function zen_set_ezpage_status($pages_id, $status, $status_field) { global $db; if ($status == '1') { zen_record_admin_activity('EZ-Page ID ' . (int) $pages_id . ' [' . $status_field . '] changed to 0', 'info'); return $db->Execute("update " . TABLE_EZPAGES . " set " . zen_db_input($status_field) . " = '0' where pages_id = '" . (int) $pages_id . "'"); } elseif ($status == '0') { zen_record_admin_activity('EZ-Page ID ' . (int) $pages_id . ' [' . $status_field . '] changed to 1', 'info'); return $db->Execute("update " . TABLE_EZPAGES . " set " . zen_db_input($status_field) . " = '1' where pages_id = '" . (int) $pages_id . "'"); } else { return -1; } }
*/ require 'includes/application_top.php'; require DIR_WS_CLASSES . 'currencies.php'; $currencies = new currencies(); $languages = zen_get_languages(); $action = isset($_GET['action']) ? $_GET['action'] : ''; if (zen_not_null($action)) { switch ($action) { case 'insert': case 'save': $sql = "update " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " set products_attributes_filename=:filename:, products_attributes_maxdays=:maxdays:, products_attributes_maxcount=:maxcount: where products_attributes_id='" . (int) $_GET['padID'] . "'"; $sql = $db->bindVars($sql, ':filename:', $_POST['products_attributes_filename'], 'string'); $sql = $db->bindVars($sql, ':maxdays:', $_POST['products_attributes_maxdays'], 'string'); $sql = $db->bindVars($sql, ':maxcount:', $_POST['products_attributes_maxcount'], 'string'); $db->Execute($sql); zen_record_admin_activity('Downloads-manager details added/updated for ' . $_POST['products_attributes_filename'], 'info'); zen_redirect(zen_href_link(FILENAME_DOWNLOADS_MANAGER, 'padID=' . (int) $_GET['padID'] . '&page=' . (int) $_GET['page'])); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?> ">
if ($rate != 1 && defined('CURRENCY_UPLIFT_RATIO') && (int) CURRENCY_UPLIFT_RATIO != 0) { $rate = (string) ((double) $rate * (double) CURRENCY_UPLIFT_RATIO); } // special handling for currencies which don't support decimal places if ($currency->fields['decimal_places'] == '0') { $rate = (int) $rate; } if (zen_not_null($rate) && $rate > 0) { $db->Execute("update " . TABLE_CURRENCIES . "\r\n set value = '" . $rate . "', last_updated = now()\r\n where currencies_id = '" . (int) $currency->fields['currencies_id'] . "'"); $messageStack->add_session(sprintf(TEXT_INFO_CURRENCY_UPDATED, $currency->fields['title'], $currency->fields['code'], $server_used), 'success'); } else { $messageStack->add_session(sprintf(ERROR_CURRENCY_INVALID, $currency->fields['title'], $currency->fields['code'], $server_used), 'error'); } $currency->MoveNext(); } zen_record_admin_activity('Currency exchange rates updated via the Update button in the admin console.', 'info'); zen_redirect(zen_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); break; case 'delete': // demo active test if (zen_admin_demo()) { $_GET['action'] = ''; $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution'); zen_redirect(zen_href_link(FILENAME_CURRENCIES, 'page=' . $_GET['page'] . '&cID=' . $_GET['cID'])); } $currencies_id = zen_db_prepare_input($_GET['cID']); $currency = $db->Execute("select code\r\n from " . TABLE_CURRENCIES . "\r\n where currencies_id = '" . (int) $currencies_id . "'"); $remove_currency = true; if ($currency->fields['code'] == DEFAULT_CURRENCY) { $remove_currency = false; $messageStack->add(ERROR_REMOVE_DEFAULT_CURRENCY, 'error');
function zen_remove($source) { global $messageStack, $zen_remove_error; if (isset($zen_remove_error)) { $zen_remove_error = false; } if (is_dir($source)) { $dir = dir($source); while ($file = $dir->read()) { if ($file != '.' && $file != '..') { if (is_writeable($source . '/' . $file)) { zen_remove($source . '/' . $file); } else { $messageStack->add(sprintf(ERROR_FILE_NOT_REMOVEABLE, $source . '/' . $file), 'error'); $zen_remove_error = true; } } } $dir->close(); if (is_writeable($source)) { rmdir($source); zen_record_admin_activity('Removed directory from server: [' . $source . ']', 'notice'); } else { $messageStack->add(sprintf(ERROR_DIRECTORY_NOT_REMOVEABLE, $source), 'error'); $zen_remove_error = true; } } else { if (is_writeable($source)) { unlink($source); zen_record_admin_activity('Deleted file from server: [' . $source . ']', 'notice'); } else { $messageStack->add(sprintf(ERROR_FILE_NOT_REMOVEABLE, $source), 'error'); $zen_remove_error = true; } } }
$reviews = $db->Execute("select reviews_id\n from " . TABLE_REVIEWS . "\n where customers_id = '" . (int) $customers_id . "'"); while (!$reviews->EOF) { $db->Execute("delete from " . TABLE_REVIEWS_DESCRIPTION . "\n where reviews_id = '" . (int) $reviews->fields['reviews_id'] . "'"); $reviews->MoveNext(); } $db->Execute("delete from " . TABLE_REVIEWS . "\n where customers_id = '" . (int) $customers_id . "'"); } else { $db->Execute("update " . TABLE_REVIEWS . "\n set customers_id = null\n where customers_id = '" . (int) $customers_id . "'"); } $db->Execute("delete from " . TABLE_ADDRESS_BOOK . "\n where customers_id = '" . (int) $customers_id . "'"); $db->Execute("delete from " . TABLE_CUSTOMERS . "\n where customers_id = '" . (int) $customers_id . "'"); $db->Execute("delete from " . TABLE_CUSTOMERS_INFO . "\n where customers_info_id = '" . (int) $customers_id . "'"); $db->Execute("delete from " . TABLE_CUSTOMERS_BASKET . "\n where customers_id = '" . (int) $customers_id . "'"); $db->Execute("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . "\n where customers_id = '" . (int) $customers_id . "'"); $db->Execute("delete from " . TABLE_WHOS_ONLINE . "\n where customer_id = '" . (int) $customers_id . "'"); zen_record_admin_activity('Customer with customer ID ' . (int) $customers_id . ' deleted.', 'warning'); zen_redirect(zen_href_link(FILENAME_CUSTOMERS, zen_get_all_get_params(array('cID', 'action')), 'NONSSL')); break; default: $customers = $db->Execute("select c.customers_id, c.customers_gender, c.customers_firstname,\n c.customers_lastname, c.customers_dob, c.customers_email_address,\n a.entry_company, a.entry_street_address, a.entry_suburb,\n a.entry_postcode, a.entry_city, a.entry_state, a.entry_zone_id,\n a.entry_country_id, c.customers_telephone, c.customers_fax,\n c.customers_newsletter, c.customers_default_address_id,\n c.customers_email_format, c.customers_group_pricing,\n c.customers_authorization, c.customers_referral\n from " . TABLE_CUSTOMERS . " c left join " . TABLE_ADDRESS_BOOK . " a\n on c.customers_default_address_id = a.address_book_id\n where a.customers_id = c.customers_id\n and c.customers_id = '" . (int) $customers_id . "'"); $cInfo = new objectInfo($customers->fields); } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php
function zen_deregister_admin_pages($pages) { global $db; if (!empty($pages)) { if (is_array($pages)) { $sql = "DELETE FROM " . TABLE_ADMIN_PAGES . " WHERE page_key IN ("; foreach ($pages as $page) { $sql .= ":page_key:,"; $sql = $db->bindVars($sql, ':page_key:', $page, 'string'); } $sql = substr($sql, 0, -1) . ")"; } else { $sql = "DELETE FROM " . TABLE_ADMIN_PAGES . " WHERE page_key = :page_key:"; $sql = $db->bindVars($sql, ':page_key:', $pages, 'string'); } $db->Execute($sql); zen_record_admin_activity('Deleted admin pages for page keys: ' . print_r($pages, true), 'warning'); } }
require 'includes/application_top.php'; $action = isset($_GET['action']) ? $_GET['action'] : ''; if (zen_not_null($action)) { switch ($action) { case 'save': $cID = zen_db_prepare_input($_GET['cID']); // demo active test if (zen_admin_demo()) { $_GET['action'] = ''; $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution'); zen_redirect(zen_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . (int) $cID)); } $configuration_value = zen_db_prepare_input($_POST['configuration_value']); $db->Execute("update " . TABLE_CONFIGURATION . "\r\n set configuration_value = '" . zen_db_input($configuration_value) . "',\r\n last_modified = now() where configuration_id = '" . (int) $cID . "'"); $result = $db->Execute("select configuration_key from " . TABLE_CONFIGURATION . " where configuration_id=" . (int) $cID . " LIMIT 1"); zen_record_admin_activity('Configuration setting changed for ' . $result->fields['configuration_key'] . ': ' . $configuration_value, 'warning'); // set the WARN_BEFORE_DOWN_FOR_MAINTENANCE to false if DOWN_FOR_MAINTENANCE = true if (WARN_BEFORE_DOWN_FOR_MAINTENANCE == 'true' && DOWN_FOR_MAINTENANCE == 'true') { $db->Execute("update " . TABLE_CONFIGURATION . "\r\n set configuration_value = 'false', last_modified = '" . NOW . "'\r\n where configuration_key = 'WARN_BEFORE_DOWN_FOR_MAINTENANCE'"); } zen_redirect(zen_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . (int) $cID)); break; } } $gID = isset($_GET['gID']) ? $_GET['gID'] : 1; $_GET['gID'] = $gID; $cfg_group = $db->Execute("select configuration_group_title\r\n from " . TABLE_CONFIGURATION_GROUP . "\r\n where configuration_group_id = '" . (int) $gID . "'"); if ($gID == 7) { $shipping_errors = ''; if (zen_get_configuration_key_value('SHIPPING_ORIGIN_ZIP') == 'NONE' or zen_get_configuration_key_value('SHIPPING_ORIGIN_ZIP') == '') { $shipping_errors .= '<br />' . ERROR_SHIPPING_ORIGIN_ZIP;
zen_record_admin_activity('Inserted special ' . (int) $v_products_id . ' via EP4.', 'info'); } $specials_print .= sprintf(EASYPOPULATE_4_SPECIALS_NEW, $v_products_model, substr(strip_tags($v_products_name[$epdlanguage_id]), 0, 10), $v_products_price, $v_specials_price); } else { // existing product if ($v_specials_price == '0') { // delete of existing requested $db->Execute("DELETE FROM " . TABLE_SPECIALS . " WHERE products_id = '" . (int) $v_products_id . "'"); $specials_print .= sprintf(EASYPOPULATE_4_SPECIALS_DELETE, $v_products_model); continue; } // just make an update $sql = "UPDATE " . TABLE_SPECIALS . " SET\n\t\t\t\t\t\tspecials_new_products_price\t= '" . $v_specials_price . "',\n\t\t\t\t\t\tspecials_last_modified\t\t= now(),\n\t\t\t\t\t\tspecials_date_available\t\t= '" . $v_specials_date_avail . "',\n\t\t\t\t\t\texpires_date\t\t\t\t= '" . $v_specials_expires_date . "',\n\t\t\t\t\t\tstatus\t\t\t\t\t\t= '1'\n\t\t\t\t\t\tWHERE products_id\t\t\t= '" . (int) $v_products_id . "'"; $result = ep_4_query($sql); if ($result) { zen_record_admin_activity('Updated special ' . (int) $v_products_id . ' via EP4.', 'info'); } $specials_print .= sprintf(EASYPOPULATE_4_SPECIALS_UPDATE, $v_products_model, substr(strip_tags($v_products_name[$epdlanguage_id]), 0, 10), $v_products_price, $v_specials_price); } // we still have our special here } // end specials for this product // this is a test chadd - 12-08-2011 // why not just update price_sorter after each product? // better yet, why not ONLY call if pricing was updated // ALL these affect pricing: products_tax_class_id, products_price, products_priced_by_attribute, product_is_free, product_is_call zen_update_products_price_sorter($v_products_id); } else { // this record is missing the product_model $display_output .= EASYPOPULATE_4_DISPLAY_RESULT_NO_MODEL; foreach ($items as $col => $summary) {
$sql = $db->bindVars($sql, ':countryID:', $countries_id, 'integer'); $result = $db->Execute($sql); if ($result->recordCount() == 0) { $db->Execute("delete from " . TABLE_COUNTRIES . "\n where countries_id = '" . (int) $countries_id . "'"); zen_record_admin_activity('Country deleted: ' . $countries_id, 'warning'); } else { $messageStack->add_session(ERROR_COUNTRY_IN_USE, 'error'); } zen_redirect(zen_href_link(FILENAME_COUNTRIES, 'page=' . $_GET['page'])); break; case 'setstatus': $countries_id = zen_db_prepare_input($_GET['cID']); if (isset($_POST['current_status']) && ($_POST['current_status'] == '0' || $_POST['current_status'] == '1')) { $sql = "update " . TABLE_COUNTRIES . " set status='" . ($_POST['current_status'] == 0 ? 1 : 0) . "' where countries_id='" . (int) $countries_id . "'"; $db->Execute($sql); zen_record_admin_activity('Country with ID number: ' . $countries_id . ' changed status to ' . ($_POST['current_status'] == 0 ? 1 : 0), 'info'); zen_redirect(zen_href_link(FILENAME_COUNTRIES, 'cID=' . (int) $countries_id . '&page=' . $_GET['page'])); } $action = ''; break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET;
$tax_description = zen_db_prepare_input($_POST['tax_description']); $tax_priority = zen_db_prepare_input((int) $_POST['tax_priority']); $db->Execute("update " . TABLE_TAX_RATES . "\r\n set tax_rates_id = '" . (int) $tax_rates_id . "',\r\n tax_zone_id = '" . (int) $tax_zone_id . "',\r\n tax_class_id = '" . (int) $tax_class_id . "',\r\n tax_rate = '" . zen_db_input($tax_rate) . "',\r\n tax_description = '" . zen_db_input($tax_description) . "',\r\n tax_priority = '" . zen_db_input($tax_priority) . "',\r\n last_modified = now() where tax_rates_id = '" . (int) $tax_rates_id . "'"); zen_record_admin_activity('Tax Rate updated for tax-rate-id ' . $tax_rates_id, 'info'); zen_redirect(zen_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'] . '&tID=' . $tax_rates_id)); break; case 'deleteconfirm': // demo active test if (zen_admin_demo()) { $_GET['action'] = ''; $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution'); zen_redirect(zen_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'])); } $tax_rates_id = zen_db_prepare_input($_POST['tID']); $db->Execute("delete from " . TABLE_TAX_RATES . "\r\n where tax_rates_id = '" . (int) $tax_rates_id . "'"); zen_record_admin_activity('Tax Rate deleted for tax-rate-id ' . (int) $tax_rates_id, 'notice'); zen_redirect(zen_href_link(FILENAME_TAX_RATES, 'page=' . $_GET['page'])); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?> ">
*/ if (!file_exists(SESSION_WRITE_DIRECTORY) || !is_writable(SESSION_WRITE_DIRECTORY)) { zen_record_admin_activity('Session directory folder not found. Will attempt to re-detect and update configuration. Old value: ' . SESSION_WRITE_DIRECTORY, 'notice'); define('DIR_FS_ROOT', realpath(dirname($_SERVER['SCRIPT_FILENAME']) . '/../') . '/'); $possible_dir[] = DIR_FS_SQL_CACHE; $possible_dir[] = DIR_FS_CATALOG . 'cache'; $possible_dir[] = DIR_FS_ROOT . 'cache'; $selected_dir = DIR_FS_CATALOG . 'cache'; foreach ($possible_dir as $dir) { if (!file_exists($dir)) { unset($dir); continue; } if (!is_writable($dir)) { unset($dir); continue; } $selected_dir = $dir; } if ($selected_dir == '') { $selected_dir = DIR_FS_CATALOG . 'cache'; } $sql = "update " . TABLE_CONFIGURATION . " set configuration_value = '" . $db->prepare_input(trim($selected_dir)) . "' where configuration_key = 'SESSION_WRITE_DIRECTORY'"; $db->Execute($sql); zen_record_admin_activity('Updated SESSION_WRITE_DIRECTORY configuration setting to ' . $selected_dir, 'notice'); if (!file_exists($selected_dir) || !is_writable($selected_dir)) { die('ALERT: Your cache directory does not exist or is not writable: ' . $selected_dir . ' ... This must be fixed before the page can load correctly.'); } zen_redirect(zen_href_link(FILENAME_DEFAULT)); exit(1); }
$limit = ' LIMIT '; if ($start > 0) { $limit .= (int) $start; } if ($start > 0 && $perpage > 0) { $limit .= ', '; } if ($perpage > 0) { $limit .= (int) $perpage; } } $sort = ''; switch ($action) { case 'save': global $db; zen_record_admin_activity(sprintf(TEXT_ACTIVITY_LOG_ACCESSED, $format, $selected_filter, $save_to_file_checked ? '(SaveToFile)' : ($format == 'HTML' ? '(Output to browser)' : '(Download to browser)')), 'warning'); if ($format == 'CSV') { $FIELDSTART = '"'; $FIELDEND = '"'; $FIELDSEPARATOR = ','; $LINESTART = ''; $LINEBREAK = "\n"; $sort = ' ASC '; $limit = ''; } if ($format == 'TXT') { $FIELDSTART = ''; $FIELDEND = ''; $FIELDSEPARATOR = "\t"; $LINESTART = ''; $LINEBREAK = "\n";
function save($overwrite = true) { global $messageStack; if (!$overwrite and file_exists($this->destination . $this->filename)) { $messageStack->add_session(TEXT_IMAGE_OVERWRITE_WARNING . $this->filename, 'caution'); return true; } else { if (substr($this->destination, -1) != '/') { $this->destination .= '/'; } if (move_uploaded_file($this->file['tmp_name'], $this->destination . $this->filename)) { chmod($this->destination . $this->filename, $this->permissions); if ($this->message_location == 'direct') { $messageStack->add(sprintf(SUCCESS_FILE_SAVED_SUCCESSFULLY, $this->filename), 'success'); } else { $messageStack->add_session(sprintf(SUCCESS_FILE_SAVED_SUCCESSFULLY, $this->filename), 'success'); } zen_record_admin_activity(sprintf(SUCCESS_FILE_SAVED_SUCCESSFULLY, $this->filename), 'notice'); return true; } else { if ($this->message_location == 'direct') { $messageStack->add(ERROR_FILE_NOT_SAVED, 'error'); } else { $messageStack->add_session(ERROR_FILE_NOT_SAVED, 'error'); } return false; } } }
if ((! isset($_SESSION['securityToken']) || ! isset($_POST['securityToken'])) || ($_SESSION['securityToken'] !== $_POST['securityToken'])) { $error = true; $message = ERROR_SECURITY_ERROR; zen_record_admin_activity(TEXT_ERROR_ATTEMPTED_ADMIN_LOGIN_WITHOUT_CSRF_TOKEN, 'warning'); } if ($_POST['action'] == 'do' . $_SESSION['securityToken']) { $admin_name = zen_db_prepare_input($_POST['admin_name']); $admin_pass = zen_db_prepare_input($_POST['admin_pass']); if ($admin_name == '' && $admin_pass == '') { sleep(4); $error = true; $message = ERROR_WRONG_LOGIN; zen_record_admin_activity(TEXT_ERROR_ATTEMPTED_ADMIN_LOGIN_WITHOUT_USERNAME, 'warning'); } else { list($error, $expired, $message, $redirect) = zen_validate_user_login($admin_name, $admin_pass); if ($redirect != '') zen_redirect($redirect); } } elseif ($_POST['action'] == 'rs' . $_SESSION['securityToken']) { $expired = true; $admin_name = zen_db_prepare_input($_POST['admin_name-' . $_SESSION['securityToken']]); $adm_old_pwd = zen_db_prepare_input($_POST['oldpwd-' . $_SESSION['securityToken']]); $adm_new_pwd = zen_db_prepare_input($_POST['newpwd-' . $_SESSION['securityToken']]); $adm_conf_pwd = zen_db_prepare_input($_POST['confpwd-' . $_SESSION['securityToken']]); $errors = zen_validate_pwd_reset_request($admin_name, $adm_old_pwd, $adm_new_pwd, $adm_conf_pwd); if (sizeof($errors) > 0)
$action = ''; zen_redirect(zen_href_link(FILENAME_DEFINE_PAGES_EDITOR)); break; case 'save': if ($_GET['lngdir'] && $_GET['filename']) { if (file_exists($file)) { if (file_exists('bak' . $file)) { @unlink('bak' . $file); } @rename($file, 'bak' . $file); $new_file = fopen($file, 'w'); $file_contents = stripslashes($_POST['file_contents']); fwrite($new_file, $file_contents, strlen($file_contents)); fclose($new_file); } zen_record_admin_activity('Define-Page-Editor was used to save changes to file ' . $file, 'info'); zen_redirect(zen_href_link(FILENAME_DEFINE_PAGES_EDITOR)); } break; } if (!$_SESSION['language']) { $_SESSION['language'] = $language; } $languages_array = array(); $languages = zen_get_languages(); $lng_exists = false; for ($i = 0; $i < sizeof($languages); $i++) { if ($languages[$i]['directory'] == $_SESSION['language']) { $lng_exists = true; } $languages_array[] = array('id' => $languages[$i]['directory'], 'text' => $languages[$i]['name']);
} zen_redirect(zen_href_link(FILENAME_ORDERS, zen_get_all_get_params(array('action')) . 'action=edit', 'NONSSL')); break; case 'doVoid': $order = new order($oID); if ($order->info['payment_module_code']) { if (file_exists(DIR_FS_CATALOG_MODULES . 'payment/' . $order->info['payment_module_code'] . '.php')) { require_once DIR_FS_CATALOG_MODULES . 'payment/' . $order->info['payment_module_code'] . '.php'; require_once DIR_FS_CATALOG_LANGUAGES . $_SESSION['language'] . '/modules/payment/' . $order->info['payment_module_code'] . '.php'; $module = new $order->info['payment_module_code'](); if (method_exists($module, '_doVoid')) { $module->_doVoid($oID); } } } zen_record_admin_activity('Order ' . $oID . ' void processed. See order comments for details.', 'info'); zen_redirect(zen_href_link(FILENAME_ORDERS, zen_get_all_get_params(array('action')) . 'action=edit', 'NONSSL')); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?> ">
$html_msg['GV_REDEEM'] = TEXT_TO_REDEEM . TEXT_WHICH_IS . ' <strong>' . $id1 . '</strong> ' . TEXT_IN_CASE; if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') { $message .= HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php/gv_redeem/gv_no/' . $id1 . "\n\n"; $html_msg['GV_CODE_URL'] = '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php/gv_redeem/gv_no/' . $id1 . '">' . TEXT_CLICK_TO_REDEEM . '</a>' . " "; } else { $message .= HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php?main_page=gv_redeem&gv_no=' . $id1 . "\n\n"; $html_msg['GV_CODE_URL'] = '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'index.php?main_page=gv_redeem&gv_no=' . $id1 . '">' . TEXT_CLICK_TO_REDEEM . '</a>' . " "; } $message .= TEXT_OR_VISIT . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . TEXT_ENTER_CODE . "\n\n"; $html_msg['GV_CODE_URL'] .= TEXT_OR_VISIT . '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . '">' . STORE_NAME . '</a>' . TEXT_ENTER_CODE; $html_msg['EMAIL_FIRST_NAME'] = $mail->fields['customers_firstname']; $html_msg['EMAIL_LAST_NAME'] = $mail->fields['customers_lastname']; // disclaimer $message .= "\n-----\n" . sprintf(EMAIL_DISCLAIMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n"; zen_mail($mail->fields['customers_firstname'] . ' ' . $mail->fields['customers_lastname'], $mail->fields['customers_email_address'], $subject, $message, $from, $from, $html_msg, 'gv_mail'); zen_record_admin_activity('GV mail sent to ' . $mail->fields['customers_email_address'] . ' in the amount of ' . $currencies->format($_POST['amount']), 'info'); $recip_count++; if (SEND_EXTRA_GV_ADMIN_EMAILS_TO_STATUS == '1' and SEND_EXTRA_GV_ADMIN_EMAILS_TO != '') { zen_mail('', SEND_EXTRA_GV_ADMIN_EMAILS_TO, SEND_EXTRA_GV_ADMIN_EMAILS_TO_SUBJECT . ' ' . $subject, $message, $from, $from, $html_msg, 'gv_mail_extra'); } // Now create the coupon main and email entry $mail->MoveNext(); } if ($_POST['email_to']) { $id1 = create_coupon_code($_POST['email_to']); $message = zen_db_prepare_input($_POST['message']); $message .= "\n\n" . TEXT_GV_WORTH . $currencies->format($_POST['amount']) . "\n\n"; $message .= TEXT_TO_REDEEM; $message .= TEXT_WHICH_IS . ' ' . $id1 . ' ' . TEXT_IN_CASE . "\n\n"; $html_msg['GV_WORTH'] = TEXT_GV_WORTH; $html_msg['GV_AMOUNT'] = $currencies->format($_POST['amount']);
<?php /** * @package admin * @copyright Copyright 2003-2014 Zen Cart Development Team * @copyright Portions Copyright 2003 osCommerce * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 * @version GIT: $Id: Author: DrByte Jun 30 2014 Modified in v1.5.4 $ */ if (!defined('IS_ADMIN_FLAG')) { die('Illegal Access'); } $products_id = zen_db_prepare_input($_POST['products_id']); $new_parent_id = zen_db_prepare_input($_POST['move_to_category_id']); $duplicate_check = $db->Execute("select count(*) as total\n from " . TABLE_PRODUCTS_TO_CATEGORIES . "\n where products_id = '" . (int) $products_id . "'\n and categories_id = '" . (int) $new_parent_id . "'"); if ($duplicate_check->fields['total'] < 1) { $db->Execute("update " . TABLE_PRODUCTS_TO_CATEGORIES . "\n set categories_id = '" . (int) $new_parent_id . "'\n where products_id = '" . (int) $products_id . "'\n and categories_id = '" . (int) $current_category_id . "'"); // reset master_categories_id if moved from original master category $check_master = $db->Execute("select products_id, master_categories_id from " . TABLE_PRODUCTS . " where products_id='" . (int) $products_id . "'"); if ($check_master->fields['master_categories_id'] == (int) $current_category_id) { $db->Execute("update " . TABLE_PRODUCTS . "\n set master_categories_id='" . (int) $new_parent_id . "'\n where products_id = '" . (int) $products_id . "'"); } // reset products_price_sorter for searches etc. zen_update_products_price_sorter((int) $products_id); zen_record_admin_activity('Moved product ' . (int) $products_id . ' from category ' . (int) $current_category_id . ' to category ' . (int) $new_parent_id, 'notice'); } else { $messageStack->add_session(ERROR_CANNOT_MOVE_PRODUCT_TO_CATEGORY_SELF, 'error'); } zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $new_parent_id . '&pID=' . $products_id . (isset($_GET['page']) ? '&page=' . $_GET['page'] : '')));
if (substr(DIR_WS_ADMIN, -7) == '/admin/' || substr(DIR_WS_HTTPS_ADMIN, -7) == '/admin/') { zen_redirect(zen_href_link(FILENAME_ALERT_PAGE)); } $check_path = dirname($_SERVER['SCRIPT_FILENAME']) . '/../zc_install'; if (is_dir($check_path)) { zen_redirect(zen_href_link(FILENAME_ALERT_PAGE)); } } } if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_ALERT_PAGE . '.php') { if (strpos(strtolower($PHP_SELF), FILENAME_PASSWORD_FORGOTTEN . '.php') !== FALSE && substr_count(strtolower($PHP_SELF), '.php') > 1) { zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); } if (!(basename($PHP_SELF) == FILENAME_LOGIN . ".php")) { $page = basename($PHP_SELF, ".php"); if (!isset($_SESSION['admin_id'])) { if (!(basename($PHP_SELF) == FILENAME_PASSWORD_FORGOTTEN . '.php')) { zen_redirect(zen_href_link(FILENAME_LOGIN, 'camefrom=' . basename($PHP_SELF) . '&' . zen_get_all_get_params(), 'SSL')); } } if (!in_array($page, array(FILENAME_DEFAULT, FILENAME_ADMIN_ACCOUNT, FILENAME_LOGOFF, FILENAME_ALERT_PAGE, FILENAME_PASSWORD_FORGOTTEN, FILENAME_DENIED, FILENAME_ALT_NAV)) && !zen_is_superuser()) { if (check_page($page, $_GET) == FALSE) { zen_record_admin_activity('Attempted access to unauthorized page [' . $page . ']. Redirected to DENIED page instead.', 'notice'); zen_redirect(zen_href_link(FILENAME_DENIED, '', 'SSL')); } } } if (basename($PHP_SELF) == FILENAME_LOGIN . '.php' && (substr_count(dirname($PHP_SELF), '//') > 0 || substr_count(dirname($PHP_SELF), '.php') > 0)) { zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); } }
$message .= !empty($coupon_name->fields['coupon_description']) ? $coupon_name->fields['coupon_description'] . "\n\n" : ''; $message .= sprintf(TEXT_VISIT, HTTP_CATALOG_SERVER . DIR_WS_CATALOG); // disclaimer $message .= "\n-----\n" . sprintf(EMAIL_DISCLAIMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n"; $html_msg['EMAIL_FIRST_NAME'] = $mail->fields['customers_firstname']; $html_msg['EMAIL_LAST_NAME'] = $mail->fields['customers_lastname']; $html_msg['EMAIL_MESSAGE_HTML'] = zen_db_prepare_input($_POST['message_html']); $html_msg['COUPON_TEXT_TO_REDEEM'] = TEXT_TO_REDEEM; $html_msg['COUPON_TEXT_VOUCHER_IS'] = TEXT_VOUCHER_IS; $html_msg['COUPON_CODE'] = $coupon_result->fields['coupon_code'] . $html_coupon_help; $html_msg['COUPON_DESCRIPTION'] = !empty($coupon_name->fields['coupon_description']) ? $coupon_name->fields['coupon_description'] : ''; $html_msg['COUPON_TEXT_REMEMBER'] = TEXT_REMEMBER; $html_msg['COUPON_REDEEM_STORENAME_URL'] = sprintf(TEXT_VISIT, '<a href="' . HTTP_CATALOG_SERVER . DIR_WS_CATALOG . '">' . STORE_NAME . '</a>'); //Send the emails zen_mail($mail->fields['customers_firstname'] . ' ' . $mail->fields['customers_lastname'], $mail->fields['customers_email_address'], $subject, $message, '', $from, $html_msg, 'coupon'); zen_record_admin_activity('Coupon code ' . $coupon_result->fields['coupon-code'] . ' emailed to customer ' . $mail->fields['customers_email_address'], 'info'); $recip_count++; // send copy to Admin if enabled if (SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO_STATUS == '1' and SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO != '') { zen_mail('', SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO, SEND_EXTRA_DISCOUNT_COUPON_ADMIN_EMAILS_TO_SUBJECT . ' ' . $subject, $message, '', $from, $html_msg, 'coupon_extra'); } $mail->MoveNext(); } zen_redirect(zen_href_link(FILENAME_COUPON_ADMIN, 'mail_sent_to=' . urlencode($mail_sent_to) . '&recip_count=' . $recip_count)); } if ($_GET['action'] == 'preview_email' && !$_POST['customers_email_address']) { $_GET['action'] = 'email'; $messageStack->add(ERROR_NO_CUSTOMER_SELECTED, 'error'); } if ($_GET['mail_sent_to']) { $messageStack->add(sprintf(NOTICE_EMAIL_SENT_TO, $_GET['mail_sent_to'] . '(' . $_GET['recip_count'] . ')'), 'success');
$sql_data_array = array_merge($sql_data_array, $insert_sql_data); zen_db_perform(TABLE_PRODUCTS, $sql_data_array); $products_id = zen_db_insert_id(); // reset products_price_sorter for searches etc. zen_update_products_price_sorter($products_id); $db->Execute("insert into " . TABLE_PRODUCTS_TO_CATEGORIES . "\n (products_id, categories_id)\n values ('" . (int) $products_id . "', '" . (int) $current_category_id . "')"); zen_record_admin_activity('New product ' . (int) $products_id . ' added via admin console.', 'info'); /////////////////////////////////////////////////////// //// INSERT PRODUCT-TYPE-SPECIFIC *INSERTS* HERE ////// //// *END OF PRODUCT-TYPE-SPECIFIC INSERTS* //////// /////////////////////////////////////////////////////// } elseif ($action == 'update_product') { $update_sql_data = array('products_last_modified' => 'now()', 'master_categories_id' => $_POST['master_category'] > 0 ? zen_db_prepare_input($_POST['master_category']) : zen_db_prepare_input($_POST['master_categories_id'])); $sql_data_array = array_merge($sql_data_array, $update_sql_data); zen_db_perform(TABLE_PRODUCTS, $sql_data_array, 'update', "products_id = '" . (int) $products_id . "'"); zen_record_admin_activity('Updated product ' . (int) $products_id . ' via admin console.', 'info'); // reset products_price_sorter for searches etc. zen_update_products_price_sorter((int) $products_id); /////////////////////////////////////////////////////// //// INSERT PRODUCT-TYPE-SPECIFIC *UPDATES* HERE ////// //// *END OF PRODUCT-TYPE-SPECIFIC UPDATES* //////// /////////////////////////////////////////////////////// } $languages = zen_get_languages(); for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $language_id = $languages[$i]['id']; $sql_data_array = array('products_name' => zen_db_prepare_input($_POST['products_name'][$language_id]), 'products_description' => zen_db_prepare_input($_POST['products_description'][$language_id]), 'products_url' => zen_db_prepare_input($_POST['products_url'][$language_id])); if ($action == 'insert_product') { $insert_sql_data = array('products_id' => (int) $products_id, 'language_id' => (int) $language_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); zen_db_perform(TABLE_PRODUCTS_DESCRIPTION, $sql_data_array);
zen_record_admin_activity('Language entry updated for language code ' . $code, 'info'); zen_redirect(zen_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page'] . '&lID=' . $_GET['lID'])); break; case 'deleteconfirm': // demo active test if (zen_admin_demo()) { $_GET['action'] = ''; $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution'); zen_redirect(zen_href_link(FILENAME_LANGUAGES, 'page=' . $_GET['page'])); } $lID = zen_db_prepare_input($_POST['lID']); $lng = $db->Execute("select languages_id\n from " . TABLE_LANGUAGES . "\n where code = '" . zen_db_input(DEFAULT_LANGUAGE) . "'"); if ($lng->fields['languages_id'] == $lID) { $db->Execute("update " . TABLE_CONFIGURATION . "\n set configuration_value = ''\n where configuration_key = 'DEFAULT_LANGUAGE'"); } zen_record_admin_activity('Language with ID ' . $lID . ' deleted.', 'info'); $db->Execute("delete from " . TABLE_CATEGORIES_DESCRIPTION . " where language_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_PRODUCTS_DESCRIPTION . " where language_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS . " where language_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_PRODUCTS_OPTIONS_VALUES . " where language_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_MANUFACTURERS_INFO . " where languages_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_COUPONS_DESCRIPTION . " where language_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_META_TAGS_PRODUCTS_DESCRIPTION . " where language_id = '" . (int) $lID . "'"); $db->Execute("delete from " . TABLE_METATAGS_CATEGORIES_DESCRIPTION . " where language_id = '" . (int) $lID . "'"); // if we just deleted our currently-selected language, need to switch to default lang: $lng = $db->Execute("select languages_id from " . TABLE_LANGUAGES . " where code = '" . zen_db_input(DEFAULT_LANGUAGE) . "'"); if ((int) $_SESSION['languages_id'] == (int) $_POST['lID']) { $_SESSION['languages_id'] = $lng->fields['languages_id']; }
// Copy attributes to duplicate product // moved above $products_id_from=zen_db_input($products_id); $products_id_to = $dup_products_id; $products_id = $dup_products_id; if ($_POST['copy_attributes'] == 'copy_attributes_yes' and $_POST['copy_as'] == 'duplicate') { // $products_id_to= $copy_to_products_id; // $products_id_from = $pID; // $copy_attributes_delete_first='1'; // $copy_attributes_duplicates_skipped='1'; // $copy_attributes_duplicates_overwrite='0'; if (DOWNLOAD_ENABLED == 'true') { $copy_attributes_include_downloads = '1'; $copy_attributes_include_filename = '1'; } else { $copy_attributes_include_downloads = '0'; $copy_attributes_include_filename = '0'; } zen_copy_products_attributes($products_id_from, $products_id_to); } // EOF: Attributes Copy on non-linked ///////////////////////////////////////////////////////////////////// // copy product discounts to duplicate if ($_POST['copy_discounts'] == 'copy_discounts_yes') { zen_copy_discounts_to_product($old_products_id, (int) $dup_products_id); } zen_record_admin_activity('Product ' . (int) $old_products_id . ' duplicated as product ' . (int) $dup_products_id . ' via admin console.', 'info'); } // reset products_price_sorter for searches etc. zen_update_products_price_sorter($products_id); } zen_redirect(zen_href_link(FILENAME_CATEGORIES, 'cPath=' . $categories_id . '&pID=' . $products_id . (isset($_GET['page']) ? '&page=' . $_GET['page'] : '')));
$message .= TEXT_REDEEM_GV_MESSAGE_THANKS . "\n" . STORE_OWNER . "\n\n" . HTTP_CATALOG_SERVER . DIR_WS_CATALOG; $message .= TEXT_REDEEM_GV_MESSAGE_BODY; $message .= TEXT_REDEEM_GV_MESSAGE_FOOTER; $message .= "\n-----\n" . sprintf(EMAIL_DISCLAIMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n"; $html_msg['EMAIL_FIRST_NAME'] = $mail->fields['customers_firstname']; $html_msg['EMAIL_LAST_NAME'] = $mail->fields['customers_lastname']; $html_msg['GV_NOTICE_HEADER'] = TEXT_REDEEM_GV_MESSAGE_HEADER; $html_msg['GV_NOTICE_RELEASED'] = TEXT_REDEEM_GV_MESSAGE_RELEASED; $html_msg['GV_NOTICE_AMOUNT_REDEEM'] = sprintf(TEXT_REDEEM_GV_MESSAGE_AMOUNT, '<strong>' . $currencies->format($gv_amount) . '</strong>'); $html_msg['GV_NOTICE_VALUE'] = $currencies->format($gv_amount); $html_msg['GV_NOTICE_THANKS'] = TEXT_REDEEM_GV_MESSAGE_THANKS; $html_msg['TEXT_REDEEM_GV_MESSAGE_BODY'] = TEXT_REDEEM_GV_MESSAGE_BODY; $html_msg['TEXT_REDEEM_GV_MESSAGE_FOOTER'] = TEXT_REDEEM_GV_MESSAGE_FOOTER; //send the message zen_mail($mail->fields['customers_firstname'] . ' ' . $mail->fields['customers_lastname'], $mail->fields['customers_email_address'], TEXT_REDEEM_GV_SUBJECT . TEXT_REDEEM_GV_SUBJECT_ORDER . $gv_resulta->fields['order_id'], $message, STORE_NAME, EMAIL_FROM, $html_msg, 'gv_queue'); zen_record_admin_activity('GV Queue entry released in the amount of ' . $gv_amount . ' for ' . $mail->fields['customers_email_address'], 'info'); $gv_amount = $gv_resulta->fields['amount']; $gv_result = $db->Execute("select amount\r\n from " . TABLE_COUPON_GV_CUSTOMER . "\r\n where customer_id='" . $gv_resulta->fields['customer_id'] . "'"); $customer_gv = false; $total_gv_amount = 0; if ($gv_result->RecordCount() > 0) { $total_gv_amount = $gv_result->fields['amount']; $customer_gv = true; } $total_gv_amount = $total_gv_amount + $gv_amount; if ($customer_gv) { $db->Execute("update " . TABLE_COUPON_GV_CUSTOMER . "\r\n set amount='" . $total_gv_amount . "'\r\n where customer_id='" . $gv_resulta->fields['customer_id'] . "'"); } else { $db->Execute("insert into " . TABLE_COUPON_GV_CUSTOMER . "\r\n (customer_id, amount)\r\n values ('" . $gv_resulta->fields['customer_id'] . "', '" . $total_gv_amount . "')"); } $db->Execute("update " . TABLE_COUPON_GV_QUEUE . "\r\n set release_flag= 'Y'\r\n where unique_id='" . (int) $_POST['gid'] . "'");
// is out dated for browsers use radio only $sql_data_array['products_image'] = zen_db_prepare_input($_POST['products_image']); $new_image = 'true'; if ($_POST['image_delete'] == 1) { $sql_data_array['products_image'] = ''; $new_image = 'false'; } if ($action == 'insert_product') { $insert_sql_data = array('products_date_added' => 'now()', 'master_categories_id' => (int) $current_category_id); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); zen_db_perform(TABLE_PRODUCTS, $sql_data_array); $products_id = zen_db_insert_id(); // reset products_price_sorter for searches etc. zen_update_products_price_sorter($products_id); $db->Execute("insert into " . TABLE_PRODUCTS_TO_CATEGORIES . "\n (products_id, categories_id)\n values ('" . (int) $products_id . "', '" . (int) $current_category_id . "')"); zen_record_admin_activity('Product ' . (int) $products_id . ' ' . ($action == 'insert_product' ? 'added' : 'updated') . ' via admin console.', 'info'); /////////////////////////////////////////////////////// //// INSERT PRODUCT-TYPE-SPECIFIC *INSERTS* HERE ////// $tmp_value = zen_db_prepare_input($_POST['artists_id']); $artists_id = !zen_not_null($tmp_value) || $tmp_value == '' || $tmp_value == 0 ? 0 : $tmp_value; $tmp_value = zen_db_prepare_input($_POST['record_company_id']); $record_company_id = !zen_not_null($tmp_value) || $tmp_value == '' || $tmp_value == 0 ? 0 : $tmp_value; $tmp_value = zen_db_prepare_input($_POST['music_genre_id']); $music_genre_id = !zen_not_null($tmp_value) || $tmp_value == '' || $tmp_value == 0 ? 0 : $tmp_value; $sql_data_array = array('products_id' => (int) $products_id, 'artists_id' => (int) $artists_id, 'record_company_id' => (int) $record_company_id, 'music_genre_id' => (int) $music_genre_id); zen_db_perform(TABLE_PRODUCT_MUSIC_EXTRA, $sql_data_array); //// *END OF PRODUCT-TYPE-SPECIFIC INSERTS* //////// /////////////////////////////////////////////////////// } elseif ($action == 'update_product') { $update_sql_data = array('products_last_modified' => 'now()', 'master_categories_id' => $_POST['master_category'] > 0 ? zen_db_prepare_input($_POST['master_category']) : zen_db_prepare_input($_POST['master_categories_id'])); $sql_data_array = array_merge($sql_data_array, $update_sql_data);
$lID = zen_db_prepare_input($_GET['lID']); $lng = $db->Execute("select code from " . TABLE_LANGUAGES . " where languages_id = '" . (int) $lID . "'"); $remove_language = true; if ($lng->fields['code'] == DEFAULT_LANGUAGE) { $remove_language = false; $messageStack->add(ERROR_REMOVE_DEFAULT_LANGUAGE, 'error'); } break; /* BOF Zen4All Language Status 5 of 11 */ /* BOF Zen4All Language Status 5 of 11 */ case 'setstatus': $languages_id = zen_db_prepare_input($_GET['lID']); if (isset($_POST['current_status']) && ($_POST['current_status'] == '0' || $_POST['current_status'] == '1')) { $sql = "update " . TABLE_LANGUAGES . " set status='" . ($_POST['current_status'] == 0 ? 1 : 0) . "' where languages_id='" . (int) $languages_id . "'"; $db->Execute($sql); zen_record_admin_activity('Language with ID number: ' . $languages_id . ' changed status to ' . ($_POST['current_status'] == 0 ? 1 : 0), 'info'); zen_redirect(zen_href_link(FILENAME_LANGUAGES, 'lID=' . (int) $languages_id . '&page=' . $_GET['page'])); } $action = ''; break; /* EOF Zen4All Language Status 5 of 11 */ } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php
function executeSql($lines, $database, $table_prefix = '') { if (version_compare(PHP_VERSION, 5.4, '>=') || !get_cfg_var('safe_mode')) { @set_time_limit(1200); } global $db, $debug, $messageStack; $sql_file = 'SQLPATCH'; $newline = ''; $saveline = ''; $ignored_count = 0; $return_output = array(); $errors = array(); foreach ($lines as $line) { if ($_GET['debug'] == 'ON') { echo $line . '<br />'; } $line = trim($line); $line = str_replace('`', '', $line); //remove backquotes $line = $saveline . $line; $keep_together = 1; // count of number of lines to treat as a single command // split the line into words ... starts at $param[0] and so on. Also remove the ';' from end of last param if exists $param = explode(" ", substr($line, -1) == ';' ? substr($line, 0, strlen($line) - 1) : $line); // The following command checks to see if we're asking for a block of commands to be run at once. // Syntax: #NEXT_X_ROWS_AS_ONE_COMMAND:6 for running the next 6 commands together (commands denoted by a ;) if (substr($line, 0, 28) == '#NEXT_X_ROWS_AS_ONE_COMMAND:') { $keep_together = substr($line, 28); } if (substr($line, 0, 1) != '#' && substr($line, 0, 1) != '-' && $line != '') { // if ($table_prefix != -1) { //echo '*}'.$line.'<br>'; $line_upper = strtoupper($line); switch (true) { case substr($line_upper, 0, 21) == 'DROP TABLE IF EXISTS ': // if (!$checkprivs = zen_check_database_privs('DROP')) return sprintf(REASON_NO_PRIVILEGES,'DROP'); $line = 'DROP TABLE IF EXISTS ' . $table_prefix . substr($line, 21); break; case substr($line_upper, 0, 11) == 'DROP TABLE ' && $param[2] != 'IF': if (!($checkprivs = zen_check_database_privs('DROP'))) { $result = sprintf(REASON_NO_PRIVILEGES, 'DROP'); } if (!zen_table_exists($param[2]) || zen_not_null($result)) { zen_write_to_upgrade_exceptions_table($line, zen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST, $param[2]), $sql_file); $ignore_line = true; $result = zen_not_null($result) ? $result : sprintf(REASON_TABLE_DOESNT_EXIST, $param[2]); //duplicated here for on-screen error-reporting break; } else { $line = 'DROP TABLE ' . $table_prefix . substr($line, 11); } break; case substr($line_upper, 0, 13) == 'CREATE TABLE ': // check to see if table exists $table = strtoupper($param[2] . ' ' . $param[3] . ' ' . $param[4]) == 'IF NOT EXISTS' ? $param[5] : $param[2]; $result = zen_table_exists($table); if ($result == true) { zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_ALREADY_EXISTS, $table), $sql_file); $ignore_line = true; $result = sprintf(REASON_TABLE_ALREADY_EXISTS, $table); //duplicated here for on-screen error-reporting break; } else { $line = strtoupper($param[2] . ' ' . $param[3] . ' ' . $param[4]) == 'IF NOT EXISTS' ? 'CREATE TABLE IF NOT EXISTS ' . $table_prefix . substr($line, 27) : 'CREATE TABLE ' . $table_prefix . substr($line, 13); } break; case substr($line_upper, 0, 15) == 'TRUNCATE TABLE ': // check to see if TRUNCATE command may be safely executed if (!($tbl_exists = zen_table_exists($param[2]))) { $result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!' . $param[2]; zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); $ignore_line = true; break; } else { $line = 'TRUNCATE TABLE ' . $table_prefix . substr($line, 15); } break; case substr($line_upper, 0, 13) == 'REPLACE INTO ': //check to see if table prefix is going to match if (!($tbl_exists = zen_table_exists($param[2]))) { $result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!'; } // check to see if INSERT command may be safely executed for "configuration" or "product_type_layout" tables if ($param[2] == 'configuration' && ($result = zen_check_config_key($line)) or $param[2] == 'product_type_layout' && ($result = zen_check_product_type_layout_key($line)) or !$tbl_exists) { zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); $ignore_line = true; break; } else { $line = 'REPLACE INTO ' . $table_prefix . substr($line, 13); } break; case substr($line_upper, 0, 12) == 'INSERT INTO ': //check to see if table prefix is going to match if (!($tbl_exists = zen_table_exists($param[2]))) { $result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!'; } // check to see if INSERT command may be safely executed for "configuration" or "product_type_layout" tables if ($param[2] == 'configuration' && ($result = zen_check_config_key($line)) or $param[2] == 'product_type_layout' && ($result = zen_check_product_type_layout_key($line)) or !$tbl_exists) { zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); $ignore_line = true; break; } else { $line = 'INSERT INTO ' . $table_prefix . substr($line, 12); } break; case substr($line_upper, 0, 19) == 'INSERT IGNORE INTO ': //check to see if table prefix is going to match if (!($tbl_exists = zen_table_exists($param[3]))) { $result = sprintf(REASON_TABLE_NOT_FOUND, $param[3]) . ' CHECK PREFIXES!'; zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); $ignore_line = true; break; } else { $line = 'INSERT IGNORE INTO ' . $table_prefix . substr($line, 19); } break; case substr($line_upper, 0, 12) == 'ALTER TABLE ': // check to see if ALTER command may be safely executed if ($result = zen_check_alter_command($param)) { zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); $ignore_line = true; break; } else { $line = 'ALTER TABLE ' . $table_prefix . substr($line, 12); } break; case substr($line_upper, 0, 13) == 'RENAME TABLE ': // RENAME TABLE command cannot be parsed to insert table prefixes, so skip if zen is using prefixes if (zen_not_null(DB_PREFIX)) { zen_write_to_upgrade_exceptions_table($line, 'RENAME TABLE command not supported by upgrader. Please use phpMyAdmin instead.', $sql_file); $messageStack->add('RENAME TABLE command not supported by upgrader. Please use phpMyAdmin instead.', 'caution'); $ignore_line = true; } break; case substr($line_upper, 0, 7) == 'UPDATE ': //check to see if table prefix is going to match if (!($tbl_exists = zen_table_exists($param[1]))) { zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_NOT_FOUND, $param[1]) . ' CHECK PREFIXES!', $sql_file); $result = sprintf(REASON_TABLE_NOT_FOUND, $param[1]) . ' CHECK PREFIXES!'; $ignore_line = true; break; } else { $line = 'UPDATE ' . $table_prefix . substr($line, 7); } break; case substr($line_upper, 0, 14) == 'UPDATE IGNORE ': //check to see if table prefix is going to match if (!($tbl_exists = zen_table_exists($param[2]))) { zen_write_to_upgrade_exceptions_table($line, sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!', $sql_file); $result = sprintf(REASON_TABLE_NOT_FOUND, $param[2]) . ' CHECK PREFIXES!'; $ignore_line = true; break; } else { $line = 'UPDATE IGNORE ' . $table_prefix . substr($line, 14); } break; case substr($line_upper, 0, 12) == 'DELETE FROM ': $line = 'DELETE FROM ' . $table_prefix . substr($line, 12); break; case substr($line_upper, 0, 11) == 'DROP INDEX ': // check to see if DROP INDEX command may be safely executed if ($result = zen_drop_index_command($param)) { zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); $ignore_line = true; break; } else { $line = 'DROP INDEX ' . $param[2] . ' ON ' . $table_prefix . $param[4]; } break; case substr($line_upper, 0, 13) == 'CREATE INDEX ' || strtoupper($param[0]) == 'CREATE' && strtoupper($param[2]) == 'INDEX': // check to see if CREATE INDEX command may be safely executed if ($result = zen_create_index_command($param)) { zen_write_to_upgrade_exceptions_table($line, $result, $sql_file); $ignore_line = true; break; } else { if (strtoupper($param[1]) == 'INDEX') { $line = trim('CREATE INDEX ' . $param[2] . ' ON ' . $table_prefix . implode(' ', array($param[4], $param[5], $param[6], $param[7], $param[8], $param[9], $param[10], $param[11], $param[12], $param[13]))) . ';'; // add the ';' back since it was removed from $param at start } else { $line = trim('CREATE ' . $param[1] . ' INDEX ' . $param[3] . ' ON ' . $table_prefix . implode(' ', array($param[5], $param[6], $param[7], $param[8], $param[9], $param[10], $param[11], $param[12], $param[13]))); // add the ';' back since it was removed from $param at start } } break; case substr($line_upper, 0, 7) == 'SELECT ' && substr_count($line, 'FROM ') > 0: $line = str_replace('FROM ', 'FROM ' . $table_prefix, $line); break; case substr($line_upper, 0, 10) == 'LEFT JOIN ': $line = 'LEFT JOIN ' . $table_prefix . substr($line, 10); break; case substr($line_upper, 0, 5) == 'FROM ': if (substr_count($line, ',') > 0) { // contains FROM and a comma, thus must parse for multiple tablenames $tbl_list = explode(',', substr($line, 5)); $line = 'FROM '; foreach ($tbl_list as $val) { $line .= $table_prefix . trim($val) . ','; // add prefix and comma } //end foreach if (substr($line, -1) == ',') { $line = substr($line, 0, strlen($line) - 1); } // remove trailing ',' } else { //didn't have a comma, but starts with "FROM ", so insert table prefix $line = str_replace('FROM ', 'FROM ' . $table_prefix, $line); } //endif substr_count(,) break; default: break; } //end switch // } // endif $table_prefix $newline .= $line . ' '; if (substr($line, -1) == ';') { //found a semicolon, so treat it as a full command, incrementing counter of rows to process at once if (substr($newline, -1) == ' ') { $newline = substr($newline, 0, strlen($newline) - 1); } $lines_to_keep_together_counter++; if ($lines_to_keep_together_counter == $keep_together) { // if all grouped rows have been loaded, go to execute. $complete_line = true; $lines_to_keep_together_counter = 0; } else { $complete_line = false; } } //endif found ';' if ($complete_line) { if ($debug == true) { echo (!$ignore_line ? '<br />About to execute.' : 'Ignoring statement. This command WILL NOT be executed.') . '<br />Debug info:<br>$ line=' . $line . '<br>$ complete_line=' . $complete_line . '<br>$ keep_together=' . $keep_together . '<br>SQL=' . $newline . '<br><br>'; } if (version_compare(PHP_VERSION, 5.4, '<') && @get_magic_quotes_runtime() > 0 && $keepslashes != true) { $newline = stripslashes($newline); } if (trim(str_replace(';', '', $newline)) != '' && !$ignore_line) { $output = $db->Execute($newline); } $results++; $string .= $newline . '<br />'; $return_output[] = $output; if (zen_not_null($result)) { $errors[] = $result; } // reset var's $newline = ''; $keep_together = 1; $complete_line = false; if ($ignore_line) { $ignored_count++; } $ignore_line = false; // show progress bar global $zc_show_progress; if ($zc_show_progress == 'yes') { $counter++; if ($counter / 5 == (int) ($counter / 5)) { echo '~ '; } if ($counter > 200) { echo '<br /><br />'; $counter = 0; } @ob_flush(); @flush(); } } //endif $complete_line } //endif ! # or - } // end foreach $lines zen_record_admin_activity('Admin SQL Patch tool executed a query.', 'notice'); return array('queries' => $results, 'string' => $string, 'output' => $return_output, 'ignored' => $ignored_count, 'errors' => $errors); }
zen_record_admin_activity($msg, 'warning'); zen_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER_EMAIL_ADDRESS, TEXT_EMAIL_SUBJECT_ADMIN_SETTINGS_CHANGED, $msg, STORE_NAME, EMAIL_FROM, array('EMAIL_MESSAGE_HTML' => $msg), 'admin_settings_changed'); $result = $module->install(); } if ($result != 'failed') { zen_redirect(zen_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class . '&action=edit', 'NONSSL')); } break; case 'removeconfirm': $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.')); $class = basename($_POST['module']); if (file_exists($module_directory . $class . $file_extension)) { include $module_directory . $class . $file_extension; $module = new $class(); $msg = sprintf(TEXT_EMAIL_MESSAGE_ADMIN_MODULE_REMOVED, preg_replace('/[^\\d\\w]/', '*', $_POST['module']), $admname); zen_record_admin_activity($msg, 'warning'); zen_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER_EMAIL_ADDRESS, TEXT_EMAIL_SUBJECT_ADMIN_SETTINGS_CHANGED, $msg, STORE_NAME, EMAIL_FROM, array('EMAIL_MESSAGE_HTML' => $msg), 'admin_settings_changed'); $result = $module->remove(); } zen_redirect(zen_href_link(FILENAME_MODULES, 'set=' . $set . '&module=' . $class, 'NONSSL')); break; } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php
case 'update_orders_id': global $db; $new_orders_id = zen_db_prepare_input((int) $_POST['new_orders_id']); $result = $db->Execute("select max(orders_id) as maxorder from " . TABLE_ORDERS); $max_order1 = $result->fields['maxorder']; $result = $db->Execute("select max(orders_id) as maxorder from " . TABLE_ORDERS_PRODUCTS); $max_order2 = $result->fields['maxorder']; if ($new_orders_id <= $max_order1 || $new_orders_id <= $max_order2) { $new_orders_id = max($max_order1, $max_order2) + 1; $messageStack->add_session(sprintf(TEXT_MSG_NEXT_ORDER_MAX, $new_orders_id), 'caution'); } elseif ($new_orders_id > 2000000000) { $messageStack->add_session(TEXT_MSG_NEXT_ORDER_TOO_LARGE, 'error'); } else { $db->Execute("ALTER TABLE " . TABLE_ORDERS . " AUTO_INCREMENT = " . $new_orders_id); $messageStack->add_session(sprintf(TEXT_MSG_NEXT_ORDER, $new_orders_id), 'success'); zen_record_admin_activity('Store Manager executed [update next order id], set to ' . $new_orders_id, 'info'); } zen_redirect(zen_href_link(FILENAME_STORE_MANAGER)); break; } // eof: action ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?> > <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>