[ Index ]

PHP Cross Reference of osCMax 2.0.4

title

Body

[close]

/ -> popup_coupon_help.php (source)

[Summary view] [Print] [Text view] 

   1  <?php
   2  /*

   3  $Id: popup_coupon_help.php 3 2006-05-27 04:59:07Z user $

   4  

   5    osCMax Power E-Commerce

   6    http://oscdox.com

   7  

   8    Copyright 2006 osCMax

   9  

  10    Released under the GNU General Public License

  11  */
  12  
  13    require ('includes/application_top.php');
  14  
  15    $navigation->remove_current_page();
  16  
  17    require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_POPUP_COUPON_HELP);
  18  ?>
  19  <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
  20  <html <?php echo HTML_PARAMS; ?>>
  21  <head>
  22  <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
  23  <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
  24  <title><?php echo TITLE; ?></title>
  25  <link rel="stylesheet" type="text/css" href="stylesheet.css">
  26  </head>
  27  <style type="text/css"><!--
  28  BODY { margin-bottom: 10px; margin-left: 10px; margin-right: 10px; margin-top: 10px; }
  29  //--></style>

  30  <body marginwidth="10" marginheight="10" topmargin="10" bottommargin="10" leftmargin="10" rightmargin="10">
  31  
  32  <?php
  33  // v5.13: security flaw fixed in query

  34  //  $coupon_query = tep_db_query("select * from " . TABLE_COUPONS . " where coupon_id = '" . $HTTP_GET_VARS['cID'] . "'");

  35    $coupon_query = tep_db_query("select * from " . TABLE_COUPONS . " where coupon_id = '" . intval($HTTP_GET_VARS['cID']) . "'");
  36    $coupon = tep_db_fetch_array($coupon_query);
  37    $coupon_desc_query = tep_db_query("select * from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $HTTP_GET_VARS['cID'] . "' and language_id = '" . $languages_id . "'");
  38    $coupon_desc = tep_db_fetch_array($coupon_desc_query);
  39    $text_coupon_help = TEXT_COUPON_HELP_HEADER;
  40    $text_coupon_help .= sprintf(TEXT_COUPON_HELP_NAME, $coupon_desc['coupon_name']);
  41    if (tep_not_null($coupon_desc['coupon_description'])) $text_coupon_help .= sprintf(TEXT_COUPON_HELP_DESC, $coupon_desc['coupon_description']);
  42    $coupon_amount = $coupon['coupon_amount'];
  43    switch ($coupon['coupon_type']) {
  44      case 'F':
  45      $text_coupon_help .= sprintf(TEXT_COUPON_HELP_FIXED, $currencies->format($coupon['coupon_amount']));
  46      break;
  47      case 'P':
  48      $text_coupon_help .= sprintf(TEXT_COUPON_HELP_FIXED, number_format($coupon['coupon_amount'],2). '%');
  49      break;
  50      case 'S':
  51      $text_coupon_help .= TEXT_COUPON_HELP_FREESHIP;
  52      break;
  53      default:
  54    }
  55    if ($coupon['coupon_minimum_order'] > 0 ) $text_coupon_help .= sprintf(TEXT_COUPON_HELP_MINORDER, $currencies->format($coupon['coupon_minimum_order']));
  56    $text_coupon_help .= sprintf(TEXT_COUPON_HELP_DATE, tep_date_short($coupon['coupon_start_date']),tep_date_short($coupon['coupon_expire_date']));
  57    $text_coupon_help .= '<b>' . TEXT_COUPON_HELP_RESTRICT . '</b>';
  58    $text_coupon_help .= '<br><br>' .  TEXT_COUPON_HELP_CATEGORIES;
  59    $coupon_get=tep_db_query("select restrict_to_categories from " . TABLE_COUPONS . " where coupon_id='".$HTTP_GET_VARS['cID']."'");
  60    $get_result=tep_db_fetch_array($coupon_get);
  61  
  62    $cat_ids = split("[,]", $get_result['restrict_to_categories']);
  63    for ($i = 0; $i < count($cat_ids); $i++) {
  64      $result = tep_db_query("SELECT * FROM categories, categories_description WHERE categories.categories_id = categories_description.categories_id and categories_description.language_id = '" . $languages_id . "' and categories.categories_id='" . $cat_ids[$i] . "'");
  65      if ($row = tep_db_fetch_array($result)) {
  66      $cats .= '<br>' . $row["categories_name"];
  67      }
  68    }
  69    if ($cats=='') $cats = '<br>NONE';
  70    $text_coupon_help .= $cats;
  71    $text_coupon_help .= '<br><br>' .  TEXT_COUPON_HELP_PRODUCTS;
  72    $coupon_get=tep_db_query("select restrict_to_products from " . TABLE_COUPONS . "  where coupon_id='".$HTTP_GET_VARS['cID']."'");
  73    $get_result=tep_db_fetch_array($coupon_get);
  74  
  75    $pr_ids = split("[,]", $get_result['restrict_to_products']);
  76    for ($i = 0; $i < count($pr_ids); $i++) {
  77      $result = tep_db_query("SELECT * FROM products, products_description WHERE products.products_id = products_description.products_id and products_description.language_id = '" . $languages_id . "'and products.products_id = '" . $pr_ids[$i] . "'");
  78      if ($row = tep_db_fetch_array($result)) {
  79        $prods .= '<br>' . $row["products_name"];
  80      }
  81    }
  82    if ($prods=='') $prods = '<br>NONE';
  83    $text_coupon_help .= $prods;
  84  
  85  
  86    $info_box_contents = array();
  87    $info_box_contents[] = array('text' => HEADING_COUPON_HELP);
  88  
  89  
  90    new infoBoxHeading($info_box_contents, true, true);
  91  
  92    $info_box_contents = array();
  93    $info_box_contents[] = array('text' => $text_coupon_help);
  94  
  95    new infoBox($info_box_contents);
  96  ?>
  97  
  98  <p class="smallText" align="right"><?php echo '<a href="javascript:window.close()">' . TEXT_CLOSE_WINDOW . '</a>'; ?></p>
  99  
 100  </body>
 101  </html>
 102  <?php require ('includes/application_bottom.php'); ?>

Body

Body

Body

Body


Generated: Fri Jan 1 13:43:16 2010 Cross-referenced by PHPXref 0.7