Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

B2B Suite and Register Globals off


steve01

Recommended Posts

Hello,

 

if i add a new customer group i became the message: Attention all fields are required. This is a problem of register globals (off). What can i do?

 

This is my customers_groups.php

 

<?php
/*
 Released under the GNU General Public License

 author: Enrico Drusiani

 created: 2003/5/22
Contribution B2BSuite id="id20031008144119"
released by Walter "BluEdoG" Tosolini (info AT bluedog DOT it)
*/

 require('includes/application_top.php');



 if ($HTTP_GET_VARS['action']) {
switch ($HTTP_GET_VARS['action']) {
  case 'update':

	if (strlen($customers_group_name) == "" || $customers_group_discount ==  "" || $customers_group_discount ==  0) {
  $error = true;
  $messageStack->add(ENTRY_GROUPS_NAME_ERROR);
} else {						
	$customers_groups_id = tep_db_prepare_input($HTTP_GET_VARS['cID']);
	$customers_groups_name = tep_db_prepare_input($HTTP_POST_VARS['customers_group_name']);
	$customers_groups_discount = tep_db_prepare_input($HTTP_POST_VARS['customers_group_discount']);
			$color_bar = tep_db_prepare_input($HTTP_POST_VARS['color_bar']);
			$group_tax = tep_db_prepare_input($HTTP_POST_VARS['group_tax']);
// START PAYMENT_UNALLOWED
	if ($HTTP_POST_VARS['payment_unallowed']) {
	  while(list($key, $val) = each($HTTP_POST_VARS['payment_unallowed'])) {
		if ($val == true) { $group_payment_unallowed .= $val.','; }
	  }
	  $group_payment_unallowed = substr($group_payment_unallowed,0,strlen($group_payment_unallowed)-1);
	  }
// END PAYMENT_UNALLOWED 

	tep_db_query("update " . TABLE_CUSTOMERS_GROUPS . " set customers_group_name='" . $customers_groups_name . "', customers_group_discount=" . $customers_group_discount . ", color_bar='" . $color_bar ."', group_payment_unallowed='". $group_payment_unallowed ."', group_tax = '". $group_tax ."' where customers_group_id = " . tep_db_input($customers_groups_id) );
	tep_redirect(tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . 'cID=' . $customers_group_id));
	}
	break;

  case 'deleteconfirm':
	$group_id = tep_db_prepare_input($HTTP_GET_VARS['cID']);
	tep_db_query("delete from " . TABLE_GROUPS_TO_CATEGORIES . " where customers_group_id= " . $group_id);
	tep_db_query("delete from " . TABLE_CUSTOMERS_GROUPS . " where customers_group_id= " . $group_id);

	$customers_id_query = tep_db_query("select customers_id from " . TABLE_CUSTOMERS . " where customers_group_id=" . $group_id);
	while($customers_id = tep_db_fetch_array($customers_id_query)) {
		tep_db_query("UPDATE " . TABLE_CUSTOMERS . " set customers_group_id=1 where customers_id=" . $customers_id['customers_id']);
	}

	tep_redirect(tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')))); 
	break;

  case 'newconfirm' :
	if (strlen($customers_group_name) == "" || $customers_group_discount ==  "" || $customers_group_discount ==  0) {
  $error = true;
  $messageStack->add(ENTRY_GROUPS_NAME_ERROR);
} else {				
			$customers_group_name = tep_db_prepare_input($HTTP_POST_VARS['customers_group_name']);
	$customers_group_discount = tep_db_prepare_input($HTTP_POST_VARS['customers_group_discount']);

			$color_bar = tep_db_prepare_input($HTTP_POST_VARS['color_bar']);
			$group_tax = tep_db_prepare_input($HTTP_POST_VARS['group_tax']);
	// START PAYMENT_UNALLOWED
	/*if ($HTTP_POST_VARS['payment_unallowed']) {
		while(list($key, $val) = each($HTTP_POST_VARS['payment_unallowed'])) {
		if ($val == true) { $group_payment_unallowed .= $val.','; }
		}
		$group_payment_unallowed = substr($group_payment_unallowed,0,strlen($group_payment_unallowed)-1);
		}*/
	// END PAYMENT_UNALLOWED				

	tep_db_query("insert into " . TABLE_CUSTOMERS_GROUPS . " set customers_group_name = '" . $customers_group_name . "',customers_group_discount = '" . $customers_group_discount . "', color_bar='" . $color_bar ."', group_tax = '". $group_tax ."' ");
	tep_redirect(tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action'))));
			}
	break;

  case 'newdiscountconfirm':
	if ($HTTP_POST_VARS['discount'] == "" || $HTTP_POST_VARS['discount'] == 0) {
  $error = true;
  $messageStack->add(ENTRY_GROUPS_NAME_ERROR_ZERO);
} else {				
	$group_id = tep_db_prepare_input($HTTP_POST_VARS['cID']);
	$new_category_discount = tep_db_prepare_input($HTTP_POST_VARS['discount']);
	$new_category_id = tep_db_prepare_input($HTTP_POST_VARS['categories_id']);
	$check_query = tep_db_query('select * from ' . TABLE_GROUPS_TO_CATEGORIES . ' where categories_id=' . $new_category_id . ' and customers_group_id=' . $group_id);
	$check = tep_db_fetch_array($check_query);
	if($check == null) {
		$query_insert = "insert into " . TABLE_GROUPS_TO_CATEGORIES . " (customers_group_id, categories_id, discount) VALUES (" . $group_id ."," . $new_category_id ."," . $new_category_discount .")"; 
		tep_db_query($query_insert);
	}
	tep_redirect(tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action','cID')) . '&action=edit&cID=' . $group_id));
			}

	break;

  case 'deletediscount':
	$group_id = tep_db_prepare_input($HTTP_GET_VARS['cID']);
	$category_id = tep_db_prepare_input($HTTP_GET_VARS['catID']);				
	$delete_query = "delete from " . TABLE_GROUPS_TO_CATEGORIES . " where customers_group_id= " . $group_id . " and categories_id= " . $category_id;
	tep_db_query($delete_query);
			tep_redirect(tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action')) . '&action=edit&cID=' . $group_id));
	break;

  case 'updatediscount':
	if ($HTTP_POST_VARS['upddiscount'] == "" || $HTTP_POST_VARS['upddiscount'] == 0 ) {
  $error = true;
  $messageStack->add(ENTRY_GROUPS_NAME_ERROR_ZERO);
} else {				
	$group_id = tep_db_prepare_input($HTTP_GET_VARS['cID']);
	$new_discount = tep_db_prepare_input($HTTP_POST_VARS['upddiscount']);
	$category_id = tep_db_prepare_input($HTTP_POST_VARS['catID']);
	$query = "update " . TABLE_GROUPS_TO_CATEGORIES . " set discount=" . $new_discount ." where customers_group_id = " . $group_id . " and categories_id = " . $category_id;
	tep_db_query($query);
	tep_redirect(tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action')) . '&action=edit&cID=' . $group_id));
			}
	break;

	  case 'updateallprice':
	$groups_id = tep_db_prepare_input($HTTP_GET_VARS['cID']);
			//select the basic price
			$pricek_array = tep_db_query("select p.products_price, p.products_id, p.products_percentage, pc.categories_id from ". TABLE_PRODUCTS ." p, ". TABLE_PRODUCTS_TO_CATEGORIES ." pc WHERE pc.products_id = p.products_id  ");
			while ($pricek_values = tep_db_fetch_array($pricek_array)) {

			//build the application for b2bsuite
			$customers_group_query = tep_db_query("select distinct customers_group_id, customers_group_name, customers_group_discount from ". TABLE_CUSTOMERS_GROUPS ." where customers_group_id = '" . $groups_id . "' ");
		$customers_group = tep_db_fetch_array($customers_group_query);
	 		if (tep_db_num_rows($customers_group_query) > 0) {
 			 $attributes_query = tep_db_query("select customers_group_id, products_id, customers_group_price, products_price from " . TABLE_PRODUCTS_GROUPS . " where customers_group_id = '" . $groups_id . "'AND products_id = '". $pricek_values['products_id'] . "'");
 			 $attributes = tep_db_fetch_array($attributes_query);
	 			 //$query_discount = tep_db_query("select discount, categories_id from " . TABLE_GROUPS_TO_CATEGORIES . " where customers_group_id = " . $groups_id ." ");
	 			 $query_discount = tep_db_query("select discount from " . TABLE_GROUPS_TO_CATEGORIES . " where customers_group_id = " . $groups_id ." AND categories_id = ". $pricek_values['categories_id'] . ""); 
				 $query_discount_result = tep_db_fetch_array($query_discount);
	 		if (is_null($query_discount_result['discount'])) {
	 			 $ricarico = $customers_group['customers_group_discount'];
	 			 } else {
	 			 $ricarico = $query_discount_result['discount'];
	 			 }	   
			}		
			//apply the b2bsuite to basic price
			$pricek = $pricek_values['products_price'];
			//if ($pricek_values['products_percentage'] == '0'){
				if ($pricek > 0){			 
					 if (B2B == 'true') {	
		 			 		if ($ricarico > 0) $newprice = $pricek+($pricek/100)*$ricarico;
		 					if ($ricarico == 0) $newprice = $pricek;
 			  }
			  if (B2B == 'false') {
	   			 if ($ricarico > 0) $newprice = $pricek-($pricek/100)*$ricarico;
		 			 if ($ricarico == 0) $newprice = $pricek;
 			  }
 			} else {
		  $newprice = 0;
 			}				
			//}					
			//update the dbase with new values
			if ($attributes['customers_group_id'] == NULL ) { 
			tep_db_query("INSERT INTO "  . TABLE_PRODUCTS_GROUPS . " (customers_group_id, customers_group_price, products_id, products_price) values (". $groups_id . ", " . $newprice . ", " . $pricek_values['products_id'] . ", " . $pricek . ")");				  
			} else {
			tep_db_query("UPDATE "  . TABLE_PRODUCTS_GROUPS . " SET customers_group_price=". $newprice ." WHERE customers_group_id=". $groups_id ." AND products_id=". $pricek_values['products_id'] ."");
			}
			$count_update++;
			$item_updated[$id] = 'updated';				
			}
			$count_item = array_count_values($item_updated);
		if ($count_item['updated'] > 0) $messageStack->add($count_item['updated'].' '.TEXT_PRODUCTS_UPDATED . " $count_update " . TEXT_QTY_UPDATED, 'success');
			break;				
}
 }



?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js"></script>
<script language="Javascript" src="includes/colorpicker.js"></script>
<?php //require('includes/form_check.js.php'); ?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
 <tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<?php
if ($HTTP_GET_VARS['action'] == 'edit') {  
$customers_group_query = tep_db_query("select * FROM " . TABLE_CUSTOMERS_GROUPS . " c  where c.customers_group_id = '" . $HTTP_GET_VARS['cID'] . "' ORDER BY c.customers_group_id");
$customers_group = tep_db_fetch_array($customers_group_query);
$cInfo = new objectInfo($customers_group);
	//$cInfo = new objectInfo(tep_get_customers_group);
// START PAYMENT_UNALLOWED
 $payments_unallowed = explode (",",$cInfo->group_payment_unallowed);
 $module_directory = DIR_FS_CATALOG_MODULES . 'payment/';
 $module_key = 'MODULE_PAYMENT_INSTALLED';

 $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
 $directory_array = array();
 if ($dir = @dir($module_directory)) {
while ($file = $dir->read()) {
  if (!is_dir($module_directory . $file)) {
	if (substr($file, strrpos($file, '.')) == $file_extension) {
	  $directory_array[] = $file;
	}
  }
}
sort($directory_array);
$dir->close();
 }

 if (!isset($cInfo->group_tax)) $cInfo->group_tax = 'true';
  switch ($cInfo->group_tax) {
  case 'false': $group_tax_inc = false; $group_tax_ex = true; break;
  case 'true':
  default: $group_tax_inc = true; $group_tax_ex = false;
}		
// END PAYMENT_UNALLOWED 		


?>
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
		<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
  </tr>

<!-- // FORM main screen -->


  <tr><?php echo tep_draw_form('customers_group', FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action')) . 'action=update', 'post', 'onSubmit="return check_form();"'); ?>
	<td class="formAreaTitle"><?php echo CATEGORY_PERSONAL; ?></td>
  </tr>
  <tr>
	<td class="formArea"><table border="0" cellspacing="2" cellpadding="2">
	  <tr>
		<td class="main"><?php echo ENTRY_GROUPS_NAME; ?></td>
		<td class="main"><?php echo tep_draw_input_field('customers_group_name', $cInfo->customers_group_name, 'maxlength="32"', false); ?></td>
	  </tr>
	  <tr>
		<td class="main"><?php echo ENTRY_DEFAULT_DISCOUNT; ?></td>
		<td class="main"><?php echo tep_draw_input_field('customers_group_discount', $cInfo->customers_group_discount, 'maxlength="5" size=5', false); ?></td>
	  </tr>

		<tr>
		<td class="main"><?php echo ENTRY_COLOR_BAR; ?></td>
		 <td>
				<table width="50%" id="colortd" align="left" bgcolor="<?php echo $cInfo->color_bar;?>">
		  <tr>																				 
			<td align="center" >
	  <!-- flooble.com Color Picker start -->
		  <input id="pick1064797275field" size="12" class="inputbox"
	  onChange="cp.relateColor(this.value);" title="onclick" name="color_bar" value="<?php echo $cInfo->color_bar;?>">
	  <a href="javascript:void(0)" onclick="cp.pickColor();" id="pick1064797275"
	  style="border: 1px solid #000000; font-family:Verdana; font-size:10px;
	  text-decoration: none;">???</a>
	  <script language="javascript">
		var cp = new ColorPicker( 'cp', 'pick1064797275', '#ffffff' );
	  </script>
		<!-- flooble Color Picker end -->			  
			</td>
		  </tr>
		</table>
		 </td>
		</tr>
<!-- BOF GROUP PAYMENT UNALLOWED -->
<tr>	
<td class="main"><?php echo ENTRY_GROUP_PAYMENT_UNALLOWED; ?></td>
<td>
 <table cellspacing="0" cellpadding="0" border="0" align="right">
  <tr>
   <td class="formArea">
	<table border="0" cellspacing="0" cellpadding="2">
	  <tr class="dataTableHeadingRow">
		<td align="center" class="dataTableHeadingContent">*</td>
		  <td class="dataTableHeadingContent"><?php echo ENTRY_PAYMENT_UNALLOWED; ?></td>
  </tr>
<?php
 $module_active = explode (";",MODULE_PAYMENT_INSTALLED);
 $installed_modules = array();
 for ($i = 0, $n = sizeof($directory_array); $i < $n; $i++) {
$file = $directory_array[$i];
if (in_array ($directory_array[$i], $module_active)) {
 include(DIR_FS_CATALOG_LANGUAGES . $language . '/modules/payment/' . $file);
 include($module_directory . $file);

 $class = substr($file, 0, strrpos($file, '.'));
 if (tep_class_exists($class)) {
   $module = new $class;
   if ($module->check() > 0) {
	 $installed_modules[] = $file;
}
  }
?>
<td class="dataTableContent">
<?php echo tep_draw_checkbox_field('payment_unallowed[' . $i . ']', $module->code , (in_array ($module->code, $payments_unallowed)) ?  1 : 0); ?></td>
<td class="dataTableContent"><?php echo $module->title; ?></td>
 </tr>
<?php
 if ($HTTP_POST_VARS['payment_unallowed'][$i]) {
  $HTTP_POST_VARS['group_payment_unallowed'] .= $HTTP_POST_VARS['payment_unallowed'][$i] . ',';
  }
 } 
}

?>
</table>
</td></tr>
</table>
	  <tr>
		<td class="main"><?php echo ENTRY_GROUP_TAX; ?></td>
		<td class="main">
<?php echo tep_draw_radio_field('group_tax', 'true', $group_tax_inc) . '?' . TEXT_GROUP_TAX_INC . '?' . tep_draw_radio_field('group_tax', 'false', $group_tax_ex). '?' . TEXT_GROUP_TAX_EX; ?>
		</td>
	  </tr>
</td>
</tr>
<!-- EOF GROUP PAYMENT UNALLOWED -->				


			</table></td>

  </tr>			

  <tr>
	<td class="dataTableContent">
			* <?php echo ENTRY_PAYMENT_UNALLOWED_EXPLAIN; ?><br>
			<?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
  </tr>
  <tr>
	<td align="right" class="main"><?php echo tep_image_submit('button_update.gif', IMAGE_UPDATE) . ' <a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action','cID'))) .'">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'; ?></td>
  </tr>
  </form>

<!-- //END FORM -->

  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '70'); ?></td>
  </tr>


<?php 
$subcategories_array = array(array('id' => '0', 'text' => SELECT_CATEGORY ));
$categories_query = tep_db_query("select count('j.parent_id') as conto, c.categories_id, c.parent_id, f.categories_name from " . TABLE_CATEGORIES ." c, " . TABLE_CATEGORIES . "  j, " . TABLE_CATEGORIES_DESCRIPTION . "  f  where c.categories_id <> j.parent_id and c.categories_id = f.categories_id and f.language_id= " . $languages_id . " group by c.categories_id order by f.categories_name");	
$count_query= tep_db_query("select count('categories_id') as conto from " . TABLE_CATEGORIES);
$count = tep_db_fetch_array($count_query); 
while ($categories = tep_db_fetch_array($categories_query)) {
	if ($categories['conto'] == $count['conto']){	

		$parents_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = " . $categories['parent_id']);
		$parents = tep_db_fetch_array($parents_query);
		if($parents['categories_name'] != null) {
			//$parents_array[] = array('text' => $parents['categories_name']);
			$add = $parents['categories_name'] . " - ";
		}
		else $add = "";
		$subcategories_array[] = array('text' => $add . $categories['categories_name'] . ' - ' .$categories['categories_id'],
									 'id' => $categories['categories_id']);


  }
}

sort($subcategories_array);
?>	  

<!-- // FORM CATEGORIES -->

  <tr>
	<?php echo tep_draw_form('newdiscountconfirm', FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action')) . 'action=newdiscountconfirm', 'post', '') . tep_draw_hidden_field('cID', $HTTP_GET_VARS['cID']); ?> 
	<td class="formArea"><table border="0" cellspacing="2" cellpadding="2">
	  <tr>
		<td class="main"><?php echo ENTRY_CATEGORIES_NAME; ?></td>
		<td class="main"><?php echo tep_draw_pull_down_menu('categories_id', $subcategories_array); ?></td>
	  </tr>
	  <tr>
		<td class="main"><?php echo ENTRY_CATEGORIES_DISCOUNT; ?></td>
		<td class="main"><?php echo tep_draw_input_field('discount', '0', 'maxlength="5" size="5"', false); ?></td>
	  </tr>
	  <tr>
		<!--<td><input type=button value=crea OnClick='document.donner.submit();'></td>-->
		<td class="main" align="right"<?php echo $background; ?>><?php echo  tep_image_submit('button_insert.gif', IMAGE_INSERT)  ?></td>
	  </tr>
	</table></td>
  </tr></form>
<!-- // EOF CATEGORIES FORM -->
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
  </tr>
<!-- // BOF CATEGORIES PERCENTAGE -->
  <tr>
	<td class="formArea"><table border="0" cellspacing="2" cellpadding="2" width="100%">
		<tr>
			<td>
				<table border=0 cellspacing=0 cellpadding=0 width="100%">
					<tr>
						<td class="formAreaTitle"><?PHP echo TEXT_CATEGORIES; ?></td>
						<td class="formAreaTitle"><?PHP echo TABLE_HEADING_DISCOUNT; ?></td>
						<td class="formAreaTitle" align="right"><?PHP echo TABLE_HEADING_ACTION; ?></td>
					<tr>

<?php 

							$index = 0;
			$group_to_categories_query = tep_db_query('select distinct c.discount, c.categories_id, c.customers_group_id, g.categories_name, g.language_id, f.parent_id from ' . TABLE_GROUPS_TO_CATEGORIES . ' c, ' . TABLE_CATEGORIES_DESCRIPTION . ' g, ' . TABLE_CATEGORIES . ' f where c.customers_group_id=' . $HTTP_GET_VARS['cID'] . ' and c.categories_id = g.categories_id and c.categories_id = f.categories_id and g.language_id = "' . $languages_id . '" order by g.categories_name');
			while ($group_to_categories =  tep_db_fetch_array($group_to_categories_query)) {
				if ($index == 0){
					$index = 1;
					$background = 'bgcolor="white"';
				}else{
					$index = 0;
					$background = '';
				}

				$parents_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = " . $group_to_categories['parent_id']);
				$parents = tep_db_fetch_array($parents_query);
				if($parents['categories_name'] != null) {
					$add = $parents['categories_name'] . " - ";
				}
				else $add = "";
?>
				<?php echo tep_draw_form('test', FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action')) . 'action=updatediscount', 'post', ''); ?>
					<tr>
						<?php echo tep_draw_hidden_field('catID', $group_to_categories['categories_id']); ?>						 
						<td class="main"<?php echo $background; ?>> <?php echo $add . $group_to_categories['categories_name'];?></td>
						<td class="main"<?php echo $background; ?>> <input type=text name="upddiscount" maxlength="5" size="5" value=<?php echo '"' . $group_to_categories['discount'] . '"' ?></td>
						<td class="main" align="right"<?php echo $background; ?>><?php echo  tep_image_submit('button_update.gif', IMAGE_UPDATE); ?></form>
													<?php echo tep_draw_form('test', FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action')) . 'action=deletediscount&catID='. $group_to_categories['categories_id'], 'post', ''); ?>
													<?php echo tep_image_submit('button_delete.gif', IMAGE_DELETE); ?></td><!--&cID=' . $group_to_categories['customers_group_id']. -->


											<tr>

				</form>
			<?php }?>
			</table>
		</td>			
		</tr>		
	</table></td>
  </tr>


<!-- //################################################################################
################################ -->
<!-- //											   NEW GROUP CREATION -->
<!-- //################################################################################
################################ -->
<?php
 } else if($HTTP_GET_VARS['action'] == 'newdiscount') {
?>
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
		<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
  </tr>

<?php
 } else if($HTTP_GET_VARS['action'] == 'new') {
 /*	$customers_group_query = tep_db_query("select * FROM " . TABLE_CUSTOMERS_GROUPS . " c  where c.customers_group_id = '" . $HTTP_GET_VARS['cID'] . "' ORDER BY c.customers_group_id");
$customers_group = tep_db_fetch_array($customers_group_query);
$cInfo = new objectInfo($customers_group);
	//$cInfo = new objectInfo(tep_get_customers_group);
// START PAYMENT_UNALLOWED
 $payments_unallowed = explode (",",$cInfo->group_payment_unallowed);
 $module_directory = DIR_FS_CATALOG_MODULES . 'payment/';
 $module_key = 'MODULE_PAYMENT_INSTALLED';

 $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
$directory_array = array();
 if ($dir = @dir($module_directory)) {
while ($file = $dir->read()) {
  if (!is_dir($module_directory . $file)) {
	if (substr($file, strrpos($file, '.')) == $file_extension) {
	  $directory_array[] = $file;
	}
  }
}
sort($directory_array);
$dir->close();
 }	*/

?>
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
		<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
  </tr>
  <tr><?php echo tep_draw_form('customers', FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action')) . 'action=newconfirm', 'post', 'onSubmit="return check_form();"'); ?>
	<td class="formAreaTitle"><?php echo CATEGORY_PERSONAL; ?></td>
  </tr>
  <tr>
	<td class="formArea"><table border="0" cellspacing="2" cellpadding="2">
	  <tr>
		<td class="main"><?php echo ENTRY_GROUPS_NAME; ?></td>
		<td class="main"><?php echo tep_draw_input_field('customers_group_name', '', 'maxlength="32"', true) . '?' . (tep_not_null(ENTRY_FIRST_NAME_TEXT) ? '<span class="inputRequirement"></span>': ''); ?></td>
	  </tr>
	  <tr>
		<td class="main"><?php echo ENTRY_DEFAULT_DISCOUNT; ?></td>
		<td class="main"><?php echo tep_draw_input_field('customers_group_discount', '', 'maxlength="5" size=5', true); ?></td>
	  </tr>




		<tr>
		<td class="main"><?php echo ENTRY_COLOR_BAR; ?></td>
		 <td>
				<table width="50%" id="colortd" align="left" bgcolor="#ffffff">
		  <tr>																				 
			<td align="center" >
	  <!-- flooble.com Color Picker start -->
		  <input id="pick1064797275field" size="12" class="inputbox"
	  onChange="cp.relateColor(this.value);" title="onclick" name="color_bar" value="<?php echo $cInfo->color_bar;?>">
	  <a href="javascript:void(0)" onclick="cp.pickColor();" id="pick1064797275"
	  style="border: 1px solid #000000; font-family:Verdana; font-size:10px;
	  text-decoration: none;">???</a>
	  <script language="javascript">
		var cp = new ColorPicker( 'cp', 'pick1064797275', '#ffffff' );
	  </script>
		<!-- flooble Color Picker end -->			  
			</td>
		  </tr>
		</table>
		 </td>
		</tr>
<!-- BOF GROUP PAYMENT UNALLOWED --><?php /*
<tr>	
<td class="main"><?php echo ENTRY_GROUP_PAYMENT_UNALLOWED; ?></td>
<td>
 <table cellspacing="0" cellpadding="0" border="0" align="right">
  <tr>
   <td class="formArea">
	<table border="0" cellspacing="0" cellpadding="2">
?>		  <tr class="dataTableHeadingRow">
		<td align="center" class="dataTableHeadingContent">*</td>
		  <td class="dataTableHeadingContent"><?php echo ENTRY_PAYMENT_UNALLOWED; ?></td>
  </tr>
<?php
 $module_active = explode (";",MODULE_PAYMENT_INSTALLED);
 $installed_modules = array();
 for ($i = 0, $n = sizeof($directory_array); $i < $n; $i++) {
$file = $directory_array[$i];
if (in_array ($directory_array[$i], $module_active)) {
 include(DIR_FS_CATALOG_LANGUAGES . $language . '/modules/payment/' . $file);
 include($module_directory . $file);

 $class = substr($file, 0, strrpos($file, '.'));
 if (tep_class_exists($class)) {
   $module = new $class;
   if ($module->check() > 0) {
	 $installed_modules[] = $file;
}
  }
?>
<td class="dataTableContent">
<?php echo tep_draw_checkbox_field('payment_unallowed[' . $i . ']', $module->code , (in_array ($module->code, $payments_unallowed)) ); ?></td>
<td class="dataTableContent"><?php echo $module->title; ?></td>
 </tr>
<?php
 if ($HTTP_POST_VARS['payment_unallowed'][$i]) {
  $HTTP_POST_VARS['group_payment_unallowed'] .= $HTTP_POST_VARS['payment_unallowed'][$i] . ',';
  }
 } 
}
?>
</table>
</td></tr>
</table> */ ?>
	  <tr>
		<td class="main"><?php echo ENTRY_GROUP_TAX; ?></td>
		<td class="main">
<?php echo tep_draw_radio_field('group_tax', '1', $group_tax_inc) . '?' . TEXT_GROUP_TAX_INC . '?' . tep_draw_radio_field('group_tax', '0', $group_tax_ex). '?' . TEXT_GROUP_TAX_EX; ?>
		</td>
	  </tr>








	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
  </tr>
  <tr>
	<td align="right" class="main"><?php echo tep_image_submit('button_update.gif', IMAGE_UPDATE) . ' <a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action','cID'))) .'">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'; ?></td>
  </tr>
  </form>
<?php 
 } else {
?>
  <tr>

	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr><?php echo tep_draw_form('search', FILENAME_CUSTOMERS_GROUPS, '', 'get'); ?>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
		<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', 1, HEADING_IMAGE_HEIGHT); ?></td>
		<td class="smallText" align="right"><?php echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('search'); ?></td>
	  </form></tr>
	</table></td>
  </tr>
  <tr>

	  <?php
	  switch ($listing) {
		  case "id-asc":
		  $order = "g.customers_group_id";
		  break;
		  case "group":
		  $order = "g.customers_group_name";
		  break;
		  case "group-desc":
		  $order = "g.customers_group_name DESC";
		  break;
		  case "discount":
		  $order = "g.customers_group_discount";
		  break;
		  case "discount-desc":
		  $order = "g.customers_group_discount DESC";
		  break;
		  default:
		  $order = "g.customers_group_id DESC";
	  }
	  ?>
		 <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
		  <tr class="dataTableHeadingRow">
			<td class="dataTableHeadingContent">
			<?php echo TABLE_HEADING_NAME; ?>?</td>
			<td></td>
							<td class="dataTableHeadingContent" align="right">								
			<?php echo TABLE_HEADING_DISCOUNT; ?>?</td>


			<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?>?</td>
		  </tr>

<?php
$search = '';
if ( ($HTTP_GET_VARS['search']) && (tep_not_null($HTTP_GET_VARS['search'])) ) {
  $keywords = tep_db_input(tep_db_prepare_input($HTTP_GET_VARS['search']));
  $search = "where g.customers_group_name like '%" . $keywords . "%'";
}
$customers_group_query_raw = "select * from " . TABLE_CUSTOMERS_GROUPS . " g  " . $search . " order by $order";
$customers_group_split = new splitPageResults($HTTP_GET_VARS['page'], MAX_DISPLAY_SEARCH_RESULTS, $customers_group_query_raw, $customers_group_query_numrows);
$customers_group_query = tep_db_query($customers_group_query_raw);

while ($customers_group = tep_db_fetch_array($customers_group_query)) {
  $info_query = tep_db_query("select customers_info_date_account_created as date_account_created, customers_info_date_account_last_modified as date_account_last_modified, customers_info_date_of_last_logon as date_last_logon, customers_info_number_of_logons as number_of_logons from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . $customers_group['customers_group_id'] . "'");
  $info = tep_db_fetch_array($info_query);

  if (((!$HTTP_GET_VARS['cID']) || (@$HTTP_GET_VARS['cID'] == $customers_group['customers_group_id'])) && (!$cInfo)) {
	$group_discount_query = tep_db_query("select c.categories_name, g.discount, c.language_id from " . TABLE_CATEGORIES_DESCRIPTION . " c, " . TABLE_GROUPS_TO_CATEGORIES . " g where g.customers_group_id = '" . $customers_group['customers_group_id'] . "' and g.categories_id=c.categories_id and c.language_id = " . $languages_id . " order by c.categories_name");
	//$group_discount = tep_db_fetch_array($group_discount_query);

	//$group_info = tep_array_merge($group_discount, $info);

	//$cInfo_array = tep_array_merge($customers_group, $group_info);
	$cInfo = new objectInfo($customers_group);//$cInfo_array);
  }

  if ( (is_object($cInfo)) && ($customers_group['customers_group_id'] == $cInfo->customers_group_id) ) {
	echo '<tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'hand\'" onclick="document.location.href=\'' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_group_id . '&action=edit') . '\'">' . "\n";
  } else {
	echo '<tr class="dataTableRow" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'hand\'" onmouseout="this.className=\'dataTableRow\'" onclick="document.location.href=\'' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID')) . 'cID=' . $customers_group['customers_group_id']) . '\'">' . "\n";
  }
?>
			<td class="dataTableContent"><?php echo $customers_group['customers_group_name']; ?></td>
							<td  bgcolor="<?php echo $customers_group['color_bar']; ?>" width="5"></td>
			<td class="dataTableContent" align="right"><?php echo $customers_group['customers_group_discount']; ?>%</td>
			<td class="dataTableContent" align="right"><?php if ( (is_object($cInfo)) && ($customers_group['customers_group_id'] == $cInfo->customers_group_id) ) { echo tep_image(DIR_WS_IMAGES . 'icon_arrow_right.gif', ''); } else { echo '<a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID')) . 'cID=' . $customers_group['customers_group_id']) . '">' . tep_image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) . '</a>'; } ?>?</td>
		  </tr>
<?php
}
?>
		  <tr>
			<td colspan="4"><table border="0" width="100%" cellspacing="0" cellpadding="2">
			  <tr>
				<td class="smallText" valign="top"><?php echo $customers_group_split->display_count($customers_group_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, $HTTP_GET_VARS['page'], TEXT_DISPLAY_NUMBER_OF_CUSTOMERS); ?></td>
				<td class="smallText" align="right"><?php echo $customers_group_split->display_links($customers_group_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, MAX_DISPLAY_PAGE_LINKS, $HTTP_GET_VARS['page'], tep_get_all_get_params(array('page', 'info', 'x', 'y', 'cID'))); ?></td>
			  </tr>
<?php
if (tep_not_null($HTTP_GET_VARS['search'])) {
?>
			  <tr>
				<td align="right" colspan="2"><?php echo '<a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS) . '">' . tep_image_button('button_reset.gif', IMAGE_RESET) . '</a>'; ?></td>
			  </tr>
<?php
}
?>
			</table></td>
		  </tr>
		</table></td>
<?php
 $heading = array();
 $contents = array();
 switch ($HTTP_GET_VARS['action']) {
case 'confirm':
	if ($HTTP_GET_VARS['cID'] != 1) {
		$heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_DELETE_CUSTOMER . '</b>');
		$contents = array('form' => tep_draw_form('customers_group', FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_group_id . '&action=deleteconfirm'));
		$contents[] = array('text' => TEXT_DELETE_INTRO . '<br><br><b>' . $cInfo->customers_group_name . ' </b>');
		if ($cInfo->number_of_reviews > 0) $contents[] = array('text' => '<br>' . tep_draw_checkbox_field('delete_reviews', 'on', true) . ' ' . sprintf(TEXT_DELETE_REVIEWS, $cInfo->number_of_reviews));
		$contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_DELETE) . ' <a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_group_id) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
	} else {
		$heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_DELETE_CUSTOMER . '</b>');
		$contents[] = array('text' => TEXT_IMPOSSIBLE_DELETE .'<br><br><b>' . $cInfo->customers_group_name . ' </b>');
	}
  break;
default:
  if (is_object($cInfo)) {
	$heading[] = array('text' => '<b>' . $cInfo->customers_group_name . ' </b>');
	$contents[] = array('align' => 'center', 'text' => '<a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_group_id . '&action=edit') . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a> <a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . 'cID=' . $cInfo->customers_group_id . '&action=confirm') . '">' . tep_image_button('button_delete.gif', IMAGE_DELETE) . '</a> <a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . '&action=new') . '">' . tep_image_button('button_new_group.gif', IMAGE_NEW_GROUP) . '</a> <a href="' . tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('action', 'cID')) .'cID=' . $cInfo->customers_group_id . '&action=updateallprice') . '">' . tep_image_button('button_updateallprice.gif', IMAGE_UPDATEALLPRICE) . '</a>');

			if ($cInfo->group_tax == 'false'){ //retrieve tax status
			 $show_gr_tax = TEXT_GROUP_TAX_EX;
			 } else {
			 $show_gr_tax = TEXT_GROUP_TAX_INC;
			 }

			$contents[] = array('text' => '' . ENTRY_GROUP_TAX . ' : ' . $show_gr_tax . '' );				


			$contents[] = array('text' => '' . TEXT_CATEGORIES . '' );
	while($group_discount = tep_db_fetch_array($group_discount_query)) {
		$contents[] = array('text' => ''. $group_discount['categories_name'] .' : ' . $group_discount['discount'] . '%');
	}
  }
  break;
 }

 if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) {
echo '			<td width="25%" valign="top">' . "\n";

$box = new box;
echo $box->infoBox($heading, $contents);

echo '			</td>' . "\n";
 }
?>
	  </tr>
	</table></td>
  </tr>
<?php
 }
?>
</table></td>
<!-- body_text_eof //-->
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

install the register globals contribution and then modify the starting code of the file:

 

require('includes/application_top.php');
link_get_variable('action');

if ($action) {
switch ($action) {
case 'update':

//other code here

Link to comment
Share on other sites

I have add this

 

// >>> BEGIN REGISTER_GLOBALS
// These variables are accessed directly rather than through $HTTP_GET_VARS or $_GET later in this script
link_get_variable('customers_group_name');
link_get_variable('customers_group_discount');
link_get_variable('color_bar');
link_get_variable('group_tax');
link_get_variable('cID');
// <<< END REGISTER_GLOBALS

 

after the include-application_top tag in customers_group.php, but it?s doesn?t run-

Link to comment
Share on other sites

ok make sure the register globals contribution is fully installed. Then you only want to use link_get on the variable on the 'action'.

 

That was what I mentioned in my earlier post didnt I? Why are you setting the other variables?

Link to comment
Share on other sites

Ok, i have try this, but i become the same error:

 

<?php
 require('includes/application_top.php');

// >>> BEGIN REGISTER_GLOBALS
// These variables are accessed directly rather than through $HTTP_GET_VARS or $_GET later in this script
link_get_variable('action');
// <<< END REGISTER_GLOBALS

if ($action) {
switch ($action) {
case 'update':

	if (strlen($customers_group_name) == "" || $customers_group_discount ==  "" || $customers_group_discount ==  0) {
  $error = true;
  $messageStack->add(ENTRY_GROUPS_NAME_ERROR);
} else {						
	$customers_groups_id = tep_db_prepare_input($HTTP_GET_VARS['cID']);
	$customers_groups_name = tep_db_prepare_input($HTTP_POST_VARS['customers_group_name']);
	$customers_groups_discount = tep_db_prepare_input($HTTP_POST_VARS['customers_group_discount']);
			$color_bar = tep_db_prepare_input($HTTP_POST_VARS['color_bar']);
			$group_tax = tep_db_prepare_input($HTTP_POST_VARS['group_tax']);


	tep_db_query("update " . TABLE_CUSTOMERS_GROUPS . " set customers_group_name='" . $customers_groups_name . "', customers_group_discount=" . $customers_group_discount . ", color_bar='" . $color_bar ."', group_payment_unallowed='". $group_payment_unallowed ."', group_tax = '". $group_tax ."' where customers_group_id = " . tep_db_input($customers_groups_id) );
	tep_redirect(tep_href_link(FILENAME_CUSTOMERS_GROUPS, tep_get_all_get_params(array('cID', 'action')) . 'cID=' . $customers_group_id));
	}
	break;

  case 'deleteconfirm':.........................

 

(top lines of my file)

Link to comment
Share on other sites

ok, now move the following code:

 

$customers_groups_id = tep_db_prepare_input($HTTP_GET_VARS['cID']);
$customers_groups_name = tep_db_prepare_input($HTTP_POST_VARS['customers_group_name']);
$customers_groups_discount = tep_db_prepare_input($HTTP_POST_VARS['customers_group_discount']);
$color_bar = tep_db_prepare_input($HTTP_POST_VARS['color_bar']);
$group_tax = tep_db_prepare_input($HTTP_POST_VARS['group_tax']);

 

right below this:

 

case 'update':

 

So the variables basically will be always initialized from the form fields before checked. Also at the top of the file you do not want

link_get_variable('action');

 

you want

link_set_variable('action');

 

cuz you're posting the form. That one I had it wrong on my earlier post.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...