function __construct(&$current_page_number, $max_rows_per_page, &$sql_query, &$query_num_rows, $count_key = '*')
 {
     $current_page_number = empty($current_page_number) || $current_page_number < 1 ? 1 : (int) $current_page_number;
     $pos_to = strlen($sql_query);
     $pos_from = strpos($sql_query, ' from', 0);
     $pos_group_by = strpos($sql_query, ' group by', $pos_from);
     if ($pos_group_by < $pos_to && $pos_group_by != false) {
         $pos_to = $pos_group_by;
     }
     $pos_having = strpos($sql_query, ' having', $pos_from);
     if ($pos_having < $pos_to && $pos_having != false) {
         $pos_to = $pos_having;
     }
     $pos_order_by = strpos($sql_query, ' order by', $pos_from);
     if ($pos_order_by < $pos_to && $pos_order_by != false) {
         $pos_to = $pos_order_by;
     }
     if (strpos($sql_query, 'distinct') || strpos($sql_query, 'group by')) {
         $count_string = 'distinct ' . xos_db_input($count_key);
     } else {
         $count_string = xos_db_input($count_key);
     }
     $reviews_count_query = xos_db_query("select count(" . $count_string . ") as total " . substr($sql_query, $pos_from, $pos_to - $pos_from));
     $reviews_count = xos_db_fetch_array($reviews_count_query);
     $query_num_rows = $reviews_count['total'];
     $num_pages = ceil($query_num_rows / $max_rows_per_page);
     if ($current_page_number > $num_pages) {
         $current_page_number = $num_pages;
     }
     $offset = $max_rows_per_page * ($current_page_number - 1);
     $sql_query .= " limit " . max($offset, 0) . ", " . $max_rows_per_page;
 }
示例#2
0
 function canPerform($user_id, $user_name)
 {
     $check_query = xos_db_query("select date_added from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and (" . (!empty($user_id) ? "user_id = '" . (int) $user_id . "' or " : "") . " identifier = '" . xos_db_input($this->identifier) . "') and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit 1");
     if (xos_db_num_rows($check_query)) {
         return false;
     } else {
         return true;
     }
 }
 function canPerform($user_id, $user_name)
 {
     $check_query = xos_db_query("select id from " . TABLE_ACTION_RECORDER . " where module = '" . xos_db_input($this->code) . "' and user_name = '" . xos_db_input($user_name) . "' and date_added >= date_sub(now(), interval " . (int) $this->minutes . " minute) and success = 1 order by date_added desc limit " . (int) $this->attempts);
     if (xos_db_num_rows($check_query) == $this->attempts) {
         return false;
     } else {
         return true;
     }
 }
 function __construct($query, $max_rows, $count_key = '*', $page_holder = 'page')
 {
     $this->sql_query = $query;
     $this->page_name = $page_holder;
     if (isset($_GET[$page_holder])) {
         $page = (int) $_GET[$page_holder];
     } elseif (isset($_POST[$page_holder])) {
         $page = (int) $_POST[$page_holder];
     } else {
         $page = 1;
     }
     if (empty($page) || $page < 1) {
         $page = 1;
     }
     $this->current_page_number = $page;
     $this->number_of_rows_per_page = $max_rows;
     $pos_to = strlen($this->sql_query);
     $pos_from = strpos($this->sql_query, ' from', 0);
     $pos_group_by = strpos($this->sql_query, ' group by', $pos_from);
     if ($pos_group_by < $pos_to && $pos_group_by != false) {
         $pos_to = $pos_group_by;
     }
     $pos_having = strpos($this->sql_query, ' having', $pos_from);
     if ($pos_having < $pos_to && $pos_having != false) {
         $pos_to = $pos_having;
     }
     $pos_order_by = strpos($this->sql_query, ' order by', $pos_from);
     if ($pos_order_by < $pos_to && $pos_order_by != false) {
         $pos_to = $pos_order_by;
     }
     if (strpos($this->sql_query, 'distinct') || strpos($this->sql_query, 'group by')) {
         $count_string = 'distinct ' . xos_db_input($count_key);
     } else {
         $count_string = xos_db_input($count_key);
     }
     $count_query = xos_db_query("select count(" . $count_string . ") as total " . substr($this->sql_query, $pos_from, $pos_to - $pos_from));
     $count = xos_db_fetch_array($count_query);
     $this->number_of_rows = $count['total'];
     $this->number_of_pages = ceil($this->number_of_rows / $this->number_of_rows_per_page);
     if ($this->current_page_number > $this->number_of_pages) {
         $this->current_page_number = $this->number_of_pages;
     }
     $offset = $this->number_of_rows_per_page * ($this->current_page_number - 1);
     $this->sql_query .= " limit " . max($offset, 0) . ", " . $this->number_of_rows_per_page;
 }
示例#5
0
     $orders_history_query = xos_db_query("select orders_status_id, date_added, customer_notified, comments from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_id = '" . xos_db_input($oID) . "' order by date_added, orders_status_history_id");
     if (xos_db_num_rows($orders_history_query)) {
         $orders_history_array = array();
         while ($orders_history = xos_db_fetch_array($orders_history_query)) {
             $customer_notified = false;
             if ($orders_history['customer_notified'] == '1') {
                 $customer_notified = true;
             }
             $orders_history_array[] = array('date_added' => xos_datetime_short($orders_history['date_added']), 'status' => $orders_status_array[$orders_history['orders_status_id']], 'comments' => nl2br(xos_db_output($orders_history['comments'])), 'customer_notified' => $customer_notified);
         }
         $smarty->assign('orders_history', $orders_history_array);
     } else {
     }
     $languages_query = xos_db_query("select name from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $order->info['language_id'] . "'");
     if (!xos_db_num_rows($languages_query)) {
         $lang_query = xos_db_query("select name from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
         $languages = xos_db_fetch_array($lang_query);
     } else {
         $languages = xos_db_fetch_array($languages_query);
     }
     if (SEND_EMAILS == 'true') {
         $smarty->assign(array('send_emails' => true, 'checkbox_notify' => xos_draw_checkbox_field('notify', '', true), 'checkbox_notify_comments' => xos_draw_checkbox_field('notify_comments', '', true)));
     }
     if (sizeof($order->info['tax_groups']) > 1) {
         $smarty->assign('tax_groups', true);
     }
     $smarty->assign(array('order_id' => $oID, 'order_language_name' => $languages['name'], 'date_purchased' => xos_datetime_short($order->info['date_purchased']), 'customer_address' => xos_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'), 'delivery_address' => xos_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'), 'billing_address' => xos_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'), 'c_id' => $order->customer['c_id'], 'telephone_number' => $order->customer['telephone'], 'email_address' => $order->customer['email_address'], 'payment_method' => $order->info['payment_method'], 'order_products' => $order_products_array, 'order_totals' => $order_totals_array, 'form_begin_status' => xos_draw_form('new_status', FILENAME_ORDERS, xos_get_all_get_params(array('action')) . 'action=update_order'), 'textarea_comments' => xos_draw_textarea_field('comments', '60', '5'), 'pull_down_status' => xos_draw_pull_down_menu('status', $orders_statuses, $order->info['orders_status']), 'form_end' => '</form>', 'link_filename_orders_invoice' => xos_href_link(FILENAME_ORDERS_INVOICE, 'oID=' . $_GET['oID']), 'link_filename_orders_packingslip' => xos_href_link(FILENAME_ORDERS_PACKINGSLIP, 'oID=' . $_GET['oID']), 'link_filename_orders' => xos_href_link(FILENAME_ORDERS, xos_get_all_get_params(array('action'))), 'edit' => true));
 } else {
     $orders_statuses = array();
     $orders_status_query = xos_db_query("select orders_status_id, orders_status_name from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $_SESSION['used_lng_id'] . "'");
     while ($orders_status = xos_db_fetch_array($orders_status_query)) {
     $elements_comb = explode('|', $combinations['attributes_combinations']);
     for ($i = 0, $n = sizeof($elements_comb); $i < $n; $i++) {
         if (strpos($elements_comb[$i], $combinations['options_id'] . ',' . $combinations['options_values_id']) !== false) {
             $qty -= $attributes_quantity[$elements_comb[$i]] > 0 ? $attributes_quantity[$elements_comb[$i]] : 0;
             unset($attributes_quantity[$elements_comb[$i]]);
             unset($elements_comb[$i]);
         }
     }
     ksort($attributes_quantity);
     ksort($elements_comb);
     $comb_str = '';
     $comb_str = implode('|', $elements_comb);
     $qty < 1 || $comb_str == '' ? $qty = 0 : '';
     if ($comb_str != '') {
         $comb_str .= '|';
         xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "', attributes_combinations = '" . xos_db_input($comb_str) . "', " . $not_updated . " where products_id = '" . (int) $products_id . "'");
     } else {
         xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $qty . "', products_last_modified = now(), attributes_quantity = null, attributes_combinations = null, attributes_not_updated = null where products_id = '" . (int) $products_id . "'");
     }
     $smarty_cache_control->clearAllCache();
 }
 xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_attributes_id = '" . (int) $attribute_id . "'");
 // added for DOWNLOAD_ENABLED. Always try to remove attributes, even if downloads are no longer enabled
 xos_db_query("delete from " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " where products_attributes_id = '" . (int) $attribute_id . "'");
 if ($qty < 1 && STOCK_CHECK == 'true' && STOCK_ALLOW_CHECKOUT == 'false') {
     xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $products_id . "'");
     $smarty_cache_control->clearAllCache();
 }
 $smarty_cache_control->clearCache(null, 'L3|cc_product_info');
 xos_redirect(xos_href_link(FILENAME_PRODUCTS_ATTRIBUTES, $parameter_string));
 break;
 if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
     $rating = xos_db_prepare_input($_POST['rating']);
     $review = xos_db_prepare_input(substr(strip_tags($_POST['review']), 0, 1000));
     $error = false;
     if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
         $error = true;
         $messageStack->add('review', JS_REVIEW_TEXT);
     }
     if ($rating < 1 || $rating > 5) {
         $error = true;
         $messageStack->add('review', JS_REVIEW_RATING);
     }
     if ($error == false) {
         xos_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int) $_GET['p'] . "', '" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($customer['customers_firstname']) . ' ' . xos_db_input($customer['customers_lastname']) . "', '" . xos_db_input($rating) . "', now())");
         $insert_id = xos_db_insert_id();
         xos_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int) $insert_id . "', '" . (int) $_SESSION['languages_id'] . "', '" . xos_db_input($review) . "')");
         $smarty->clearCache(null, 'L3|cc_reviews');
         $smarty->clearCache(null, 'L3|cc_product_reviews');
         xos_redirect(xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params(array('action', 'rmp')) . 'rmp=0'), false);
     }
 }
 require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_PRODUCT_REVIEWS_WRITE;
 $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_PRODUCT_REVIEWS, xos_get_all_get_params()));
 $add_header = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function checkForm() {' . "\n" . '  var error = 0;' . "\n" . '  var error_message = "' . JS_ERROR . '";' . "\n\n" . '  var review = document.product_reviews_write.review.value;' . "\n\n" . '  if (review.length < ' . REVIEW_TEXT_MIN_LENGTH . ') {' . "\n" . '    error_message = error_message + "* ' . JS_REVIEW_TEXT . '\\n";' . "\n" . '    error = 1;' . "\n" . '  }' . "\n\n" . '  if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {' . "\n" . '  } else {' . "\n" . '    error_message = error_message + "* ' . JS_REVIEW_RATING . '\\n";' . "\n" . '    error = 1;' . "\n" . '  }' . "\n\n" . '  if (error == 1) {' . "\n" . '    alert(error_message);' . "\n" . '    return false;' . "\n" . '  } else {' . "\n" . '    return true;' . "\n" . '  }' . "\n" . '}' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
 require DIR_WS_INCLUDES . 'html_header.php';
 require DIR_WS_INCLUDES . 'boxes.php';
 require DIR_WS_INCLUDES . 'header.php';
 require DIR_WS_INCLUDES . 'footer.php';
 $products_prices = xos_get_product_prices($product_info['products_price']);
 $products_tax_rate = xos_get_tax_rate($product_info['products_tax_class_id']);
 $price_breaks_array = array();
示例#8
0
//
//              You should have received a copy of the GNU General Public License
//              along with XOS-Shop.  If not, see <http://www.gnu.org/licenses/>.
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'catalog/templates/' . SELECTED_TPL . '/php/' . FILENAME_OFFLINE) == 'overwrite_all')) {
    header('HTTP/1.1 503 Service Temporarily Unavailable');
    header('Status: 503 Service Temporarily Unavailable');
    $_SESSION['navigation']->remove_current_page();
    require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE;
    $error = false;
    if (isset($_GET['action']) && $_GET['action'] == 'process') {
        $email_address = xos_db_prepare_input($_POST['email_address']);
        $password = xos_db_prepare_input($_POST['password']);
        // Check if email exists
        $check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
        if (!xos_db_num_rows($check_admin_query)) {
            $error = true;
        } else {
            $check_admin = xos_db_fetch_array($check_admin_query);
            // Check that password is good
            if (!xos_validate_password($password, $check_admin['login_password'])) {
                $error = true;
            } else {
                $_SESSION['access_allowed'] = true;
                xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
            }
        }
    }
    if ($error == true) {
        unset($_SESSION['access_allowed']);
 function send($newsletter_id)
 {
     global $messageStack;
     if (SEND_EMAILS != 'true') {
         $messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error');
         return false;
     }
     $audience = array();
     $ids = $_GET['customers_chosen'];
     $customers_query = xos_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_email_address from " . TABLE_CUSTOMERS . " c where c.customers_id in (" . $ids . ")");
     while ($customers = xos_db_fetch_array($customers_query)) {
         $audience[$customers['customers_id']] = array('firstname' => $customers['customers_firstname'], 'lastname' => $customers['customers_lastname'], 'email_address' => $customers['customers_email_address']);
     }
     if (empty($this->language_directory)) {
         $lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
         $lang = xos_db_fetch_array($lang_query);
         $this->language_directory = $lang['directory'];
     }
     //Let's build a message object using the mailer class
     $email_to_customer = new mailer();
     $email_from_value = EMAIL_FROM;
     $from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8');
     $address = '';
     $name = '';
     $pieces = explode('<', $from);
     if (count($pieces) == 2) {
         $address = trim($pieces[1], " >");
         $name = trim($pieces[0]);
     } elseif (count($pieces) == 1) {
         $pos = stripos($pieces[0], '@');
         $address = $pos ? trim($pieces[0], " >") : '';
     }
     $email_to_customer->From = $address;
     $email_to_customer->FromName = $name;
     $email_to_customer->WordWrap = '100';
     $email_to_customer->Subject = $this->title;
     $smarty_product_notification = new Smarty();
     $smarty_product_notification->template_dir = DIR_FS_SMARTY . 'catalog/templates/';
     $smarty_product_notification->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/';
     $smarty_product_notification->config_dir = DIR_FS_SMARTY . 'catalog/';
     $smarty_product_notification->cache_dir = DIR_FS_SMARTY . 'catalog/cache/';
     $smarty_product_notification->left_delimiter = '[@{';
     $smarty_product_notification->right_delimiter = '}@]';
     $is_html = false;
     if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') {
         $is_html = true;
         $smarty_product_notification->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain));
         $smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_html.tpl');
         $output_product_notification_email_html = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_html.tpl');
         $smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl');
         $output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl');
         $email_to_customer->isHTML(true);
     } else {
         $smarty_product_notification->assign('content_text_plain', $this->content_text_plain);
         $smarty_product_notification->configLoad('languages/' . $this->language_directory . '_email.conf', 'product_notification_email_text.tpl');
         $output_product_notification_email_text = $smarty_product_notification->fetch(DEFAULT_TPL . '/includes/email/product_notification_email_text.tpl');
         $email_to_customer->isHTML(false);
     }
     reset($audience);
     while (list($key, $value) = each($audience)) {
         if ($is_html) {
             $email_to_customer->Body = $output_product_notification_email_html;
             $email_to_customer->AltBody = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8');
         } else {
             $email_to_customer->Body = html_entity_decode(strip_tags($output_product_notification_email_text), ENT_QUOTES, 'UTF-8');
         }
         $email_to_customer->addAddress($value['email_address'], $value['firstname'] . ' ' . $value['lastname']);
         if (!$email_to_customer->send()) {
             $messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_customer->ErrorInfo, '&lt;' . $value['email_address'] . '&gt;'), 'error');
         } else {
             $messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '&lt;' . $value['email_address'] . '&gt;'), 'success');
         }
         $email_to_customer->clearAddresses();
     }
     $newsletter_id = xos_db_prepare_input($newsletter_id);
     xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'");
 }
示例#10
0
 function send($newsletter_id)
 {
     global $messageStack;
     if (SEND_EMAILS != 'true') {
         $messageStack->add('news_email', ERROR_EMAIL_WAS_NOT_SENT, 'error');
         return false;
     }
     $ids = $_GET['customers_chosen'];
     $mail_query = xos_db_query("select s.subscriber_id, s.subscriber_email_address, s.subscriber_identity_code, c.customers_firstname, c.customers_lastname  from " . TABLE_NEWSLETTER_SUBSCRIBERS . " s left join " . TABLE_CUSTOMERS . " c on s.customers_id = c.customers_id where s.subscriber_id in (" . $ids . ") order by s.customers_id");
     if (empty($this->language_directory)) {
         $lang_query = xos_db_query("select directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
         $lang = xos_db_fetch_array($lang_query);
         $this->language_directory = $lang['directory'];
     }
     //Let's build a message object using the mailer class
     $email_to_subscriber = new mailer();
     $email_from_value = EMAIL_FROM;
     $from = html_entity_decode($email_from_value, ENT_QUOTES, 'UTF-8');
     $address = '';
     $name = '';
     $pieces = explode('<', $from);
     if (count($pieces) == 2) {
         $address = trim($pieces[1], " >");
         $name = trim($pieces[0]);
     } elseif (count($pieces) == 1) {
         $pos = stripos($pieces[0], '@');
         $address = $pos ? trim($pieces[0], " >") : '';
     }
     $email_to_subscriber->From = $address;
     $email_to_subscriber->FromName = $name;
     $email_to_subscriber->WordWrap = '100';
     $email_to_subscriber->Subject = $this->title;
     $smarty_newsletter = new Smarty();
     $smarty_newsletter->template_dir = DIR_FS_SMARTY . 'catalog/templates/';
     $smarty_newsletter->compile_dir = DIR_FS_SMARTY . 'catalog/templates_c/';
     $smarty_newsletter->config_dir = DIR_FS_SMARTY . 'catalog/';
     $smarty_newsletter->cache_dir = DIR_FS_SMARTY . 'catalog/cache/';
     $smarty_newsletter->left_delimiter = '[@{';
     $smarty_newsletter->right_delimiter = '}@]';
     $is_html = false;
     if ($this->content_text_htlm != '' && EMAIL_USE_HTML == 'true') {
         $is_html = true;
         $smarty_newsletter->assign(array('nl' => "\n", 'html_params' => HTML_PARAMS, 'xhtml_lang' => !empty($this->language_code) ? $this->language_code : DEFAULT_LANGUAGE, 'charset' => CHARSET, 'base_href' => substr(HTTP_SERVER, -1) == '/' ? HTTP_SERVER : '', 'content_text_htlm' => $this->content_text_htlm, 'content_text_plain' => $this->content_text_plain));
         $smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_html');
         $output_newsletter_email_html = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_html.tpl');
         $smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text');
         $output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl');
         $email_to_subscriber->isHTML(true);
     } else {
         $smarty_newsletter->assign(array('nl' => "\n", 'content_text_plain' => $this->content_text_plain));
         $smarty_newsletter->configLoad('languages/' . $this->language_directory . '_email.conf', 'newsletter_email_text');
         $output_newsletter_email_text = $smarty_newsletter->fetch(DEFAULT_TPL . '/includes/email/newsletter_email_text.tpl');
         $email_to_subscriber->isHTML(false);
     }
     while ($mail = xos_db_fetch_array($mail_query)) {
         $link_unsubscribe = xos_catalog_href_link('newsletter_subscribe.php', 'action=unsubscribe&amp;identity_code=' . $mail['subscriber_identity_code'], 'SSL');
         if ($is_html) {
             $email_to_subscriber->Body = $output_newsletter_email_html . '<a href="' . $link_unsubscribe . '"  target="_blank">' . $link_unsubscribe . '</a>' . "\n" . '</div>' . "\n" . '</body>' . "\n" . '</html>' . "\n";
             $email_to_subscriber->AltBody = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8');
         } else {
             $email_to_subscriber->Body = html_entity_decode(strip_tags($output_newsletter_email_text . $link_unsubscribe), ENT_QUOTES, 'UTF-8');
         }
         $email_to_subscriber->addAddress($mail['subscriber_email_address'], $mail['customers_firstname'] . ' ' . $mail['customers_lastname']);
         if (!$email_to_subscriber->send()) {
             $messageStack->add('news_email', sprintf(ERROR_PHP_MAILER, $email_to_subscriber->ErrorInfo, '&lt;' . $mail['subscriber_email_address'] . '&gt;'), 'error');
         } else {
             $messageStack->add('news_email', sprintf(NOTICE_EMAIL_SENT_TO, '&lt;' . $mail['subscriber_email_address'] . '&gt;'), 'success');
         }
         $email_to_subscriber->clearAddresses();
     }
     $newsletter_id = xos_db_prepare_input($newsletter_id);
     xos_db_query("update " . TABLE_NEWSLETTERS . " set date_sent = now(), status = '1', locked = '0' where newsletters_id = '" . xos_db_input($newsletter_id) . "'");
 }
示例#11
0
     $value = xos_db_prepare_input($_POST['value']);
     $languages = xos_get_languages();
     for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
         $language_id = $languages[$i]['id'];
         $sql_data_array = array('title' => xos_db_prepare_input(htmlspecialchars($title_array[$language_id])), 'code' => $code, 'symbol_left' => xos_db_prepare_input(htmlspecialchars($symbol_left_array[$language_id])), 'symbol_right' => xos_db_prepare_input(htmlspecialchars($symbol_right_array[$language_id])), 'decimal_point' => xos_db_prepare_input($decimal_point_array[$language_id]), 'thousands_point' => xos_db_prepare_input($thousands_point_array[$language_id]), 'decimal_places' => $decimal_places, 'value' => $value, 'last_updated' => 'now()');
         if ($action == 'insert') {
             $insert_sql_data = array('currencies_id' => (int) $currency_id, 'language_id' => (int) $language_id);
             $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
             xos_db_perform(TABLE_CURRENCIES, $sql_data_array);
             $currency_id = xos_db_insert_id();
         } elseif ($action == 'save') {
             xos_db_perform(TABLE_CURRENCIES, $sql_data_array, 'update', "currencies_id = '" . (int) $currency_id . "' and language_id = '" . (int) $language_id . "'");
         }
     }
     if (isset($_POST['default']) && $_POST['default'] == 'on') {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($code) . "' where configuration_key = 'DEFAULT_CURRENCY'");
     }
     $smarty_cache_control->clearAllCache();
     xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $currency_id));
     break;
 case 'deleteconfirm':
     $currencies_id = xos_db_prepare_input($_GET['cID']);
     $currency_query = xos_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . DEFAULT_CURRENCY . "'");
     $currency = xos_db_fetch_array($currency_query);
     if ($currency['currencies_id'] == $currencies_id) {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_CURRENCY'");
     }
     xos_db_query("delete from " . TABLE_CURRENCIES . " where currencies_id = '" . (int) $currencies_id . "'");
     $smarty_cache_control->clearAllCache();
     xos_redirect(xos_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page']));
     break;
 }
 if (isset($search_keywords) && sizeof($search_keywords) > 0) {
     $where_str .= " and (";
     for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) {
         switch ($search_keywords[$i]) {
             case '(':
             case ')':
             case 'and':
             case 'or':
                 $where_str .= " " . $search_keywords[$i] . " ";
                 break;
             default:
                 $keyword = xos_db_prepare_input($search_keywords[$i]);
                 $where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'";
                 if (isset($_GET['sid']) && $_GET['sid'] == '1') {
                     $where_str .= " or pd.products_description like '%" . xos_db_input($keyword) . "%' or pd.products_info like '%" . xos_db_input($keyword) . "%'";
                 }
                 $where_str .= ')';
                 break;
         }
     }
     $where_str .= " )";
 }
 if (xos_not_null($dfrom)) {
     $where_str .= " and p.products_date_added >= '" . xos_date_raw($dfrom) . "'";
 }
 if (xos_not_null($dto)) {
     $where_str .= " and p.products_date_added <= '" . xos_date_raw($dto) . "'";
 }
 if ($currencies->is_set($_SESSION['currency'])) {
     $rate = $currencies->get_value($_SESSION['currency']);
示例#13
0
         }
         
         'input_coupon_startdate' => xos_draw_date_selector('coupon_startdate', mktime(0,0,0, $coupon_startdate[1], $coupon_startdate[2], $coupon_startdate[0])),
         'input_coupon_finishdate' => xos_draw_date_selector('coupon_finishdate', mktime(0,0,0, $coupon_finishdate[1], $coupon_finishdate[2], $coupon_finishdate[0])),        
     */
     $languages = xos_get_languages();
     $coupon_content_array = array();
     for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
         $language_id = $languages[$i]['id'];
         $coupon_content_array[] = array('languages_image' => xos_image(DIR_WS_CATALOG_IMAGES . 'catalog/templates/' . DEFAULT_TPL . '/' . $languages[$i]['directory'] . '/' . $languages[$i]['image'], $languages[$i]['name']), 'input_coupon_name' => xos_draw_input_field('coupon_name[' . $languages[$i]['id'] . ']', $coupon_name[$language_id]), 'textarea_coupon_desc' => xos_draw_textarea_field('coupon_desc[' . $languages[$i]['id'] . ']', '24', '3', $coupon_desc[$language_id]));
     }
     $smarty->assign(array('new' => true, 'form_begin' => xos_draw_form('coupon', FILENAME_COUPON_ADMIN, 'action=update&oldaction=' . ($oldaction == 'voucheredit' ? $oldaction : $action) . '&cid=' . $_GET['cid'], 'post', 'enctype="multipart/form-data"'), 'radio_coupon_status_Y' => xos_draw_radio_field('coupon_status', 'Y', $in_status), 'radio_coupon_status_N' => xos_draw_radio_field('coupon_status', 'N', $out_status), 'input_coupon_amount' => xos_draw_input_field('coupon_amount', $coupon_amount), 'input_coupon_min_order' => xos_draw_input_field('coupon_min_order', $coupon_min_order), 'checkbox_coupon_free_ship' => xos_draw_checkbox_field('coupon_free_ship', $coupon_free_ship), 'input_coupon_code' => xos_draw_input_field('coupon_code', $coupon_code), 'input_coupon_uses_coupon' => xos_draw_input_field('coupon_uses_coupon', $coupon_uses_coupon), 'input_coupon_uses_user' => xos_draw_input_field('coupon_uses_user', $coupon_uses_user), 'input_coupon_products' => xos_draw_input_field('coupon_products', $coupon_products), 'input_coupon_categories' => xos_draw_input_field('coupon_categories', $coupon_categories), 'input_coupon_startdate' => xos_draw_input_field('coupon_startdate', xos_date_format(DATE_FORMAT_SHORT), 'id="coupon_startdate" style="background: #ffffcc;" size ="10"'), 'input_coupon_finishdate' => xos_draw_input_field('coupon_finishdate', xos_date_format(DATE_FORMAT_SHORT, mktime(0, 0, 0, date("m"), date("d"), date("Y") + 1)), 'id="coupon_finishdate" style="background: #ffffcc;" size ="10"'), 'link_filename_coupon_admin' => xos_href_link(FILENAME_COUPON_ADMIN), 'hidden_field_date_created' => xos_draw_hidden_field('date_created', $date_created), 'coupon_content' => $coupon_content_array, 'form_end' => '</form>'));
     break;
 default:
     if ($_GET['status'] == 'Y' || $_GET['status'] == 'N') {
         $cc_query_raw = "select coupon_active, coupon_id, coupon_code, coupon_amount, coupon_minimum_order, coupon_type, coupon_start_date,coupon_expire_date,uses_per_user,uses_per_coupon,restrict_to_products, restrict_to_categories, date_created,date_modified from " . TABLE_COUPONS . " where coupon_active='" . xos_db_input($_GET['status']) . "' and coupon_type != 'G'";
     } else {
         $cc_query_raw = "select coupon_active, coupon_id, coupon_code, coupon_amount, coupon_minimum_order, coupon_type, coupon_start_date,coupon_expire_date,uses_per_user,uses_per_coupon,restrict_to_products, restrict_to_categories, date_created,date_modified from " . TABLE_COUPONS . " where coupon_type != 'G'";
     }
     $cc_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $cc_query_raw, $cc_query_numrows);
     $cc_query = xos_db_query($cc_query_raw);
     $cc_list_array = array();
     while ($cc_list = xos_db_fetch_array($cc_query)) {
         $redeem_query = xos_db_query("select redeem_date from " . TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $cc_list['coupon_id'] . "'");
         if ($_GET['status'] == 'R' && xos_db_num_rows($redeem_query) == 0) {
             continue;
         }
         if ((!$_GET['cid'] || @$_GET['cid'] == $cc_list['coupon_id']) && !$cInfo) {
             $cInfo = new objectInfo($cc_list);
         }
         $selected = false;
示例#14
0
             xos_db_query("insert into " . TABLE_MANUFACTURERS_INFO . " (manufacturers_id, languages_id, manufacturers_name, manufacturers_url) values ('" . $manufacturers['manufacturers_id'] . "', '" . (int) $lID . "', '" . xos_db_input($manufacturers['manufacturers_name']) . "', '" . xos_db_input($manufacturers['manufacturers_url']) . "')");
         }
         // create additional orders_status records
         $orders_status_query = xos_db_query("select orders_status_id, orders_status_name, orders_status_code, public_flag, downloads_flag from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $default_language_id['languages_id'] . "'");
         while ($orders_status = xos_db_fetch_array($orders_status_query)) {
             xos_db_query("insert into " . TABLE_ORDERS_STATUS . " (orders_status_id, language_id, orders_status_name, orders_status_code, public_flag, downloads_flag) values ('" . (int) $orders_status['orders_status_id'] . "', '" . (int) $lID . "', '" . xos_db_input($orders_status['orders_status_name']) . "', '" . xos_db_input($orders_status['orders_status_code']) . "', '" . (int) $orders_status['public_flag'] . "', '" . (int) $orders_status['downloads_flag'] . "')");
         }
         // create additional tax_rates_description records
         $tax_rates_query = xos_db_query("select tr.tax_rates_id, trd.tax_description from " . TABLE_TAX_RATES . " tr left join " . TABLE_TAX_RATES_DESCRIPTION . " trd on tr.tax_rates_id = trd.tax_rates_id where trd.language_id = '" . (int) $default_language_id['languages_id'] . "'");
         while ($tax_rates = xos_db_fetch_array($tax_rates_query)) {
             xos_db_query("insert into " . TABLE_TAX_RATES_DESCRIPTION . " (tax_rates_id, language_id, tax_description) values ('" . (int) $tax_rates['tax_rates_id'] . "', '" . (int) $lID . "', '" . xos_db_input($tax_rates['tax_description']) . "')");
         }
         // create additional currencies records
         $currencies_query = xos_db_query("select currencies_id, title, code, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value, last_updated from " . TABLE_CURRENCIES . " where language_id = '" . (int) $default_language_id['languages_id'] . "'");
         while ($currencies = xos_db_fetch_array($currencies_query)) {
             xos_db_query("insert into " . TABLE_CURRENCIES . " (currencies_id, language_id, title, code, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value, last_updated) values ('" . (int) $currencies['currencies_id'] . "', '" . (int) $lID . "', '" . xos_db_input($currencies['title']) . "', '" . xos_db_input($currencies['code']) . "', '" . xos_db_input($currencies['symbol_left']) . "', '" . xos_db_input($currencies['symbol_right']) . "', '" . xos_db_input($currencies['decimal_point']) . "', '" . xos_db_input($currencies['thousands_point']) . "', '" . (int) $currencies['decimal_places'] . "', '" . xos_db_input($currencies['value']) . "', '" . xos_db_input($currencies['last_updated']) . "')");
         }
     }
     if ($_SESSION['languages_id'] == (int) $lID && $use_in_id < '3') {
         unset($_SESSION['language']);
     }
     $smarty_cache_control->clearAllCache();
     xos_redirect(xos_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page'] . '&lID=' . $_GET['lID']));
     break;
 case 'deleteconfirm':
     $lID = xos_db_prepare_input($_GET['lID']);
     xos_db_query("delete from " . TABLE_BANNERS_CONTENT . " where language_id = '" . (int) $lID . "'");
     xos_db_query("delete from " . TABLE_CATEGORIES_OR_PAGES_DATA . " where language_id = '" . (int) $lID . "'");
     xos_db_query("delete from " . TABLE_CONTENTS_DATA . " where language_id = '" . (int) $lID . "'");
     xos_db_query("delete from " . TABLE_PRODUCTS_DESCRIPTION . " where language_id = '" . (int) $lID . "'");
     xos_db_query("delete from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $lID . "'");
示例#15
0
 $from_str = "from " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS_INFO . " mi on (p.manufacturers_id = mi.manufacturers_id and mi.languages_id = '" . (int) $_SESSION['languages_id'] . "') left join " . TABLE_PRODUCTS_PRICES . " ppz on p.products_id = ppz.products_id and ppz.customers_group_id = '0' left join " . TABLE_PRODUCTS_PRICES . " pp on p.products_id = pp.products_id and pp.customers_group_id = '" . $customer_group_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id and s.customers_group_id = '" . $customer_group_id . "'";
 $from_str .= ", " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_CATEGORIES_OR_PAGES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c";
 $where_str = " where p.products_status = '1' and c.categories_or_pages_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int) $_SESSION['languages_id'] . "' and p.products_id = p2c.products_id and p2c.categories_or_pages_id = c.categories_or_pages_id ";
 if (isset($search_keywords) && sizeof($search_keywords) > 0) {
     $where_str .= " and (";
     for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) {
         switch ($search_keywords[$i]) {
             case '(':
             case ')':
             case 'and':
             case 'or':
                 $where_str .= " " . $search_keywords[$i] . " ";
                 break;
             default:
                 $keyword = xos_db_prepare_input($search_keywords[$i]);
                 $where_str .= "(pd.products_name like '%" . xos_db_input($keyword) . "%' or p.products_model like '%" . xos_db_input($keyword) . "%' or mi.manufacturers_name like '%" . xos_db_input($keyword) . "%'";
                 $where_str .= ')';
                 break;
         }
     }
     $where_str .= " )";
 }
 if (empty($_GET['sort']) || !preg_match('/^[0-9][ad]$/', $_GET['sort']) || substr($_GET['sort'], 0, 1) > sizeof($column_list)) {
     for ($i = 0, $n = sizeof($column_list); $i < $n; $i++) {
         if ($column_list[$i] == 'PRODUCT_LIST_NAME') {
             $_GET['sort'] = $i . 'a';
             $order_str = ' order by pd.products_name';
             break;
         }
     }
 } else {
示例#16
0
//              osCommerce, Open Source E-Commerce Solutions
//              http://www.oscommerce.com
//              Copyright (c) 2003 osCommerce
//              filename: configuration.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_CONFIGURATION) == 'overwrite_all')) {
    $action = isset($_GET['action']) ? $_GET['action'] : '';
    if (xos_not_null($action)) {
        switch ($action) {
            case 'save':
                $configuration_value = is_array($_POST['configuration_value']) ? implode(',', xos_db_prepare_input($_POST['configuration_value'])) : xos_db_prepare_input(htmlspecialchars($_POST['configuration_value']));
                $cID = xos_db_prepare_input($_GET['cID']);
                xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($configuration_value) . "', last_modified = now() where configuration_id = '" . (int) $cID . "'");
                $smarty_cache_control->clearAllCache();
                xos_redirect(xos_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . $cID));
                break;
        }
    }
    $gID = isset($_GET['gID']) ? $_GET['gID'] : 1;
    $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
    require DIR_WS_INCLUDES . 'html_header.php';
    require DIR_WS_INCLUDES . 'header.php';
    require DIR_WS_INCLUDES . 'column_left.php';
    require DIR_WS_INCLUDES . 'footer.php';
    $configuration_query = xos_db_query("select configuration_id, configuration_key as lang_key, configuration_value, use_function from " . TABLE_CONFIGURATION . " where configuration_group_id = '" . (int) $gID . "' order by sort_order");
    $configurations_array = array();
    while ($configuration = xos_db_fetch_array($configuration_query)) {
        if (xos_not_null($configuration['use_function'])) {
示例#17
0
function xos_remove_order($order_id, $restock = false, $orders_status_code = '')
{
    global $messageStack;
    $order_query = xos_db_query("select products_id, products_model, products_name, products_attributes_sting, products_quantity from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'");
    while ($order = xos_db_fetch_array($order_query)) {
        $error = false;
        if ($restock == 'on') {
            $stock_query = xos_db_query("select products_quantity, attributes_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int) $order['products_id'] . "'");
            $stock_values = xos_db_fetch_array($stock_query);
            if (xos_not_null($order['products_attributes_sting'])) {
                $attributes_quantity = xos_get_attributes_quantity($stock_values['attributes_quantity']);
                if (xos_not_null($attributes_quantity[$order['products_attributes_sting']])) {
                    $stock_new = $attributes_quantity[$order['products_attributes_sting']] + $order['products_quantity'];
                    if ($attributes_quantity[$order['products_attributes_sting']] >= 0) {
                        $stock_values['products_quantity'] = $stock_values['products_quantity'] + $order['products_quantity'];
                    } else {
                        $stock_values['products_quantity'] = $stock_values['products_quantity'] + max(0, $stock_new);
                    }
                    $attributes_quantity[$order['products_attributes_sting']] = $stock_new;
                    xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) $stock_values['products_quantity'] . "', products_last_modified = now(), attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "' where products_id = '" . (int) $order['products_id'] . "'");
                } else {
                    $error = true;
                    $messageStack->add_session('header', sprintf(COULD_NOT_RESTOCK_PRODUCT_QUANTITY, $order['products_model'], $order['products_name']), 'error');
                }
            } else {
                if (xos_not_null($stock_values['attributes_quantity'])) {
                    $error = true;
                    $messageStack->add_session('header', sprintf(COULD_NOT_RESTOCK_PRODUCT_QUANTITY, $order['products_model'], $order['products_name']), 'error');
                } else {
                    xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = products_quantity + " . $order['products_quantity'] . ", products_last_modified = now() where products_id = '" . (int) $order['products_id'] . "'");
                }
            }
        }
        // Update products_ordered (for bestsellers list)
        if (!$error && $orders_status_code != 'paypal_st') {
            xos_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered - " . $order['products_quantity'] . " where products_id = '" . (int) $order['products_id'] . "'");
        }
    }
    xos_db_query("delete from " . TABLE_ORDERS . " where orders_id = '" . (int) $order_id . "'");
    xos_db_query("delete from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int) $order_id . "'");
    xos_db_query("delete from " . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . " where orders_id = '" . (int) $order_id . "'");
    xos_db_query("delete from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_id = '" . (int) $order_id . "'");
    xos_db_query("delete from " . TABLE_ORDERS_TOTAL . " where orders_id = '" . (int) $order_id . "'");
    xos_db_query('delete from ' . TABLE_ORDERS_PRODUCTS_DOWNLOAD . ' where orders_id = "' . (int) $order_id . '"');
}
示例#18
0
//              Copyright (c) 2003 osCommerce
//              filename: reviews.php
//
//              Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_REVIEWS) == 'overwrite_all')) {
    $action = isset($_GET['action']) ? $_GET['action'] : '';
    if (xos_not_null($action)) {
        switch ($action) {
            case 'update':
                $reviews_id = xos_db_prepare_input($_GET['rID']);
                $reviews_rating = xos_db_prepare_input($_POST['reviews_rating']);
                $reviews_text = xos_db_prepare_input(substr(strip_tags($_POST['reviews_text']), 0, 1000));
                xos_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . xos_db_input($reviews_rating) . "', last_modified = now() where reviews_id = '" . (int) $reviews_id . "'");
                xos_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . xos_db_input($reviews_text) . "' where reviews_id = '" . (int) $reviews_id . "'");
                $smarty_cache_control->clearCache(null, 'L3|cc_reviews');
                $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews');
                $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info');
                xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id));
                break;
            case 'deleteconfirm':
                $reviews_id = xos_db_prepare_input($_GET['rID']);
                xos_db_query("delete from " . TABLE_REVIEWS . " where reviews_id = '" . (int) $reviews_id . "'");
                xos_db_query("delete from " . TABLE_REVIEWS_DESCRIPTION . " where reviews_id = '" . (int) $reviews_id . "'");
                $smarty_cache_control->clearCache(null, 'L3|cc_reviews');
                $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews');
                $smarty_cache_control->clearCache(null, 'L3|cc_product_reviews_info');
                xos_redirect(xos_href_link(FILENAME_REVIEWS, 'page=' . $_GET['page']));
                break;
        }
示例#19
0
     }
     $smarty->assign(array('shipping_allowed' => $shipping_allowed_array, 'new' => true, 'form_begin_customers_new' => xos_draw_form('customers', FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action')) . 'action=newconfirm', 'post', 'onsubmit="return check_form();"'), 'group_name_in_values' => xos_draw_input_field('customers_group_name', '', 'maxlength="32"', false), 'group_discount_in_out_values' => xos_draw_input_field('customers_group_discount', $cInfo->customers_group_discount, 'maxlength="5" size="5"', false), 'group_show_tax_in_values' => xos_draw_pull_down_menu('customers_group_show_tax', $cg_show_tax_array, '1'), 'group_tax_exempt_in_values' => xos_draw_pull_down_menu('customers_group_tax_exempt', $cg_tax_exempt_array, '0'), 'group_payment_settings_in_values_1' => xos_draw_radio_field('group_payment_settings', '1', false, '0'), 'group_payment_settings_in_values_0' => xos_draw_radio_field('group_payment_settings', '0', false, '0'), 'group_shipment_settings_in_values_1' => xos_draw_radio_field('group_shipment_settings', '1', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'group_shipment_settings_in_values_0' => xos_draw_radio_field('group_shipment_settings', '0', false, xos_not_null($cInfo->group_shipment_allowed) ? '1' : '0'), 'link_filename_customers_groups' => xos_href_link(FILENAME_CUSTOMERS_GROUPS, xos_get_all_get_params(array('action', 'cID'))), 'form_end' => '</form>'));
 } else {
     switch ($_GET[listing]) {
         case "group":
             $order = "g.customers_group_name";
             break;
         case "group-desc":
             $order = "g.customers_group_name DESC";
             break;
         default:
             $order = "g.customers_group_id ASC";
     }
     $search_string = '';
     if ($_GET['search'] && xos_not_null($_GET['search'])) {
         $keywords = xos_db_input(xos_db_prepare_input($_GET['search']));
         $search_string = "where g.customers_group_name like '%" . $keywords . "%'";
     }
     $customers_groups_query_raw = "select g.customers_group_id, g.customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " g  " . $search_string . " order by {$order}";
     $customers_groups_split = new splitPageResults($_GET['page'], MAX_DISPLAY_RESULTS, $customers_groups_query_raw, $customers_groups_query_numrows);
     $customers_groups_query = xos_db_query($customers_groups_query_raw);
     $customers_groups_array = array();
     while ($customers_groups = xos_db_fetch_array($customers_groups_query)) {
         $info_query = xos_db_query("select customers_info_date_account_created as date_account_created, customers_info_date_account_last_modified as date_account_last_modified, customers_info_date_of_last_logon as date_last_logon, customers_info_number_of_logons as number_of_logons from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . $customers_groups['customers_group_id'] . "'");
         $info = xos_db_fetch_array($info_query);
         if ((!isset($_GET['cID']) || isset($_GET['cID']) && $_GET['cID'] == $customers_groups['customers_group_id']) && !isset($cInfo)) {
             $cInfo = new objectInfo($customers_groups);
         }
         $selected = false;
         if (is_object($cInfo) && $customers_groups['customers_group_id'] == $cInfo->customers_group_id) {
             $selected = true;
示例#20
0
function xos_whos_online_update_session_id($old_id, $new_id)
{
    xos_db_query("update " . TABLE_WHOS_ONLINE . " set session_id = '" . xos_db_input($new_id) . "' where session_id = '" . xos_db_input($old_id) . "'");
}
示例#21
0
     if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
         $error = true;
         $messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR);
     }
     if ($error == false) {
         $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax);
         if (ACCOUNT_GENDER == 'true') {
             $sql_data_array['customers_gender'] = $gender;
         }
         if (ACCOUNT_DOB == 'true') {
             $sql_data_array['customers_dob'] = xos_date_raw($dob);
         }
         xos_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
         xos_db_query("delete from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "' and customers_id <> '" . (int) $_SESSION['customer_id'] . "'");
         xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
         xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set subscriber_language_id = '" . xos_db_input($language_id) . "', subscriber_email_address = '" . xos_db_input($email_address) . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
         $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname);
         if (ACCOUNT_GENDER == 'true') {
             $sql_data_array['entry_gender'] = $gender;
         }
         xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'");
         // reset the session variables
         if (ACCOUNT_GENDER == 'true') {
             $_SESSION['customer_gender'] = $gender;
         }
         $_SESSION['customer_first_name'] = $firstname;
         $_SESSION['customer_lastname'] = $lastname;
         $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success');
         xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
     }
 }
示例#22
0
             xos_db_perform(TABLE_ORDERS_STATUS, $sql_data_array, 'update', "orders_status_id = '" . (int) $orders_status_id . "' and language_id = '" . (int) $language_id . "'");
         }
     }
     if (isset($_POST['default']) && $_POST['default'] == 'on') {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '" . xos_db_input($orders_status_id) . "' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
     }
     xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page'] . '&oID=' . $orders_status_id));
     break;
 case 'deleteconfirm':
     $oID = xos_db_prepare_input($_GET['oID']);
     $orders_status_query = xos_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
     $orders_status = xos_db_fetch_array($orders_status_query);
     if ($orders_status['configuration_value'] == $oID) {
         xos_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = '' where configuration_key = 'DEFAULT_ORDERS_STATUS_ID'");
     }
     xos_db_query("delete from " . TABLE_ORDERS_STATUS . " where orders_status_id = '" . xos_db_input($oID) . "'");
     xos_redirect(xos_href_link(FILENAME_ORDERS_STATUS, 'page=' . $_GET['page']));
     break;
 case 'delete':
     $oID = xos_db_prepare_input($_GET['oID']);
     $status_query = xos_db_query("select count(*) as count from " . TABLE_ORDERS . " where orders_status = '" . (int) $oID . "'");
     $status = xos_db_fetch_array($status_query);
     $remove_status = true;
     if ($oID == DEFAULT_ORDERS_STATUS_ID) {
         $remove_status = false;
         $messageStack->add('header', ERROR_REMOVE_DEFAULT_ORDER_STATUS, 'error');
     } elseif ($status['count'] > 0) {
         $remove_status = false;
         $messageStack->add('header', ERROR_STATUS_USED_IN_ORDERS, 'error');
     } else {
         $history_query = xos_db_query("select count(*) as count from " . TABLE_ORDERS_STATUS_HISTORY . " where orders_status_id = '" . (int) $oID . "'");
示例#23
0
             $insert_sql_data = array('manufacturers_id' => $manufacturers_id, 'languages_id' => $language_id);
             $sql_data_array = array_merge($sql_data_array, $insert_sql_data);
             xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array);
         } elseif ($action == 'save') {
             xos_db_perform(TABLE_MANUFACTURERS_INFO, $sql_data_array, 'update', "manufacturers_id = '" . (int) $manufacturers_id . "' and languages_id = '" . (int) $language_id . "'");
         }
     }
     $smarty_cache_control->clearAllCache();
     xos_redirect(xos_href_link(FILENAME_MANUFACTURERS, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'mID=' . $manufacturers_id));
     break;
 case 'deleteconfirm':
     $manufacturers_id = xos_db_prepare_input($_GET['mID']);
     if (isset($_POST['delete_image']) && $_POST['delete_image'] == 'on') {
         $manufacturer_query = xos_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
         $manufacturer = xos_db_fetch_array($manufacturer_query);
         $duplicate_image_query = xos_db_query("select count(*) as total from " . TABLE_MANUFACTURERS . " where manufacturers_image = '" . xos_db_input($manufacturer['manufacturers_image']) . "'");
         $duplicate_image = xos_db_fetch_array($duplicate_image_query);
         if ($duplicate_image['total'] < 2) {
             $image_location = DIR_FS_CATALOG_IMAGES . 'manufacturers/' . $manufacturer['manufacturers_image'];
             @unlink($image_location);
         }
     }
     xos_db_query("delete from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
     xos_db_query("delete from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
     if (isset($_POST['delete_products']) && $_POST['delete_products'] == 'on') {
         $products_query = xos_db_query("select products_id from " . TABLE_PRODUCTS . " where manufacturers_id = '" . (int) $manufacturers_id . "'");
         while ($products = xos_db_fetch_array($products_query)) {
             xos_remove_product($products['products_id']);
         }
     } else {
         xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), manufacturers_id = '' where manufacturers_id = '" . (int) $manufacturers_id . "'");
示例#24
0
             xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $new_country_id));
             break;
         case 'save':
             $countries_id = xos_db_prepare_input($_GET['cID']);
             $countries_name = xos_db_prepare_input($_POST['countries_name']);
             $actual_countries_name = xos_db_prepare_input($_POST['actual_countries_name']);
             $countries_iso_code_2 = xos_db_prepare_input($_POST['countries_iso_code_2']);
             $countries_iso_code_3 = xos_db_prepare_input($_POST['countries_iso_code_3']);
             $address_format_id = xos_db_prepare_input($_POST['address_format_id']);
             if (mb_strtolower($actual_countries_name) != mb_strtolower($countries_name)) {
                 $check_query = xos_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_name = '" . xos_db_input($countries_name) . "'");
                 if (xos_db_num_rows($check_query) || $countries_name == '') {
                     xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'] . '&countries_name=' . $countries_name . '&countries_iso_code_2=' . $countries_iso_code_2 . '&countries_iso_code_3=' . $countries_iso_code_3 . '&address_format_id=' . $address_format_id . '&action=edit&error_name=' . $countries_name));
                 }
             }
             xos_db_query("update " . TABLE_COUNTRIES . " set countries_name = '" . xos_db_input($countries_name) . "', countries_iso_code_2 = '" . xos_db_input($countries_iso_code_2) . "', countries_iso_code_3 = '" . xos_db_input($countries_iso_code_3) . "', address_format_id = '" . (int) $address_format_id . "' where countries_id = '" . (int) $countries_id . "'");
             $smarty_cache_control->clearAllCache();
             xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID']));
             break;
         case 'deleteconfirm':
             $countries_id = xos_db_prepare_input($_GET['cID']);
             xos_db_query("delete from " . TABLE_COUNTRIES . " where countries_id = '" . (int) $countries_id . "'");
             xos_db_query("delete from " . TABLE_ZONES . " where zone_country_id = '" . (int) $countries_id . "'");
             $smarty_cache_control->clearAllCache();
             xos_redirect(xos_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page']));
             break;
     }
 }
 $javascript = '<script type="text/javascript" src="' . DIR_WS_ADMIN . 'includes/general.js"></script>' . "\n";
 require DIR_WS_INCLUDES . 'html_header.php';
 require DIR_WS_INCLUDES . 'header.php';
示例#25
0
         if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
             xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'");
             $smarty->clearAllCache();
         }
     } else {
         $stock_query = xos_db_query("select products_quantity, attributes_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int) $product_id . "'");
         $stock_values = xos_db_fetch_array($stock_query);
         $attributes_quantity = xos_get_attributes_quantity($stock_values['attributes_quantity']);
         if (xos_not_null($attributes_quantity)) {
             list($prid, $params_sting) = explode('-', $order->products[$i]['id']);
             $stock_left = $attributes_quantity[$params_sting] - $order->products[$i]['qty'];
             if ($attributes_quantity[$params_sting] > 0) {
                 $stock_values['products_quantity'] = $stock_values['products_quantity'] - min($attributes_quantity[$params_sting], $order->products[$i]['qty']);
             }
             $attributes_quantity[$params_sting] = $stock_left;
             xos_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . (int) max(0, $stock_values['products_quantity']) . "', attributes_quantity = '" . xos_db_input(serialize($attributes_quantity)) . "' where products_id = '" . (int) $product_id . "'");
             if ($stock_left < 1) {
                 $smarty->clearCache(null, 'L3|cc_product_info');
             }
             if ($stock_values['products_quantity'] < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
                 xos_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . (int) $product_id . "'");
                 $smarty->clearAllCache();
             }
         }
     }
 }
 // Update products_ordered (for bestsellers list)
 xos_db_query("update " . TABLE_PRODUCTS . " set products_last_modified = now(), products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . xos_get_prid($order->products[$i]['id']) . "'");
 $attributes_sting = null;
 if (strpos($order->products[$i]['id'], '-') !== false) {
     list($prid, $attributes_sting) = explode('-', $order->products[$i]['id']);
示例#26
0
         $mailer_error = true;
         $messageStack->add_session('header', sprintf(ERROR_PHP_MAILER, $gv_email->ErrorInfo, $mail_sent_to), 'error');
     } else {
         // Now create the coupon email entry
         xos_db_query("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $id1 . "', 'G', '" . $amount . "', now())");
         $insert_id = xos_db_insert_id();
         xos_db_query("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $mail_sent_to . "', now() )");
     }
     $_SESSION['used_lng_id'] = $used_lang_id;
 } else {
     $used_lang_id = $_SESSION['used_lng_id'];
     while ($mail = xos_db_fetch_array($mail_query)) {
         $id1 = create_coupon_code($mail['customers_email_address']);
         $languages_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where use_in_id > '1' and languages_id = '" . $mail['language_id'] . "'");
         if (!xos_db_num_rows($languages_query)) {
             $lang_query = xos_db_query("select languages_id, code, directory from " . TABLE_LANGUAGES . " where code = '" . xos_db_input(DEFAULT_LANGUAGE) . "'");
             $languages = xos_db_fetch_array($lang_query);
         } else {
             $languages = xos_db_fetch_array($languages_query);
         }
         $_SESSION['used_lng_id'] = $languages['languages_id'];
         $currencies = new currencies();
         if (EMAIL_USE_HTML == 'true') {
             $smarty_gv_email->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => $languages['code'], 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG_IMAGES . 'email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . DEFAULT_TPL . '/') . EMAIL_SHOP_LOGO, 'gv_message' => $message, 'gv_id' => $id1, 'gv_amount' => $currencies->format($amount), 'link_shop' => xos_catalog_href_link(), 'link_gv_redeem' => xos_catalog_href_link(FILENAME_CATALOG_GV_REDEEM, 'gv_no=' . $id1, 'SSL')));
             $smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_html');
             $output_gv_email_html = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_html.tpl');
             $smarty_gv_email->configLoad('languages/' . $languages['directory'] . '_email.conf', 'gv_email_text');
             $output_gv_email_text = $smarty_gv_email->fetch(DEFAULT_TPL . '/includes/email/gv_email_text.tpl');
             $gv_email->isHTML(true);
             $gv_email->Body = $output_gv_email_html;
             $gv_email->AltBody = $output_gv_email_text;
     $error = true;
     $messageStack->add('addressbook', ENTRY_CITY_ERROR);
     $smarty->assign('city_error', true);
 }
 if (!is_numeric($country)) {
     $error = true;
     $messageStack->add('addressbook', ENTRY_COUNTRY_ERROR);
     $smarty->assign('country_error', true);
 }
 if (ACCOUNT_STATE == 'true') {
     $zone_id = 0;
     $check_query = xos_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'");
     $check = xos_db_fetch_array($check_query);
     $entry_state_has_zones = $check['total'] > 0;
     if ($entry_state_has_zones == true) {
         $zone_query = xos_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and zone_name = '" . xos_db_input($state) . "'");
         if (xos_db_num_rows($zone_query) == 1) {
             $zone = xos_db_fetch_array($zone_query);
             $zone_id = $zone['zone_id'];
         } else {
             $error = true;
             $messageStack->add('addressbook', ENTRY_STATE_ERROR_SELECT);
             $smarty->assign('state_error', true);
         }
     } else {
         if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
             $error = true;
             $messageStack->add('addressbook', ENTRY_STATE_ERROR);
             $smarty->assign('state_error', true);
         }
     }
                 xos_db_perform(TABLE_SPECIALS, array('specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'), 'update', "customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
             } else {
                 xos_db_query("delete from " . TABLE_SPECIALS . " where customers_group_id = '" . $customers_group['customers_group_id'] . "' and products_id = '" . (int) $products_id . "'");
             }
         } else {
             if ($special_price > 0) {
                 xos_db_perform(TABLE_SPECIALS, array('products_id' => (int) $products_id, 'customers_group_id' => $customers_group['customers_group_id'], 'specials_new_products_price' => $special_price, 'expires_date' => $special_expires_date, 'status' => $product_special_status, 'error' => $this_group_specials_error ? '1' : '0'));
             }
         }
     }
     if (isset($_POST['attributes_price_array'])) {
         $attributes_price_array = unserialize(stripslashes($_POST['attributes_price_array']));
         foreach ($attributes_price_array as $key => $value) {
             if ($_POST['value_price_' . $key] != $key[$value['value_price']] || $_POST['price_prefix_' . $key] != $key[$value['price_prefix']]) {
                 $_POST['price_prefix_' . $key] = $_POST['price_prefix_' . $key] == '-' && $_POST['value_price_' . $key] > 0 ? '-' : '+';
                 xos_db_query("update " . TABLE_PRODUCTS_ATTRIBUTES . " set options_values_price = '" . (double) $_POST['value_price_' . $key] . "', price_prefix = '" . xos_db_input($_POST['price_prefix_' . $key]) . "' where products_attributes_id = '" . (int) $key . "'");
             }
         }
     }
     $sql_data_array = array('products_price' => serialize($prices_array));
     xos_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'");
     $smarty_cache_control->clearAllCache();
     if ($specials_error) {
         $messageStack->add_session('price_error', ERROR_NOT_ALL_NECESSARY_PRICES, 'error');
         xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'product_ID=' . $products_id . '&categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '') . '&errGr=' . substr($spec_err_gr, 0, -1)));
     }
     xos_redirect(xos_href_link(FILENAME_UPDATE_PRODUCTS_PRICES, 'categories_or_pages_id=' . $categories_or_pages_id . '&manufacturers_id=' . $manufacturers_id . '&max_rows=' . $_GET['max_rows'] . '&page=' . $_GET['page'] . ($_GET['specials_only'] ? '&specials_only=' . $_GET['specials_only'] : '')));
 }
 $max_display_update_prices_results_array = array();
 $set = false;
 for ($i = 50; $i <= 500; $i = $i + 50) {
示例#29
0
 function _sess_destroy($key)
 {
     return xos_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . xos_db_input($key) . "'");
 }
示例#30
0
function xos_db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link')
{
    reset($data);
    if ($action == 'insert') {
        $query = 'insert into ' . $table . ' (';
        while (list($columns, ) = each($data)) {
            $query .= $columns . ', ';
        }
        $query = substr($query, 0, -2) . ') values (';
        reset($data);
        while (list(, $value) = each($data)) {
            switch ((string) $value) {
                case 'now()':
                    $query .= 'now(), ';
                    break;
                case 'null':
                    $query .= 'null, ';
                    break;
                default:
                    $query .= '\'' . xos_db_input($value) . '\', ';
                    break;
            }
        }
        $query = substr($query, 0, -2) . ')';
    } elseif ($action == 'update') {
        $query = 'update ' . $table . ' set ';
        while (list($columns, $value) = each($data)) {
            switch ((string) $value) {
                case 'now()':
                    $query .= $columns . ' = now(), ';
                    break;
                case 'null':
                    $query .= $columns .= ' = null, ';
                    break;
                default:
                    $query .= $columns . ' = \'' . xos_db_input($value) . '\', ';
                    break;
            }
        }
        $query = substr($query, 0, -2) . ' where ' . $parameters;
    }
    return xos_db_query($query, $link);
}