function __construct(&$current_page_number, $max_rows_per_page, &$sql_query, &$query_num_rows, $count_key = '*')
{
$current_page_number = empty($current_page_number) || $current_page_number < 1 ? 1 : (int) $current_page_number;
$pos_to = strlen($sql_query);
$pos_from = strpos($sql_query, ' from', 0);
$pos_group_by = strpos($sql_query, ' group by', $pos_from);
if ($pos_group_by < $pos_to && $pos_group_by != false) {
$pos_to = $pos_group_by;
}
$pos_having = strpos($sql_query, ' having', $pos_from);
if ($pos_having < $pos_to && $pos_having != false) {
$pos_to = $pos_having;
}
$pos_order_by = strpos($sql_query, ' order by', $pos_from);
if ($pos_order_by < $pos_to && $pos_order_by != false) {
$pos_to = $pos_order_by;
}
if (strpos($sql_query, 'distinct') || strpos($sql_query, 'group by')) {
$count_string = 'distinct ' . xos_db_input($count_key);
} else {
$count_string = xos_db_input($count_key);
}
$reviews_count_query = xos_db_query("select count(" . $count_string . ") as total " . substr($sql_query, $pos_from, $pos_to - $pos_from));
$reviews_count = xos_db_fetch_array($reviews_count_query);
$query_num_rows = $reviews_count['total'];
$num_pages = ceil($query_num_rows / $max_rows_per_page);
if ($current_page_number > $num_pages) {
$current_page_number = $num_pages;
}
$offset = $max_rows_per_page * ($current_page_number - 1);
$sql_query .= " limit " . max($offset, 0) . ", " . $max_rows_per_page;
}
function canPerform($user_id, $user_name)
{
$check_query = xos_db_query("select date_added from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and (" . (!empty($user_id) ? "user_id = '" . (int) $user_id . "' or " : "") . " identifier = '" . xos_db_input($this->identifier) . "') and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit 1");
if (xos_db_num_rows($check_query)) {
return false;
} else {
return true;
}
}
function canPerform($user_id, $user_name)
{
$check_query = xos_db_query("select id from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and user_name = '" . xos_db_input($user_name) . "' and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit " . (int) $this->attempts);
if (xos_db_num_rows($check_query) == $this->attempts) {
return false;
} else {
return true;
}
}
function __construct($query, $max_rows, $count_key = '*', $page_holder = 'page')
{
$this->sql_query = $query;
$this->page_name = $page_holder;
if (isset($_GET[$page_holder])) {
$page = (int) $_GET[$page_holder];
} elseif (isset($_POST[$page_holder])) {
$page = (int) $_POST[$page_holder];
} else {
$page = 1;
}
if (empty($page) || $page < 1) {
$page = 1;
}
$this->current_page_number = $page;
$this->number_of_rows_per_page = $max_rows;
$pos_to = strlen($this->sql_query);
$pos_from = strpos($this->sql_query, ' from', 0);
$pos_group_by = strpos($this->sql_query, ' group by', $pos_from);
if ($pos_group_by < $pos_to && $pos_group_by != false) {
$pos_to = $pos_group_by;
}
$pos_having = strpos($this->sql_query, ' having', $pos_from);
if ($pos_having < $pos_to && $pos_having != false) {
$pos_to = $pos_having;
}
$pos_order_by = strpos($this->sql_query, ' order by', $pos_from);
if ($pos_order_by < $pos_to && $pos_order_by != false) {
$pos_to = $pos_order_by;
}
if (strpos($this->sql_query, 'distinct') || strpos($this->sql_query, 'group by')) {
$count_string = 'distinct ' . xos_db_input($count_key);
} else {
$count_string = xos_db_input($count_key);
}
$count_query = xos_db_query("select count(" . $count_string . ") as total " . substr($this->sql_query, $pos_from, $pos_to - $pos_from));
$count = xos_db_fetch_array($count_query);
$this->number_of_rows = $count['total'];
$this->number_of_pages = ceil($this->number_of_rows / $this->number_of_rows_per_page);
if ($this->current_page_number > $this->number_of_pages) {
$this->current_page_number = $this->number_of_pages;
}
$offset = $this->number_of_rows_per_page * ($this->current_page_number - 1);
$this->sql_query .= " limit " . max($offset, 0) . ", " . $this->number_of_rows_per_page;
}
$orders_history_query = xos_db_query("select orders_status_id, date_added, customer_notified, comments from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_id = '" . xos_db_input($oID) . "' order by date_added, orders_status_history_id");
if (xos_db_num_rows($orders_history_query)) {
$orders_history_array = array();
while ($orders_history = xos_db_fetch_array($orders_history_query)) {
$customer_notified = false;
if ($orders_history['customer_notified'] == '1') {
$customer_notified = true;
}
$orders_history_array[] = array('date_added' => xos_datetime_short($orders_history['date_added']), 'status' => $orders_status_array[$orders_history['orders_status_id']], 'comments' => nl2br(xos_db_output($orders_history['comments'])), 'customer_notified' => $customer_notified);
}
$smarty->assign('orders_history', $orders_history_array);
} else {
}
$languages_query = xos_db_query("select name from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $order->info['language_id'] . "'");
if (!xos_db_num_rows($languages_query)) {
$lang_query = xos_db_query("select name from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
$languages = xos_db_fetch_array($lang_query);
} else {
$languages = xos_db_fetch_array($languages_query);
}
if (SEND_EMAILS == 'true') {
$smarty->assign(array('send_emails' => true, 'checkbox_notify' => xos_draw_checkbox_field('notify', '', true), 'checkbox_notify_comments' => xos_draw_checkbox_field('notify_comments', '', true)));
}
if (sizeof($order->info['tax_groups']) > 1) {
$smarty->assign('tax_groups', true);
}
$smarty->assign(array('order_id' => $oID, 'order_language_name' => $languages['name'], 'date_purchased' => xos_datetime_short($order->info['date_purchased']), 'customer_address' => xos_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'), 'delivery_address' => xos_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'), 'billing_address' => xos_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'), 'c_id' => $order->customer['c_id'], 'telephone_number' => $order->customer['telephone'], 'email_address' => $order->customer['email_address'], 'payment_method' => $order->info['payment_method'], 'order_products' => $order_products_array, 'order_totals' => $order_totals_array, 'form_begin_status' => xos_draw_form('new_status', FILENAME_ORDERS, xos_get_all_get_params(array('action')) . 'action=update_order'), 'textarea_comments' => xos_draw_textarea_field('comments', '60', '5'), 'pull_down_status' => xos_draw_pull_down_menu('status', $orders_statuses, $order->info['orders_status']), 'form_end' => '</form>', 'link_filename_orders_invoice' => xos_href_link(FILENAME_ORDERS_INVOICE, 'oID=' . $_GET['oID']), 'link_filename_orders_packingslip' => xos_href_link(FILENAME_ORDERS_PACKINGSLIP, 'oID=' . $_GET['oID']), 'link_filename_orders' => xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('action'))), 'edit' => true));
} else {
$orders_statuses = array();
$orders_status_query = xos_db_query("select orders_status_id, orders_status_name from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
while ($orders_status = xos_db_fetch_array($orders_status_query)) {
$elements_comb = explode('|', $combinations['attributes_combinations']);
for ($i = 0, $n = sizeof($elements_comb); $i < $n; $i++) {
if (strpos($elements_comb[$i], $combinations['options_id'] . ',' . $combinations['options_values_id']) !== false) {
$qty -= $attributes_quantity[$elements_comb[$i]] > 0 ? $attributes_quantity[$elements_comb[$i]] : 0;
unset($attributes_quantity[$elements_comb[$i]]);
unset($elements_comb[$i]);
}
}
ksort($attributes_quantity);
ksort($elements_comb);
$comb_str = '';
$comb_str = implode('|', $elements_comb);
$qty < 1 || $comb_str == '' ? $qty = 0 : '';
if ($comb_str != '') {
$comb_str .= '|';
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "', attributes_combinations = '" . xos_db_input($comb_str) . "', " . $not_updated . " where products_id = '" . (int) $products_id . "'");
} else {
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = null, attributes_combinations = null, attributes_not_updated = null where products_id = '" . (int) $products_id . "'");
}
$smarty_cache_control->clearAllCache();
}
xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_attributes_id = '" . (int) $attribute_id . "'");
// added for DOWNLOAD_ENABLED. Always try to remove attributes, even if downloads are no longer enabled
xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " where products_attributes_id = '" . (int) $attribute_id . "'");
if ($qty < 1 && STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') {
xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $products_id . "'");
$smarty_cache_control->clearAllCache();
}
$smarty_cache_control->clearCache(null, 'L3|cc_product_info');
xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $parameter_string));
break;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$rating = xos_db_prepare_input($_POST['rating']);
$review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000));
$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
$error = true;
$messageStack->add('review', JS_REVIEW_TEXT);
}
if ($rating < 1 || $rating > 5) {
$error = true;
$messageStack->add('review', JS_REVIEW_RATING);
}
if ($error == false) {
xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())");
$insert_id = xos_db_insert_id();
xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')");
$smarty->clearCache(null, 'L3|cc_reviews');
$smarty->clearCache(null, 'L3|cc_product_reviews');
xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action', 'rmp')) . 'rmp=0'), false);
}
}
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_WRITE;
$site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params()));
$add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function checkForm() {' . "\n" . ' var error = 0;' . "\n" . ' var error_message = "' . JS_ERROR . '";' . "\n\n" . ' var review = document.product_reviews_write.review.value;' . "\n\n" . ' if (review.length < ' . REVIEW_TEXT_MIN_LENGTH . ') {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_TEXT . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {' . "\n" . ' } else {' . "\n" . ' error_message = error_message + "* ' . JS_REVIEW_RATING . '\\n";' . "\n" . ' error = 1;' . "\n" . ' }' . "\n\n" . ' if (error == 1) {' . "\n" . ' alert(error_message);' . "\n" . ' return false;' . "\n" . ' } else {' . "\n" . ' return true;' . "\n" . ' }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'boxes.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'footer.php';
$products_prices = xos_get_product_prices($product_info['products_price']);
$products_tax_rate = xos_get_tax_rate($product_info['products_tax_class_id']);
$price_breaks_array = array();
//
// You should have received a copy of the GNU General Public License
// along with XOS-Shop. If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_OFFLINE) == 'overwrite_all')) {
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
$_SESSION['navigation']->remove_current_page();
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$email_address = xos_db_prepare_input($_POST['email_address']);
$password = xos_db_prepare_input($_POST['password']);
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$error = true;
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
// Check that password is good
if (!xos_validate_password($password, $check_admin['login_password'])) {
$error = true;
} else {
$_SESSION['access_allowed'] = true;
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
}
}
}
if ($error == true) {
unset($_SESSION['access_allowed']);
function send($newsletter_id)
{
global $messageStack;
if (SEND_EMAILS != 'true') {
$messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error');
return false;
}
$audience = array();
$ids = $_GET['customers_chosen'];
$customers_query = xos_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c where c.customers_id in (" . $ids . ")");
while ($customers = xos_db_fetch_array($customers_query)) {
$audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']);
}
if (empty($this->language_directory)) {
$lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
$lang = xos_db_fetch_array($lang_query);
$this->language_directory = $lang['directory'];
}
//Let's build a message object using the mailer class
$email_to_customer = new mailer();
$email_from_value = EMAIL_FROM;
$from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8');
$address = '';
$name = '';
$pieces = explode('<', $from);
if (count($pieces) == 2) {
$address = trim($pieces[1], " >");
$name = trim($pieces[0]);
} elseif (count($pieces) == 1) {
$pos = stripos($pieces[0], '@');
$address = $pos ? trim($pieces[0], " >") : '';
}
$email_to_customer->From = $address;
$email_to_customer->FromName = $name;
$email_to_customer->WordWrap = '100';
$email_to_customer->Subject = $this->title;
$smarty_product_notification = new Smarty();
$smarty_product_notification->template_dir = DIR_FS_SMARTY . 'catalog/templates/';
$smarty_product_notification->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/';
$smarty_product_notification->config_dir = DIR_FS_SMARTY . 'catalog/';
$smarty_product_notification->cache_dir = DIR_FS_SMARTY . 'catalog/cache/';
$smarty_product_notification->left_delimiter = '[@{';
$smarty_product_notification->right_delimiter = '}@]';
$is_html = false;
if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') {
$is_html = true;
$smarty_product_notification->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain));
$smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_html.tpl');
$output_product_notification_email_html = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_html.tpl');
$smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl');
$output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl');
$email_to_customer->isHTML(true);
} else {
$smarty_product_notification->assign('content_text_plain', $this->content_text_plain);
$smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl');
$output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl');
$email_to_customer->isHTML(false);
}
reset($audience);
while (list($key, $value) = each($audience)) {
if ($is_html) {
$email_to_customer->Body = $output_product_notification_email_html;
$email_to_customer->AltBody = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8');
} else {
$email_to_customer->Body = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8');
}
$email_to_customer->addAddress($value['email_address'], $value['firstname'] . ' ' . $value['lastname']);
if (!$email_to_customer->send()) {
$messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_customer->ErrorInfo, '<' . $value['email_address'] . '>'), 'error');
} else {
$messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '<' . $value['email_address'] . '>'), 'success');
}
$email_to_customer->clearAddresses();
}
$newsletter_id = xos_db_prepare_input($newsletter_id);
xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'");
}
function send($newsletter_id)
{
global $messageStack;
if (SEND_EMAILS != 'true') {
$messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error');
return false;
}
$ids = $_GET['customers_chosen'];
$mail_query = xos_db_query("select s.subscriber_id, s.subscriber_email_address, s.subscriber_identity_code, c.customers_firstname, c.customers_lastname from " . TABLE_NEWSLETTER_SUBSCRIBERS . " s left join " . TABLE_CUSTOMERS . " c on s.customers_id = c.customers_id where s.subscriber_id in (" . $ids . ") order by s.customers_id");
if (empty($this->language_directory)) {
$lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
$lang = xos_db_fetch_array($lang_query);
$this->language_directory = $lang['directory'];
}
//Let's build a message object using the mailer class
$email_to_subscriber = new mailer();
$email_from_value = EMAIL_FROM;
$from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8');
$address = '';
$name = '';
$pieces = explode('<', $from);
if (count($pieces) == 2) {
$address = trim($pieces[1], " >");
$name = trim($pieces[0]);
} elseif (count($pieces) == 1) {
$pos = stripos($pieces[0], '@');
$address = $pos ? trim($pieces[0], " >") : '';
}
$email_to_subscriber->From = $address;
$email_to_subscriber->FromName = $name;
$email_to_subscriber->WordWrap = '100';
$email_to_subscriber->Subject = $this->title;
$smarty_newsletter = new Smarty();
$smarty_newsletter->template_dir = DIR_FS_SMARTY . 'catalog/templates/';
$smarty_newsletter->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/';
$smarty_newsletter->config_dir = DIR_FS_SMARTY . 'catalog/';
$smarty_newsletter->cache_dir = DIR_FS_SMARTY . 'catalog/cache/';
$smarty_newsletter->left_delimiter = '[@{';
$smarty_newsletter->right_delimiter = '}@]';
$is_html = false;
if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') {
$is_html = true;
$smarty_newsletter->assign(array('nl' => "\n", 'html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain));
$smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_html');
$output_newsletter_email_html = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_html.tpl');
$smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text');
$output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl');
$email_to_subscriber->isHTML(true);
} else {
$smarty_newsletter->assign(array('nl' => "\n", 'content_text_plain' => $this->content_text_plain));
$smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text');
$output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl');
$email_to_subscriber->isHTML(false);
}
while ($mail = xos_db_fetch_array($mail_query)) {
$link_unsubscribe = xos_catalog_href_link('newsletter_subscribe.php', 'action=unsubscribe&identity_code=' . $mail['subscriber_identity_code'], 'SSL');
if ($is_html) {
$email_to_subscriber->Body = $output_newsletter_email_html . '<a href="' . $link_unsubscribe . '" target="_blank">' . $link_unsubscribe . '</a>' . "\n" . '</div>' . "\n" . '</body>' . "\n" . '</html>' . "\n";
$email_to_subscriber->AltBody = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8');
} else {
$email_to_subscriber->Body = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8');
}
$email_to_subscriber->addAddress($mail['subscriber_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname']);
if (!$email_to_subscriber->send()) {
$messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_subscriber->ErrorInfo, '<' . $mail['subscriber_email_address'] . '>'), 'error');
} else {
$messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '<' . $mail['subscriber_email_address'] . '>'), 'success');
}
$email_to_subscriber->clearAddresses();
}
$newsletter_id = xos_db_prepare_input($newsletter_id);
xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'");
}
$value = xos_db_prepare_input($_POST['value']);
$languages = xos_get_languages();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$sql_data_array = array('title' => xos_db_prepare_input(htmlspecialchars($title_array[$language_id])), 'code' => $code, 'symbol_left' => xos_db_prepare_input(htmlspecialchars($symbol_left_array[$language_id])), 'symbol_right' => xos_db_prepare_input(htmlspecialchars($symbol_right_array[$language_id])), 'decimal_point' => xos_db_prepare_input($decimal_point_array[$language_id]), 'thousands_point' => xos_db_prepare_input($thousands_point_array[$language_id]), 'decimal_places' => $decimal_places, 'value' => $value, 'last_updated' => 'now()');
if ($action == 'insert') {
$insert_sql_data = array('currencies_id' => (int) $currency_id, 'language_id' => (int) $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_CURRENCIES, $sql_data_array);
$currency_id = xos_db_insert_id();
} elseif ($action == 'save') {
xos_db_perform(TABLE_CURRENCIES, $sql_data_array, 'update', "currencies_id = '" . (int) $currency_id . "' and language_id = '" . (int) $language_id . "'");
}
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($code) . "' where configuration_key = 'DEFAULT_CURRENCY'");
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id));
break;
case 'deleteconfirm':
$currencies_id = xos_db_prepare_input($_GET['cID']);
$currency_query = xos_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . DEFAULT_CURRENCY . "'");
$currency = xos_db_fetch_array($currency_query);
if ($currency['currencies_id'] == $currencies_id) {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_CURRENCY'");
}
xos_db_query("delete from " . TABLE_CURRENCIES . " where currencies_id = '" . (int) $currencies_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page']));
break;
}
if (isset($search_keywords) && sizeof($search_keywords) > 0) {
$where_str .= " and (";
for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) {
switch ($search_keywords[$i]) {
case '(':
case ')':
case 'and':
case 'or':
$where_str .= " " . $search_keywords[$i] . " ";
break;
default:
$keyword = xos_db_prepare_input($search_keywords[$i]);
$where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'";
if (isset($_GET['sid']) && $_GET['sid'] == '1') {
$where_str .= " or pd.products_description like '%" . xos_db_input($keyword) . "%' or pd.products_info like '%" . xos_db_input($keyword) . "%'";
}
$where_str .= ')';
break;
}
}
$where_str .= " )";
}
if (xos_not_null($dfrom)) {
$where_str .= " and p.products_date_added >= '" . xos_date_raw($dfrom) . "'";
}
if (xos_not_null($dto)) {
$where_str .= " and p.products_date_added <= '" . xos_date_raw($dto) . "'";
}
if ($currencies->is_set($_SESSION['currency'])) {
$rate = $currencies->get_value($_SESSION['currency']);
}
'input_coupon_startdate' => xos_draw_date_selector('coupon_startdate', mktime(0,0,0, $coupon_startdate[1], $coupon_startdate[2], $coupon_startdate[0])),
'input_coupon_finishdate' => xos_draw_date_selector('coupon_finishdate', mktime(0,0,0, $coupon_finishdate[1], $coupon_finishdate[2], $coupon_finishdate[0])),
*/
$languages = xos_get_languages();
$coupon_content_array = array();
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$language_id = $languages[$i]['id'];
$coupon_content_array[] = array('languages_image' => xos_image(DIR_WS_CATALOG_IMAGES . 'catalog/templates/' . DEFAULT_TPL . '/' . $languages[$i]['directory'] . '/' . $languages[$i]['image'], $languages[$i]['name']), 'input_coupon_name' => xos_draw_input_field('coupon_name[' . $languages[$i]['id'] . ']', $coupon_name[$language_id]), 'textarea_coupon_desc' => xos_draw_textarea_field('coupon_desc[' . $languages[$i]['id'] . ']', '24', '3', $coupon_desc[$language_id]));
}
$smarty->assign(array('new' => true, 'form_begin' => xos_draw_form('coupon', FILENAME_COUPON_ADMIN, 'action=update&oldaction=' . ($oldaction == 'voucheredit' ? $oldaction : $action) . '&cid=' . $_GET['cid'], 'post', 'enctype="multipart/form-data"'), 'radio_coupon_status_Y' => xos_draw_radio_field('coupon_status', 'Y', $in_status), 'radio_coupon_status_N' => xos_draw_radio_field('coupon_status', 'N', $out_status), 'input_coupon_amount' => xos_draw_input_field('coupon_amount', $coupon_amount), 'input_coupon_min_order' => xos_draw_input_field('coupon_min_order', $coupon_min_order), 'checkbox_coupon_free_ship' => xos_draw_checkbox_field('coupon_free_ship', $coupon_free_ship), 'input_coupon_code' => xos_draw_input_field('coupon_code', $coupon_code), 'input_coupon_uses_coupon' => xos_draw_input_field('coupon_uses_coupon', $coupon_uses_coupon), 'input_coupon_uses_user' => xos_draw_input_field('coupon_uses_user', $coupon_uses_user), 'input_coupon_products' => xos_draw_input_field('coupon_products', $coupon_products), 'input_coupon_categories' => xos_draw_input_field('coupon_categories', $coupon_categories), 'input_coupon_startdate' => xos_draw_input_field('coupon_startdate', xos_date_format(DATE_FORMAT_SHORT), 'id="coupon_startdate" style="background: #ffffcc;" size ="10"'), 'input_coupon_finishdate' => xos_draw_input_field('coupon_finishdate', xos_date_format(DATE_FORMAT_SHORT, mktime(0, 0, 0, date("m"), date("d"), date("Y") + 1)), 'id="coupon_finishdate" style="background: #ffffcc;" size ="10"'), 'link_filename_coupon_admin' => xos_href_link(FILENAME_COUPON_ADMIN), 'hidden_field_date_created' => xos_draw_hidden_field('date_created', $date_created), 'coupon_content' => $coupon_content_array, 'form_end' => '</form>'));
break;
default:
if ($_GET['status'] == 'Y' || $_GET['status'] == 'N') {
$cc_query_raw = "select coupon_active, coupon_id, coupon_code, coupon_amount, coupon_minimum_order, coupon_type, coupon_start_date,coupon_expire_date,uses_per_user,uses_per_coupon,restrict_to_products, restrict_to_categories, date_created,date_modified from " . TABLE_COUPONS . " where coupon_active='" . xos_db_input($_GET['status']) . "' and coupon_type != 'G'";
} else {
$cc_query_raw = "select coupon_active, coupon_id, coupon_code, coupon_amount, coupon_minimum_order, coupon_type, coupon_start_date,coupon_expire_date,uses_per_user,uses_per_coupon,restrict_to_products, restrict_to_categories, date_created,date_modified from " . TABLE_COUPONS . " where coupon_type != 'G'";
}
$cc_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $cc_query_raw, $cc_query_numrows);
$cc_query = xos_db_query($cc_query_raw);
$cc_list_array = array();
while ($cc_list = xos_db_fetch_array($cc_query)) {
$redeem_query = xos_db_query("select redeem_date from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $cc_list['coupon_id'] . "'");
if ($_GET['status'] == 'R' && xos_db_num_rows($redeem_query) == 0) {
continue;
}
if ((!$_GET['cid'] || @$_GET['cid'] == $cc_list['coupon_id']) && !$cInfo) {
$cInfo = new objectInfo($cc_list);
}
$selected = false;
xos_db_query("insert into " . TABLE_MANUFACTURERS_INFO . " (manufacturers_id, languages_id, manufacturers_name, manufacturers_url) values ('" . $manufacturers['manufacturers_id'] . "', '" . (int) $lID . "', '" . xos_db_input($manufacturers['manufacturers_name']) . "', '" . xos_db_input($manufacturers['manufacturers_url']) . "')");
}
// create additional orders_status records
$orders_status_query = xos_db_query("select orders_status_id, orders_status_name, orders_status_code, public_flag, downloads_flag from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $default_language_id['languages_id'] . "'");
while ($orders_status = xos_db_fetch_array($orders_status_query)) {
xos_db_query("insert into " . TABLE_ORDERS_STATUS . " (orders_status_id, language_id, orders_status_name, orders_status_code, public_flag, downloads_flag) values ('" . (int) $orders_status['orders_status_id'] . "', '" . (int) $lID . "', '" . xos_db_input($orders_status['orders_status_name']) . "', '" . xos_db_input($orders_status['orders_status_code']) . "', '" . (int) $orders_status['public_flag'] . "', '" . (int) $orders_status['downloads_flag'] . "')");
}
// create additional tax_rates_description records
$tax_rates_query = xos_db_query("select tr.tax_rates_id, trd.tax_description from " . TABLE_TAX_RATES . " tr left join " . TABLE_TAX_RATES_DESCRIPTION . " trd on tr.tax_rates_id = trd.tax_rates_id where trd.language_id = '" . (int) $default_language_id['languages_id'] . "'");
while ($tax_rates = xos_db_fetch_array($tax_rates_query)) {
xos_db_query("insert into " . TABLE_TAX_RATES_DESCRIPTION . " (tax_rates_id, language_id, tax_description) values ('" . (int) $tax_rates['tax_rates_id'] . "', '" . (int) $lID . "', '" . xos_db_input($tax_rates['tax_description']) . "')");
}
// create additional currencies records
$currencies_query = xos_db_query("select currencies_id, title, code, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value, last_updated from " . TABLE_CURRENCIES . " where language_id = '" . (int) $default_language_id['languages_id'] . "'");
while ($currencies = xos_db_fetch_array($currencies_query)) {
xos_db_query("insert into " . TABLE_CURRENCIES . " (currencies_id, language_id, title, code, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value, last_updated) values ('" . (int) $currencies['currencies_id'] . "', '" . (int) $lID . "', '" . xos_db_input($currencies['title']) . "', '" . xos_db_input($currencies['code']) . "', '" . xos_db_input($currencies['symbol_left']) . "', '" . xos_db_input($currencies['symbol_right']) . "', '" . xos_db_input($currencies['decimal_point']) . "', '" . xos_db_input($currencies['thousands_point']) . "', '" . (int) $currencies['decimal_places'] . "', '" . xos_db_input($currencies['value']) . "', '" . xos_db_input($currencies['last_updated']) . "')");
}
}
if ($_SESSION['languages_id'] == (int) $lID && $use_in_id < '3') {
unset($_SESSION['language']);
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page'] . '&lID=' . $_GET['lID']));
break;
case 'deleteconfirm':
$lID = xos_db_prepare_input($_GET['lID']);
xos_db_query("delete from " . TABLE_BANNERS_CONTENT . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_CATEGORIES_OR_PAGES_DATA . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_CONTENTS_DATA . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_PRODUCTS_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $lID . "'");
$from_str = "from " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS_INFO . " mi on (p.manufacturers_id = mi.manufacturers_id and mi.languages_id = '" . (int) $_SESSION['languages_id'] . "') left join " . TABLE_PRODUCTS_PRICES . " ppz on p.products_id = ppz.products_id and ppz.customers_group_id = '0' left join " . TABLE_PRODUCTS_PRICES . " pp on p.products_id = pp.products_id and pp.customers_group_id = '" . $customer_group_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id and s.customers_group_id = '" . $customer_group_id . "'";
$from_str .= ", " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c";
$where_str = " where p.products_status = '1' and c.categories_or_pages_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id ";
if (isset($search_keywords) && sizeof($search_keywords) > 0) {
$where_str .= " and (";
for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) {
switch ($search_keywords[$i]) {
case '(':
case ')':
case 'and':
case 'or':
$where_str .= " " . $search_keywords[$i] . " ";
break;
default:
$keyword = xos_db_prepare_input($search_keywords[$i]);
$where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'";
$where_str .= ')';
break;
}
}
$where_str .= " )";
}
if (empty($_GET['sort']) || !preg_match('/^[0-9][ad]$/', $_GET['sort']) || substr($_GET['sort'], 0, 1) > sizeof($column_list)) {
for ($i = 0, $n = sizeof($column_list); $i < $n; $i++) {
if ($column_list[$i] == 'PRODUCT_LIST_NAME') {
$_GET['sort'] = $i . 'a';
$order_str = ' order by pd.products_name';
break;
}
}
} else {
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
// filename: configuration.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_CONFIGURATION) == 'overwrite_all')) {
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'save':
$configuration_value = is_array($_POST['configuration_value']) ? implode(',', xos_db_prepare_input($_POST['configuration_value'])) : xos_db_prepare_input(htmlspecialchars($_POST['configuration_value']));
$cID = xos_db_prepare_input($_GET['cID']);
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($configuration_value) . "', last_modified = now() where configuration_id = '" . (int) $cID . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . $cID));
break;
}
}
$gID = isset($_GET['gID']) ? $_GET['gID'] : 1;
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
require DIR_WS_INCLUDES . 'column_left.php';
require DIR_WS_INCLUDES . 'footer.php';
$configuration_query = xos_db_query("select configuration_id, configuration_key as lang_key, configuration_value, use_function from " . TABLE_CONFIGURATION . " where configuration_group_id = '" . (int) $gID . "' order by sort_order");
$configurations_array = array();
while ($configuration = xos_db_fetch_array($configuration_query)) {
if (xos_not_null($configuration['use_function'])) {
function xos_remove_order($order_id, $restock = false, $orders_status_code = '')
{
global $messageStack;
$order_query = xos_db_query("select products_id, products_model, products_name, products_attributes_sting, products_quantity from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'");
while ($order = xos_db_fetch_array($order_query)) {
$error = false;
if ($restock == 'on') {
$stock_query = xos_db_query("select products_quantity, attributes_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int) $order['products_id'] . "'");
$stock_values = xos_db_fetch_array($stock_query);
if (xos_not_null($order['products_attributes_sting'])) {
$attributes_quantity = xos_get_attributes_quantity($stock_values['attributes_quantity']);
if (xos_not_null($attributes_quantity[$order['products_attributes_sting']])) {
$stock_new = $attributes_quantity[$order['products_attributes_sting']] + $order['products_quantity'];
if ($attributes_quantity[$order['products_attributes_sting']] >= 0) {
$stock_values['products_quantity'] = $stock_values['products_quantity'] + $order['products_quantity'];
} else {
$stock_values['products_quantity'] = $stock_values['products_quantity'] + max(0, $stock_new);
}
$attributes_quantity[$order['products_attributes_sting']] = $stock_new;
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $stock_values['products_quantity'] . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "' where products_id = '" . (int) $order['products_id'] . "'");
} else {
$error = true;
$messageStack->add_session('header', sprintf(COULD_NOT_RESTOCK_PRODUCT_QUANTITY, $order['products_model'], $order['products_name']), 'error');
}
} else {
if (xos_not_null($stock_values['attributes_quantity'])) {
$error = true;
$messageStack->add_session('header', sprintf(COULD_NOT_RESTOCK_PRODUCT_QUANTITY, $order['products_model'], $order['products_name']), 'error');
} else {
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = products_quantity + " . $order['products_quantity'] . ", products_last_modified = now() where products_id = '" . (int) $order['products_id'] . "'");
}
}
}
// Update products_ordered (for bestsellers list)
if (!$error && $orders_status_code != 'paypal_st') {
xos_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered - " . $order['products_quantity'] . " where products_id = '" . (int) $order['products_id'] . "'");
}
}
xos_db_query("delete from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'");
xos_db_query("delete from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'");
xos_db_query("delete from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int) $order_id . "'");
xos_db_query("delete from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_id = '" . (int) $order_id . "'");
xos_db_query("delete from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "'");
xos_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int) $order_id . '"');
}
// Copyright (c) 2003 osCommerce
// filename: reviews.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_REVIEWS) == 'overwrite_all')) {
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'update':
$reviews_id = xos_db_prepare_input($_GET['rID']);
$reviews_rating = xos_db_prepare_input($_POST['reviews_rating']);
$reviews_text = xos_db_prepare_input(substr(strip_tags($_POST['reviews_text']), 0, 1000));
xos_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . xos_db_input($reviews_rating) . "', last_modified = now() where reviews_id = '" . (int) $reviews_id . "'");
xos_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . xos_db_input($reviews_text) . "' where reviews_id = '" . (int) $reviews_id . "'");
$smarty_cache_control->clearCache(null, 'L3|cc_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info');
xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id));
break;
case 'deleteconfirm':
$reviews_id = xos_db_prepare_input($_GET['rID']);
xos_db_query("delete from " . TABLE_REVIEWS . " where reviews_id = '" . (int) $reviews_id . "'");
xos_db_query("delete from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . (int) $reviews_id . "'");
$smarty_cache_control->clearCache(null, 'L3|cc_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews');
$smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info');
xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page']));
break;
}
}
$smarty->assign(array('shipping_allowed' => $shipping_allowed_array, 'new' => true, 'form_begin_customers_new' => xos_draw_form('customers', FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action')) . 'action=newconfirm', 'post', 'onsubmit="return check_form();"'), 'group_name_in_values' => xos_draw_input_field('customers_group_name', '', 'maxlength="32"', false), 'group_discount_in_out_values' => xos_draw_input_field('customers_group_discount', $cInfo->customers_group_discount, 'maxlength="5" size="5"', false), 'group_show_tax_in_values' => xos_draw_pull_down_menu('customers_group_show_tax', $cg_show_tax_array, '1'), 'group_tax_exempt_in_values' => xos_draw_pull_down_menu('customers_group_tax_exempt', $cg_tax_exempt_array, '0'), 'group_payment_settings_in_values_1' => xos_draw_radio_field('group_payment_settings', '1', false, '0'), 'group_payment_settings_in_values_0' => xos_draw_radio_field('group_payment_settings', '0', false, '0'), 'group_shipment_settings_in_values_1' => xos_draw_radio_field('group_shipment_settings', '1', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'group_shipment_settings_in_values_0' => xos_draw_radio_field('group_shipment_settings', '0', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'link_filename_customers_groups' => xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action', 'cID'))), 'form_end' => '</form>'));
} else {
switch ($_GET[listing]) {
case "group":
$order = "g.customers_group_name";
break;
case "group-desc":
$order = "g.customers_group_name DESC";
break;
default:
$order = "g.customers_group_id ASC";
}
$search_string = '';
if ($_GET['search'] && xos_not_null($_GET['search'])) {
$keywords = xos_db_input(xos_db_prepare_input($_GET['search']));
$search_string = "where g.customers_group_name like '%" . $keywords . "%'";
}
$customers_groups_query_raw = "select g.customers_group_id, g.customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " g " . $search_string . " order by {$order}";
$customers_groups_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $customers_groups_query_raw, $customers_groups_query_numrows);
$customers_groups_query = xos_db_query($customers_groups_query_raw);
$customers_groups_array = array();
while ($customers_groups = xos_db_fetch_array($customers_groups_query)) {
$info_query = xos_db_query("select customers_info_date_account_created as date_account_created, customers_info_date_account_last_modified as date_account_last_modified, customers_info_date_of_last_logon as date_last_logon, customers_info_number_of_logons as number_of_logons from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . $customers_groups['customers_group_id'] . "'");
$info = xos_db_fetch_array($info_query);
if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $customers_groups['customers_group_id']) && !isset($cInfo)) {
$cInfo = new objectInfo($customers_groups);
}
$selected = false;
if (is_object($cInfo) && $customers_groups['customers_group_id'] == $cInfo->customers_group_id) {
$selected = true;
function xos_whos_online_update_session_id($old_id, $new_id)
{
xos_db_query("update " . TABLE_WHOS_ONLINE . " set session_id = '" . xos_db_input($new_id) . "' where session_id = '" . xos_db_input($old_id) . "'");
}
if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR);
}
if ($error == false) {
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = xos_date_raw($dob);
}
xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'");
// reset the session variables
if (ACCOUNT_GENDER == 'true') {
$_SESSION['customer_gender'] = $gender;
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success');
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
}
xos_db_perform(TABLE_ORDERS_STATUS, $sql_data_array, 'update', "orders_status_id = '" . (int) $orders_status_id . "' and language_id = '" . (int) $language_id . "'");
}
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($orders_status_id) . "' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
}
xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page'] . '&oID=' . $orders_status_id));
break;
case 'deleteconfirm':
$oID = xos_db_prepare_input($_GET['oID']);
$orders_status_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
$orders_status = xos_db_fetch_array($orders_status_query);
if ($orders_status['configuration_value'] == $oID) {
xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
}
xos_db_query("delete from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . xos_db_input($oID) . "'");
xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page']));
break;
case 'delete':
$oID = xos_db_prepare_input($_GET['oID']);
$status_query = xos_db_query("select count(*) as count from " . TABLE_ORDERS . " where orders_status = '" . (int) $oID . "'");
$status = xos_db_fetch_array($status_query);
$remove_status = true;
if ($oID == DEFAULT_ORDERS_STATUS_ID) {
$remove_status = false;
$messageStack->add('header', ERROR_REMOVE_DEFAULT_ORDER_STATUS, 'error');
} elseif ($status['count'] > 0) {
$remove_status = false;
$messageStack->add('header', ERROR_STATUS_USED_IN_ORDERS, 'error');
} else {
$history_query = xos_db_query("select count(*) as count from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_status_id = '" . (int) $oID . "'");
$insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id);
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array);
} elseif ($action == 'save') {
xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'");
}
}
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'mID=' . $manufacturers_id));
break;
case 'deleteconfirm':
$manufacturers_id = xos_db_prepare_input($_GET['mID']);
if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') {
$manufacturer_query = xos_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
$manufacturer = xos_db_fetch_array($manufacturer_query);
$duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($manufacturer['manufacturers_image']) . "'");
$duplicate_image = xos_db_fetch_array($duplicate_image_query);
if ($duplicate_image['total'] < 2) {
$image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image'];
@unlink($image_location);
}
}
xos_db_query("delete from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') {
$products_query = xos_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
while ($products = xos_db_fetch_array($products_query)) {
xos_remove_product($products['products_id']);
}
} else {
xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), manufacturers_id = '' where manufacturers_id = '" . (int) $manufacturers_id . "'");
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $new_country_id));
break;
case 'save':
$countries_id = xos_db_prepare_input($_GET['cID']);
$countries_name = xos_db_prepare_input($_POST['countries_name']);
$actual_countries_name = xos_db_prepare_input($_POST['actual_countries_name']);
$countries_iso_code_2 = xos_db_prepare_input($_POST['countries_iso_code_2']);
$countries_iso_code_3 = xos_db_prepare_input($_POST['countries_iso_code_3']);
$address_format_id = xos_db_prepare_input($_POST['address_format_id']);
if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) {
$check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'");
if (xos_db_num_rows($check_query) || $countries_name == '') {
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name));
}
}
xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
break;
case 'deleteconfirm':
$countries_id = xos_db_prepare_input($_GET['cID']);
xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'");
xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'");
$smarty_cache_control->clearAllCache();
xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
break;
}
}
$javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
require DIR_WS_INCLUDES . 'html_header.php';
require DIR_WS_INCLUDES . 'header.php';
if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'");
$smarty->clearAllCache();
}
} else {
$stock_query = xos_db_query("select products_quantity, attributes_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int) $product_id . "'");
$stock_values = xos_db_fetch_array($stock_query);
$attributes_quantity = xos_get_attributes_quantity($stock_values['attributes_quantity']);
if (xos_not_null($attributes_quantity)) {
list($prid, $params_sting) = explode('-', $order->products[$i]['id']);
$stock_left = $attributes_quantity[$params_sting] - $order->products[$i]['qty'];
if ($attributes_quantity[$params_sting] > 0) {
$stock_values['products_quantity'] = $stock_values['products_quantity'] - min($attributes_quantity[$params_sting], $order->products[$i]['qty']);
}
$attributes_quantity[$params_sting] = $stock_left;
xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) max(0, $stock_values['products_quantity']) . "', attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "' where products_id = '" . (int) $product_id . "'");
if ($stock_left < 1) {
$smarty->clearCache(null, 'L3|cc_product_info');
}
if ($stock_values['products_quantity'] < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'");
$smarty->clearAllCache();
}
}
}
}
// Update products_ordered (for bestsellers list)
xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . xos_get_prid($order->products[$i]['id']) . "'");
$attributes_sting = null;
if (strpos($order->products[$i]['id'], '-') !== false) {
list($prid, $attributes_sting) = explode('-', $order->products[$i]['id']);
$mailer_error = true;
$messageStack->add_session('header', sprintf(ERROR_PHP_MAILER, $gv_email->ErrorInfo, $mail_sent_to), 'error');
} else {
// Now create the coupon email entry
xos_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $amount . "', now())");
$insert_id = xos_db_insert_id();
xos_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $mail_sent_to . "', now() )");
}
$_SESSION['used_lng_id'] = $used_lang_id;
} else {
$used_lang_id = $_SESSION['used_lng_id'];
while ($mail = xos_db_fetch_array($mail_query)) {
$id1 = create_coupon_code($mail['customers_email_address']);
$languages_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $mail['language_id'] . "'");
if (!xos_db_num_rows($languages_query)) {
$lang_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
$languages = xos_db_fetch_array($lang_query);
} else {
$languages = xos_db_fetch_array($languages_query);
}
$_SESSION['used_lng_id'] = $languages['languages_id'];
$currencies = new currencies();
if (EMAIL_USE_HTML == 'true') {
$smarty_gv_email->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => $languages['code'], 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG_IMAGES . 'email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . DEFAULT_TPL . '/') . EMAIL_SHOP_LOGO, 'gv_message' => $message, 'gv_id' => $id1, 'gv_amount' => $currencies->format($amount), 'link_shop' => xos_catalog_href_link(), 'link_gv_redeem' => xos_catalog_href_link(FILENAME_CATALOG_GV_REDEEM, 'gv_no=' . $id1, 'SSL')));
$smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_html');
$output_gv_email_html = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_html.tpl');
$smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_text');
$output_gv_email_text = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_text.tpl');
$gv_email->isHTML(true);
$gv_email->Body = $output_gv_email_html;
$gv_email->AltBody = $output_gv_email_text;
$error = true;
$messageStack->add('addressbook', ENTRY_CITY_ERROR);
$smarty->assign('city_error', true);
}
if (!is_numeric($country)) {
$error = true;
$messageStack->add('addressbook', ENTRY_COUNTRY_ERROR);
$smarty->assign('country_error', true);
}
if (ACCOUNT_STATE == 'true') {
$zone_id = 0;
$check_query = xos_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'");
$check = xos_db_fetch_array($check_query);
$entry_state_has_zones = $check['total'] > 0;
if ($entry_state_has_zones == true) {
$zone_query = xos_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_name = '" . xos_db_input($state) . "'");
if (xos_db_num_rows($zone_query) == 1) {
$zone = xos_db_fetch_array($zone_query);
$zone_id = $zone['zone_id'];
} else {
$error = true;
$messageStack->add('addressbook', ENTRY_STATE_ERROR_SELECT);
$smarty->assign('state_error', true);
}
} else {
if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
$error = true;
$messageStack->add('addressbook', ENTRY_STATE_ERROR);
$smarty->assign('state_error', true);
}
}
xos_db_perform(TABLE_SPECIALS, array('specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'), 'update', "customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
} else {
xos_db_query("delete from " . TABLE_SPECIALS . " where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
}
} else {
if ($special_price > 0) {
xos_db_perform(TABLE_SPECIALS, array('products_id' => (int) $products_id, 'customers_group_id' => $customers_group['customers_group_id'], 'specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'));
}
}
}
if (isset($_POST['attributes_price_array'])) {
$attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array']));
foreach ($attributes_price_array as $key => $value) {
if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) {
$_POST['price_prefix_' . $key] = $_POST['price_prefix_' . $key] == '-' && $_POST['value_price_' . $key] > 0 ? '-' : '+';
xos_db_query("update " . TABLE_PRODUCTS_ATTRIBUTES . " set options_values_price = '" . (double) $_POST['value_price_' . $key] . "', price_prefix = '" . xos_db_input($_POST['price_prefix_' . $key]) . "' where products_attributes_id = '" . (int) $key . "'");
}
}
}
$sql_data_array = array('products_price' => serialize($prices_array));
xos_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'");
$smarty_cache_control->clearAllCache();
if ($specials_error) {
$messageStack->add_session('price_error', ERROR_NOT_ALL_NECESSARY_PRICES, 'error');
xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'product_ID=' . $products_id . '&categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '') . '&errGr=' . substr($spec_err_gr, 0, -1)));
}
xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '')));
}
$max_display_update_prices_results_array = array();
$set = false;
for ($i = 50; $i <= 500; $i = $i + 50) {
function _sess_destroy($key)
{
return xos_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . xos_db_input($key) . "'");
}
function xos_db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link')
{
reset($data);
if ($action == 'insert') {
$query = 'insert into ' . $table . ' (';
while (list($columns, ) = each($data)) {
$query .= $columns . ', ';
}
$query = substr($query, 0, -2) . ') values (';
reset($data);
while (list(, $value) = each($data)) {
switch ((string) $value) {
case 'now()':
$query .= 'now(), ';
break;
case 'null':
$query .= 'null, ';
break;
default:
$query .= '\'' . xos_db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ')';
} elseif ($action == 'update') {
$query = 'update ' . $table . ' set ';
while (list($columns, $value) = each($data)) {
switch ((string) $value) {
case 'now()':
$query .= $columns . ' = now(), ';
break;
case 'null':
$query .= $columns .= ' = null, ';
break;
default:
$query .= $columns . ' = \'' . xos_db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ' where ' . $parameters;
}
return xos_db_query($query, $link);
}