"; if ($isgift) $xml .= t("Herzlichen Glückwunsch!", 0); else $xml .= t("Herzlich willkommen!", 0); $xml .= "

60) { // max. 1 emal per minute while (filemtime(MYSQL_PHP_TIMESTAMP) < $d) { $fhandle = fopen(MYSQL_PHP_TIMESTAMP, "a"); fwrite($fhandle, " "); fclose(($fhandle)); clearstatcache(); sleep(1); } //mail(ADMIN_EMAIL, 'Database Error', $serror, 'From: ' . ADMIN_EMAIL); mime_versenden("", ADMIN_EMAIL, "", ADMIN_EMAIL, 'Database Error', $serror); } } function mysql_error_check($request = "") { global $db; $e = mysql_error(); if ($e != "") { if (DEVELOPMENT) { mysql_error_log($e, $request); echo "\n

MSYQL ERROR: "; echo $e, "
ORIGINAL REQUEST: ", $request, "

\n"; die(); } else { mysql_error_log($e, $request); } } } function dolog($request, $remarks = "", $schluessel = "", $user = "") { global $db; if ($user == "" and ! empty($_SERVER["PHP_AUTH_USER"])) { $user = $_SERVER["PHP_AUTH_USER"]; }; $user = mysql_escape_string($user); $remarks = mysql_escape_string($remarks); $file = mysql_escape_string($_SERVER["PHP_SELF"]); $schluessel = mysql_escape_string($schluessel); $request2 = mysql_escape_string($request); $ip = ip2long($_SERVER["REMOTE_ADDR"]); mysql_query2("insert into log (request, user, ip, file, schluessel, remarks) values ('$request2', '$user', $ip, '$file', '$schluessel', '$remarks')"); } function debug() { if (!DEVELOPMENT) return; $numParams = func_num_args(); $params = func_get_args(); $s = ""; for ($i = 0; $i < $numParams; $i++) { if ($i == 0) $s .= "

"; else $s .= "
"; $s .= "$i ---> " . $params[$i]; if ($i + 1 == $numParams) $s .= "

"; } //echo htmlspecialchars($s); echo $s; flush2(); //file_put_contents ( "/tmp/debugoutput.txt", $s, FILE_APPEND); } ; function debug_p() { // for productive environment $numParams = func_num_args(); $params = func_get_args(); for ($i = 0; $i < $numParams; $i++) { if ($i == 0) echo "

"; else echo "
"; echo "$i ---> ", $params[$i]; if ($i + 1 == $numParams) echo "

"; } flush2(); } function debug_t() { // for text/batch mode if (!DEVELOPMENT) return; $numParams = func_num_args(); $params = func_get_args(); for ($i = 0; $i < $numParams; $i++) { echo "$i: ", $params[$i], "\n"; if ($i + 1 == $numParams) echo "\n"; } } function debug_m() { // by Email if (!DEVELOPMENT) return; $s = ""; $numParams = func_num_args(); $params = func_get_args(); for ($i = 0; $i < $numParams; $i++) { $s .= "$i: " . $params[$i] . "\n"; if ($i + 1 == $numParams) $s .= "\n"; } mime_versenden("", ADMIN_EMAIL, "", ADMIN_EMAIL, 'Debug', $s); } function debug_tab() { if (!DEVELOPMENT) return; $numParams = func_num_args(); $params = func_get_args(); for ($i = 0; $i < $numParams; $i++) { echo ''; if ($i == 0) echo "

"; else echo "
"; echo "$i ---> ", $params[$i]; if ($i + 1 == $numParams) echo "

"; echo ""; } flush2(); } /* function mysql_query_log ($request, $remarks = "", $schluessel = "", $user = "") { global $db; $numParams = func_num_args(); $params = func_get_args(); dolog ($request, $remarks, $schluessel, $user); $params2 = array_merge (array($request) , array_slice ($params, 4)); $r = call_user_func_array('mysql_query2', $params2); return ($r); } */ function mysql_query_log($query, $remarks = "", $schluessel = "", $user = "") { global $db; $numParams = func_num_args(); $params = func_get_args(); if ($numParams > 4) { for ($i = 4; $i < $numParams; $i++) { if (get_magic_quotes_gpc()) { $params[$i] = stripslashes($params[$i]); } if ($params[$i] != "NULL") { $params[$i] = "'" . mysql_real_escape_string($params[$i]) . "'"; } } $query = call_user_func_array('sprintf', array_merge(array($query), array_slice($params, 4))); } if (preg_match("/UNION.{1,100}SELECT/i", $query) && !DEVELOPMENT) { mysql_error_log("UNION SELECT prevented", $query); return FALSE; // prevent sql injection } dolog($query, $remarks, $schluessel, $user); $r = mysql_query($query); mysql_error_check($query); return ($r); } function mysql_query2($query) { // ACHTUNG: Änderungen auch in mysql_query_log durchführen! global $db, $debug; $numParams = func_num_args(); $params = func_get_args(); if ($numParams > 1) { for ($i = 1; $i < $numParams; $i++) { if (get_magic_quotes_gpc()) { $params[$i] = stripslashes($params[$i]); } if ($params[$i] != "NULL") { $params[$i] = "'" . mysql_real_escape_string($params[$i]) . "'"; } } $query = call_user_func_array('sprintf', $params); } if (preg_match("/UNION.{1,100}SELECT/i", $query) && !DEVELOPMENT) { mysql_error_log("UNION SELECT prevented", $query); return FALSE; // prevent sql injection } if (isset($debug)) { if ($debug == 1) { debug(htmlentities($query)); } if ($debug == 2) { debug_m(htmlentities($query)); } } $r = mysql_query($query, $db); mysql_error_check($query); return ($r); } function quote_smart($value, $null = FALSE) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not a number or a numeric string //if (!ctype_digit((string)$value) && ($value != "NULL")) { if ($value != "NULL") { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; } function money($r, $precision = 2) { $f = str_replace(".", ",", sprintf("%0." . $precision . "f", round($r, $precision))); return ($f); } function t3($trans_id, $prod_id = 0, $echo = 1, $p1 = "", $p2 = "", $p3 = "", $p4 = "", $sect = "", $country = "DE", $simple = FALSE, $isName = FALSE) { global $db, $language, $macro, $debug; if (empty($language)) { $language = "DE"; } if (!preg_match("/(DE|EN|FR|ES|IT|US)/i", $language)) { $language = "EN"; // AR -> EN } $product = new products; if ($prod_id) { $product->get($prod_id); } $is_parent = FALSE; $is_child = FALSE; if ($isName) { $selector = 0; $colors = 0; $sizes = 0; if ($product->parent) { $is_child = TRUE; } else { $r2 = mysql_query2("select * from products where parent=%s", $prod_id); if (mysql_numrows($r2) > 0) { $is_parent = TRUE; } } if ($is_child) $selector = $product->parent; /* if ($is_child) { $r = mysql_query2("select * from txtvals where id=(select nameTxt from products where id=%s) and mandant=%s", $product->parent, MANDANT); } else { $r = mysql_query2("select * from txtvals where id=%s and mandant=%s", $trans_id, MANDANT); } * */ $r = mysql_query2("select * from txtvals where id=%s and mandant=%s", $trans_id, MANDANT); if ($selector) { $r2 = mysql_query2("select distinct color from products where parent=%s and active", $selector); $colors = mysql_numrows($r2); $r2 = mysql_query2("select * from countries where iso=%s", $country); $country_id = mysql_fetch_object($r2)->id; $r2 = mysql_query2("select distinct size from products_sizes ps, products p where p.active and ps.product=p.id and p.parent=%s and ps.country=%s and is_map=0 and size is not null", $selector, $country_id); $sizes = mysql_numrows($r2); } } else { $r = mysql_query2("select * from txtvals where id=%s and mandant=%s", $trans_id, MANDANT); } if ($row = mysql_fetch_object($r)) { $language_sort = "name_" . $language; $s = trim($row->$language_sort); } if ($is_child) { if ($sizes > 1) { $r2 = mysql_query2("select * from countries where iso=%s", $country); $country_id = mysql_fetch_object($r2)->id; $r2 = mysql_query2("select s.name from products_sizes ps, sizes s where ps.size=s.id and ps.product=%s and ps.country=%s and ps.is_map=%s", $product->id, $country_id, 0); $row = mysql_fetch_object($r2); $s .= ", " . $row->name; } if ($colors > 1) { $color = new colors; $color->get($product->color); $s .= ", " . $color->{'name_' . $language}; } } if ($is_parent && !preg_match('/(HA-01)/', $product->sku)) { $r2 = mysql_query2("select distinct color from products where parent=%s and active", $product->id); $colors = mysql_numrows($r2); $r2 = mysql_query2("select * from countries where iso=%s", $country); $country_id = mysql_fetch_object($r2)->id; $r2 = mysql_query2("select distinct size from products_sizes ps, products p where p.active and ps.product=p.id and p.parent=%s and ps.country=%s and is_map=0 and size is not null", $product->id, $country_id); $sizes = mysql_numrows($r2); if ($sizes > 1) { if ($colors > 1) { if ($colors > 3) { $s .= " - " . t("vieleVerschGrFarben", 0); } else { $s .= " - " . t("verschGrFarben", 0); } } else { $s .= ", " . t("verschGr", 0); } } else { if ($colors > 1) { if ($colors > 3) { $s .= " - " . t("vieleVerschFarben", 0); } else { $s .= " - " . t("verschFarben", 0); } } else { // nix } } } $i = 0; $l = strlen($s); $mark = 0; $const = ""; $result = ""; while ($i < $l) { $c = substr($s, $i, 1); if ($c == "$") { switch ($mark) { case 0: $mark = 1; break; case 1: $mark = 2; break; case 2: $mark = 3; break; case 3: if (ctype_digit((string) $const)) { $result .= ${"p" . $const}; } else { if (ereg2("^PP", $const)) { $const = substr($const, 2); switch ($const) { case "color": $r2 = mysql_query2("select * from colors where id=%s", $product->color); $row = mysql_fetch_object($r2); $name = "name_" . $language; $result .= $row->$name; break; case "weight": $result .= $product->content_weight; break; case "country": $r2 = mysql_query2("select * from countries where id=%s", $product->country); $row = mysql_fetch_object($r2); $name = "name_" . $language; $result .= $row->$name; break; case "season": $r2 = mysql_query2("select s.name FROM products_seasons ps, seasons s where ps.product=%s and ps.language=%s and ps.season=s.id", $product->id, $language); $row = mysql_fetch_object($r2); $result .= $row->name; break; case "size": case "size_map": $r2 = mysql_query2("select * from countries where iso=%s", $country); $country_id = mysql_fetch_object($r2)->id; if ($const == "size") $ismap = 0; else $ismap = 1; $r2 = mysql_query2("select s.name from products_sizes ps, sizes s where ps.size=s.id and ps.product=%s and ps.country=%s and ps.is_map=%s", $product->id, $country_id, $ismap); $row = mysql_fetch_object($r2); $result .= $row->name; break; case "brand": $r2 = mysql_query2("select * from brands where id=%s", $product->brand); $row = mysql_fetch_object($r2); $result .= $row->name; break; case "name": $result .= t2($product->$const, $prod_id, 0); break; case "series": case "material": case "care": if ($is_child) { $r4 = mysql_query2("select * from products where id=%s", $product->parent); $parent = mysql_fetch_object($r4); $result .= t2($parent->$const, $parent->id, 0); } else { $result .= t2($product->$const, $prod_id, 0); } break; default: $result .= $product->$const; break; } } else { $result .= $macro[$const]; } } $const = ""; $mark = 0; break; } } else { switch ($mark) { case 1: $mark = 0; $result .= "$"; case 0: $result .= $c; break; case 2: $const .= $c; break; } } $i++; } if ($echo) echo $result; return ($result); } ; function t2($trans_id, $prod_id = 0, $echo = 1, $p1 = "", $p2 = "", $p3 = "", $p4 = "", $sect = "", $country = "DE", $simple = FALSE) { global $db, $language, $macro, $debug; if (empty($language)) $language = "DE"; if (!preg_match("/(DE|EN|FR|ES|IT|US)/i", $language)) $language = "EN"; // AR -> EN if ($sect == "") $r = mysql_query2("select id, translation from translations where schluessel=(select schluessel from translations where id=%s) and sect=(select sect from translations where id=%s) and language=%s and mandant=%s", $trans_id, $trans_id, $language, MANDANT); else $r = mysql_query2("select id, translation from translations where schluessel=(select schluessel from translations where id=%s) and sect=%s and language=%s and mandant=%s", $trans_id, $sect, $language, MANDANT); if ($row = mysql_fetch_object($r)) { $s = $row->translation; // don't update for admin requests if (!preg_match('/adX7561u/', $_SERVER["REQUEST_URI"])) mysql_query2("update translations set lastuse=now(), uri=%s where id=%s", $_SERVER["REQUEST_URI"], $row->id); } else { $s = $schluessel; } if ($prod_id) { $r = mysql_query2("select * from products where id=%s and mandant=%s", $prod_id, MANDANT); if (mysql_numrows($r)) $product = mysql_fetch_object($r); } $i = 0; $l = strlen($s); $mark = 0; $const = ""; $result = ""; while ($i < $l) { $c = substr($s, $i, 1); if ($c == "$") { switch ($mark) { case 0: $mark = 1; break; case 1: $mark = 2; break; case 2: $mark = 3; break; case 3: if (ctype_digit((string) $const)) { $result .= ${"p" . $const}; } else { if (ereg2("^PP", $const)) { $const = substr($const, 2); switch ($const) { case "color": $r2 = mysql_query2("select * from colors where id=%s", $product->color); $row = mysql_fetch_object($r2); $name = "name_" . $language; $result .= $row->$name; break; case "weight": $result .= $product->content_weight; break; case "country": $r2 = mysql_query2("select * from countries where id=%s", $product->country); $row = mysql_fetch_object($r2); $name = "name_" . $language; $result .= $row->$name; break; case "season": $r2 = mysql_query2("select s.name FROM products_seasons ps, seasons s where ps.product=%s and ps.language=%s and ps.season=s.id", $product->id, $language); $row = mysql_fetch_object($r2); $result .= $row->name; break; case "size": case "size_map": $r2 = mysql_query2("select * from countries where iso=%s", $country); $country_id = mysql_fetch_object($r2)->id; if ($const == "size") $ismap = 0; else $ismap = 1; $r2 = mysql_query2("select s.name from products_sizes ps, sizes s where ps.size=s.id and ps.product=%s and ps.country=%s and ps.is_map=%s", $product->id, $country_id, $ismap); $row = mysql_fetch_object($r2); $result .= $row->name; break; case "brand": $r2 = mysql_query2("select * from brands where id=%s", $product->brand); $row = mysql_fetch_object($r2); $result .= $row->name; break; case "name": case "series": case "material": case "care": $result .= t2($product->$const, $prod_id, 0); break; default: $result .= $product->$const; break; } } else { $result .= $macro[$const]; } } $const = ""; $mark = 0; break; } } else { switch ($mark) { case 1: $mark = 0; $result .= "$"; case 0: $result .= $c; break; case 2: $const .= $c; break; } } $i++; } //$result = stripcslashes ($result); if ($echo) echo $result; return ($result); } ; function t($schluessel, $echo = 1, $p1 = "", $p2 = "", $p3 = "", $p4 = "") { global $db, $language, $macro; if (empty($language)) $language = "DE"; if (!preg_match("/(DE|EN|ES|FR|IT|US)/i", $language)) $language = "EN"; // AR -> EN $r = mysql_query2("select id, translation from translations where schluessel=%s and language=%s and sect='site' and mandant=%s", $schluessel, $language, MANDANT); if ($row = mysql_fetch_object($r)) { $s = $row->translation; mysql_query2("update translations set lastuse=now(), uri=%s where id=%s", $_SERVER["REQUEST_URI"], $row->id); } else { $s = $schluessel; } $i = 0; $l = strlen($s); $mark = 0; $const = ""; $result = ""; while ($i < $l) { $c = substr($s, $i, 1); if ($c == "$") { switch ($mark) { case 0: $mark = 1; break; case 1: $mark = 2; break; case 2: $mark = 3; break; case 3: if (ctype_digit((string) $const)) { $result .= ${"p" . $const}; } else { $result .= $macro[$const]; } $const = ""; $mark = 0; break; } } else { switch ($mark) { case 1: $mark = 0; $result .= "$"; case 0: $result .= $c; break; case 2: $const .= $c; break; } } $i++; } //$result = stripcslashes ($result); if ($echo) echo $result; return ($result); } ; function t_direct($trans, $echo = 1) { global $language; if (array_key_exists($language, $trans)) { $ret = $trans [$language]; } else { // Keine Übersetzung für die gewählte Sprache --> dann Deutsch if (array_key_exists("DE", $trans)) { $ret = $trans ["DE"]; } else { // Auch kein Deutsch --> dann erstes Element $ret = $trans [0]; }; } if ($echo) echo $ret; return ($ret); } ; function t_description($row, $name = "description") { global $language; if (preg_match("/(DE|EN|ES|FR|IT|US)/i", $language)) $name .= "_" . $language; else $name .= "_DE"; $description = $row->$name; return ($description); } ; function lock_batch($tables, $what) { global $db; if ($what) { // lock $str = "lock tables "; while (list ($key, $var) = each($tables)) { $str .= $var . " write,"; }; $str = substr($str, 0, strlen($str) - 1); // strip last comma $result = mysql_query2($str); } else { mysql_query2("unlock tables"); }; } ; function setorblank($name, $type = "", $scope = "LPCSG", $blank = "") { $ret = $blank; $type = strtoupper($type); $scope = strtoupper($scope); if (isset($_COOKIE[$name]) && ereg2("C", $scope)) { $ret = $_COOKIE[$name]; }; if (isset($_SESSION[$name]) && ereg2("S", $scope)) { $ret = $_SESSION[$name]; }; if (isset($GLOBALS[$name]) && ereg2("L", $scope)) { $ret = $GLOBALS[$name]; }; if (isset($_GET[$name]) && ereg2("G", $scope)) { $ret = $_GET[$name]; }; if (isset($_POST[$name]) && ereg2("P", $scope)) { $ret = $_POST[$name]; }; if (!is_array($ret)) $ret = strip_tags($ret); switch ($type) { case "I": // integer $ret = intval($ret); break; case "F": // floating point $ret = floatval(str_replace(",", ".", $ret)); break; case "M": // mysql query string // Stripslashes if (get_magic_quotes_gpc()) { $ret = stripslashes($ret); } $ret = mysql_real_escape_string($ret); break; }; return ($ret); } ; function setorblank_list($names, $type = "", $scope = "LPCSG") { while (list ($key, $var) = each($names)) { $GLOBALS[$var] = setorblank($var, $type, $scope); }; } ; function setsession($names, $vals = array()) { if (count($vals) == 0) { while (list ($key, $var) = each($names)) { $_SESSION[$var] = $GLOBALS[$var]; }; } else { while (list ($key, $var) = each($names)) { $_SESSION[$var] = $vals[$key]; }; } } ; function cleanup($nr) { $l = strlen($nr); $newnr = ""; for ($i = 0; $i < $l; $i++) { $c = substr($nr, $i, 1); $a = ord($c); if (($a >= 48) && ($a <= 57)) { // numerisch $newnr .= $c; }; }; return ($newnr); } ; function wartungsende() { if (WARTUNGSENDE > date("U")) return(WARTUNGSENDE); else return(date("U") + 60 * 60 * 2); } function check_wartungsflag($level) { global $wartungsips; if (WARTUNGSFLAG >= $level) { if (!array_search($_SERVER["REMOTE_ADDR"], $wartungsips)) { // KEINE Wartungs IP if (WARTUNGSFLAG >= 2) { header("Retry-After: " . date("r", wartungsende()), TRUE, 503); require ("notavail.php"); exit(); }; return (FALSE); }; }; return (TRUE); } ; function check_country($country, $what) { global $db; $what = mysql_escape_string($what); $r = mysql_query2("select * from countries where iso=%s and `" . $what . "`>0", $country); return (mysql_numrows($r) > 0); } ; function check_blocked_ip() { global $geoip_country, $gip, $wartungsips; //if (array_search($_SERVER["REMOTE_ADDR"], $wartungsips)) return; $block = 0; $admin = FALSE; $r = mysql_query2("select count(*) as cnt from `access` where ip=%s", $_SERVER["REMOTE_ADDR"]); $row = mysql_fetch_object($r); if ($row->cnt > MAX_PAGES_6) $block++; if (preg_match("/^" . preg_quote(ADMINPREFIX . "/", "/") . "/", $_SERVER["REQUEST_URI"])) { $r = mysql_query2("select count(*) as cnt from `access` where ip=%s and admin=1", $_SERVER["REMOTE_ADDR"]); $row = mysql_fetch_object($r); if ($row->cnt > 4) { $block++; $admin = TRUE; } } if ($block) { $r = mysql_query2("select if(date_add(upd, interval 30 second)>now(),0,1) as again from `ip_blocked_email_sent` where ip=%s", $_SERVER["REMOTE_ADDR"]); if ($row = mysql_fetch_object($r)) $again = $row->again; else $again = TRUE; if ($again) { if ($admin) { mime_versenden2(ADMIN_BRAND, ADMIN_EMAIL, ADMIN_BRAND, ADMIN_EMAIL, "ADMIN IP Blocked", "IP: " . $_SERVER["REMOTE_ADDR"] . " | " . $geoip_country); } else { mime_versenden2(ADMIN_BRAND, ADMIN_EMAIL, ADMIN_BRAND, ADMIN_EMAIL, "IP Blocked", "IP: " . $_SERVER["REMOTE_ADDR"] . " | " . $geoip_country); } mysql_query2('insert into `ip_blocked_email_sent` (`ip`, `upd`) values (%s, now()) on duplicate key update `ip`=%s, `upd`=now()', $_SERVER["REMOTE_ADDR"], $_SERVER["REMOTE_ADDR"]); } header('HTTP/1.1 403 Forbidden'); echo "Forbidden"; exit(); }; } ; function check_new_session($step, $display = 1) { if ((!setorblank("product", "I", "S")) || ($step > setorblank("ordertoken_step", "I", "S"))) { // Session lost if ($display) { t("txt87"); exit(); } else { return (FALSE); }; }; return (TRUE); } ; function valid_email($email) { // from: http://www.phpit.net/code/valid-email/ // First, we check that there's one @ symbol, and that the lengths are right if (!ereg2("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg2("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg2("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg2("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } function ordertoken($new = FALSE) { if ($new or ! isset($_SESSION["ordertoken"])) { $rows = 0; while (!$rows) { $ordertoken = TOKEN_PREFIX . mt_rand(10000, 99999) . mt_rand(10000000, 99999999) . mt_rand(10000000, 99999999) . mt_rand(10000000, 99999999); $r = mysql_query2("insert ignore into ordertokens (token) values (%s)", $ordertoken); $rows = mysql_affected_rows(); } $_SESSION["ordertoken"] = $ordertoken; $_SESSION["ordertoken_step"] = 0; }; return (setorblank("ordertoken", "", "S")); } ; function check_dev_price($price) { if (DEV_PRICE > 0) { return (DEV_PRICE); } else { return ($price); }; } ; function iframepayments($nr, $price, $addbatch = TRUE) { global $echo; $tid = ""; $price = check_dev_price($price); $price2 = $price - 0.02; // 2 Cent Toleranz wg. Rundungen etc. $nr = intval($nr); $r = mysql_query2("select * from ordertokens, iframepayments where ordertokens.sub=%s and ordertokens.token=iframepayments.tid and currency='EUR' and price>=%s and used=0 and (status='BILLED' or status='RESERVED' or status='Completed')", $nr, $price2); if (mysql_numrows($r) > 0) { $row = mysql_fetch_object($r); mysql_query_log("update iframepayments set used=1, sub=%s where nr=%s", "iframepayments", $nr, "", $nr, $row->nr); mysql_query_log("insert into abbuchungen (subscription, created, paymethod, amount, mypaytid) values (%s, now(), %s, %s, %s)", "iframepayments", $nr, "", $nr, $row->paymethod, $price, $row->mpaytid); if ($addbatch) mysql_query_log("insert into batch (task, earliest, timeout) values ('01_job.php?action=bezahlt&what=$nr', now(), 50)", "iframepayments", $nr, ""); // $nr has already been converted to INT value, so no quotation necessary return (TRUE); } else { return (FALSE); } } ; function email_subject_nr($nr, $show_order = 1) { global $language; if ($show_order) { switch ($language) { case "DE": return " (Bestell-Nr. " . $nr . ")"; break; case "EN": default: return " (Order #" . $nr . ")"; break; } } else { return " (" . $nr . ")"; } } function mime_versenden($to_name, $to_address, $from_name, $from_address, $subject, $message, $priority = 3, $cc = 1, $html = 0, $mailer = MAILER_REGULAR) { // old function $mail = new osimail; $mail->to_name = $to_name; $mail->to_address = $to_address; $mail->from_name = $from_name; $mail->from_address = $from_address; $mail->subject = $subject; $mail->body = $message; $mail->priority = $priority; $mail->cc = $cc; $mail->prefix = ""; $mail->Mailer = $mailer; $mail->send(); } function mime_versenden2($to_name, $to_address, $from_name, $from_address, $subject, $message, $priority = 3, $cc = 1, $html = 0) { // old function with sendmail $mail = new osimail; $mail->to_name = $to_name; $mail->to_address = $to_address; $mail->from_name = $from_name; $mail->from_address = $from_address; $mail->subject = $subject; $mail->body = $message; $mail->priority = $priority; $mail->cc = $cc; $mail->prefix = ""; $mail->Mailer = MAILER_REGULAR; $mail->send(); } class osimail { // required public $to_address; // or public $id = 0; //ID in table mailings_emails // optional public $to_name = ""; public $from_address = ADMIN_EMAIL; public $from_name = ADMIN_BRAND; public $bounce_email = BOUNCE_EMAIL; public $reply_to_email = ""; public $subject = "no subject"; public $priority = 3; public $cc = 1; public $prefix = EMAIL_SUBJ; // optionally used to update mailings_emails table public $language = ""; public $country = ""; public $html = ""; public $txt = ""; // for xml/xsl messages // either public $mailref = 0; // id of table 'mailings' // or public $xml_src = ""; public $html_xsl_src = ""; // either a string or record # in table mailings_xsls public $txt_xsl_src = ""; // either a string or record # in table mailings_xsls // for simple text messages public $message = ""; // errors public $errorNo = 0; public $errMsg = ""; // misc public $Mailer = MAILER_REGULAR; public $report = TRUE; // report errors to admin public function send() { global $debug, $coupon, $smtp_host, $smtp_auth, $smtp_username, $smtp_password, $smtp_port, $smtp_secure; $coupon = ""; switch ($this->Mailer) { case "smtp2": $smtp_id = 2; require "smtp.php"; $mail->Mailer = "smtp"; break; default: $smtp_id = 1; require "smtp.php"; $mail->Mailer = "smtp"; break; } if ($this->mailref > 0) { $r = mysql_query2("select * from mailings where id=%s", $this->mailref); if ($row = mysql_fetch_object($r)) { $this->xml_src = $row->xml; $r = mysql_query2("select * from mailings_xsls where id=%s", $row->html_xsl); $this->html_xsl_src = mysql_fetch_object($r)->code; $r = mysql_query2("select * from mailings_xsls where id=%s", $row->txt_xsl); $this->txt_xsl_src = mysql_fetch_object($r)->code; } } if ($this->xml_src != "") { // Load the XML source $xml = new DOMDocument; $xml->loadXML($this->xml_src); $html = ""; $txt = ""; if ($this->html_xsl_src != "") { $xsl = new DOMDocument; $xsl->substituteEntities = TRUE; if (is_numeric($this->html_xsl_src)) { // is a record # $r = mysql_query2("select * from mailings_xsls where id=%s", $this->html_xsl_src); $xsl->loadXML(mysql_fetch_object($r)->code); } else $xsl->loadXML($this->html_xsl_src); $proc = new XSLTProcessor; $proc->importStyleSheet($xsl); $html = $proc->transformToXML($xml); $html = trans_inx($html, $this->to_address, $this->id, $this->mailref, $this->to_name, 1); }; if ($this->txt_xsl_src != "") { $xsl = new DOMDocument; $xsl->substituteEntities = TRUE; if (is_numeric($this->txt_xsl_src)) { // is a record # $r = mysql_query2("select * from mailings_xsls where id=%s", $this->txt_xsl_src); $xsl->loadXML(mysql_fetch_object($r)->code); } else $xsl->loadXML($this->txt_xsl_src); $proc = new XSLTProcessor; $proc->importStyleSheet($xsl); $txt = $proc->transformToXML($xml); $txt = trans_inx($txt, $this->to_address, $this->id, $this->mailref, $this->to_name, 0); } if ($html == "") { $mail->IsHTML(FALSE); $mail->Body = $txt; } else { $mail->IsHTML(TRUE); $mail->Body = $html; $mail->AltBody = $txt; } } else { if ($this->html == "") { $mail->IsHTML(FALSE); if ($this->txt == "") $mail->Body = $this->body; else $mail->Body = $this->txt; } else { $mail->IsHTML(TRUE); $mail->Body = $this->html; $mail->AltBody = $this->txt; } } if ((DEVELOPMENT or TEST_MODUS) and ( $this->to_address != ADMIN_EMAIL)) { $this->to_name .= "/" . str_replace("@", "-at-", $this->to_address); $this->to_address = ADMIN_EMAIL; } $mail->AddAddress($this->to_address, $this->to_name); if ($this->reply_to_email != "") $mail->AddReplyTo($this->reply_to_email, $this->from_name); $mail->SetFrom($this->from_address, $this->from_name); $mail->Sender = $this->bounce_email; $mail->addCustomHeader("Sender: <" . $this->bounce_email . ">"); $mail->addCustomHeader("Return-Path: <" . $this->bounce_email . ">"); $mail->addCustomHeader(X_HEADER . ": ||" . md5b($this->to_address) . "||"); if ($this->mailref > 0) $mail->addCustomHeader(X_HEADER2 . ": ||" . md5b($this->mailref) . "||"); $mail->Subject = mb_encode_mimeheader($this->prefix . $this->subject, "UTF-8", "Q"); $mail->Priority = $this->priority; $mail->CharSet = "utf-8"; if ($this->cc) { $mail->AddCC(ADMIN_EMAIL, ADMIN_BRAND); } $mail->DKIM_domain = substr($this->bounce_email, strpos($this->bounce_email, "@") + 1); $mail->DKIM_private = HTDOCS . '/include/sites/' . SITE . '/keys/.htkeyprivate'; $mail->DKIM_selector = 'phpmailer'; $mail->DKIM_passphrase = ''; $result = $mail->Send(); if (!$result) { // error if ($this->Mailer == "amazonses") { $this->errorNo = $mail->AWSErrNo; $this->errMsg = $mail->AWSErrMsg; } else { $this->errorNo = 400; $this->errMsg = "misc. mail error"; } debug($this->errorNo, $this->errMsg); } return ($result); } } function trans_inx($s, $email, $id = 0, $mailref = 0, $name = "", $is_html = 1) { // id = ID in table mailings_emails // mailref = ID in table mailings //return ($s); global $email_mailing_id, $mailing_id, $coupon, $db; if (($id > 0) && ($email == "")) { $r = mysql_query2("select email from mailings_emails where id=%s", $id); $email = mysql_fetch_object($r)->email; } $body_add_txt = "\n\n||" . md5b($email) . "||\n"; if ($mailref > 0) $body_add_txt .= "||" . md5b($mailref) . "||\n"; $body_add_html = "\n" . '

' . "\n||" . md5b($email) . "||\n"; if ($mailref > 0) $body_add_html .= "
||" . md5b($mailref) . "||"; $body_add_html .= "

\n"; $email_mailing_id = $id; $mailing_id = $mailref; $email_md5 = md5b($email); $search[] = '/\[%body_add_txt\]/i'; $search[] = '/\[%body_add_html\]/i'; $search[] = '/</'; $search[] = '/>/'; if (!$is_html) { $search[] = '|<[A-Za-z0-9]+>|'; $search[] = '||'; } $search[] = '/\[email\]/i'; $search[] = '/\[%listcharset\]/i'; $search[] = '/\[%id\]/i'; $search[] = '/\[%code\]/i'; $search[] = '/\[%mailref\]/i'; $search[] = '/\[name\]/i'; $search[] = <<id, $e, $code); $r2 = mysql_query2("select * from mailings_links_emails_mailing where link=%s and email_mailing=%s", $row->id, $e); $rows = mysql_numrows($r2); } $code = mysql_fetch_object($r2)->code; $s .= $code; } return ($s); } function x2($params) { global $coupon; $description = $params[1]; $from_date = $params[2]; $to_date = $params[3]; $gb = $params[4]; mysql_query2("START TRANSACTION"); mysql_query2("insert into coupons (description, valid_from, valid_until, gb) values (%s, %s, %s, %s)", $description, $from_date, $to_date, $gb); $nr = mysql_insert_id(); //$code = md5b ($nr); $code = shortcode(); mysql_query2("update coupons set code=%s where nr=%s", $code, $nr); mysql_query2("COMMIT"); $coupon = $code; return ($code); } function telnum_blacklist($telnum, $telcode) { $err = FALSE; if ((substr($telcode . $telnum, 0, 4) == "+439") || // 0900 Mehrwert Nummer (substr($telcode . $telnum, 0, 5) == "+4382") // SMS.at etc. ) $err = TRUE; return ($err); } function adresse_email($language) { if ($language == "DE") { $adresse = "aus Deutschland: " . ADMIN_PHONE_DE . NL . "(0,09 Euro pro Minute aus den deutschen Festnetz, ggf. abweichende Preise aus dem Mobilfunk)" . NL . "aus Österreich: " . ADMIN_PHONE_AT . NL . "aus anderen Ländern: " . ADMIN_PHONE; } else { $adresse = "Austria: " . ADMIN_PHONE; } return ($adresse); } function t_select($default, $prod_id, $with_blank = 0, $section = "", $lang = "DE") { global $db, $language, $debug; if ($lang == "") $lang = $language; if ($with_blank) { echo '\n"; } if ($section == "") $r = mysql_query2("select id, schluessel from translations where language=%s and mandant=%s order by schluessel", $lang, MANDANT); else $r = mysql_query2("select id, schluessel from translations where sect=%s and language=%s and mandant=%s order by schluessel", $section, $lang, MANDANT); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function parent_select($default, $prod_id, $with_blank = 0, $what = 0) { global $db, $language; if ($with_blank) { echo '\n"; } switch ($what) { case 1: $r = mysql_query2("select id, sku, nameTxt, active from products where parent is NULL and mandant=%s and active order by sku", MANDANT); break; case 2: $r = mysql_query2("select id, sku, nameTxt, active from products where parent is NULL and mandant=%s and not active order by sku", MANDANT); break; case 0: $r = mysql_query2("select id, sku, nameTxt, active from products where parent is NULL and mandant=%s order by sku", MANDANT); break; } while ($row = mysql_fetch_object($r)) { $t = t3($row->nameTxt, $row->id, 0, "", "", "", "", "", "DE", TRUE, TRUE); echo "\n"; } } function subparent_select($default, $prod_id, $with_blank = 0) { global $db, $language; if ($with_blank) { echo '\n"; } $r = mysql_query2("select * from subparents where parent=%s", $prod_id); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function color_select($default, $with_blank = 0, $ismap = FALSE, $product = FALSE) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } if ($ismap) { $r = mysql_query2("select id, `$language_sort` from colors where is_map order by `$language_sort`"); } else { if ($product->parent) { if ($product->id) { $r = mysql_query2("select c.id, c.`$language_sort` from colors c left join products p on p.parent=%s and p.id<>%s and p.color=c.id where p.id is null order by `$language_sort`", $product->parent, $product->id); } else { $r = mysql_query2("select c.id, c.`$language_sort` from colors c left join products p on p.parent=%s and p.color=c.id where p.id is null order by `$language_sort`", $product->parent); } } else { $r = mysql_query2("select id, `$language_sort` from colors order by `$language_sort`"); } // FIX - funktioniert so nicht :-( $r = mysql_query2("select id, `$language_sort` from colors order by `$language_sort`"); } while ($row = mysql_fetch_object($r)) { echo "\n"; } } function display_unit_select($default, $with_blank = 0, $typ = "") { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } if ($typ == "") $r = mysql_query2("select id, `$language_sort` from units order by `$language_sort`"); else $r = mysql_query2("select id, `$language_sort` from units where typ=%s order by `$language_sort`", $typ); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function category_select($default, $with_blank = 0) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } $r = mysql_query2("select SQL_NO_CACHE id, name_DE from categories where mandant=%s order by `name_DE`", MANDANT); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function outer_material_select($default, $with_blank = 0) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } $r = mysql_query2("select * from outer_materials order by `name_DE`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function template_select($default, $with_blank = 0, $only_existing = FALSE) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } } function imagefiles($parent, $existing_images) { $result = array(); $r = mysql_query2("select fname from photos p, photos_parents pp where pp.photo=p.id and pp.parent=%s", $parent); while ($row = mysql_fetch_object($r)) { $result[] = $row->fname; } $r = mysql_query2("select fname from photos p left join photos_parents pp on pp.photo=p.id where pp.id is null"); while ($row = mysql_fetch_object($r)) { $result[] = $row->fname; } $result = array_merge($result, $existing_images); $result = array_unique($result); sort($result); return ($result); } function image_select($default, $with_blank = 0, $imagefiles) { global $db; if ($with_blank) { echo '\n"; } while (list(, $file) = each($imagefiles)) { if (preg_match("/^[^.].*\.(gif|jpg|jpeg|png)$/i", $file)) { echo "\n"; } } } function xmlfiles() { global $db; return ($result); } function season_select($default, $with_blank = 0, $language) { global $db; if ($with_blank) { echo '\n"; } $r = mysql_query2("select * from seasons where language=%s order by name", $language); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function special_size_select($default, $with_blank = 0, $language) { global $db, $language_sort; if ($with_blank) { echo '\n"; } $r = mysql_query2("select * from special_sizes order by `$language_sort`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function size_select($default, $with_blank = 0, $country = "DE", $is_map = FALSE) { global $db; if ($with_blank) { echo '\n"; } if ($is_map) $r = mysql_query2("select * from sizes where country=%s and is_map order by name", $country); else $r = mysql_query2("select * from sizes where country=%s order by name", $country); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function style_keyword_select($default, $with_blank = 0) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, `$language_sort` from style_keywords order by `$language_sort`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function clothing_type_select($default, $with_blank = 0) { global $db, $language; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, name from clothing_types order by `name`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function style_name_select($default, $with_blank = 0) { global $db, $language; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, name_DE from style_names order by `name_DE`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function length_name_select($default, $with_blank = 0) { global $db, $language; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, name_DE from length_names order by `name_DE`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function apparel_closure_select($default, $with_blank = 0) { global $db, $language; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, name_DE from apparel_closure_type order by `name_DE`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function browse_node_select($default, $with_blank = 0) { global $db, $language; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, name from browse_nodes where `active` order by `name`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function department_select($default, $with_blank = 0) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, `$language_sort` from departments order by `$language_sort`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function opacity_select($default, $with_blank = 0) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } $r = mysql_query2("select * from opacity order by `$language_sort`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function pattern_select($default, $with_blank = 0) { global $db, $language, $language_sort; if ($with_blank) { echo '\n"; } $r = mysql_query2("select * from patterns order by `$language_sort`"); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function brand_select($default, $with_blank = 0) { global $db, $language; if ($with_blank) { echo '\n"; } $r = mysql_query2("select id, name from brands where mandant=%s order by name", MANDANT); while ($row = mysql_fetch_object($r)) { echo "\n"; } } function year_select($default, $with_blank = 0) { if ($with_blank) { echo '\n"; } $start = 2011; $end = date("Y") + 3; $i = $start; while ($i <= $end) { echo "\n"; $i++; } } function country_select($default, $with_blank = 0, $export = FALSE) { global $db, $language, $language_sort; $language_sort = mysql_real_escape_string($language_sort); if ($with_blank) { echo '\n"; } if ($export) $r = mysql_query2("select c.* from countries c, mandanten_countries m where m.mandant=%s and m.marketplace and m.country=c.id and c.export group by c.id order by `" . $language_sort . "`", MANDANT); else $r = mysql_query2("select * from countries order by `" . $language_sort . "`"); while ($row = mysql_fetch_object($r)) { echo ""; echo "\n"; } } function mandant_select($default, $with_blank = 0) { global $db; if ($with_blank) { echo '\n"; } $r = mysql_query2("select * from mandanten where active"); while ($row = mysql_fetch_object($r)) { echo "\n"; } $r = mysql_query2("select * from lager where active and mandant=%s order by kurzname, id", MANDANT); while ($row = mysql_fetch_object($r)) { echo "\n"; } $r = mysql_query2("select SQL_NO_CACHE * from languages order by `" . $language_sort . "`"); while ($row = mysql_fetch_object($r)) { echo "