execute("DELETE FROM {$reviewstable} WHERE reviews_id = '" . oos_db_input($reviews_id) . "'"); $reviews_descriptiontable = $oostable['reviews_description']; $dbconn->Execute("DELETE FROM {$reviews_descriptiontable} WHERE reviews_id = '" . oos_db_input($reviews_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['reviews'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?> " cellspacing="1" cellpadding="1" class="columnLeft">
$expires_date = $_POST['year']; $expires_date .= (strlen($_POST['month']) == 1) ? '0' . $_POST['month'] : $_POST['month']; $expires_date .= (strlen($_POST['day']) == 1) ? '0' . $_POST['day'] : $_POST['day']; } $dbconn->Execute("UPDATE " . $oostable['specials'] . " SET specials_new_products_price = '" . $_POST['specials_price'] . "', specials_last_modified = now(), expires_date = '" . $expires_date . "' WHERE specials_id = '" . $_POST['specials_id'] . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['specials'], 'page=' . $_GET['page'] . '&sID=' . $specials_id)); break; case 'deleteconfirm': $specials_id = oos_db_prepare_input($_GET['sID']); $specialstable = $oostable['specials']; $dbconn->Execute("DELETE FROM $specialstable WHERE specials_id = '" . oos_db_input($specials_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['specials'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; if ( ($action == 'new') || ($action == 'edit') ) { ?> <link rel="stylesheet" type="text/css" href="includes/javascript/calendar.css"> <script language="JavaScript" src="includes/javascript/calendarcode.js"></script> <?php } ?> <div id="popupcalendar" class="text"></div> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2">
oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page'] . '&oID=' . $ticket_reply_id)); break; case 'deleteconfirm': $oID = oos_db_prepare_input($_GET['oID']); $configurationtable = $oostable['configuration']; $ticket_reply_result = $dbconn->Execute("SELECT configuration_value FROM $configurationtable WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'"); $ticket_reply = $ticket_reply_result->fields; if ($ticket_reply['configuration_value'] == $oID) { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'TICKET_DEFAULT_REPLY_ID'"); } $dbconn->Execute("DELETE FROM " . $oostable['ticket_reply'] . " WHERE ticket_reply_id = '" . oos_db_input($oID) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['ticket_reply'], 'page=' . $_GET['page'])); break; } } require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft"> <?php require 'includes/oos_blocks.php'; ?> </table></td> <!-- body_text //--> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
if (isset($_POST['default']) && $_POST['default'] == 'on') { $configurationtable = $oostable['configuration']; $dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . oos_db_input($ticket_department_id) . "' WHERE configuration_key = 'TICKET_DEFAULT_DEPARTMENT_ID'"); } oos_redirect_admin(oos_href_link_admin($aFilename['ticket_department'], 'page=' . $_GET['page'] . '&oID=' . $ticket_department_id)); break; case 'deleteconfirm': $oID = oos_db_prepare_input($_GET['oID']); $configurationtable = $oostable['configuration']; $ticket_department_result = $dbconn->Execute("SELECT configuration_value FROM {$configurationtable} WHERE configuration_key = 'TICKET_DEFAULT_DEPARTMENT_ID'"); $ticket_department = $ticket_department_result->fields; if ($ticket_department['configuration_value'] == $oID) { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'TICKET_DEFAULT_DEPARTMENT_ID'"); } $dbconn->Execute("DELETE FROM " . $oostable['ticket_department'] . " WHERE ticket_department_id = '" . oos_db_input($oID) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['ticket_department'], 'page=' . $_GET['page'])); break; case 'delete': $oID = oos_db_prepare_input($_GET['oID']); $ticket_tickettable = $oostable['ticket_ticket']; $department_result = $dbconn->Execute("SELECT count(*) as count FROM {$ticket_tickettable} WHERE ticket_department_id = '" . oos_db_input($oID) . "'"); $department = $department_result->fields; $remove_department = true; if ($oID == TICKET_DEFAULT_DEPARTMENT_ID) { $remove_department = false; $messageStack->add(ERROR_REMOVE_DEFAULT_TEXT_DEPARTMENT, 'error'); } elseif ($department['count'] > 0) { $remove_department = false; $messageStack->add(ERROR_DEPARTMENT_USED_IN_TICKET, 'error'); } else { $ticket_status_historytable = $oostable['ticket_status_history'];
for ($i = 0, $n = count($languages); $i < $n; $i++) { $lang_id = $languages[$i]['id']; $update = $dbconn->Execute("UPDATE " . $oostable['coupons_description'] . " SET coupon_name = '" . oos_db_prepare_input($_POST['coupon_name'][$lang_id]) . "', coupon_description = '" . oos_db_prepare_input($_POST['coupon_desc'][$lang_id]) . "' WHERE coupon_id = '" . intval($coupon_id) . "' and coupon_languages_id = '" . intval($lang_id) . "'"); } } else { $query = oos_db_perform($oostable['coupons'], $sql_data_array); $coupon_id = $dbconn->Insert_ID(); for ($i = 0, $n = count($languages); $i < $n; $i++) { $lang_id = $languages[$i]['id']; $sql_data_marray[$i]['coupon_id'] = $coupon_id; $sql_data_marray[$i]['coupon_languages_id'] = $lang_id; oos_db_perform($oostable['coupons_description'], $sql_data_marray[$i]); } } } oos_redirect_admin(oos_href_link_admin($aFilename['coupon_admin'], 'page=' . $_GET['page'] . '&cID=' . $coupon_id)); } } require 'includes/oos_header.php'; ?> <link rel="stylesheet" type="text/css" href="includes/javascript/spiffyCal/spiffyCal_v2_1.css"> <script language="JavaScript" src="includes/javascript/spiffyCal/spiffyCal_v2_1.js"></script> <script language="javascript"> var dateAvailable = new ctlSpiffyCalendarBox("dateAvailable", "new_product", "products_date_available","btnDate1","<?php echo $pInfo->products_date_available; ?> ",scBTNMODE_CUSTOMBLUE); </script> <div id="spiffycalendar" class="text"></div> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2">
} } if (isset($array_position)) { array_splice($installed, $array_position, 0, $sInstance); } else { $installed[] = $sInstance; } } } else { $installed[] = $sInstance; } $configurationtable = $oostable['configuration']; $dbconn->Execute("UPDATE {$configurationtable} SET configuration_value = '" . implode(';', $installed) . "' WHERE configuration_key = 'MODULE_PLUGIN_EVENT_INSTALLED'"); } } oos_redirect_admin(oos_href_link_admin($aFilename['plugins'], 'plugin=' . $_GET['plugin'])); break; } } $sLocaleDir = OOS_ABSOLUTE_PATH . 'includes/plugins/'; $aDirectory = array(); if (is_dir($sLocaleDir)) { if ($dh = opendir($sLocaleDir)) { while (($file = readdir($dh)) !== false) { if ($file == '.' || $file == '..' || $file == '.svn' || $file == 'default' || filetype($sLocaleDir . $file) == 'file') { continue; } if (filetype(realpath($sLocaleDir . $file)) == 'dir') { $aDirectory[] = $file; } }
} } $send_mail->Subject = $subject; $send_mail->Body = $message; $send_mail->AddAddress($_POST['email_to'], 'Friend'); $send_mail->Send(); $send_mail->ClearAddresses(); $send_mail->ClearAttachments(); // Now create the coupon email entry $couponstable = $oostable['coupons']; $insert_result = $dbconn->Execute("INSERT INTO {$couponstable} (coupon_code, coupon_type, coupon_amount, date_created) VALUES ('" . $id1 . "', 'G', '" . $_POST['amount'] . "', '" . date("Y-m-d H:i:s", time()) . "')"); $insert_id = $dbconn->Insert_ID(); $coupon_email_tracktable = $oostable['coupon_email_track']; $insert_result = $dbconn->Execute("INSERT INTO {$coupon_email_tracktable} (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) VALUES ('" . $insert_id . "', '0', 'Admin', '" . $_POST['email_to'] . "', '" . date("Y-m-d H:i:s", time()) . "' )"); } oos_redirect_admin(oos_href_link_admin($aFilename['gv_mail'], 'mail_sent_to=' . urlencode($mail_sent_to))); } if ($action == 'preview' && !$_POST['customers_email_address'] && !$_POST['email_to']) { $messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error'); } if ($action == 'preview' && !$_POST['amount']) { $messageStack->add(ERROR_NO_AMOUNT_SELECTED, 'error'); } if (isset($_GET['mail_sent_to'])) { $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice'); } $no_js_general = true; require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2">
case 'update': $expires_date = ''; if ($_POST['day'] && $_POST['month'] && $_POST['year']) { $expires_date = $_POST['year']; $expires_date .= strlen($_POST['month']) == 1 ? '0' . $_POST['month'] : $_POST['month']; $expires_date .= strlen($_POST['day']) == 1 ? '0' . $_POST['day'] : $_POST['day']; } $featuredtable = $oostable['featured']; $dbconn->Execute("UPDATE {$featuredtable} SET featured_last_modified = '" . date("Y-m-d H:i:s", time()) . "', expires_date = '" . $expires_date . "' WHERE featured_id = '" . $_POST['featured_id'] . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['featured'], 'page=' . $_GET['page'] . '&fID=' . $featured_id)); break; case 'deleteconfirm': $featured_id = oos_db_prepare_input($_GET['fID']); $featuredtable = $oostable['featured']; $dbconn->Execute("DELETE FROM {$featuredtable} WHERE featured_id = '" . oos_db_input($featured_id) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['featured'], 'page=' . $_GET['page'])); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?> "> <title><?php
case 'update': $currency_result = $dbconn->Execute("SELECT currencies_id, code FROM " . $oostable['currencies']); while ($currency = $currency_result->fields) { $quote_function = 'quote_' . CURRENCY_SERVER_PRIMARY . '_currency'; $rate = $quote_function($currency['code']); if (empty($rate) && oos_is_not_null(CURRENCY_SERVER_BACKUP)) { $quote_function = 'quote_' . CURRENCY_SERVER_BACKUP . '_currency'; $rate = $quote_function($currency['code']); } if (oos_is_not_null($rate)) { $dbconn->Execute("UPDATE " . $oostable['currencies'] . " SET value = '" . $rate . "', last_updated = '" . date("Y-m-d H:i:s", time()) . "' WHERE currencies_id = '" . $currency['currencies_id'] . "'"); } // Move that ADOdb pointer! $currency_result->MoveNext(); } oos_redirect_admin(oos_href_link_admin($aFilename['currencies'], 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); break; case 'delete': $currencies_id = oos_db_prepare_input($_GET['cID']); $currency_result = $dbconn->Execute("SELECT code FROM " . $oostable['currencies'] . " WHERE currencies_id = '" . oos_db_input($currencies_id) . "'"); $currency = $currency_result->fields; $remove_currency = true; if ($currency['code'] == DEFAULT_CURRENCY) { $remove_currency = false; $messageStack->add(ERROR_REMOVE_DEFAULT_CURRENCY, 'error'); } break; } } require 'includes/oos_header.php'; ?>
} // Changes by Guido END if (isset($_POST['default']) && $_POST['default'] == 'on') { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '" . oos_db_input($customers_status_id) . "' WHERE configuration_key = 'DEFAULT_CUSTOMERS_STATUS_ID'"); } oos_redirect_admin(oos_href_link_admin($aFilename['customers_status'], 'page=' . $_GET['page'] . '&cID=' . $customers_status_id)); break; case 'deleteconfirm': $cID = oos_db_prepare_input($_GET['cID']); $customers_status_result = $dbconn->Execute("SELECT configuration_value FROM " . $oostable['configuration'] . " WHERE configuration_key = 'DEFAULT_CUSTOMERS_STATUS_ID'"); $customers_status = $customers_status_result->fields; if ($customers_status['configuration_value'] == $cID) { $dbconn->Execute("UPDATE " . $oostable['configuration'] . " SET configuration_value = '' WHERE configuration_key = 'DEFAULT_CUSTOMERS_STATUS_ID'"); } $dbconn->Execute("DELETE FROM " . $oostable['customers_status'] . " WHERE customers_status_id = '" . oos_db_input($cID) . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['customers_status'], 'page=' . $_GET['page'])); break; case 'delete': $cID = oos_db_prepare_input($_GET['cID']); $status_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers'] . " WHERE customers_status = '" . oos_db_input($cID) . "'"); $status = $status_result->fields; $remove_status = true; if ($cID == DEFAULT_CUSTOMERS_STATUS_ID || $cID == DEFAULT_CUSTOMERS_STATUS_ID_GUEST || $cID == DEFAULT_CUSTOMERS_STATUS_ID_NEWSLETTER) { $remove_status = false; $messageStack->add(ERROR_REMOVE_DEFAULT_CUSTOMERS_STATUS, 'error'); } elseif ($status['count'] > 0) { $remove_status = false; $messageStack->add(ERROR_STATUS_USED_IN_CUSTOMERS, 'error'); } else { $history_result = $dbconn->Execute("SELECT COUNT(*) AS count FROM " . $oostable['customers_status_history'] . " WHERE '" . oos_db_input($cID) . "' in (new_value, old_value)"); $history = $history_result->fields;
oos_redirect_admin(oos_href_link_admin($aFilename['modules'], 'set=' . $_GET['set'] . '&module=' . $_GET['module'])); break; case 'install': case 'remove': $file_extension = substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '.')); $class = basename($_GET['module']); if (file_exists($module_directory . $class . $file_extension)) { include $module_directory . $class . $file_extension; $module = new $class(); if ($action == 'install') { $module->install(); } elseif ($action == 'remove') { $module->remove(); } } oos_redirect_admin(oos_href_link_admin($aFilename['modules'], 'set=' . $_GET['set'] . '&module=' . $class)); break; } } $no_js_general = true; require 'includes/oos_header.php'; ?> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?> " valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>
$products_attributes_downloadtable = $oostable['products_attributes_download']; $dbconn->Execute("UPDATE $products_attributes_downloadtable SET products_attributes_filename='" . $_POST['products_attributes_filename'] . "', products_attributes_maxdays='" . $_POST['products_attributes_maxdays'] . "', products_attributes_maxcount='" . $_POST['products_attributes_maxcount'] . "' WHERE products_attributes_id = '" . $_POST['attribute_id'] . "'"); } oos_redirect_admin(oos_href_link_admin($aFilename['products_edit_attributes'], $page_info)); break; case 'delete_attribute': $products_attributestable = $oostable['products_attributes']; $dbconn->Execute("DELETE FROM $products_attributestable WHERE products_attributes_id = '" . $_GET['attribute_id'] . "'"); $products_attributes_downloadtable = $oostable['products_attributes_download']; $dbconn->Execute("DELETE FROM $products_attributes_downloadtable WHERE products_attributes_id = '" . $_GET['attribute_id'] . "'"); oos_redirect_admin(oos_href_link_admin($aFilename['products_edit_attributes'], $page_info)); break; } } $products_options_types_list = array(); $products_options_typestable = $oostable['products_options_types']; $products_options_types_sql = "SELECT products_options_types_id, products_options_types_name FROM $products_options_typestable WHERE products_options_types_languages_id = '" . intval($_SESSION['language_id']) . "' ORDER BY products_options_types_id"; $products_options_types_result = $dbconn->Execute($products_options_types_sql); while ($products_options_type_array = $products_options_types_result->fields) { $products_options_types_list[$products_options_type_array['products_options_types_id']] = $products_options_type_array['products_options_types_name'];