description = "Русский (win1251)"; $LangRu->filename = "russian.php"; $LangRu->iso2 = "ru"; $lang_list['ru'] = $LangRu; //ru-utf-8 $LangRuUtf8 = new Language(); $LangRuUtf8->description = "Русский (utf-8)"; $LangRuUtf8->filename = "russian-utf8.php"; $LangRuUtf8->iso2 = "ru-utf8"; $lang_list['ru-utf8'] = $LangRuUtf8; #pl-utf8 $LangPlUtf8 = new Language(); $LangPlUtf8->description = "Polska"; $LangPlUtf8->filename = "polska-utf8.php"; $LangPlUtf8->iso2 = "pl-utf8"; $lang_list['pl-utf8'] = $LangPlUtf8; ?> "text/javascript", "xml" => "text/plain", // In XMLHttpRequest mode we must return text/plain - stupid Opera 8.0. :( "form" => "text/html", "" => "text/plain", // for unknown loader ); // Internal: conversion to UTF-8 JSON cancelled because of non-ascii key. var $_toUtfFailed = false; // Internal: list of characters 128...255 (for strpbrk() ASCII check). var $_nonAsciiChars = ''; // Which Unicode conversion function is available? var $_unicodeConvMethod = null; // Emergency memory buffer to be freed on memory_limit error. var $_emergBuffer = null; /** * Constructor. * * Create new JsHttpRequest backend object and attach it * to script output buffer. As a result - script will always return * correct JavaScript code, even in case of fatal errors. * * QUERY_STRING is in form of: PHPSESSID=&a=aaa&b=bbb&JsHttpRequest=- * where is a request ID, is a loader name, - a session ID (if present), * PHPSESSID - session parameter name (by default = "PHPSESSID"). * * If an object is created WITHOUT an active AJAX query, it is simply marked as * non-active. Use statuc method isActive() to check. */ function JsHttpRequest($enc) { global $JsHttpRequest_Active; // Parse QUERY_STRING. if (preg_match('/^(.*)(?:&|^)JsHttpRequest=(?:(\d+)-)?([^&]+)((?:&|$).*)$/s', @$_SERVER['QUERY_STRING'], $m)) { $this->ID = $m[2]; $this->LOADER = strtolower($m[3]); $_SERVER['QUERY_STRING'] = preg_replace('/^&+|&+$/s', '', preg_replace('/(^|&)'.session_name().'=[^&]*&?/s', '&', $m[1] . $m[4])); unset( $_GET['JsHttpRequest'], $_REQUEST['JsHttpRequest'], $_GET[session_name()], $_POST[session_name()], $_REQUEST[session_name()] ); // Detect Unicode conversion method. $this->_unicodeConvMethod = function_exists('mb_convert_encoding')? 'mb' : (function_exists('iconv')? 'iconv' : null); // Fill an emergency buffer. We erase it at the first line of OB processor // to free some memory. This memory may be used on memory_limit error. $this->_emergBuffer = str_repeat('a', 1024 * 200); // Intercept fatal errors via display_errors (seems it is the only way). $this->_uniqHash = md5('JsHttpRequest' . microtime() . getmypid()); $this->_prevDisplayErrors = ini_get('display_errors'); ini_set('display_errors', $this->_magic); // ini_set('error_prepend_string', $this->_uniqHash . ini_get('error_prepend_string')); ini_set('error_append_string', ini_get('error_append_string') . $this->_uniqHash); // Start OB handling early. ob_start(array(&$this, "_obHandler")); $JsHttpRequest_Active = false; // Set up the encoding. $this->setEncoding($enc); // Check if headers are already sent (see Content-Type library usage). // If true - generate a debug message and exit. $file = $line = null; $headersSent = version_compare(PHP_VERSION, "4.3.0") < 0? headers_sent() : headers_sent($file, $line); if ($headersSent) { trigger_error( "HTTP headers are already sent" . ($line !== null? " in $file on line $line" : " somewhere in the script") . ". " . "Possibly you have an extra space (or a newline) before the first line of the script or any library. " . "Please note that JsHttpRequest uses its own Content-Type header and fails if " . "this header cannot be set. See header() function documentation for more details", E_USER_ERROR ); exit(); } } else { $this->ID = 0; $this->LOADER = 'unknown'; $JsHttpRequest_Active = false; } } /** * Static function. * Returns true if JsHttpRequest output processor is currently active. * * @return boolean True if the library is active, false otherwise. */ function isActive() { return !empty($GLOBALS['JsHttpRequest_Active']); } /** * string getJsCode() * * Return JavaScript part of the library. */ function getJsCode() { return file_get_contents(dirname(__FILE__) . '/JsHttpRequest.js'); } /** * void setEncoding(string $encoding) * * Set an active script encoding & correct QUERY_STRING according to it. * Examples: * "windows-1251" - set plain encoding (non-windows characters, * e.g. hieroglyphs, are totally ignored) * "windows-1251 entities" - set windows encoding, BUT additionally replace: * "&" -> "&" * hieroglyph -> &#XXXX; entity */ function setEncoding($enc) { // Parse an encoding. preg_match('/^(\S*)(?:\s+(\S*))$/', $enc, $p); $this->SCRIPT_ENCODING = strtolower(!empty($p[1])? $p[1] : $enc); $this->SCRIPT_DECODE_MODE = !empty($p[2])? $p[2] : ''; // Manually parse QUERY_STRING because of damned Unicode's %uXXXX. $this->_correctSuperglobals(); } /** * string quoteInput(string $input) * * Quote a string according to the input decoding mode. * If entities are used (see setEncoding()), no '&' character is quoted, * only '"', '>' and '<' (we presume that '&' is already quoted by * an input reader function). * * Use this function INSTEAD of htmlspecialchars() for $_GET data * in your scripts. */ function quoteInput($s) { if ($this->SCRIPT_DECODE_MODE == 'entities') return str_replace(array('"', '<', '>'), array('"', '<', '>'), $s); else return htmlspecialchars($s); } /** * Convert a PHP scalar, array or hash to JS scalar/array/hash. This function is * an analog of json_encode(), but it can work with a non-UTF8 input and does not * analyze the passed data. Output format must be fully JSON compatible. * * @param mixed $a Any structure to convert to JS. * @return string JavaScript equivalent structure. */ function php2js($a=false) { if (is_null($a)) return 'null'; if ($a === false) return 'false'; if ($a === true) return 'true'; if (is_scalar($a)) { if (is_float($a)) { // Always use "." for floats. $a = str_replace(",", ".", strval($a)); } // All scalars are converted to strings to avoid indeterminism. // PHP's "1" and 1 are equal for all PHP operators, but // JS's "1" and 1 are not. So if we pass "1" or 1 from the PHP backend, // we should get the same result in the JS frontend (string). // Character replacements for JSON. static $jsonReplaces = array( array("\\", "/", "\n", "\t", "\r", "\b", "\f", '"'), array('\\\\', '\\/', '\\n', '\\t', '\\r', '\\b', '\\f', '\"') ); return '"' . str_replace($jsonReplaces[0], $jsonReplaces[1], $a) . '"'; } $isList = true; for ($i = 0, reset($a); $i < count($a); $i++, next($a)) { if (key($a) !== $i) { $isList = false; break; } } $result = array(); if ($isList) { foreach ($a as $v) { $result[] = JsHttpRequest::php2js($v); } return '[ ' . join(', ', $result) . ' ]'; } else { foreach ($a as $k => $v) { $result[] = JsHttpRequest::php2js($k) . ': ' . JsHttpRequest::php2js($v); } return '{ ' . join(', ', $result) . ' }'; } } /** * Internal methods. */ /** * Parse & decode QUERY_STRING. */ function _correctSuperglobals() { // In case of FORM loader we may go to nirvana, everything is already parsed by PHP. if ($this->LOADER == 'form') return; // ATTENTION!!! // HTTP_RAW_POST_DATA is only accessible when Content-Type of POST request // is NOT default "application/x-www-form-urlencoded"!!! // Library frontend sets "application/octet-stream" for that purpose, // see JavaScript code. In PHP 5.2.2.HTTP_RAW_POST_DATA is not set sometimes; // in such cases - read the POST data manually from the STDIN stream. $rawPost = strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0? (isset($GLOBALS['HTTP_RAW_POST_DATA'])? $GLOBALS['HTTP_RAW_POST_DATA'] : @file_get_contents("php://input")) : null; $source = array( '_GET' => !empty($_SERVER['QUERY_STRING'])? $_SERVER['QUERY_STRING'] : null, '_POST'=> $rawPost, ); foreach ($source as $dst=>$src) { // First correct all 2-byte entities. $s = preg_replace('/%(?!5B)(?!5D)([0-9a-f]{2})/si', '%u00\\1', $src); // Now we can use standard parse_str() with no worry! $data = null; parse_str($s, $data); $GLOBALS[$dst] = $this->_ucs2EntitiesDecode($data); } $GLOBALS['HTTP_GET_VARS'] = $_GET; // deprecated vars $GLOBALS['HTTP_POST_VARS'] = $_POST; $_REQUEST = (isset($_COOKIE)? $_COOKIE : array()) + (isset($_POST)? $_POST : array()) + (isset($_GET)? $_GET : array()); if (ini_get('register_globals')) { // TODO? } } /** * Called in case of error too! */ function _obHandler($text) { unset($this->_emergBuffer); // free a piece of memory for memory_limit error unset($GLOBALS['JsHttpRequest_Active']); // Check for error & fetch a resulting data. if (preg_match("/{$this->_uniqHash}(.*?){$this->_uniqHash}/sx", $text, $m)) { if (!ini_get('display_errors') || (!$this->_prevDisplayErrors && ini_get('display_errors') == $this->_magic)) { // Display_errors: // 1. disabled manually after the library initialization, or // 2. was initially disabled and is not changed $text = str_replace($m[0], '', $text); // strip whole error message } else { $text = str_replace($this->_uniqHash, '', $text); } } if ($m && preg_match('/\bFatal error(<.*?>)?:/i', $m[1])) { // On fatal errors - force null result (generate 500 error). $this->RESULT = null; } else { // Make a resulting hash. if (!isset($this->RESULT)) { $this->RESULT = isset($GLOBALS['_RESULT'])? $GLOBALS['_RESULT'] : null; } } $encoding = $this->SCRIPT_ENCODING; $result = array( 'id' => $this->ID, 'js' => $this->RESULT, 'text' => $text, ); if (function_exists('array_walk_recursive') && function_exists('json_encode') && $this->_unicodeConvMethod) { $encoding = "UTF-8"; $this->_nonAsciiChars = join("", array_map('chr', range(128, 255))); $this->_toUtfFailed = false; array_walk_recursive($result, array(&$this, '_toUtf8_callback'), $this->SCRIPT_ENCODING); if (!$this->_toUtfFailed) { // If some key contains non-ASCII character, convert everything manually. $text = json_encode($result); } else { $text = $this->php2js($result); } } else { $text = $this->php2js($result); } // Content-type header. // In XMLHttpRequest mode we must return text/plain - damned stupid Opera 8.0. :( $ctype = !empty($this->_contentTypes[$this->LOADER])? $this->_contentTypes[$this->LOADER] : $this->_contentTypes['']; header("Content-type: $ctype; charset=$encoding"); if ($this->LOADER != "xml") { // In non-XML mode we cannot use plain JSON. So - wrap with JS function call. // If top.JsHttpRequestGlobal is not defined, loading is aborted and // iframe is removed, so - do not call dataReady(). $text = "" . ($this->LOADER == "form"? 'top && top.JsHttpRequestGlobal && top.JsHttpRequestGlobal' : 'JsHttpRequest') . ".dataReady(" . $text . ")\n" . ""; if ($this->LOADER == "form") { $text = ''; } } return $text; } /** * Internal function, used in array_walk_recursive() before json_encode() call. * If a key contains non-ASCII characters, this function sets $this->_toUtfFailed = true, * becaues array_walk_recursive() cannot modify array keys. */ function _toUtf8_callback(&$v, $k, $fromEnc) { if ($v === null || is_bool($v)) return; if ($this->_toUtfFailed || !is_scalar($v) || strpbrk($k, $this->_nonAsciiChars) !== false) { $this->_toUtfFailed = true; } else { $v = $this->_unicodeConv($fromEnc, 'UTF-8', $v); } } /** * Decode all %uXXXX entities in string or array (recurrent). * String must not contain %XX entities - they are ignored! */ function _ucs2EntitiesDecode($data) { if (is_array($data)) { $d = array(); foreach ($data as $k=>$v) { $d[$this->_ucs2EntitiesDecode($k)] = $this->_ucs2EntitiesDecode($v); } return $d; } lect filename FROM ".PRODUCT_PICTURES." WHERE photoID=".$product["default_picture"]." AND productID=".$productID); $rowz = db_fetch_row($qz); if (strlen($rowz["filename"])>0 && file_exists( "data/small/".$rowz["filename"])) $content[$i]["product_picture"] = $rowz["filename"]; else $content[$i]["product_picture"] = null; */ $variants = GetConfigurationByItemId( $content[$i]["itemID"] ); $options = GetStrOptions( $variants ); if ( $options != "" ) $content[$i]["name"] = $product["name"]."(".$options.")"; else $content[$i]["name"] = $product["name"]; } $smarty_mail->assign( "content", $content ); $html = $smarty_mail->fetch( "admin_order_notification.tpl.html" ); if (!CONF_ACTIVE_ORDER) xMailHtml(CONF_ORDERS_EMAIL, STRING_ORDER." #".$orderID." - ".CONF_SHOP_NAME, $html); else xMailHtml(CONF_ORDERS_EMAIL, STRING_ORDER." #".$orderID." (".ADMIN_SEND_INACT_ORDER.") - ".CONF_SHOP_NAME, $html); } // ***************************************************************************** // Purpose get order amount // Inputs // $cartContent is result of cartGetCartContent function // Remarks // Returns function ordOrderProcessing( $shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $customers_comment, $cc_number, $cc_holdername, $cc_expires, $cc_cvv, $log, $smarty_mail, $shServiceID = 0) { if ( $log != null ) $customerID = regGetIdByLogin( $log ); else $customerID = NULL; if ( $log != null ) $customerInfo = regGetCustomerInfo2( $log ); else { $customerInfo["first_name"] = $_SESSION["first_name"] ; $customerInfo["last_name"] = $_SESSION["last_name"] ; $customerInfo["Email"] = $_SESSION["email"] ; $customerInfo["affiliationLogin"] = $_SESSION["affiliationLogin"] ; } $order_time = get_current_time(); $frandl = mt_rand(3,999); $order_active_link = md5($order_time).$frandl; $customer_ip = stGetCustomerIP_Address(); if (CONF_ACTIVE_ORDER == 1)$statusID = 0; else $statusID = ostGetNewOrderStatus(); $customer_affiliationLogin = isset($customerInfo["affiliationLogin"])?$customerInfo["affiliationLogin"]:''; $customer_email = $customerInfo["Email"]; $currencyID = currGetCurrentCurrencyUnitID(); if ( $currencyID != 0 ) { $currentCurrency = currGetCurrencyByID( $currencyID ); $currency_code = $currentCurrency["currency_iso_3"]; $currency_value = $currentCurrency["currency_value"]; $currency_round = $currentCurrency["roundval"]; } else { $currency_code = ""; $currency_value = 1; $currency_round = 2; } // get shipping address if ( $shippingAddressID != 0 ) { $shippingAddress = regGetAddress( $shippingAddressID ); $shippingAddressCountry = cnGetCountryById( $shippingAddress["countryID"] ); $shippingAddress["country_name"] = $shippingAddressCountry["country_name"]; } else { $shippingCountryName = cnGetCountryById( $_SESSION["receiver_countryID"] ); $shippingCountryName = $shippingCountryName["country_name"]; $shippingAddress["first_name"] = $_SESSION["receiver_first_name"]; $shippingAddress["last_name"] = $_SESSION["receiver_last_name"]; $shippingAddress["country_name"] = $shippingCountryName; $shippingAddress["state"] = $_SESSION["receiver_state"]; $shippingAddress["city"] = $_SESSION["receiver_city"]; $shippingAddress["address"] = $_SESSION["receiver_address"]; $shippingAddress["zoneID"] = $_SESSION["receiver_zoneID"]; } if ( is_null($shippingAddress["state"]) || trim($shippingAddress["state"])=="" ) { $zone = znGetSingleZoneById( $shippingAddress["zoneID"] ); $shippingAddress["state"] = $zone["zone_name"]; } // get billing address if ( $billingAddressID != 0 ) { $billingAddress = regGetAddress( $billingAddressID ); $billingAddressCountry = cnGetCountryById( $billingAddress["countryID"] ); $billingAddress["country_name"] = $billingAddressCountry["country_name"]; } else { $billingCountryName = cnGetCountryById( $_SESSION["billing_countryID"] ); $billingCountryName = $billingCountryName["country_name"]; $billingAddress["first_name"] = $_SESSION["billing_first_name"]; $billingAddress["last_name"] = $_SESSION["billing_last_name"]; $billingAddress["country_name"] = $billingCountryName; $billingAddress["state"] = $_SESSION["billing_state"]; $billingAddress["city"] = $_SESSION["billing_city"]; $billingAddress["address"] = $_SESSION["billing_address"]; $billingAddress["zoneID"] = $_SESSION["billing_zoneID"]; } if ( is_null($billingAddress["state"]) || trim($billingAddress["state"])=="" ) { $zone = znGetSingleZoneById( $billingAddress["zoneID"] ); $billingAddress["state"] = $zone["zone_name"]; } $cartContent = cartGetCartContent(); if ( $log != null ) $addresses = array( $shippingAddressID, $billingAddressID ); else { $addresses = array( array( "countryID" => $_SESSION["receiver_countryID"], "zoneID" => $_SESSION["receiver_zoneID"]), array( "countryID" => $_SESSION["billing_countryID"], "zoneID" => $_SESSION["billing_zoneID"]) ); } $orderDetails = array ( "first_name" => $shippingAddress["first_name"], "last_name" => $shippingAddress["last_name"], "email" => $customerInfo["Email"], "order_amount" => oaGetOrderAmountExShippingRate( $cartContent, $addresses, $log, FALSE ) ); $shippingMethod = shGetShippingMethodById( $shippingMethodID ); $shipping_email_comments_text = $shippingMethod["email_comments_text"]; $shippingName = $shippingMethod["Name"]; $paymentMethod = payGetPaymentMethodById( $paymentMethodID ); $paymentName = $paymentMethod["Name"]; $payment_email_comments_text = $paymentMethod["email_comments_text"]; if (isset($paymentMethod["calculate_tax"]) && (int)$paymentMethod["calculate_tax"] == 0) { $order_amount = oaGetOrderAmount( $cartContent, $addresses, $shippingMethodID, $log, $orderDetails,TRUE, $shServiceID ); $d = oaGetDiscountPercent( $cartContent, $log ); $tax = 0; $shipping_costUC = oaGetShippingCostTakingIntoTax( $cartContent, $shippingMethodID, $addresses, $orderDetails, FALSE, $shServiceID, TRUE ); $discount_percent = oaGetDiscountPercent( $cartContent, $log ); } else { $order_amount = oaGetOrderAmount( $cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID ); $d = oaGetDiscountPercent( $cartContent, $log ); $tax = oaGetProductTax( $cartContent, $d, $addresses ); $shipping_costUC = oaGetShippingCostTakingIntoTax( $cartContent, $shippingMethodID, $addresses, $orderDetails, TRUE, $shServiceID, TRUE ); $discount_percent = oaGetDiscountPercent( $cartContent, $log ); } $shServiceInfo = ''; if(is_array($shipping_costUC)){ list($shipping_costUC) = $shipping_costUC; $shServiceInfo = $shipping_costUC['name']; $shipping_costUC = $shipping_costUC['rate']; } $paymentMethod = payGetPaymentMethodById( $paymentMethodID ); if ( $paymentMethod ){ $currentPaymentModule = modGetModuleObj( $paymentMethod["module_id"], PAYMENT_MODULE ); }else{ $currentPaymentModule = null; } if ( $currentPaymentModule != null ) { //define order details for payment module $order_payment_details = array( "customer_email" => $customer_email, "customer_ip" => $customer_ip, "order_amount" => $order_amount, "currency_code" => $currency_code, "currency_value" => $currency_value, "shipping_cost" => $shipping_costUC, "order_tax" => $tax, "shipping_info" => $shippingAddress, "billing_info" => $billingAddress ); $process_payment_result = $currentPaymentModule->payment_process( $order_payment_details ); //gets payment processing result if ( !($process_payment_result == 1) ) //error on payment processing { //die ($process_payment_result); if (isset($_POST)) { $_SESSION["order4confirmation_post"] = $_POST; } xSaveData('PaymentError', $process_payment_result); if (!$customerID) { RedirectProtected( "index.php?order4_confirmation_quick=yes". "&shippingMethodID=".$_GET["shippingMethodID"]. "&paymentMethodID=".$_GET["paymentMethodID"]. "&shServiceID=".$shServiceID ); } else { RedirectProtected( "index.php?order4_confirmation=yes". "&shippingAddressID=".$_GET["shippingAddressID"]."&shippingMethodID=".$_GET["shippingMethodID"]. "&billingAddressID=".$_GET["billingAddressID"]."&paymentMethodID=".$_GET["paymentMethodID"]. "&shServiceID=".$shServiceID ); } return false; } } $customerID = (int) $customerID; $sql = "insert into ".ORDERS_TABLE. " ( customerID, ". " order_time, ". " customer_ip, ". " shipping_type, ". " payment_type, ". " customers_comment, ". " statusID, ". " shipping_cost, ". " order_discount, ". " order_amount, ". " currency_code, ". " currency_value, ". " customer_firstname, ". " customer_lastname, ". " customer_email, ". " shipping_firstname, ". " shipping_lastname, ". " shipping_country, ". " shipping_state, ". " shipping_city, ". " shipping_address, ". " billing_firstname, ". " billing_lastname, ". " billing_country, ". " billing_state, ". " billing_city, ". " billing_address, ". " cc_number, ". " cc_holdername, ". " cc_expires, ". " cc_cvv, ". " affiliateID, ". " shippingServiceInfo, ". " custlink, ". " currency_round, ". " paymethod". " ) ". " values ( ". (int)$customerID.", ". "'".xEscSQL($order_time)."', ". "'".xToText($customer_ip)."', ". "'".xToText($shippingName)."', ". "'".xToText($paymentName)."', ". "'".xToText($customers_comment)."', ". (int)$statusID.", ". ( (float) $shipping_costUC ).", ". ( (float) $discount_percent ).", ". ( (float) $order_amount ).", ". "'".xEscSQL($currency_code)."', ". ( (float) $currency_value ).", ". "'".xToText($customerInfo["first_name"])."', ". "'".xToText($customerInfo["last_name"])."', ". "'".xToText($customer_email)."', ". "'".xToText($shippingAddress["first_name"])."', ". "'".xToText($shippingAddress["last_name"])."', ". "'".xToText($shippingAddress["country_name"])."', ". "'".xToText($shippingAddress["state"])."', ". "'".xToText($shippingAddress["city"])."', ". "'".xToText($shippingAddress["address"])."', ". "'".xToText($billingAddress["first_name"])."', ". "'".xToText($billingAddress["last_name"])."', ". "'".xToText($billingAddress["country_name"])."', ". "'".xToText($billingAddress["state"])."', ". "'".xToText($billingAddress["city"])."', ". "'".xToText($billingAddress["address"])."', ". "'".xEscSQL($cc_number)."', ". "'".xToText($cc_holdername)."', ". "'".xEscSQL($cc_expires)."', ". "'".xEscSQL($cc_cvv)."', ". "'".(isset($_SESSION['refid'])?$_SESSION['refid']:regGetIdByLogin($customer_affiliationLogin))."',". "'{$shServiceInfo}', ". "'".xEscSQL($order_active_link)."', ". "'".(int)$currency_round."', ". "'".(int)$paymentMethodID."'". " ) "; db_query($sql); $orderID = db_insert_id( ORDERS_TABLE ); if (!CONF_ACTIVE_ORDER) stChangeOrderStatus($orderID, $statusID); $paymentMethod = payGetPaymentMethodById( $paymentMethodID ); if ( $paymentMethod ){ $currentPaymentModule = modGetModuleObj( $paymentMethod["module_id"], PAYMENT_MODULE ); // $currentPaymentModule = payGetPaymentModuleById( $paymentMethod["module_id"], $paymentModulesFiles ); }else{ $currentPaymentModule = null; } //save shopping cart content to database and update in-stock information if ( $log != null ) { cartMoveContentFromShoppingCartsToOrderedCarts( $orderID, $shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $smarty_mail ); } else //quick checkout { _moveSessionCartContentToOrderedCart( $orderID ); //update in-stock information if ( $statusID != ostGetCanceledStatusId() && CONF_CHECKSTOCK ) { $q1 = db_query("select itemID, Quantity FROM ".ORDERED_CARTS_TABLE." WHERE orderID=".(int)$orderID); while ($item = db_fetch_row($q1)) { $q2 = db_query("select productID FROM ".SHOPPING_CART_ITEMS_TABLE." WHERE itemID=".(int)$item["itemID"]); $pr = db_fetch_row($q2); if ($pr) { db_query( "update ".PRODUCTS_TABLE." set in_stock = in_stock - ".(int)$item["Quantity"]. " where productID=".(int)$pr[0]); $q = db_query("select name, in_stock FROM ".PRODUCTS_TABLE." WHERE productID=".(int)$pr[0]); $productsta = db_fetch_row($q); if ( $productsta[1] == 0){ if (CONF_AUTOOFF_STOCKADMIN) db_query( "update ".PRODUCTS_TABLE." set enabled=0 where productID=".(int)$pr[0]); if (CONF_NOTIFY_STOCKADMIN){ $smarty_mail->assign( "productstaname", $productsta[0] ); $smarty_mail->assign( "productstid", $pr[0] ); $stockadmin = $smarty_mail->fetch( "notify_stockadmin.tpl.html" ); $ressta = xMailHtml(CONF_ORDERS_EMAIL,CUSTOMER_ACTIVATE_99." - ".CONF_SHOP_NAME, $stockadmin); } } } } } //now save registration form aux fields into CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG //for quick checkout orders these fields are stored separately than for registered customer (SS_customers) db_query("delete from ".CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG." where orderID=".(int)$orderID); foreach($_SESSION as $key => $val) { if (strstr($key,"additional_field_") && strlen(trim($val)) > 0) //save information into sessions { $id = (int) str_replace("additional_field_","",$key); if ($id > 0) { db_query("insert into ".CUSTOMER_REG_FIELDS_VALUES_TABLE_QUICKREG." (orderID, reg_field_ID, reg_field_value) values (".(int)$orderID.", ".(int)$id.", '".xToText(trim($val))."');"); } } } } if ( $currentPaymentModule != null ) $currentPaymentModule->after_processing_php( $orderID ); _sendOrderNotifycationToAdmin( $orderID, $smarty_mail, $tax ); _sendOrderNotifycationToCustomer( $orderID, $smarty_mail, $customerInfo["Email"], $log, $payment_email_comments_text, $shipping_email_comments_text, $tax, $order_active_link ); if ( $log == null ) _quickOrderUnsetSession(); unset($_SESSION["order4confirmation_post"]); return $orderID; } function _setHyphen( & $str ) { if ( trim($str) == "" || $str == null ) $str = "-"; } // ***************************************************************************** // Purpose get order by id // Inputs // Remarks // Returns function ordGetOrder( $orderID ) { $q = db_query( "select orderID, customerID, order_time, customer_ip, ". " shipping_type, payment_type, customers_comment, ". " statusID, shipping_cost, order_discount, order_amount, ". " currency_code, currency_value, customer_firstname, customer_lastname, ". " customer_email, shipping_firstname, shipping_lastname, ". " shipping_country, shipping_state, shipping_city, ". " shipping_address, billing_firstname, billing_lastname, billing_country, ". " billing_state, billing_city, billing_address, ". " cc_number, cc_holdername, cc_expires, cc_cvv, affiliateID, shippingServiceInfo, currency_round from ".ORDERS_TABLE." where orderID=".(int)$orderID); $order = db_fetch_row($q); if ( $order ) { /*_setHyphen( $order["shipping_firstname"] ); _setHyphen( $order["customer_lastname"] ); _setHyphen( $order["customer_email"] ); _setHyphen( $order["shipping_firstname"] ); _setHyphen( $order["shipping_lastname"] ); _setHyphen( $order["shipping_country"] ); _setHyphen( $order["shipping_state"] ); _setHyphen( $order["shipping_city"] ); _setHyphen( $order["shipping_address"] ); _setHyphen( $order["billing_firstname"] ); _setHyphen( $order["billing_lastname"] ); _setHyphen( $order["billing_country"] ); _setHyphen( $order["billing_state"] ); _setHyphen( $order["billing_city"] ); _setHyphen( $order["billing_address"] );*/ $order["shipping_address"] = chop($order["shipping_address"]); $order["billing_address"] = chop($order["billing_address"]); //CC data if (CONF_BACKEND_SAFEMODE) { $order["cc_number"] = ADMIN_SAFEMODE_BLOCKED; $order["cc_holdername"] = ADMIN_SAFEMODE_BLOCKED; $order["cc_expires"] = ADMIN_SAFEMODE_BLOCKED; $order["cc_cvv"] = ADMIN_SAFEMODE_BLOCKED; } else { if (strlen($order["cc_number"])>0) $order["cc_number"] = cryptCCNumberDeCrypt($order["cc_number"],null); if (strlen($order["cc_holdername"])>0) $order["cc_holdername"] = cryptCCHoldernameDeCrypt($order["cc_holdername"],null); if (strlen($order["cc_expires"])>0) $order["cc_expires"] = cryptCCExpiresDeCrypt($order["cc_expires"],null); if (strlen($order["cc_cvv"])>0) $order["cc_cvv"] = cryptCCNumberDeCrypt($order["cc_cvv"],null); } //additional reg fields $addregfields = GetRegFieldsValuesByOrderID( $orderID ); $order["reg_fields_values"] = $addregfields; $q_status_name = db_query( "select status_name from ".ORDER_STATUES_TABLE." where statusID=".(int)$order["statusID"] ); $status_name = db_fetch_row( $q_status_name ); $status_name = $status_name[0]; if ( $order["statusID"] == ostGetCanceledStatusId() ) $status_name = STRING_CANCELED_ORDER_STATUS; // clear cost ( without shipping, discount, tax ) $q1 = db_query( "select Price, Quantity from ".ORDERED_CARTS_TABLE." where orderID=".(int)$orderID); $clear_total_price = 0; while( $row=db_fetch_row($q1) ) $clear_total_price += $row["Price"]*$row["Quantity"]; $currency_round = $order["currency_round"]; $order["clear_total_priceToShow"] = _formatPrice(roundf($order["currency_value"]*$clear_total_price),$currency_round)." ".$order["currency_code"]; $order["order_discount_ToShow"] = _formatPrice(roundf($order["currency_value"]*$clear_total_price*((100-$order["order_discount"])/100)),$currency_round)." ".$order["currency_code"]; $order["shipping_costToShow"] = _formatPrice(roundf($order["currency_value"]*$order["shipping_cost"]),$currency_round)." ".$order["currency_code"]; $order["order_amountToShow"] = _formatPrice(roundf($order["currency_value"]*$order["order_amount"]),$currency_round)." ".$order["currency_code"]; $order["order_time_mysql"] = $order["order_time"]; $order["order_time"] = format_datetime( $order["order_time"] ); $order["status_name"] = $status_name; } return $order; } function ordGetOrderContent( $orderID ) { $q = db_query( "select name, Price, Quantity, tax, load_counter, itemID from ".ORDERED_CARTS_TABLE." where orderID=".(int)$orderID ); $q_order = db_query( "select currency_code, currency_value, customerID, order_time, currency_round from ".ORDERS_TABLE." where orderID=".(int)$orderID); $order = db_fetch_row($q_order); $currency_code = $order["currency_code"]; $currency_value = $order["currency_value"]; $currency_round = $order["currency_round"]; $data = array(); while( $row=db_fetch_row($q) ) { $productID = GetProductIdByItemId( $row["itemID"] ); $row["pr_item"] = $productID; $product = GetProduct( $productID ); if ( $product["eproduct_filename"] != null && $product["eproduct_filename"] != "" ) { if ( file_exists("core/files/".$product["eproduct_filename"]) ) { $row["eproduct_filename"] = $product["eproduct_filename"]; $row["file_size"] = (string) round(filesize("core/files/".$product["eproduct_filename"]) / 1048576, 3); if ( $order["customerID"] != null ) { $custID = $order["customerID"]; } else { $custID = -1; } $row["getFileParam"] = "orderID=".$orderID."&". "productID=".$productID."&". "customerID=".$custID; //additional security for non authorized customers if ($custID == -1) { $row["getFileParam"] .= "&order_time=".base64_encode($order["order_time"]); } $row["getFileParam"] = cryptFileParamCrypt( $row["getFileParam"], null ); $row["load_counter_remainder"] = $product["eproduct_download_times"] - $row["load_counter"]; $currentDate = dtGetParsedDateTime( get_current_time() ); $betweenDay = _getDayBetweenDate( dtGetParsedDateTime( $order["order_time"] ), $currentDate ); $row["day_count_remainder"] = $product["eproduct_available_days"] - $betweenDay; } } $row["PriceToShow"] = _formatPrice(roundf($currency_value*$row["Price"]*$row["Quantity"]),$currency_round)." ".$currency_code; $row["PriceOne"] = _formatPrice(roundf($currency_value*$row["Price"]),$currency_round)." ".$currency_code; $data[] = $row; } return $data; } // ***************************************************************************** // Purpose deletes order // Inputs // Remarks this function deletes canceled orders only // Returns function ordDeleteOrder( $orderID ) { $q = db_query( "select statusID from ".ORDERS_TABLE." where orderID=".(int)$orderID ); $row = db_fetch_row( $q ); if ( $row["statusID"] != ostGetCanceledStatusId() ) return; db_query( "delete from ".ORDERED_CARTS_TABLE." where orderID=".(int)$orderID); db_query( "delete from ".ORDERS_TABLE." where orderID=".(int)$orderID); db_query( "delete from ".ORDER_STATUS_CHANGE_LOG_TABLE." where orderID=".(int)$orderID); } function DelOrdersBySDL( $statusdel ) { $q = db_query( "select orderID from ".ORDERS_TABLE." where statusID=".(int)$statusdel ); while( $row = db_fetch_row( $q ) ) { db_query( "delete from ".ORDERED_CARTS_TABLE." where orderID=".(int)$row["orderID"] ); db_query( "delete from ".ORDERS_TABLE." where orderID=".(int)$row["orderID"] ); db_query( "delete from ".ORDER_STATUS_CHANGE_LOG_TABLE." where orderID=".(int)$row["orderID"] ); } } // ***************************************************************************** // Purpose gets summarize order info to // Inputs // Remarks // Returns function getOrderSummarize( $shippingMethodID, $paymentMethodID, $shippingAddressID, $billingAddressID, $shippingModuleFiles, $paymentModulesFiles, $shServiceID = 0 ) { // result this function $sumOrderContent = array(); $q = db_query( "select email_comments_text from ".PAYMENT_TYPES_TABLE." where PID=".(int)$paymentMethodID ); $payment_email_comments_text = db_fetch_row( $q ); $payment_email_comments_text = $payment_email_comments_text[0]; $q = db_query( "select email_comments_text from ".SHIPPING_METHODS_TABLE." where SID=".(int)$shippingMethodID ); $shipping_email_comments_text = db_fetch_row( $q ); $shipping_email_comments_text = $shipping_email_comments_text[0]; $cartContent = cartGetCartContent(); $pred_total = oaGetClearPrice( $cartContent ); if ( isset($_SESSION["log"]) ) $log = $_SESSION["log"]; else $log = null; $d = oaGetDiscountPercent( $cartContent, $log ); $discount = $pred_total/100*$d; // ordering with registration if ( $shippingAddressID != 0 || isset($log) ) { $addresses = array($shippingAddressID, $billingAddressID); $shipping_address = regGetAddressStr($shippingAddressID); $billing_address = regGetAddressStr($billingAddressID); $shaddr = regGetAddress($shippingAddressID); $sh_firstname = $shaddr["first_name"]; $sh_lastname = $shaddr["last_name"]; } else //quick checkout { if (!isset($_SESSION["receiver_countryID"]) || !isset($_SESSION["receiver_zoneID"])) return NULL; $shippingAddress = array( "countryID" => $_SESSION["receiver_countryID"], "zoneID" => $_SESSION["receiver_zoneID"]); $billingAddress = array( "countryID" => $_SESSION["billing_countryID"], "zoneID" => $_SESSION["billing_zoneID"]); $addresses = array( $shippingAddress, $billingAddress ); $shipping_address = quickOrderGetReceiverAddressStr(); $billing_address = quickOrderGetBillingAddressStr(); $sh_firstname = $_SESSION["receiver_first_name"]; $sh_lastname = $_SESSION["receiver_last_name"]; } foreach( $cartContent["cart_content"] as $cartItem ) { // if conventional ordering if ( $shippingAddressID != 0 ) { $productID = GetProductIdByItemId( $cartItem["id"] ); $cartItem["tax"] = taxCalculateTax( $productID, $addresses[0], $addresses[1] ); } else // if quick ordering { $productID = $cartItem["id"]; $cartItem["tax"] = taxCalculateTax2( $productID, $addresses[0], $addresses[1] ); } $sumOrderContent[] = $cartItem; } $shipping_method = shGetShippingMethodById( $shippingMethodID ); if ( !$shipping_method ) $shipping_name = "-"; else $shipping_name = $shipping_method["Name"]; $payment_method = payGetPaymentMethodById($paymentMethodID); if ( !$payment_method ) $payment_name = "-"; else $payment_name = $payment_method["Name"]; //do not calculate tax for this payment type! if (isset($payment_method["calculate_tax"]) && (int)$payment_method["calculate_tax"]==0) { foreach( $sumOrderContent as $key => $val ) { $sumOrderContent[ $key ] ["tax"] = 0; } $orderDetails = array ( "first_name" => $sh_firstname, "last_name" => $sh_lastname, "email" => "", "order_amount" => oaGetOrderAmountExShippingRate( $cartContent, $addresses, $log, FALSE, $shServiceID ) ); $tax = 0; $total = oaGetOrderAmount( $cartContent, $addresses, $shippingMethodID, $log, $orderDetails, FALSE, $shServiceID ); $shipping_cost = oaGetShippingCostTakingIntoTax( $cartContent, $shippingMethodID, $addresses, $orderDetails, FALSE, $shServiceID ); } else { $orderDetails = array ( "first_name" => $sh_firstname, "last_name" => $sh_lastname, "email" => "", "order_amount" => oaGetOrderAmountExShippingRate( $cartContent, $addresses, $log, FALSE ) ); $tax = oaGetProductTax( $cartContent, $d, $addresses ); $total = oaGetOrderAmount( $cartContent, $addresses, $shippingMethodID, $log, $orderDetails, TRUE, $shServiceID ); $shipping_cost = oaGetShippingCostTakingIntoTax( $cartContent, $shippingMethodID, $addresses, $orderDetails, TRUE, $shServiceID ); } $tServiceInfo = null; if(is_array($shipping_cost)){ $_T = array_shift($shipping_cost); $tServiceInfo = $_T['name']; $shipping_cost = $_T['rate']; } $payment_form_html = ""; $paymentModule = modGetModuleObj($payment_method["module_id"], PAYMENT_MODULE); if($paymentModule){ $order = array(); $address = array(); if ( $shippingAddressID != 0 ){ $payment_form_html = $paymentModule->payment_form_html(array('BillingAddressID'=>$billingAddressID)); }else{ $payment_form_html = $paymentModule->payment_form_html(array( 'countryID' => $_SESSION['billing_countryID'], 'zoneID' => $_SESSION['billing_zoneID'], 'first_name' => $_SESSION["billing_first_name"], 'last_name' => $_SESSION["billing_last_name"], 'city' => $_SESSION["billing_city"], 'address' => $_SESSION["billing_address"], )); } } return array( "sumOrderContent" => $sumOrderContent, "discount" => $discount, "discount_percent" => $d, "discount_show" => show_price($discount), "pred_total_disc" => show_price(($pred_total*((100-$d)/100))), "pred_total" => show_price($pred_total), "totalTax" => show_price($tax), "totalTaxUC" => $tax, "shipping_address" => $shipping_address, "billing_address" => $billing_address, "shipping_name" => $shipping_name, "payment_name" => $payment_name, "shipping_cost" => show_price($shipping_cost), "shipping_costUC" => $shipping_cost, "payment_form_html" => $payment_form_html, "total" => show_price($total), "totalUC" => $total, "payment_email_comments_text" => $payment_email_comments_text, "shipping_email_comments_text" => $shipping_email_comments_text, "orderContentCartProductsCount" => count($sumOrderContent), "shippingServiceInfo" => $tServiceInfo); } function mycal_days_in_month( $calendar, $month, $year ) { $month = (int)$month; $year = (int)$year; if ( 1 > $month || $month > 12 ) return 0; if ( $month==1 || $month==3 || $month==5 || $month==7 || $month==8 || $month==10 || $month==12 ) return 31; else { if ( $month==2 && $year % 4 == 0 ) return 29; else if ( $month==2 && $year % 4 != 0 ) return 28; else return 30; } } function _getCountDay( $date ) { $countDay = 0; for( $year=1900; $year<$date["year"]; $year++ ) { for( $month=1; $month <= 12; $month++ ) $countDay += mycal_days_in_month(CAL_GREGORIAN, $month, $year); } for( $month=1; $month < $date["month"]; $month++ ) $countDay += mycal_days_in_month(CAL_GREGORIAN, $month, $date["year"]); $countDay += $date["day"]; return $countDay; } // ***************************************************************************** // Purpose gets address string // Inputs $date array of item // "day" // "month" // "year" // $date2 must be more later $date1 // Remarks // Returns function _getDayBetweenDate( $date1, $date2 ) { if ( $date1["year"] > $date2["year"] ) return -1; if ( $date1["year"]==$date2["year"] && $date1["month"]>$date2["month"] ) return -1; if ( $date1["year"]==$date2["year"] && $date1["month"]==$date2["month"] && $date1["day"] > $date2["day"] ) return -1; return _getCountDay( $date2 ) - _getCountDay( $date1 ); } // ***************************************************************************** // Purpose // Inputs // Remarks // Returns // -1 access denied // 0 success, access granted and load_counter has been incremented // 1 access granted but count downloading is exceeded eproduct_download_times in PRODUCTS_TABLE // 2 access granted but available days are exhausted to download product // 3 it is not downloadable product // 4 order is not ready function ordAccessToLoadFile( $orderID, $productID, & $pathToProductFile, & $productFileShortName ) { $order = ordGetOrder($orderID); $product = GetProduct( $productID ); if ( strlen($product["eproduct_filename"]) == 0 || !file_exists("core/files/".$product["eproduct_filename"]) || $product["eproduct_filename"] == null ) { return 4; } if ( (int)$order["statusID"] != (int)ostGetCompletedOrderStatus() ) return 3; $orderContent = ordGetOrderContent( $orderID ); foreach( $orderContent as $item ) { if ( GetProductIdByItemId($item["itemID"]) == $productID ) { if ( $item["load_counter"] < $product["eproduct_download_times"] || $product["eproduct_download_times"] == 0 ) { $date1 = dtGetParsedDateTime( $order["order_time_mysql"] ); //$order["order_time"] $date2 = dtGetParsedDateTime( get_current_time() ); $countDay = _getDayBetweenDate( $date1, $date2 ); if ( $countDay>=$product["eproduct_available_days"] ) return 2; if ( $product["eproduct_download_times"] != 0 ) { db_query( "update ".ORDERED_CARTS_TABLE. " set load_counter=load_counter+1 ". " where itemID=".(int)$item["itemID"]." AND orderID=".(int)$orderID ); } $pathToProductFile = "core/files/".$product["eproduct_filename"]; $productFileShortName = $product["eproduct_filename"]; return 0; } else return 1; } } return -1; } ?>