* is derivative of works licensed under the GNU General Public License or * other free or open source software licenses. * See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details. * * http://virtuemart.net */ mm_showMyFileName(__FILE__); global $ps_shopper_group, $ps_product; global $acl, $database; include_class('shopper'); include_class('product'); if (!isset($ps_shopper_group)) { $ps_shopper_group = new ps_shopper_group(); } $user_id = intval(vmGet($_REQUEST, 'user_id')); $cid = vmRequest::getVar('cid', array(0), '', 'array'); if (!empty($user_id)) { $q = "SELECT * FROM #__users AS u LEFT JOIN #__{vm}_user_info AS ui ON id=user_id "; $q .= "WHERE id={$user_id} "; $q .= "AND (address_type='BT' OR address_type IS NULL ) "; $q .= "AND gid <= " . $my->gid; $db->query($q); $db->next_record(); } // Set up the CMS General User Information $row = new mosUser($database); $row->load((int) $user_id); if ($user_id) { $query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE user_id = " . (int) $row->id; $database->setQuery($query); $contact = $database->loadObjectList();
function sendRecommendation(&$d) { global $vmLogger, $VM_LANG, $vendor_store_name; if (!$this->validate($d)) { return false; } $subject = sprintf($VM_LANG->_('VM_RECOMMEND_SUBJECT', false), $vendor_store_name); $msg = vmRequest::getVar('recommend_message', '', 'post'); $send = vmMail($d['sender_mail'], $d['sender_name'], $d['recipient_mail'], $subject, $msg, ''); if ($send) { $vmLogger->info($VM_LANG->_('VM_RECOMMEND_DONE', false)); } else { $vmLogger->warning($VM_LANG->_('VM_RECOMMEND_FAILED', false)); return false; } unset($_REQUEST['sender_name']); unset($_REQUEST['sender_mail']); unset($_REQUEST['recipient_mail']); unset($_REQUEST['recommend_message']); return true; }
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details. * * http://virtuemart.net */ global $mosConfig_absolute_path, $product_id, $vmInputFilter, $vmLogger; /* Load the virtuemart main parse code */ require_once dirname(__FILE__) . '/virtuemart_parser.php'; $my_page = explode('.', $page); $modulename = $my_page[0]; $pagename = $my_page[1]; $is_popup = vmRequest::getBool('pop'); // Page Navigation Parameters $limit = intval($vm_mainframe->getUserStateFromRequest("viewlistlimit{$page}", 'limit', $mosConfig_list_limit)); $limitstart = intval($vm_mainframe->getUserStateFromRequest("view{$keyword}{$category_id}{$pagename}limitstart", 'limitstart', 0)); /* Get all the other paramters */ $search_category = vmRequest::getVar('search_category'); // Display just the naked page without toolbar, menu and footer? $only_page = vmRequest::getInt('only_page', 0); if (PSHOP_IS_OFFLINE == '1' && !$perm->hasHigherPerms('storeadmin')) { echo PSHOP_OFFLINE_MESSAGE; } else { if (PSHOP_IS_OFFLINE == '1') { echo '<h2>' . $VM_LANG->_('OFFLINE_MODE') . '</h2>'; } if ($is_popup) { echo "<style type='text/css' media='print'>.vmNoPrint { display: none }</style>"; echo vmCommonHTML::PrintIcon('', true, ' ' . $VM_LANG->_('CMN_PRINT')); } // The Vendor ID is important $ps_vendor_id = $_SESSION['ps_vendor_id']; // The authentication array
/** * Function to update product $d['product_id'] in the product table * * @param array $d The input vars * @return boolean True, when the product was updated, false when not */ function update(&$d) { global $vmLogger, $perm, $VM_LANG; require_once CLASSPATH . 'ps_product_attribute.php'; if (!$this->validate($d)) { return false; } if (!vmImageTools::process_images($d)) { return false; } $timestamp = time(); $db = new ps_DB(); $ps_vendor_id = $_SESSION["ps_vendor_id"]; if ($perm->check('admin')) { $vendor_id = $d['vendor_id']; } else { $vendor_id = $ps_vendor_id; } $old_vendor_id = $this->get_field($d['product_id'], 'vendor_id'); // Insert into DB $fields = array('vendor_id' => $vendor_id, 'product_sku' => vmGet($d, 'product_sku'), 'product_name' => vmGet($d, 'product_name'), 'product_desc' => vmRequest::getVar('product_desc', '', 'default', '', VMREQUEST_ALLOWHTML), 'product_s_desc' => vmRequest::getVar('product_s_desc', '', 'default', '', VMREQUEST_ALLOWHTML), 'product_thumb_image' => vmGet($d, 'product_thumb_image'), 'product_full_image' => vmGet($d, 'product_full_image'), 'product_publish' => $d['product_publish'], 'product_weight' => vmRequest::getFloat('product_weight'), 'product_weight_uom' => vmGet($d, 'product_weight_uom'), 'product_length' => vmRequest::getFloat('product_length'), 'product_width' => vmRequest::getFloat('product_width'), 'product_height' => vmRequest::getFloat('product_height'), 'product_lwh_uom' => vmGet($d, 'product_lwh_uom'), 'product_unit' => vmGet($d, 'product_unit'), 'product_packaging' => $d["product_box"] << 16 | $d["product_packaging"] & 0xffff, 'product_url' => vmGet($d, 'product_url'), 'product_in_stock' => vmRequest::getInt('product_in_stock'), 'attribute' => ps_product_attribute::formatAttributeX(), 'custom_attribute' => vmGet($d, 'product_custom_attribute'), 'product_available_date' => $d['product_available_date_timestamp'], 'product_availability' => vmGet($d, 'product_availability'), 'product_special' => $d['product_special'], 'child_options' => $d['child_options'], 'quantity_options' => $d['quantity_options'], 'product_discount_id' => vmRequest::getInt('product_discount_id'), 'mdate' => $timestamp, 'product_tax_id' => vmRequest::getInt('product_tax_id'), 'child_option_ids' => vmGet($d, 'included_product_id'), 'product_order_levels' => $d['order_levels']); $db->buildQuery('UPDATE', '#__{vm}_product', $fields, 'WHERE product_id=' . (int) $d["product_id"] . ' AND vendor_id=' . (int) $old_vendor_id); $db->query(); /* notify the shoppers that the product is here */ /* see zw_waiting_list */ if ($d["product_in_stock"] > "0" && @$d['notify_users'] == '1' && $d['product_in_stock_old'] == '0') { require_once CLASSPATH . 'zw_waiting_list.php'; $zw_waiting_list = new zw_waiting_list(); $zw_waiting_list->notify_list($d["product_id"]); } // Check if the Manufacturer XRef is missing if ($this->get_manufacturer_id($d['product_id'])) { $q = "UPDATE #__{vm}_product_mf_xref SET "; $q .= 'manufacturer_id=' . vmRequest::getInt('manufacturer_id') . ' '; $q .= 'WHERE product_id = ' . $d['product_id']; } else { $q = "INSERT INTO #__{vm}_product_mf_xref (product_id,manufacturer_id) VALUES ('" . $d['product_id'] . "','" . vmRequest::getInt('manufacturer_id') . "')"; } $db->query($q); /* If is Item, update attributes */ if (!empty($d["product_parent_id"])) { $q = "SELECT attribute_name FROM #__{vm}_product_attribute_sku "; $q .= 'WHERE product_id=' . (int) $d["product_parent_id"] . ' '; $q .= "ORDER BY attribute_list,attribute_name"; $db->query($q); $db2 = new ps_DB(); $i = 0; while ($db->next_record()) { $i++; $q2 = "UPDATE #__{vm}_product_attribute SET "; $q2 .= "attribute_value='" . vmGet($d, 'attribute_' . $i) . "' "; $q2 .= "WHERE product_id = '" . $d["product_id"] . "' "; $q2 .= "AND attribute_name = '" . $db->f("attribute_name", false) . "' "; $db2->setQuery($q2); $db2->query(); } /* If it is a Product, update Category */ } else { // Handle category selection: product_category_xref $q = "SELECT `category_id` FROM `#__{vm}_product_category_xref` "; $q .= "WHERE `product_id` = '" . $d["product_id"] . "' "; $db->setQuery($q); $db->query(); $old_categories = array(); while ($db->next_record()) { $old_categories[$db->f('category_id')] = $db->f('category_id'); } // NOW Insert new categories $new_categories = array(); if (empty($d['product_categories']) || !is_array(@$d['product_categories'])) { $d['product_categories'] = explode('|', $d['category_ids']); } foreach ($d["product_categories"] as $category_id) { if (!in_array($category_id, $old_categories)) { $db->query('SELECT MAX(`product_list`) as list_order FROM `#__{vm}_product_category_xref` WHERE `category_id`=' . (int) $category_id); $db->next_record(); $q = "INSERT INTO #__{vm}_product_category_xref "; $q .= "(category_id,product_id,product_list) "; $q .= "VALUES ('" . (int) $category_id . "','" . $d["product_id"] . "', " . intval($db->f('max') + 1) . ")"; $db->setQuery($q); $db->query(); $new_categories[$category_id] = $category_id; } else { unset($old_categories[$category_id]); } } // The rest of the old categories can be deleted foreach ($old_categories as $category_id) { $q = "DELETE FROM `#__{vm}_product_category_xref` "; $q .= "WHERE `product_id` = '" . $d["product_id"] . "' "; $q .= "AND `category_id` = '" . $category_id . "' "; $db->query($q); } } if (!empty($d["related_products"])) { /* Insert Pipe separated Related Product IDs */ $related_products = vmGet($d, "related_products"); $q = "REPLACE INTO #__{vm}_product_relations (product_id, related_products)"; $q .= " VALUES( '" . $d["product_id"] . "', '{$related_products}') "; $db->query($q); } else { $q = "DELETE FROM #__{vm}_product_relations WHERE product_id='" . $d["product_id"] . "'"; $db->query($q); } // UPDATE THE PRICE, IF EMPTY ADD 0 if (empty($d['product_currency'])) { $d['product_currency'] = $_SESSION['vendor_currency']; } // look if we have a price for this product $q = "SELECT product_price_id, price_quantity_start, price_quantity_end FROM #__{vm}_product_price "; $q .= "WHERE shopper_group_id=" . vmRequest::getInt('shopper_group_id'); $q .= ' AND product_id = ' . $d["product_id"]; $db->query($q); if ($db->next_record()) { $d["product_price_id"] = $db->f("product_price_id"); require_once CLASSPATH . 'ps_product_price.php'; $my_price = new ps_product_price(); if (@$d['product_price'] != '') { // update prices $d["price_quantity_start"] = $db->f("price_quantity_start"); $d["price_quantity_end"] = $db->f("price_quantity_end"); $my_price->update($d); } else { // delete the price $my_price->delete($d); } } else { if ($d['product_price'] != '') { // add the price $d["price_quantity_start"] = 0; $d["price_quantity_end"] = ""; require_once CLASSPATH . 'ps_product_price.php'; $my_price = new ps_product_price(); $my_price->add($d); } } // Product Type Parameters! $this->handleParameters($d); $vmLogger->info($VM_LANG->_('VM_PRODUCT_UPDATED', false)); return true; }
* See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details. * * http://virtuemart.net */ mm_showMyFileName(__FILE__); if (!isset($_REQUEST["shopper_id"]) || empty($_REQUEST["shopper_id"])) { echo $VM_LANG->_('VM_CHECKOUT_ORDERIDNOTSET'); } else { include CLASSPATH . "payment/ps_ipayment.cfg.php"; $order_number = vmrequest::getVar('shopper_id'); $q = 'SELECT order_id,order_total,order_status,order_currency FROM #__{vm}_orders WHERE '; $q .= '#__{vm}_orders.user_id= ' . $auth["user_id"] . "\n"; $q .= 'AND #__{vm}_orders.order_number=\'' . $db->getEscaped($order_number) . "'"; $db->query($q); if ($db->next_record()) { if (vmRequest::getVar('ret_status') == 'SUCCESS') { ?> <img src="<?php echo VM_THEMEURL; ?> images/button_ok.png" align="middle" alt="<?php echo $VM_LANG->_('VM_CHECKOUT_SUCCESS'); ?> " border="0" /> <h2><?php echo $VM_LANG->_('PHPSHOP_PAYMENT_TRANSACTION_SUCCESS'); ?> </h2> <?php
require_once CLASSPATH . 'ps_product.php'; require_once CLASSPATH . 'ps_order_status.php'; require_once CLASSPATH . 'ps_checkout.php'; require_once CLASSPATH . 'ps_order_change.php'; require_once CLASSPATH . 'ps_order_change_html.php'; $ps_product = new ps_product(); $order_id = vmRequest::getInt('order_id'); $ps_order_change_html = new ps_order_change_html($order_id); //Added Option to resend the Confirmation Mail $resend_action = vmRequest::getVar('func'); if ($resend_action == 'resendconfirm' && $order_id) { ps_checkout::email_receipt($order_id); $redirurl = $_SERVER['PHP_SELF']; foreach ($_POST as $key => $value) { if ($value != 'resendconfirm') { $redirurl .= !strpos($redirurl, '?') ? '?' : '&' . $key . '=' . vmRequest::getVar($key); } } vmRedirect($redirurl, $VM_LANG->_('PHPSHOP_ORDER_RESEND_CONFIRMATION_MAIL_SUCCESS')); } if (!is_numeric($order_id)) { echo "<h2>The Order ID {$order_id} is not valid.</h2>"; } else { $dbc = new ps_DB(); $q = "SELECT * FROM #__{vm}_orders WHERE order_id='{$order_id}'"; $db->query($q); if ($db->next_record()) { // Print View Icon $print_url = $_SERVER['PHP_SELF'] . "?page=order.order_printdetails&order_id={$order_id}&no_menu=1&pop=1"; if (vmIsJoomla('1.5', '>=')) { $print_url .= "&tmpl=component";
/** * Fetches and returns a given filtered variable. The string * filter deletes 'bad' HTML code, if not overridden by the mask. * This is currently only a proxy function for getVar(). * * See getVar() for more in-depth documentation on the parameters. * * @static * @param string $name Variable name * @param string $default Default value if the variable does not exist * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) * @param int $mask Filter mask for the variable * @return string Requested variable * @since 1.1 */ function getString($name, $default = '', $hash = 'default', $mask = 0) { // Cast to string, in case VMREQUEST_ALLOWRAW was specified for mask return (string) vmRequest::getVar($name, $default, $hash, 'string', $mask); }
foreach ($parseToIntFields as $intField) { if (!empty($_REQUEST[$intField]) && is_array($_REQUEST[$intField])) { vmArrayToInts($_REQUEST[$intField]); } elseif (isset($_REQUEST[$intField])) { $_REQUEST[$intField] = ${$intField} = vmRequest::getInt($intField); } } $product_id = vmRequest::getInt('product_id'); $vm_mainframe->setUserState('product_id', $product_id); if (vmIsAdminMode()) { $category_id = (int) $vm_mainframe->getUserStateFromRequest('category_id', 'category_id'); } else { $category_id = vmRequest::getInt('category_id'); } $manufacturer_id = vmRequest::getInt('manufacturer_id'); $user_info_id = vmRequest::getVar('user_info_id'); $myInsecureArray = array('user_info_id' => $user_info_id, 'page' => $page, 'func' => $func); /** * This InputFiler Object will help us filter malicious variable contents * @global vmInputFiler vmInputFiler */ $GLOBALS['vmInputFilter'] = $vmInputFilter = vmInputFilter::getInstance(); // prevent SQL injection if ($perm->check('admin,storeadmin')) { $myInsecureArray = $vmInputFilter->safeSQL($myInsecureArray); $myInsecureArray = $vmInputFilter->process($myInsecureArray); // Re-insert the escaped strings into $_REQUEST foreach ($myInsecureArray as $requestvar => $requestval) { $_REQUEST[$requestvar] = $requestval; } } else {
/** * Gets the value of a user state variable. * * @access public * @param string The key of the user state variable. * @param string The name of the variable passed in a request. * @param string The default value for the variable if not found. Optional. * @param string Filter for the variable, for valid values see {@link JFilterInput::clean()}. Optional. * @return The request user state. */ function getUserStateFromRequest($key, $request, $default = null, $type = 'none') { $old_state = $this->getUserState($key); $cur_state = !is_null($old_state) ? $old_state : $default; $new_state = vmRequest::getVar($request, null, 'default', $type); // Save the new value only if it was set in this request if ($new_state !== null) { $this->setUserState($key, $new_state); } else { $new_state = $cur_state; } return $new_state; }