PageRenderTime 60ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/wp-content/plugins/wp-shopping-cart/wp-shopping-cart.php

https://github.com/alx/barceloneta
PHP | 2608 lines | 2076 code | 343 blank | 189 comment | 544 complexity | 8aea27015246860d47a4e369a46af1d9 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

    

  1. <?php
    2. 

  2. /*
    3. 

  3. Plugin Name:WP Shopping Cart
    4. 

  4. Plugin URI: http://www.instinct.co.nz
    5. 

  5. Description: A plugin that provides a WordPress Shopping Cart. Contact <a href='http://www.instinct.co.nz/?p=16#support'>Instinct Entertainment</a> for support. <br />Click here to to <a href='?wpsc_uninstall=ask'>Uninstall</a>.
    6. 

  6. Version: 3.6.8 RC1
    7. 

  7. Author: Thomas Howard of Instinct Entertainment
    8. 

  8. Author URI: http://www.instinct.co.nz/e-commerce/
    9. 

  9. /* Major version for "major" releases */
    10. 

  10. define('WPSC_VERSION', '3.6');
    11. 

  11. define('WPSC_MINOR_VERSION', '80');
    12. 

  12. 

  13. define('WPSC_PRESENTABLE_VERSION', '3.6.8 RC1');
    14. 

  14. 

  15. define('WPSC_DEBUG', false);
    16. 

  16. /*
    17. 

  17.  * {Notes} Language Files
    18. 

  18.  * {Required} Yes
    19. 

  19.  * {WP-Set} Yes (Admin Panel)
    20. 

  20.  */
    21. 

  21. define('IS_WP25', version_compare($wp_version, '2.4', '>=') );
    22. 

  22. 

  23. // // we need to know where we are, rather than assuming where we are
    24. 

  24. define('WPSC_FILE_PATH', dirname(__FILE__));
    25. 

  25. define('WPSC_DIR_NAME', basename(WPSC_FILE_PATH));
    26. 

  26. 

  27. $siteurl = get_option('siteurl');
    28. 

  28. 

  29. // thanks to ikool for this fix
    30. 

  30. define('WPSC_FOLDER', dirname(plugin_basename(__FILE__)));
    31. 

  31. define('WPSC_URL', get_option('siteurl').'/wp-content/plugins/' . WPSC_FOLDER);
    32. 

  32. 

  33. //exit("");
    34. 

  34. 

  35. if(WPSC_DEBUG === true) {
    36. 

  36. 	function microtime_float() {
    37. 

  37. 		list($usec, $sec) = explode(" ", microtime()); 
    38. 

  38. 		return ((float)$usec + (float)$sec);
    39. 

  39. 	}
    40. 

  40. 	
    41. 

  41. 	function wpsc_debug_start_subtimer($name, $action, $loop = false) {	
    42. 

  42. 		global $wpsc_debug_sections,$loop_debug_increment;
    43. 

  43. 		
    44. 

  44. 		if($loop === true) {
    45. 

  45. 			if ($action == 'start') {
    46. 

  46. 				$loop_debug_increment[$name]++;
    47. 

  47. 				$wpsc_debug_sections[$name.$loop_debug_increment[$name]][$action] = microtime_float();
    48. 

  48. 			} else if($action == 'stop') {
    49. 

  49. 				$wpsc_debug_sections[$name.$loop_debug_increment[$name]][$action] = microtime_float();
    50. 

  50. 			}
    51. 

  51. 		} else {
    52. 

  52. 			$wpsc_debug_sections[$name][$action] = microtime_float();		
    53. 

  53. 		}
    54. 

  54. 	}
    55. 

  55. 	
    56. 

  56.   $wpsc_start_time = microtime_float();
    57. 

  57. } else {
    58. 

  58. 	function wpsc_debug_start_subtimer($name) {	
    59. 

  59. 		return null;
    60. 

  60. 	}
    61. 

  61. }
    62. 

  62. 

  63.  
    64. 

  64. 

  65. if(get_option('language_setting') != '') {
    66. 

  66.   require(WPSC_FILE_PATH.'/languages/'.get_option('language_setting'));
    67. 

  67. } else {
    68. 

  68.   require(WPSC_FILE_PATH.'/languages/EN_en.php');
    69. 

  69. }
    70. 

  70. require(WPSC_FILE_PATH.'/classes/variations.class.php');
    71. 

  71. require(WPSC_FILE_PATH.'/classes/extra.class.php');
    72. 

  72. // require(WPSC_FILE_PATH.'/classes/http_client.php');
    73. 

  73. require(WPSC_FILE_PATH.'/classes/mimetype.php');
    74. 

  74. require(WPSC_FILE_PATH.'/classes/cart.class.php');
    75. 

  75. require(WPSC_FILE_PATH.'/classes/xmlparser.php');
    76. 

  76. if (!IS_WP25) {
    77. 

  77. 	require(WPSC_FILE_PATH.'/editor.php');
    78. 

  78. } else { 
    79. 

  79. 	require(WPSC_FILE_PATH.'/js/tinymce3/tinymce.php');
    80. 

  80. }
    81. 

  81. 

  82. if(IS_WPMU == 1) {
    83. 

  83. 		$upload_url = get_option('siteurl').'/files';
    84. 

  84. 		$upload_path = ABSPATH.get_option('upload_path');
    85. 

  85. } else {
    86. 

  86. 	if ( !defined('WP_CONTENT_URL') ) {
    87. 

  87. 			define( 'WP_CONTENT_URL', get_option('siteurl') . '/wp-content');
    88. 

  88. 		}
    89. 

  89. 	if ( !defined('WP_CONTENT_DIR') ) {
    90. 

  90. 		define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' );
    91. 

  91. 	}
    92. 

  92. 	
    93. 

  93. 	$upload_path = WP_CONTENT_DIR."/uploads";
    94. 

  94. 	$upload_url = WP_CONTENT_URL."/uploads";
    95. 

  95. }
    96. 

  96. 

  97. $wpsc_file_dir = "{$upload_path}/wpsc/downloadables/";
    98. 

  98. $wpsc_preview_dir = "{$upload_path}/wpsc/previews/";
    99. 

  99. $wpsc_image_dir = "{$upload_path}/wpsc/product_images/";
    100. 

  100. $wpsc_thumbnail_dir = "{$upload_path}/wpsc/product_images/thumbnails/";
    101. 

  101. $wpsc_category_dir = "{$upload_path}/wpsc/category_images/";
    102. 

  102. $wpsc_user_uploads_dir = "{$upload_path}/wpsc/user_uploads/";
    103. 

  103. 

  104. 

  105. // $wpsc_file_dir = ABSPATH."{$upload_path}/files/";
    106. 

  106. // $wpsc_preview_dir = ABSPATH."{$upload_path}/preview_clips/";
    107. 

  107. // $wpsc_image_dir = ABSPATH."{$upload_path}/product_images/";
    108. 

  108. // $wpsc_thumbnail_dir = ABSPATH."{$upload_path}/product_images/thumbnails/";
    109. 

  109. // $wpsc_category_dir = ABSPATH."{$upload_path}/category_images/";
    110. 

  110. 

  111. 

  112. define('WPSC_FILE_DIR', $wpsc_file_dir);
    113. 

  113. define('WPSC_PREVIEW_DIR', $wpsc_preview_dir);
    114. 

  114. define('WPSC_IMAGE_DIR', $wpsc_image_dir);
    115. 

  115. define('WPSC_THUMBNAIL_DIR', $wpsc_thumbnail_dir);
    116. 

  116. define('WPSC_CATEGORY_DIR', $wpsc_category_dir);
    117. 

  117. define('WPSC_USER_UPLOADS_DIR', $wpsc_user_uploads_dir);
    118. 

  118. 

  119. 

  120. /**
    121. 

  121. * files that are uploaded as part of digital products are not directly downloaded, therefore there is no need for a URL constant for them
    122. 

  122. */
    123. 

  123. 

  124. $wpsc_preview_url = "{$upload_url}/wpsc/previews/";
    125. 

  125. $wpsc_image_url = "{$upload_url}/wpsc/product_images/";
    126. 

  126. $wpsc_thumbnail_url = "{$upload_url}/wpsc/product_images/thumbnails/";
    127. 

  127. $wpsc_category_url = "{$upload_url}/wpsc/category_images/";
    128. 

  128. $wpsc_user_uploads_url = "{$upload_url}/wpsc/user_uploads/";
    129. 

  129. 

  130. 

  131. // $wpsc_preview_url = "{$siteurl}/{$upload_path}/preview_clips/";
    132. 

  132. // $wpsc_image_url = "{$siteurl}/{$upload_path}/product_images/";
    133. 

  133. // $wpsc_thumbnail_url = "{$siteurl}/{$upload_path}/product_images/thumbnails/";
    134. 

  134. // $wpsc_category_url = "{$siteurl}/{$upload_path}/category_images/";
    135. 

  135. 

  136. define('WPSC_PREVIEW_URL', $wpsc_preview_url);
    137. 

  137. define('WPSC_IMAGE_URL', $wpsc_image_url);
    138. 

  138. define('WPSC_THUMBNAIL_URL', $wpsc_thumbnail_url);
    139. 

  139. define('WPSC_CATEGORY_URL', $wpsc_category_url);
    140. 

  140. define('WPSC_USER_UPLOADS_URL', $wpsc_user_uploads_url);
    141. 

  141. 

  142. 

  143. /*
    144. 

  144.  * {Notes} Session will sometimes always exist dependent on server
    145. 

  145.  * {Notes} Controls user Session
    146. 

  146.  */
    147. 

  147. if((!is_array($_SESSION)) xor (!isset($_SESSION['nzshpcrt_cart'])) xor (!$_SESSION)) {
    148. 

  148.   session_start();
    149. 

  149. }
    150. 

  150. 

  151. 

  152. if(isset($_SESSION['nzshpcrt_cart'])) {
    153. 

  153.   foreach((array)$_SESSION['nzshpcrt_cart'] as $key => $item) {
    154. 

  154.       if(get_class($item) == "__PHP_Incomplete_Class") {
    155. 

  155.           $_SESSION['nzshpcrt_cart'] = unserialize($_SESSION['nzshpcrt_serialized_cart']);
    156. 

  156.     }
    157. 

  157.   }
    158. 

  158. } else {
    159. 

  159.   if(isset($_SESSION['nzshpcrt_cart'])) {
    160. 

  160.     $_SESSION['nzshpcrt_cart'] = unserialize($_SESSION['nzshpcrt_serialized_cart']);
    161. 

  161.   }
    162. 

  162. }
    163. 

  163. 

  164. 

  165. if(is_numeric($_GET['sessionid'])) {
    166. 

  166.   $sessionid = $_GET['sessionid'];
    167. 

  167.   $cart_log_id = $wpdb->get_var("SELECT `id` FROM `".$wpdb->prefix."purchase_logs` WHERE `sessionid`= ".$sessionid." LIMIT 1");
    168. 

  168.   if(is_numeric($cart_log_id)) {
    169. 

  169.     $_SESSION['nzshpcrt_cart'] = null;
    170. 

  170.     $_SESSION['nzshpcrt_serialized_cart'] = null;
    171. 

  171.     }
    172. 

  172.   }
    173. 

  173. 

  174. 

  175. 

  176. $GLOBALS['nzshpcrt_imagesize_info'] = TXT_WPSC_IMAGESIZEINFO;
    177. 

  177. $nzshpcrt_log_states[0]['name'] = TXT_WPSC_RECEIVED;
    178. 

  178. $nzshpcrt_log_states[1]['name'] = TXT_WPSC_PROCESSING;
    179. 

  179. $nzshpcrt_log_states[2]['name'] = TXT_WPSC_PROCESSED;
    180. 

  180. 

  181. 

  182. 

  183. 

  184. class wp_shopping_cart {
    185. 

  185.   function wp_shopping_cart() {
    186. 

  186.     return;
    187. 

  187.   }
    188. 

  188.   function displaypages()
    189. 

  189.     {
    190. 

  190.     /*
    191. 

  191.      * Fairly standard wordpress plugin API stuff for adding the admin pages, rearrange the order to rearrange the pages
    192. 

  192.      * The bits to display the options page first on first use may be buggy, but tend not to stick around long enough to be identified and fixed
    193. 

  193.      * if you find bugs, feel free to fix them.
    194. 

  194.      *
    195. 

  195.      * If the permissions are changed here, they will likewise need to be changed for the other secions of the admin that either use ajax
    196. 

  196.      * or bypass the normal download system.
    197. 

  197.      * its in an object because nobody has moved it out of the object yet.
    198. 

  198.      */
    199. 

  199.     if(function_exists('add_options_page')) {
    200. 

  200. 				//       if(get_option('nzshpcrt_first_load') == 0) {
    201. 

  201. 				//         $base_page = WPSC_DIR_NAME.'/options.php';
    202. 

  202. 				//         add_menu_page(TXT_WPSC_ECOMMERCE, TXT_WPSC_ECOMMERCE, 7, $base_page);
    203. 

  203. 				//         add_submenu_page($base_page,TXT_WPSC_OPTIONS, TXT_WPSC_OPTIONS, 7, WPSC_DIR_NAME.'/options.php');
    204. 

  204. 				//         } else {
    205. 

  205. 			$base_page = WPSC_DIR_NAME.'/display-log.php';
    206. 

  206. 			add_menu_page(TXT_WPSC_ECOMMERCE, TXT_WPSC_ECOMMERCE, 7, $base_page);
    207. 

  207. 			add_submenu_page(WPSC_DIR_NAME.'/display-log.php',TXT_WPSC_PURCHASELOG, TXT_WPSC_PURCHASELOG, 7, WPSC_DIR_NAME.'/display-log.php');
    208. 

  208. 				//         }
    209. 

  209.       //written by allen
    210. 

  210. 	  add_submenu_page('users.php',TXT_WPSC_ECOMMERCE_SUBSCRIBERS, TXT_WPSC_ECOMMERCE_SUBSCRIBERS, 7, WPSC_DIR_NAME.'/display-ecommerce-subs.php');
    211. 

  211. 	  //exit(ABSPATH.'wp-admin/users.php');
    212. 

  212. 	  //end of written by allen
    213. 

  213.       
    214. 

  214.       add_submenu_page($base_page,TXT_WPSC_PRODUCTS, TXT_WPSC_PRODUCTS, 7, WPSC_DIR_NAME.'/display-items.php');
    215. 

  215.       add_submenu_page($base_page,TXT_WPSC_CATEGORISATION, TXT_WPSC_CATEGORISATION, 7, WPSC_DIR_NAME.'/display-category.php');
    216. 

  216.       
    217. 

  217.       add_submenu_page($base_page,TXT_WPSC_VARIATIONS, TXT_WPSC_VARIATIONS, 7, WPSC_DIR_NAME.'/display_variations.php');
    218. 

  218.       add_submenu_page($base_page,TXT_WPSC_MARKETING, TXT_WPSC_MARKETING, 7, WPSC_DIR_NAME.'/display-coupons.php');
    219. 

  219.       
    220. 

  220.       add_submenu_page($base_page,TXT_WPSC_PAYMENTGATEWAYOPTIONS, TXT_WPSC_PAYMENTGATEWAYOPTIONS, 7, WPSC_DIR_NAME.'/gatewayoptions.php');
    221. 

  221.       add_submenu_page($base_page,TXT_WPSC_FORM_FIELDS, TXT_WPSC_FORM_FIELDS, 7, WPSC_DIR_NAME.'/form_fields.php');
    222. 

  222. 			add_submenu_page($base_page,TXT_WPSC_OPTIONS, TXT_WPSC_OPTIONS, 7, WPSC_DIR_NAME.'/options.php');
    223. 

  223.       if(function_exists('gold_shpcrt_options')) {
    224. 

  224.         gold_shpcrt_options($base_page);
    225. 

  225.         }
    226. 

  226. //       add_submenu_page($base_page,TXT_WPSC_HELPINSTALLATION, TXT_WPSC_HELPINSTALLATION, 7, WPSC_DIR_NAME.'/instructions.php');
    227. 

  227.       }
    228. 

  228.     return;
    229. 

  229.     }
    230. 

  230.   }
    231. 

  231. 

  232. function nzshpcrt_style() {
    233. 

  233.   ?>
    234. 

  234.   <style type="text/css" media="screen">
    235. 

  235.   
    236. 

  236. 	<?php
    237. 

  237. 	if((get_option('product_view') == 'default') ||  (get_option('product_view') == '')) {
    238. 

  238. 		$thumbnail_width = get_option('product_image_width');
    239. 

  239. 		if($thumbnail_width <= 0) {
    240. 

  240. 			$thumbnail_width = 96;
    241. 

  241. 		}
    242. 

  242. 	?>
    243. 

  243. 		div.default_product_display div.textcol{
    244. 

  244. 			margin-left: <?php echo $thumbnail_width + 10; ?>px !important;
    245. 

  245. 			_margin-left: <?php echo ($thumbnail_width/2) + 5; ?>px !important;
    246. 

  246. 		}
    247. 

  247. 			
    248. 

  248. 			
    249. 

  249. 		div.default_product_display  div.textcol div.imagecol{
    250. 

  250. 			position:absolute;
    251. 

  251. 			top:0px;
    252. 

  252. 			left: 0px;
    253. 

  253. 			margin-left: -<?php echo $thumbnail_width + 10; ?>px !important;
    254. 

  254. 		}
    255. 

  255. 	<?php
    256. 

  256. 	}
    257. 

  257. 	
    258. 

  258. 	
    259. 

  259. 		
    260. 

  260. 	$single_thumbnail_width = get_option('single_view_image_width');
    261. 

  261. 	$single_thumbnail_height = get_option('single_view_image_height');
    262. 

  262. 	if($single_thumbnail_width <= 0) {
    263. 

  263. 		$single_thumbnail_width = 128;
    264. 

  264. 	}
    265. 

  265. 	?>
    266. 

  266. 	
    267. 

  267. 	div.single_product_display div.textcol{
    268. 

  268. 		margin-left: <?php echo $single_thumbnail_width  + 10; ?>px !important;
    269. 

  269. 		_margin-left: <?php echo ($single_thumbnail_width/2) + 5; ?>px !important;
    270. 

  270. 		min-height: <?php echo $single_thumbnail_height + 10;?>px;
    271. 

  271. 		_height: <?php echo $single_thumbnail_height + 10;?>px;
    272. 

  272. 	}
    273. 

  273. 		
    274. 

  274. 		
    275. 

  275. 	div.single_product_display  div.textcol div.imagecol{
    276. 

  276. 		position:absolute;
    277. 

  277. 		top:0px;
    278. 

  278. 		left: 0px;
    279. 

  279. 		margin-left: -<?php echo $single_thumbnail_width + 10; ?>px !important;
    280. 

  280. 	}
    281. 

  281. 	
    282. 

  282.   
    283. 

  283.   
    284. 

  284.     <?php
    285. 

  285.   if(is_numeric($_GET['brand']) || (get_option('show_categorybrands') == 3)) {
    286. 

  286.     $brandstate = 'block';
    287. 

  287.     $categorystate = 'none';
    288. 

  288.     } else {
    289. 

  289.     $brandstate = 'none';
    290. 

  290.     $categorystate = 'block';
    291. 

  291.     }
    292. 

  292.       
    293. 

  293.     ?>
    294. 

  294.     div#categorydisplay{
    295. 

  295.     display: <?php echo $categorystate; ?>;
    296. 

  296.     }
    297. 

  297.     
    298. 

  298.     div#branddisplay{
    299. 

  299.     display: <?php echo $brandstate; ?>;
    300. 

  300.     }
    301. 

  301.   </style>
    302. 

  302.   <?php
    303. 

  303.   }
    304. 

  304.   
    305. 

  305. function nzshpcrt_javascript()
    306. 

  306.   {
    307. 

  307.   $siteurl = get_option('siteurl'); 
    308. 

  308. 	echo "";
    309. 

  309.   if(($_SESSION['nzshpcrt_cart'] == null) && (get_option('show_sliding_cart') == 1)) {
    310. 

  310. 		?>
    311. 

  311. 			<style type="text/css" media="screen">
    312. 

  312. 		div#sliding_cart{
    313. 

  313. 			display: none;
    314. 

  314. 			}
    315. 

  315. 		</style>
    316. 

  316. 		<?php
    317. 

  317. 	} else {
    318. 

  318. 		?>
    319. 

  319. 			<style type="text/css" media="screen">
    320. 

  320. 		div#sliding_cart{
    321. 

  321. 			display: block;
    322. 

  322. 			}
    323. 

  323. 		</style>
    324. 

  324. 	<?php
    325. 

  325. 	}
    326. 

  326.   ?>
    327. 

  327. <?php if (get_option('product_ratings') == 1){ ?>
    328. 

  328. <link href='<?php echo WPSC_URL; ?>/product_rater.css' rel="stylesheet" type="text/css" />
    329. 

  329. <?php } ?>
    330. 

  330. <link href='<?php echo WPSC_URL; ?>/thickbox.css' rel="stylesheet" type="text/css" />
    331. 

  331. <?php if (get_option('catsprods_display_type') == 1){ ?>
    332. 

  332.   <script language="JavaScript" type="text/javascript" src="<?php echo WPSC_URL; ?>/js/slideMenu.js"></script>
    333. 

  333. <?php } ?>
    334. 

  334. <script language='JavaScript' type='text/javascript'>
    335. 

  335. jQuery.noConflict();
    336. 

  336. /* base url */
    337. 

  337. var base_url = "<?php echo $siteurl; ?>";
    338. 

  338. var WPSC_URL = "<?php echo WPSC_URL; ?>";
    339. 

  339. 

  340. /* LightBox Configuration start*/
    341. 

  341. var fileLoadingImage = "<?php echo WPSC_URL; ?>/images/loading.gif";    
    342. 

  342. var fileBottomNavCloseImage = "<?php echo WPSC_URL; ?>/images/closelabel.gif";
    343. 

  343. var fileThickboxLoadingImage = "<?php echo WPSC_URL; ?>/images/loadingAnimation.gif";    
    344. 

  344. var resizeSpeed = 9;  // controls the speed of the image resizing (1=slowest and 10=fastest)
    345. 

  345. var borderSize = 10;  //if you adjust the padding in the CSS, you will need to update this variable
    346. 

  346. jQuery(document).ready( function() {
    347. 

  347.   <?php
    348. 

  348.   if(get_option('show_sliding_cart') == 1) {
    349. 

  349.     if(is_numeric($_SESSION['slider_state'])) {
    350. 

  350.       if($_SESSION['slider_state'] == 0) {
    351. 

  351.         ?>
    352. 

  352.         jQuery("#sliding_cart").css({ display: "none"});  
    353. 

  353.         <?php
    354. 

  354. 			} else {
    355. 

  355.         ?>
    356. 

  356.         jQuery("#sliding_cart").css({ display: "block"});  
    357. 

  357.         <?php
    358. 

  358. 			}
    359. 

  359.     } else {
    360. 

  360. 			if($_SESSION['nzshpcrt_cart'] == null) {
    361. 

  361. 				?>
    362. 

  362. 				jQuery("#sliding_cart").css({ display: "none"});  
    363. 

  363. 				<?php
    364. 

  364. 			} else {
    365. 

  365. 				?>
    366. 

  366. 				jQuery("#sliding_cart").css({ display: "block"});  
    367. 

  367. 				<?php
    368. 

  368. 			}
    369. 

  369. 		}
    370. 

  370. 	}
    371. 

  371.   ?>
    372. 

  372. });
    373. 

  373. </script>
    374. 

  374. <script src="<?php echo WPSC_URL; ?>/ajax.js" language='JavaScript' type="text/javascript"></script>
    375. 

  375. <script src="<?php echo WPSC_URL; ?>/user.js" language='JavaScript' type="text/javascript">
    376. 

  376. </script>
    377. 

  377. 

  378. 

  379. 

  380. <?php
    381. 

  381.   $theme_path = WPSC_FILE_PATH. '/themes/';
    382. 

  382.   if((get_option('wpsc_selected_theme') != '') && (file_exists($theme_path.get_option('wpsc_selected_theme')."/".get_option('wpsc_selected_theme').".css") )) {    
    383. 

  383.     ?>    
    384. 

  384. <link href='<?php echo WPSC_URL; ?>/themes/<?php echo get_option('wpsc_selected_theme')."/".get_option('wpsc_selected_theme').".css"; ?>' rel="stylesheet" type="text/css" />
    385. 

  385.     <?php
    386. 

  386.     } else {
    387. 

  387.     ?>    
    388. 

  388. <link href='<?php echo WPSC_URL; ?>/themes/default/default.css' rel="stylesheet" type="text/css" />
    389. 

  389.     <?php
    390. 

  390.     }
    391. 

  391.     ?>    
    392. 

  392. <link href='<?php echo WPSC_URL; ?>/themes/compatibility.css' rel="stylesheet" type="text/css" />
    393. 

  393.     <?php
    394. 

  394.   }
    395. 

  395. 

  396. function wpsc_admin_css() {
    397. 

  397.   $siteurl = get_option('siteurl'); 
    398. 

  398.   if(strpos($_SERVER['REQUEST_URI'], WPSC_DIR_NAME.'') !== false) {
    399. 

  399. ?>
    400. 

  400. <link href='<?php echo WPSC_URL; ?>/admin.css' rel="stylesheet" type="text/css" />
    401. 

  401. <link href='<?php echo WPSC_URL; ?>/js/jquery.ui.tabs.css' rel="stylesheet" type="text/css" />
    402. 

  402. <?php
    403. 

  403. 

  404. if($_GET['page'] == 'wp-shopping-cart/display-log.php') {
    405. 

  405. 	?>
    406. 

  406. 		<link href='<?php echo $siteurl; ?>/wp-admin/css/dashboard.css?ver=2.6' rel="stylesheet" type="text/css" />
    407. 

  407. 	<?php
    408. 

  408. }
    409. 

  409. ?>
    410. 

  410. <link href='<?php echo WPSC_URL; ?>/thickbox.css' rel="stylesheet" type="text/css" />
    411. 

  411. <script src="<?php echo WPSC_URL; ?>/ajax.js" language='JavaScript' type="text/javascript"></script>
    412. 

  412. 

  413. <script language="JavaScript" type="text/javascript" src="<?php echo WPSC_URL; ?>/js/jquery.tooltip.js"></script>
    414. 

  414. <script language='JavaScript' type='text/javascript'>
    415. 

  415. 

  416. /* base url */
    417. 

  417. var base_url = "<?php echo $siteurl; ?>";
    418. 

  418. var WPSC_URL = "<?php echo WPSC_URL; ?>";
    419. 

  419. 

  420. /* LightBox Configuration start*/
    421. 

  421. var fileLoadingImage = "<?php echo WPSC_URL; ?>/images/loading.gif";    
    422. 

  422. var fileBottomNavCloseImage = "<?php echo WPSC_URL; ?>/images/closelabel.gif";
    423. 

  423. var fileThickboxLoadingImage = "<?php echo WPSC_URL; ?>/images/loadingAnimation.gif";    
    424. 

  424. 

  425. var resizeSpeed = 9;  
    426. 

  426. 

  427. var borderSize = 10;
    428. 

  428. /* LightBox Configuration end*/
    429. 

  429. /* custom admin functions start*/
    430. 

  430. <?php
    431. 

  431.     echo "var TXT_WPSC_DELETE = '".TXT_WPSC_DELETE."';\n\r";
    432. 

  432.     echo "var TXT_WPSC_TEXT = '".TXT_WPSC_TEXT."';\n\r";
    433. 

  433.     echo "var TXT_WPSC_EMAIL = '".TXT_WPSC_EMAIL."';\n\r";
    434. 

  434.     echo "var TXT_WPSC_COUNTRY = '".TXT_WPSC_COUNTRY."';\n\r";
    435. 

  435.     echo "var TXT_WPSC_TEXTAREA = '".TXT_WPSC_TEXTAREA."';\n\r";
    436. 

  436.     echo "var TXT_WPSC_HEADING = '".TXT_WPSC_HEADING."';\n\r";
    437. 

  437.     echo "var TXT_WPSC_COUPON = '".TXT_WPSC_COUPON."';\n\r";
    438. 

  438.     echo "var HTML_FORM_FIELD_TYPES =\"<option value='text' >".TXT_WPSC_TEXT."</option>";
    439. 

  439.     echo "<option value='email' >".TXT_WPSC_EMAIL."</option>";
    440. 

  440.     echo "<option value='address' >".TXT_WPSC_ADDRESS."</option>";
    441. 

  441.     echo "<option value='city' >".TXT_WPSC_CITY."</option>";
    442. 

  442.     echo "<option value='country'>".TXT_WPSC_COUNTRY."</option>";
    443. 

  443.     echo "<option value='delivery_address' >".TXT_WPSC_DELIVERY_ADDRESS."</option>";
    444. 

  444.     echo "<option value='delivery_city' >".TXT_WPSC_DELIVERY_CITY."</option>";
    445. 

  445.     echo "<option value='delivery_country'>".TXT_WPSC_DELIVERY_COUNTRY."</option>";
    446. 

  446.     echo "<option value='textarea' >".TXT_WPSC_TEXTAREA."</option>";    
    447. 

  447.     echo "<option value='heading' >".TXT_WPSC_HEADING."</option>";
    448. 

  448.     echo "<option value='coupon' >".TXT_WPSC_COUPON."</option>\";\n\r";
    449. 

  449. ?>
    450. 

  450. /* custom admin functions end*/
    451. 

  451. </script>
    452. 

  452. <script language="JavaScript" type="text/javascript" src="<?php echo WPSC_URL; ?>/js/thickbox.js"></script>
    453. 

  453. <script language="JavaScript" type="text/javascript" src="<?php echo WPSC_URL; ?>/js/jquery.tooltip.js"></script>
    454. 

  454. <script language="JavaScript" type="text/javascript" src="<?php echo WPSC_URL; ?>/js/dimensions.js"></script>
    455. 

  455. <script language="JavaScript" type="text/javascript" src="<?php echo WPSC_URL; ?>/admin.js"></script>
    456. 

  456. <?php
    457. 

  457. 	}
    458. 

  458. }
    459. 

  459. 

  460. function nzshpcrt_displaypages()
    461. 

  461.   {
    462. 

  462.   $nzshpcrt = new wp_shopping_cart;
    463. 

  463.   $nzshpcrt->displaypages();
    464. 

  464.   }
    465. 

  465. 

  466. function nzshpcrt_adminpage()
    467. 

  467.   {
    468. 

  468.   $nzshpcrt = new wp_shopping_cart;
    469. 

  469.   $nzshpcrt->adminpage();
    470. 

  470.   }
    471. 

  471.   
    472. 

  472. function nzshpcrt_additem()
    473. 

  473.   {
    474. 

  474.   $nzshpcrt = new wp_shopping_cart;
    475. 

  475.   $nzshpcrt->additem();
    476. 

  476.   }
    477. 

  477. 

  478. function nzshpcrt_displayitems()
    479. 

  479.   {
    480. 

  480.   $nzshpcrt = new wp_shopping_cart;
    481. 

  481.   $nzshpcrt->displayitems();
    482. 

  482.   }
    483. 

  483.   
    484. 

  484. function nzshpcrt_instructions()
    485. 

  485.   {
    486. 

  486.   $nzshpcrt = new wp_shopping_cart;
    487. 

  487.   $nzshpcrt->instructions();
    488. 

  488.   }
    489. 

  489. 

  490. function nzshpcrt_options()
    491. 

  491.   {
    492. 

  492.   $nzshpcrt = new wp_shopping_cart;
    493. 

  493.   $nzshpcrt->options();
    494. 

  494.   }
    495. 

  495. 

  496. function nzshpcrt_gatewayoptions()
    497. 

  497.   {
    498. 

  498.   $nzshpcrt = new wp_shopping_cart;
    499. 

  499.   $nzshpcrt->gatewayoptions();
    500. 

  500.   }
    501. 

  501. 

  502. function nzshpcrt_addcategory()
    503. 

  503.   {
    504. 

  504.   $nzshpcrt = new wp_shopping_cart;
    505. 

  505.   $nzshpcrt->addcategory();
    506. 

  506.   //$GLOBALS['nzshpcrt_activateshpcrt'] = true;
    507. 

  507.   }
    508. 

  508.   
    509. 

  509. function nzshpcrt_editcategory()
    510. 

  510.   {
    511. 

  511.   $nzshpcrt = new wp_shopping_cart;
    512. 

  512.   $nzshpcrt->editcategory();
    513. 

  513.   //$GLOBALS['nzshpcrt_activateshpcrt'] = true;
    514. 

  514.   }
    515. 

  515.   
    516. 

  516. function nzshpcrt_editvariations()
    517. 

  517.   {
    518. 

  518.   $nzshpcrt = new wp_shopping_cart;
    519. 

  519.   $nzshpcrt->editvariations();
    520. 

  520.   //$GLOBALS['nzshpcrt_activateshpcrt'] = true;
    521. 

  521.   }
    522. 

  522.   
    523. 

  523. function nzshpcrt_submit_ajax()
    524. 

  524.   {
    525. 

  525.   global $wpdb,$user_level,$wp_rewrite;
    526. 

  526.   get_currentuserinfo();  
    527. 

  527.   if(get_option('permalink_structure') != '') {
    528. 

  528.     $seperator ="?";
    529. 

  529. 	} else {
    530. 

  530. 		$seperator ="&amp;";
    531. 

  531. 	}
    532. 

  532.    
    533. 

  533.    $cartt = $_SESSION['nzshpcrt_cart'];
    534. 

  534.    $cartt1=$cartt[0]->product_id;
    535. 

  535.    
    536. 

  536.   // if is an AJAX request, cruddy code, could be done better but getting approval would be impossible
    537. 

  537.   if(($_POST['ajax'] == "true") || ($_GET['ajax'] == "true"))
    538. 

  538.     {
    539. 

  539. 	if ($_POST['changetax'] == "true") {
    540. 

  540. 		
    541. 

  541. 		if (isset($_POST['billing_region'])){
    542. 

  542. 			$billing_region=$_POST['billing_region'];
    543. 

  543. 		} else {
    544. 

  544. 			$billing_region=$_SESSION['selected_region'];
    545. 

  545. 		}
    546. 

  546. 		$billing_country=$_POST['billing_country'];
    547. 

  547. 		foreach($cartt as $cart_item) {
    548. 

  548. 			$product_id = $cart_item->product_id;
    549. 

  549. 			$quantity = $cart_item->quantity;
    550. 

  550. 			//echo("<pre>".print_r($cart_item->product_variations,true)."</pre>");
    551. 

  551. 			$product = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id` = '$product_id' LIMIT 1",ARRAY_A);
    552. 

  552. 		
    553. 

  553. 			if($product['donation'] == 1) {
    554. 

  554. 				$price = $quantity * $cart_item->donation_price;
    555. 

  555. 			} else {
    556. 

  556. 				$price = $quantity * calculate_product_price($product_id, $cart_item->product_variations);
    557. 

  557. 				if($product['notax'] != 1) {
    558. 

  558. 					$tax += nzshpcrt_calculate_tax($price, $billing_country, $billing_region) - $price;
    559. 

  559. 				}
    560. 

  560. 			$all_donations = false;
    561. 

  561. 			}
    562. 

  562. 

  563. 			if($_SESSION['delivery_country'] != null) {
    564. 

  564. 				$total_shipping += nzshpcrt_determine_item_shipping($product['id'], $quantity, $_SESSION['delivery_country']);
    565. 

  565. 			}
    566. 

  566. 		}
    567. 

  567. 		echo $tax.":".$price.":".$total_shipping;
    568. 

  568. 		exit();
    569. 

  569. 	}
    570. 

  570. 	
    571. 

  571. 	
    572. 

  572. 	if ($_POST['submittogoogle']) {
    573. 

  573. 		$newvalue=$_POST['value'];
    574. 

  574. 		$amount=$_POST['amount'];
    575. 

  575. 		$reason=$_POST['reason'];
    576. 

  576. 		$comment=$_POST['comment'];
    577. 

  577. 		$message=$_POST['message'];
    578. 

  578. 		$amount=number_format($amount, 2, '.', '');
    579. 

  579. 		$log_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."purchase_logs` WHERE `id` = '".$_POST['id']."' LIMIT 1",ARRAY_A);  
    580. 

  580. 		if (($newvalue==2) && function_exists('wpsc_member_activate_subscriptions')){
    581. 

  581. 			wpsc_member_activate_subscriptions($_POST['id']);
    582. 

  582. 		}
    583. 

  583. 		$google_status = unserialize($log_data['google_status']);
    584. 

  584. 		
    585. 

  585. 		switch($newvalue) {
    586. 

  586. 			case "Charge":
    587. 

  587. 				if ($google_status[0]!='CANCELLED_BY_GOOGLE') {
    588. 

  588. 					if ($amount=='') {
    589. 

  589. 						$google_status['0']='Partially Charged';
    590. 

  590. 					} else {
    591. 

  591. 						$google_status['0']='CHARGED';
    592. 

  592. 						$google_status['partial_charge_amount']=$amount;
    593. 

  593. 					}
    594. 

  594. 				}
    595. 

  595. 				break;
    596. 

  596. 				
    597. 

  597. 			case "Cancel":
    598. 

  598. 				if ($google_status[0]!='CANCELLED_BY_GOOGLE')
    599. 

  599. 				$google_status[0]='CANCELLED';
    600. 

  600. 				if ($google_status[1]!='DELIVERED')
    601. 

  601. 					$google_status[1]='WILL_NOT_DELIVER';
    602. 

  602. 				break;
    603. 

  603. 				
    604. 

  604. 			case "Refund":
    605. 

  605. 				if ($amount=='') {
    606. 

  606. 					$google_status['0']='Partially Refund';
    607. 

  607. 				} else {
    608. 

  608. 					$google_status['0']='REFUND';
    609. 

  609. 					$google_status['partial_refund_amount']=$amount;
    610. 

  610. 				}
    611. 

  611. 				break;
    612. 

  612. 				
    613. 

  613. 			case "Ship":
    614. 

  614. 				if ($google_status[1]!='WILL_NOT_DELIVER')
    615. 

  615. 					$google_status[1]='DELIVERED';
    616. 

  616. 				break;
    617. 

  617. 				
    618. 

  618. 			case "Archive":
    619. 

  619. 				$google_status[1]='ARCHIVED';
    620. 

  620. 				break;
    621. 

  621. 		}
    622. 

  622. 		$google_status_sql="UPDATE `".$wpdb->prefix."purchase_logs` SET google_status='".serialize($google_status)."' WHERE `id` = '".$_POST['id']."' LIMIT 1";
    623. 

  623. 		$wpdb->query($google_status_sql);
    624. 

  624. 		$merchant_id = get_option('google_id');
    625. 

  625. 		$merchant_key = get_option('google_key');
    626. 

  626. 		$server_type = get_option('google_server_type');
    627. 

  627. 		$currency = get_option('google_cur');
    628. 

  628. 		$Grequest = new GoogleRequest($merchant_id, $merchant_key, $server_type,$currency);
    629. 

  629. 		$google_order_number=$wpdb->get_var("SELECT google_order_number FROM `".$wpdb->prefix."purchase_logs` WHERE `id` = '".$_POST['id']."' LIMIT 1");
    630. 

  630. 		switch ($newvalue) {
    631. 

  631. 			case 'Charge':
    632. 

  632. 				$Grequest->SendChargeOrder($google_order_number,$amount);
    633. 

  633. 				break;
    634. 

  634. 				
    635. 

  635. 			case 'Ship':
    636. 

  636. 				$Grequest->SendDeliverOrder($google_order_number);
    637. 

  637. 				break;
    638. 

  638. 				
    639. 

  639. 			case 'Archive':
    640. 

  640. 				$Grequest->SendArchiveOrder($google_order_number);
    641. 

  641. 				break;
    642. 

  642. 			
    643. 

  643. 			case 'Refund':
    644. 

  644. 				$Grequest->SendRefundOrder($google_order_number,$amount,$reason);
    645. 

  645. 				break;
    646. 

  646. 				
    647. 

  647. 			case 'Cancel':
    648. 

  648. 				$Grequest->SendCancelOrder($google_order_number,$reason,$comment);
    649. 

  649. 				break;
    650. 

  650. 			
    651. 

  651. 			case 'Send Message':
    652. 

  652. 				$Grequest->SendBuyerMessage($google_order_number,$message);
    653. 

  653. 				break;
    654. 

  654. 		}
    655. 

  655. 		$newvalue++;
    656. 

  656. 		$update_sql = "UPDATE `".$wpdb->prefix."purchase_logs` SET `processed` = '".$newvalue."' WHERE `id` = '".$_POST['id']."' LIMIT 1";  
    657. 

  657. 		//$wpdb->query($update_sql);
    658. 

  658. 		
    659. 

  659. 		exit();
    660. 

  660. 	}
    661. 

  661. 

  662. 		////changes for usps
    663. 

  663. 	if ($_POST['uspsswitch']) {
    664. 

  664. 		foreach ($_SESSION['uspsQuote'] as $quotes) {
    665. 

  665. 			$total=$_POST['total'];
    666. 

  666. 			if ($quotes[$_POST['key']]!='') {
    667. 

  667. 				echo nzshpcrt_currency_display($total+$quotes[$_POST['key']],1);
    668. 

  668. 					echo "<input type='hidden' value='".$total."' id='shopping_cart_total_price'>";
    669. 

  669. 				$_SESSION['usps_shipping']= $quotes[$_POST['key']];
    670. 

  670. 			}
    671. 

  671. 		}
    672. 

  672. 		
    673. 

  673. 		exit();
    674. 

  674. 	}
    675. 

  675. 	//changes for usps ends
    676. 

  676. 	
    677. 

  677.     if(($_GET['user'] == "true") && is_numeric($_POST['prodid']))
    678. 

  678.       {
    679. 

  679. 	  $memberstatus = get_product_meta($_POST['prodid'],'is_membership',true);
    680. 

  680. 	  if(($memberstatus[0]=='1') && ($_SESSION['nzshopcrt_cart']!=NULL)){
    681. 

  681. 	  } else{
    682. 

  682. 		  $sql = "SELECT * FROM `".$wpdb->prefix."product_list` WHERE `id`='".$_POST['prodid']."' LIMIT 1";
    683. 

  683. 		  $item_data = $wpdb->get_results($sql,ARRAY_A);
    684. 

  684. 		  
    685. 

  685. 		  $item_quantity = 0;
    686. 

  686. 		  if($_SESSION['nzshpcrt_cart'] != null)
    687. 

  687. 			{
    688. 

  688. 			foreach($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item)
    689. 

  689. 			  {
    690. 

  690. 				if (($memberstatus[0]!='1')&&($_SESSION['nzshpcrt_cart']!=NULL)){
    691. 

  691. 					if($cart_item->product_id == $_POST['prodid']) {
    692. 

  692. 						if(($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $_POST['variation'])&&($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $_POST['extras'])) {
    693. 

  693. 							$item_quantity += $_SESSION['nzshpcrt_cart'][$cart_key]->quantity;
    694. 

  694. 							$item_variations = $_SESSION['nzshpcrt_cart'][$cart_key]->product_variations;
    695. 

  695. 						}
    696. 

  696. 					}
    697. 

  697. 				}
    698. 

  698. 			  }
    699. 

  699. 			}
    700. 

  700. 		  
    701. 

  701. 		  $item_stock = null;
    702. 

  702. 		  $variation_count = count($_POST['variation']);
    703. 

  703. 		  if(($variation_count >= 1) && ($variation_count <= 2)) {
    704. 

  704. 				foreach($_POST['variation'] as $variation_id) {
    705. 

  705. 					if(is_numeric($variation_id)) {
    706. 

  706. 						$variation_ids[] = (int)$variation_id;
    707. 

  707. 					}
    708. 

  708. 				}
    709. 

  709. 				if(count($variation_ids) == 2)	{
    710. 

  710. 					$variation_stock_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."variation_priceandstock` WHERE `product_id` = '".$_POST['prodid']."' AND (`variation_id_1` = '".$variation_ids[0]."' AND `variation_id_2` = '".$variation_ids[1]."') OR (`variation_id_1` = '".$variation_ids[1]."' AND `variation_id_2` = '".$variation_ids[0]."') LIMIT 1",ARRAY_A);
    711. 

  711. 					$item_stock = $variation_stock_data['stock'];
    712. 

  712. 				} else if(count($variation_ids) == 1) {
    713. 

  713. 					$variation_stock_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."variation_priceandstock` WHERE `product_id` = '".$_POST['prodid']."' AND (`variation_id_1` = '".$variation_ids[0]."' AND `variation_id_2` = '0') LIMIT 1",ARRAY_A);
    714. 

  714. 					$item_stock = $variation_stock_data['stock'];
    715. 

  715. 				}
    716. 

  716. 			}
    717. 

  717. 			
    718. 

  718. 		  if($item_stock === null) {
    719. 

  719. 				$item_stock = $item_data[0]['quantity'];
    720. 

  720. 			}
    721. 

  721. 		  
    722. 

  722. 		  if((($item_data[0]['quantity_limited'] == 1) && ($item_stock > 0) && ($item_stock > $item_quantity)) || ($item_data[0]['quantity_limited'] == 0)) {
    723. 

  723. 				$cartcount = count($_SESSION['nzshpcrt_cart']);
    724. 

  724. 				if(is_array($_POST['variation'])) {  $variations = $_POST['variation'];  }  else  { $variations = null; }
    725. 

  725. 				if(is_array($_POST['extras'])) {  $extras = $_POST['extras'];  }  else  { $extras = null; }
    726. 

  726. 				$updated_quantity = false;
    727. 

  727. 				if($_SESSION['nzshpcrt_cart'] != null) {
    728. 

  728. 					foreach($_SESSION['nzshpcrt_cart'] as $cart_key => $cart_item) {
    729. 

  729. 						if ((!($memberstatus[0]=='1')&&(count($_SESSION['nzshpcrt_cart'])>0))) {
    730. 

  730. 							if((int)$cart_item->product_id === (int)$_POST['prodid']) {  // force both to integer before testing for identicality
    731. 

  731. 								if(($_SESSION['nzshpcrt_cart'][$cart_key]->extras === $extras)&&($_SESSION['nzshpcrt_cart'][$cart_key]->product_variations === $variations) && ((int)$_SESSION['nzshpcrt_cart'][$cart_key]->donation_price == (int)$_POST['donation_price'])) {
    732. 

  732. 									if(is_numeric($_POST['quantity'])) {
    733. 

  733. 										$_SESSION['nzshpcrt_cart'][$cart_key]->quantity += (int)$_POST['quantity'];
    734. 

  734. 									} else {
    735. 

  735. 										$_SESSION['nzshpcrt_cart'][$cart_key]->quantity++;
    736. 

  736. 									}
    737. 

  737. 									$updated_quantity = true;
    738. 

  738. 								}
    739. 

  739. 							}
    740. 

  740. 					}
    741. 

  741. 				}
    742. 

  742. 			}
    743. 

  743. 			if($item_data[0]['donation'] == 1) {
    744. 

  744. 			  $donation = $_POST['donation_price'];
    745. 

  745. 			} else 	{
    746. 

  746. 				$donation = false;
    747. 

  747. 			}
    748. 

  748. 			if(!(($memberstatus[0]=='1')&&(count($_SESSION['nzshpcrt_cart'])>0))){
    749. 

  749. 				$status = get_product_meta($cartt1, 'is_membership', true);
    750. 

  750. 				if ($status[0]=='1'){
    751. 

  751. 				  exit();
    752. 

  752. 				}	
    753. 

  753. 				if($updated_quantity === false) {
    754. 

  754. 				  if(is_numeric($_POST['quantity'])) {
    755. 

  755. 						if($_POST['quantity'] > 0) {
    756. 

  756. 							$new_cart_item = new cart_item($_POST['prodid'],$variations,$_POST['quantity'], $donation,$extras);
    757. 

  757. 					  }
    758. 

  758. 					} else {
    759. 

  759. 						//echo "correct";
    760. 

  760. 					  $new_cart_item = new cart_item($_POST['prodid'],$variations, 1, $donation,$extras);
    761. 

  761. 					}
    762. 

  762. 				  $_SESSION['nzshpcrt_cart'][] = $new_cart_item;
    763. 

  763. 				  }
    764. 

  764. 			  }
    765. 

  765. 			} else {
    766. 

  766. 			  $quantity_limit = true;
    767. 

  767. 			}
    768. 

  768. 		  
    769. 

  769. 		  $cart = $_SESSION['nzshpcrt_cart'];
    770. 

  770. 		  
    771. 

  771. 		  if (($memberstatus[0]=='1')&&(count($cart)>1)) {
    772. 

  772. 			} else {
    773. 

  773. 				$status = get_product_meta($cartt1, 'is_membership', true);
    774. 

  774. 				if ($status[0]=='1'){
    775. 

  775. 					exit('st');
    776. 

  776. 				}
    777. 

  777. 			  echo  "if(document.getElementById('shoppingcartcontents') != null)
    778. 

  778. 					  {
    779. 

  779. 					  document.getElementById('shoppingcartcontents').innerHTML = \"".str_replace(Array("\n","\r") , "",addslashes(nzshpcrt_shopping_basket_internals($cart,$quantity_limit))). "\";
    780. 

  780. 					  }
    781. 

  781. 					";
    782. 

  782. 		
    783. 

  783. 			  if(($_POST['prodid'] != null) &&(get_option('fancy_notifications') == 1)) {
    784. 

  784. 				echo "if(document.getElementById('fancy_notification_content') != null)
    785. 

  785. 					  {
    786. 

  786. 					  document.getElementById('fancy_notification_content').innerHTML = \"".str_replace(Array("\n","\r") , "",addslashes(fancy_notification_content($_POST['prodid'], $quantity_limit))). "\";
    787. 

  787. 					  jQuery('#loading_animation').css('display', 'none');
    788. 

  788. 					  jQuery('#fancy_notification_content').css('display', 'block');  
    789. 

  789. 					  }
    790. 

  790. 					";
    791. 

  791. 				}
    792. 

  792. 			  
    793. 

  793. 			  if($_SESSION['slider_state'] == 0) {
    794. 

  794. 				echo  'jQuery("#sliding_cart").css({ display: "none"});'."\n\r";
    795. 

  795. 				} else {
    796. 

  796. 				echo  'jQuery("#sliding_cart").css({ display: "block"});'."\n\r";
    797. 

  797. 				}
    798. 

  798. 			}
    799. 

  799. 		}
    800. 

  800.       exit();
    801. 

  801. 		} else if(($_POST['user'] == "true") && ($_POST['emptycart'] == "true")) {
    802. 

  802. 			//exit("/* \n\r ".get_option('shopping_cart_url')." \n\r ".print_r($_POST,true)." \n\r */");
    803. 

  803. 			$_SESSION['nzshpcrt_cart'] = '';			
    804. 

  804. 			$_SESSION['nzshpcrt_cart'] = Array();      
    805. 

  805. 			echo  "if(document.getElementById('shoppingcartcontents') != null) {   
    806. 

  806. 			document.getElementById('shoppingcartcontents').innerHTML = \"".str_replace(Array("\n","\r") , "", addslashes(nzshpcrt_shopping_basket_internals($cart))). "\";
    807. 

  807. 			}\n\r";
    808. 

  808. 			
    809. 

  809. 			if($_POST['current_page'] == get_option('shopping_cart_url')) {
    810. 

  810. 			  echo "window.location = '".get_option('shopping_cart_url')."';\n\r"; // if we are on the checkout page, redirect back to it to clear the non-ajax cart too
    811. 

  811. 			}
    812. 

  812. 			exit();
    813. 

  813. 		}
    814. 

  814. 

  815. 	if ($_POST['store_list']=="true") {
    816. 

  816. 		$map_data['address'] = $_POST['addr'];
    817. 

  817. 		$map_data['city'] = $_POST['city'];
    818. 

  818. 		$map_data['country'] = 'US';
    819. 

  819. 		$map_data['zipcode']='';
    820. 

  820. 		$map_data['radius'] = '50000';
    821. 

  821. 		$map_data['state'] = '';
    822. 

  822. 		$map_data['submit'] = 'Find Store';
    823. 

  823. 		$stores = getdistance($map_data);
    824. 

  824. 		$i=0;
    825. 

  825. 		while($rows = mysql_fetch_array($stores)) {
    826. 

  826. 			//echo "<pre>".print_r($rows,1)."</pre>";
    827. 

  827. 			if ($i==0) {
    828. 

  828. 				$closest_store = $rows[5];
    829. 

  829. 			}
    830. 

  830. 			$i++;
    831. 

  831. 			$store_list[$i] = $rows[5];
    832. 

  832. 		}
    833. 

  833. 	foreach ($store_list as $store){
    834. 

  834. 		$output.="<option value='$store'>$store</option>";
    835. 

  835. 	}
    836. 

  836. 	echo $output;
    837. 

  837. 	exit();
    838. 

  838. 	}
    839. 

  839.     
    840. 

  840.     if($_POST['admin'] == "true") {
    841. 

  841.     
    842. 

  842. 			if(is_numeric($_POST['prodid'])) {
    843. 

  843. 				/* fill product form */    
    844. 

  844. 				echo nzshpcrt_getproductform($_POST['prodid']);
    845. 

  845. 				exit();
    846. 

  846. 			} else if(is_numeric($_POST['catid'])) {
    847. 

  847. 				/* fill category form */   
    848. 

  848. 				echo nzshpcrt_getcategoryform($_POST['catid']);
    849. 

  849. 				exit();
    850. 

  850. 			} else if(is_numeric($_POST['brandid'])) {
    851. 

  851. 				/* fill brand form */   
    852. 

  852. 				echo nzshpcrt_getbrandsform($_POST['brandid']);
    853. 

  853. 				exit();
    854. 

  854. 			} else if(is_numeric($_POST['variation_id'])) {  
    855. 

  855. 				echo nzshpcrt_getvariationform($_POST['variation_id']);
    856. 

  856. 				exit();
    857. 

  857. 			}
    858. 

  858. 			
    859. 

  859. 			
    860. 

  860. 			if($_POST['hide_ecom_dashboard'] == 'true') {
    861. 

  861. 				require_once (ABSPATH . WPINC . '/rss.php');
    862. 

  862. 				$rss = fetch_rss('http://www.instinct.co.nz/feed/');				
    863. 

  863. 				$rss->items = array_slice($rss->items, 0, 5);
    864. 

  864. 				$rss_hash = sha1(serialize($rss->items));				
    865. 

  865.         update_option('wpsc_ecom_news_hash', $rss_hash);
    866. 

  866. 				exit(1);
    867. 

  867. 			}			
    868. 

  868. 			
    869. 

  869. 			if(($_POST['remove_meta'] == 'true') && is_numeric($_POST['meta_id'])) {
    870. 

  870. 			  $meta_id = (int)$_POST['meta_id'];
    871. 

  871. 			  $selected_meta = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}') ",ARRAY_A);
    872. 

  872. 			  if($selected_meta != null) {
    873. 

  873. 			    if($wpdb->query("DELETE FROM `{$wpdb->prefix}wpsc_productmeta` WHERE `id` IN('{$meta_id}')  LIMIT 1")) {
    874. 

  874. 			      echo $meta_id;
    875. 

  875. 			      exit();
    876. 

  876. 			    }
    877. 

  877. 			  }
    878. 

  878. 			  echo 0;
    879. 

  879. 				exit();
    880. 

  880. 			}	
    881. 

  881.       exit();
    882. 

  882. 		}
    883. 

  883.             
    884. 

  884.     
    885. 

  885.     if(is_numeric($_POST['currencyid'])){
    886. 

  886.       $currency_data = $wpdb->get_results("SELECT `symbol`,`symbol_html`,`code` FROM `".$wpdb->prefix."currency_list` WHERE `id`='".$_POST['currencyid']."' LIMIT 1",ARRAY_A) ;
    887. 

  887.       $price_out = null;
    888. 

  888.       if($currency_data[0]['symbol'] != '') {
    889. 

  889.         $currency_sign = $currency_data[0]['symbol_html'];
    890. 

  890. 			} else {
    891. 

  891. 				$currency_sign = $currency_data[0]['code'];
    892. 

  892. 			}
    893. 

  893.       echo $currency_sign;
    894. 

  894.       exit();
    895. 

  895. 		}
    896. 

  896.       //echo "--==->";
    897. 

  897. 	if($_POST['buynow'] == "true") {
    898. 

  898. 		$id = $_REQUEST['product_id'];
    899. 

  899. 		$price = $_REQUEST['price'];
    900. 

  900. 		$downloads = get_option('max_downloads');
    901. 

  901. 		$product_sql = "SELECT * FROM ".$wpdb->prefix."product_list WHERE id = ".$id." LIMIT 1";
    902. 

  902. 		$product_info = $wpdb->get_results($product_sql, ARRAY_A);
    903. 

  903. 		$product_info = $product_info[0];
    904. 

  904. 		$sessionid = (mt_rand(100,999).time());
    905. 

  905. 		$sql = "INSERT INTO `".$wpdb->prefix."purchase_logs` ( `totalprice` , `sessionid` , `date`, `billing_country`, `shipping_country`,`shipping_region`, `user_ID`, `discount_value` ) VALUES ( '".$price."', '".$sessionid."', '".time()."', 'BuyNow', 'BuyNow', 'BuyNow' , NULL , 0)";
    906. 

  906. 		$wpdb->query($sql) ;
    907. 

  907. 		$log_id = $wpdb->get_var("SELECT `id` FROM `".$wpdb->prefix."purchase_logs` WHERE `sessionid` IN('".$sessionid."') LIMIT 1") ;
    908. 

  908. 		$cartsql = "INSERT INTO `".$wpdb->prefix."cart_contents` ( `prodid` , `purchaseid`, `price`, `pnp`, `gst`, `quantity`, `donation`, `no_shipping` ) VALUES ('".$id."', '".$log_id."','".$price."','0', '0','1', '".$donation."', '1')";
    909. 

  909. 		$wpdb->query($cartsql);
    910. 

  910. 		$wpdb->query("INSERT INTO `".$wpdb->prefix."download_status` ( `fileid` , `purchid` , `downloads` , `active` , `datetime` ) VALUES ( '".$product_info['file']."', '".$log_id."', '$downloads', '0', NOW( ));");
    911. 

  911. 	exit();
    912. 

  912. 	}
    913. 

  913. 	
    914. 

  914. 	if(($_POST['changeorder'] == "true") && is_numeric($_POST['category_id'])) {
    915. 

  915. 		$category_id = (int)$_POST['category_id'];
    916. 

  916. 		$hash=$_POST['sort1'];
    917. 

  917. 		$order=1;
    918. 

  918. 		foreach($hash as $id) {
    919. 

  919. 			$wpdb->query("UPDATE `".$wpdb->prefix."product_order` SET `order`=$order WHERE `product_id`=".(int)$id." AND `category_id`=".(int)$category_id." LIMIT 1");
    920. 

  920. 			$order++;
    921. 

  921. 		}  
    922. 

  922. 	exit(" ");
    923. 

  923. 	}
    924. 

  924. 	
    925. 

  925.     
    926. 

  926.     /* rate item */    
    927. 

  927.     if(($_POST['rate_item'] == "true") && is_numeric($_POST['product_id']) && is_numeric($_POST['rating']))
    928. 

  928.       {
    929. 

  929.       $nowtime = time();
    930. 

  930.       $prodid = $_POST['product_id'];
    931. 

  931.       $ip_number = $_SERVER['REMOTE_ADDR'];
    932. 

  932.       $rating = $_POST['rating'];
    933. 

  933.       
    934. 

  934.       $cookie_data = explode(",",$_COOKIE['voting_cookie'][$prodid]);
    935. 

  935.       
    936. 

  936.       if(is_numeric($cookie_data[0]) && ($cookie_data[0] > 0))
    937. 

  937.         {
    938. 

  938.         $vote_id = $cookie_data[0];
    939. 

  939.         $wpdb->query("UPDATE `".$wpdb->prefix."product_rating` SET `rated` = '".$rating."' WHERE `id` ='".$vote_id."' LIMIT 1 ;");
    940. 

  940.         }
    941. 

  941.         else
    942. 

  942.           {
    943. 

  943.           $insert_sql = "INSERT INTO `".$wpdb->prefix."product_rating` ( `ipnum`  , `productid` , `rated`, `time`) VALUES ( '".$ip_number."', '".$prodid."', '".$rating."', '".$nowtime."');";
    944. 

  944.           $wpdb->query($insert_sql);
    945. 

  945.           
    946. 

  946.           $data = $wpdb->get_results("SELECT `id`,`rated` FROM `".$wpdb->prefix."product_rating` WHERE `ipnum`='".$ip_number."' AND `productid` = '".$prodid."'  AND `rated` = '".$rating."' AND `time` = '".$nowtime."' ORDER BY `id` DESC LIMIT 1",ARRAY_A) ;
    947. 

  947.           
    948. 

  948.           $vote_id = $data[0]['id'];
    949. 

  949.           setcookie("voting_cookie[$prodid]", ($vote_id.",".$rating),time()+(60*60*24*360));
    950. 

  950.           }   
    951. 

  951.       
    952. 

  952.       
    953. 

  953.       
    954. 

  954.       $output[1]= $prodid;
    955. 

  955.       $output[2]= $rating;
    956. 

  956.       echo $output[1].",".$output[2];
    957. 

  957.       exit();
    958. 

  958.       }
    959. 

  959. //written by allen
    960. 

  960. 	if ($_REQUEST['save_tracking_id'] == "true"){
    961. 

  961. 		$id = $_POST['id'];
    962. 

  962. 		$value = $_POST['value'];
    963. 

  963. 		$update_sql = "UPDATE ".$wpdb->prefix."purchase_logs SET track_id = '".$value."' WHERE id=$id";
    964. 

  964. 		$wpdb->query($update_sql);
    965. 

  965. 		exit();
    966. 

  966. 	}
    967. 

  967.       
    968. 

  968.     if(($_POST['get_rating_count'] == "true") && is_numeric($_POST['product_id']))
    969. 

  969.       {
    970. 

  970.       $prodid = $_POST['product_id'];
    971. 

  971.       $data = $wpdb->get_results("SELECT COUNT(*) AS `count` FROM `".$wpdb->prefix."product_rating` WHERE `productid` = '".$prodid."'",ARRAY_A) ;
    972. 

  972.       echo $data[0]['count'].",".$prodid;
    973. 

  973.       exit();
    974. 

  974.       }
    975. 

  975.       
    976. 

  976.       /// Pointless AJAX call is pointless
    977. 

  977. 			// 	if(isset($_POST['changeperpage'])) {
    978. 

  978. 			// 		$item_per_page = $_POST['changeperpage'];
    979. 

  979. 			// 		echo $item_per_page;
    980. 

  980. 			// 		exit();
    981. 

  981. 			// 	}
    982. 

  982.       
    983. 

  983.     if(($_POST['remove_variation_value'] == "true") && is_numeric($_POST['variation_value_id']))
    984. 

  984.       {
    985. 

  985.       $wpdb->query("DELETE FROM `".$wpdb->prefix."variation_values_associations` WHERE `value_id` = '".$_POST['variation_value_id']."'");
    986. 

  986.       $wpdb->query("DELETE FROM `".$wpdb->prefix."variation_values` WHERE `id` = '".$_POST['variation_value_id']."' LIMIT 1");
    987. 

  987.       exit();
    988. 

  988.       }
    989. 

  989.       
    990. 

  990.     if(($_POST['get_updated_price'] == "true") && is_numeric($_POST['product_id']))
    991. 

  991.       {
    992. 

  992.       $notax = $wpdb->get_var("SELECT `notax` FROM `".$wpdb->prefix."product_list` WHERE `id` IN('".$_POST['product_id']."') LIMIT 1");
    993. 

  993.       foreach((array)$_POST['variation'] as $variation)
    994. 

  994.         {
    995. 

  995.         if(is_numeric($variation))
    996. 

  996.           {
    997. 

  997.           $variations[] = $variation;
    998. 

  998.           }
    999. 

  999.         }
    1000. 

  1000. 	foreach((array)$_POST['extra'] as $extra)
    1001. 

  1001.         {
    1002. 

  1002.         if(is_numeric($extra))
    1003. 

  1003.           {
    1004. 

  1004.           $extras[] = $extra;
    1005. 

  1005.           }
    1006. 

  1006.         }
    1007. 

  1007. 	$pm=$_POST['pm'];
    1008. 

  1008. 	echo "product_id=".$_POST['product_id'].";\n";
    1009. 

  1009. 	
    1010. 

  1010. 	echo "price=\"".nzshpcrt_currency_display(calculate_product_price($_POST['product_id'], $variations,'stay',$extras), $notax)."\";\n";
    1011. 

  1011.       //exit(print_r($extras,1));
    1012. 

  1012. 	exit();
    1013. 

  1013.       }
    1014. 

  1014.       
    1015. 

  1015.     if(($_REQUEST['log_state'] == "true") && is_numeric($_POST['id']) && is_numeric($_POST['value'])) {
    1016. 

  1016. 			$newvalue = $_POST['value'];
    1017. 

  1017. 			if ($_REQUEST['suspend']=='true'){
    1018. 

  1018. 				if ($_REQUEST['value']==1){
    1019. 

  1019. 					wpsc_member_dedeactivate_subscriptions($_POST['id']);
    1020. 

  1020. 				} else {
    1021. 

  1021. 					wpsc_member_deactivate_subscriptions($_POST['id']);
    1022. 

  1022. 				}
    1023. 

  1023. 				exit();
    1024. 

  1024. 			} else {
    1025. 

  1025.       
    1026. 

  1026. 				$log_data = $wpdb->get_row("SELECT * FROM `".$wpdb->prefix."purchase_logs` WHERE `id` = '".$_POST['id']."' LIMIT 1",ARRAY_A);  
    1027. 

  1027. 				if (($newvalue==2) && function_exists('wpsc_member_activate_subscriptions')){
    1028. 

  1028. 					wpsc_member_activate_subscriptions($_POST['id']);
    1029. 

  1029. 				}
    1030. 

  1030. 				
    1031. 

  1031. 				$update_sql = "UPDATE `".$wpdb->prefix."purchase_logs` SET `processed` = '".$newvalue."' WHERE `id` = '".$_POST['id']."' LIMIT 1";  
    1032. 

  1032. 				$wpdb->query($update_sql);
    1033. 

  1033. 				//echo("/*");
    1034. 

  1034. 				if(($newvalue > $log_data['processed']) && ($log_data['processed'] < 2)) {
    1035. 

  1035. 					transaction_results($log_data['sessionid'],false);
    1036. 

  1036. 				}      
    1037. 

  1037. 				//echo("*/");
    1038. 

  1038. 				$stage_sql = "SELECT * FROM `".$wpdb->prefix."purchase_statuses` WHERE `id`='".$newvalue."' AND `active`='1' LIMIT 1";
    1039. 

  1039. 				$stage_data = $wpdb->get_row($stage_sql,ARRAY_A);
    1040. 

  1040. 						
    1041. 

  1041. 				echo "document.getElementById(\"form_group_".$_POST['id']."_text\").innerHTML = '".$stage_data['name']."';\n";
    1042. 

  1042. 				echo "document.getElementById(\"form_group_".$_POST['id']."_text\").style.color = '#".$stage_data['colour']."';\n";
    1043. 

  1043. 				
    1044. 

  1044. 				
    1045. 

  1045. 				$year = date("Y");
    1046. 

  1046. 				$month = date("m");
    1047. 

  1047. 				$start_timestamp = mktime(0, 0, 0, $month, 1, $year);
    1048. 

  1048. 				$end_timestamp = mktime(0, 0, 0, ($month+1), 0, $year);
    1049. 

  1049. 				
    1050. 

  1050. 				echo "document.getElementById(\"log_total_month\").innerHTML = '".addslashes(nzshpcrt_currency_display(admin_display_total_price($start_timestamp, $end_timestamp),1))."';\n";
    1051. 

  1051. 				echo "document.getElementById(\"log_total_absolute\").innerHTML = '".addslashes(nzshpcrt_currency_display(admin_display_total_price(),1))."';\n";
    1052. 

  1052. 				exit();
    1053. 

  1053. 		  }
    1054. 

  1054.     }
    1055. 

  1055.       
    1056. 

  1056. 	if(($_POST['list_variation_values'] == "true") && is_numeric($_POST['new_variation_id'])) {
    1057. 

  1057. 		$variation_processor = new nzshpcrt_variations();
    1058. 

  1058. 		echo "variation_value_id = \"".$_POST['new_variation_id']."\";\n";
    1059. 

  1059. 		echo "variation_value_html = \"".$variation_processor->display_variation_values($_POST['prefix'],$_POST['new_variation_id'])."\";\n";
    1060. 

  1060. 		$variations_selected = array_values(array_unique(array_merge((array)$_POST['new_variation_id'], (array)$_POST['variation_id'])));		
    1061. 

  1061. 		echo "variation_subvalue_html = \"".str_replace("\n\r", '\n\r', $variation_processor->variations_add_grid_view((array)$variations_selected))."\";\n";
    1062. 

  1062. 		//echo "/*\n\r".print_r(array_values(array_unique(array_merge((array)$_POST['new_variation_id'], $_POST['variation_id']))),true)."\n\r*/";
    1063. 

  1063. 		exit();
    1064. 

  1064. 	}
    1065. 

  1065.       
    1066. 

  1066. 	if(($_POST['redisplay_variation_values'] == "true")) {
    1067. 

  1067. 		$variation_processor = new nzshpcrt_variations();
    1068. 

  1068. 		$variations_selected = array_values(array_unique(array_merge((array)$_POST['new_variation_id'], (array)$_POST['variation_id'])));		
    1069. 

  1069. 		foreach($variations_selected as $variation_id) {
    1070. 

  1070. 		  // cast everything to integer to make sure nothing nasty gets in.
    1071. 

  1071. 		  $variation_list[] = (int)$variation_id;
    1072. 

  1072. 		}
    1073. 

  1073. 		echo $variation_processor->variations_add_grid_view((array)$variation_list);
    1074. 

  1074. 		//echo "/*\n\r".print_r(array_values(array_unique($_POST['variation_id'])),true)."\n\r*/";
    1075. 

  1075. 		exit();
    1076. 

  1076. 	}
    1077. 

  1077. 	
    1078. 

  1078. 

  1079. 	if(($_POST['edit_variation_value_list'] == 'true') && is_numeric($_POST['variation_id']) && is_numeric($_POST['product_id'])) {
    1080. 

  1080. 		$variation_id = (int)$_POST['variation_id'];
    1081. 

  1081. 		$product_id = (int)$_POST['product_id'];
    1082. 

  1082. 		$variations_processor = new nzshpcrt_variations();
    1083. 

  1083. 		$variation_values = $variations_processor->falsepost_variation_values($variation_id);
    1084. 

  1084. 		if(is_array($variation_values)) {
    1085. 

  1085. 			//echo(print_r($variation_values,true));
    1086. 

  1086. 			$check_variation_added = $wpdb->get_var("SELECT `id` FROM `".$wpdb->prefix."variation_associations` WHERE `type` IN ('product') AND `associated_id` IN ('{$product_id}') AND `variation_id` IN ('{$variation_id}') LIMIT 1");
    1087. 

  1087. 			if($check_variation_added == null) {
    1088. 

  1088. 				$variations_processor->add_to_existing_product($product_id,$variation_values);			
    1089. 

  1089. 			}
    1090. 

  1090. 			echo $variations_processor->display_attached_variations($product_id);
    1091. 

  1091. 			echo $variations_processor->variations_grid_view($product_id); 
    1092. 

  1092. 		} else {
    1093. 

  1093. 			echo "false";
    1094. 

  1094. 		}
    1095. 

  1095. 		exit();
    1096. 

  1096. 	}
    1097. 

  1097.       
    1098. 

  1098. 

  1099.             
    1100. 

  1100. 	if(($_POST['remove_form_field'] == "true") && is_numeric($_POST['form_id'])) {
    1101. 

  1101. 		//exit(print_r($user,true));
    1102. 

  1102. 		if(current_user_can('level_7')) {
    1103. 

  1103. 			$wpdb->query("UPDATE `".$wpdb->prefix."collect_data_forms` SET `active` = '0' WHERE `id` ='".$_POST['form_id']."' LIMIT 1 ;");
    1104. 

  1104. 			exit(' ');
    1105. 

  1105. 		}
    1106. 

  1106. 	}
    1107. 

  1107.       
    1108. 

  1108.       
    1109. 

  1109.       /*
    1110. 

  1110.        * function for handling the checkout billing address
    1111. 

  1111.        */      
    1112. 

  1112.     if(preg_match("/[a-zA-Z]{2,4}/", $_POST['billing_country']))
    1113. 

  1113.       {
    1114. 

  1114.       if($_SESSION['selected_country'] == $_POST['billing_country'])
    1115. 

  1115.         {
    1116. 

  1116.         $do_not_refresh_regions = true;
    1117. 

  1117.         }
    1118. 

  1118.         else
    1119. 

  1119.         {
    1120. 

  1120.         $do_not_refresh_regions = false;
    1121. 

  1121.         $_SESSION['selected_country'] = $_POST['billing_country'];
    1122. 

  1122.         }
    1123. 

  1123. 	
    1124. 

  1124. 	
    1125. 

  1125. 	
    1126. 

  1126.       if(is_numeric($_POST['form_id']))
    1127. 

  1127.         {
    1128. 

  1128.         $form_id = $_POST['form_id'];
    1129. 

  1129.         $html_form_id = "region_country_form_$form_id";
    1130. 

  1130.         }
    1131. 

  1131.         else
    1132. 

  1132.           {
    1133. 

  1133.           $html_form_id = 'region_country_form';
    1134. 

  1134.           }
    1135. 

  1135.         
    1136. 

  1136.         if(is_numeric($_POST['billing_region']))
    1137. 

  1137.           {
    1138. 

  1138.           $_SESSION['selected_region'] = $_POST['billing_region'];
    1139. 

  1139.           }
    1140. 

  1140.       $cart =& $_SESSION['nzshpcrt_cart'];
    1141. 

  1141. 	if (($memberstatus[0]=='1')&&(count($cart)>0)){
    1142. 

  1142. 			echo "
    1143. 

  1143. 			";
    1144. 

  1144. 			}else{
    1145. 

  1145. 			if ($status[0]=='1'){
    1146. 

  1146. 			  exit();
    1147. 

  1147. 			}
    1148. 

  1148. 			  echo  "if(document.getElementById('shoppingcartcontents') != null)
    1149. 

  1149. 					  {
    1150. 

  1150. 					  document.getElementById('shoppingcartcontents').innerHTML = \"".str_replace(Array("\n","\r") , "",addslashes(nzshpcrt_shopping_basket_internals($cart,$quantity_limit))). "\";
    1151. 

  1151. 					  }
    1152. 

  1152. 					";
    1153. 

  1153. 		
    1154. 

  1154. 			  if($do_not_refresh_regions == false)
    1155. 

  1155. 				{
    1156. 

  1156. 				$region_list = $wpdb->get_results("SELECT `".$wpdb->prefix."region_tax`.* FROM `".$wpdb->prefix."region_tax`, `".$wpdb->prefix."currency_list`  WHERE `".$wpdb->prefix."currency_list`.`isocode` IN('".$_POST['billing_country']."') AND `".$wpdb->prefix."currency_list`.`id` = `".$wpdb->prefix."region_tax`.`country_id`",ARRAY_A) ;
    1157. 

  1157. 				  if($region_list != null)
    1158. 

  1158. 					{
    1159. 

  1159. 					$output .= "<select name='collected_data[".$form_id."][1]' class='current_region' onchange='set_billing_country(\\\"$html_form_id\\\", \\\"$form_id\\\");'>";
    1160. 

  1160. 					//$output .= "<option value=''>None</option>";
    1161. 

  1161. 					foreach($region_list as $region)
    1162. 

  1162. 					  {
    1163. 

  1163. 					  if($_SESSION['selected_region'] == $region['id'])
    1164. 

  1164. 						{
    1165. 

  1165. 						$selected = "selected='true'";
    1166. 

  1166. 						}
    1167. 

  1167. 						else
    1168. 

  1168. 						  {
    1169. 

  1169. 						  $selected = "";
    1170. 

  1170. 						  }
    1171. 

  1171. 					  $output .= "<option value='".$region['id']."' $selected>".$region['name']."</option>";
    1172. 

  1172. 					  }
    1173. 

  1173. 					$output .= "</select>";
    1174. 

  1174. 			  echo  "if(document.getElementById('region_select_$form_id') != null)
    1175. 

  1175. 		  {
    1176. 

  1176. 		  document.getElementById('region_select_$form_id').innerHTML = \"".$output."\";
    1177. 

  1177. 		  }
    1178. 

  1178. 		";
    1179. 

  1179. 				  }
    1180. 

  1180. 				  else
    1181. 

  1181. 				  {
    1182. 

  1182. 				  echo  "if(document.getElementById('region_select_$form_id') != null)
    1183. 

  1183. 		  {
    1184. 

  1184. 		  document.getElementById('region_select_$form_id').innerHTML = \"\";
    1185. 

  1185. 		  }
    1186. 

  1186. 		";
    1187. 

  1187. 				  }
    1188. 

  1188. 				}
    1189. 

  1189. 		}
    1190. 

  1190.       exit();
    1191. 

  1191.       }
    1192. 

  1192.     
    1193. 

  1193.     if(($_POST['get_country_tax'] == "true") && preg_match("/[a-zA-Z]{2,4}/",$_POST['country_id']))  
    1194. 

  1194.       {
    1195. 

  1195.       $country_id = $_POST['country_id'];
    1196. 

  1196.       $region_list = $wpdb->get_results("SELECT `".$wpdb->prefix."region_tax`.* FROM `".$wpdb->prefix."region_tax`, `".$wpdb->prefix."currency_list`  WHERE `".$wpdb->prefix."currency_list`.`isocode` IN('".$country_id."') AND `".$wpdb->prefix."currency_list`.`id` = `".$wpdb->prefix."region_tax`.`country_id`",ARRAY_A) ;
    1197. 

  1197.       if($region_list != null)
    1198. 

  1198.         {
    1199. 

  1199.         echo "<select name='base_region'>\n\r";
    1200. 

  1200.         foreach($region_list as $region)
    1201. 

  1201.           {
    1202. 

  1202.           if(get_option('base_region')  == $region['id'])
    1203. 

  1203.             {
    1204. 

  1204.             $selected = "selected='true'";
    1205. 

  1205.             }
    1206. 

  1206.             else
    1207. 

  1207.               {
    1208. 

  1208.               $selected = "";
    1209. 

  1209.               }
    1210. 

  1210.           echo "<option value='".$region['id']."' $selected>".$region['name']."</option>\n\r";
    1211. 

  1211.           }
    1212. 

  1212.         echo "</select>\n\r";    
    1213. 

  1213.         }
    1214. 

  1214.         else { echo "&nbsp;"; }
    1215. 

  1215.       exit();
    1216. 

  1216.       }
    1217. 

  1217.       
    1218. 

  1218.     
    1219. 

  1219.     /* fill product form */    
    1220. 

  1220.     if(($_POST['set_slider'] == "true") && is_numeric($_POST['state']))
    1221. 

  1221.       {
    1222. 

  1222.       $_SESSION['slider_state'] = $_POST['state'];
    1223. 

  1223.       exit();
    1224. 

  1224.       }  /* fill category form */
    1225. 

  1225.       
    1226. 

  1226.       
    1227. 

  1227.      
    1228. 

  1228.       
    1229. 

  1229.     if($_GET['action'] == "register")
    1230. 

  1230.       {
    1231. 

  1231.       $siteurl = get_option('siteurl');       
    1232. 

  1232.       require_once( ABSPATH . WPINC . '/registration-functions.php');
    1233. 

  1233.       if(($_POST['action']=='register') && get_settings('users_can_register'))
    1234. 

  1234.         {        
    1235. 

  1235.         //exit("fail for testing purposes");
    1236. 

  1236.         $user_login = sanitize_user( $_POST['user_login'] );
    1237. 

  1237.         $user_email = $_POST['user_email'];
    1238. 

  1238.         
    1239. 

  1239.         $errors = array();
    1240. 

  1240.           
    1241. 

  1241.         if ( $user_login == '' )
    1242. 

  1242.           exit($errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'));
    1243. 

  1243.       
    1244. 

  1244.         /* checking e-mail address */
    1245. 

  1245.         if ($user_email == '') {
    1246. 

  1246.           exit(__('<strong>ERROR</strong>: Please type your e-mail address.'));
    1247. 

  1247.         } else if (!is_email($user_email)) {
    1248. 

  1248.           exit( __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
    1249. 

  1249.           $user_email = '';
    1250. 

  1250.         }
    1251. 

  1251.       
    1252. 

  1252.         if ( ! validate_username($user_login) ) {
    1253. 

  1253.           $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
    1254. 

  1254.           $user_login = '';
    1255. 

  1255.         }
    1256. 

  1256.       
    1257. 

  1257.         if ( username_exists( $user_login ) )
    1258. 

  1258.           exit( __('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
    1259. 

  1259.       
    1260. 

  1260.         /* checking the email isn't already used by another user */
    1261. 

  1261.         $email_exists = $wpdb->get_row("SELECT user_email FROM $wpdb->users WHERE user_email = '$user_email'");
    1262. 

  1262.         if ( $email_exists)
    1263. 

  1263.           die (__('<strong>ERROR</strong>: This email address is already registered, please supply another.'));
    1264. 

  1264.       
    1265. 

  1265.       
    1266. 

  1266.       
    1267. 

  1267.         
    1268. 

  1268.         if ( 0 == count($errors) ) {
    1269. 

  1269.           $password = substr( md5( uniqid( microtime() ) ), 0, 7);
    1270. 

  1270.           //xit('there?');      
    1271. 

  1271.           $user_id = wp_create_user( $user_login, $password, $user_email );
    1272. 

  1272.           if ( !$user_id )
    1273. 

  1273.             {
    1274. 

  1274.             exit(sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
    1275. 

  1275.             }
    1276. 

  1276.             else
    1277. 

  1277.             {
    1278. 

  1278.             wp_new_user_notification($user_id, $password);
    1279. 

  1279.             ?>
    1280. 

  1280. <div id="login"> 
    1281. 

  1281.   <h2><?php _e('Registration Complete') ?></h2>
    1282. 

  1282.   <p><?php printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>") ?><br />
    1283. 

  1283.   <?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br />
    1284. 

  1284.   <?php printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>") ?></p>
    1285. 

  1285. </div>
    1286. 

  1286. <?php
    1287. 

  1287.             }
    1288. 

  1288.           }
    1289. 

  1289.         }
    1290. 

  1290.         else
    1291. 

  1291.           {
    1292. 

  1292.           // onsubmit='submit_register_form(this);return false;'
    1293. 

  1293.           echo "<div id='login'>
    1294. 

  1294.     <h2>Register for this blog</h2>
    1295. 

  1295.     <form id='registerform' action='index.php?ajax=true&amp;action=register'  onsubmit='submit_register_form(this);return false;' method='post'>
    1296. 

  1296.       <p><input type='hidden' value='register' name='action'/>
    1297. 

  1297.       <label for='user_login'>Username:</label><br/> <input type='text' value='' maxlength='20' size='20' id='user_login' name='user_login'/><br/></p>
    1298. 

  1298.       <p><label for='user_email'>E-mail:</label><br/> <input type='text' value='' maxlength='100' size='25' id='user_email' name='user_email'/></p>
    1299. 

  1299.       <p>A password will be emailed to you.</p>
    1300. 

  1300.       <p class='submit'><input type='submit' name='submit_form' id='submit' value='Register »'/><img id='register_loading_img' src='".WPSC_URL."/images/loading.gif' alt='' title=''></p>
    1301. 

  1301.       
    1302. 

  1302.     </form>
    1303. 

  1303.     </div>";
    1304. 

  1304.          }
    1305. 

  1305.       
    1306. 

  1306.       exit();
    1307. 

  1307.       } 
    1308. 

  1308.       
    1309. 

  1309.     }
    1310. 

  1310.     /*
    1311. 

  1311.     * AJAX stuff stops here, I would put an exit here, but it may screw up other plugins
    1312. 

  1312.     //exit();
    1313. 

  1313.     */
    1314. 

  1314.     }
    1315. 

  1315.     
    1316. 

  1316.    if(isset($_POST['language_setting']) && ($_GET['page'] = WPSC_DIR_NAME.'/options.php'))
    1317. 

  1317.     {
    1318. 

  1318.     if($user_level >= 7)
    1319. 

  1319.       {
    1320. 

  1320.       update_option('language_setting', $_POST['language_setting']);
    1321. 

  1321.       }
    1322. 

  1322.     }
    1323. 

  1323.   
    1324. 

  1324.   if(isset($_POST['language_setting']) && ($_GET['page'] = WPSC_DIR_NAME.'/options.php'))
    1325. 

  1325.     {
    1326. 

  1326.     if($user_level >= 7)
    1327. 

  1327.       {
    1328. 

  1328.       update_option('language_setting', $_POST['language_setting']);
    1329. 

  1329.       }
    1330. 

  1330.     }
    1331. 

  1331.     
    1332. 

  1332.   if(($_GET['rss'] == "true") && ($_GET['rss_key'] == 'key') && ($_GET['action'] == "purchase_log"))
    1333. 

  1333.     {
    1334. 

  1334.     $sql = "SELECT * FROM `".$wpdb->prefix."purchase_logs` WHERE `date`!='' ORDER BY `date` DESC";
    1335. 

  1335.     $purchase_log = $wpdb->get_results($sql,ARRAY_A);
    1336. 

  1336.     header("Content-Type: application/xml; charset=UTF-8"); 
    1337. 

  1337.     header('Content-Disposition: inline; filename="WP_E-Commerce_Purchase_Log.rss"');
    1338. 

  1338.     $output = '';
    1339. 

  1339.     $output .= "<?xml version='1.0'?>\n\r";
    1340. 

  1340.     $output .= "<rss version='2.0'>\n\r";
    1341. 

  1341.     $output .= "  <chann…
    1342.

Large files files are truncated, but you can click here to view the full file