function __construct(&$current_page_number, $max_rows_per_page, &$sql_query, &$query_num_rows, $count_key = '*') { $current_page_number = empty($current_page_number) || $current_page_number < 1 ? 1 : (int) $current_page_number; $pos_to = strlen($sql_query); $pos_from = strpos($sql_query, ' from', 0); $pos_group_by = strpos($sql_query, ' group by', $pos_from); if ($pos_group_by < $pos_to && $pos_group_by != false) { $pos_to = $pos_group_by; } $pos_having = strpos($sql_query, ' having', $pos_from); if ($pos_having < $pos_to && $pos_having != false) { $pos_to = $pos_having; } $pos_order_by = strpos($sql_query, ' order by', $pos_from); if ($pos_order_by < $pos_to && $pos_order_by != false) { $pos_to = $pos_order_by; } if (strpos($sql_query, 'distinct') || strpos($sql_query, 'group by')) { $count_string = 'distinct ' . xos_db_input($count_key); } else { $count_string = xos_db_input($count_key); } $reviews_count_query = xos_db_query("select count(" . $count_string . ") as total " . substr($sql_query, $pos_from, $pos_to - $pos_from)); $reviews_count = xos_db_fetch_array($reviews_count_query); $query_num_rows = $reviews_count['total']; $num_pages = ceil($query_num_rows / $max_rows_per_page); if ($current_page_number > $num_pages) { $current_page_number = $num_pages; } $offset = $max_rows_per_page * ($current_page_number - 1); $sql_query .= " limit " . max($offset, 0) . ", " . $max_rows_per_page; }
function canPerform($user_id, $user_name) { $check_query = xos_db_query("select date_added from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and (" . (!empty($user_id) ? "user_id = '" . (int) $user_id . "' or " : "") . " identifier = '" . xos_db_input($this->identifier) . "') and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit 1"); if (xos_db_num_rows($check_query)) { return false; } else { return true; } }
function canPerform($user_id, $user_name) { $check_query = xos_db_query("select id from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and user_name = '" . xos_db_input($user_name) . "' and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit " . (int) $this->attempts); if (xos_db_num_rows($check_query) == $this->attempts) { return false; } else { return true; } }
function __construct($query, $max_rows, $count_key = '*', $page_holder = 'page') { $this->sql_query = $query; $this->page_name = $page_holder; if (isset($_GET[$page_holder])) { $page = (int) $_GET[$page_holder]; } elseif (isset($_POST[$page_holder])) { $page = (int) $_POST[$page_holder]; } else { $page = 1; } if (empty($page) || $page < 1) { $page = 1; } $this->current_page_number = $page; $this->number_of_rows_per_page = $max_rows; $pos_to = strlen($this->sql_query); $pos_from = strpos($this->sql_query, ' from', 0); $pos_group_by = strpos($this->sql_query, ' group by', $pos_from); if ($pos_group_by < $pos_to && $pos_group_by != false) { $pos_to = $pos_group_by; } $pos_having = strpos($this->sql_query, ' having', $pos_from); if ($pos_having < $pos_to && $pos_having != false) { $pos_to = $pos_having; } $pos_order_by = strpos($this->sql_query, ' order by', $pos_from); if ($pos_order_by < $pos_to && $pos_order_by != false) { $pos_to = $pos_order_by; } if (strpos($this->sql_query, 'distinct') || strpos($this->sql_query, 'group by')) { $count_string = 'distinct ' . xos_db_input($count_key); } else { $count_string = xos_db_input($count_key); } $count_query = xos_db_query("select count(" . $count_string . ") as total " . substr($this->sql_query, $pos_from, $pos_to - $pos_from)); $count = xos_db_fetch_array($count_query); $this->number_of_rows = $count['total']; $this->number_of_pages = ceil($this->number_of_rows / $this->number_of_rows_per_page); if ($this->current_page_number > $this->number_of_pages) { $this->current_page_number = $this->number_of_pages; } $offset = $this->number_of_rows_per_page * ($this->current_page_number - 1); $this->sql_query .= " limit " . max($offset, 0) . ", " . $this->number_of_rows_per_page; }
$orders_history_query = xos_db_query("select orders_status_id, date_added, customer_notified, comments from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_id = '" . xos_db_input($oID) . "' order by date_added, orders_status_history_id"); if (xos_db_num_rows($orders_history_query)) { $orders_history_array = array(); while ($orders_history = xos_db_fetch_array($orders_history_query)) { $customer_notified = false; if ($orders_history['customer_notified'] == '1') { $customer_notified = true; } $orders_history_array[] = array('date_added' => xos_datetime_short($orders_history['date_added']), 'status' => $orders_status_array[$orders_history['orders_status_id']], 'comments' => nl2br(xos_db_output($orders_history['comments'])), 'customer_notified' => $customer_notified); } $smarty->assign('orders_history', $orders_history_array); } else { } $languages_query = xos_db_query("select name from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $order->info['language_id'] . "'"); if (!xos_db_num_rows($languages_query)) { $lang_query = xos_db_query("select name from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'"); $languages = xos_db_fetch_array($lang_query); } else { $languages = xos_db_fetch_array($languages_query); } if (SEND_EMAILS == 'true') { $smarty->assign(array('send_emails' => true, 'checkbox_notify' => xos_draw_checkbox_field('notify', '', true), 'checkbox_notify_comments' => xos_draw_checkbox_field('notify_comments', '', true))); } if (sizeof($order->info['tax_groups']) > 1) { $smarty->assign('tax_groups', true); } $smarty->assign(array('order_id' => $oID, 'order_language_name' => $languages['name'], 'date_purchased' => xos_datetime_short($order->info['date_purchased']), 'customer_address' => xos_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'), 'delivery_address' => xos_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'), 'billing_address' => xos_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'), 'c_id' => $order->customer['c_id'], 'telephone_number' => $order->customer['telephone'], 'email_address' => $order->customer['email_address'], 'payment_method' => $order->info['payment_method'], 'order_products' => $order_products_array, 'order_totals' => $order_totals_array, 'form_begin_status' => xos_draw_form('new_status', FILENAME_ORDERS, xos_get_all_get_params(array('action')) . 'action=update_order'), 'textarea_comments' => xos_draw_textarea_field('comments', '60', '5'), 'pull_down_status' => xos_draw_pull_down_menu('status', $orders_statuses, $order->info['orders_status']), 'form_end' => '</form>', 'link_filename_orders_invoice' => xos_href_link(FILENAME_ORDERS_INVOICE, 'oID=' . $_GET['oID']), 'link_filename_orders_packingslip' => xos_href_link(FILENAME_ORDERS_PACKINGSLIP, 'oID=' . $_GET['oID']), 'link_filename_orders' => xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('action'))), 'edit' => true)); } else { $orders_statuses = array(); $orders_status_query = xos_db_query("select orders_status_id, orders_status_name from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $_SESSION['used_lng_id'] . "'"); while ($orders_status = xos_db_fetch_array($orders_status_query)) {
$elements_comb = explode('|', $combinations['attributes_combinations']); for ($i = 0, $n = sizeof($elements_comb); $i < $n; $i++) { if (strpos($elements_comb[$i], $combinations['options_id'] . ',' . $combinations['options_values_id']) !== false) { $qty -= $attributes_quantity[$elements_comb[$i]] > 0 ? $attributes_quantity[$elements_comb[$i]] : 0; unset($attributes_quantity[$elements_comb[$i]]); unset($elements_comb[$i]); } } ksort($attributes_quantity); ksort($elements_comb); $comb_str = ''; $comb_str = implode('|', $elements_comb); $qty < 1 || $comb_str == '' ? $qty = 0 : ''; if ($comb_str != '') { $comb_str .= '|'; xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "', attributes_combinations = '" . xos_db_input($comb_str) . "', " . $not_updated . " where products_id = '" . (int) $products_id . "'"); } else { xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = null, attributes_combinations = null, attributes_not_updated = null where products_id = '" . (int) $products_id . "'"); } $smarty_cache_control->clearAllCache(); } xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_attributes_id = '" . (int) $attribute_id . "'"); // added for DOWNLOAD_ENABLED. Always try to remove attributes, even if downloads are no longer enabled xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " where products_attributes_id = '" . (int) $attribute_id . "'"); if ($qty < 1 && STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') { xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $products_id . "'"); $smarty_cache_control->clearAllCache(); } $smarty_cache_control->clearCache(null, 'L3|cc_product_info'); xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $parameter_string)); break;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $rating = xos_db_prepare_input($_POST['rating']); $review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000)); $error = false; if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) { $error = true; $messageStack->add('review', JS_REVIEW_TEXT); } if ($rating < 1 || $rating > 5) { $error = true; $messageStack->add('review', JS_REVIEW_RATING); } if ($error == false) { xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())"); $insert_id = xos_db_insert_id(); xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')"); $smarty->clearCache(null, 'L3|cc_reviews'); $smarty->clearCache(null, 'L3|cc_product_reviews'); xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action', 'rmp')) . 'rmp=0'), false); } } require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_WRITE; $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params())); $add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function checkForm() {' . "\n" . ' var error = 0;' . "\n" . ' var error_message = "' . JS_ERROR . '";' . "\n\n" . ' var review = document.product_reviews_write.review.value;' . "\n\n" . ' if (review.length < ' . REVIEW_TEXT_MIN_LENGTH . ') {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_TEXT . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {' . "\n" . ' } else {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_RATING . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'boxes.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'footer.php'; $products_prices = xos_get_product_prices($product_info['products_price']); $products_tax_rate = xos_get_tax_rate($product_info['products_tax_class_id']); $price_breaks_array = array();
// // You should have received a copy of the GNU General Public License // along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_OFFLINE) == 'overwrite_all')) { header('HTTP/1.1 503 Service Temporarily Unavailable'); header('Status: 503 Service Temporarily Unavailable'); $_SESSION['navigation']->remove_current_page(); require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE; $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process') { $email_address = xos_db_prepare_input($_POST['email_address']); $password = xos_db_prepare_input($_POST['password']); // Check if email exists $check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_admin_query)) { $error = true; } else { $check_admin = xos_db_fetch_array($check_admin_query); // Check that password is good if (!xos_validate_password($password, $check_admin['login_password'])) { $error = true; } else { $_SESSION['access_allowed'] = true; xos_redirect(xos_href_link(FILENAME_DEFAULT), false); } } } if ($error == true) { unset($_SESSION['access_allowed']);
function send($newsletter_id) { global $messageStack; if (SEND_EMAILS != 'true') { $messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error'); return false; } $audience = array(); $ids = $_GET['customers_chosen']; $customers_query = xos_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c where c.customers_id in (" . $ids . ")"); while ($customers = xos_db_fetch_array($customers_query)) { $audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']); } if (empty($this->language_directory)) { $lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'"); $lang = xos_db_fetch_array($lang_query); $this->language_directory = $lang['directory']; } //Let's build a message object using the mailer class $email_to_customer = new mailer(); $email_from_value = EMAIL_FROM; $from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8'); $address = ''; $name = ''; $pieces = explode('<', $from); if (count($pieces) == 2) { $address = trim($pieces[1], " >"); $name = trim($pieces[0]); } elseif (count($pieces) == 1) { $pos = stripos($pieces[0], '@'); $address = $pos ? trim($pieces[0], " >") : ''; } $email_to_customer->From = $address; $email_to_customer->FromName = $name; $email_to_customer->WordWrap = '100'; $email_to_customer->Subject = $this->title; $smarty_product_notification = new Smarty(); $smarty_product_notification->template_dir = DIR_FS_SMARTY . 'catalog/templates/'; $smarty_product_notification->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/'; $smarty_product_notification->config_dir = DIR_FS_SMARTY . 'catalog/'; $smarty_product_notification->cache_dir = DIR_FS_SMARTY . 'catalog/cache/'; $smarty_product_notification->left_delimiter = '[@{'; $smarty_product_notification->right_delimiter = '}@]'; $is_html = false; if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') { $is_html = true; $smarty_product_notification->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain)); $smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_html.tpl'); $output_product_notification_email_html = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_html.tpl'); $smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl'); $output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl'); $email_to_customer->isHTML(true); } else { $smarty_product_notification->assign('content_text_plain', $this->content_text_plain); $smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl'); $output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl'); $email_to_customer->isHTML(false); } reset($audience); while (list($key, $value) = each($audience)) { if ($is_html) { $email_to_customer->Body = $output_product_notification_email_html; $email_to_customer->AltBody = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8'); } else { $email_to_customer->Body = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8'); } $email_to_customer->addAddress($value['email_address'], $value['firstname'] . ' ' . $value['lastname']); if (!$email_to_customer->send()) { $messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_customer->ErrorInfo, '<' . $value['email_address'] . '>'), 'error'); } else { $messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '<' . $value['email_address'] . '>'), 'success'); } $email_to_customer->clearAddresses(); } $newsletter_id = xos_db_prepare_input($newsletter_id); xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'"); }
function send($newsletter_id) { global $messageStack; if (SEND_EMAILS != 'true') { $messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error'); return false; } $ids = $_GET['customers_chosen']; $mail_query = xos_db_query("select s.subscriber_id, s.subscriber_email_address, s.subscriber_identity_code, c.customers_firstname, c.customers_lastname from " . TABLE_NEWSLETTER_SUBSCRIBERS . " s left join " . TABLE_CUSTOMERS . " c on s.customers_id = c.customers_id where s.subscriber_id in (" . $ids . ") order by s.customers_id"); if (empty($this->language_directory)) { $lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'"); $lang = xos_db_fetch_array($lang_query); $this->language_directory = $lang['directory']; } //Let's build a message object using the mailer class $email_to_subscriber = new mailer(); $email_from_value = EMAIL_FROM; $from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8'); $address = ''; $name = ''; $pieces = explode('<', $from); if (count($pieces) == 2) { $address = trim($pieces[1], " >"); $name = trim($pieces[0]); } elseif (count($pieces) == 1) { $pos = stripos($pieces[0], '@'); $address = $pos ? trim($pieces[0], " >") : ''; } $email_to_subscriber->From = $address; $email_to_subscriber->FromName = $name; $email_to_subscriber->WordWrap = '100'; $email_to_subscriber->Subject = $this->title; $smarty_newsletter = new Smarty(); $smarty_newsletter->template_dir = DIR_FS_SMARTY . 'catalog/templates/'; $smarty_newsletter->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/'; $smarty_newsletter->config_dir = DIR_FS_SMARTY . 'catalog/'; $smarty_newsletter->cache_dir = DIR_FS_SMARTY . 'catalog/cache/'; $smarty_newsletter->left_delimiter = '[@{'; $smarty_newsletter->right_delimiter = '}@]'; $is_html = false; if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') { $is_html = true; $smarty_newsletter->assign(array('nl' => "\n", 'html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain)); $smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_html'); $output_newsletter_email_html = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_html.tpl'); $smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text'); $output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl'); $email_to_subscriber->isHTML(true); } else { $smarty_newsletter->assign(array('nl' => "\n", 'content_text_plain' => $this->content_text_plain)); $smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text'); $output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl'); $email_to_subscriber->isHTML(false); } while ($mail = xos_db_fetch_array($mail_query)) { $link_unsubscribe = xos_catalog_href_link('newsletter_subscribe.php', 'action=unsubscribe&identity_code=' . $mail['subscriber_identity_code'], 'SSL'); if ($is_html) { $email_to_subscriber->Body = $output_newsletter_email_html . '<a href="' . $link_unsubscribe . '" target="_blank">' . $link_unsubscribe . '</a>' . "\n" . '</div>' . "\n" . '</body>' . "\n" . '</html>' . "\n"; $email_to_subscriber->AltBody = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8'); } else { $email_to_subscriber->Body = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8'); } $email_to_subscriber->addAddress($mail['subscriber_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname']); if (!$email_to_subscriber->send()) { $messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_subscriber->ErrorInfo, '<' . $mail['subscriber_email_address'] . '>'), 'error'); } else { $messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '<' . $mail['subscriber_email_address'] . '>'), 'success'); } $email_to_subscriber->clearAddresses(); } $newsletter_id = xos_db_prepare_input($newsletter_id); xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'"); }
$value = xos_db_prepare_input($_POST['value']); $languages = xos_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; $sql_data_array = array('title' => xos_db_prepare_input(htmlspecialchars($title_array[$language_id])), 'code' => $code, 'symbol_left' => xos_db_prepare_input(htmlspecialchars($symbol_left_array[$language_id])), 'symbol_right' => xos_db_prepare_input(htmlspecialchars($symbol_right_array[$language_id])), 'decimal_point' => xos_db_prepare_input($decimal_point_array[$language_id]), 'thousands_point' => xos_db_prepare_input($thousands_point_array[$language_id]), 'decimal_places' => $decimal_places, 'value' => $value, 'last_updated' => 'now()'); if ($action == 'insert') { $insert_sql_data = array('currencies_id' => (int) $currency_id, 'language_id' => (int) $language_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); xos_db_perform(TABLE_CURRENCIES, $sql_data_array); $currency_id = xos_db_insert_id(); } elseif ($action == 'save') { xos_db_perform(TABLE_CURRENCIES, $sql_data_array, 'update', "currencies_id = '" . (int) $currency_id . "' and language_id = '" . (int) $language_id . "'"); } } if (isset($_POST['default']) && $_POST['default'] == 'on') { xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($code) . "' where configuration_key = 'DEFAULT_CURRENCY'"); } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id)); break; case 'deleteconfirm': $currencies_id = xos_db_prepare_input($_GET['cID']); $currency_query = xos_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . DEFAULT_CURRENCY . "'"); $currency = xos_db_fetch_array($currency_query); if ($currency['currencies_id'] == $currencies_id) { xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_CURRENCY'"); } xos_db_query("delete from " . TABLE_CURRENCIES . " where currencies_id = '" . (int) $currencies_id . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'])); break;
} if (isset($search_keywords) && sizeof($search_keywords) > 0) { $where_str .= " and ("; for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $keyword = xos_db_prepare_input($search_keywords[$i]); $where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'"; if (isset($_GET['sid']) && $_GET['sid'] == '1') { $where_str .= " or pd.products_description like '%" . xos_db_input($keyword) . "%' or pd.products_info like '%" . xos_db_input($keyword) . "%'"; } $where_str .= ')'; break; } } $where_str .= " )"; } if (xos_not_null($dfrom)) { $where_str .= " and p.products_date_added >= '" . xos_date_raw($dfrom) . "'"; } if (xos_not_null($dto)) { $where_str .= " and p.products_date_added <= '" . xos_date_raw($dto) . "'"; } if ($currencies->is_set($_SESSION['currency'])) { $rate = $currencies->get_value($_SESSION['currency']);
} 'input_coupon_startdate' => xos_draw_date_selector('coupon_startdate', mktime(0,0,0, $coupon_startdate[1], $coupon_startdate[2], $coupon_startdate[0])), 'input_coupon_finishdate' => xos_draw_date_selector('coupon_finishdate', mktime(0,0,0, $coupon_finishdate[1], $coupon_finishdate[2], $coupon_finishdate[0])), */ $languages = xos_get_languages(); $coupon_content_array = array(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; $coupon_content_array[] = array('languages_image' => xos_image(DIR_WS_CATALOG_IMAGES . 'catalog/templates/' . DEFAULT_TPL . '/' . $languages[$i]['directory'] . '/' . $languages[$i]['image'], $languages[$i]['name']), 'input_coupon_name' => xos_draw_input_field('coupon_name[' . $languages[$i]['id'] . ']', $coupon_name[$language_id]), 'textarea_coupon_desc' => xos_draw_textarea_field('coupon_desc[' . $languages[$i]['id'] . ']', '24', '3', $coupon_desc[$language_id])); } $smarty->assign(array('new' => true, 'form_begin' => xos_draw_form('coupon', FILENAME_COUPON_ADMIN, 'action=update&oldaction=' . ($oldaction == 'voucheredit' ? $oldaction : $action) . '&cid=' . $_GET['cid'], 'post', 'enctype="multipart/form-data"'), 'radio_coupon_status_Y' => xos_draw_radio_field('coupon_status', 'Y', $in_status), 'radio_coupon_status_N' => xos_draw_radio_field('coupon_status', 'N', $out_status), 'input_coupon_amount' => xos_draw_input_field('coupon_amount', $coupon_amount), 'input_coupon_min_order' => xos_draw_input_field('coupon_min_order', $coupon_min_order), 'checkbox_coupon_free_ship' => xos_draw_checkbox_field('coupon_free_ship', $coupon_free_ship), 'input_coupon_code' => xos_draw_input_field('coupon_code', $coupon_code), 'input_coupon_uses_coupon' => xos_draw_input_field('coupon_uses_coupon', $coupon_uses_coupon), 'input_coupon_uses_user' => xos_draw_input_field('coupon_uses_user', $coupon_uses_user), 'input_coupon_products' => xos_draw_input_field('coupon_products', $coupon_products), 'input_coupon_categories' => xos_draw_input_field('coupon_categories', $coupon_categories), 'input_coupon_startdate' => xos_draw_input_field('coupon_startdate', xos_date_format(DATE_FORMAT_SHORT), 'id="coupon_startdate" style="background: #ffffcc;" size ="10"'), 'input_coupon_finishdate' => xos_draw_input_field('coupon_finishdate', xos_date_format(DATE_FORMAT_SHORT, mktime(0, 0, 0, date("m"), date("d"), date("Y") + 1)), 'id="coupon_finishdate" style="background: #ffffcc;" size ="10"'), 'link_filename_coupon_admin' => xos_href_link(FILENAME_COUPON_ADMIN), 'hidden_field_date_created' => xos_draw_hidden_field('date_created', $date_created), 'coupon_content' => $coupon_content_array, 'form_end' => '</form>')); break; default: if ($_GET['status'] == 'Y' || $_GET['status'] == 'N') { $cc_query_raw = "select coupon_active, coupon_id, coupon_code, coupon_amount, coupon_minimum_order, coupon_type, coupon_start_date,coupon_expire_date,uses_per_user,uses_per_coupon,restrict_to_products, restrict_to_categories, date_created,date_modified from " . TABLE_COUPONS . " where coupon_active='" . xos_db_input($_GET['status']) . "' and coupon_type != 'G'"; } else { $cc_query_raw = "select coupon_active, coupon_id, coupon_code, coupon_amount, coupon_minimum_order, coupon_type, coupon_start_date,coupon_expire_date,uses_per_user,uses_per_coupon,restrict_to_products, restrict_to_categories, date_created,date_modified from " . TABLE_COUPONS . " where coupon_type != 'G'"; } $cc_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $cc_query_raw, $cc_query_numrows); $cc_query = xos_db_query($cc_query_raw); $cc_list_array = array(); while ($cc_list = xos_db_fetch_array($cc_query)) { $redeem_query = xos_db_query("select redeem_date from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $cc_list['coupon_id'] . "'"); if ($_GET['status'] == 'R' && xos_db_num_rows($redeem_query) == 0) { continue; } if ((!$_GET['cid'] || @$_GET['cid'] == $cc_list['coupon_id']) && !$cInfo) { $cInfo = new objectInfo($cc_list); } $selected = false;
xos_db_query("insert into " . TABLE_MANUFACTURERS_INFO . " (manufacturers_id, languages_id, manufacturers_name, manufacturers_url) values ('" . $manufacturers['manufacturers_id'] . "', '" . (int) $lID . "', '" . xos_db_input($manufacturers['manufacturers_name']) . "', '" . xos_db_input($manufacturers['manufacturers_url']) . "')"); } // create additional orders_status records $orders_status_query = xos_db_query("select orders_status_id, orders_status_name, orders_status_code, public_flag, downloads_flag from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $default_language_id['languages_id'] . "'"); while ($orders_status = xos_db_fetch_array($orders_status_query)) { xos_db_query("insert into " . TABLE_ORDERS_STATUS . " (orders_status_id, language_id, orders_status_name, orders_status_code, public_flag, downloads_flag) values ('" . (int) $orders_status['orders_status_id'] . "', '" . (int) $lID . "', '" . xos_db_input($orders_status['orders_status_name']) . "', '" . xos_db_input($orders_status['orders_status_code']) . "', '" . (int) $orders_status['public_flag'] . "', '" . (int) $orders_status['downloads_flag'] . "')"); } // create additional tax_rates_description records $tax_rates_query = xos_db_query("select tr.tax_rates_id, trd.tax_description from " . TABLE_TAX_RATES . " tr left join " . TABLE_TAX_RATES_DESCRIPTION . " trd on tr.tax_rates_id = trd.tax_rates_id where trd.language_id = '" . (int) $default_language_id['languages_id'] . "'"); while ($tax_rates = xos_db_fetch_array($tax_rates_query)) { xos_db_query("insert into " . TABLE_TAX_RATES_DESCRIPTION . " (tax_rates_id, language_id, tax_description) values ('" . (int) $tax_rates['tax_rates_id'] . "', '" . (int) $lID . "', '" . xos_db_input($tax_rates['tax_description']) . "')"); } // create additional currencies records $currencies_query = xos_db_query("select currencies_id, title, code, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value, last_updated from " . TABLE_CURRENCIES . " where language_id = '" . (int) $default_language_id['languages_id'] . "'"); while ($currencies = xos_db_fetch_array($currencies_query)) { xos_db_query("insert into " . TABLE_CURRENCIES . " (currencies_id, language_id, title, code, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value, last_updated) values ('" . (int) $currencies['currencies_id'] . "', '" . (int) $lID . "', '" . xos_db_input($currencies['title']) . "', '" . xos_db_input($currencies['code']) . "', '" . xos_db_input($currencies['symbol_left']) . "', '" . xos_db_input($currencies['symbol_right']) . "', '" . xos_db_input($currencies['decimal_point']) . "', '" . xos_db_input($currencies['thousands_point']) . "', '" . (int) $currencies['decimal_places'] . "', '" . xos_db_input($currencies['value']) . "', '" . xos_db_input($currencies['last_updated']) . "')"); } } if ($_SESSION['languages_id'] == (int) $lID && $use_in_id < '3') { unset($_SESSION['language']); } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page'] . '&lID=' . $_GET['lID'])); break; case 'deleteconfirm': $lID = xos_db_prepare_input($_GET['lID']); xos_db_query("delete from " . TABLE_BANNERS_CONTENT . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_CATEGORIES_OR_PAGES_DATA . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_CONTENTS_DATA . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_PRODUCTS_DESCRIPTION . " where language_id = '" . (int) $lID . "'"); xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $lID . "'");
$from_str = "from " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS_INFO . " mi on (p.manufacturers_id = mi.manufacturers_id and mi.languages_id = '" . (int) $_SESSION['languages_id'] . "') left join " . TABLE_PRODUCTS_PRICES . " ppz on p.products_id = ppz.products_id and ppz.customers_group_id = '0' left join " . TABLE_PRODUCTS_PRICES . " pp on p.products_id = pp.products_id and pp.customers_group_id = '" . $customer_group_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id and s.customers_group_id = '" . $customer_group_id . "'"; $from_str .= ", " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c"; $where_str = " where p.products_status = '1' and c.categories_or_pages_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id "; if (isset($search_keywords) && sizeof($search_keywords) > 0) { $where_str .= " and ("; for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $keyword = xos_db_prepare_input($search_keywords[$i]); $where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'"; $where_str .= ')'; break; } } $where_str .= " )"; } if (empty($_GET['sort']) || !preg_match('/^[0-9][ad]$/', $_GET['sort']) || substr($_GET['sort'], 0, 1) > sizeof($column_list)) { for ($i = 0, $n = sizeof($column_list); $i < $n; $i++) { if ($column_list[$i] == 'PRODUCT_LIST_NAME') { $_GET['sort'] = $i . 'a'; $order_str = ' order by pd.products_name'; break; } } } else {
// osCommerce, Open Source E-Commerce Solutions // http://www.oscommerce.com // Copyright (c) 2003 osCommerce // filename: configuration.php // // Released under the GNU General Public License //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_CONFIGURATION) == 'overwrite_all')) { $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'save': $configuration_value = is_array($_POST['configuration_value']) ? implode(',', xos_db_prepare_input($_POST['configuration_value'])) : xos_db_prepare_input(htmlspecialchars($_POST['configuration_value'])); $cID = xos_db_prepare_input($_GET['cID']); xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($configuration_value) . "', last_modified = now() where configuration_id = '" . (int) $cID . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . $cID)); break; } } $gID = isset($_GET['gID']) ? $_GET['gID'] : 1; $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php'; require DIR_WS_INCLUDES . 'column_left.php'; require DIR_WS_INCLUDES . 'footer.php'; $configuration_query = xos_db_query("select configuration_id, configuration_key as lang_key, configuration_value, use_function from " . TABLE_CONFIGURATION . " where configuration_group_id = '" . (int) $gID . "' order by sort_order"); $configurations_array = array(); while ($configuration = xos_db_fetch_array($configuration_query)) { if (xos_not_null($configuration['use_function'])) {
function xos_remove_order($order_id, $restock = false, $orders_status_code = '') { global $messageStack; $order_query = xos_db_query("select products_id, products_model, products_name, products_attributes_sting, products_quantity from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'"); while ($order = xos_db_fetch_array($order_query)) { $error = false; if ($restock == 'on') { $stock_query = xos_db_query("select products_quantity, attributes_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int) $order['products_id'] . "'"); $stock_values = xos_db_fetch_array($stock_query); if (xos_not_null($order['products_attributes_sting'])) { $attributes_quantity = xos_get_attributes_quantity($stock_values['attributes_quantity']); if (xos_not_null($attributes_quantity[$order['products_attributes_sting']])) { $stock_new = $attributes_quantity[$order['products_attributes_sting']] + $order['products_quantity']; if ($attributes_quantity[$order['products_attributes_sting']] >= 0) { $stock_values['products_quantity'] = $stock_values['products_quantity'] + $order['products_quantity']; } else { $stock_values['products_quantity'] = $stock_values['products_quantity'] + max(0, $stock_new); } $attributes_quantity[$order['products_attributes_sting']] = $stock_new; xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $stock_values['products_quantity'] . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "' where products_id = '" . (int) $order['products_id'] . "'"); } else { $error = true; $messageStack->add_session('header', sprintf(COULD_NOT_RESTOCK_PRODUCT_QUANTITY, $order['products_model'], $order['products_name']), 'error'); } } else { if (xos_not_null($stock_values['attributes_quantity'])) { $error = true; $messageStack->add_session('header', sprintf(COULD_NOT_RESTOCK_PRODUCT_QUANTITY, $order['products_model'], $order['products_name']), 'error'); } else { xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = products_quantity + " . $order['products_quantity'] . ", products_last_modified = now() where products_id = '" . (int) $order['products_id'] . "'"); } } } // Update products_ordered (for bestsellers list) if (!$error && $orders_status_code != 'paypal_st') { xos_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered - " . $order['products_quantity'] . " where products_id = '" . (int) $order['products_id'] . "'"); } } xos_db_query("delete from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'"); xos_db_query("delete from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'"); xos_db_query("delete from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int) $order_id . "'"); xos_db_query("delete from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_id = '" . (int) $order_id . "'"); xos_db_query("delete from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "'"); xos_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int) $order_id . '"'); }
// Copyright (c) 2003 osCommerce // filename: reviews.php // // Released under the GNU General Public License //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_REVIEWS) == 'overwrite_all')) { $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'update': $reviews_id = xos_db_prepare_input($_GET['rID']); $reviews_rating = xos_db_prepare_input($_POST['reviews_rating']); $reviews_text = xos_db_prepare_input(substr(strip_tags($_POST['reviews_text']), 0, 1000)); xos_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . xos_db_input($reviews_rating) . "', last_modified = now() where reviews_id = '" . (int) $reviews_id . "'"); xos_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . xos_db_input($reviews_text) . "' where reviews_id = '" . (int) $reviews_id . "'"); $smarty_cache_control->clearCache(null, 'L3|cc_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info'); xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id)); break; case 'deleteconfirm': $reviews_id = xos_db_prepare_input($_GET['rID']); xos_db_query("delete from " . TABLE_REVIEWS . " where reviews_id = '" . (int) $reviews_id . "'"); xos_db_query("delete from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . (int) $reviews_id . "'"); $smarty_cache_control->clearCache(null, 'L3|cc_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews'); $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info'); xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'])); break; }
} $smarty->assign(array('shipping_allowed' => $shipping_allowed_array, 'new' => true, 'form_begin_customers_new' => xos_draw_form('customers', FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action')) . 'action=newconfirm', 'post', 'onsubmit="return check_form();"'), 'group_name_in_values' => xos_draw_input_field('customers_group_name', '', 'maxlength="32"', false), 'group_discount_in_out_values' => xos_draw_input_field('customers_group_discount', $cInfo->customers_group_discount, 'maxlength="5" size="5"', false), 'group_show_tax_in_values' => xos_draw_pull_down_menu('customers_group_show_tax', $cg_show_tax_array, '1'), 'group_tax_exempt_in_values' => xos_draw_pull_down_menu('customers_group_tax_exempt', $cg_tax_exempt_array, '0'), 'group_payment_settings_in_values_1' => xos_draw_radio_field('group_payment_settings', '1', false, '0'), 'group_payment_settings_in_values_0' => xos_draw_radio_field('group_payment_settings', '0', false, '0'), 'group_shipment_settings_in_values_1' => xos_draw_radio_field('group_shipment_settings', '1', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'group_shipment_settings_in_values_0' => xos_draw_radio_field('group_shipment_settings', '0', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'link_filename_customers_groups' => xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action', 'cID'))), 'form_end' => '</form>')); } else { switch ($_GET[listing]) { case "group": $order = "g.customers_group_name"; break; case "group-desc": $order = "g.customers_group_name DESC"; break; default: $order = "g.customers_group_id ASC"; } $search_string = ''; if ($_GET['search'] && xos_not_null($_GET['search'])) { $keywords = xos_db_input(xos_db_prepare_input($_GET['search'])); $search_string = "where g.customers_group_name like '%" . $keywords . "%'"; } $customers_groups_query_raw = "select g.customers_group_id, g.customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " g " . $search_string . " order by {$order}"; $customers_groups_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $customers_groups_query_raw, $customers_groups_query_numrows); $customers_groups_query = xos_db_query($customers_groups_query_raw); $customers_groups_array = array(); while ($customers_groups = xos_db_fetch_array($customers_groups_query)) { $info_query = xos_db_query("select customers_info_date_account_created as date_account_created, customers_info_date_account_last_modified as date_account_last_modified, customers_info_date_of_last_logon as date_last_logon, customers_info_number_of_logons as number_of_logons from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . $customers_groups['customers_group_id'] . "'"); $info = xos_db_fetch_array($info_query); if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $customers_groups['customers_group_id']) && !isset($cInfo)) { $cInfo = new objectInfo($customers_groups); } $selected = false; if (is_object($cInfo) && $customers_groups['customers_group_id'] == $cInfo->customers_group_id) { $selected = true;
function xos_whos_online_update_session_id($old_id, $new_id) { xos_db_query("update " . TABLE_WHOS_ONLINE . " set session_id = '" . xos_db_input($new_id) . "' where session_id = '" . xos_db_input($old_id) . "'"); }
if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) { $error = true; $messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR); } if ($error == false) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = xos_date_raw($dob); } xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname); if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'"); // reset the session variables if (ACCOUNT_GENDER == 'true') { $_SESSION['customer_gender'] = $gender; } $_SESSION['customer_first_name'] = $firstname; $_SESSION['customer_lastname'] = $lastname; $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success'); xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); } }
xos_db_perform(TABLE_ORDERS_STATUS, $sql_data_array, 'update', "orders_status_id = '" . (int) $orders_status_id . "' and language_id = '" . (int) $language_id . "'"); } } if (isset($_POST['default']) && $_POST['default'] == 'on') { xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($orders_status_id) . "' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'"); } xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page'] . '&oID=' . $orders_status_id)); break; case 'deleteconfirm': $oID = xos_db_prepare_input($_GET['oID']); $orders_status_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'"); $orders_status = xos_db_fetch_array($orders_status_query); if ($orders_status['configuration_value'] == $oID) { xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'"); } xos_db_query("delete from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . xos_db_input($oID) . "'"); xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page'])); break; case 'delete': $oID = xos_db_prepare_input($_GET['oID']); $status_query = xos_db_query("select count(*) as count from " . TABLE_ORDERS . " where orders_status = '" . (int) $oID . "'"); $status = xos_db_fetch_array($status_query); $remove_status = true; if ($oID == DEFAULT_ORDERS_STATUS_ID) { $remove_status = false; $messageStack->add('header', ERROR_REMOVE_DEFAULT_ORDER_STATUS, 'error'); } elseif ($status['count'] > 0) { $remove_status = false; $messageStack->add('header', ERROR_STATUS_USED_IN_ORDERS, 'error'); } else { $history_query = xos_db_query("select count(*) as count from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_status_id = '" . (int) $oID . "'");
$insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array); } elseif ($action == 'save') { xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'"); } } $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'mID=' . $manufacturers_id)); break; case 'deleteconfirm': $manufacturers_id = xos_db_prepare_input($_GET['mID']); if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') { $manufacturer_query = xos_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'"); $manufacturer = xos_db_fetch_array($manufacturer_query); $duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($manufacturer['manufacturers_image']) . "'"); $duplicate_image = xos_db_fetch_array($duplicate_image_query); if ($duplicate_image['total'] < 2) { $image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image']; @unlink($image_location); } } xos_db_query("delete from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'"); xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $manufacturers_id . "'"); if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') { $products_query = xos_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers_id . "'"); while ($products = xos_db_fetch_array($products_query)) { xos_remove_product($products['products_id']); } } else { xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), manufacturers_id = '' where manufacturers_id = '" . (int) $manufacturers_id . "'");
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $new_country_id)); break; case 'save': $countries_id = xos_db_prepare_input($_GET['cID']); $countries_name = xos_db_prepare_input($_POST['countries_name']); $actual_countries_name = xos_db_prepare_input($_POST['actual_countries_name']); $countries_iso_code_2 = xos_db_prepare_input($_POST['countries_iso_code_2']); $countries_iso_code_3 = xos_db_prepare_input($_POST['countries_iso_code_3']); $address_format_id = xos_db_prepare_input($_POST['address_format_id']); if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) { $check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'"); if (xos_db_num_rows($check_query) || $countries_name == '') { xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name)); } } xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); break; case 'deleteconfirm': $countries_id = xos_db_prepare_input($_GET['cID']); xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'"); xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'"); $smarty_cache_control->clearAllCache(); xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'])); break; } } $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n"; require DIR_WS_INCLUDES . 'html_header.php'; require DIR_WS_INCLUDES . 'header.php';
if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') { xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'"); $smarty->clearAllCache(); } } else { $stock_query = xos_db_query("select products_quantity, attributes_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int) $product_id . "'"); $stock_values = xos_db_fetch_array($stock_query); $attributes_quantity = xos_get_attributes_quantity($stock_values['attributes_quantity']); if (xos_not_null($attributes_quantity)) { list($prid, $params_sting) = explode('-', $order->products[$i]['id']); $stock_left = $attributes_quantity[$params_sting] - $order->products[$i]['qty']; if ($attributes_quantity[$params_sting] > 0) { $stock_values['products_quantity'] = $stock_values['products_quantity'] - min($attributes_quantity[$params_sting], $order->products[$i]['qty']); } $attributes_quantity[$params_sting] = $stock_left; xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) max(0, $stock_values['products_quantity']) . "', attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "' where products_id = '" . (int) $product_id . "'"); if ($stock_left < 1) { $smarty->clearCache(null, 'L3|cc_product_info'); } if ($stock_values['products_quantity'] < 1 && STOCK_ALLOW_CHECKOUT == 'false') { xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'"); $smarty->clearAllCache(); } } } } // Update products_ordered (for bestsellers list) xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . xos_get_prid($order->products[$i]['id']) . "'"); $attributes_sting = null; if (strpos($order->products[$i]['id'], '-') !== false) { list($prid, $attributes_sting) = explode('-', $order->products[$i]['id']);
$mailer_error = true; $messageStack->add_session('header', sprintf(ERROR_PHP_MAILER, $gv_email->ErrorInfo, $mail_sent_to), 'error'); } else { // Now create the coupon email entry xos_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $amount . "', now())"); $insert_id = xos_db_insert_id(); xos_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $mail_sent_to . "', now() )"); } $_SESSION['used_lng_id'] = $used_lang_id; } else { $used_lang_id = $_SESSION['used_lng_id']; while ($mail = xos_db_fetch_array($mail_query)) { $id1 = create_coupon_code($mail['customers_email_address']); $languages_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $mail['language_id'] . "'"); if (!xos_db_num_rows($languages_query)) { $lang_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'"); $languages = xos_db_fetch_array($lang_query); } else { $languages = xos_db_fetch_array($languages_query); } $_SESSION['used_lng_id'] = $languages['languages_id']; $currencies = new currencies(); if (EMAIL_USE_HTML == 'true') { $smarty_gv_email->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => $languages['code'], 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG_IMAGES . 'email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . DEFAULT_TPL . '/') . EMAIL_SHOP_LOGO, 'gv_message' => $message, 'gv_id' => $id1, 'gv_amount' => $currencies->format($amount), 'link_shop' => xos_catalog_href_link(), 'link_gv_redeem' => xos_catalog_href_link(FILENAME_CATALOG_GV_REDEEM, 'gv_no=' . $id1, 'SSL'))); $smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_html'); $output_gv_email_html = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_html.tpl'); $smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_text'); $output_gv_email_text = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_text.tpl'); $gv_email->isHTML(true); $gv_email->Body = $output_gv_email_html; $gv_email->AltBody = $output_gv_email_text;
$error = true; $messageStack->add('addressbook', ENTRY_CITY_ERROR); $smarty->assign('city_error', true); } if (!is_numeric($country)) { $error = true; $messageStack->add('addressbook', ENTRY_COUNTRY_ERROR); $smarty->assign('country_error', true); } if (ACCOUNT_STATE == 'true') { $zone_id = 0; $check_query = xos_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'"); $check = xos_db_fetch_array($check_query); $entry_state_has_zones = $check['total'] > 0; if ($entry_state_has_zones == true) { $zone_query = xos_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_name = '" . xos_db_input($state) . "'"); if (xos_db_num_rows($zone_query) == 1) { $zone = xos_db_fetch_array($zone_query); $zone_id = $zone['zone_id']; } else { $error = true; $messageStack->add('addressbook', ENTRY_STATE_ERROR_SELECT); $smarty->assign('state_error', true); } } else { if (strlen($state) < ENTRY_STATE_MIN_LENGTH) { $error = true; $messageStack->add('addressbook', ENTRY_STATE_ERROR); $smarty->assign('state_error', true); } }
xos_db_perform(TABLE_SPECIALS, array('specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'), 'update', "customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'"); } else { xos_db_query("delete from " . TABLE_SPECIALS . " where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'"); } } else { if ($special_price > 0) { xos_db_perform(TABLE_SPECIALS, array('products_id' => (int) $products_id, 'customers_group_id' => $customers_group['customers_group_id'], 'specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0')); } } } if (isset($_POST['attributes_price_array'])) { $attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array'])); foreach ($attributes_price_array as $key => $value) { if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) { $_POST['price_prefix_' . $key] = $_POST['price_prefix_' . $key] == '-' && $_POST['value_price_' . $key] > 0 ? '-' : '+'; xos_db_query("update " . TABLE_PRODUCTS_ATTRIBUTES . " set options_values_price = '" . (double) $_POST['value_price_' . $key] . "', price_prefix = '" . xos_db_input($_POST['price_prefix_' . $key]) . "' where products_attributes_id = '" . (int) $key . "'"); } } } $sql_data_array = array('products_price' => serialize($prices_array)); xos_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'"); $smarty_cache_control->clearAllCache(); if ($specials_error) { $messageStack->add_session('price_error', ERROR_NOT_ALL_NECESSARY_PRICES, 'error'); xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'product_ID=' . $products_id . '&categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '') . '&errGr=' . substr($spec_err_gr, 0, -1))); } xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : ''))); } $max_display_update_prices_results_array = array(); $set = false; for ($i = 50; $i <= 500; $i = $i + 50) {
function _sess_destroy($key) { return xos_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . xos_db_input($key) . "'"); }
function xos_db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link') { reset($data); if ($action == 'insert') { $query = 'insert into ' . $table . ' ('; while (list($columns, ) = each($data)) { $query .= $columns . ', '; } $query = substr($query, 0, -2) . ') values ('; reset($data); while (list(, $value) = each($data)) { switch ((string) $value) { case 'now()': $query .= 'now(), '; break; case 'null': $query .= 'null, '; break; default: $query .= '\'' . xos_db_input($value) . '\', '; break; } } $query = substr($query, 0, -2) . ')'; } elseif ($action == 'update') { $query = 'update ' . $table . ' set '; while (list($columns, $value) = each($data)) { switch ((string) $value) { case 'now()': $query .= $columns . ' = now(), '; break; case 'null': $query .= $columns .= ' = null, '; break; default: $query .= $columns . ' = \'' . xos_db_input($value) . '\', '; break; } } $query = substr($query, 0, -2) . ' where ' . $parameters; } return xos_db_query($query, $link); }