function objectInfo($object_array)
{
reset($object_array);
while (list($key, $value) = each($object_array)) {
$this->{$key} = vam_db_prepare_input($value);
}
}
function vam_db_prepare_input($string)
{
if (is_string($string)) {
return trim(stripslashes($string));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = vam_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
function vam_get_categories($categories_array = '', $parent_id = '0', $indent = '')
{
$parent_id = vam_db_prepare_input($parent_id);
if (!is_array($categories_array)) {
$categories_array = array();
}
$categories_query = "select\n c.categories_id,\n cd.categories_name\n from " . TABLE_CATEGORIES . " c,\n " . TABLE_CATEGORIES_DESCRIPTION . " cd\n where parent_id = '" . vam_db_input($parent_id) . "'\n and c.categories_id = cd.categories_id\n and c.categories_status != 0\n and cd.language_id = '" . $_SESSION['languages_id'] . "'\n order by sort_order, cd.categories_name";
$categories_query = vamDBquery($categories_query);
while ($categories = vam_db_fetch_array($categories_query, true)) {
$categories_array[] = array('id' => $categories['categories_id'], 'text' => $indent . $categories['categories_name']);
if ($categories['categories_id'] != $parent_id) {
$categories_array = vam_get_categories($categories_array, $categories['categories_id'], $indent . ' ');
}
}
return $categories_array;
}
function vam_address_summary($customers_id, $address_id)
{
$customers_id = vam_db_prepare_input($customers_id);
$address_id = vam_db_prepare_input($address_id);
$address_query = vam_db_query("select ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_state, ab.entry_country_id, ab.entry_zone_id, c.countries_name, c.address_format_id from " . TABLE_ADDRESS_BOOK . " ab, " . TABLE_COUNTRIES . " c where ab.address_book_id = '" . vam_db_input($address_id) . "' and ab.customers_id = '" . vam_db_input($customers_id) . "' and ab.entry_country_id = c.countries_id");
$address = vam_db_fetch_array($address_query);
$street_address = $address['entry_street_address'];
$suburb = $address['entry_suburb'];
$postcode = $address['entry_postcode'];
$city = $address['entry_city'];
$state = vam_get_zone_name($address['entry_country_id'], $address['entry_zone_id'], $address['entry_state']);
$country = $address['countries_name'];
$address_format_query = vam_db_query("select address_summary from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . $address['address_format_id'] . "'");
$address_format = vam_db_fetch_array($address_format_query);
// eval("\$address = \"{$address_format['address_summary']}\";");
$address_summary = $address_format['address_summary'];
eval("\$address = \"{$address_summary}\";");
return $address;
}
function query($order_id)
{
$order_id = vam_db_prepare_input($order_id);
$order_query = vam_db_query("SELECT\n *\n FROM " . TABLE_ORDERS . " WHERE\n orders_id = '" . vam_db_input($order_id) . "'");
$order = vam_db_fetch_array($order_query);
$totals_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_TOTAL . " where orders_id = '" . vam_db_input($order_id) . "' order by sort_order");
while ($totals = vam_db_fetch_array($totals_query)) {
$this->totals[] = array('title' => $totals['title'], 'text' => $totals['text'], 'value' => $totals['value']);
}
$order_total_query = vam_db_query("select text,value from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_total'");
$order_total = vam_db_fetch_array($order_total_query);
$shipping_method_query = vam_db_query("select title from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . $order_id . "' and class = 'ot_shipping'");
$shipping_method = vam_db_fetch_array($shipping_method_query);
$order_status_query = vam_db_query("select orders_status_name from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . $order['orders_status'] . "' and language_id = '" . $_SESSION['languages_id'] . "'");
$order_status = vam_db_fetch_array($order_status_query);
$this->info = array('currency' => $order['currency'], 'currency_value' => $order['currency_value'], 'payment_method' => $order['payment_method'], 'cc_type' => $order['cc_type'], 'cc_owner' => $order['cc_owner'], 'cc_number' => $order['cc_number'], 'cc_expires' => $order['cc_expires'], 'cc_start' => $order['cc_start'], 'cc_issue' => $order['cc_issue'], 'cc_cvv' => $order['cc_cvv'], 'date_purchased' => $order['date_purchased'], 'orders_status' => $order_status['orders_status_name'], 'last_modified' => $order['last_modified'], 'total' => strip_tags($order_total['text']), 'total_value' => $order_total['value'], 'shipping_method' => substr($shipping_method['title'], -1) == ':' ? substr(strip_tags($shipping_method['title']), 0, -1) : strip_tags($shipping_method['title']), 'comments' => $order['comments']);
$this->customer = array('id' => $order['customers_id'], 'name' => $order['customers_name'], 'firstname' => $order['customers_firstname'], 'secondname' => $order['customers_secondname'], 'lastname' => $order['customers_lastname'], 'csID' => $order['customers_cid'], 'company' => $order['customers_company'], 'street_address' => $order['customers_street_address'], 'suburb' => $order['customers_suburb'], 'city' => $order['customers_city'], 'postcode' => $order['customers_postcode'], 'state' => $order['customers_state'], 'country' => $order['customers_country'], 'format_id' => $order['customers_address_format_id'], 'telephone' => $order['customers_telephone'], 'email_address' => $order['customers_email_address']);
$this->delivery = array('name' => $order['delivery_name'], 'firstname' => $order['delivery_firstname'], 'secondname' => $order['delivery_secondname'], 'lastname' => $order['delivery_lastname'], 'company' => $order['delivery_company'], 'street_address' => $order['delivery_street_address'], 'suburb' => $order['delivery_suburb'], 'city' => $order['delivery_city'], 'postcode' => $order['delivery_postcode'], 'state' => $order['delivery_state'], 'country' => $order['delivery_country'], 'format_id' => $order['delivery_address_format_id']);
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) {
$this->delivery = false;
}
$this->billing = array('name' => $order['billing_name'], 'firstname' => $order['billing_firstname'], 'secondname' => $order['billing_secondname'], 'lastname' => $order['billing_lastname'], 'company' => $order['billing_company'], 'street_address' => $order['billing_street_address'], 'suburb' => $order['billing_suburb'], 'city' => $order['billing_city'], 'postcode' => $order['billing_postcode'], 'state' => $order['billing_state'], 'country' => $order['billing_country'], 'format_id' => $order['billing_address_format_id']);
$index = 0;
$orders_products_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS . " WHERE orders_id = '" . vam_db_input($order_id) . "'");
while ($orders_products = vam_db_fetch_array($orders_products_query)) {
$this->products[$index] = array('qty' => $orders_products['products_quantity'], 'id' => $orders_products['products_id'], 'name' => $orders_products['products_name'], 'model' => $orders_products['products_model'], 'tax' => $orders_products['products_tax'], 'price' => $orders_products['products_price'], 'shipping_time' => $orders_products['products_shipping_time'], 'final_price' => $orders_products['final_price']);
$subindex = 0;
$attributes_query = vam_db_query("SELECT * FROM " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . vam_db_input($order_id) . "' and orders_products_id = '" . $orders_products['orders_products_id'] . "'");
if (vam_db_num_rows($attributes_query)) {
while ($attributes = vam_db_fetch_array($attributes_query)) {
$this->products[$index]['attributes'][$subindex] = array('option' => $attributes['products_options'], 'value' => $attributes['products_options_values'], 'prefix' => $attributes['price_prefix'], 'price' => $attributes['options_values_price']);
$subindex++;
}
}
$this->info['tax_groups']["{$this->products[$index]['tax']}"] = '1';
$index++;
}
}
Copyright (c) 2007 VaM Shop
--------------------------------------------------------------
based on:
(c) 2000-2001 The Exchange Project (earlier name of osCommerce)
(c) 2002-2003 osCommerce(popup_image.php,v 1.6 2002/05/20); www.oscommerce.com
(c) 2003 nextcommerce (popup_image.php,v 1.7 2003/08/18); www.nextcommerce.org
(c) 2004 xt:Commerce (popup_image.php,v 1.7 2003/08/18); xt-commerce.com
Released under the GNU General Public License
--------------------------------------------------------------*/
require 'includes/application_top.php';
reset($_GET);
while (list($key, ) = each($_GET)) {
switch ($key) {
case 'banner':
$banners_id = vam_db_prepare_input($_GET['banner']);
$banner_query = vam_db_query("select banners_title, banners_image, banners_html_text from " . TABLE_BANNERS . " where banners_id = '" . vam_db_input($banners_id) . "'");
$banner = vam_db_fetch_array($banner_query);
$page_title = $banner['banners_title'];
if ($banner['banners_html_text']) {
$image_source = $banner['banners_html_text'];
} elseif ($banner['banners_image']) {
$image_source = vam_image(HTTP_CATALOG_SERVER . DIR_WS_CATALOG_IMAGES . 'banner/' . $banner['banners_image'], $page_title);
}
break;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
$insert_sql_data = array('date_added' => 'now()');
$sql_data_array = vam_array_merge($sql_data_array, $insert_sql_data);
vam_db_perform(TABLE_BLACKLIST, $sql_data_array);
$blacklist_id = vam_db_insert_id();
} elseif ($_GET['action'] == 'save') {
$update_sql_data = array('last_modified' => 'now()');
$sql_data_array = vam_array_merge($sql_data_array, $update_sql_data);
vam_db_perform(TABLE_BLACKLIST, $sql_data_array, 'update', "blacklist_id = '" . vam_db_input($blacklist_id) . "'");
}
if (USE_CACHE == 'true') {
vam_reset_cache_block('blacklist');
}
vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page'] . '&bID=' . $blacklist_id));
break;
case 'deleteconfirm':
$blacklist_id = vam_db_prepare_input($_GET['bID']);
vam_db_query("delete from " . TABLE_BLACKLIST . " where blacklist_id = '" . vam_db_input($blacklist_id) . "'");
if (USE_CACHE == 'true') {
vam_reset_cache_block('manufacturers');
}
vam_redirect(vam_href_link(FILENAME_BLACKLIST, 'page=' . $_GET['page']));
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
}
mysql_free_result($result);
mysql_close();
if (isset($fURL) && $fURL != '') {
$url = HTTP_SERVER . DIR_WS_CATALOG . $fURL;
header("HTTP/1.1 301 Moved Permanently");
header('Location: ' . $url);
exit;
}
}
$PHP_SELF = '/faq.php';
include 'faq.php';
break;
case 'articles':
if (isset($_GET['tPath']) && $_GET['tPath'] != '') {
$query = 'select topics_page_url from ' . TABLE_TOPICS . ' where topics_id="' . vam_db_prepare_input($_GET['tPath']) . '"';
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$tURL = $row['topics_page_url'];
}
mysql_free_result($result);
mysql_close();
if (isset($tURL) && $tURL != '') {
$url = HTTP_SERVER . DIR_WS_CATALOG . $tURL;
header("HTTP/1.1 301 Moved Permanently");
header('Location: ' . $url);
exit;
}
}
$PHP_SELF = '/articles.php';
$countries_id = vam_db_prepare_input($_GET['cID']);
$countries_name = vam_db_prepare_input($_POST['countries_name']);
$countries_iso_code_2 = vam_db_prepare_input($_POST['countries_iso_code_2']);
$countries_iso_code_3 = vam_db_prepare_input($_POST['countries_iso_code_3']);
$address_format_id = vam_db_prepare_input($_POST['address_format_id']);
vam_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . vam_db_input($countries_name) . "', countries_iso_code_2 = '" . vam_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . vam_db_input($countries_iso_code_3) . "', address_format_id = '" . vam_db_input($address_format_id) . "' where countries_id = '" . vam_db_input($countries_id) . "'");
vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id));
break;
case 'deleteconfirm':
$countries_id = vam_db_prepare_input($_GET['cID']);
vam_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . vam_db_input($countries_id) . "'");
vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
break;
case 'setlflag':
$countries_id = vam_db_prepare_input($_GET['cID']);
$status = vam_db_prepare_input($_GET['flag']);
vam_db_query("update " . TABLE_COUNTRIES . " set status = '" . vam_db_input($status) . "' where countries_id = '" . vam_db_input($countries_id) . "'");
vam_redirect(vam_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $countries_id));
break;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$nID = $row['news_id'];
$matched = true;
} else {
$matched = false;
}
if ($matched) {
$HTTP_GET_VARS['news_id'] = $nID;
$_GET['news_id'] = $nID;
mysql_free_result($result);
mysql_close();
$PHP_SELF = '/news.php';
include 'news.php';
} else {
$query = 'select faq_id from ' . TABLE_FAQ . ' where BINARY faq_page_url="' . vam_db_prepare_input($URI_elements[0]) . '"';
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$fID = $row['faq_id'];
$matched = true;
} else {
$matched = false;
}
if ($matched) {
$HTTP_GET_VARS['faq_id'] = $fID;
$_GET['faq_id'] = $fID;
mysql_free_result($result);
mysql_close();
$PHP_SELF = '/faq.php';
include 'faq.php';
// $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
// $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
// break;
// case '**D':
// $mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_newsletter = '1'");
// $mail_sent_to = TEXT_NEWSLETTER_AFFILIATE;
// break;
default:
$affiliate_email_address = vam_db_prepare_input($_POST['affiliate_email_address']);
$mail_query = vam_db_query("select affiliate_firstname, affiliate_lastname, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . vam_db_input($affiliate_email_address) . "'");
$mail_sent_to = $_POST['affiliate_email_address'];
break;
}
$from = vam_db_prepare_input($_POST['from']);
$subject = vam_db_prepare_input($_POST['subject']);
$message = vam_db_prepare_input($_POST['message']);
while ($mail = vam_db_fetch_array($mail_query)) {
vam_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $mail['affiliate_email_address'], $mail['affiliate_firstname'] . ' ' . $mail['affiliate_lastname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', $subject, $message, $message);
}
vam_redirect(vam_href_link(FILENAME_AFFILIATE_CONTACT, 'mail_sent_to=' . urlencode($mail_sent_to)));
}
if ($_GET['action'] == 'preview' && !$_POST['affiliate_email_address']) {
$messageStack->add(ERROR_NO_AFFILIATE_SELECTED, 'error');
}
if (vam_not_null($_GET['mail_sent_to'])) {
$messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to']), 'notice');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
if (isset($_SESSION['payment'])) {
unset($_SESSION['payment']);
}
vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
// process the selected billing destination
} elseif (isset($_POST['address'])) {
$reset_payment = false;
if (isset($_SESSION['billto'])) {
if ($billto != $_POST['address']) {
if (isset($_SESSION['payment'])) {
$reset_payment = true;
}
}
}
$_SESSION['billto'] = vam_db_prepare_input($_POST['address']);
$check_address_query = vam_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $_SESSION['customer_id'] . "' and address_book_id = '" . $_SESSION['billto'] . "'");
$check_address = vam_db_fetch_array($check_address_query);
if ($check_address['total'] == '1') {
if ($reset_payment == true) {
unset($_SESSION['payment']);
}
vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
} else {
unset($_SESSION['billto']);
}
// no addresses to select from - customer decided to keep the current assigned address
} else {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
vam_redirect(vam_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
}
$a_level = vam_db_prepare_input($_GET['a_level']);
$level_clause = " AND a.affiliate_level = '" . $a_level . "'";
}
$affiliate_sales_raw = "select a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent,\n a.affiliate_payment, a.affiliate_level AS level,\n o.orders_status as orders_status_id, os.orders_status_name as orders_status, \n MONTH(aa.affiliate_date_account_created) as start_month, YEAR(aa.affiliate_date_account_created) as start_year\n from " . TABLE_AFFILIATE . " aa\n left join " . TABLE_AFFILIATE_SALES . " a on (aa.affiliate_id = a.affiliate_id )\n left join " . TABLE_ORDERS . " o on (a.affiliate_orders_id = o.orders_id) \n left join " . TABLE_ORDERS_STATUS . " os on (o.orders_status = os.orders_status_id and language_id = '" . $_SESSION['languages_id'] . "')\n where a.affiliate_id = '" . $_SESSION['affiliate_id'] . "' " . $period_clause . $status_clause . $level_clause . " \n group by aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, \n a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, \n o.orders_status, os.orders_status_name\n order by affiliate_date DESC";
$count_key = 'aa.affiliate_date_account_created, o.orders_status, os.orders_status_name, a.affiliate_payment, a.affiliate_date, a.affiliate_value, a.affiliate_percent, o.orders_status, os.orders_status_name';
$affiliate_sales_split = new splitPageResults($affiliate_sales_raw, $_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $count_key);
if ($affiliate_sales_split->number_of_rows > 0) {
$affiliate_sales_values = vam_db_query($affiliate_sales_split->sql_query);
$affiliate_sales = vam_db_fetch_array($affiliate_sales_values);
} else {
$affiliate_sales_values = vam_db_query("select MONTH(affiliate_date_account_created) as start_month,\n YEAR(affiliate_date_account_created) as start_year\n FROM " . TABLE_AFFILIATE . " WHERE affiliate_id = '" . $_SESSION['affiliate_id'] . "'");
$affiliate_sales = vam_db_fetch_array($affiliate_sales_values);
}
$vamTemplate->assign('period_selector', affiliate_period('a_period', $affiliate_sales['start_year'], $affiliate_sales['start_month'], true, vam_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"'));
$vamTemplate->assign('status_selector', affiliate_get_status_list('a_status', vam_db_prepare_input($_GET['a_status']), 'onchange="this.form.submit();"'));
$vamTemplate->assign('level_selector', affiliate_get_level_list('a_level', vam_db_prepare_input($_GET['a_level']), 'onchange="this.form.submit();"'));
require DIR_WS_INCLUDES . 'header.php';
$vamTemplate->assign('affiliate_sales_split_numbers', $affiliate_sales_split->number_of_rows);
$vamTemplate->assign('FORM_ACTION', vam_draw_form('params', vam_href_link(FILENAME_AFFILIATE_SALES), 'get'));
$affiliate_sales_table = '';
if ($affiliate_sales_split->number_of_rows > 0) {
$number_of_sales = 0;
$sum_of_earnings = 0;
do {
$number_of_sales++;
if ($affiliate_sales['orders_status_id'] >= AFFILIATE_PAYMENT_ORDER_MIN_STATUS) {
$sum_of_earnings += $affiliate_sales['affiliate_payment'];
}
if ($number_of_sales / 2 == floor($number_of_sales / 2)) {
$affiliate_sales_table .= '<tr class="productListing-even">';
} else {
$faq_page_url = $alias;
} else {
$faq_page_url = $_POST['faq_page_url'];
}
$sql_data_array = array('question' => vam_db_prepare_input($_POST['question']), 'faq_page_url' => vam_db_prepare_input($faq_page_url), 'answer' => vam_db_prepare_input($_POST['answer']), 'date_added' => 'now()', 'language' => vam_db_prepare_input($_POST['item_language']), 'status' => '1');
vam_db_perform(TABLE_FAQ, $sql_data_array);
$faq_id = vam_db_insert_id();
//not actually used ATM -- just there in case
}
// vam_redirect(vam_href_link(FILENAME_FAQ));
break;
case 'update_faq':
//user wants to modify a faq.
if ($_GET['faq_id']) {
$sql_data_array = array('question' => vam_db_prepare_input($_POST['question']), 'faq_page_url' => vam_db_prepare_input($_POST['faq_page_url']), 'answer' => vam_db_prepare_input($_POST['answer']), 'date_added' => vam_db_prepare_input($_POST['date_added']), 'language' => vam_db_prepare_input($_POST['item_language']));
vam_db_perform(TABLE_FAQ, $sql_data_array, 'update', "faq_id = '" . vam_db_prepare_input($_GET['faq_id']) . "'");
}
// vam_redirect(vam_href_link(FILENAME_FAQ));
break;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
if (is_array($_POST['multi_products']) && (is_array($_POST['dest_cat_ids']) || vam_not_null($_POST['dest_category_id']))) {
foreach ($_POST['multi_products'] as $product_id) {
$product_id = vam_db_prepare_input($product_id);
if (is_array($_POST['dest_cat_ids'])) {
foreach ($_POST['dest_cat_ids'] as $dest_category_id) {
$dest_category_id = vam_db_prepare_input($dest_category_id);
if ($_POST['copy_as'] == 'link') {
$catfunc->link_product($product_id, $dest_category_id);
} elseif ($_POST['copy_as'] == 'duplicate') {
$catfunc->duplicate_product($product_id, $dest_category_id);
} else {
$messageStack->add_session('Copy type not specified.', 'error');
}
}
} elseif (vam_not_null($_POST['dest_category_id'])) {
$dest_category_id = vam_db_prepare_input($_POST['dest_category_id']);
if ($_POST['copy_as'] == 'link') {
$catfunc->link_product($product_id, $dest_category_id);
} elseif ($_POST['copy_as'] == 'duplicate') {
$catfunc->duplicate_product($product_id, $dest_category_id);
} else {
$messageStack->add_session('Copy type not specified.', 'error');
}
}
}
}
vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $dest_category_id . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
}
// --- MULTI COPY ENDS ---
vam_redirect(vam_href_link(FILENAME_CATEGORIES, 'cPath=' . $_GET['cPath'] . '&' . vam_get_all_get_params(array('cPath', 'action', 'pID', 'cID'))));
break;
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
require_once DIR_FS_INC . 'vam_random_charcode.inc.php';
require_once DIR_FS_INC . 'vam_render_vvcode.inc.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
if ($_SESSION['customers_status']['customers_status_write_reviews'] == 0) {
vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (isset($_GET['action']) && $_GET['action'] == 'process') {
if (is_object($product) && $product->isProduct()) {
// We got to the process but it is an illegal product, don't write
$rating = vam_db_prepare_input($_POST['rating']);
$review = vam_db_prepare_input($_POST['review']);
$error = false;
if ($_POST['captcha'] == '' or $_POST['captcha'] != $_SESSION['vvcode']) {
$error = true;
$vamTemplate->assign('captcha_error', ENTRY_CAPTCHA_ERROR);
}
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
$error = true;
$vamTemplate->assign('error', ERROR_INVALID_PRODUCT);
}
if ($rating < 1 || $rating > 5) {
$error = true;
$vamTemplate->assign('error', ERROR_INVALID_PRODUCT);
}
if ($error == false) {
$customer = vam_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$_imgQuery = vam_db_fetch_array($_imgQuery);
if ($_imgQuery['count'] > 0) {
} else {
vam_db_perform(TABLE_PRODUCTS_OPTIONS_IMAGES, $data);
}
}
for ($img = 0; $img < MO_PICS; $img++) {
if ($pIMG =& vam_try_upload('mo_pics_' . $img, DIR_FS_CATALOG_IMAGES . 'product_options/', '777', '')) {
$pname_arr = explode('.', $pIMG->filename);
$nsuffix = array_pop($pname_arr);
$value_image_name = $_POST['value_id'] . '_' . ($img + 1) . '.' . $nsuffix;
rename(DIR_FS_CATALOG_IMAGES . 'product_options/' . $pIMG->filename, DIR_FS_CATALOG_IMAGES . 'product_options/' . $value_image_name);
//get data & write to table
$mo_img = array('products_options_values_id' => vam_db_prepare_input($_POST['value_id']), 'image_nr' => vam_db_prepare_input($img + 1), 'image_name' => vam_db_prepare_input($value_image_name));
// if ($action == 'insert') {
$_imgQuery = vam_db_query("SELECT count(*) as count FROM " . TABLE_PRODUCTS_OPTIONS_IMAGES . " WHERE image_nr='" . ($img + 1) . "' and products_options_values_id='" . vam_db_prepare_input($_POST['value_id']) . "'");
$_imgQuery = vam_db_fetch_array($_imgQuery);
if ($_imgQuery['count'] > 0) {
} else {
vam_db_perform(TABLE_PRODUCTS_OPTIONS_IMAGES, $mo_img);
}
}
}
if ($_POST['del_mo_pic'] != '') {
foreach ($_POST['del_mo_pic'] as $dummy => $val) {
@vam_del_image_options_file($val);
vam_db_query("DELETE FROM " . TABLE_PRODUCTS_OPTIONS_IMAGES . "\n\t\t\t\t\t\t\t\t\t WHERE products_options_values_id = '" . vam_db_input($_POST['value_id']) . "' AND image_name = '" . $val . "'");
}
}
//are we asked to delete some pics?
if ($_POST['del_pic'] != '') {
vam_db_query("insert into " . TABLE_FEATURED . " (products_id, featured_quantity, featured_date_added, expires_date, status) values ('" . $_POST['products_id'] . "', '" . $_POST['featured_quantity'] . "', now(), '" . $expires_date . "', '1')");
vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page']));
break;
case 'update':
// update a product on featured
$expires_date = '';
if ($_POST['expires-dd'] && $_POST['expires-mm'] && $_POST['expires']) {
$expires_date = $_POST['expires'];
$expires_date .= strlen($_POST['expires-mm']) == 1 ? '0' . $_POST['expires-mm'] : $_POST['expires-mm'];
$expires_date .= strlen($_POST['expires-dd']) == 1 ? '0' . $_POST['expires-dd'] : $_POST['expires-dd'];
}
vam_db_query("update " . TABLE_FEATURED . " set featured_quantity = '" . $_POST['featured_quantity'] . "', featured_last_modified = now(), expires_date = '" . $expires_date . "' where featured_id = '" . $_POST['featured_id'] . "'");
vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page'] . '&fID=' . $featured_id));
break;
case 'deleteconfirm':
$featured_id = vam_db_prepare_input($_GET['fID']);
vam_db_query("delete from " . TABLE_FEATURED . " where featured_id = '" . vam_db_input($featured_id) . "'");
vam_redirect(vam_href_link(FILENAME_FEATURED, 'page=' . $_GET['page']));
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $_SESSION['language_charset'];
?>
">
// avoid hack attempts during the checkout procedure by checking the internal cartID
if (isset($_SESSION['cart']->cartID) && isset($_SESSION['cartID'])) {
if ($_SESSION['cart']->cartID != $_SESSION['cartID']) {
vam_redirect(vam_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}
}
// if no shipping method has been selected, redirect the customer to the shipping method selection page
if (!isset($_SESSION['shipping'])) {
vam_redirect(vam_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}
//check if display conditions on checkout page is true
if (isset($_POST['payment'])) {
$_SESSION['payment'] = vam_db_prepare_input($_POST['payment']);
}
if ($_POST['comments_added'] != '') {
$_SESSION['comments'] = vam_db_prepare_input($_POST['comments']);
}
if (!isset($_SESSION['kvit_name'])) {
$_SESSION['kvit_name'] = $_POST['kvit_name'];
}
if (!isset($_SESSION['kvit_address'])) {
$_SESSION['kvit_address'] = $_POST['kvit_address'];
}
if (!isset($_SESSION['qiwi_telephone'])) {
$_SESSION['qiwi_telephone'] = $_POST['qiwi_telephone'];
}
if (!isset($_SESSION['aviso_telephone'])) {
$_SESSION['aviso_telephone'] = $_POST['aviso_telephone'];
}
if (!isset($_SESSION['s_name'])) {
$_SESSION['s_name'] = $_POST['s_name'];
function after_process()
{
global $insert_id, $name, $inn, $kpp, $ogrn, $okpo, $rs, $bank_name, $bik, $ks, $address, $yur_address, $fakt_address, $telephone, $fax, $email, $director, $accountant, $checkout_form_action, $checkout_form_submit;
vam_db_query("INSERT INTO " . TABLE_COMPANIES . " (orders_id, customers_id, name, inn, kpp, ogrn, okpo, rs, bank_name, bik, ks, address, yur_address, fakt_address, telephone, fax, email, director, accountant) VALUES ('" . vam_db_prepare_input($insert_id) . "', '" . (int) $_SESSION['customer_id'] . "', '" . vam_db_prepare_input($_SESSION['s_name']) . "', '" . vam_db_prepare_input($_SESSION['s_inn']) . "', '" . vam_db_prepare_input($_SESSION['s_kpp']) . "', '" . vam_db_prepare_input($_SESSION['s_ogrn']) . "', '" . vam_db_prepare_input($_SESSION['s_okpo']) . "', '" . vam_db_prepare_input($_SESSION['s_rs']) . "', '" . vam_db_prepare_input($_SESSION['s_bank_name']) . "', '" . vam_db_prepare_input($_SESSION['s_bik']) . "', '" . vam_db_prepare_input($_SESSION['s_ks']) . "', '" . vam_db_prepare_input($_SESSION['s_address']) . "', '" . vam_db_prepare_input($_SESSION['s_yur_address']) . "', '" . vam_db_prepare_input($_SESSION['s_fakt_address']) . "', '" . vam_db_prepare_input($_SESSION['s_telephone']) . "', '" . vam_db_prepare_input($_SESSION['s_fax']) . "', '" . vam_db_prepare_input($_SESSION['s_email']) . "', '" . vam_db_prepare_input($_SESSION['s_director']) . "', '" . vam_db_prepare_input($_SESSION['s_accountant']) . "')");
if ($this->order_status) {
vam_db_query("UPDATE " . TABLE_ORDERS . " SET orders_status='" . $this->order_status . "' WHERE orders_id='" . $insert_id . "'");
}
}
function getNext()
{
switch ($this->mode) {
// yearly
case '1':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd), date("Y", $sd) + 1);
break;
// monthly
// monthly
case '2':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd) + 1, 1, date("Y", $sd));
break;
// weekly
// weekly
case '3':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 7, date("Y", $sd));
break;
// daily
// daily
case '4':
$sd = $this->actDate;
$ed = mktime(0, 0, 0, date("m", $sd), date("d", $sd) + 1, date("Y", $sd));
break;
}
if ($ed > $this->endDate) {
$ed = $this->endDate;
}
$filterString = "";
if ($this->statusFilter > 0) {
$filterString .= " AND o.orders_status = " . $this->statusFilter . " ";
}
if (!is_numeric($this->paymentFilter)) {
$filterString .= " AND o.payment_method ='" . vam_db_prepare_input($this->paymentFilter) . "' ";
}
$rqOrders = vam_db_query($this->queryOrderCnt . " WHERE o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString);
$order = vam_db_fetch_array($rqOrders);
$rqShipping = vam_db_query($this->queryShipping . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString);
$shipping = vam_db_fetch_array($rqShipping);
$rqItems = vam_db_query($this->queryItemCnt . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "'" . $filterString . " group by pid " . $this->sortString);
// set the return values
$this->actDate = $ed;
$this->showDate = $sd;
$this->showDateEnd = $ed - 60 * 60 * 24;
// execute the query
$cnt = 0;
$itemTot = 0;
$sumTot = 0;
while ($resp[$cnt] = vam_db_fetch_array($rqItems)) {
// to avoid rounding differences round for every quantum
// multiply with the number of items afterwords.
$price = $resp[$cnt]['psum'] / $resp[$cnt]['pquant'];
// products_attributes
// are there any attributes for this order_id ?
$rqAttr = vam_db_query($this->queryAttr . " AND o.date_purchased >= '" . vam_db_input(date("Y-m-d\\TH:i:s", $sd)) . "' AND o.date_purchased < '" . vam_db_input(date("Y-m-d\\TH:i:s", $ed)) . "' AND op.products_id = " . $resp[$cnt]['pid'] . $filterString . " group by products_options_values order by orders_products_id");
$i = 0;
while ($attr[$i] = vam_db_fetch_array($rqAttr)) {
$i++;
}
// values per date
if ($i > 0) {
$price2 = 0;
$price3 = 0;
$option = array();
$k = -1;
$ord_pro_id_old = 0;
for ($j = 0; $j < $i; $j++) {
if ($attr[$j]['price_prefix'] == "-") {
$price2 += -1 * $attr[$j]['options_values_price'];
$price3 = -1 * $attr[$j]['options_values_price'];
$prefix = "-";
} else {
$price2 += $attr[$j]['options_values_price'];
$price3 = $attr[$j]['options_values_price'];
$prefix = "+";
}
$ord_pro_id = $attr[$j]['orders_products_id'];
if ($ord_pro_id != $ord_pro_id_old) {
$k++;
$l = 0;
// set values
$option[$k]['quant'] = $attr[$j]['attr_cnt'];
$option[$k]['options'][0] = $attr[$j]['products_options'];
$option[$k]['options_values'][0] = $attr[$j]['products_options_values'];
if ($price3 != 0) {
//$option[$k]['price'][0] = vam_add_tax($price3, $resp[$cnt]['ptax']);
$option[$k]['price'][0] = $price3;
} else {
$option[$k]['price'][0] = 0;
}
} else {
$l++;
// update values
$option[$k]['options'][$l] = $attr[$j]['products_options'];
$option[$k]['options_values'][$l] = $attr[$j]['products_options_values'];
if ($price3 != 0) {
//$option[$k]['price'][$l] = vam_add_tax($price3, $resp[$cnt]['ptax']);
$option[$k]['price'][$l] = $price3;
} else {
$option[$k]['price'][$l] = 0;
}
}
$ord_pro_id_old = $ord_pro_id;
}
// set attr value
$resp[$cnt]['attr'] = $option;
} else {
$resp[$cnt]['attr'] = "";
}
//$resp[$cnt]['price'] = vam_add_tax($price, $resp[$cnt]['ptax']);
//$resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * vam_add_tax($price, $resp[$cnt]['ptax']);
$resp[$cnt]['price'] = $price;
$resp[$cnt]['psum'] = $resp[$cnt]['pquant'] * $price;
$resp[$cnt]['order'] = $order['order_cnt'];
$resp[$cnt]['shipping'] = $shipping['shipping'];
// values per date and item
$sumTot += $resp[$cnt]['psum'];
$itemTot += $resp[$cnt]['pquant'];
// add totsum and totitem until current row
$resp[$cnt]['totsum'] = $sumTot;
$resp[$cnt]['totitem'] = $itemTot;
$cnt++;
}
return $resp;
}
}
if (ACCOUNT_POSTCODE == 'true') {
$vamTemplate->assign('postcode', '1');
$vamTemplate->assign('INPUT_CODE', vam_draw_input_fieldNote(array('name' => 'postcode', 'text' => ' ' . (vam_not_null(ENTRY_POST_CODE_TEXT) ? '<span class="Requirement">' . ENTRY_POST_CODE_TEXT . '</span>' : '')), '', 'id="postcode"'));
} else {
$vamTemplate->assign('postcode', '0');
}
if (ACCOUNT_CITY == 'true') {
$vamTemplate->assign('city', '1');
$vamTemplate->assign('INPUT_CITY', vam_draw_input_fieldNote(array('name' => 'city', 'text' => ' ' . (vam_not_null(ENTRY_CITY_TEXT) ? '<span class="Requirement">' . ENTRY_CITY_TEXT . '</span>' : '')), '', 'id="city"'));
} else {
$vamTemplate->assign('city', '0');
}
if (ACCOUNT_STATE == 'true') {
$vamTemplate->assign('state', '1');
$country = isset($_POST['country']) ? vam_db_prepare_input($_POST['country']) : STORE_COUNTRY;
$zone_id = 0;
$check_query = vam_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'");
$check = vam_db_fetch_array($check_query);
$entry_state_has_zones = $check['total'] > 0;
if ($entry_state_has_zones == true) {
$zones_array = array();
$zones_query = vam_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' order by zone_name");
while ($zones_values = vam_db_fetch_array($zones_query)) {
$zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']);
}
$zone = vam_db_query("select distinct zone_id, zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_code = '" . vam_db_input($state) . "'");
if (vam_db_num_rows($zone) > 0) {
$zone_id = $zone['zone_id'];
$zone_name = $zone['zone_name'];
} else {
break;
case '**D':
$mail_query = vam_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_newsletter = '1'");
$mail_sent_to = TEXT_NEWSLETTER_CUSTOMERS;
break;
default:
$customers_email_address = vam_db_prepare_input($_POST['customers_email_address']);
$mail_query = vam_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_email_address = '" . vam_db_input($customers_email_address) . "'");
$mail_sent_to = $_POST['customers_email_address'];
if ($_POST['email_to']) {
$mail_sent_to = $_POST['email_to'];
}
break;
}
$from = vam_db_prepare_input($_POST['from']);
$subject = vam_db_prepare_input($_POST['subject']);
while ($mail = vam_db_fetch_array($mail_query)) {
$id1 = create_coupon_code($mail['customers_email_address']);
// assign language to template for caching
$vamTemplate->assign('language', $_SESSION['language']);
$vamTemplate->caching = false;
$vamTemplate->assign('tpl_path', 'templates/' . CURRENT_TEMPLATE . '/');
$vamTemplate->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$vamTemplate->assign('AMMOUNT', $currencies->format($_POST['amount']));
$vamTemplate->assign('MESSAGE', $_POST['message']);
$vamTemplate->assign('GIFT_ID', $id1);
$vamTemplate->assign('WEBSITE', HTTP_SERVER . DIR_WS_CATALOG);
$link = HTTP_SERVER . DIR_WS_CATALOG . 'gv_redeem.php' . '?gv_no=' . $id1;
$vamTemplate->assign('GIFT_LINK', $link);
$html_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.html');
$txt_mail = $vamTemplate->fetch(CURRENT_TEMPLATE . '/admin/mail/' . $_SESSION['language'] . '/send_gift.txt');
if (reg) { document.customers.state.value = reg; }
}
var zones = new Array(
<?php
$zones_query = vam_db_query("select zone_country_id,zone_name from " . TABLE_ZONES . " order by zone_name asc");
$mas = array();
while ($zones_values = vam_db_fetch_array($zones_query)) {
$zones[] = 'new Array(' . $zones_values['zone_country_id'] . ',"' . $zones_values['zone_name'] . '")';
}
echo implode(',', $zones);
?>
);
document.write('<SELECT NAME="state">');
document.write('</SELECT>');
changeselect("<?php
echo vam_db_prepare_input($_POST['state']);
?>
");
-->
</script>
</td>
</tr>
<?php
}
?>
</table></td>
</tr>
<tr>
<td><?php
echo vam_draw_separator('pixel_trans.gif', '1', '10');
?>
vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . vam_db_input($shipping_status_id) . "' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
}
vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page'] . '&oID=' . $shipping_status_id));
break;
case 'deleteconfirm':
$oID = vam_db_prepare_input($_GET['oID']);
$shipping_status_query = vam_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
$shipping_status = vam_db_fetch_array($shipping_status_query);
if ($shipping_status['configuration_value'] == $oID) {
vam_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_SHIPPING_STATUS_ID'");
}
vam_db_query("delete from " . TABLE_SHIPPING_STATUS . " where shipping_status_id = '" . vam_db_input($oID) . "'");
vam_redirect(vam_href_link(FILENAME_SHIPPING_STATUS, 'page=' . $_GET['page']));
break;
case 'delete':
$oID = vam_db_prepare_input($_GET['oID']);
$remove_status = true;
if ($oID == DEFAULT_SHIPPING_STATUS_ID) {
$remove_status = false;
$messageStack->add(ERROR_REMOVE_DEFAULT_SHIPPING_STATUS, 'error');
} else {
}
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
if ($affiliate_impressions == 0) {
$affiliate_impressions = "n/a";
}
$vamTemplate->assign('affiliate_impressions', $affiliate_impressions);
$vamTemplate->assign('period_selector', affiliate_period('a_period', $affiliate['start_year'], $affiliate['start_month'], true, vam_db_prepare_input($_GET['a_period']), 'onchange="this.form.submit();"'));
$affiliate_percent = 0;
$affiliate_percent = $affiliate['affiliate_commission_percent'];
if ($affiliate_percent < AFFILIATE_PERCENT) {
$affiliate_percent = AFFILIATE_PERCENT;
}
$vamTemplate->assign('affiliate_percent', vam_round($affiliate_percent, 2));
$affiliate_percent_tier = preg_split("/;/", AFFILIATE_TIER_PERCENTAGE, AFFILIATE_TIER_LEVELS);
if (empty($_GET['a_period']) or $_GET['a_period'] == "all") {
$affiliate_sales = affiliate_level_statistics_query($_SESSION['affiliate_id']);
} else {
$affiliate_sales = affiliate_level_statistics_query($_SESSION['affiliate_id'], vam_db_prepare_input($_GET['a_period']));
}
$vamTemplate->assign('affiliate_transactions', vam_not_null($affiliate_sales['count']) ? $affiliate_sales['count'] : 0);
if ($affiliate_clickthroughs > 0) {
$affiliate_conversions = vam_round($affiliate_transactions / $affiliate_clickthroughs * 100, 2) . "%";
} else {
$affiliate_conversions = "n/a";
}
$vamTemplate->assign('affiliate_conversions', $affiliate_conversions);
$vamTemplate->assign('affiliate_amount', $vamPrice->Format($affiliate_sales['total'], true));
if ($affiliate_transactions > 0) {
$affiliate_average = vam_round($affiliate_amount / $affiliate_transactions, 2);
$affiliate_average = $vamPrice->Format($affiliate_average, true);
} else {
$affiliate_average = "n/a";
}
$sql_data_array = array('authors_description' => vam_db_prepare_input($authors_desc_array[$language_id]), 'authors_url' => vam_db_prepare_input($authors_url_array[$language_id]));
if ($action == 'insert') {
$insert_sql_data = array('authors_id' => $authors_id, 'languages_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
vam_db_perform(TABLE_AUTHORS_INFO, $sql_data_array);
} elseif ($action == 'save') {
vam_db_perform(TABLE_AUTHORS_INFO, $sql_data_array, 'update', "authors_id = '" . (int) $authors_id . "' and languages_id = '" . (int) $language_id . "'");
}
}
if (USE_CACHE == 'true') {
vam_reset_cache_block('authors');
}
vam_redirect(vam_href_link(FILENAME_AUTHORS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'auID=' . $authors_id));
break;
case 'deleteconfirm':
$authors_id = vam_db_prepare_input($_GET['auID']);
vam_db_query("delete from " . TABLE_AUTHORS . " where authors_id = '" . (int) $authors_id . "'");
vam_db_query("delete from " . TABLE_AUTHORS_INFO . " where authors_id = '" . (int) $authors_id . "'");
if (isset($_POST['delete_articles']) && $_POST['delete_articles'] == 'on') {
$articles_query = vam_db_query("select articles_id from " . TABLE_ARTICLES . " where authors_id = '" . (int) $authors_id . "'");
while ($articles = vam_db_fetch_array($articles_query)) {
vam_remove_article($articles['articles_id']);
}
} else {
vam_db_query("update " . TABLE_ARTICLES . " set authors_id = '' where authors_id = '" . (int) $authors_id . "'");
}
if (USE_CACHE == 'true') {
vam_reset_cache_block('authors');
}
vam_redirect(vam_href_link(FILENAME_AUTHORS, 'page=' . $_GET['page']));
break;
---------------------------------------------------------------------------------------*/
include 'includes/application_top.php';
// create template elements
$vamTemplate = new vamTemplate();
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include needed functions
require_once DIR_FS_INC . 'vam_validate_password.inc.php';
require_once DIR_FS_INC . 'vam_encrypt_password.inc.php';
if (!isset($_SESSION['customer_id'])) {
vam_redirect(vam_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (isset($_POST['action']) && $_POST['action'] == 'process') {
$password_current = vam_db_prepare_input($_POST['password_current']);
$password_new = vam_db_prepare_input($_POST['password_new']);
$password_confirmation = vam_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = vam_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = vam_db_fetch_array($check_customer_query);
if (vam_validate_password($password_current, $check_customer['customers_password'])) {
<td class="dataTableHeadingContent" align="right"><?php
echo TABLE_HEADING_STATUS;
?>
</td>
<td class="dataTableHeadingContent" align="right"><?php
echo TABLE_HEADING_ACTION;
?>
</td>
</tr>
<?php
if ($_GET['sID']) {
// Search only payment_id by now
$sID = vam_db_prepare_input($_GET['sID']);
$payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where p.affiliate_payment_id = '" . vam_db_input($sID) . "' and p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC";
} elseif (is_numeric($_GET['status'])) {
$status = vam_db_prepare_input($_GET['status']);
$payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where s.affiliate_payment_status_id = '" . vam_db_input($status) . "' and p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC";
} else {
$payments_query_raw = "select p.* , s.affiliate_payment_status_name from " . TABLE_AFFILIATE_PAYMENT . " p , " . TABLE_AFFILIATE_PAYMENT_STATUS . " s where p.affiliate_payment_status = s.affiliate_payment_status_id and s.affiliate_language_id = '" . $_SESSION['languages_id'] . "' order by p.affiliate_payment_id DESC";
}
$payments_split = new splitPageResults($_GET['page'], MAX_DISPLAY_ADMIN_PAGE, $payments_query_raw, $payments_query_numrows);
$payments_query = vam_db_query($payments_query_raw);
while ($payments = vam_db_fetch_array($payments_query)) {
if ((!$_GET['pID'] || $_GET['pID'] == $payments['affiliate_payment_id']) && !$pInfo) {
$pInfo = new objectInfo($payments);
}
if (is_object($pInfo) && $payments['affiliate_payment_id'] == $pInfo->affiliate_payment_id) {
echo ' <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID', 'action')) . 'pID=' . $pInfo->affiliate_payment_id . '&action=edit') . '\'">' . "\n";
} else {
echo ' <tr class="dataTableRow" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'hand\'" onmouseout="this.className=\'dataTableRow\'" onclick="document.location.href=\'' . vam_href_link(FILENAME_AFFILIATE_PAYMENT, vam_get_all_get_params(array('pID')) . 'pID=' . $payments['affiliate_payment_id']) . '\'">' . "\n";
}
Copyright (c) 2007 VaM Shop
--------------------------------------------------------------
based on:
(c) 2000-2001 The Exchange Project (earlier name of osCommerce)
(c) 2002-2003 osCommercecoding standards www.oscommerce.com
(c) 2004 xt:Commerce (popup_memo.php,v 1.7 2003/08/18); xt-commerce.com
Released under the GNU General Public License
--------------------------------------------------------------*/
require 'includes/application_top.php';
include DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/customers.php';
if ($_GET['action']) {
switch ($_GET['action']) {
case 'save':
$memo_title = vam_db_prepare_input($_POST['memo_title']);
$memo_text = vam_db_prepare_input($_POST['memo_text']);
if ($memo_text != '' && $memo_title != '') {
$sql_data_array = array('customers_id' => $_POST['ID'], 'memo_date' => date("Y-m-d"), 'memo_title' => $memo_title, 'memo_text' => nl2br($memo_text), 'poster_id' => $_SESSION['customer_id']);
vam_db_perform(TABLE_CUSTOMERS_MEMO, $sql_data_array);
}
break;
case 'remove':
vam_db_query("DELETE FROM " . TABLE_CUSTOMERS_MEMO . " where memo_id='" . $_GET['mID'] . "'");
break;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html <?php
echo HTML_PARAMS;
?>
