$this->db->query("DELETE FROM `" . $this->table_prefix . $this->settings['orders_table'] . "` WHERE `id`='" . $id . "'" );
$this->db->query("DELETE FROM `" . $this->table_prefix . $this->settings['invoice_addresses_table'] . "` WHERE `order_id`='" . $id . "'" );
$this->db->query("DELETE FROM `" . $this->table_prefix . $this->settings['shipping_addresses_table'] . "` WHERE `order_id`='" . $id . "'" );
$this->db->query("DELETE FROM `" . $this->table_prefix . $this->settings['products_table'] . "` WHERE `order_id`='" . $id . "'" );
}
/**
* Get a list of the orders in the DB
*
* @param Number $pagination_start
* @param Number $pagination_length
* @param String $filter Filter the result matching this string
*
* @return array
*/
function getOrders($pagination_start, $pagination_length, $filter = "")
{
$result = array(
"orders" => array(),
"paginationCount" => 0
);
if (!$this->db)
return $result;
// Search for specific orders
if (strlen($filter)) {
$ids = array();
// Search in the customer's data
foreach ($this->db->query("SELECT order_id FROM `" . $this->table_prefix . $this->settings['invoice_addresses_table'] . "` WHERE value LIKE '%" . $this->db->escapeString($filter) . "%'") as $order) {
$ids[] = "'" . $order['order_id'] . "'";
}
// Search in the orders's data
foreach ($this->db->query("SELECT id FROM `" . $this->table_prefix . $this->settings['orders_table'] . "` WHERE `id` LIKE '%" . $this->db->escapeString($filter) . "%'") as $order) {
$ids[] = "'" . $order['id'] . "'";
}
if (count($ids) > 0) {
$result['orders'] = $this->db->query("SELECT * FROM `" . $this->table_prefix . $this->settings['orders_table'] . "` WHERE id IN (" . implode(",", $ids) . ") ORDER BY `ts` DESC LIMIT " . $pagination_start . ", " . $pagination_length);
// Set the pagination maximum length
$ordersCount = $this->db->query("SELECT COUNT(*) AS c FROM `" . $this->table_prefix . $this->settings['orders_table'] . "` WHERE id IN (" . implode(",", $ids) . ")");
$order = $this->db->query("SELECT * FROM `" . $this->table_prefix . $this->settings['orders_table'] . "` WHERE id='" . $this->db->escapeString($id) . "'");
if (!count($order))
return array();
$result['order'] = $order[0];
$result['products'] = $this->db->query("SELECT * FROM `" . $this->table_prefix . $this->settings['products_table'] . "` WHERE order_id='" . $this->db->escapeString($id) . "'");
$result['invoice']= $this->db->query("SELECT * FROM `" . $this->table_prefix . $this->settings['invoice_addresses_table'] . "` WHERE order_id='" . $this->db->escapeString($id) . "' ORDER BY `index`");
$result['shipping'] = $this->db->query("SELECT * FROM `" . $this->table_prefix . $this->settings['shipping_addresses_table'] . "` WHERE order_id='" . $this->db->escapeString($id) . "' ORDER BY `index`");
return $result;
}
}
/**
* This file stores the class used to add/remove/edit comments
*
* @category X5engine
* @package X5engine
* @license Copyright by Incomedia http://incomedia.eu
* @link http://websitex5.com
*/
/**
* Use this class to store comments
*
* @category X5engine
* @package X5engine
* @license Copyright by Incomedia http://incomedia.eu
* @link http://websitex5.com
*/
class ImComment
{
var $comments = array();
var $error = 0;
/**
* Get the comments from a file
*
* @param string $file The source file path
*
* @return void
*/
function loadFromXML($file)
{
if (!file_exists($file)) {
$this->comments = array();
return;
}
$xmlstring = @file_get_contents($file);
if (strpos($xmlstring, "<?xml") !== false) {
$xml = new imXML();
// Remove the garbage (needed to avoid loosing comments when the xml string is malformed)
* Check if the table exists in the current database
*
* @param string $table The table name
*
* @return boolean true if the table exists
*/
function tableExists($table)
{
$result = mysql_query("SHOW FULL TABLES FROM `" . $this->db_name . "` LIKE '" . mysql_real_escape_string($table, $this->conn) . "'", $this->conn);
// Check that the name is correct (usage of LIKE is not correct if there are wildcards in the table name. Unfortunately MySQL 4 doesn't allow another syntax..)
while (!is_bool($result) && $tb = mysql_fetch_array($result)) {
if ($tb[0] == $table)
return true;
}
return false;
}
/**
* Get the last error
*
* @return array
*/
function error()
{
return mysql_error();
}
/**
* Provide the last inserted ID of the AUTOINCREMENT column
*
* @return int The id of the latest insert operation
*/
function lastInsertId()
{
$res = $this->query("SELECT LAST_INSERT_ID() AS `id`");
* Validate the waiting users listed in $ids. It must be an array of DB ids
*
* @param array $dbid
*
* @return bool
*/
function validateWaitingUserById($dbids = array())
{
if (!is_array($dbids))
$dbids = array($dbids);
if (!count($dbids))
return false;
$this->db->query("UPDATE `" . $this->db_table . "` SET `validated`=1, ts=ts WHERE `validated`=0 AND `id` IN (" . implode(",", $this->db->escapeString($dbids)) . ")");
return $this->db->affectedRows() > 0;
}
/**
* Validate the waiting users listed in $keys. It must be an array of DB keys.
*
* @param array $keys
* @param boolean $login Automatically login the user if validation is succesful
*
* @return booleal
*/
function validateWaitingUserByKey($keys = array(), $login = false)
{
$user = false;
if (!is_array($keys))
$keys = array($keys);
if ($login && count($keys) == 1) {
$user = $this->db->query("SELECT `username`, `password` FROM `" . $this->db_table . "` WHERE `key`='" . $this->db->escapeString($keys[0]) . "'");
if (is_bool($user))
return false;
$user = $user[0];
}
$this->db->query("UPDATE `" . $this->db_table . "` SET `validated`=1, `ts`=NOW(), `ip`='" . $this->db->escapeString($_SERVER['REMOTE_ADDR']) . "' WHERE `validated`=0 AND `key` IN ('" . implode("','", $this->db->escapeString($keys)) . "')");
* @return Number the user's ID or the error number (-1: user already exists, -2: generic error)
*/
function registerNewUser($username, $password, $realname, $email, $validated)
{
global $imSettings;
if (!$this->db)
return -1;
if (!strlen($username) || !strlen($password) || !strlen($email))
return -1;
$this->createUsersTable();
// Check if the user already exists in the hardcoded file
if (isset($imSettings['access']['users'][$username]))
return -6;
// Check if the user already exists in the DB as validated user
if (count($this->db->query("SELECT `username` FROM `" . $this->db_table . "` WHERE `username`='" . $this->db->escapeString($username) . "' AND `validated`='1'")))
return -6;
// Check if the user already exists in the DB as not validated user
if (count($res = $this->db->query("SELECT `id`, `username` FROM `" . $this->db_table . "` WHERE `username`='" . $this->db->escapeString($username) . "' AND `validated`='0'")))
$subject = str_replace("[FIELD]", $imSettings['general']['url'], l10n("private_area_newregistration_subject", "A new user registered to your private area at [FIELD]"));
$html .= nl2br(str_replace(
array("[FIELD]", "\n"),
array($imSettings['general']['url'], "<br />\n"),
l10n("private_area_newregistration_body", "Here's his data.")