[ Index ]

PHP Cross Reference of osCMax 2.0.4

title

Body

[close]

/ -> gv_redeem.php (source)

[Summary view] [Print] [Text view] 

   1  <?php
   2  /*

   3  $Id: gv_redeem.php 14 2006-07-28 17:42:07Z user $

   4  

   5    osCMax Power E-Commerce

   6    http://oscdox.com

   7  

   8    Copyright 2006 osCMax

   9  

  10    Gift Voucher System v1.0

  11    Copyright 2006 osCMax2001, 2002 Ian C Wilson

  12    http://www.phesis.org

  13  

  14    Released under the GNU General Public License

  15  */
  16  
  17  // Most of this file is changed or moved to BTS - Basic Template System - format.

  18  // For adding in contribution or modification - parts of this file has been moved to: catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).

  19  //       catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).

  20  // (Sub 'fallback' with your current template to see if there is a template specific file.)

  21  
  22    require ('includes/application_top.php');
  23  
  24  // if the customer is not logged on, redirect them to the login page

  25  if (!tep_session_is_registered('customer_id')) {
  26  $navigation->set_snapshot();
  27  tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
  28  }
  29  // check for a voucher number in the url

  30    if (isset($HTTP_GET_VARS['gv_no'])) {
  31      $error = true;
  32   $voucher_number=tep_db_prepare_input($HTTP_GET_VARS['gv_no']);
  33      $gv_query = tep_db_query("select c.coupon_id, c.coupon_amount from " . TABLE_COUPONS . " c, " . TABLE_COUPON_EMAIL_TRACK . " et where coupon_code = '" . addslashes($voucher_number) . "' and c.coupon_id = et.coupon_id");
  34      if (tep_db_num_rows($gv_query) >0) {
  35        $coupon = tep_db_fetch_array($gv_query);
  36  
  37  // BOF - MOD: GV_REDEEM_EXPLOIT_FIX (GVREF)

  38        if ((tep_session_is_registered('customer_id')) && $voucher_not_redeemed) {
  39          $gv_id = $coupon['coupon_id'];
  40          $gv_query = tep_db_query("insert into  " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $customer_id . "', now(),'" . $REMOTE_ADDR . "')");
  41          $gv_update = tep_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'");
  42          tep_gv_account_update($customer_id, $gv_id);
  43          $error = false;
  44        } elseif($voucher_not_redeemed) {
  45  // EOF - MOD: GV_REDEEM_EXPLOIT_FIX (GVREF)

  46  
  47        $redeem_query = tep_db_query("select coupon_id from ". TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $coupon['coupon_id'] . "'");
  48  
  49   // BOF - MOD: GV_REDEEM_EXPLOIT_FIX (GVREF)

  50   /*

  51        if (tep_db_num_rows($redeem_query) == 0 ) {

  52          // check for required session variables

  53          if (!tep_session_is_registered('gv_id')) {

  54            tep_session_register('gv_id');

  55          }

  56          $gv_id = $coupon['coupon_id'];

  57          $error = false;

  58        } else {

  59          $error = true;

  60        }

  61   */
  62  
  63          if (!tep_session_is_registered('floating_gv_code')) {
  64            tep_session_register('floating_gv_code');
  65            $floating_gv_code = $HTTP_GET_VARS['gv_no'];
  66            $gv_error_message = TEXT_NEEDS_TO_LOGIN;
  67          } else {
  68            $gv_error_message = TEXT_INVALID_GV;
  69          }
  70        } else {
  71          $gv_error_message = TEXT_INVALID_GV;
  72        }
  73  // EOF - MOD: GV_REDEEM_EXPLOIT_FIX (GVREF)

  74  
  75      }
  76    } else {
  77      tep_redirect(FILENAME_DEFAULT);
  78    }
  79    
  80   // BOF - MOD: GV_REDEEM_EXPLOIT_FIX (GVREF)

  81    /*

  82    if ((!$error) && (tep_session_is_registered('customer_id'))) {

  83      // Update redeem status

  84      $gv_query = tep_db_query("insert into  " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $customer_id . "', now(),'" . $REMOTE_ADDR . "')");

  85      $gv_update = tep_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'");

  86      tep_gv_account_update($customer_id, $gv_id);

  87      tep_session_unregister('gv_id');   

  88    } 

  89    require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_GV_REDEEM);

  90    */
  91    // EOF - MOD: GV_REDEEM_EXPLOIT_FIX (GVREF)

  92  
  93    $breadcrumb->add(NAVBAR_TITLE); 
  94  
  95    $content = CONTENT_GV_REDEEM;
  96  
  97    include (bts_select('main', $content_template)); // BTSv1.5

  98  
  99    require (DIR_WS_INCLUDES . 'application_bottom.php'); 
 100    ?>

Body

Body

Body

Body


Generated: Fri Jan 1 13:43:16 2010 Cross-referenced by PHPXref 0.7