The following upgrade guide is based on the osCommerce 2.2 Milestone 2 Update 060817 release. If you have not yet updated to this release please review its upgrade guide in the extras directory (update-20060817.txt) before applying these changes.
The following changes should be performed in order on your installation to upgrade it to osCommerce Online Merchant v2.2 RC1. Please note that the following changes are only the recommended changes to make and does not include the new Administration Tool login routine or the Administration Tool index page summary modules that are available with new installations. This is to avoid a conflict with existing Administration Tool securing mechanisms already in place.
Fix a spelling mistake preventing the manufacturers box being cached.
Don't store the session and whos online database tables in the database backups.
| 70 |
$keys_query = tep_db_query("show keys from " . $table); |
= |
70 |
$keys_query = tep_db_query("show keys from " . $table); |
| 71 |
while ($keys = tep_db_fetch_array($keys_query)) { |
|
71 |
while ($keys = tep_db_fetch_array($keys_query)) { |
| 72 |
$kname = $keys['Key_name']; |
|
72 |
$kname = $keys['Key_name']; |
| 73 |
|
|
73 |
|
| 74 |
if (!isset($index[$kname])) { |
|
74 |
if (!isset($index[$kname])) { |
| 75 |
$index[$kname] = array('unique' => !$keys['Non_unique'], |
|
75 |
$index[$kname] = array('unique' => !$keys['Non_unique'], |
| |
|
-+ |
76 |
'fulltext' => ($keys['Index_type'] == 'FULLTEXT' ? '1' : '0'), |
| 76 |
'columns' => array()); |
= |
77 |
'columns' => array()); |
| 77 |
} |
|
78 |
} |
| 78 |
|
|
79 |
|
| 79 |
$index[$kname]['columns'][] = $keys['Column_name']; |
|
80 |
$index[$kname]['columns'][] = $keys['Column_name']; |
| 80 |
} |
|
81 |
} |
| 81 |
|
|
82 |
|
| |
| 83 |
$schema .= ',' . "\n"; |
= |
84 |
$schema .= ',' . "\n"; |
| 84 |
|
|
85 |
|
| 85 |
$columns = implode($info['columns'], ', '); |
|
86 |
$columns = implode($info['columns'], ', '); |
| 86 |
|
|
87 |
|
| 87 |
if ($kname == 'PRIMARY') { |
|
88 |
if ($kname == 'PRIMARY') { |
| 88 |
$schema .= ' PRIMARY KEY (' . $columns . ')'; |
|
89 |
$schema .= ' PRIMARY KEY (' . $columns . ')'; |
| |
|
-+ |
90 |
} elseif ( $info['fulltext'] == '1' ) { |
| |
|
|
91 |
$schema .= ' FULLTEXT ' . $kname . ' (' . $columns . ')'; |
| 89 |
} elseif ($info['unique']) { |
= |
92 |
} elseif ($info['unique']) { |
| 90 |
$schema .= ' UNIQUE ' . $kname . ' (' . $columns . ')'; |
|
93 |
$schema .= ' UNIQUE ' . $kname . ' (' . $columns . ')'; |
| 91 |
} else { |
|
94 |
} else { |
| 92 |
$schema .= ' KEY ' . $kname . ' (' . $columns . ')'; |
|
95 |
$schema .= ' KEY ' . $kname . ' (' . $columns . ')'; |
| 93 |
} |
|
96 |
} |
| 94 |
} |
|
97 |
} |
| 95 |
|
|
98 |
|
| 96 |
$schema .= "\n" . ');' . "\n\n"; |
|
99 |
$schema .= "\n" . ');' . "\n\n"; |
| 97 |
fputs($fp, $schema); |
|
100 |
fputs($fp, $schema); |
| 98 |
|
|
101 |
|
| 99 |
// dump the data |
|
102 |
// dump the data |
| |
|
<> |
103 |
if ( ($table != TABLE_SESSIONS ) && ($table != TABLE_WHOS_ONLINE) ) { |
| 100 |
$rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table); |
|
104 |
$rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table); |
| 101 |
while ($rows = tep_db_fetch_array($rows_query)) { |
|
105 |
while ($rows = tep_db_fetch_array($rows_query)) { |
| 102 |
$schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values ('; |
|
106 |
$schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values ('; |
| 103 |
|
= |
107 |
|
| 104 |
reset($table_list); |
<> |
108 |
reset($table_list); |
| 105 |
while (list(,$i) = each($table_list)) { |
|
109 |
while (list(,$i) = each($table_list)) { |
| 106 |
if (!isset($rows[$i])) { |
|
110 |
if (!isset($rows[$i])) { |
| 107 |
$schema .= 'NULL, '; |
|
111 |
$schema .= 'NULL, '; |
| 108 |
} elseif (tep_not_null($rows[$i])) { |
|
112 |
} elseif (tep_not_null($rows[$i])) { |
| 109 |
$row = addslashes($rows[$i]); |
|
113 |
$row = addslashes($rows[$i]); |
| 110 |
$row = ereg_replace("\n#", "\n".'\#', $row); |
|
114 |
$row = ereg_replace("\n#", "\n".'\#', $row); |
| 111 |
|
= |
115 |
|
| 112 |
$schema .= '\'' . $row . '\', '; |
<> |
116 |
$schema .= '\'' . $row . '\', '; |
| 113 |
} else { |
|
117 |
} else { |
| 114 |
$schema .= '\'\', '; |
|
118 |
$schema .= '\'\', '; |
| |
|
|
119 |
} |
| 115 |
} |
= |
120 |
} |
| |
|
-+ |
121 |
|
| |
|
|
122 |
$schema = ereg_replace(', $', '', $schema) . ');' . "\n"; |
| |
|
|
123 |
fputs($fp, $schema); |
| 116 |
} |
= |
124 |
} |
| 117 |
|
+- |
|
|
| 118 |
$schema = ereg_replace(', $', '', $schema) . ');' . "\n"; |
|
|
|
| 119 |
fputs($fp, $schema); |
|
|
|
| 120 |
|
|
|
|
| 121 |
} |
= |
125 |
} |
| 122 |
} |
|
126 |
} |
| 123 |
|
|
127 |
|
| 124 |
fclose($fp); |
|
128 |
fclose($fp); |
| 125 |
|
|
129 |
|
| 126 |
if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) { |
|
130 |
if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) { |
| |
| 247 |
tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones"); |
= |
251 |
tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones"); |
| 248 |
|
|
252 |
|
| 249 |
for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) { |
|
253 |
for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) { |
| 250 |
tep_db_query($sql_array[$i]); |
|
254 |
tep_db_query($sql_array[$i]); |
| 251 |
} |
|
255 |
} |
| 252 |
|
|
256 |
|
| |
|
-+ |
257 |
tep_session_close(); |
| |
|
|
258 |
|
| |
|
|
259 |
tep_db_query("delete from " . TABLE_WHOS_ONLINE); |
| |
|
|
260 |
tep_db_query("delete from " . TABLE_SESSIONS); |
| |
|
|
261 |
|
| 253 |
tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'"); |
= |
262 |
tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'"); |
| 254 |
tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')"); |
|
263 |
tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')"); |
| 255 |
|
|
264 |
|
| 256 |
if (isset($remove_raw) && ($remove_raw == true)) { |
|
265 |
if (isset($remove_raw) && ($remove_raw == true)) { |
| 257 |
unlink($restore_from); |
|
266 |
unlink($restore_from); |
| 258 |
} |
|
267 |
} |
Allow payment modules to display input fields on the checkout confirmation page. This is for PCI conformance where the credit card number can be directly passed to the payment gateway.
| 107 |
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> |
= |
107 |
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> |
| 108 |
<!-- left_navigation_eof //--> |
|
108 |
<!-- left_navigation_eof //--> |
| 109 |
</table></td> |
|
109 |
</table></td> |
| 110 |
<!-- body_text //--> |
|
110 |
<!-- body_text //--> |
| 111 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
111 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
| 112 |
<tr> |
|
112 |
<tr> |
| |
|
<> |
113 |
<td> |
| |
|
|
114 |
<?php |
| |
|
|
115 |
if (isset($$payment->form_action_url)) { |
| |
|
|
116 |
$form_action_url = $$payment->form_action_url; |
| |
|
|
117 |
} else { |
| |
|
|
118 |
$form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'); |
| |
|
|
119 |
} |
| |
|
|
120 |
|
| |
|
|
121 |
echo tep_draw_form('checkout_confirmation', $form_action_url, 'post'); |
| |
|
|
122 |
?> |
| 113 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
123 |
<table border="0" width="100%" cellspacing="0" cellpadding="0"> |
| 114 |
<tr> |
= |
124 |
<tr> |
| 115 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
|
125 |
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td> |
| 116 |
<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_confirmation.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> |
|
126 |
<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_confirmation.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> |
| 117 |
</tr> |
|
127 |
</tr> |
| 118 |
</table></td> |
|
128 |
</table></td> |
| 119 |
</tr> |
|
129 |
</tr> |
| |
| 306 |
?> |
= |
316 |
?> |
| 307 |
<tr> |
|
317 |
<tr> |
| 308 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
318 |
<td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
| 309 |
<tr> |
|
319 |
<tr> |
| 310 |
<td align="right" class="main"> |
|
320 |
<td align="right" class="main"> |
| 311 |
<?php |
|
321 |
<?php |
| 312 |
if (isset($$payment->form_action_url)) { |
+- |
|
|
| 313 |
$form_action_url = $$payment->form_action_url; |
|
|
|
| 314 |
} else { |
|
|
|
| 315 |
$form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL'); |
|
|
|
| 316 |
} |
|
|
|
| 317 |
|
|
|
|
| 318 |
echo tep_draw_form('checkout_confirmation', $form_action_url, 'post'); |
|
|
|
| 319 |
|
|
|
|
| 320 |
if (is_array($payment_modules->modules)) { |
= |
322 |
if (is_array($payment_modules->modules)) { |
| 321 |
echo $payment_modules->process_button(); |
|
323 |
echo $payment_modules->process_button(); |
| 322 |
} |
|
324 |
} |
| 323 |
|
|
325 |
|
| 324 |
echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "\n"; |
<> |
326 |
echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . "\n"; |
| 325 |
?> |
= |
327 |
?> |
| 326 |
</td> |
|
328 |
</td> |
| 327 |
</tr> |
|
329 |
</tr> |
| 328 |
</table></td> |
|
330 |
</table></td> |
| 329 |
</tr> |
|
331 |
</tr> |
| 330 |
<tr> |
|
332 |
<tr> |
| |
| 359 |
<td align="center" width="25%" class="checkoutBarFrom"><?php echo '<a href="' . tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL') . '" class="checkoutBarFrom">' . CHECKOUT_BAR_PAYMENT . '</a>'; ?></td> |
= |
361 |
<td align="center" width="25%" class="checkoutBarFrom"><?php echo '<a href="' . tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL') . '" class="checkoutBarFrom">' . CHECKOUT_BAR_PAYMENT . '</a>'; ?></td> |
| 360 |
<td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td> |
|
362 |
<td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td> |
| 361 |
<td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td> |
|
363 |
<td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td> |
| 362 |
</tr> |
|
364 |
</tr> |
| 363 |
</table></td> |
|
365 |
</table></td> |
| 364 |
</tr> |
|
366 |
</tr> |
| 365 |
</table></td> |
<> |
367 |
</table></form></td> |
| 366 |
<!-- body_text_eof //--> |
= |
368 |
<!-- body_text_eof //--> |
| 367 |
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> |
|
369 |
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> |
| 368 |
<!-- right_navigation //--> |
|
370 |
<!-- right_navigation //--> |
| 369 |
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> |
|
371 |
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> |
| 370 |
<!-- right_navigation_eof //--> |
|
372 |
<!-- right_navigation_eof //--> |
| 371 |
</table></td> |
|
373 |
</table></td> |
Add a register_globals compatibility layer for PHP 4.3+ servers.
| 13 |
// start the timer for the page parse time log |
= |
13 |
// start the timer for the page parse time log |
| 14 |
define('PAGE_PARSE_START_TIME', microtime()); |
|
14 |
define('PAGE_PARSE_START_TIME', microtime()); |
| 15 |
|
|
15 |
|
| 16 |
// set the level of error reporting |
|
16 |
// set the level of error reporting |
| 17 |
error_reporting(E_ALL & ~E_NOTICE); |
|
17 |
error_reporting(E_ALL & ~E_NOTICE); |
| 18 |
|
|
18 |
|
| 19 |
// check if register_globals is enabled. |
<> |
19 |
// check support for register_globals |
| 20 |
// since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized. |
|
20 |
if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { |
| 21 |
if (function_exists('ini_get')) { |
|
21 |
exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); |
| 22 |
ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.'); |
|
|
|
| 23 |
} |
= |
22 |
} |
| 24 |
|
|
23 |
|
| 25 |
// Set the local configuration parameters - mainly for developers |
|
24 |
// Set the local configuration parameters - mainly for developers |
| 26 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
|
25 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
| 27 |
|
|
26 |
|
| 28 |
// include server parameters |
|
27 |
// include server parameters |
| |
| 33 |
header('Location: install/index.php'); |
= |
32 |
header('Location: install/index.php'); |
| 34 |
} |
|
33 |
} |
| 35 |
} |
|
34 |
} |
| 36 |
|
|
35 |
|
| 37 |
// define the project version |
|
36 |
// define the project version |
| 38 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
|
37 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
| |
|
-+ |
38 |
|
| |
|
|
39 |
// some code to solve compatibility issues |
| |
|
|
40 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
| 39 |
|
= |
41 |
|
| 40 |
// set the type of request (secure or not) |
|
42 |
// set the type of request (secure or not) |
| 41 |
$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; |
|
43 |
$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; |
| 42 |
|
|
44 |
|
| 43 |
// set php_self in the local scope |
|
45 |
// set php_self in the local scope |
| 44 |
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; |
|
46 |
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; |
| |
| 122 |
// include shopping cart class |
= |
124 |
// include shopping cart class |
| 123 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
|
125 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
| 124 |
|
|
126 |
|
| 125 |
// include navigation history class |
|
127 |
// include navigation history class |
| 126 |
require(DIR_WS_CLASSES . 'navigation_history.php'); |
|
128 |
require(DIR_WS_CLASSES . 'navigation_history.php'); |
| 127 |
|
|
129 |
|
| 128 |
// some code to solve compatibility issues |
+- |
|
|
| 129 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
|
|
|
| 130 |
|
|
|
|
| 131 |
// check if sessions are supported, otherwise use the php3 compatible session class |
= |
130 |
// check if sessions are supported, otherwise use the php3 compatible session class |
| 132 |
if (!function_exists('session_start')) { |
|
131 |
if (!function_exists('session_start')) { |
| 133 |
define('PHP_SESSION_NAME', 'osCsid'); |
|
132 |
define('PHP_SESSION_NAME', 'osCsid'); |
| 134 |
define('PHP_SESSION_PATH', $cookie_path); |
|
133 |
define('PHP_SESSION_PATH', $cookie_path); |
| 135 |
define('PHP_SESSION_DOMAIN', $cookie_domain); |
|
134 |
define('PHP_SESSION_DOMAIN', $cookie_domain); |
| 136 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
|
135 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
| |
| 191 |
tep_session_start(); |
= |
190 |
tep_session_start(); |
| 192 |
$session_started = true; |
|
191 |
$session_started = true; |
| 193 |
} |
|
192 |
} |
| 194 |
} else { |
|
193 |
} else { |
| 195 |
tep_session_start(); |
|
194 |
tep_session_start(); |
| 196 |
$session_started = true; |
|
195 |
$session_started = true; |
| |
|
-+ |
196 |
} |
| |
|
|
197 |
|
| |
|
|
198 |
if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { |
| |
|
|
199 |
extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); |
| 197 |
} |
= |
200 |
} |
| 198 |
|
|
201 |
|
| 199 |
// set SID once, even if empty |
|
202 |
// set SID once, even if empty |
| 200 |
$SID = (defined('SID') ? SID : ''); |
|
203 |
$SID = (defined('SID') ? SID : ''); |
| 201 |
|
|
204 |
|
| 202 |
// verify the ssl_session_id if the feature is enabled |
|
205 |
// verify the ssl_session_id if the feature is enabled |
| 2 |
/* |
= |
2 |
/* |
| 3 |
$Id: compatibility.php,v 1.19 2003/04/09 16:12:54 project3000 Exp $ |
|
3 |
$Id: compatibility.php,v 1.19 2003/04/09 16:12:54 project3000 Exp $ |
| 4 |
|
|
4 |
|
| 5 |
osCommerce, Open Source E-Commerce Solutions |
|
5 |
osCommerce, Open Source E-Commerce Solutions |
| 6 |
http://www.oscommerce.com |
|
6 |
http://www.oscommerce.com |
| 7 |
|
|
7 |
|
| 8 |
Copyright (c) 2006 osCommerce |
|
8 |
Copyright (c) 2007 osCommerce |
| 9 |
|
|
9 |
|
| 10 |
Released under the GNU General Public License |
|
10 |
Released under the GNU General Public License |
| 11 |
|
+- |
|
|
| 12 |
Modified by Marco Canini, <m.canini@libero.it> |
|
|
|
| 13 |
- Fixed a bug with arrays in $HTTP_xxx_VARS |
|
|
|
| 14 |
*/ |
= |
11 |
*/ |
| 15 |
|
|
12 |
|
| 16 |
//// |
|
13 |
//// |
| 17 |
// Recursively handle magic_quotes_gpc turned off. |
|
14 |
// Recursively handle magic_quotes_gpc turned off. |
| 18 |
// This is due to the possibility of have an array in |
|
15 |
// This is due to the possibility of have an array in |
| 19 |
// $HTTP_xxx_VARS |
|
16 |
// $HTTP_xxx_VARS |
| |
| 27 |
} else { |
= |
24 |
} else { |
| 28 |
$ar[$key] = addslashes($value); |
|
25 |
$ar[$key] = addslashes($value); |
| 29 |
} |
|
26 |
} |
| 30 |
} |
|
27 |
} |
| 31 |
} |
|
28 |
} |
| 32 |
|
|
29 |
|
| 33 |
// $HTTP_xxx_VARS are always set on php4 |
<> |
30 |
if (PHP_VERSION >= 4.1) { |
| |
|
|
31 |
$HTTP_GET_VARS =& $_GET; |
| |
|
|
32 |
$HTTP_POST_VARS =& $_POST; |
| |
|
|
33 |
$HTTP_COOKIE_VARS =& $_COOKIE; |
| |
|
|
34 |
$HTTP_SESSION_VARS =& $_SESSION; |
| |
|
|
35 |
$HTTP_POST_FILES =& $_FILES; |
| |
|
|
36 |
$HTTP_SERVER_VARS =& $_SERVER; |
| |
|
|
37 |
} else { |
| 34 |
if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array(); |
|
38 |
if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array(); |
| 35 |
if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array(); |
|
39 |
if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array(); |
| 36 |
if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array(); |
|
40 |
if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array(); |
| |
|
|
41 |
} |
| 37 |
|
= |
42 |
|
| 38 |
// handle magic_quotes_gpc turned off. |
|
43 |
// handle magic_quotes_gpc turned off. |
| 39 |
if (!get_magic_quotes_gpc()) { |
|
44 |
if (!get_magic_quotes_gpc()) { |
| 40 |
do_magic_quotes_gpc($HTTP_GET_VARS); |
|
45 |
do_magic_quotes_gpc($HTTP_GET_VARS); |
| 41 |
do_magic_quotes_gpc($HTTP_POST_VARS); |
|
46 |
do_magic_quotes_gpc($HTTP_POST_VARS); |
| 42 |
do_magic_quotes_gpc($HTTP_COOKIE_VARS); |
|
47 |
do_magic_quotes_gpc($HTTP_COOKIE_VARS); |
| 155 |
return $form; |
= |
155 |
return $form; |
| 156 |
} |
|
156 |
} |
| 157 |
|
|
157 |
|
| 158 |
//// |
|
158 |
//// |
| 159 |
// Output a form input field |
|
159 |
// Output a form input field |
| 160 |
function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) { |
|
160 |
function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) { |
| |
|
-+ |
161 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
162 |
|
| 161 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
163 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
| 162 |
|
|
164 |
|
| 163 |
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { |
<> |
165 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
| 164 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
166 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
| |
|
|
167 |
$value = stripslashes($HTTP_GET_VARS[$name]); |
| |
|
|
168 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
| |
|
|
169 |
$value = stripslashes($HTTP_POST_VARS[$name]); |
| |
|
|
170 |
} |
| |
|
|
171 |
} |
| |
|
|
172 |
|
| 165 |
} elseif (tep_not_null($value)) { |
|
173 |
if (tep_not_null($value)) { |
| 166 |
$field .= ' value="' . tep_output_string($value) . '"'; |
= |
174 |
$field .= ' value="' . tep_output_string($value) . '"'; |
| 167 |
} |
|
175 |
} |
| 168 |
|
|
176 |
|
| 169 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
177 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 170 |
|
|
178 |
|
| 171 |
$field .= '>'; |
|
179 |
$field .= '>'; |
| |
| 179 |
return tep_draw_input_field($name, $value, $parameters, 'password', false); |
= |
187 |
return tep_draw_input_field($name, $value, $parameters, 'password', false); |
| 180 |
} |
|
188 |
} |
| 181 |
|
|
189 |
|
| 182 |
//// |
|
190 |
//// |
| 183 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
|
191 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
| 184 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') { |
|
192 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') { |
| |
|
-+ |
193 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
194 |
|
| 185 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
195 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
| 186 |
|
|
196 |
|
| 187 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
|
197 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
| 188 |
|
|
198 |
|
| 189 |
if ( ($checked == true) || ( isset($GLOBALS[$name]) && is_string($GLOBALS[$name]) && ( ($GLOBALS[$name] == 'on') || (isset($value) && (stripslashes($GLOBALS[$name]) == $value)) ) ) ) { |
<> |
199 |
if ( ($checked == true) || (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name]) && (($HTTP_GET_VARS[$name] == 'on') || (stripslashes($HTTP_GET_VARS[$name]) == $value))) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name]) && (($HTTP_POST_VARS[$name] == 'on') || (stripslashes($HTTP_POST_VARS[$name]) == $value))) ) { |
| 190 |
$selection .= ' CHECKED'; |
= |
200 |
$selection .= ' CHECKED'; |
| 191 |
} |
|
201 |
} |
| 192 |
|
|
202 |
|
| 193 |
if (tep_not_null($parameters)) $selection .= ' ' . $parameters; |
|
203 |
if (tep_not_null($parameters)) $selection .= ' ' . $parameters; |
| 194 |
|
|
204 |
|
| 195 |
$selection .= '>'; |
|
205 |
$selection .= '>'; |
| |
| 209 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters); |
= |
219 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters); |
| 210 |
} |
|
220 |
} |
| 211 |
|
|
221 |
|
| 212 |
//// |
|
222 |
//// |
| 213 |
// Output a form textarea field |
|
223 |
// Output a form textarea field |
| 214 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
|
224 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
| |
|
-+ |
225 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
226 |
|
| 215 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
= |
227 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
| 216 |
|
|
228 |
|
| 217 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
229 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 218 |
|
|
230 |
|
| 219 |
$field .= '>'; |
|
231 |
$field .= '>'; |
| 220 |
|
|
232 |
|
| 221 |
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { |
<> |
233 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
| |
|
|
234 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
| 222 |
$field .= tep_output_string_protected(stripslashes($GLOBALS[$name])); |
|
235 |
$field .= tep_output_string_protected(stripslashes($HTTP_GET_VARS[$name])); |
| |
|
|
236 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
| |
|
|
237 |
$field .= tep_output_string_protected(stripslashes($HTTP_POST_VARS[$name])); |
| |
|
|
238 |
} |
| 223 |
} elseif (tep_not_null($text)) { |
= |
239 |
} elseif (tep_not_null($text)) { |
| 224 |
$field .= tep_output_string_protected($text); |
|
240 |
$field .= tep_output_string_protected($text); |
| 225 |
} |
|
241 |
} |
| 226 |
|
|
242 |
|
| 227 |
$field .= '</textarea>'; |
|
243 |
$field .= '</textarea>'; |
| 228 |
|
|
244 |
|
| 229 |
return $field; |
|
245 |
return $field; |
| 230 |
} |
|
246 |
} |
| 231 |
|
|
247 |
|
| 232 |
//// |
|
248 |
//// |
| 233 |
// Output a form hidden field |
|
249 |
// Output a form hidden field |
| 234 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
|
250 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
| |
|
-+ |
251 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
252 |
|
| 235 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
= |
253 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
| 236 |
|
|
254 |
|
| 237 |
if (tep_not_null($value)) { |
|
255 |
if (tep_not_null($value)) { |
| 238 |
$field .= ' value="' . tep_output_string($value) . '"'; |
|
256 |
$field .= ' value="' . tep_output_string($value) . '"'; |
| 239 |
} elseif (isset($GLOBALS[$name])) { |
<> |
257 |
} elseif ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
| |
|
|
258 |
if ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) ) { |
| 240 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
259 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_GET_VARS[$name])) . '"'; |
| |
|
|
260 |
} elseif ( (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
| |
|
|
261 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_POST_VARS[$name])) . '"'; |
| |
|
|
262 |
} |
| 241 |
} |
= |
263 |
} |
| 242 |
|
|
264 |
|
| 243 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
265 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 244 |
|
|
266 |
|
| 245 |
$field .= '>'; |
|
267 |
$field .= '>'; |
| 246 |
|
|
268 |
|
| |
| 257 |
} |
= |
279 |
} |
| 258 |
} |
|
280 |
} |
| 259 |
|
|
281 |
|
| 260 |
//// |
|
282 |
//// |
| 261 |
// Output a form pull down menu |
|
283 |
// Output a form pull down menu |
| 262 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
|
284 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
| |
|
-+ |
285 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
286 |
|
| 263 |
$field = '<select name="' . tep_output_string($name) . '"'; |
= |
287 |
$field = '<select name="' . tep_output_string($name) . '"'; |
| 264 |
|
|
288 |
|
| 265 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
289 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 266 |
|
|
290 |
|
| 267 |
$field .= '>'; |
|
291 |
$field .= '>'; |
| 268 |
|
|
292 |
|
| 269 |
if (empty($default) && isset($GLOBALS[$name])) $default = stripslashes($GLOBALS[$name]); |
<> |
293 |
if (empty($default) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
| |
|
|
294 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
| |
|
|
295 |
$default = stripslashes($HTTP_GET_VARS[$name]); |
| |
|
|
296 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
| |
|
|
297 |
$default = stripslashes($HTTP_POST_VARS[$name]); |
| |
|
|
298 |
} |
| |
|
|
299 |
} |
| 270 |
|
= |
300 |
|
| 271 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
|
301 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
| 272 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
|
302 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
| 273 |
if ($default == $values[$i]['id']) { |
|
303 |
if ($default == $values[$i]['id']) { |
| 274 |
$field .= ' SELECTED'; |
|
304 |
$field .= ' SELECTED'; |
| 275 |
} |
|
305 |
} |
| 128 |
|
= |
128 |
|
| 129 |
$index++; |
|
129 |
$index++; |
| 130 |
} |
|
130 |
} |
| 131 |
} |
|
131 |
} |
| 132 |
|
|
132 |
|
| 133 |
function cart() { |
|
133 |
function cart() { |
| 134 |
global $customer_id, $sendto, $billto, $cart, $languages_id, $currency, $currencies, $shipping, $payment; |
<> |
134 |
global $HTTP_POST_VARS, $customer_id, $sendto, $billto, $cart, $languages_id, $currency, $currencies, $shipping, $payment, $comments; |
| 135 |
|
= |
135 |
|
| 136 |
$this->content_type = $cart->get_content_type(); |
|
136 |
$this->content_type = $cart->get_content_type(); |
| 137 |
|
|
137 |
|
| 138 |
$customer_address_query = tep_db_query("select c.customers_firstname, c.customers_lastname, c.customers_telephone, c.customers_email_address, ab.entry_company, ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_zone_id, z.zone_name, co.countries_id, co.countries_name, co.countries_iso_code_2, co.countries_iso_code_3, co.address_format_id, ab.entry_state from " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) left join " . TABLE_COUNTRIES . " co on (ab.entry_country_id = co.countries_id) where c.customers_id = '" . (int)$customer_id . "' and ab.customers_id = '" . (int)$customer_id . "' and c.customers_default_address_id = ab.address_book_id"); |
|
138 |
$customer_address_query = tep_db_query("select c.customers_firstname, c.customers_lastname, c.customers_telephone, c.customers_email_address, ab.entry_company, ab.entry_street_address, ab.entry_suburb, ab.entry_postcode, ab.entry_city, ab.entry_zone_id, z.zone_name, co.countries_id, co.countries_name, co.countries_iso_code_2, co.countries_iso_code_3, co.address_format_id, ab.entry_state from " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab left join " . TABLE_ZONES . " z on (ab.entry_zone_id = z.zone_id) left join " . TABLE_COUNTRIES . " co on (ab.entry_country_id = co.countries_id) where c.customers_id = '" . (int)$customer_id . "' and ab.customers_id = '" . (int)$customer_id . "' and c.customers_default_address_id = ab.address_book_id"); |
| 139 |
$customer_address = tep_db_fetch_array($customer_address_query); |
|
139 |
$customer_address = tep_db_fetch_array($customer_address_query); |
| 140 |
|
|
140 |
|
| |
| 148 |
$tax_address = tep_db_fetch_array($tax_address_query); |
= |
148 |
$tax_address = tep_db_fetch_array($tax_address_query); |
| 149 |
|
|
149 |
|
| 150 |
$this->info = array('order_status' => DEFAULT_ORDERS_STATUS_ID, |
|
150 |
$this->info = array('order_status' => DEFAULT_ORDERS_STATUS_ID, |
| 151 |
'currency' => $currency, |
|
151 |
'currency' => $currency, |
| 152 |
'currency_value' => $currencies->currencies[$currency]['value'], |
|
152 |
'currency_value' => $currencies->currencies[$currency]['value'], |
| 153 |
'payment_method' => $payment, |
|
153 |
'payment_method' => $payment, |
| 154 |
'cc_type' => (isset($GLOBALS['cc_type']) ? $GLOBALS['cc_type'] : ''), |
<> |
154 |
'cc_type' => (isset($HTTP_POST_VARS['cc_type']) ? $HTTP_POST_VARS['cc_type'] : ''), |
| 155 |
'cc_owner' => (isset($GLOBALS['cc_owner']) ? $GLOBALS['cc_owner'] : ''), |
|
155 |
'cc_owner' => (isset($HTTP_POST_VARS['cc_owner']) ? $HTTP_POST_VARS['cc_owner'] : ''), |
| 156 |
'cc_number' => (isset($GLOBALS['cc_number']) ? $GLOBALS['cc_number'] : ''), |
|
156 |
'cc_number' => (isset($HTTP_POST_VARS['cc_number']) ? $HTTP_POST_VARS['cc_number'] : ''), |
| 157 |
'cc_expires' => (isset($GLOBALS['cc_expires']) ? $GLOBALS['cc_expires'] : ''), |
|
157 |
'cc_expires' => (isset($HTTP_POST_VARS['cc_expires']) ? $HTTP_POST_VARS['cc_expires'] : ''), |
| 158 |
'shipping_method' => $shipping['title'], |
= |
158 |
'shipping_method' => $shipping['title'], |
| 159 |
'shipping_cost' => $shipping['cost'], |
|
159 |
'shipping_cost' => $shipping['cost'], |
| 160 |
'subtotal' => 0, |
|
160 |
'subtotal' => 0, |
| 161 |
'tax' => 0, |
|
161 |
'tax' => 0, |
| 162 |
'tax_groups' => array(), |
|
162 |
'tax_groups' => array(), |
| 163 |
'comments' => (isset($GLOBALS['comments']) ? $GLOBALS['comments'] : '')); |
<> |
163 |
'comments' => (tep_session_is_registered('comments') && !empty($comments) ? $comments : '')); |
| 164 |
|
= |
164 |
|
| 165 |
if (isset($GLOBALS[$payment]) && is_object($GLOBALS[$payment])) { |
|
165 |
if (isset($GLOBALS[$payment]) && is_object($GLOBALS[$payment])) { |
| 166 |
$this->info['payment_method'] = $GLOBALS[$payment]->title; |
|
166 |
$this->info['payment_method'] = $GLOBALS[$payment]->title; |
| 167 |
|
|
167 |
|
| 168 |
if ( isset($GLOBALS[$payment]->order_status) && is_numeric($GLOBALS[$payment]->order_status) && ($GLOBALS[$payment]->order_status > 0) ) { |
|
168 |
if ( isset($GLOBALS[$payment]->order_status) && is_numeric($GLOBALS[$payment]->order_status) && ($GLOBALS[$payment]->order_status > 0) ) { |
| 169 |
$this->info['order_status'] = $GLOBALS[$payment]->order_status; |
|
169 |
$this->info['order_status'] = $GLOBALS[$payment]->order_status; |
| 13 |
// Start the clock for the page parse time log |
= |
13 |
// Start the clock for the page parse time log |
| 14 |
define('PAGE_PARSE_START_TIME', microtime()); |
|
14 |
define('PAGE_PARSE_START_TIME', microtime()); |
| 15 |
|
|
15 |
|
| 16 |
// Set the level of error reporting |
|
16 |
// Set the level of error reporting |
| 17 |
error_reporting(E_ALL & ~E_NOTICE); |
|
17 |
error_reporting(E_ALL & ~E_NOTICE); |
| 18 |
|
|
18 |
|
| 19 |
// Check if register_globals is enabled. |
<> |
19 |
// check support for register_globals |
| 20 |
// Since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized. |
|
20 |
if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { |
| 21 |
if (function_exists('ini_get')) { |
|
21 |
exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); |
| 22 |
ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.'); |
|
|
|
| 23 |
} |
= |
22 |
} |
| 24 |
|
|
23 |
|
| 25 |
// Set the local configuration parameters - mainly for developers |
|
24 |
// Set the local configuration parameters - mainly for developers |
| 26 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
|
25 |
if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); |
| 27 |
|
|
26 |
|
| 28 |
// Include application configuration parameters |
|
27 |
// Include application configuration parameters |
| 29 |
require('includes/configure.php'); |
|
28 |
require('includes/configure.php'); |
| 30 |
|
|
29 |
|
| 31 |
// Define the project version |
|
30 |
// Define the project version |
| 32 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
|
31 |
define('PROJECT_VERSION', 'osCommerce 2.2-MS2'); |
| |
|
-+ |
32 |
|
| |
|
|
33 |
// some code to solve compatibility issues |
| |
|
|
34 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
| 33 |
|
= |
35 |
|
| 34 |
// set php_self in the local scope |
|
36 |
// set php_self in the local scope |
| 35 |
$PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']); |
|
37 |
$PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']); |
| 36 |
|
|
38 |
|
| 37 |
// Used in the "Backup Manager" to compress backups |
|
39 |
// Used in the "Backup Manager" to compress backups |
| 38 |
define('LOCAL_EXE_GZIP', '/usr/bin/gzip'); |
|
40 |
define('LOCAL_EXE_GZIP', '/usr/bin/gzip'); |
| |
| 73 |
// initialize the logger class |
= |
75 |
// initialize the logger class |
| 74 |
require(DIR_WS_CLASSES . 'logger.php'); |
|
76 |
require(DIR_WS_CLASSES . 'logger.php'); |
| 75 |
|
|
77 |
|
| 76 |
// include shopping cart class |
|
78 |
// include shopping cart class |
| 77 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
|
79 |
require(DIR_WS_CLASSES . 'shopping_cart.php'); |
| 78 |
|
|
80 |
|
| 79 |
// some code to solve compatibility issues |
+- |
|
|
| 80 |
require(DIR_WS_FUNCTIONS . 'compatibility.php'); |
|
|
|
| 81 |
|
|
|
|
| 82 |
// check to see if php implemented session management functions - if not, include php3/php4 compatible session class |
= |
81 |
// check to see if php implemented session management functions - if not, include php3/php4 compatible session class |
| 83 |
if (!function_exists('session_start')) { |
|
82 |
if (!function_exists('session_start')) { |
| 84 |
define('PHP_SESSION_NAME', 'osCAdminID'); |
|
83 |
define('PHP_SESSION_NAME', 'osCAdminID'); |
| 85 |
define('PHP_SESSION_PATH', '/'); |
|
84 |
define('PHP_SESSION_PATH', '/'); |
| 86 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
|
85 |
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); |
| 87 |
|
|
86 |
|
| |
| 102 |
ini_set('session.cookie_lifetime', '0'); |
= |
101 |
ini_set('session.cookie_lifetime', '0'); |
| 103 |
ini_set('session.cookie_path', DIR_WS_ADMIN); |
|
102 |
ini_set('session.cookie_path', DIR_WS_ADMIN); |
| 104 |
} |
|
103 |
} |
| 105 |
|
|
104 |
|
| 106 |
// lets start our session |
|
105 |
// lets start our session |
| 107 |
tep_session_start(); |
|
106 |
tep_session_start(); |
| |
|
-+ |
107 |
|
| |
|
|
108 |
if ( (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { |
| |
|
|
109 |
extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); |
| |
|
|
110 |
} |
| 108 |
|
= |
111 |
|
| 109 |
// set the language |
|
112 |
// set the language |
| 110 |
if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { |
|
113 |
if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { |
| 111 |
if (!tep_session_is_registered('language')) { |
|
114 |
if (!tep_session_is_registered('language')) { |
| 112 |
tep_session_register('language'); |
|
115 |
tep_session_register('language'); |
| 113 |
tep_session_register('languages_id'); |
|
116 |
tep_session_register('languages_id'); |
| 21 |
|
= |
21 |
|
| 22 |
function _sess_close() { |
|
22 |
function _sess_close() { |
| 23 |
return true; |
|
23 |
return true; |
| 24 |
} |
|
24 |
} |
| 25 |
|
|
25 |
|
| 26 |
function _sess_read($key) { |
|
26 |
function _sess_read($key) { |
| 27 |
$qid = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'"); |
<> |
27 |
$value_query = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'"); |
| |
|
|
28 |
$value = tep_db_fetch_array($value_query); |
| 28 |
|
= |
29 |
|
| 29 |
$value = tep_db_fetch_array($qid); |
<> |
|
|
| 30 |
if ($value['value']) { |
|
30 |
if (isset($value['value'])) { |
| 31 |
return $value['value']; |
= |
31 |
return $value['value']; |
| 32 |
} |
|
32 |
} |
| 33 |
|
|
33 |
|
| 34 |
return false; |
|
34 |
return false; |
| 35 |
} |
|
35 |
} |
| 36 |
|
|
36 |
|
| 37 |
function _sess_write($key, $val) { |
|
37 |
function _sess_write($key, $val) { |
| 38 |
global $SESS_LIFE; |
|
38 |
global $SESS_LIFE; |
| 39 |
|
|
39 |
|
| 40 |
$expiry = time() + $SESS_LIFE; |
|
40 |
$expiry = time() + $SESS_LIFE; |
| 41 |
$value = $val; |
|
41 |
$value = $val; |
| 42 |
|
|
42 |
|
| 43 |
$qid = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'"); |
<> |
43 |
$check_query = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'"); |
| 44 |
$total = tep_db_fetch_array($qid); |
|
44 |
$check = tep_db_fetch_array($check_query); |
| 45 |
|
= |
45 |
|
| 46 |
if ($total['total'] > 0) { |
<> |
46 |
if ($check['total'] > 0) { |
| 47 |
return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'"); |
= |
47 |
return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'"); |
| 48 |
} else { |
|
48 |
} else { |
| 49 |
return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')"); |
|
49 |
return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')"); |
| 50 |
} |
|
50 |
} |
| 51 |
} |
|
51 |
} |
| 52 |
|
|
52 |
|
| |
| 61 |
} |
= |
61 |
} |
| 62 |
|
|
62 |
|
| 63 |
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); |
|
63 |
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); |
| 64 |
} |
|
64 |
} |
| 65 |
|
|
65 |
|
| 66 |
function tep_session_start() { |
|
66 |
function tep_session_start() { |
| |
|
-+ |
67 |
global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS; |
| |
|
|
68 |
|
| |
|
|
69 |
$sane_session_id = true; |
| |
|
|
70 |
|
| |
|
|
71 |
if (isset($HTTP_GET_VARS[tep_session_name()])) { |
| |
|
|
72 |
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) { |
| |
|
|
73 |
unset($HTTP_GET_VARS[tep_session_name()]); |
| |
|
|
74 |
|
| |
|
|
75 |
$sane_session_id = false; |
| |
|
|
76 |
} |
| |
|
|
77 |
} elseif (isset($HTTP_POST_VARS[tep_session_name()])) { |
| |
|
|
78 |
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) { |
| |
|
|
79 |
unset($HTTP_POST_VARS[tep_session_name()]); |
| |
|
|
80 |
|
| |
|
|
81 |
$sane_session_id = false; |
| |
|
|
82 |
} |
| |
|
|
83 |
} elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) { |
| |
|
|
84 |
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) { |
| |
|
|
85 |
$session_data = session_get_cookie_params(); |
| |
|
|
86 |
|
| |
|
|
87 |
setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); |
| |
|
|
88 |
|
| |
|
|
89 |
$sane_session_id = false; |
| |
|
|
90 |
} |
| |
|
|
91 |
} |
| |
|
|
92 |
|
| |
|
|
93 |
if ($sane_session_id == false) { |
| |
|
|
94 |
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); |
| |
|
|
95 |
} |
| |
|
|
96 |
|
| 67 |
return session_start(); |
= |
97 |
return session_start(); |
| 68 |
} |
|
98 |
} |
| 69 |
|
|
99 |
|
| 70 |
function tep_session_register($variable) { |
|
100 |
function tep_session_register($variable) { |
| |
|
<> |
101 |
if (PHP_VERSION < 4.3) { |
| 71 |
return session_register($variable); |
|
102 |
return session_register($variable); |
| |
|
|
103 |
} else { |
| |
|
|
104 |
if (isset($GLOBALS[$variable])) { |
| |
|
|
105 |
$_SESSION[$variable] =& $GLOBALS[$variable]; |
| |
|
|
106 |
} else { |
| |
|
|
107 |
$_SESSION[$variable] = null; |
| |
|
|
108 |
} |
| |
|
|
109 |
$GLOBALS[$variable] =& $_SESSION[$variable]; |
| |
|
|
110 |
} |
| |
|
|
111 |
|
| |
|
|
112 |
return false; |
| 72 |
} |
= |
113 |
} |
| 73 |
|
|
114 |
|
| 74 |
function tep_session_is_registered($variable) { |
|
115 |
function tep_session_is_registered($variable) { |
| |
|
<> |
116 |
if (PHP_VERSION < 4.3) { |
| 75 |
return session_is_registered($variable); |
|
117 |
return session_is_registered($variable); |
| |
|
|
118 |
} else { |
| |
|
|
119 |
return isset($_SESSION[$variable]); |
| |
|
|
120 |
} |
| 76 |
} |
= |
121 |
} |
| 77 |
|
|
122 |
|
| 78 |
function tep_session_unregister($variable) { |
|
123 |
function tep_session_unregister($variable) { |
| |
|
<> |
124 |
if (PHP_VERSION < 4.3) { |
| 79 |
return session_unregister($variable); |
|
125 |
return session_unregister($variable); |
| |
|
|
126 |
} else { |
| |
|
|
127 |
unset($_SESSION[$variable]); |
| |
|
|
128 |
} |
| 80 |
} |
= |
129 |
} |
| 81 |
|
|
130 |
|
| 82 |
function tep_session_id($sessid = '') { |
|
131 |
function tep_session_id($sessid = '') { |
| 83 |
if ($sessid != '') { |
|
132 |
if ($sessid != '') { |
| 84 |
return session_id($sessid); |
|
133 |
return session_id($sessid); |
| 85 |
} else { |
|
134 |
} else { |
| |
| 93 |
} else { |
= |
142 |
} else { |
| 94 |
return session_name(); |
|
143 |
return session_name(); |
| 95 |
} |
|
144 |
} |
| 96 |
} |
|
145 |
} |
| 97 |
|
|
146 |
|
| 98 |
function tep_session_close() { |
|
147 |
function tep_session_close() { |
| |
|
<> |
148 |
if (PHP_VERSION >= '4.0.4') { |
| |
|
|
149 |
return session_write_close(); |
| 99 |
if (function_exists('session_close')) { |
|
150 |
} elseif (function_exists('session_close')) { |
| 100 |
return session_close(); |
= |
151 |
return session_close(); |
| 101 |
} |
|
152 |
} |
| 102 |
} |
|
153 |
} |
| 103 |
|
|
154 |
|
| 104 |
function tep_session_destroy() { |
|
155 |
function tep_session_destroy() { |
| 105 |
return session_destroy(); |
|
156 |
return session_destroy(); |
| 167 |
return $form; |
= |
167 |
return $form; |
| 168 |
} |
|
168 |
} |
| 169 |
|
|
169 |
|
| 170 |
//// |
|
170 |
//// |
| 171 |
// Output a form input field |
|
171 |
// Output a form input field |
| 172 |
function tep_draw_input_field($name, $value = '', $parameters = '', $required = false, $type = 'text', $reinsert_value = true) { |
|
172 |
function tep_draw_input_field($name, $value = '', $parameters = '', $required = false, $type = 'text', $reinsert_value = true) { |
| |
|
-+ |
173 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
174 |
|
| 173 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
175 |
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
| 174 |
|
|
176 |
|
| 175 |
if (isset($GLOBALS[$name]) && ($reinsert_value == true) && is_string($GLOBALS[$name])) { |
<> |
177 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
| 176 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
178 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
| |
|
|
179 |
$value = stripslashes($HTTP_GET_VARS[$name]); |
| |
|
|
180 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
| |
|
|
181 |
$value = stripslashes($HTTP_POST_VARS[$name]); |
| |
|
|
182 |
} |
| |
|
|
183 |
} |
| |
|
|
184 |
|
| 177 |
} elseif (tep_not_null($value)) { |
|
185 |
if (tep_not_null($value)) { |
| 178 |
$field .= ' value="' . tep_output_string($value) . '"'; |
= |
186 |
$field .= ' value="' . tep_output_string($value) . '"'; |
| 179 |
} |
|
187 |
} |
| 180 |
|
|
188 |
|
| 181 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
189 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 182 |
|
|
190 |
|
| 183 |
$field .= '>'; |
|
191 |
$field .= '>'; |
| |
| 203 |
return $field; |
= |
211 |
return $field; |
| 204 |
} |
|
212 |
} |
| 205 |
|
|
213 |
|
| 206 |
//// |
|
214 |
//// |
| 207 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
|
215 |
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field() |
| 208 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $compare = '') { |
|
216 |
function tep_draw_selection_field($name, $type, $value = '', $checked = false, $compare = '') { |
| |
|
-+ |
217 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
218 |
|
| 209 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
= |
219 |
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"'; |
| 210 |
|
|
220 |
|
| 211 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
|
221 |
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"'; |
| 212 |
|
|
222 |
|
| 213 |
if ( ($checked == true) || (isset($GLOBALS[$name]) && is_string($GLOBALS[$name]) && ($GLOBALS[$name] == 'on')) || (isset($value) && isset($GLOBALS[$name]) && (stripslashes($GLOBALS[$name]) == $value)) || (tep_not_null($value) && tep_not_null($compare) && ($value == $compare)) ) { |
<> |
223 |
if ( ($checked == true) || (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name]) && (($HTTP_GET_VARS[$name] == 'on') || (stripslashes($HTTP_GET_VARS[$name]) == $value))) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name]) && (($HTTP_POST_VARS[$name] == 'on') || (stripslashes($HTTP_POST_VARS[$name]) == $value))) || (tep_not_null($compare) && ($value == $compare)) ) { |
| 214 |
$selection .= ' CHECKED'; |
= |
224 |
$selection .= ' CHECKED'; |
| 215 |
} |
|
225 |
} |
| 216 |
|
|
226 |
|
| 217 |
$selection .= '>'; |
|
227 |
$selection .= '>'; |
| 218 |
|
|
228 |
|
| 219 |
return $selection; |
|
229 |
return $selection; |
| |
| 231 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $compare); |
= |
241 |
return tep_draw_selection_field($name, 'radio', $value, $checked, $compare); |
| 232 |
} |
|
242 |
} |
| 233 |
|
|
243 |
|
| 234 |
//// |
|
244 |
//// |
| 235 |
// Output a form textarea field |
|
245 |
// Output a form textarea field |
| 236 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
|
246 |
function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) { |
| |
|
-+ |
247 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
248 |
|
| 237 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
= |
249 |
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"'; |
| 238 |
|
|
250 |
|
| 239 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
251 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 240 |
|
|
252 |
|
| 241 |
$field .= '>'; |
|
253 |
$field .= '>'; |
| 242 |
|
|
254 |
|
| 243 |
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) { |
<> |
255 |
if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
| |
|
|
256 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
| 244 |
$field .= tep_output_string_protected(stripslashes($GLOBALS[$name])); |
|
257 |
$field .= tep_output_string_protected(stripslashes($HTTP_GET_VARS[$name])); |
| |
|
|
258 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
| |
|
|
259 |
$field .= tep_output_string_protected(stripslashes($HTTP_POST_VARS[$name])); |
| |
|
|
260 |
} |
| 245 |
} elseif (tep_not_null($text)) { |
= |
261 |
} elseif (tep_not_null($text)) { |
| 246 |
$field .= tep_output_string_protected($text); |
|
262 |
$field .= tep_output_string_protected($text); |
| 247 |
} |
|
263 |
} |
| 248 |
|
|
264 |
|
| 249 |
$field .= '</textarea>'; |
|
265 |
$field .= '</textarea>'; |
| 250 |
|
|
266 |
|
| 251 |
return $field; |
|
267 |
return $field; |
| 252 |
} |
|
268 |
} |
| 253 |
|
|
269 |
|
| 254 |
//// |
|
270 |
//// |
| 255 |
// Output a form hidden field |
|
271 |
// Output a form hidden field |
| 256 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
|
272 |
function tep_draw_hidden_field($name, $value = '', $parameters = '') { |
| |
|
-+ |
273 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
274 |
|
| 257 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
= |
275 |
$field = '<input type="hidden" name="' . tep_output_string($name) . '"'; |
| 258 |
|
|
276 |
|
| 259 |
if (tep_not_null($value)) { |
|
277 |
if (tep_not_null($value)) { |
| 260 |
$field .= ' value="' . tep_output_string($value) . '"'; |
|
278 |
$field .= ' value="' . tep_output_string($value) . '"'; |
| 261 |
} elseif (isset($GLOBALS[$name]) && is_string($GLOBALS[$name])) { |
<> |
279 |
} elseif ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
| |
|
|
280 |
if ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) ) { |
| 262 |
$field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"'; |
|
281 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_GET_VARS[$name])) . '"'; |
| |
|
|
282 |
} elseif ( (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) { |
| |
|
|
283 |
$field .= ' value="' . tep_output_string(stripslashes($HTTP_POST_VARS[$name])) . '"'; |
| |
|
|
284 |
} |
| 263 |
} |
= |
285 |
} |
| 264 |
|
|
286 |
|
| 265 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
287 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 266 |
|
|
288 |
|
| 267 |
$field .= '>'; |
|
289 |
$field .= '>'; |
| 268 |
|
|
290 |
|
| 269 |
return $field; |
|
291 |
return $field; |
| 270 |
} |
|
292 |
} |
| 271 |
|
|
293 |
|
| 272 |
//// |
|
294 |
//// |
| 273 |
// Output a form pull down menu |
|
295 |
// Output a form pull down menu |
| 274 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
|
296 |
function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) { |
| |
|
-+ |
297 |
global $HTTP_GET_VARS, $HTTP_POST_VARS; |
| |
|
|
298 |
|
| 275 |
$field = '<select name="' . tep_output_string($name) . '"'; |
= |
299 |
$field = '<select name="' . tep_output_string($name) . '"'; |
| 276 |
|
|
300 |
|
| 277 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
|
301 |
if (tep_not_null($parameters)) $field .= ' ' . $parameters; |
| 278 |
|
|
302 |
|
| 279 |
$field .= '>'; |
|
303 |
$field .= '>'; |
| 280 |
|
|
304 |
|
| 281 |
if (empty($default) && isset($GLOBALS[$name])) $default = stripslashes($GLOBALS[$name]); |
<> |
305 |
if (empty($default) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) { |
| |
|
|
306 |
if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) { |
| |
|
|
307 |
$default = stripslashes($HTTP_GET_VARS[$name]); |
| |
|
|
308 |
} elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) { |
| |
|
|
309 |
$default = stripslashes($HTTP_POST_VARS[$name]); |
| |
|
|
310 |
} |
| |
|
|
311 |
} |
| 282 |
|
= |
312 |
|
| 283 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
|
313 |
for ($i=0, $n=sizeof($values); $i<$n; $i++) { |
| 284 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
|
314 |
$field .= '<option value="' . tep_output_string($values[$i]['id']) . '"'; |
| 285 |
if ($default == $values[$i]['id']) { |
|
315 |
if ($default == $values[$i]['id']) { |
| 286 |
$field .= ' SELECTED'; |
|
316 |
$field .= ' SELECTED'; |
| 287 |
} |
|
317 |
} |
| 30 |
return false; |
= |
30 |
return false; |
| 31 |
} |
|
31 |
} |
| 32 |
} |
|
32 |
} |
| 33 |
} |
|
33 |
} |
| 34 |
|
|
34 |
|
| 35 |
function parse() { |
|
35 |
function parse() { |
| 36 |
global $messageStack; |
<> |
36 |
global $HTTP_POST_FILES, $messageStack; |
| 37 |
|
= |
37 |
|
| |
|
-+ |
38 |
$file = array(); |
| |
|
|
39 |
|
| 38 |
if (isset($_FILES[$this->file])) { |
= |
40 |
if (isset($_FILES[$this->file])) { |
| 39 |
$file = array('name' => $_FILES[$this->file]['name'], |
|
41 |
$file = array('name' => $_FILES[$this->file]['name'], |
| 40 |
'type' => $_FILES[$this->file]['type'], |
|
42 |
'type' => $_FILES[$this->file]['type'], |
| 41 |
'size' => $_FILES[$this->file]['size'], |
|
43 |
'size' => $_FILES[$this->file]['size'], |
| 42 |
'tmp_name' => $_FILES[$this->file]['tmp_name']); |
|
44 |
'tmp_name' => $_FILES[$this->file]['tmp_name']); |
| 43 |
} elseif (isset($GLOBALS['HTTP_POST_FILES'][$this->file])) { |
<> |
45 |
} elseif (isset($HTTP_POST_FILES[$this->file])) { |
| 44 |
global $HTTP_POST_FILES; |
|
|
|
| 45 |
|
|
|
|
| 46 |
$file = array('name' => $HTTP_POST_FILES[$this->file]['name'], |
= |
46 |
$file = array('name' => $HTTP_POST_FILES[$this->file]['name'], |
| 47 |
'type' => $HTTP_POST_FILES[$this->file]['type'], |
|
47 |
'type' => $HTTP_POST_FILES[$this->file]['type'], |
| 48 |
'size' => $HTTP_POST_FILES[$this->file]['size'], |
|
48 |
'size' => $HTTP_POST_FILES[$this->file]['size'], |
| 49 |
'tmp_name' => $HTTP_POST_FILES[$this->file]['tmp_name']); |
|
49 |
'tmp_name' => $HTTP_POST_FILES[$this->file]['tmp_name']); |
| 50 |
} else { |
+- |
|
|
| 51 |
$file = array('name' => (isset($GLOBALS[$this->file . '_name']) ? $GLOBALS[$this->file . '_name'] : ''), |
|
|
|
| 52 |
'type' => (isset($GLOBALS[$this->file . '_type']) ? $GLOBALS[$this->file . '_type'] : ''), |
|
|
|
| 53 |
'size' => (isset($GLOBALS[$this->file . '_size']) ? $GLOBALS[$this->file . '_size'] : ''), |
|
|
|
| 54 |
'tmp_name' => (isset($GLOBALS[$this->file]) ? $GLOBALS[$this->file] : '')); |
|
|
|
| 55 |
} |
= |
50 |
} |
| 56 |
|
|
51 |
|
| 57 |
if ( tep_not_null($file['tmp_name']) && ($file['tmp_name'] != 'none') && is_uploaded_file($file['tmp_name']) ) { |
|
52 |
if ( tep_not_null($file['tmp_name']) && ($file['tmp_name'] != 'none') && is_uploaded_file($file['tmp_name']) ) { |
| 58 |
if (sizeof($this->extensions) > 0) { |
|
53 |
if (sizeof($this->extensions) > 0) { |
| 59 |
if (!in_array(strtolower(substr($file['name'], strrpos($file['name'], '.')+1)), $this->extensions)) { |
|
54 |
if (!in_array(strtolower(substr($file['name'], strrpos($file['name'], '.')+1)), $this->extensions)) { |
| 60 |
if ($this->message_location == 'direct') { |
|
55 |
if ($this->message_location == 'direct') { |
Use the currency code from the currencies database table instead of the value checked on to make sure the currency is valid.
Correct the display of the billing address on the invoice and packing slip pages.
Respect the Configuration -> Minimum Values settings when editing a customer on the Administration Tool.
| 17 |
var error_message = ""; |
= |
17 |
var error_message = ""; |
| 18 |
|
|
18 |
|
| 19 |
function check_input(field_name, field_size, message) { |
|
19 |
function check_input(field_name, field_size, message) { |
| 20 |
if (form.elements[field_name] && (form.elements[field_name].type != "hidden")) { |
|
20 |
if (form.elements[field_name] && (form.elements[field_name].type != "hidden")) { |
| 21 |
var field_value = form.elements[field_name].value; |
|
21 |
var field_value = form.elements[field_name].value; |
| 22 |
|
|
22 |
|
| 23 |
if (field_value == '' || field_value.length < field_size) { |
<> |
23 |
if (field_value.length < field_size) { |
| 24 |
error_message = error_message + "* " + message + "\n"; |
= |
24 |
error_message = error_message + "* " + message + "\n"; |
| 25 |
error = true; |
|
25 |
error = true; |
| 26 |
} |
|
26 |
} |
| 27 |
} |
|
27 |
} |
| 28 |
} |
|
28 |
} |
| 29 |
|
|
29 |
|
| |
| 60 |
|
= |
60 |
|
| 61 |
function check_password(field_name_1, field_name_2, field_size, message_1, message_2) { |
|
61 |
function check_password(field_name_1, field_name_2, field_size, message_1, message_2) { |
| 62 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
|
62 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
| 63 |
var password = form.elements[field_name_1].value; |
|
63 |
var password = form.elements[field_name_1].value; |
| 64 |
var confirmation = form.elements[field_name_2].value; |
|
64 |
var confirmation = form.elements[field_name_2].value; |
| 65 |
|
|
65 |
|
| 66 |
if (password == '' || password.length < field_size) { |
<> |
66 |
if (password.length < field_size) { |
| 67 |
error_message = error_message + "* " + message_1 + "\n"; |
= |
67 |
error_message = error_message + "* " + message_1 + "\n"; |
| 68 |
error = true; |
|
68 |
error = true; |
| 69 |
} else if (password != confirmation) { |
|
69 |
} else if (password != confirmation) { |
| 70 |
error_message = error_message + "* " + message_2 + "\n"; |
|
70 |
error_message = error_message + "* " + message_2 + "\n"; |
| 71 |
error = true; |
|
71 |
error = true; |
| 72 |
} |
|
72 |
} |
| |
| 76 |
function check_password_new(field_name_1, field_name_2, field_name_3, field_size, message_1, message_2, message_3) { |
= |
76 |
function check_password_new(field_name_1, field_name_2, field_name_3, field_size, message_1, message_2, message_3) { |
| 77 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
|
77 |
if (form.elements[field_name_1] && (form.elements[field_name_1].type != "hidden")) { |
| 78 |
var password_current = form.elements[field_name_1].value; |
|
78 |
var password_current = form.elements[field_name_1].value; |
| 79 |
var password_new = form.elements[field_name_2].value; |
|
79 |
var password_new = form.elements[field_name_2].value; |
| 80 |
var password_confirmation = form.elements[field_name_3].value; |
|
80 |
var password_confirmation = form.elements[field_name_3].value; |
| 81 |
|
|
81 |
|
| 82 |
if (password_current == '' || password_current.length < field_size) { |
<> |
82 |
if (password_current.length < field_size) { |
| 83 |
error_message = error_message + "* " + message_1 + "\n"; |
= |
83 |
error_message = error_message + "* " + message_1 + "\n"; |
| 84 |
error = true; |
|
84 |
error = true; |
| 85 |
} else if (password_new == '' || password_new.length < field_size) { |
<> |
85 |
} else if (password_new.length < field_size) { |
| 86 |
error_message = error_message + "* " + message_2 + "\n"; |
= |
86 |
error_message = error_message + "* " + message_2 + "\n"; |
| 87 |
error = true; |
|
87 |
error = true; |
| 88 |
} else if (password_new != password_confirmation) { |
|
88 |
} else if (password_new != password_confirmation) { |
| 89 |
error_message = error_message + "* " + message_3 + "\n"; |
|
89 |
error_message = error_message + "* " + message_3 + "\n"; |
| 90 |
error = true; |
|
90 |
error = true; |
| 91 |
} |
|
91 |
} |
| 123 |
$entry_zone_id = $zone_values['zone_id']; |
= |
123 |
$entry_zone_id = $zone_values['zone_id']; |
| 124 |
} else { |
|
124 |
} else { |
| 125 |
$error = true; |
|
125 |
$error = true; |
| 126 |
$entry_state_error = true; |
|
126 |
$entry_state_error = true; |
| 127 |
} |
|
127 |
} |
| 128 |
} else { |
|
128 |
} else { |
| 129 |
if ($entry_state == false) { |
<> |
129 |
if (strlen($entry_state) < ENTRY_STATE_MIN_LENGTH) { |
| 130 |
$error = true; |
= |
130 |
$error = true; |
| 131 |
$entry_state_error = true; |
|
131 |
$entry_state_error = true; |
| 132 |
} |
|
132 |
} |
| 133 |
} |
|
133 |
} |
| 134 |
} |
|
134 |
} |
| 135 |
} |
|
135 |
} |
| |
| 258 |
} else { |
= |
258 |
} else { |
| 259 |
error_message = error_message + "<?php echo JS_GENDER; ?>"; |
|
259 |
error_message = error_message + "<?php echo JS_GENDER; ?>"; |
| 260 |
error = 1; |
|
260 |
error = 1; |
| 261 |
} |
|
261 |
} |
| 262 |
<?php } ?> |
|
262 |
<?php } ?> |
| 263 |
|
|
263 |
|
| 264 |
if (customers_firstname == "" || customers_firstname.length < <?php echo ENTRY_FIRST_NAME_MIN_LENGTH; ?>) { |
<> |
264 |
if (customers_firstname.length < <?php echo ENTRY_FIRST_NAME_MIN_LENGTH; ?>) { |
| 265 |
error_message = error_message + "<?php echo JS_FIRST_NAME; ?>"; |
= |
265 |
error_message = error_message + "<?php echo JS_FIRST_NAME; ?>"; |
| 266 |
error = 1; |
|
266 |
error = 1; |
| 267 |
} |
|
267 |
} |
| 268 |
|
|
268 |
|
| 269 |
if (customers_lastname == "" || customers_lastname.length < <?php echo ENTRY_LAST_NAME_MIN_LENGTH; ?>) { |
<> |
269 |
if (customers_lastname.length < <?php echo ENTRY_LAST_NAME_MIN_LENGTH; ?>) { |
| 270 |
error_message = error_message + "<?php echo JS_LAST_NAME; ?>"; |
= |
270 |
error_message = error_message + "<?php echo JS_LAST_NAME; ?>"; |
| 271 |
error = 1; |
|
271 |
error = 1; |
| 272 |
} |
|
272 |
} |
| 273 |
|
|
273 |
|
| 274 |
<?php if (ACCOUNT_DOB == 'true') { ?> |
|
274 |
<?php if (ACCOUNT_DOB == 'true') { ?> |
| 275 |
if (customers_dob == "" || customers_dob.length < <?php echo ENTRY_DOB_MIN_LENGTH; ?>) { |
<> |
275 |
if (customers_dob.length < <?php echo ENTRY_DOB_MIN_LENGTH; ?>) { |
| 276 |
error_message = error_message + "<?php echo JS_DOB; ?>"; |
= |
276 |
error_message = error_message + "<?php echo JS_DOB; ?>"; |
| 277 |
error = 1; |
|
277 |
error = 1; |
| 278 |
} |
|
278 |
} |
| 279 |
<?php } ?> |
|
279 |
<?php } ?> |
| 280 |
|
|
280 |
|
| 281 |
if (customers_email_address == "" || customers_email_address.length < <?php echo ENTRY_EMAIL_ADDRESS_MIN_LENGTH; ?>) { |
<> |
281 |
if (customers_email_address.length < <?php echo ENTRY_EMAIL_ADDRESS_MIN_LENGTH; ?>) { |
| 282 |
error_message = error_message + "<?php echo JS_EMAIL_ADDRESS; ?>"; |
= |
282 |
error_message = error_message + "<?php echo JS_EMAIL_ADDRESS; ?>"; |
| 283 |
error = 1; |
|
283 |
error = 1; |
| 284 |
} |
|
284 |
} |
| 285 |
|
|
285 |
|
| 286 |
if (entry_street_address == "" || entry_street_address.length < <?php echo ENTRY_STREET_ADDRESS_MIN_LENGTH; ?>) { |
<> |
286 |
if (entry_street_address.length < <?php echo ENTRY_STREET_ADDRESS_MIN_LENGTH; ?>) { |
| 287 |
error_message = error_message + "<?php echo JS_ADDRESS; ?>"; |
= |
287 |
error_message = error_message + "<?php echo JS_ADDRESS; ?>"; |
| 288 |
error = 1; |
|
288 |
error = 1; |
| 289 |
} |
|
289 |
} |
| 290 |
|
|
290 |
|
| 291 |
if (entry_postcode == "" || entry_postcode.length < <?php echo ENTRY_POSTCODE_MIN_LENGTH; ?>) { |
<> |
291 |
if (entry_postcode.length < <?php echo ENTRY_POSTCODE_MIN_LENGTH; ?>) { |
| 292 |
error_message = error_message + "<?php echo JS_POST_CODE; ?>"; |
= |
292 |
error_message = error_message + "<?php echo JS_POST_CODE; ?>"; |
| 293 |
error = 1; |
|
293 |
error = 1; |
| 294 |
} |
|
294 |
} |
| 295 |
|
|
295 |
|
| 296 |
if (entry_city == "" || entry_city.length < <?php echo ENTRY_CITY_MIN_LENGTH; ?>) { |
<> |
296 |
if (entry_city.length < <?php echo ENTRY_CITY_MIN_LENGTH; ?>) { |
| 297 |
error_message = error_message + "<?php echo JS_CITY; ?>"; |
= |
297 |
error_message = error_message + "<?php echo JS_CITY; ?>"; |
| 298 |
error = 1; |
|
298 |
error = 1; |
| 299 |
} |
|
299 |
} |
| 300 |
|
|
300 |
|
| 301 |
<?php |
|
301 |
<?php |
| 302 |
if (ACCOUNT_STATE == 'true') { |
|
302 |
if (ACCOUNT_STATE == 'true') { |
| 303 |
?> |
|
303 |
?> |
| 304 |
if (document.customers.elements['entry_state'].type != "hidden") { |
|
304 |
if (document.customers.elements['entry_state'].type != "hidden") { |
| 305 |
if (document.customers.entry_state.value == '' || document.customers.entry_state.value.length < <?php echo ENTRY_STATE_MIN_LENGTH; ?> ) { |
<> |
305 |
if (document.customers.entry_state.value.length < <?php echo ENTRY_STATE_MIN_LENGTH; ?>) { |
| 306 |
error_message = error_message + "<?php echo JS_STATE; ?>"; |
= |
306 |
error_message = error_message + "<?php echo JS_STATE; ?>"; |
| 307 |
error = 1; |
|
307 |
error = 1; |
| 308 |
} |
|
308 |
} |
| 309 |
} |
|
309 |
} |
| 310 |
<?php |
|
310 |
<?php |
| 311 |
} |
|
311 |
} |
| |
| 315 |
if (document.customers.entry_country_id.value == 0) { |
= |
315 |
if (document.customers.entry_country_id.value == 0) { |
| 316 |
error_message = error_message + "<?php echo JS_COUNTRY; ?>"; |
|
316 |
error_message = error_message + "<?php echo JS_COUNTRY; ?>"; |
| 317 |
error = 1; |
|
317 |
error = 1; |
| 318 |
} |
|
318 |
} |
| 319 |
} |
|
319 |
} |
| 320 |
|
|
320 |
|
| 321 |
if (customers_telephone == "" || customers_telephone.length < <?php echo ENTRY_TELEPHONE_MIN_LENGTH; ?>) { |
<> |
321 |
if (customers_telephone.length < <?php echo ENTRY_TELEPHONE_MIN_LENGTH; ?>) { |
| 322 |
error_message = error_message + "<?php echo JS_TELEPHONE; ?>"; |
= |
322 |
error_message = error_message + "<?php echo JS_TELEPHONE; ?>"; |
| 323 |
error = 1; |
|
323 |
error = 1; |
| 324 |
} |
|
324 |
} |
| 325 |
|
|
325 |
|
| 326 |
if (error == 1) { |
|
326 |
if (error == 1) { |
| 327 |
alert(error_message); |
|
327 |
alert(error_message); |
Reset compatibility array indexes when working through its elements.
Pass the MySQL connection identifier link to the mysql_insert_id() function.
Fix an SQL injection vulnerability when sorting products on the index listing.
| 185 |
} else { |
= |
185 |
} else { |
| 186 |
// We show them all |
|
186 |
// We show them all |
| 187 |
$listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; |
|
187 |
$listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; |
| 188 |
} |
|
188 |
} |
| 189 |
} |
|
189 |
} |
| 190 |
|
|
190 |
|
| 191 |
if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) { |
<> |
191 |
if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('^[1-8][ad]$', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) { |
| 192 |
for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { |
= |
192 |
for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { |
| 193 |
if ($column_list[$i] == 'PRODUCT_LIST_NAME') { |
|
193 |
if ($column_list[$i] == 'PRODUCT_LIST_NAME') { |
| 194 |
$HTTP_GET_VARS['sort'] = $i+1 . 'a'; |
|
194 |
$HTTP_GET_VARS['sort'] = $i+1 . 'a'; |
| 195 |
$listing_sql .= " order by pd.products_name"; |
|
195 |
$listing_sql .= " order by pd.products_name"; |
| 196 |
break; |
|
196 |
break; |
| 197 |
} |
|
197 |
} |
| 198 |
} |
|
198 |
} |
| 199 |
} else { |
|
199 |
} else { |
| 200 |
$sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1); |
|
200 |
$sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1); |
| 201 |
$sort_order = substr($HTTP_GET_VARS['sort'], 1); |
|
201 |
$sort_order = substr($HTTP_GET_VARS['sort'], 1); |
| 202 |
$listing_sql .= ' order by '; |
<> |
202 |
|
| 203 |
switch ($column_list[$sort_col-1]) { |
= |
203 |
switch ($column_list[$sort_col-1]) { |
| 204 |
case 'PRODUCT_LIST_MODEL': |
|
204 |
case 'PRODUCT_LIST_MODEL': |
| 205 |
$listing_sql .= "p.products_model " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
205 |
$listing_sql .= " order by p.products_model " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
| 206 |
break; |
= |
206 |
break; |
| 207 |
case 'PRODUCT_LIST_NAME': |
|
207 |
case 'PRODUCT_LIST_NAME': |
| 208 |
$listing_sql .= "pd.products_name " . ($sort_order == 'd' ? 'desc' : ''); |
<> |
208 |
$listing_sql .= " order by pd.products_name " . ($sort_order == 'd' ? 'desc' : ''); |
| 209 |
break; |
= |
209 |
break; |
| 210 |
case 'PRODUCT_LIST_MANUFACTURER': |
|
210 |
case 'PRODUCT_LIST_MANUFACTURER': |
| 211 |
$listing_sql .= "m.manufacturers_name " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
211 |
$listing_sql .= " order by m.manufacturers_name " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
| 212 |
break; |
= |
212 |
break; |
| 213 |
case 'PRODUCT_LIST_QUANTITY': |
|
213 |
case 'PRODUCT_LIST_QUANTITY': |
| 214 |
$listing_sql .= "p.products_quantity " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
214 |
$listing_sql .= " order by p.products_quantity " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
| 215 |
break; |
= |
215 |
break; |
| 216 |
case 'PRODUCT_LIST_IMAGE': |
|
216 |
case 'PRODUCT_LIST_IMAGE': |
| 217 |
$listing_sql .= "pd.products_name"; |
<> |
217 |
$listing_sql .= " order by pd.products_name"; |
| 218 |
break; |
= |
218 |
break; |
| 219 |
case 'PRODUCT_LIST_WEIGHT': |
|
219 |
case 'PRODUCT_LIST_WEIGHT': |
| 220 |
$listing_sql .= "p.products_weight " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
220 |
$listing_sql .= " order by p.products_weight " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
| 221 |
break; |
= |
221 |
break; |
| 222 |
case 'PRODUCT_LIST_PRICE': |
|
222 |
case 'PRODUCT_LIST_PRICE': |
| 223 |
$listing_sql .= "final_price " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
<> |
223 |
$listing_sql .= " order by final_price " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; |
| 224 |
break; |
= |
224 |
break; |
| 225 |
} |
|
225 |
} |
| 226 |
} |
|
226 |
} |
| 227 |
?> |
|
227 |
?> |
| 228 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
228 |
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
| 229 |
<tr> |
|
229 |
<tr> |
Don't calculate product prices with tax by rounding the net value as this brings down the default precision of 4 to the decimal places of the selected currency.
| 26 |
if (is_array($this->contents)) { |
= |
26 |
if (is_array($this->contents)) { |
| 27 |
reset($this->contents); |
|
27 |
reset($this->contents); |
| 28 |
while (list($products_id, ) = each($this->contents)) { |
|
28 |
while (list($products_id, ) = each($this->contents)) { |
| 29 |
$qty = $this->contents[$products_id]['qty']; |
|
29 |
$qty = $this->contents[$products_id]['qty']; |
| 30 |
$product_query = tep_db_query("select products_id from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
|
30 |
$product_query = tep_db_query("select products_id from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
| 31 |
if (!tep_db_num_rows($product_query)) { |
|
31 |
if (!tep_db_num_rows($product_query)) { |
| 32 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . $qty . "', '" . date('Ymd') . "')"); |
<> |
32 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . tep_db_input($qty) . "', '" . date('Ymd') . "')"); |
| 33 |
if (isset($this->contents[$products_id]['attributes'])) { |
= |
33 |
if (isset($this->contents[$products_id]['attributes'])) { |
| 34 |
reset($this->contents[$products_id]['attributes']); |
|
34 |
reset($this->contents[$products_id]['attributes']); |
| 35 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
|
35 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
| 36 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " (customers_id, products_id, products_options_id, products_options_value_id) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . (int)$option . "', '" . (int)$value . "')"); |
|
36 |
tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " (customers_id, products_id, products_options_id, products_options_value_id) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . (int)$option . "', '" . (int)$value . "')"); |
| 37 |
} |
|
37 |
} |
| 38 |
} |
|
38 |
} |
| 39 |
} else { |
|
39 |
} else { |
| 40 |
tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . $qty . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
<> |
40 |
tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . tep_db_input($qty) . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'"); |
| 41 |
} |
= |
41 |
} |
| 42 |
} |
|
42 |
} |
| 43 |
} |
|
43 |
} |
| 44 |
|
|
44 |
|
| 45 |
// reset per-session cart contents, but not the database contents |
|
45 |
// reset per-session cart contents, but not the database contents |
| 46 |
$this->reset(false); |
|
46 |
$this->reset(false); |
| |
| 234 |
} |
= |
234 |
} |
| 235 |
|
|
235 |
|
| 236 |
return substr($product_id_list, 2); |
|
236 |
return substr($product_id_list, 2); |
| 237 |
} |
|
237 |
} |
| 238 |
|
|
238 |
|
| 239 |
function calculate() { |
|
239 |
function calculate() { |
| |
|
-+ |
240 |
global $currencies; |
| |
|
|
241 |
|
| 240 |
$this->total = 0; |
= |
242 |
$this->total = 0; |
| 241 |
$this->weight = 0; |
|
243 |
$this->weight = 0; |
| 242 |
if (!is_array($this->contents)) return 0; |
|
244 |
if (!is_array($this->contents)) return 0; |
| 243 |
|
|
245 |
|
| 244 |
reset($this->contents); |
|
246 |
reset($this->contents); |
| 245 |
while (list($products_id, ) = each($this->contents)) { |
|
247 |
while (list($products_id, ) = each($this->contents)) { |
| |
| 256 |
$specials_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$prid . "' and status = '1'"); |
= |
258 |
$specials_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$prid . "' and status = '1'"); |
| 257 |
if (tep_db_num_rows ($specials_query)) { |
|
259 |
if (tep_db_num_rows ($specials_query)) { |
| 258 |
$specials = tep_db_fetch_array($specials_query); |
|
260 |
$specials = tep_db_fetch_array($specials_query); |
| 259 |
$products_price = $specials['specials_new_products_price']; |
|
261 |
$products_price = $specials['specials_new_products_price']; |
| 260 |
} |
|
262 |
} |
| 261 |
|
|
263 |
|
| 262 |
$this->total += tep_add_tax($products_price, $products_tax) * $qty; |
<> |
264 |
$this->total += $currencies->calculate_price($products_price, $products_tax, $qty); |
| 263 |
$this->weight += ($qty * $products_weight); |
= |
265 |
$this->weight += ($qty * $products_weight); |
| 264 |
} |
|
266 |
} |
| 265 |
|
|
267 |
|
| 266 |
// attributes price |
|
268 |
// attributes price |
| 267 |
if (isset($this->contents[$products_id]['attributes'])) { |
|
269 |
if (isset($this->contents[$products_id]['attributes'])) { |
| 268 |
reset($this->contents[$products_id]['attributes']); |
|
270 |
reset($this->contents[$products_id]['attributes']); |
| 269 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
|
271 |
while (list($option, $value) = each($this->contents[$products_id]['attributes'])) { |
| 270 |
$attribute_price_query = tep_db_query("select options_values_price, price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$prid . "' and options_id = '" . (int)$option . "' and options_values_id = '" . (int)$value . "'"); |
|
272 |
$attribute_price_query = tep_db_query("select options_values_price, price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$prid . "' and options_id = '" . (int)$option . "' and options_values_id = '" . (int)$value . "'"); |
| 271 |
$attribute_price = tep_db_fetch_array($attribute_price_query); |
|
273 |
$attribute_price = tep_db_fetch_array($attribute_price_query); |
| 272 |
if ($attribute_price['price_prefix'] == '+') { |
|
274 |
if ($attribute_price['price_prefix'] == '+') { |
| 273 |
$this->total += $qty * tep_add_tax($attribute_price['options_values_price'], $products_tax); |
<> |
275 |
$this->total += $currencies->calculate_price($attribute_price['options_values_price'], $products_tax, $qty); |
| 274 |
} else { |
= |
276 |
} else { |
| 275 |
$this->total -= $qty * tep_add_tax($attribute_price['options_values_price'], $products_tax); |
<> |
277 |
$this->total -= $currencies->calculate_price($attribute_price['options_values_price'], $products_tax, $qty); |
| 276 |
} |
= |
278 |
} |
| 277 |
} |
|
279 |
} |
| 278 |
} |
|
280 |
} |
| 279 |
} |
|
281 |
} |
| 280 |
} |
|
282 |
} |
| 281 |
|
|
283 |
|
| 352 |
} |
= |
352 |
} |
| 353 |
} |
|
353 |
} |
| 354 |
|
|
354 |
|
| 355 |
//// |
|
355 |
//// |
| 356 |
// Add tax to a products price |
|
356 |
// Add tax to a products price |
| 357 |
function tep_add_tax($price, $tax) { |
|
357 |
function tep_add_tax($price, $tax) { |
| 358 |
global $currencies; |
+- |
|
|
| 359 |
|
|
|
|
| 360 |
if ( (DISPLAY_PRICE_WITH_TAX == 'true') && ($tax > 0) ) { |
= |
358 |
if ( (DISPLAY_PRICE_WITH_TAX == 'true') && ($tax > 0) ) { |
| 361 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']) + tep_calculate_tax($price, $tax); |
<> |
359 |
return $price + tep_calculate_tax($price, $tax); |
| 362 |
} else { |
= |
360 |
} else { |
| 363 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
<> |
361 |
return $price; |
| 364 |
} |
= |
362 |
} |
| 365 |
} |
|
363 |
} |
| 366 |
|
|
364 |
|
| 367 |
// Calculates Tax rounding the result |
|
365 |
// Calculates Tax rounding the result |
| 368 |
function tep_calculate_tax($price, $tax) { |
|
366 |
function tep_calculate_tax($price, $tax) { |
| 369 |
global $currencies; |
<> |
367 |
return $price * $tax / 100; |
| 370 |
|
|
|
|
| 371 |
return tep_round($price * $tax / 100, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
|
|
|
| 372 |
} |
= |
368 |
} |
| 373 |
|
|
369 |
|
| 374 |
//// |
|
370 |
//// |
| 375 |
// Return the number of products in a category |
|
371 |
// Return the number of products in a category |
| 376 |
// TABLES: products, products_to_categories, categories |
|
372 |
// TABLES: products, products_to_categories, categories |
| 377 |
function tep_count_products_in_category($category_id, $include_inactive = false) { |
|
373 |
function tep_count_products_in_category($category_id, $include_inactive = false) { |
| 1130 |
return round($value, $precision); |
= |
1130 |
return round($value, $precision); |
| 1131 |
} |
|
1131 |
} |
| 1132 |
} |
|
1132 |
} |
| 1133 |
|
|
1133 |
|
| 1134 |
//// |
|
1134 |
//// |
| 1135 |
// Add tax to a products price |
|
1135 |
// Add tax to a products price |
| 1136 |
function tep_add_tax($price, $tax) { |
<> |
1136 |
function tep_add_tax($price, $tax, $override = false) { |
| 1137 |
global $currencies; |
|
1137 |
if ( ( (DISPLAY_PRICE_WITH_TAX == 'true') || ($override == true) ) && ($tax > 0) ) { |
| 1138 |
|
|
1138 |
return $price + tep_calculate_tax($price, $tax); |
| 1139 |
if (DISPLAY_PRICE_WITH_TAX == 'true') { |
|
|
|
| 1140 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']) + tep_calculate_tax($price, $tax); |
|
|
|
| 1141 |
} else { |
= |
1139 |
} else { |
| 1142 |
return tep_round($price, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
<> |
1140 |
return $price; |
| 1143 |
} |
= |
1141 |
} |
| 1144 |
} |
|
1142 |
} |
| 1145 |
|
|
1143 |
|
| 1146 |
// Calculates Tax rounding the result |
|
1144 |
// Calculates Tax rounding the result |
| 1147 |
function tep_calculate_tax($price, $tax) { |
|
1145 |
function tep_calculate_tax($price, $tax) { |
| 1148 |
global $currencies; |
<> |
1146 |
return $price * $tax / 100; |
| 1149 |
|
|
|
|
| 1150 |
return tep_round($price * $tax / 100, $currencies->currencies[DEFAULT_CURRENCY]['decimal_places']); |
|
|
|
| 1151 |
} |
= |
1147 |
} |
| 1152 |
|
|
1148 |
|
| 1153 |
//// |
|
1149 |
//// |
| 1154 |
// Returns the tax rate for a zone / class |
|
1150 |
// Returns the tax rate for a zone / class |
| 1155 |
// TABLES: tax_rates, zones_to_geo_zones |
|
1151 |
// TABLES: tax_rates, zones_to_geo_zones |
| 1156 |
function tep_get_tax_rate($class_id, $country_id = -1, $zone_id = -1) { |
|
1152 |
function tep_get_tax_rate($class_id, $country_id = -1, $zone_id = -1) { |
| 231 |
} |
= |
231 |
} |
| 232 |
|
|
232 |
|
| 233 |
echo ' </td>' . "\n" . |
|
233 |
echo ' </td>' . "\n" . |
| 234 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n" . |
|
234 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n" . |
| 235 |
' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
|
235 |
' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
| 236 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
|
236 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
| 237 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
<> |
237 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
| 238 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
= |
238 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
| 239 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
<> |
239 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
| 240 |
echo ' </tr>' . "\n"; |
= |
240 |
echo ' </tr>' . "\n"; |
| 241 |
} |
|
241 |
} |
| 242 |
?> |
|
242 |
?> |
| 243 |
<tr> |
|
243 |
<tr> |
| 244 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
|
244 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
| 245 |
<?php |
|
245 |
<?php |
| 114 |
} |
= |
114 |
} |
| 115 |
|
|
115 |
|
| 116 |
echo ' </td>' . "\n" . |
|
116 |
echo ' </td>' . "\n" . |
| 117 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n"; |
|
117 |
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n"; |
| 118 |
echo ' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
|
118 |
echo ' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . |
| 119 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
|
119 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
| 120 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
<> |
120 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true), true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
| 121 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
= |
121 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n" . |
| 122 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
<> |
122 |
' <td class="dataTableContent" align="right" valign="top"><b>' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax'], true) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</b></td>' . "\n"; |
| 123 |
echo ' </tr>' . "\n"; |
= |
123 |
echo ' </tr>' . "\n"; |
| 124 |
} |
|
124 |
} |
| 125 |
?> |
|
125 |
?> |
| 126 |
<tr> |
|
126 |
<tr> |
| 127 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
|
127 |
<td align="right" colspan="8"><table border="0" cellspacing="0" cellpadding="2"> |
| 128 |
<?php |
|
128 |
<?php |
Fix the display of the country name on the order history page.
| 68 |
'company' => $order['customers_company'], |
= |
68 |
'company' => $order['customers_company'], |
| 69 |
'street_address' => $order['customers_street_address'], |
|
69 |
'street_address' => $order['customers_street_address'], |
| 70 |
'suburb' => $order['customers_suburb'], |
|
70 |
'suburb' => $order['customers_suburb'], |
| 71 |
'city' => $order['customers_city'], |
|
71 |
'city' => $order['customers_city'], |
| 72 |
'postcode' => $order['customers_postcode'], |
|
72 |
'postcode' => $order['customers_postcode'], |
| 73 |
'state' => $order['customers_state'], |
|
73 |
'state' => $order['customers_state'], |
| 74 |
'country' => $order['customers_country'], |
<> |
74 |
'country' => array('title' => $order['customers_country']), |
| 75 |
'format_id' => $order['customers_address_format_id'], |
= |
75 |
'format_id' => $order['customers_address_format_id'], |
| 76 |
'telephone' => $order['customers_telephone'], |
|
76 |
'telephone' => $order['customers_telephone'], |
| 77 |
'email_address' => $order['customers_email_address']); |
|
77 |
'email_address' => $order['customers_email_address']); |
| 78 |
|
|
78 |
|
| 79 |
$this->delivery = array('name' => $order['delivery_name'], |
|
79 |
$this->delivery = array('name' => $order['delivery_name'], |
| 80 |
'company' => $order['delivery_company'], |
|
80 |
'company' => $order['delivery_company'], |
| 81 |
'street_address' => $order['delivery_street_address'], |
|
81 |
'street_address' => $order['delivery_street_address'], |
| 82 |
'suburb' => $order['delivery_suburb'], |
|
82 |
'suburb' => $order['delivery_suburb'], |
| 83 |
'city' => $order['delivery_city'], |
|
83 |
'city' => $order['delivery_city'], |
| 84 |
'postcode' => $order['delivery_postcode'], |
|
84 |
'postcode' => $order['delivery_postcode'], |
| 85 |
'state' => $order['delivery_state'], |
|
85 |
'state' => $order['delivery_state'], |
| 86 |
'country' => $order['delivery_country'], |
<> |
86 |
'country' => array('title' => $order['delivery_country']), |
| 87 |
'format_id' => $order['delivery_address_format_id']); |
= |
87 |
'format_id' => $order['delivery_address_format_id']); |
| 88 |
|
|
88 |
|
| 89 |
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { |
|
89 |
if (empty($this->delivery['name']) && empty($this->delivery['street_address'])) { |
| 90 |
$this->delivery = false; |
|
90 |
$this->delivery = false; |
| 91 |
} |
|
91 |
} |
| 92 |
|
|
92 |
|
| |
| 94 |
'company' => $order['billing_company'], |
= |
94 |
'company' => $order['billing_company'], |
| 95 |
'street_address' => $order['billing_street_address'], |
|
95 |
'street_address' => $order['billing_street_address'], |
| 96 |
'suburb' => $order['billing_suburb'], |
|
96 |
'suburb' => $order['billing_suburb'], |
| 97 |
'city' => $order['billing_city'], |
|
97 |
'city' => $order['billing_city'], |
| 98 |
'postcode' => $order['billing_postcode'], |
|
98 |
'postcode' => $order['billing_postcode'], |
| 99 |
'state' => $order['billing_state'], |
|
99 |
'state' => $order['billing_state'], |
| 100 |
'country' => $order['billing_country'], |
<> |
100 |
'country' => array('title' => $order['billing_country']), |
| 101 |
'format_id' => $order['billing_address_format_id']); |
= |
101 |
'format_id' => $order['billing_address_format_id']); |
| 102 |
|
|
102 |
|
| 103 |
$index = 0; |
|
103 |
$index = 0; |
| 104 |
$orders_products_query = tep_db_query("select orders_products_id, products_id, products_name, products_model, products_price, products_tax, products_quantity, final_price from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$order_id . "'"); |
|
104 |
$orders_products_query = tep_db_query("select orders_products_id, products_id, products_name, products_model, products_price, products_tax, products_quantity, final_price from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$order_id . "'"); |
| 105 |
while ($orders_products = tep_db_fetch_array($orders_products_query)) { |
|
105 |
while ($orders_products = tep_db_fetch_array($orders_products_query)) { |
| 106 |
$this->products[$index] = array('qty' => $orders_products['products_quantity'], |
|
106 |
$this->products[$index] = array('qty' => $orders_products['products_quantity'], |
The product quantity is added to the database shopping cart table as an integer so the value in the shopping cart session should also be treated as an integer.
| 103 |
tep_session_register('new_products_id_in_cart'); |
= |
103 |
tep_session_register('new_products_id_in_cart'); |
| 104 |
} |
|
104 |
} |
| 105 |
|
|
105 |
|
| 106 |
if ($this->in_cart($products_id_string)) { |
|
106 |
if ($this->in_cart($products_id_string)) { |
| 107 |
$this->update_quantity($products_id_string, $qty, $attributes); |
|
107 |
$this->update_quantity($products_id_string, $qty, $attributes); |
| 108 |
} else { |
|
108 |
} else { |
| 109 |
$this->contents[$products_id_string] = array('qty' => $qty); |
<> |
109 |
$this->contents[$products_id_string] = array('qty' => (int)$qty); |
| 110 |
// insert into database |
= |
110 |
// insert into database |
| 111 |
if (tep_session_is_registered('customer_id')) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$qty . "', '" . date('Ymd') . "')"); |
|
111 |
if (tep_session_is_registered('customer_id')) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$qty . "', '" . date('Ymd') . "')"); |
| 112 |
|
|
112 |
|
| 113 |
if (is_array($attributes)) { |
|
113 |
if (is_array($attributes)) { |
| 114 |
reset($attributes); |
|
114 |
reset($attributes); |
| 115 |
while (list($option, $value) = each($attributes)) { |
|
115 |
while (list($option, $value) = each($attributes)) { |
| |
| 144 |
break; |
= |
144 |
break; |
| 145 |
} |
|
145 |
} |
| 146 |
} |
|
146 |
} |
| 147 |
} |
|
147 |
} |
| 148 |
|
|
148 |
|
| 149 |
if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity) && ($attributes_pass_check == true)) { |
|
149 |
if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity) && ($attributes_pass_check == true)) { |
| 150 |
$this->contents[$products_id_string] = array('qty' => $quantity); |
<> |
150 |
$this->contents[$products_id_string] = array('qty' => (int)$quantity); |
| 151 |
// update database |
= |
151 |
// update database |
| 152 |
if (tep_session_is_registered('customer_id')) tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . (int)$quantity . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id_string) . "'"); |
|
152 |
if (tep_session_is_registered('customer_id')) tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . (int)$quantity . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id_string) . "'"); |
| 153 |
|
|
153 |
|
| 154 |
if (is_array($attributes)) { |
|
154 |
if (is_array($attributes)) { |
| 155 |
reset($attributes); |
|
155 |
reset($attributes); |
| 156 |
while (list($option, $value) = each($attributes)) { |
|
156 |
while (list($option, $value) = each($attributes)) { |
Add a new configuration parameter to control the maximum quantity number a product can be ordered (default 99).
| 78 |
function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) { |
= |
78 |
function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) { |
| 79 |
global $new_products_id_in_cart, $customer_id; |
|
79 |
global $new_products_id_in_cart, $customer_id; |
| 80 |
|
|
80 |
|
| 81 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
|
81 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
| 82 |
$products_id = tep_get_prid($products_id_string); |
|
82 |
$products_id = tep_get_prid($products_id_string); |
| 83 |
|
|
83 |
|
| |
|
-+ |
84 |
if (defined('MAX_QTY_IN_CART') && (MAX_QTY_IN_CART > 0) && ((int)$qty > MAX_QTY_IN_CART)) { |
| |
|
|
85 |
$qty = MAX_QTY_IN_CART; |
| |
|
|
86 |
} |
| |
|
|
87 |
|
| 84 |
$attributes_pass_check = true; |
= |
88 |
$attributes_pass_check = true; |
| 85 |
|
|
89 |
|
| 86 |
if (is_array($attributes)) { |
|
90 |
if (is_array($attributes)) { |
| 87 |
reset($attributes); |
|
91 |
reset($attributes); |
| 88 |
while (list($option, $value) = each($attributes)) { |
|
92 |
while (list($option, $value) = each($attributes)) { |
| 89 |
if (!is_numeric($option) || !is_numeric($value)) { |
|
93 |
if (!is_numeric($option) || !is_numeric($value)) { |
| |
| 130 |
|
= |
134 |
|
| 131 |
function update_quantity($products_id, $quantity = '', $attributes = '') { |
|
135 |
function update_quantity($products_id, $quantity = '', $attributes = '') { |
| 132 |
global $customer_id; |
|
136 |
global $customer_id; |
| 133 |
|
|
137 |
|
| 134 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
|
138 |
$products_id_string = tep_get_uprid($products_id, $attributes); |
| 135 |
$products_id = tep_get_prid($products_id_string); |
|
139 |
$products_id = tep_get_prid($products_id_string); |
| |
|
-+ |
140 |
|
| |
|
|
141 |
if (defined('MAX_QTY_IN_CART') && (MAX_QTY_IN_CART > 0) && ((int)$quantity > MAX_QTY_IN_CART)) { |
| |
|
|
142 |
$quantity = MAX_QTY_IN_CART; |
| |
|
|
143 |
} |
| 136 |
|
= |
144 |
|
| 137 |
$attributes_pass_check = true; |
|
145 |
$attributes_pass_check = true; |
| 138 |
|
|
146 |
|
| 139 |
if (is_array($attributes)) { |
|
147 |
if (is_array($attributes)) { |
| 140 |
reset($attributes); |
|
148 |
reset($attributes); |
| 141 |
while (list($option, $value) = each($attributes)) { |
|
149 |
while (list($option, $value) = each($attributes)) { |
Improve the logic of accepting state names.
The order total modules should be loaded before the payment modules so the payment modules have access to the order total values.
| 43 |
require(DIR_WS_CLASSES . 'shipping.php'); |
= |
43 |
require(DIR_WS_CLASSES . 'shipping.php'); |
| 44 |
$shipping_modules = new shipping($shipping); |
|
44 |
$shipping_modules = new shipping($shipping); |
| 45 |
|
|
45 |
|
| 46 |
require(DIR_WS_CLASSES . 'order.php'); |
|
46 |
require(DIR_WS_CLASSES . 'order.php'); |
| 47 |
$order = new order; |
|
47 |
$order = new order; |
| 48 |
|
|
48 |
|
| 49 |
// load the before_process function from the payment modules |
+- |
|
|
| 50 |
$payment_modules->before_process(); |
|
|
|
| 51 |
|
|
|
|
| 52 |
require(DIR_WS_CLASSES . 'order_total.php'); |
= |
49 |
require(DIR_WS_CLASSES . 'order_total.php'); |
| 53 |
$order_total_modules = new order_total; |
|
50 |
$order_total_modules = new order_total; |
| 54 |
|
|
51 |
|
| 55 |
$order_totals = $order_total_modules->process(); |
|
52 |
$order_totals = $order_total_modules->process(); |
| |
|
-+ |
53 |
|
| |
|
|
54 |
// load the before_process function from the payment modules |
| |
|
|
55 |
$payment_modules->before_process(); |
| 56 |
|
= |
56 |
|
| 57 |
$sql_data_array = array('customers_id' => $customer_id, |
|
57 |
$sql_data_array = array('customers_id' => $customer_id, |
| 58 |
'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], |
|
58 |
'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], |
| 59 |
'customers_company' => $order->customer['company'], |
|
59 |
'customers_company' => $order->customer['company'], |
| 60 |
'customers_street_address' => $order->customer['street_address'], |
|
60 |
'customers_street_address' => $order->customer['street_address'], |
| 61 |
'customers_suburb' => $order->customer['suburb'], |
|
61 |
'customers_suburb' => $order->customer['suburb'], |
Pass the selected module code to its radio button to have it selected by default if a payment method has already been selected.