/wp-content/plugins/wp-shopping-cart/processing_functions.php

https://github.com/alx/barceloneta · PHP · 1082 lines · 850 code · 101 blank · 131 comment · 259 complexity · b701deed10a3edbef4d834420e33af5a MD5 · raw file

  1. <?php
  2. function nzshpcrt_overall_total_price($country_code = null, $for_display = false, $no_discount = false, $total_checkbox=0) {
  3. /*
  4. * Determines the total in the shopping cart, adds the tax and shipping if a country code is supplied and adds the discount of a coupon code is present
  5. * Adds a dollar sign and information if there is no tax and shipping if $for_display is true
  6. */
  7. global $wpdb;
  8. $cart =& $_SESSION['nzshpcrt_cart'];
  9. $total_quantity =0;
  10. $total_weight = 0;
  11. $all_donations = true;
  12. $all_no_shipping = true;
  13. foreach($cart as $cart_item) {
  14. $product_id = $cart_item->product_id;
  15. $quantity = $cart_item->quantity;
  16. $product_variations = $cart_item->product_variations;
  17. $extras = $cart_item->extras;
  18. $extras_count=count($extras);
  19. $raw_price = 0;
  20. $variation_count = count($product_variations);
  21. if($variation_count > 0) {
  22. foreach($product_variations as $product_variation) {
  23. $value_id = $product_variation;
  24. $value_data = $wpdb->get_results("SELECT * FROM `".$wpdb->prefix."variation_values` WHERE `id`='".$value_id."' LIMIT 1",ARRAY_A);
  25. }
  26. }
  27. //$total_quantity += $quantity;
  28. $sql = "SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id` = '$product_id' LIMIT 1";
  29. $product = $wpdb->get_row($sql,ARRAY_A);
  30. if($product['donation'] == 1) {
  31. $price = $quantity * $cart_item->donation_price;
  32. } else {
  33. $price = $quantity * calculate_product_price($product_id, $product_variations,'stay',$extras);
  34. if($country_code != null) {
  35. if($product['notax'] != 1) {
  36. $price = nzshpcrt_calculate_tax($price, $_SESSION['selected_country'], $_SESSION['selected_region']);
  37. }
  38. $shipping = nzshpcrt_determine_item_shipping($product_id, $quantity, $country_code);
  39. $price += $shipping;
  40. }
  41. $all_donations = false;
  42. }
  43. if($product['no_shipping'] != 1) {
  44. $all_no_shipping = false;
  45. }
  46. $total += $price;
  47. }
  48. if(($country_code != null) && ($all_donations == false) && ($all_no_shipping == false)) {
  49. //echo $_SESSION['selected_country'];
  50. //exit(nzshpcrt_determine_base_shipping(0, $country_code));
  51. $total += nzshpcrt_determine_base_shipping(0, $_SESSION['delivery_country']);
  52. }
  53. if(!empty($_SESSION['coupon_num']) && ($no_discount !== true)){
  54. $total += nzshpcrt_apply_coupon($total,$_SESSION['coupon_num']) - $total ;
  55. }
  56. if($for_display === true) {
  57. $total = nzshpcrt_currency_display($total,1);
  58. if(($country_code == null) && (get_option('add_plustax') == 1)) {
  59. $total .= "<span class='pluspostagetax'> + ".TXT_WPSC_POSTAGE_AND_TAX."</span>";
  60. }
  61. }
  62. return $total;
  63. }
  64. //written by allen
  65. function nzshpcrt_overall_total_price_numeric($country_code = null, $for_display = false)
  66. {
  67. /*
  68. * Determines the total in the shopping cart, adds the tax and shipping if a country code is supplied
  69. * Adds a dollar sign and information if there is no tax and shipping if $for_display is true
  70. */
  71. global $wpdb;
  72. $cart =& $_SESSION['nzshpcrt_cart'];
  73. $total_quantity =0;
  74. $total_weight = 0;
  75. $all_donations = true;
  76. $all_no_shipping = true;
  77. foreach($cart as $cart_item)
  78. {
  79. $product_id = $cart_item->product_id;
  80. $quantity = $cart_item->quantity;
  81. $product_variations = $cart_item->product_variations;
  82. $raw_price = 0;
  83. $variation_count = count($product_variations);
  84. if($variation_count > 0)
  85. {
  86. foreach($product_variations as $product_variation)
  87. {
  88. $value_id = $product_variation;
  89. $value_data = $wpdb->get_results("SELECT * FROM `".$wpdb->prefix."variation_values` WHERE `id`='".$value_id."' LIMIT 1",ARRAY_A);
  90. }
  91. }
  92. //$total_quantity += $quantity;
  93. $sql = "SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id` = '$product_id' LIMIT 1";
  94. $product = $wpdb->get_row($sql,ARRAY_A);
  95. if($product['donation'] == 1)
  96. {
  97. $price = $quantity * $cart_item->donation_price;
  98. }
  99. else
  100. {
  101. $price = $quantity * calculate_product_price($product_id, $product_variations);
  102. if($country_code != null)
  103. {
  104. if($product['notax'] != 1)
  105. {
  106. $price = nzshpcrt_calculate_tax($price, $_SESSION['selected_country'], $_SESSION['selected_region']);
  107. }
  108. $shipping = nzshpcrt_determine_item_shipping($product_id, $quantity, $country_code);
  109. $price += $shipping;
  110. }
  111. $all_donations = false;
  112. }
  113. if($product['no_shipping'] != 1) {
  114. $all_no_shipping = false;
  115. }
  116. $total += $price;
  117. }
  118. if(($country_code != null) && ($all_donations == false) && ($all_no_shipping == false)) {
  119. $total += nzshpcrt_determine_base_shipping(0, $country_code);
  120. }
  121. return $total;
  122. }
  123. //end of written by allen
  124. function nzshpcrt_calculate_tax($price, $country, $region)
  125. {
  126. global $wpdb;
  127. $country_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."currency_list` WHERE `isocode` IN('".get_option('base_country')."') LIMIT 1",ARRAY_A);
  128. if(($country_data['has_regions'] == 1))
  129. {
  130. $region_data = $wpdb->get_row("SELECT `".$wpdb->prefix."region_tax`.* FROM `".$wpdb->prefix."region_tax` WHERE `".$wpdb->prefix."region_tax`.`country_id` IN('".$country_data['id']."') AND `".$wpdb->prefix."region_tax`.`id` IN('".$region."') ",ARRAY_A) ;
  131. $tax_percentage = $region_data['tax'];
  132. }
  133. else
  134. {
  135. $tax_percentage = $country_data['tax'];
  136. }
  137. $add_tax = false;
  138. if($country == get_option('base_country'))
  139. {
  140. $add_tax = true;
  141. }
  142. if($add_tax === true)
  143. {
  144. $price = $price * (1 + ($tax_percentage/100));
  145. }
  146. return $price;
  147. }
  148. function nzshpcrt_find_total_price($purchase_id,$country_code)
  149. {
  150. global $wpdb;
  151. if(is_numeric($purchase_id))
  152. {
  153. $purch_sql = "SELECT * FROM `".$wpdb->prefix."purchase_logs` WHERE `id`='".$purchase_id."'";
  154. $purch_data = $wpdb->get_row($purch_sql,ARRAY_A) ;
  155. $cartsql = "SELECT * FROM `".$wpdb->prefix."cart_contents` WHERE `purchaseid`=".$purchase_id."";
  156. $cart_log = $wpdb->get_results($cartsql,ARRAY_A) ;
  157. if($cart_log != null)
  158. {
  159. $all_donations = true;
  160. $all_no_shipping = true;
  161. foreach($cart_log as $cart_row)
  162. {
  163. $productsql= "SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id`=".$cart_row['prodid']."";
  164. $product_data = $wpdb->get_results($productsql,ARRAY_A);
  165. $variation_sql = "SELECT * FROM `".$wpdb->prefix."cart_item_variations` WHERE `cart_id`='".$cart_row['id']."'";
  166. $variation_data = $wpdb->get_results($variation_sql,ARRAY_A);
  167. $variation_count = count($variation_data);
  168. $price = ($cart_row['price'] * $cart_row['quantity']);
  169. if($purch_data['shipping_country'] != '')
  170. {
  171. $country_code = $purch_data['shipping_country'];
  172. }
  173. if($cart_row['donation'] == 1) {
  174. $shipping = 0;
  175. } else {
  176. $all_donations = false;
  177. }
  178. if($cart_row['no_shipping'] == 1) {
  179. $shipping = 0;
  180. } else {
  181. $all_no_shipping = false;
  182. }
  183. if(($cart_row['donation'] != 1) && ($cart_row['no_shipping'] != 1)) {
  184. $shipping = nzshpcrt_determine_item_shipping($cart_row['prodid'], $cart_row['quantity'], $country_code);
  185. }
  186. $endtotal += $shipping + $price;
  187. }
  188. if(($all_donations == false) && ($all_no_shipping == false)){
  189. if($purch_data['base_shipping'] > 0) {
  190. $base_shipping = $purch_data['base_shipping'];
  191. } else {
  192. $base_shipping = nzshpcrt_determine_base_shipping(0, $country_code);
  193. }
  194. $endtotal += $base_shipping;
  195. }
  196. if($purch_data['discount_value'] > 0) {
  197. $endtotal -= $purch_data['discount_value'];
  198. if($endtotal < 0) {
  199. $endtotal = 0;
  200. }
  201. }
  202. }
  203. return $endtotal;
  204. }
  205. }
  206. //written by Allen
  207. function nzshpcrt_apply_coupon($price,$coupon_num){
  208. global $wpdb;
  209. $now = date("Y-m-d H:i:s");
  210. $now = strtotime($now);
  211. //echo $now;
  212. if ($coupon_num!=NULL) {
  213. $coupon_sql = "SELECT * FROM `".$wpdb->prefix."wpsc_coupon_codes` WHERE coupon_code='".$coupon_num."' LIMIT 1";
  214. $coupon_data = $wpdb->get_results($coupon_sql,ARRAY_A);
  215. $coupon_data = $coupon_data[0];
  216. }
  217. if ( ($coupon_data['active']=='1') && !(($coupon_data['use_once']=='1') && ($coupon_data['is_used']=='1'))){
  218. if ((strtotime($coupon_data['start']) < $now)&&(strtotime($coupon_data['expiry']) > $now)){
  219. if ($coupon_data['is-percentage']=='1'){
  220. $price = $price*(1-$coupon_data['value']/100);
  221. } else {
  222. if ($coupon_data['every_product']=='1') {
  223. $cart = $_SESSION['nzshpcrt_cart'];
  224. $total_quantity=0;
  225. foreach($cart as $product) {
  226. $total_quantity+=$product->quantity;
  227. }
  228. $price = $price-$coupon_data['value']*$total_quantity;
  229. } else {
  230. $price = $price-$coupon_data['value'];
  231. }
  232. }
  233. } else {
  234. return $price;
  235. }
  236. }
  237. if($price<0){
  238. $price = 0;
  239. }
  240. return $price;
  241. }
  242. //End of written by Allen
  243. function nzshpcrt_determine_base_shipping($per_item_shipping, $country_code) {
  244. global $wpdb;
  245. if(get_option('do_not_use_shipping') != 1) {
  246. if($country_code == get_option('base_country')) {
  247. $base_shipping = get_option('base_local_shipping');
  248. } else {
  249. $base_shipping = get_option('base_international_shipping');
  250. }
  251. $shipping = $base_shipping + $per_item_shipping;
  252. } else {
  253. $shipping = 0;
  254. }
  255. return $shipping;
  256. }
  257. function nzshpcrt_determine_item_shipping($product_id, $quantity, $country_code) {
  258. global $wpdb;
  259. if(is_numeric($product_id) && (get_option('do_not_use_shipping') != 1)) {
  260. $sql = "SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id`='$product_id' LIMIT 1";
  261. $product_list = $wpdb->get_row($sql,ARRAY_A) ;
  262. if($product_list['no_shipping'] == 0) {
  263. //if the item has shipping
  264. if($country_code == get_option('base_country')) {
  265. $additional_shipping = $product_list['pnp'];
  266. } else {
  267. $additional_shipping = $product_list['international_pnp'];
  268. }
  269. $shipping = $quantity * $additional_shipping;
  270. } else {
  271. //if the item does not have shipping
  272. $shipping = 0;
  273. }
  274. } else {
  275. //if the item is invalid or all items do not have shipping
  276. $shipping = 0;
  277. }
  278. return $shipping;
  279. }
  280. function nzshpcrt_currency_display($price_in, $tax_status, $nohtml = false, $id = false, $no_dollar_sign = false)
  281. {
  282. /*
  283. * This now ignores tax status, but removing it entirely will probably have to wait for the inevitable yet indefinately delayed total rewrite, woot
  284. */
  285. global $wpdb;
  286. $currency_sign_location = get_option('currency_sign_location');
  287. $currency_type = get_option('currency_type');
  288. $currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `".$wpdb->prefix."currency_list` WHERE `id`='".$currency_type."' LIMIT 1",ARRAY_A) ;
  289. $price_out = null;
  290. $currency_sign_location = get_option('currency_sign_location');
  291. $currency_type = get_option('currency_type');
  292. $currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `".$wpdb->prefix."currency_list` WHERE `id`='".$currency_type."' LIMIT 1",ARRAY_A) ;
  293. $price_out = null;
  294. if(is_numeric($id))
  295. {
  296. }
  297. $price_out = number_format($price_in, 2, '.', ',');
  298. if($currency_data[0]['symbol'] != '')
  299. {
  300. if($nohtml == false)
  301. {
  302. $currency_sign = $currency_data[0]['symbol_html'];
  303. }
  304. else
  305. {
  306. $currency_sign = $currency_data[0]['symbol'];
  307. }
  308. }
  309. else
  310. {
  311. $currency_sign = $currency_data[0]['code'];
  312. }
  313. switch($currency_sign_location)
  314. {
  315. case 1:
  316. $output = $price_out.$currency_sign;
  317. break;
  318. case 2:
  319. $output = $price_out.' '.$currency_sign;
  320. break;
  321. case 3:
  322. $output = $currency_sign.$price_out;
  323. break;
  324. case 4:
  325. $output = $currency_sign.' '.$price_out;
  326. break;
  327. }
  328. if($nohtml == true)
  329. {
  330. $output = "".$output."";
  331. }
  332. else
  333. {
  334. $output = "<span class='pricedisplay'>".$output."</span>";
  335. }
  336. if($no_dollar_sign == true)
  337. {
  338. return $price_out;
  339. }
  340. return $output;
  341. }
  342. function admin_display_total_price($start_timestamp = '', $end_timestamp = '')
  343. {
  344. global $wpdb;
  345. if(($start_timestamp != '') && ($end_timestamp != ''))
  346. {
  347. $sql = "SELECT * FROM `".$wpdb->prefix."purchase_logs` WHERE `processed` > '1' AND `date` BETWEEN '$start_timestamp' AND '$end_timestamp' ORDER BY `date` DESC";
  348. }
  349. else
  350. {
  351. $sql = "SELECT * FROM `".$wpdb->prefix."purchase_logs` WHERE `processed` > '1' AND `date` != ''";
  352. }
  353. $purchase_log = $wpdb->get_results($sql,ARRAY_A) ;
  354. $total = 0;
  355. if($purchase_log != null)
  356. {
  357. foreach($purchase_log as $purchase)
  358. {
  359. $country_sql = "SELECT * FROM `".$wpdb->prefix."submited_form_data` WHERE `log_id` = '".$purchase['id']."' AND `form_id` = '".get_option('country_form_field')."' LIMIT 1";
  360. $country_data = $wpdb->get_results($country_sql,ARRAY_A);
  361. $country = $country_data[0]['value'];
  362. $total += nzshpcrt_find_total_price($purchase['id'],$country);
  363. }
  364. }
  365. return $total;
  366. }
  367. function calculate_product_price($product_id, $variations = false, $pm='',$extras=false) {
  368. global $wpdb;
  369. $pm = ''; // PM override code lies here
  370. if(is_numeric($product_id)) {
  371. if(is_array($variations) && ((count($variations) >= 1) && (count($variations) <= 2))) {
  372. $variation_count = count($variations);
  373. $variations = array_values($variations);
  374. }
  375. if ($pm!='') {
  376. $checkb_sql = "SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id` = '".(int)$product_id."' LIMIT 1";
  377. $product_data = $wpdb->get_results($checkb_sql,ARRAY_A);
  378. if ($product_data[0]['special']=='1') {
  379. $std_price = $product_data[0]['price'] - $product_data[0]['special_price'];
  380. } else {
  381. $std_price = $product_data[0]['price'];
  382. }
  383. if ($pm=='stay') {
  384. if ((count($extras)>0)&&($extras!=null)) {
  385. foreach ($extras as $extra) {
  386. $price+=$wpdb->get_var("SELECT `price` FROM `".$wpdb->prefix."extras_values_associations` WHERE `product_id` = '".$product_id."' AND `value_id` = '".$extra."' LIMIT 1");
  387. }
  388. }
  389. return $std_price+$price;
  390. }
  391. $sql = "SELECT `price` FROM `".$wpdb->prefix."extras_values_associations` WHERE `product_id` = '".$product_id."' AND `extras_id` = '".$extras[0]."' LIMIT 1";
  392. if ($pm=='plus') {
  393. if ((count($extras)>0)&&($extras!=null)) {
  394. foreach ($extras as $extra) {
  395. $price+=$wpdb->get_var("SELECT `price` FROM `".$wpdb->prefix."extras_values_associations` WHERE `product_id` = '".$product_id."' AND `extras_id` = '".$extra."' LIMIT 1");
  396. }
  397. }
  398. return $std_price+$price;
  399. } elseif ($pm=='minus') {
  400. if ((count($extras)>0)&&($extras!=null)) {
  401. foreach ($extras as $extra) {
  402. $price+=$wpdb->get_var("SELECT `price` FROM `".$wpdb->prefix."extras_values_associations` WHERE `product_id` = '".$product_id."' AND `extras_id` = '".$extra."' LIMIT 1");
  403. }
  404. }
  405. return $std_price+$price;
  406. }
  407. return $price;
  408. } else {
  409. if(($variation_count >= 1) && ($variation_count <= 2)) {
  410. switch($variation_count) {
  411. case 1:
  412. $sql = "SELECT `price` FROM `".$wpdb->prefix."variation_priceandstock` WHERE `product_id` IN ('".$product_id."') AND `variation_id_1` = '".$variations[0]."' AND `variation_id_2` = '0' LIMIT 1";
  413. break;
  414. case 2:
  415. $sql = "SELECT `price` FROM `".$wpdb->prefix."variation_priceandstock` WHERE `product_id` IN ('".$product_id."') AND ((`variation_id_1` = '".$variations[0]."' AND `variation_id_2` = '".$variations[1]."') OR (`variation_id_1` = '".$variations[1]."' AND `variation_id_2` = '".$variations[0]."')) LIMIT 1";
  416. break;
  417. }
  418. $price = $wpdb->get_var($sql);
  419. //exit("// $price $sql");
  420. } else {
  421. $sql = "SELECT `price`,`special`,`special_price` FROM `".$wpdb->prefix."product_list` WHERE `id`='".$product_id."' LIMIT 1";
  422. $product_data = $wpdb->get_row($sql,ARRAY_A);
  423. if($product_data['special_price'] > 0) {
  424. $price = $product_data['price'] - $product_data['special_price'];
  425. } else {
  426. $price = $product_data['price'];
  427. }
  428. }
  429. }
  430. } else {
  431. $price = false;
  432. }
  433. return $price;
  434. }
  435. function check_in_stock($id, $variations, $item_quantity = 1)
  436. {
  437. global $wpdb;
  438. $sql = "SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id`='".$id."' LIMIT 1";
  439. $item_data = $wpdb->get_row($sql,ARRAY_A);
  440. $item_stock = null;
  441. $variation_count = count($variations);
  442. if(($variation_count >= 1) && ($variation_count <= 2))
  443. {
  444. foreach($variations as $variation_id)
  445. {
  446. if(is_numeric($variation_id))
  447. {
  448. $variation_ids[] = $variation_id;
  449. }
  450. }
  451. if(count($variation_ids) == 2)
  452. {
  453. $variation_stock_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."variation_priceandstock` WHERE `product_id` = '".$id."' AND (`variation_id_1` = '".$variation_ids[0]."' AND `variation_id_2` = '".$variation_ids[1]."') OR (`variation_id_1` = '".$variation_ids[1]."' AND `variation_id_2` = '".$variation_ids[0]."') LIMIT 1",ARRAY_A);
  454. $item_stock = $variation_stock_data['stock'];
  455. }
  456. else if(count($variation_ids) == 1)
  457. {
  458. $variation_stock_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."variation_priceandstock` WHERE `product_id` = '".$id."' AND (`variation_id_1` = '".$variation_ids[0]."' AND `variation_id_2` = '0') LIMIT 1",ARRAY_A);
  459. $item_stock = $variation_stock_data['stock'];
  460. }
  461. }
  462. if($item_stock === null)
  463. {
  464. $item_stock = $item_data['quantity'];
  465. }
  466. if((($item_data['quantity_limited'] == 1) && ($item_stock > 0) && ($item_stock >= $item_quantity)) || ($item_data['quantity_limited'] == 0))
  467. {
  468. $output = true;
  469. }
  470. else
  471. {
  472. $output = false;
  473. }
  474. return $output;
  475. }
  476. function wpsc_item_process_image($id='') {
  477. global $wpdb;
  478. if ($id=='') {
  479. $id=$_POST['prodid'];
  480. }
  481. if(($_FILES['image'] != null) && preg_match("/\.(gif|jp(e)*g|png){1}$/i",$_FILES['image']['name']) && apply_filters( 'wpsc_filter_file', $_FILES['image']['tmp_name'] )) {
  482. //$active_signup = apply_filters( 'wpsc_filter_file', $_FILES['image']['tmp_name'] );
  483. if(function_exists("getimagesize")) {
  484. $image_name = basename($_FILES['image']['name']);
  485. if(is_file((WPSC_IMAGE_DIR.$image_name))) {
  486. $name_parts = explode('.',basename($image_name));
  487. $extension = array_pop($name_parts);
  488. $name_base = implode('.',$name_parts);
  489. $dir = glob(WPSC_IMAGE_DIR."$name_base*");
  490. foreach($dir as $file) {
  491. $matching_files[] = basename($file);
  492. }
  493. $image_name = null;
  494. $num = 2;
  495. // loop till we find a free file name, first time I get to do a do loop in yonks
  496. do {
  497. $test_name = "{$name_base}-{$num}.{$extension}";
  498. if(!file_exists(WPSC_IMAGE_DIR.$test_name)) {
  499. $image_name = $test_name;
  500. }
  501. $num++;
  502. } while ($image_name == null);
  503. }
  504. //exit("<pre>".print_r($image_name,true)."</pre>");
  505. $new_image_path = WPSC_IMAGE_DIR.$image_name;
  506. move_uploaded_file($_FILES['image']['tmp_name'], $new_image_path);
  507. $stat = stat( dirname( $new_image_path ));
  508. $perms = $stat['mode'] & 0000666;
  509. @ chmod( $new_image_path, $perms );
  510. switch($_POST['image_resize']) {
  511. case 2:
  512. $height = $_POST['height'];
  513. $width = $_POST['width'];
  514. break;
  515. case 0:
  516. $height = null;
  517. $width = null;
  518. break;
  519. case 1:
  520. default:
  521. $height = get_option('product_image_height');
  522. $width = get_option('product_image_width');
  523. break;
  524. }
  525. if(($_POST['image_resize'] == 3) && ($_FILES['thumbnailImage'] != null) && file_exists($_FILES['thumbnailImage']['tmp_name'])) {
  526. $imagefield='thumbnailImage';
  527. $image= image_processing($_FILES['thumbnailImage']['tmp_name'], (WPSC_THUMBNAIL_DIR.$image_name),null,null,$imagefield);
  528. $thumbnail_image = $image;
  529. } else {
  530. image_processing($new_image_path, (WPSC_THUMBNAIL_DIR.$image_name), $width, $height);
  531. }
  532. $updatelink_sql = "UPDATE `".$wpdb->prefix."product_list` SET `image` = '".$image_name."', `thumbnail_image` = '".$thumbnail_image."' WHERE `id` = '$id'";
  533. $wpdb->query($updatelink_sql);
  534. $image = $wpdb->escape($image_name);
  535. } else {
  536. $image_name = basename($_FILES['image']['name']);
  537. if(is_file((WPSC_IMAGE_DIR.$image_name))) {
  538. $name_parts = explode('.',basename($image_name));
  539. $extension = array_pop($name_parts);
  540. $name_base = implode('.',$name_parts);
  541. $dir = glob(WPSC_IMAGE_DIR."$name_base*");
  542. foreach($dir as $file) {
  543. $matching_files[] = basename($file);
  544. }
  545. $image_name = null;
  546. $num = 2;
  547. // loop till we find a free file name
  548. do {
  549. $test_name = "{$name_base}-{$num}.{$extension}";
  550. if(!file_exists(WPSC_IMAGE_DIR.$test_name)) {
  551. $image_name = $test_name;
  552. }
  553. $num++;
  554. } while ($image_name == null);
  555. }
  556. $new_image_path = WPSC_IMAGE_DIR.$image_name;
  557. move_uploaded_file($_FILES['image']['tmp_name'], $new_image_path);
  558. $stat = stat( dirname( $new_image_path ));
  559. $perms = $stat['mode'] & 0000666;
  560. @ chmod( $new_image_path, $perms );
  561. $image = $wpdb->escape($image_name);
  562. }
  563. } else {
  564. $image_data = $wpdb->get_row("SELECT `id`,`image` FROM `".$wpdb->prefix."product_list` WHERE `id`='".(int)$_POST['prodid']."' LIMIT 1",ARRAY_A);
  565. //exit("<pre>".print_r($image_data,true)."</pre>");
  566. if(($_POST['image_resize'] == 3) && ($_FILES['thumbnailImage'] != null) && file_exists($_FILES['thumbnailImage']['tmp_name'])) {
  567. $imagefield='thumbnailImage';
  568. $image=image_processing($_FILES['thumbnailImage']['tmp_name'], WPSC_THUMBNAIL_DIR.$_FILES['thumbnailImage']['name'],null,null,$imagefield);
  569. $thumbnail_image = $image;
  570. $wpdb->query("UPDATE `".$wpdb->prefix."product_list` SET `thumbnail_image` = '".$thumbnail_image."' WHERE `id` = '".$image_data['id']."'");
  571. $stat = stat( dirname( (WPSC_THUMBNAIL_DIR.$image_data['image']) ));
  572. $perms = $stat['mode'] & 0000666;
  573. @ chmod( (WPSC_THUMBNAIL_DIR.$image_data['image']), $perms );
  574. }
  575. $image = false;
  576. }
  577. return $image;
  578. }
  579. function wpsc_item_process_file($mode = 'add') {
  580. global $wpdb;
  581. if(apply_filters( 'wpsc_filter_file', $_FILES['file']['tmp_name'] )) {
  582. // initialise $idhash to null to prevent issues with undefined variables and error logs
  583. $idhash = null;
  584. switch($mode) {
  585. case 'edit':
  586. /* if we are editing, grab the current file and ID hash */
  587. $product_id = $_POST['prodid'];
  588. $fileid_data = $wpdb->get_results("SELECT `file` FROM `".$wpdb->prefix."product_list` WHERE `id` = '$product_id' LIMIT 1",ARRAY_A);
  589. case 'add':
  590. default:
  591. /* if we are adding, make a new file row and get the ID of it */
  592. $timestamp = time();
  593. $query_results = $wpdb->query("INSERT INTO `".$wpdb->prefix."product_files` ( `filename` , `mimetype` , `idhash` , `date` ) VALUES ( '', '', '', '$timestamp');");
  594. $fileid = $wpdb->get_var("SELECT LAST_INSERT_ID() FROM `".$wpdb->prefix."product_files`");
  595. break;
  596. }
  597. /* if there is no idhash, generate it */
  598. if($idhash == null) {
  599. $idhash = sha1($fileid);
  600. if($idhash == '') {
  601. // if sha1 doesnt spit an error, but doesnt return anything either (it has done so on some servers)
  602. $idhash = md5($fileid);
  603. }
  604. }
  605. // if needed, we can add code here to stop hash doubleups in the unlikely event that they shoud occur
  606. $mimetype = wpsc_get_mimetype($_FILES['file']['tmp_name']);
  607. $filename = basename($_FILES['file']['name']);
  608. if(move_uploaded_file($_FILES['file']['tmp_name'],(WPSC_FILE_DIR.$idhash))) {
  609. $stat = stat( dirname( (WPSC_FILE_DIR.$idhash) ));
  610. $perms = $stat['mode'] & 0000666;
  611. @ chmod( (WPSC_FILE_DIR.$idhash), $perms );
  612. if(function_exists("make_mp3_preview")) {
  613. if($mimetype == "audio/mpeg" && (!isset($_FILES['preview_file']['tmp_name']))) {
  614. // if we can generate a preview file, generate it (most can't due to sox being rare on servers and sox with MP3 support being even rarer), thus this needs to be enabled by editing code
  615. make_mp3_preview((WPSC_FILE_DIR.$idhash), (WPSC_PREVIEW_DIR.$idhash.".mp3"));
  616. $preview_filepath = (WPSC_PREVIEW_DIR.$idhash.".mp3");
  617. } else if(file_exists($_FILES['preview_file']['tmp_name'])) {
  618. $preview_filename = basename($_FILES['preview_file']['name']);
  619. $preview_mimetype = wpsc_get_mimetype($_FILES['preview_file']['tmp_name']);
  620. copy($_FILES['preview_file']['tmp_name'], (WPSC_PREVIEW_DIR.$preview_filename));
  621. $preview_filepath = (WPSC_PREVIEW_DIR.$preview_filename);
  622. $wpdb->query("UPDATE `".$wpdb->prefix."product_files` SET `preview` = '".$wpdb->escape($preview_filename)."', `preview_mimetype` = '".$preview_mimetype."' WHERE `id` = '$fileid' LIMIT 1");
  623. }
  624. $stat = stat( dirname($preview_filepath));
  625. $perms = $stat['mode'] & 0000666;
  626. @ chmod( $preview_filepath, $perms );
  627. }
  628. $wpdb->query("UPDATE `".$wpdb->prefix."product_files` SET `filename` = '".$wpdb->escape($filename)."', `mimetype` = '$mimetype', `idhash` = '$idhash' WHERE `id` = '$fileid' LIMIT 1");
  629. }
  630. if($mode == 'edit') {
  631. //if we are editing, update the file ID in the product row, this cannot be done for add because the row does not exist yet.
  632. $wpdb->query("UPDATE `".$wpdb->prefix."product_list` SET `file` = '$fileid' WHERE `id` = '$product_id' LIMIT 1");
  633. }
  634. return $fileid;
  635. } else {
  636. return false;
  637. }
  638. }
  639. function wpsc_item_reassign_file($selected_product_file, $mode = 'add') {
  640. global $wpdb;
  641. // initialise $idhash to null to prevent issues with undefined variables and error logs
  642. $idhash = null;
  643. if($mode == 'edit') {
  644. /* if we are editing, grab the current file and ID hash */
  645. $product_id = (int)$_POST['prodid'];
  646. if($selected_product_file == '.none.') {
  647. // unlikely that anyone will ever upload a file called .none., so its the value used to signify clearing the product association
  648. $wpdb->query("UPDATE `".$wpdb->prefix."product_list` SET `file` = '0' WHERE `id` = '$product_id' LIMIT 1");
  649. return null;
  650. }
  651. // if we already use this file, there is no point doing anything more.
  652. $current_fileid = $wpdb->get_var("SELECT `file` FROM `".$wpdb->prefix."product_list` WHERE `id` = '$product_id' LIMIT 1",ARRAY_A);
  653. if($current_fileid > 0) {
  654. $current_file_data = $wpdb->get_row("SELECT `id`,`idhash` FROM `".$wpdb->prefix."product_files` WHERE `id` = '$current_fileid' LIMIT 1",ARRAY_A);
  655. if(basename($selected_product_file) == $file_data['idhash']) {
  656. return $current_fileid;
  657. }
  658. }
  659. }
  660. $selected_product_file = basename($selected_product_file);
  661. if(file_exists(WPSC_FILE_DIR.$selected_product_file)) {
  662. $timestamp = time();
  663. $file_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."product_files` WHERE `idhash` IN('".$wpdb->escape($selected_product_file)."') LIMIT 1", ARRAY_A);
  664. $fileid = (int)$file_data['id'];
  665. if($fileid < 1) { // if the file does not have a database row, add one.
  666. $mimetype = wpsc_get_mimetype(WPSC_FILE_DIR.$selected_product_file);
  667. $filename = $idhash = $selected_product_file;
  668. $timestamp = time();
  669. $wpdb->query("INSERT INTO `{$wpdb->prefix}product_files` ( `filename` , `mimetype` , `idhash` , `date` ) VALUES ( '{$filename}', '{$mimetype}', '{$idhash}', '{$timestamp}');");
  670. $fileid = $wpdb->get_var("SELECT `id` FROM `".$wpdb->prefix."product_files` WHERE `date` = '{$timestamp}' AND `filename` IN ('{$filename}')");
  671. }
  672. if($mode == 'edit') {
  673. //if we are editing, update the file ID in the product row, this cannot be done for add because the row does not exist yet.
  674. $wpdb->query("UPDATE `".$wpdb->prefix."product_list` SET `file` = '$fileid' WHERE `id` = '$product_id' LIMIT 1");
  675. }
  676. }
  677. return $fileid;
  678. }
  679. function wpsc_get_mimetype($file, $check_reliability = false) {
  680. // Sometimes we need to know how useless the result from this is, hence the "check_reliability" parameter
  681. if(file_exists($file)) {
  682. if(function_exists('finfo_open') && function_exists('finfo_file')) {
  683. // fileinfo apparently works best, wish it was included with PHP by default
  684. $finfo_handle = finfo_open(FILEINFO_MIME);
  685. $mimetype = finfo_file($finfo_handle,$file);
  686. $is_reliable = true;
  687. } else if(function_exists('mime_content_type')) {
  688. //obsolete, but probably second best due to completeness
  689. $mimetype = mime_content_type($file);
  690. $is_reliable = true;
  691. } else {
  692. //included with plugin, uses the extention, limited and odd list, last option
  693. $mimetype_class = new mimetype();
  694. $mimetype = $mimetype_class->getType($file);
  695. $is_reliable = false;
  696. }
  697. } else {
  698. $mimetype = false;
  699. $is_reliable = false;
  700. }
  701. if($check_reliability == true) {
  702. return array('mime_type' =>$mimetype, 'is_reliable' => $is_reliable );
  703. } else {
  704. return $mimetype;
  705. }
  706. }
  707. function shopping_cart_total_weight(){
  708. global $wpdb;
  709. $cart = $_SESSION['nzshpcrt_cart'];
  710. $total_weight=0;
  711. foreach($cart as $item) {
  712. $sql="SELECT weight FROM ".$wpdb->prefix."product_list WHERE id='".$item->product_id."'";
  713. $weight=$wpdb->get_var($sql);
  714. $subweight = $weight*$item->quantity;
  715. $total_weight+=$subweight;
  716. }
  717. return $total_weight;
  718. }
  719. function usps_shipping_methods() {
  720. /// this section of code needs to be tidied up and all references to "ereg" changed to "preg_match" or similar.
  721. global $wpdb;
  722. if(function_exists('curl_init')) {
  723. echo "<div id='usps_shipping_methods'>\n\r";
  724. $dest = $_SESSION['delivery_country'];
  725. if ($dest == get_option('base_country')) {
  726. // $request = '<RateV3Request USERID="' . "221ALLEN1967" . '" PASSWORD="' . "651AC00ZD570" . '">';
  727. // $allowed_types = explode(", ", MODULE_SHIPPING_USPS_TYPES);
  728. //
  729. // while (list($key, $value) = each($this->types)) {
  730. // if ( !in_array($key, $allowed_types) ) continue;
  731. //
  732. // if ($key == 'FIRST CLASS'){
  733. // $this->FirstClassMailType = '<FirstClassMailType>LETTER</FirstClassMailType>';
  734. // } else {
  735. // $this->FirstClassMailType = '';
  736. // }
  737. //
  738. // if ($key == 'PRIORITY'){
  739. // $this->container = 'FLAT RATE ENVELOPE';
  740. // }
  741. //
  742. // if ($key == 'EXPRESS'){
  743. // $this->container = 'FLAT RATE ENVELOPE';
  744. // }
  745. //
  746. // if ($key == 'PARCEL POST'){
  747. // $this->container = 'REGULAR';
  748. // $this->machinable = 'false';
  749. // }
  750. //
  751. // $request .= '<Package ID="' . $services_count . '">' .
  752. // '<Service>' . $key . '</Service>' .
  753. // $this->FirstClassMailType .
  754. // '<ZipOrigination>' . SHIPPING_ORIGIN_ZIP . '</ZipOrigination>' .
  755. // '<ZipDestination>' . $dest_zip . '</ZipDestination>' .
  756. // '<Pounds>' . $this->pounds . '</Pounds>' .
  757. // '<Ounces>' . $this->ounces . '</Ounces>' .
  758. // '<Container>' . $this->container . '</Container>' .
  759. // '<Size>' . $this->size . '</Size>' .
  760. // '<Machinable>' . $this->machinable . '</Machinable>' .
  761. // '</Package>';
  762. //
  763. // if ($transit) {
  764. // $transitreq = 'USERID="' . MODULE_SHIPPING_USPS_USERID .
  765. // '" PASSWORD="' . MODULE_SHIPPING_USPS_PASSWORD . '">' .
  766. // '<OriginZip>' . STORE_ORIGIN_ZIP . '</OriginZip>' .
  767. // '<DestinationZip>' . $dest_zip . '</DestinationZip>';
  768. //
  769. // switch ($key) {
  770. // case 'EXPRESS': $transreq[$key] = 'API=ExpressMail&XML=' .
  771. // urlencode( '<ExpressMailRequest ' . $transitreq . '</ExpressMailRequest>');
  772. // break;
  773. // case 'PRIORITY': $transreq[$key] = 'API=PriorityMail&XML=' .
  774. // urlencode( '<PriorityMailRequest ' . $transitreq . '</PriorityMailRequest>');
  775. // break;
  776. // case 'PARCEL': $transreq[$key] = 'API=StandardB&XML=' .
  777. // urlencode( '<StandardBRequest ' . $transitreq . '</StandardBRequest>');
  778. // break;
  779. // default: $transreq[$key] = '';
  780. // break;
  781. // }
  782. // }
  783. //
  784. // $services_count++;
  785. // }
  786. // $request .= '</RateV3Request>'; //'</RateRequest>'; //Changed by Greg Deeth April 30, 2008
  787. // $request = 'API=RateV3&XML=' . urlencode($request);
  788. } else {
  789. $dest=$wpdb->get_var("SELECT country FROM ".$wpdb->prefix."currency_list WHERE isocode='".$dest."'");
  790. $weight = shopping_cart_total_weight();
  791. $request = '<IntlRateRequest USERID="' . get_option('usps_user_id') . '" PASSWORD="' . get_option('usps_user_password') . '">' .
  792. '<Package ID="0">' .
  793. '<Pounds>' . $weight . '</Pounds>' .
  794. '<Ounces>' . '0' . '</Ounces>' .
  795. '<MailType>Package</MailType>' .
  796. '<Country>' . $dest . '</Country>' .
  797. '</Package>' .
  798. '</IntlRateRequest>';
  799. $request = 'API=IntlRate&XML=' . urlencode($request);
  800. }
  801. //$http = new httpClient();
  802. $usps_server = 'production.shippingapis.com'; //'stg-production.shippingapis.com'; // or stg-secure.shippingapis.com //'production.shippingapis.com';
  803. $api_dll = 'shippingapi.dll'; //'shippingapi.dll';
  804. //if ($http->Connect($usps_server, 80)) {
  805. $url = 'http://'.$usps_server.'/' . $api_dll . '?' . $request;
  806. $ch=curl_init();
  807. curl_setopt($ch, CURLOPT_URL, $url);
  808. curl_setopt($ch, CURLOPT_NOPROGRESS, 1);
  809. curl_setopt($ch, CURLOPT_VERBOSE, 1);
  810. curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
  811. curl_setopt($ch, CURLOPT_TIMEOUT, 120);
  812. curl_setopt($ch, CURLOPT_USERAGENT, 'osCommerce');
  813. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  814. $body = curl_exec($ch);
  815. //$error = curl_error($ch);
  816. curl_close($ch);
  817. // $http->addHeader('Host', $usps_server);
  818. // $http->addHeader('User-Agent', 'osCommerce');
  819. // $http->addHeader('Connection', 'Close');
  820. //if ($http->Get('/' . $api_dll . '?' . $request)) $body = $http->getBody();
  821. // if ($transit && is_array($transreq) && ($order->delivery['country']['id'] == STORE_COUNTRY)) {
  822. // while (list($key, $value) = each($transreq)) {
  823. // if ($http->Get('/' . $api_dll . '?' . $value)) $transresp[$key] = $http->getBody();
  824. // }
  825. // }
  826. //$http->Disconnect();
  827. if($body == '') {
  828. //return false;
  829. }
  830. $response=array();
  831. while (true) {
  832. if ($start = strpos($body, '<Package ID=')) {
  833. $body = substr($body, $start);
  834. $end = strpos($body, '</Package>');
  835. $response[] = substr($body, 0, $end+10);
  836. $body = substr($body, $end+9);
  837. } else {
  838. break;
  839. }
  840. }
  841. $rates = array();
  842. if ($dest == get_option('base_country')) {
  843. if (sizeof($response) == '1') {
  844. if (ereg('<Error>', $response[0])) {
  845. $number = ereg('<Number>(.*)</Number>', $response[0], $regs);
  846. $number = $regs[1];
  847. $description = ereg('<Description>(.*)</Description>', $response[0], $regs);
  848. $description = $regs[1];
  849. //return array('error' => $number . ' - ' . $description);
  850. }
  851. }
  852. $n = sizeof($response);
  853. for ($i=0; $i<$n; $i++) {
  854. if (strpos($response[$i], '<Rate>')) {
  855. $service = ereg('<MailService>(.*)</MailService>', $response[$i], $regs);
  856. $service = $regs[1];
  857. $postage = ereg('<Rate>(.*)</Rate>', $response[$i], $regs);
  858. $postage = $regs[1];
  859. $rates[] = array($service => $postage);
  860. if ($transit) {
  861. switch ($service) {
  862. case 'EXPRESS': $time = ereg('<MonFriCommitment>(.*)</MonFriCommitment>', $transresp[$service], $tregs);
  863. $time = $tregs[1];
  864. if ($time == '' || $time == 'No Data') {
  865. $time = 'Estimated 1 - 2 ' . 'Days';
  866. } else {
  867. $time = 'Tomorrow by ' . $time;
  868. }
  869. break;
  870. case 'PRIORITY': $time = ereg('<Days>(.*)</Days>', $transresp[$service], $tregs);
  871. $time = $tregs[1];
  872. if ($time == '' || $time == 'No Data') {
  873. $time = 'Estimated 1 - 3 ' . 'Days';
  874. } elseif ($time == '1') {
  875. $time .= ' ' . 'Day';
  876. } else {
  877. $time .= ' ' . 'Days';
  878. }
  879. break;
  880. case 'PARCEL': $time = ereg('<Days>(.*)</Days>', $transresp[$service], $tregs);
  881. $time = $tregs[1];
  882. if ($time == '' || $time == 'No Data') {
  883. $time = 'Estimated 2 - 9 ' . 'Days';
  884. } elseif ($time == '1') {
  885. $time .= ' ' . 'Day';
  886. } else {
  887. $time .= ' ' . 'Days';
  888. }
  889. break;
  890. case 'First-Class Mail':
  891. $time = 'Estimated 1 - 5 ' . 'Days';
  892. break;
  893. case 'MEDIA':
  894. $time = 'Estimated 2 - 9 ' . 'Days';
  895. break;
  896. case 'BPM':
  897. $time = 'Estimated 2 - 9 ' . 'Days';
  898. break;
  899. default:
  900. $time = '';
  901. break;
  902. }
  903. if ($time != '') $transittime[$service] = ': ' . $time . '';
  904. }
  905. }
  906. }
  907. } else {
  908. if (ereg('<Error>', $response[0])) {
  909. $number = ereg('<Number>(.*)</Number>', $response[0], $regs);
  910. $number = $regs[1];
  911. $description = ereg('<Description>(.*)</Description>', $response[0], $regs);
  912. $description = $regs[1];
  913. return array('error' => $number . ' - ' . $description);
  914. } else {
  915. $body = $response[0];
  916. $services = array();
  917. while (true) {
  918. if ($start = strpos($body, '<Service ID=')) {
  919. $body = substr($body, $start);
  920. $end = strpos($body, '</Service>');
  921. $services[] = substr($body, 0, $end+10);
  922. $body = substr($body, $end+9);
  923. } else {
  924. break;
  925. }
  926. }
  927. $allowed_types = Array( 'EXPRESS MAIL INT' => "Express Mail International (EMS)", 'EXPRESS MAIL INT FLAT RATE ENV' => "Express Mail International (EMS) Flat-Rate Envelope", 'PRIORITY MAIL INT' => "Priority Mail International", 'PRIORITY MAIL INT FLAT RATE ENV' => "Priority Mail International Flat-Rate Envelope", 'PRIORITY MAIL INT FLAT RATE BOX' => "Priority Mail International Flat-Rate Box", 'FIRST-CLASS MAIL INT' => "First Class Mail International Letters" );
  928. //foreach( explode(", ", MODULE_SHIPPING_USPS_TYPES_INTL) as $value ) $allowed_types[$value] = $this->intl_types[$value];
  929. $size = sizeof($services);
  930. for ($i=0, $n=$size; $i<$n; $i++) {
  931. if (strpos($services[$i], '<Postage>')) {
  932. $service = ereg('<SvcDescription>(.*)</SvcDescription>', $services[$i], $regs);
  933. $service = $regs[1];
  934. $postage = ereg('<Postage>(.*)</Postage>', $services[$i], $regs);
  935. $postage = $regs[1];
  936. $time = ereg('<SvcCommitments>(.*)</SvcCommitments>', $services[$i], $tregs);
  937. $time = $tregs[1];
  938. $time = preg_replace('/Weeks$/', 'Weeks',$time);
  939. $time = preg_replace('/Days$/', 'Days', $time);
  940. $time = preg_replace('/Day$/', 'Day', $time);
  941. if( !in_array($service, $allowed_types) ) continue;
  942. // if (isset($this->service) && ($service != $this->service) ) {
  943. // continue;
  944. // }
  945. $rates[] = array($service => $postage);
  946. if ($time != '') $transittime[$service] = ' (' . $time . ')';
  947. }
  948. }
  949. $uspsQuote=$rates;
  950. }
  951. }
  952. // usps changes ends
  953. echo "</div>";
  954. }
  955. }
  956. function wpsc_ping() {
  957. $services = get_option('ping_sites');
  958. $services = explode("\n", $services);
  959. foreach ( (array) $services as $service ) {
  960. $service = trim($service);
  961. if($service != '' ) {
  962. wpsc_send_ping($service);
  963. }
  964. }
  965. }
  966. function wpsc_send_ping($server) {
  967. global $wp_version;
  968. include_once(ABSPATH . WPINC . '/class-IXR.php');
  969. // using a timeout of 3 seconds should be enough to cover slow servers
  970. $client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path));
  971. $client->timeout = 3;
  972. $client->useragent .= ' -- WordPress/'.$wp_version;
  973. // when set to true, this outputs debug messages by itself
  974. $client->debug = false;
  975. $home = trailingslashit( get_option('product_list_url') );
  976. $rss_url = get_option('siteurl')."/index.php?rss=true&amp;action=product_list";
  977. if ( !$client->query('weblogUpdates.extendedPing', get_option('blogname'), $home, $rss_url ) ) {
  978. $client->query('weblogUpdates.ping', get_option('blogname'), $home);
  979. }
  980. }
  981. ?>