function objectInfo($object_array) { reset($object_array); while (list($key, $value) = each($object_array)) { $this->{$key} = vam_db_prepare_input($value); } }
function vam_db_prepare_input($string) { if (is_string($string)) { return trim(stripslashes($string)); } elseif (is_array($string)) { reset($string); while (list($key, $value) = each($string)) { $string[$key] = vam_db_prepare_input($value); } return $string; } else { return $string; } }
function vam_get_categories($categories_array = '', $parent_id = '0', $indent = '') { $parent_id = vam_db_prepare_input($parent_id); if (!is_array($categories_array)) { $categories_array = array(); } $categories_query = "select\n c.categories_id,\n cd.categories_name\n from " . TABLE_CATEGORIES . " c,\n " . TABLE_CATEGORIES_DESCRIPTION . " cd\n where parent_id = '" . vam_db_input($parent_id) . "'\n and c.categories_id = cd.categories_id\n and c.categories_status != 0\n and cd.language_id = '" . $_SESSION['languages_id'] . "'\n order by sort_order, cd.categories_name"; $categories_query = vamDBquery($categories_query); while ($categories = vam_db_fetch_array($categories_query, true)) { $categories_array[] = array('id' => $categories['categories_id'], 'text' => $indent . $categories['categories_name']); if ($categories['categories_id'] != $parent_id) { $categories_array = vam_get_categories($categories_array, $categories['categories_id'], $indent . ' '); } } return $categories_array; }
function vam_address_summary($customers_id, $address_id) { $customers_id = vam_db_prepare_input($customers_id); $address_id = vam_db_prepare_input($address_id); $address_query = vam_db_query("select ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_state, ab.entry_country_id, ab.entry_zone_id, c.countries_name, c.address_format_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_COUNTRIES . " c where ab.address_book_id = '" . vam_db_input($address_id) . "' and ab.customers_id = '" . vam_db_input($customers_id) . "' and ab.entry_country_id = c.countries_id"); $address = vam_db_fetch_array($address_query); $street_address = $address['entry_street_address']; $suburb = $address['entry_suburb']; $postcode = $address['entry_postcode']; $city = $address['entry_city']; $state = vam_get_zone_name($address['entry_country_id'], $address['entry_zone_id'], $address['entry_state']); $country = $address['countries_name']; $address_format_query = vam_db_query("select address_summary from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . $address['address_format_id'] . "'"); $address_format = vam_db_fetch_array($address_format_query); // eval("\$address = \"{$address_format['address_summary']}\";"); $address_summary = $address_format['address_summary']; eval("\$address = \"{$address_summary}\";"); return $address; }
function query($order_id) { $order_id = vam_db_prepare_input($order_id); $order_query = vam_db_query("SELECT\n *\n FROM " . TABLE_ORDERS . " WHERE\n orders_id = '" . vam_db_input($order_id) . "'"); $order = vam_db_fetch_array($order_query); $totals_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_TOTAL . " where orders_id = '" . vam_db_input($order_id) . "' order by sort_order"); while ($totals = vam_db_fetch_array($totals_query)) { $this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'value' => $totals['value']); } $order_total_query = vam_db_query("select text,value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_total'"); $order_total = vam_db_fetch_array($order_total_query); $shipping_method_query = vam_db_query("select title from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_shipping'"); $shipping_method = vam_db_fetch_array($shipping_method_query); $order_status_query = vam_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . $_SESSION['languages_id'] . "'"); $order_status = vam_db_fetch_array($order_status_query); $this->info = array('currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'cc_start' => $order['cc_start'], 'cc_issue' => $order['cc_issue'], 'cc_cvv' => $order['cc_cvv'], 'date_purchased' => $order['date_purchased'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total['text']), 'total_value' => $order_total['value'], 'shipping_method' => substr($shipping_method['title'], -1) == ':' ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title']), 'comments' => $order['comments']); $this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'firstname' => $order['customers_firstname'], 'secondname' => $order['customers_secondname'], 'lastname' => $order['customers_lastname'], 'csID' => $order['customers_cid'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']); $this->delivery = array('name' => $order['delivery_name'], 'firstname' => $order['delivery_firstname'], 'secondname' => $order['delivery_secondname'], 'lastname' => $order['delivery_lastname'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']); if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { $this->delivery = false; } $this->billing = array('name' => $order['billing_name'], 'firstname' => $order['billing_firstname'], 'secondname' => $order['billing_secondname'], 'lastname' => $order['billing_lastname'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']); $index = 0; $orders_products_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS . " WHERE orders_id = '" . vam_db_input($order_id) . "'"); while ($orders_products = vam_db_fetch_array($orders_products_query)) { $this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'shipping_time' => $orders_products['products_shipping_time'], 'final_price' => $orders_products['final_price']); $subindex = 0; $attributes_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . vam_db_input($order_id) . "' and orders_products_id = '" . $orders_products['orders_products_id'] . "'"); if (vam_db_num_rows($attributes_query)) { while ($attributes = vam_db_fetch_array($attributes_query)) { $this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']); $subindex++; } } $this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1'; $index++; } }
Copyright (c) 2007 VaM Shop -------------------------------------------------------------- based on: (c) 2000-2001 The Exchange Project (earlier name of osCommerce) (c) 2002-2003 osCommerce(popup_image.php,v 1.6 2002/05/20); www.oscommerce.com (c) 2003 nextcommerce (popup_image.php,v 1.7 2003/08/18); www.nextcommerce.org (c) 2004 xt:Commerce (popup_image.php,v 1.7 2003/08/18); xt-commerce.com Released under the GNU General Public License --------------------------------------------------------------*/ require 'includes/application_top.php'; reset($_GET); while (list($key, ) = each($_GET)) { switch ($key) { case 'banner': $banners_id = vam_db_prepare_input($_GET['banner']); $banner_query = vam_db_query("select banners_title, banners_image, banners_html_text from " . TABLE_BANNERS . " where banners_id = '" . vam_db_input($banners_id) . "'"); $banner = vam_db_fetch_array($banner_query); $page_title = $banner['banners_title']; if ($banner['banners_html_text']) { $image_source = $banner['banners_html_text']; } elseif ($banner['banners_image']) { $image_source = vam_image(HTTP_CATALOG_SERVER . DIR_WS_CATALOG_IMAGES . 'banner/' . $banner['banners_image'], $page_title); } break; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS;
$insert_sql_data = array('date_added' => 'now()'); $sql_data_array = vam_array_merge($sql_data_array, $insert_sql_data); vam_db_perform(TABLE_BLACKLIST, $sql_data_array); $blacklist_id = vam_db_insert_id(); } elseif ($_GET['action'] == 'save') { $update_sql_data = array('last_modified' => 'now()'); $sql_data_array = vam_array_merge($sql_data_array, $update_sql_data); vam_db_perform(TABLE_BLACKLIST, $sql_data_array, 'update', "blacklist_id = '" . vam_db_input($blacklist_id) . "'"); } if (USE_CACHE == 'true') { vam_reset_cache_block('blacklist'); } vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'] . '&bID=' . $blacklist_id)); break; case 'deleteconfirm': $blacklist_id = vam_db_prepare_input($_GET['bID']); vam_db_query("delete from " . TABLE_BLACKLIST . " where blacklist_id = '" . vam_db_input($blacklist_id) . "'"); if (USE_CACHE == 'true') { vam_reset_cache_block('manufacturers'); } vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'])); break; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php
} mysql_free_result($result); mysql_close(); if (isset($fURL) && $fURL != '') { $url = HTTP_SERVER . DIR_WS_CATALOG . $fURL; header("HTTP/1.1 301 Moved Permanently"); header('Location: ' . $url); exit; } } $PHP_SELF = '/faq.php'; include 'faq.php'; break; case 'articles': if (isset($_GET['tPath']) && $_GET['tPath'] != '') { $query = 'select topics_page_url from ' . TABLE_TOPICS . ' where topics_id="' . vam_db_prepare_input($_GET['tPath']) . '"'; $result = mysql_query($query); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result, MYSQL_ASSOC); $tURL = $row['topics_page_url']; } mysql_free_result($result); mysql_close(); if (isset($tURL) && $tURL != '') { $url = HTTP_SERVER . DIR_WS_CATALOG . $tURL; header("HTTP/1.1 301 Moved Permanently"); header('Location: ' . $url); exit; } } $PHP_SELF = '/articles.php';
$countries_id = vam_db_prepare_input($_GET['cID']); $countries_name = vam_db_prepare_input($_POST['countries_name']); $countries_iso_code_2 = vam_db_prepare_input($_POST['countries_iso_code_2']); $countries_iso_code_3 = vam_db_prepare_input($_POST['countries_iso_code_3']); $address_format_id = vam_db_prepare_input($_POST['address_format_id']); vam_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . vam_db_input($countries_name) . "', countries_iso_code_2 = '" . vam_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . vam_db_input($countries_iso_code_3) . "', address_format_id = '" . vam_db_input($address_format_id) . "' where countries_id = '" . vam_db_input($countries_id) . "'"); vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id)); break; case 'deleteconfirm': $countries_id = vam_db_prepare_input($_GET['cID']); vam_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . vam_db_input($countries_id) . "'"); vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'])); break; case 'setlflag': $countries_id = vam_db_prepare_input($_GET['cID']); $status = vam_db_prepare_input($_GET['flag']); vam_db_query("update " . TABLE_COUNTRIES . " set status = '" . vam_db_input($status) . "' where countries_id = '" . vam_db_input($countries_id) . "'"); vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id)); break; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $_SESSION['language_charset']; ?>
if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result, MYSQL_ASSOC); $nID = $row['news_id']; $matched = true; } else { $matched = false; } if ($matched) { $HTTP_GET_VARS['news_id'] = $nID; $_GET['news_id'] = $nID; mysql_free_result($result); mysql_close(); $PHP_SELF = '/news.php'; include 'news.php'; } else { $query = 'select faq_id from ' . TABLE_FAQ . ' where BINARY faq_page_url="' . vam_db_prepare_input($URI_elements[0]) . '"'; $result = mysql_query($query); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result, MYSQL_ASSOC); $fID = $row['faq_id']; $matched = true; } else { $matched = false; } if ($matched) { $HTTP_GET_VARS['faq_id'] = $fID; $_GET['faq_id'] = $fID; mysql_free_result($result); mysql_close(); $PHP_SELF = '/faq.php'; include 'faq.php';
// $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'"); // $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE; // break; // case '**D': // $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'"); // $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE; // break; default: $affiliate_email_address = vam_db_prepare_input($_POST['affiliate_email_address']); $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . vam_db_input($affiliate_email_address) . "'"); $mail_sent_to = $_POST['affiliate_email_address']; break; } $from = vam_db_prepare_input($_POST['from']); $subject = vam_db_prepare_input($_POST['subject']); $message = vam_db_prepare_input($_POST['message']); while ($mail = vam_db_fetch_array($mail_query)) { vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $mail['affiliate_email_address'], $mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $subject, $message, $message); } vam_redirect(vam_href_link(FILENAME_AFFILIATE_CONTACT, 'mail_sent_to=' . urlencode($mail_sent_to))); } if ($_GET['action'] == 'preview' && !$_POST['affiliate_email_address']) { $messageStack->add(ERROR_NO_AFFILIATE_SELECTED, 'error'); } if (vam_not_null($_GET['mail_sent_to'])) { $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS;
if (isset($_SESSION['payment'])) { unset($_SESSION['payment']); } vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } // process the selected billing destination } elseif (isset($_POST['address'])) { $reset_payment = false; if (isset($_SESSION['billto'])) { if ($billto != $_POST['address']) { if (isset($_SESSION['payment'])) { $reset_payment = true; } } } $_SESSION['billto'] = vam_db_prepare_input($_POST['address']); $check_address_query = vam_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $_SESSION['customer_id'] . "' and address_book_id = '" . $_SESSION['billto'] . "'"); $check_address = vam_db_fetch_array($check_address_query); if ($check_address['total'] == '1') { if ($reset_payment == true) { unset($_SESSION['payment']); } vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } else { unset($_SESSION['billto']); } // no addresses to select from - customer decided to keep the current assigned address } else { $_SESSION['billto'] = $_SESSION['customer_default_address_id']; vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); }
$a_level = vam_db_prepare_input($_GET['a_level']); $level_clause = " AND a.affiliate_level = '" . $a_level . "'"; } $affiliate_sales_raw = "select a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent,\n a.affiliate_payment, a.affiliate_level AS level,\n o.orders_status as orders_status_id, os.orders_status_name as orders_status, \n MONTH(aa.affiliate_date_account_created) as start_month, YEAR(aa.affiliate_date_account_created) as start_year\n from " . TABLE_AFFILIATE . " aa\n left join " . TABLE_AFFILIATE_SALES . " a on (aa.affiliate_id = a.affiliate_id )\n left join " . TABLE_ORDERS . " o on (a.affiliate_orders_id = o.orders_id) \n left join " . TABLE_ORDERS_STATUS . " os on (o.orders_status = os.orders_status_id and language_id = '" . $_SESSION['languages_id'] . "')\n where a.affiliate_id = '" . $_SESSION['affiliate_id'] . "' " . $period_clause . $status_clause . $level_clause . " \n group by aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, \n a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, \n o.orders_status, os.orders_status_name\n order by affiliate_date DESC"; $count_key = 'aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, o.orders_status, os.orders_status_name'; $affiliate_sales_split = new splitPageResults($affiliate_sales_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $count_key); if ($affiliate_sales_split->number_of_rows > 0) { $affiliate_sales_values = vam_db_query($affiliate_sales_split->sql_query); $affiliate_sales = vam_db_fetch_array($affiliate_sales_values); } else { $affiliate_sales_values = vam_db_query("select MONTH(affiliate_date_account_created) as start_month,\n YEAR(affiliate_date_account_created) as start_year\n FROM " . TABLE_AFFILIATE . " WHERE affiliate_id = '" . $_SESSION['affiliate_id'] . "'"); $affiliate_sales = vam_db_fetch_array($affiliate_sales_values); } $vamTemplate->assign('period_selector', affiliate_period('a_period', $affiliate_sales['start_year'], $affiliate_sales['start_month'], true, vam_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"')); $vamTemplate->assign('status_selector', affiliate_get_status_list('a_status', vam_db_prepare_input($_GET['a_status']), 'onchange="this.form.submit();"')); $vamTemplate->assign('level_selector', affiliate_get_level_list('a_level', vam_db_prepare_input($_GET['a_level']), 'onchange="this.form.submit();"')); require DIR_WS_INCLUDES . 'header.php'; $vamTemplate->assign('affiliate_sales_split_numbers', $affiliate_sales_split->number_of_rows); $vamTemplate->assign('FORM_ACTION', vam_draw_form('params', vam_href_link(FILENAME_AFFILIATE_SALES), 'get')); $affiliate_sales_table = ''; if ($affiliate_sales_split->number_of_rows > 0) { $number_of_sales = 0; $sum_of_earnings = 0; do { $number_of_sales++; if ($affiliate_sales['orders_status_id'] >= AFFILIATE_PAYMENT_ORDER_MIN_STATUS) { $sum_of_earnings += $affiliate_sales['affiliate_payment']; } if ($number_of_sales / 2 == floor($number_of_sales / 2)) { $affiliate_sales_table .= '<tr class="productListing-even">'; } else {
$faq_page_url = $alias; } else { $faq_page_url = $_POST['faq_page_url']; } $sql_data_array = array('question' => vam_db_prepare_input($_POST['question']), 'faq_page_url' => vam_db_prepare_input($faq_page_url), 'answer' => vam_db_prepare_input($_POST['answer']), 'date_added' => 'now()', 'language' => vam_db_prepare_input($_POST['item_language']), 'status' => '1'); vam_db_perform(TABLE_FAQ, $sql_data_array); $faq_id = vam_db_insert_id(); //not actually used ATM -- just there in case } // vam_redirect(vam_href_link(FILENAME_FAQ)); break; case 'update_faq': //user wants to modify a faq. if ($_GET['faq_id']) { $sql_data_array = array('question' => vam_db_prepare_input($_POST['question']), 'faq_page_url' => vam_db_prepare_input($_POST['faq_page_url']), 'answer' => vam_db_prepare_input($_POST['answer']), 'date_added' => vam_db_prepare_input($_POST['date_added']), 'language' => vam_db_prepare_input($_POST['item_language'])); vam_db_perform(TABLE_FAQ, $sql_data_array, 'update', "faq_id = '" . vam_db_prepare_input($_GET['faq_id']) . "'"); } // vam_redirect(vam_href_link(FILENAME_FAQ)); break; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $_SESSION['language_charset']; ?>
if (is_array($_POST['multi_products']) && (is_array($_POST['dest_cat_ids']) || vam_not_null($_POST['dest_category_id']))) { foreach ($_POST['multi_products'] as $product_id) { $product_id = vam_db_prepare_input($product_id); if (is_array($_POST['dest_cat_ids'])) { foreach ($_POST['dest_cat_ids'] as $dest_category_id) { $dest_category_id = vam_db_prepare_input($dest_category_id); if ($_POST['copy_as'] == 'link') { $catfunc->link_product($product_id, $dest_category_id); } elseif ($_POST['copy_as'] == 'duplicate') { $catfunc->duplicate_product($product_id, $dest_category_id); } else { $messageStack->add_session('Copy type not specified.', 'error'); } } } elseif (vam_not_null($_POST['dest_category_id'])) { $dest_category_id = vam_db_prepare_input($_POST['dest_category_id']); if ($_POST['copy_as'] == 'link') { $catfunc->link_product($product_id, $dest_category_id); } elseif ($_POST['copy_as'] == 'duplicate') { $catfunc->duplicate_product($product_id, $dest_category_id); } else { $messageStack->add_session('Copy type not specified.', 'error'); } } } } vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $dest_category_id . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID')))); } // --- MULTI COPY ENDS --- vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $_GET['cPath'] . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID')))); break;
---------------------------------------------------------------------------------------*/ include 'includes/application_top.php'; require_once DIR_FS_INC . 'vam_random_charcode.inc.php'; require_once DIR_FS_INC . 'vam_render_vvcode.inc.php'; // create template elements $vamTemplate = new vamTemplate(); // include boxes require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php'; if ($_SESSION['customers_status']['customers_status_write_reviews'] == 0) { vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL')); } if (isset($_GET['action']) && $_GET['action'] == 'process') { if (is_object($product) && $product->isProduct()) { // We got to the process but it is an illegal product, don't write $rating = vam_db_prepare_input($_POST['rating']); $review = vam_db_prepare_input($_POST['review']); $error = false; if ($_POST['captcha'] == '' or $_POST['captcha'] != $_SESSION['vvcode']) { $error = true; $vamTemplate->assign('captcha_error', ENTRY_CAPTCHA_ERROR); } if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) { $error = true; $vamTemplate->assign('error', ERROR_INVALID_PRODUCT); } if ($rating < 1 || $rating > 5) { $error = true; $vamTemplate->assign('error', ERROR_INVALID_PRODUCT); } if ($error == false) { $customer = vam_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$_imgQuery = vam_db_fetch_array($_imgQuery); if ($_imgQuery['count'] > 0) { } else { vam_db_perform(TABLE_PRODUCTS_OPTIONS_IMAGES, $data); } } for ($img = 0; $img < MO_PICS; $img++) { if ($pIMG =& vam_try_upload('mo_pics_' . $img, DIR_FS_CATALOG_IMAGES . 'product_options/', '777', '')) { $pname_arr = explode('.', $pIMG->filename); $nsuffix = array_pop($pname_arr); $value_image_name = $_POST['value_id'] . '_' . ($img + 1) . '.' . $nsuffix; rename(DIR_FS_CATALOG_IMAGES . 'product_options/' . $pIMG->filename, DIR_FS_CATALOG_IMAGES . 'product_options/' . $value_image_name); //get data & write to table $mo_img = array('products_options_values_id' => vam_db_prepare_input($_POST['value_id']), 'image_nr' => vam_db_prepare_input($img + 1), 'image_name' => vam_db_prepare_input($value_image_name)); // if ($action == 'insert') { $_imgQuery = vam_db_query("SELECT count(*) as count FROM " . TABLE_PRODUCTS_OPTIONS_IMAGES . " WHERE image_nr='" . ($img + 1) . "' and products_options_values_id='" . vam_db_prepare_input($_POST['value_id']) . "'"); $_imgQuery = vam_db_fetch_array($_imgQuery); if ($_imgQuery['count'] > 0) { } else { vam_db_perform(TABLE_PRODUCTS_OPTIONS_IMAGES, $mo_img); } } } if ($_POST['del_mo_pic'] != '') { foreach ($_POST['del_mo_pic'] as $dummy => $val) { @vam_del_image_options_file($val); vam_db_query("DELETE FROM " . TABLE_PRODUCTS_OPTIONS_IMAGES . "\n\t\t\t\t\t\t\t\t\t WHERE products_options_values_id = '" . vam_db_input($_POST['value_id']) . "' AND image_name = '" . $val . "'"); } } //are we asked to delete some pics? if ($_POST['del_pic'] != '') {
vam_db_query("insert into " . TABLE_FEATURED . " (products_id, featured_quantity, featured_date_added, expires_date, status) values ('" . $_POST['products_id'] . "', '" . $_POST['featured_quantity'] . "', now(), '" . $expires_date . "', '1')"); vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page'])); break; case 'update': // update a product on featured $expires_date = ''; if ($_POST['expires-dd'] && $_POST['expires-mm'] && $_POST['expires']) { $expires_date = $_POST['expires']; $expires_date .= strlen($_POST['expires-mm']) == 1 ? '0' . $_POST['expires-mm'] : $_POST['expires-mm']; $expires_date .= strlen($_POST['expires-dd']) == 1 ? '0' . $_POST['expires-dd'] : $_POST['expires-dd']; } vam_db_query("update " . TABLE_FEATURED . " set featured_quantity = '" . $_POST['featured_quantity'] . "', featured_last_modified = now(), expires_date = '" . $expires_date . "' where featured_id = '" . $_POST['featured_id'] . "'"); vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page'] . '&fID=' . $featured_id)); break; case 'deleteconfirm': $featured_id = vam_db_prepare_input($_GET['fID']); vam_db_query("delete from " . TABLE_FEATURED . " where featured_id = '" . vam_db_input($featured_id) . "'"); vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page'])); break; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $_SESSION['language_charset']; ?> ">
// avoid hack attempts during the checkout procedure by checking the internal cartID if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) { if ($_SESSION['cart']->cartID != $_SESSION['cartID']) { vam_redirect(vam_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); } } // if no shipping method has been selected, redirect the customer to the shipping method selection page if (!isset($_SESSION['shipping'])) { vam_redirect(vam_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); } //check if display conditions on checkout page is true if (isset($_POST['payment'])) { $_SESSION['payment'] = vam_db_prepare_input($_POST['payment']); } if ($_POST['comments_added'] != '') { $_SESSION['comments'] = vam_db_prepare_input($_POST['comments']); } if (!isset($_SESSION['kvit_name'])) { $_SESSION['kvit_name'] = $_POST['kvit_name']; } if (!isset($_SESSION['kvit_address'])) { $_SESSION['kvit_address'] = $_POST['kvit_address']; } if (!isset($_SESSION['qiwi_telephone'])) { $_SESSION['qiwi_telephone'] = $_POST['qiwi_telephone']; } if (!isset($_SESSION['aviso_telephone'])) { $_SESSION['aviso_telephone'] = $_POST['aviso_telephone']; } if (!isset($_SESSION['s_name'])) { $_SESSION['s_name'] = $_POST['s_name'];
function after_process() { global $insert_id, $name, $inn, $kpp, $ogrn, $okpo, $rs, $bank_name, $bik, $ks, $address, $yur_address, $fakt_address, $telephone, $fax, $email, $director, $accountant, $checkout_form_action, $checkout_form_submit; vam_db_query("INSERT INTO " . TABLE_COMPANIES . " (orders_id, customers_id, name, inn, kpp, ogrn, okpo, rs, bank_name, bik, ks, address, yur_address, fakt_address, telephone, fax, email, director, accountant) VALUES ('" . vam_db_prepare_input($insert_id) . "', '" . (int) $_SESSION['customer_id'] . "', '" . vam_db_prepare_input($_SESSION['s_name']) . "', '" . vam_db_prepare_input($_SESSION['s_inn']) . "', '" . vam_db_prepare_input($_SESSION['s_kpp']) . "', '" . vam_db_prepare_input($_SESSION['s_ogrn']) . "', '" . vam_db_prepare_input($_SESSION['s_okpo']) . "', '" . vam_db_prepare_input($_SESSION['s_rs']) . "', '" . vam_db_prepare_input($_SESSION['s_bank_name']) . "', '" . vam_db_prepare_input($_SESSION['s_bik']) . "', '" . vam_db_prepare_input($_SESSION['s_ks']) . "', '" . vam_db_prepare_input($_SESSION['s_address']) . "', '" . vam_db_prepare_input($_SESSION['s_yur_address']) . "', '" . vam_db_prepare_input($_SESSION['s_fakt_address']) . "', '" . vam_db_prepare_input($_SESSION['s_telephone']) . "', '" . vam_db_prepare_input($_SESSION['s_fax']) . "', '" . vam_db_prepare_input($_SESSION['s_email']) . "', '" . vam_db_prepare_input($_SESSION['s_director']) . "', '" . vam_db_prepare_input($_SESSION['s_accountant']) . "')"); if ($this->order_status) { vam_db_query("UPDATE " . TABLE_ORDERS . " SET orders_status='" . $this->order_status . "' WHERE orders_id='" . $insert_id . "'"); } }
function getNext() { switch ($this->mode) { // yearly case '1': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd), date("Y", $sd) + 1); break; // monthly // monthly case '2': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd) + 1, 1, date("Y", $sd)); break; // weekly // weekly case '3': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 7, date("Y", $sd)); break; // daily // daily case '4': $sd = $this->actDate; $ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 1, date("Y", $sd)); break; } if ($ed > $this->endDate) { $ed = $this->endDate; } $filterString = ""; if ($this->statusFilter > 0) { $filterString .= " AND o.orders_status = " . $this->statusFilter . " "; } if (!is_numeric($this->paymentFilter)) { $filterString .= " AND o.payment_method ='" . vam_db_prepare_input($this->paymentFilter) . "' "; } $rqOrders = vam_db_query($this->queryOrderCnt . " WHERE o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString); $order = vam_db_fetch_array($rqOrders); $rqShipping = vam_db_query($this->queryShipping . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString); $shipping = vam_db_fetch_array($rqShipping); $rqItems = vam_db_query($this->queryItemCnt . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString . " group by pid " . $this->sortString); // set the return values $this->actDate = $ed; $this->showDate = $sd; $this->showDateEnd = $ed - 60 * 60 * 24; // execute the query $cnt = 0; $itemTot = 0; $sumTot = 0; while ($resp[$cnt] = vam_db_fetch_array($rqItems)) { // to avoid rounding differences round for every quantum // multiply with the number of items afterwords. $price = $resp[$cnt]['psum'] / $resp[$cnt]['pquant']; // products_attributes // are there any attributes for this order_id ? $rqAttr = vam_db_query($this->queryAttr . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "' AND op.products_id = " . $resp[$cnt]['pid'] . $filterString . " group by products_options_values order by orders_products_id"); $i = 0; while ($attr[$i] = vam_db_fetch_array($rqAttr)) { $i++; } // values per date if ($i > 0) { $price2 = 0; $price3 = 0; $option = array(); $k = -1; $ord_pro_id_old = 0; for ($j = 0; $j < $i; $j++) { if ($attr[$j]['price_prefix'] == "-") { $price2 += -1 * $attr[$j]['options_values_price']; $price3 = -1 * $attr[$j]['options_values_price']; $prefix = "-"; } else { $price2 += $attr[$j]['options_values_price']; $price3 = $attr[$j]['options_values_price']; $prefix = "+"; } $ord_pro_id = $attr[$j]['orders_products_id']; if ($ord_pro_id != $ord_pro_id_old) { $k++; $l = 0; // set values $option[$k]['quant'] = $attr[$j]['attr_cnt']; $option[$k]['options'][0] = $attr[$j]['products_options']; $option[$k]['options_values'][0] = $attr[$j]['products_options_values']; if ($price3 != 0) { //$option[$k]['price'][0] = vam_add_tax($price3, $resp[$cnt]['ptax']); $option[$k]['price'][0] = $price3; } else { $option[$k]['price'][0] = 0; } } else { $l++; // update values $option[$k]['options'][$l] = $attr[$j]['products_options']; $option[$k]['options_values'][$l] = $attr[$j]['products_options_values']; if ($price3 != 0) { //$option[$k]['price'][$l] = vam_add_tax($price3, $resp[$cnt]['ptax']); $option[$k]['price'][$l] = $price3; } else { $option[$k]['price'][$l] = 0; } } $ord_pro_id_old = $ord_pro_id; } // set attr value $resp[$cnt]['attr'] = $option; } else { $resp[$cnt]['attr'] = ""; } //$resp[$cnt]['price'] = vam_add_tax($price, $resp[$cnt]['ptax']); //$resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * vam_add_tax($price, $resp[$cnt]['ptax']); $resp[$cnt]['price'] = $price; $resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * $price; $resp[$cnt]['order'] = $order['order_cnt']; $resp[$cnt]['shipping'] = $shipping['shipping']; // values per date and item $sumTot += $resp[$cnt]['psum']; $itemTot += $resp[$cnt]['pquant']; // add totsum and totitem until current row $resp[$cnt]['totsum'] = $sumTot; $resp[$cnt]['totitem'] = $itemTot; $cnt++; } return $resp; }
} if (ACCOUNT_POSTCODE == 'true') { $vamTemplate->assign('postcode', '1'); $vamTemplate->assign('INPUT_CODE', vam_draw_input_fieldNote(array('name' => 'postcode', 'text' => ' ' . (vam_not_null(ENTRY_POST_CODE_TEXT) ? '<span class="Requirement">' . ENTRY_POST_CODE_TEXT . '</span>' : '')), '', 'id="postcode"')); } else { $vamTemplate->assign('postcode', '0'); } if (ACCOUNT_CITY == 'true') { $vamTemplate->assign('city', '1'); $vamTemplate->assign('INPUT_CITY', vam_draw_input_fieldNote(array('name' => 'city', 'text' => ' ' . (vam_not_null(ENTRY_CITY_TEXT) ? '<span class="Requirement">' . ENTRY_CITY_TEXT . '</span>' : '')), '', 'id="city"')); } else { $vamTemplate->assign('city', '0'); } if (ACCOUNT_STATE == 'true') { $vamTemplate->assign('state', '1'); $country = isset($_POST['country']) ? vam_db_prepare_input($_POST['country']) : STORE_COUNTRY; $zone_id = 0; $check_query = vam_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'"); $check = vam_db_fetch_array($check_query); $entry_state_has_zones = $check['total'] > 0; if ($entry_state_has_zones == true) { $zones_array = array(); $zones_query = vam_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' order by zone_name"); while ($zones_values = vam_db_fetch_array($zones_query)) { $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']); } $zone = vam_db_query("select distinct zone_id, zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_code = '" . vam_db_input($state) . "'"); if (vam_db_num_rows($zone) > 0) { $zone_id = $zone['zone_id']; $zone_name = $zone['zone_name']; } else {
break; case '**D': $mail_query = vam_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_newsletter = '1'"); $mail_sent_to = TEXT_NEWSLETTER_CUSTOMERS; break; default: $customers_email_address = vam_db_prepare_input($_POST['customers_email_address']); $mail_query = vam_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_email_address = '" . vam_db_input($customers_email_address) . "'"); $mail_sent_to = $_POST['customers_email_address']; if ($_POST['email_to']) { $mail_sent_to = $_POST['email_to']; } break; } $from = vam_db_prepare_input($_POST['from']); $subject = vam_db_prepare_input($_POST['subject']); while ($mail = vam_db_fetch_array($mail_query)) { $id1 = create_coupon_code($mail['customers_email_address']); // assign language to template for caching $vamTemplate->assign('language', $_SESSION['language']); $vamTemplate->caching = false; $vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/'); $vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/'); $vamTemplate->assign('AMMOUNT', $currencies->format($_POST['amount'])); $vamTemplate->assign('MESSAGE', $_POST['message']); $vamTemplate->assign('GIFT_ID', $id1); $vamTemplate->assign('WEBSITE', HTTP_SERVER . DIR_WS_CATALOG); $link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no=' . $id1; $vamTemplate->assign('GIFT_LINK', $link); $html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.html'); $txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.txt');
if (reg) { document.customers.state.value = reg; } } var zones = new Array( <?php $zones_query = vam_db_query("select zone_country_id,zone_name from " . TABLE_ZONES . " order by zone_name asc"); $mas = array(); while ($zones_values = vam_db_fetch_array($zones_query)) { $zones[] = 'new Array(' . $zones_values['zone_country_id'] . ',"' . $zones_values['zone_name'] . '")'; } echo implode(',', $zones); ?> ); document.write('<SELECT NAME="state">'); document.write('</SELECT>'); changeselect("<?php echo vam_db_prepare_input($_POST['state']); ?> "); --> </script> </td> </tr> <?php } ?> </table></td> </tr> <tr> <td><?php echo vam_draw_separator('pixel_trans.gif', '1', '10'); ?>
vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . vam_db_input($shipping_status_id) . "' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'"); } vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page'] . '&oID=' . $shipping_status_id)); break; case 'deleteconfirm': $oID = vam_db_prepare_input($_GET['oID']); $shipping_status_query = vam_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'"); $shipping_status = vam_db_fetch_array($shipping_status_query); if ($shipping_status['configuration_value'] == $oID) { vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'"); } vam_db_query("delete from " . TABLE_SHIPPING_STATUS . " where shipping_status_id = '" . vam_db_input($oID) . "'"); vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page'])); break; case 'delete': $oID = vam_db_prepare_input($_GET['oID']); $remove_status = true; if ($oID == DEFAULT_SHIPPING_STATUS_ID) { $remove_status = false; $messageStack->add(ERROR_REMOVE_DEFAULT_SHIPPING_STATUS, 'error'); } else { } break; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS; ?> > <head>
if ($affiliate_impressions == 0) { $affiliate_impressions = "n/a"; } $vamTemplate->assign('affiliate_impressions', $affiliate_impressions); $vamTemplate->assign('period_selector', affiliate_period('a_period', $affiliate['start_year'], $affiliate['start_month'], true, vam_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"')); $affiliate_percent = 0; $affiliate_percent = $affiliate['affiliate_commission_percent']; if ($affiliate_percent < AFFILIATE_PERCENT) { $affiliate_percent = AFFILIATE_PERCENT; } $vamTemplate->assign('affiliate_percent', vam_round($affiliate_percent, 2)); $affiliate_percent_tier = preg_split("/;/", AFFILIATE_TIER_PERCENTAGE, AFFILIATE_TIER_LEVELS); if (empty($_GET['a_period']) or $_GET['a_period'] == "all") { $affiliate_sales = affiliate_level_statistics_query($_SESSION['affiliate_id']); } else { $affiliate_sales = affiliate_level_statistics_query($_SESSION['affiliate_id'], vam_db_prepare_input($_GET['a_period'])); } $vamTemplate->assign('affiliate_transactions', vam_not_null($affiliate_sales['count']) ? $affiliate_sales['count'] : 0); if ($affiliate_clickthroughs > 0) { $affiliate_conversions = vam_round($affiliate_transactions / $affiliate_clickthroughs * 100, 2) . "%"; } else { $affiliate_conversions = "n/a"; } $vamTemplate->assign('affiliate_conversions', $affiliate_conversions); $vamTemplate->assign('affiliate_amount', $vamPrice->Format($affiliate_sales['total'], true)); if ($affiliate_transactions > 0) { $affiliate_average = vam_round($affiliate_amount / $affiliate_transactions, 2); $affiliate_average = $vamPrice->Format($affiliate_average, true); } else { $affiliate_average = "n/a"; }
$sql_data_array = array('authors_description' => vam_db_prepare_input($authors_desc_array[$language_id]), 'authors_url' => vam_db_prepare_input($authors_url_array[$language_id])); if ($action == 'insert') { $insert_sql_data = array('authors_id' => $authors_id, 'languages_id' => $language_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); vam_db_perform(TABLE_AUTHORS_INFO, $sql_data_array); } elseif ($action == 'save') { vam_db_perform(TABLE_AUTHORS_INFO, $sql_data_array, 'update', "authors_id = '" . (int) $authors_id . "' and languages_id = '" . (int) $language_id . "'"); } } if (USE_CACHE == 'true') { vam_reset_cache_block('authors'); } vam_redirect(vam_href_link(FILENAME_AUTHORS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'auID=' . $authors_id)); break; case 'deleteconfirm': $authors_id = vam_db_prepare_input($_GET['auID']); vam_db_query("delete from " . TABLE_AUTHORS . " where authors_id = '" . (int) $authors_id . "'"); vam_db_query("delete from " . TABLE_AUTHORS_INFO . " where authors_id = '" . (int) $authors_id . "'"); if (isset($_POST['delete_articles']) && $_POST['delete_articles'] == 'on') { $articles_query = vam_db_query("select articles_id from " . TABLE_ARTICLES . " where authors_id = '" . (int) $authors_id . "'"); while ($articles = vam_db_fetch_array($articles_query)) { vam_remove_article($articles['articles_id']); } } else { vam_db_query("update " . TABLE_ARTICLES . " set authors_id = '' where authors_id = '" . (int) $authors_id . "'"); } if (USE_CACHE == 'true') { vam_reset_cache_block('authors'); } vam_redirect(vam_href_link(FILENAME_AUTHORS, 'page=' . $_GET['page'])); break;
---------------------------------------------------------------------------------------*/ include 'includes/application_top.php'; // create template elements $vamTemplate = new vamTemplate(); // include boxes require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php'; // include needed functions require_once DIR_FS_INC . 'vam_validate_password.inc.php'; require_once DIR_FS_INC . 'vam_encrypt_password.inc.php'; if (!isset($_SESSION['customer_id'])) { vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL')); } if (isset($_POST['action']) && $_POST['action'] == 'process') { $password_current = vam_db_prepare_input($_POST['password_current']); $password_new = vam_db_prepare_input($_POST['password_new']); $password_confirmation = vam_db_prepare_input($_POST['password_confirmation']); $error = false; if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR); } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = vam_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $check_customer = vam_db_fetch_array($check_customer_query); if (vam_validate_password($password_current, $check_customer['customers_password'])) {
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_STATUS; ?> </td> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?> </td> </tr> <?php if ($_GET['sID']) { // Search only payment_id by now $sID = vam_db_prepare_input($_GET['sID']); $payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where p.affiliate_payment_id = '" . vam_db_input($sID) . "' and p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC"; } elseif (is_numeric($_GET['status'])) { $status = vam_db_prepare_input($_GET['status']); $payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where s.affiliate_payment_status_id = '" . vam_db_input($status) . "' and p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC"; } else { $payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC"; } $payments_split = new splitPageResults($_GET['page'], MAX_DISPLAY_ADMIN_PAGE, $payments_query_raw, $payments_query_numrows); $payments_query = vam_db_query($payments_query_raw); while ($payments = vam_db_fetch_array($payments_query)) { if ((!$_GET['pID'] || $_GET['pID'] == $payments['affiliate_payment_id']) && !$pInfo) { $pInfo = new objectInfo($payments); } if (is_object($pInfo) && $payments['affiliate_payment_id'] == $pInfo->affiliate_payment_id) { echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID', 'action')) . 'pID=' . $pInfo->affiliate_payment_id . '&action=edit') . '\'">' . "\n"; } else { echo ' <tr class="dataTableRow" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'hand\'" onmouseout="this.className=\'dataTableRow\'" onclick="document.location.href=\'' . vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID')) . 'pID=' . $payments['affiliate_payment_id']) . '\'">' . "\n"; }
Copyright (c) 2007 VaM Shop -------------------------------------------------------------- based on: (c) 2000-2001 The Exchange Project (earlier name of osCommerce) (c) 2002-2003 osCommercecoding standards www.oscommerce.com (c) 2004 xt:Commerce (popup_memo.php,v 1.7 2003/08/18); xt-commerce.com Released under the GNU General Public License --------------------------------------------------------------*/ require 'includes/application_top.php'; include DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/customers.php'; if ($_GET['action']) { switch ($_GET['action']) { case 'save': $memo_title = vam_db_prepare_input($_POST['memo_title']); $memo_text = vam_db_prepare_input($_POST['memo_text']); if ($memo_text != '' && $memo_title != '') { $sql_data_array = array('customers_id' => $_POST['ID'], 'memo_date' => date("Y-m-d"), 'memo_title' => $memo_title, 'memo_text' => nl2br($memo_text), 'poster_id' => $_SESSION['customer_id']); vam_db_perform(TABLE_CUSTOMERS_MEMO, $sql_data_array); } break; case 'remove': vam_db_query("DELETE FROM " . TABLE_CUSTOMERS_MEMO . " where memo_id='" . $_GET['mID'] . "'"); break; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html <?php echo HTML_PARAMS; ?>