/wpsc-admin/init.php

  1. <?php 
  2. function wpsc_ajax_sales_quarterly() { 
  3.  
  4. if ( ! wpsc_is_store_admin() ) { 
  5. return; 
  6.  
  7. $lastdate = sanitize_text_field( $_POST['add_start'] ); 
  8. $date = preg_split( '/-/', $lastdate ); 
  9. if ( !isset( $date[0] ) ) 
  10. $date[0] = 0; 
  11. if ( !isset( $date[1] ) ) 
  12. $date[1] = 0; 
  13. if ( !isset( $date[2] ) ) 
  14. $date[2] = 0; 
  15. $lastquart = mktime( 0, 0, 0, $date[1], $date[2], $date[0] ); 
  16. if ( $lastquart != get_option( 'wpsc_last_quarter' ) ) { 
  17. update_option( 'wpsc_last_date', $lastdate ); 
  18. update_option( 'wpsc_fourth_quart', $lastquart ); 
  19. $thirdquart = mktime( 0, 0, 0, $date[1] - 3, $date[2], $date[0] ); 
  20. update_option( 'wpsc_third_quart', $thirdquart ); 
  21. $secondquart = mktime( 0, 0, 0, $date[1] - 6, $date[2], $date[0] ); 
  22. update_option( 'wpsc_second_quart', $secondquart ); 
  23. $firstquart = mktime( 0, 0, 0, $date[1] - 9, $date[2], $date[0] ); 
  24. update_option( 'wpsc_first_quart', $firstquart ); 
  25. $finalquart = mktime( 0, 0, 0, $date[1], $date[2], $date[0] - 1 ); 
  26. update_option( 'wpsc_final_quart', $finalquart ); 
  27.  
  28. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'wpsc_quarterly') ) 
  29. add_action( 'admin_init', 'wpsc_ajax_sales_quarterly' ); 
  30.  
  31. function wpsc_delete_file() { 
  32. $product_id = absint( $_REQUEST['product_id'] ); 
  33. $file_name = basename( $_REQUEST['file_name'] ); 
  34. check_admin_referer( 'delete_file_' . $file_name ); 
  35.  
  36. _wpsc_delete_file( $product_id, $file_name ); 
  37.  
  38. $sendback = wp_get_referer(); 
  39. wp_redirect( $sendback ); 
  40. exit; 
  41.  
  42.  
  43. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'delete_file') ) 
  44. add_action( 'admin_init', 'wpsc_delete_file' ); 
  45.  
  46. /** 
  47. * Function and action for publishing or unpublishing single products 
  48. */ 
  49. function wpsc_ajax_toggle_published() { 
  50. $product_id = absint( $_GET['product'] ); 
  51. check_admin_referer( 'toggle_publish_' . $product_id ); 
  52.  
  53. $status = (wpsc_toggle_publish_status( $product_id )) ? ('true') : ('false'); 
  54. $sendback = add_query_arg( 'flipped', "1", wp_get_referer() ); 
  55. wp_redirect( esc_url_raw( $sendback ) ); 
  56. exit(); 
  57.  
  58. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'toggle_publish') ) 
  59. add_action( 'admin_init', 'wpsc_ajax_toggle_published' ); 
  60.  
  61. /** 
  62. * Function and action for duplicating products,  
  63. * Refactored for 3.8 
  64. * Purposely not duplicating stick post status (logically, products are most often duplicated because they share many attributes, where products are generally 'featured' uniquely.) 
  65. */ 
  66. function wpsc_duplicate_product() { 
  67.  
  68. if ( ! wpsc_is_store_admin() ) { 
  69. return; 
  70.  
  71. // Get the original post 
  72. $id = absint( $_GET['product'] ); 
  73. $post = get_post( $id ); 
  74.  
  75. // Copy the post and insert it 
  76. if ( isset( $post ) && $post != null ) { 
  77. $new_id = wpsc_duplicate_product_process( $post ); 
  78.  
  79. $duplicated = true; 
  80. $sendback = wp_get_referer(); 
  81. $sendback = add_query_arg( 'duplicated', (int) $duplicated, $sendback ); 
  82.  
  83. wp_redirect( esc_url_raw( $sendback ) ); 
  84. exit(); 
  85. } else { 
  86. wp_die( __( 'Sorry, for some reason, we couldn\'t duplicate this product because it could not be found in the database, check there for this ID: ', 'wpsc' ) . $id ); 
  87.  
  88. if ( isset( $_GET['wpsc_admin_action'] ) && ( $_GET['wpsc_admin_action'] == 'duplicate_product' ) ) 
  89. add_action( 'admin_init', 'wpsc_duplicate_product' ); 
  90.  
  91. function wpsc_purchase_log_csv() { 
  92.  
  93. if ( ! wpsc_is_store_admin() ) { 
  94. return; 
  95.  
  96. global $wpdb, $wpsc_gateways; 
  97. get_currentuserinfo(); 
  98. $count = 0; 
  99.  
  100. if ( 'key' == $_REQUEST['rss_key'] ) { 
  101. if ( isset( $_REQUEST['start_timestamp'] ) && isset( $_REQUEST['end_timestamp'] ) ) { 
  102. $start_timestamp = $_REQUEST['start_timestamp']; 
  103. $end_timestamp = $_REQUEST['end_timestamp']; 
  104. $start_end_sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `date` BETWEEN '%d' AND '%d' ORDER BY `date` DESC"; 
  105. $start_end_sql = apply_filters( 'wpsc_purchase_log_start_end_csv', $start_end_sql ); 
  106. $data = $wpdb->get_results( $wpdb->prepare( $start_end_sql, $start_timestamp, $end_timestamp ), ARRAY_A ); 
  107. /** translators: %1$s is "start" date, %2$s is "to" date */ 
  108. $csv_name = _x( 'Purchase Log %1$s to %2$s.csv', 'exported purchase log csv file name', 'wpsc' ); 
  109. $csv_name = sprintf( $csv_name, date( "M-d-Y", $start_timestamp ), date( "M-d-Y", $end_timestamp ) ); 
  110. } elseif ( isset( $_REQUEST['m'] ) ) { 
  111. $year = (int) substr( $_REQUEST['m'], 0, 4); 
  112. $month = (int) substr( $_REQUEST['m'], -2 ); 
  113. $month_year_sql = " 
  114. SELECT * 
  115. FROM " . WPSC_TABLE_PURCHASE_LOGS . " 
  116. WHERE YEAR(FROM_UNIXTIME(date)) = %d AND MONTH(FROM_UNIXTIME(date)) = %d 
  117. ORDER BY `id` DESC 
  118. "; 
  119. $month_year_sql = apply_filters( 'wpsc_purchase_log_month_year_csv', $month_year_sql ); 
  120. $data = $wpdb->get_results( $wpdb->prepare( $month_year_sql, $year, $month ), ARRAY_A ); 
  121. /** translators: %1$s is month, %2$s is year */ 
  122. $csv_name = _x( 'Purchase Log %1$s/%2$s.csv', 'exported purchase log csv file name', 'wpsc' ); 
  123. $csv_name = sprintf( $csv_name, $month, $year ); 
  124. } else { 
  125. $sql = apply_filters( 'wpsc_purchase_log_month_year_csv', "SELECT * FROM " . WPSC_TABLE_PURCHASE_LOGS . " ORDER BY `id` DESC" ); 
  126. $data = $wpdb->get_results( $sql, ARRAY_A ); 
  127. $csv_name = _x( "All Purchase Logs.csv", 'exported purchase log csv file name', 'wpsc' ); 
  128.  
  129. $form_sql = "SELECT * FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `active` = '1' AND `type` != 'heading' ORDER BY `checkout_order` DESC;"; 
  130. $form_data = $wpdb->get_results( $form_sql, ARRAY_A ); 
  131.  
  132. $headers_array = array( 
  133. _x( 'Purchase ID' , 'purchase log csv headers', 'wpsc' ),  
  134. _x( 'Purchase Total', 'purchase log csv headers', 'wpsc' ),  
  135. ); 
  136. $headers2_array = array( 
  137. _x( 'Payment Gateway', 'purchase log csv headers', 'wpsc' ),  
  138. _x( 'Payment Status' , 'purchase log csv headers', 'wpsc' ),  
  139. _x( 'Purchase Date' , 'purchase log csv headers', 'wpsc' ),  
  140. ); 
  141. $form_headers_array = array(); 
  142.  
  143. $output = ''; 
  144.  
  145. foreach ( (array) $form_data as $form_field ) { 
  146. if ( empty ( $form_field['unique_name'] ) ) { 
  147. $form_headers_array[] = $form_field['name']; 
  148. } else { 
  149. $prefix = false === strstr( $form_field['unique_name'], 'billing' ) ? _x( 'Shipping ', 'purchase log csv header field prefix', 'wpsc' ) : _x( 'Billing ', 'purchase log csv header field prefix', 'wpsc' ); 
  150. $form_headers_array[] = $prefix . $form_field['name']; 
  151.  
  152. foreach ( (array) $data as $purchase ) { 
  153. $form_headers = ''; 
  154. $output .= "\"" . $purchase['id'] . "\", "; //Purchase ID 
  155. $output .= "\"" . $purchase['totalprice'] . "\", "; //Purchase Total 
  156. foreach ( (array) $form_data as $form_field ) { 
  157. $collected_data_sql = "SELECT * FROM `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "` WHERE `log_id` = '" . $purchase['id'] . "' AND `form_id` = '" . $form_field['id'] . "' LIMIT 1"; 
  158. $collected_data = $wpdb->get_results( $collected_data_sql, ARRAY_A ); 
  159. $collected_data = $collected_data[0]; 
  160.  
  161. if ( ( 'billingstate' == $form_field['unique_name'] || 'shippingstate' == $form_field['unique_name'] ) && is_numeric( $collected_data['value'] ) ) 
  162. $output .= "\"" . wpsc_get_state_by_id( $collected_data['value'], 'code' ) . "\", "; // get form fields 
  163. else 
  164. $output .= "\"" . str_replace( array( "\r", "\r\n", "\n" ), ' ', $collected_data['value'] ) . "\", "; // get form fields 
  165.  
  166. if ( isset( $wpsc_gateways[$purchase['gateway']] ) && isset( $wpsc_gateways[$purchase['gateway']]['display_name'] ) ) 
  167. $output .= "\"" . $wpsc_gateways[$purchase['gateway']]['display_name'] . "\", "; //get gateway name 
  168. else 
  169. $output .= "\"\", "; 
  170.  
  171.  
  172. $status_name = wpsc_find_purchlog_status_name( $purchase['processed'] ); 
  173.  
  174. $output .= "\"" . $status_name . "\", "; //get purchase status 
  175. $output .= "\"" . date( "jS M Y", $purchase['date'] ) . "\", "; //date 
  176.  
  177. $cartsql = "SELECT `prodid`, `quantity`, `name` FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid`=" . $purchase['id'] . ""; 
  178. $cart = $wpdb->get_results( $cartsql, ARRAY_A ); 
  179.  
  180. if ( $count < count( $cart ) ) 
  181. $count = count( $cart ); 
  182.  
  183. $items = count( $cart ); 
  184. $i = 1; 
  185.  
  186. // Go through all products in cart and display quantity and sku 
  187. foreach ( (array) $cart as $item ) { 
  188. $skuvalue = get_product_meta( $item['prodid'], 'sku', true ); 
  189. if( empty( $skuvalue ) ) 
  190. $skuvalue = __( 'N/A', 'wpsc' ); 
  191. $output .= "\"" . $item['quantity'] . "\", "; 
  192. $output .= "\"" . str_replace( '"', '\"', $item['name'] ) . "\", "; 
  193.  
  194. if ( $items <= 1 ) 
  195. $output .= "\"" . $skuvalue . "\"" ; 
  196. elseif ( $items > 1 && $i != $items ) 
  197. $output .= "\"" . $skuvalue . "\", " ; 
  198. else 
  199. $output .= "\"" . $skuvalue . "\"" ; 
  200.  
  201. $i++; 
  202.  
  203. $output .= "\n"; // terminates the row/line in the CSV file 
  204. // Get the most number of products and create a header for them 
  205. $headers3 = array(); 
  206. for( $i = 0; $i < $count; $i++ ) { 
  207. $headers3[] = _x( 'Quantity', 'purchase log csv headers', 'wpsc' ); 
  208. $headers3[] = _x( 'Product Name', 'purchase log csv headers', 'wpsc' ); 
  209. $headers3[] = _x( 'SKU', 'purchase log csv headers', 'wpsc' ); 
  210.  
  211. $headers = '"' . implode( '", "', $headers_array ) . '", '; 
  212. $form_headers = '"' . implode( '", "', $form_headers_array ) . '", '; 
  213. $headers2 = '"' . implode( '", "', $headers2_array ) . '", '; 
  214. $headers3 = '"' . implode( '", "', $headers3 ) . '"'; 
  215.  
  216. $headers = apply_filters( 'wpsc_purchase_log_csv_headers', $headers . $form_headers . $headers2 . $headers3, $data, $form_data ); 
  217. $output = apply_filters( 'wpsc_purchase_log_csv_output' , $output, $data, $form_data ); 
  218.  
  219. do_action( 'wpsc_purchase_log_csv' ); 
  220.  
  221. header( 'Content-Type: text/csv' ); 
  222. header( 'Content-Disposition: inline; filename="' . $csv_name . '"' ); 
  223. echo $headers . "\n". $output; 
  224. exit; 
  225.  
  226. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'wpsc_downloadcsv') ) { 
  227. add_action( 'admin_init', 'wpsc_purchase_log_csv' ); 
  228.  
  229. if ( isset( $_GET['purchase_log_csv'] ) && ( 'true' == $_GET['purchase_log_csv'] ) ) 
  230. add_action( 'admin_init', 'wpsc_purchase_log_csv' ); 
  231.  
  232. function wpsc_admin_sale_rss() { 
  233.  
  234. if ( ! wpsc_is_store_admin() ) { 
  235. return; 
  236.  
  237. global $wpdb; 
  238. if ( ($_GET['rss'] == "true") && ($_GET['rss_key'] == 'key') && ($_GET['action'] == "purchase_log") ) { 
  239. $sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `date`!='' ORDER BY `date` DESC"; 
  240. $purchase_log = $wpdb->get_results( $sql, ARRAY_A ); 
  241. header( "Content-Type: application/xml; charset=UTF-8" ); 
  242. header( 'Content-Disposition: inline; filename="WP_E-Commerce_Purchase_Log.rss"' ); 
  243. $output = ''; 
  244. $output .= "<?xml version='1.0'?>\n\r"; 
  245. $output .= "<rss version='2.0'>\n\r"; 
  246. $output .= " <channel>\n\r"; 
  247. $output .= " <title>" . _x( 'WP eCommerce Product Log', 'admin rss product feed', 'wpsc' ) . "</title>\n\r"; 
  248. $output .= " <link>" . admin_url( 'admin.php?page=' . WPSC_DIR_NAME . '/display-log.php' ) . "</link>\n\r"; 
  249. $output .= " <description>" . _x( 'This is the WP eCommerce Product Log RSS feed', 'admin rss product feed', 'wpsc' ) . "</description>\n\r"; 
  250. $output .= " <generator>" . _x( 'WP eCommerce Plugin', 'admin rss product feed', 'wpsc' ) . "</generator>\n\r"; 
  251.  
  252. foreach ( (array)$purchase_log as $purchase ) { 
  253. $purchase_link = admin_url( 'admin.php?page=' . WPSC_DIR_NAME . '/display-log.php' ) . "&purchaseid=" . $purchase['id']; 
  254. $purchase_title = _x( 'Purchase # %d', 'admin rss product feed', 'wpsc' ); 
  255. $purchase_title = sprintf( $purchase_title, $purchase['id'] ); 
  256. $output .= " <item>\n\r"; 
  257. $output .= " <title>{$purchase_title}</title>\n\r"; 
  258. $output .= " <link>$purchase_link</link>\n\r"; 
  259. $output .= " <description>" . _x( 'This is an entry in the purchase log', 'admin rss product feed', 'wpsc' ) . ".</description>\n\r"; 
  260. $output .= " <pubDate>" . date( "r", $purchase['date'] ) . "</pubDate>\n\r"; 
  261. $output .= " <guid>$purchase_link</guid>\n\r"; 
  262. $output .= " </item>\n\r"; 
  263. $output .= " </channel>\n\r"; 
  264. $output .= "</rss>"; 
  265. echo $output; 
  266. exit(); 
  267.  
  268. if ( isset( $_GET['action'] ) && ( 'purchase_log' == $_GET['action'] ) ) { 
  269. add_action( 'admin_init', 'wpsc_admin_sale_rss' ); 
  270.  
  271. /** 
  272. * Do Purchase Log Actions 
  273. * 
  274. * All purchase log actions are capability and nonce checked before calling 
  275. * the relevent 'wpsc_purchase_log_action-{wpsc_purchase_log_action}' hook. 
  276. * 
  277. * @since 3.9.0 
  278. */ 
  279. function wpsc_do_purchase_log_actions() { 
  280.  
  281. if ( ! wpsc_is_store_admin() ) { 
  282. return; 
  283.  
  284. if ( isset( $_GET['wpsc_purchase_log_action'] ) && isset( $_GET['id'] ) && isset( $_GET['_wpnonce'] ) ) { 
  285. $wpsc_purchase_log_action = sanitize_key( $_GET['wpsc_purchase_log_action'] ); 
  286.  
  287. if ( wp_verify_nonce( $_GET['_wpnonce'], 'wpsc_purchase_log_action_' . $wpsc_purchase_log_action ) ) { 
  288.  
  289. do_action( 'wpsc_purchase_log_action-' . $wpsc_purchase_log_action, absint( $_GET['id'] ) ); 
  290.  
  291.  
  292. add_action( 'admin_init', 'wpsc_do_purchase_log_actions' ); 
  293.  
  294. /** 
  295. * Handle clear downloads lock purchase log action 
  296. * 
  297. * The 'wpsc_purchase_log_action-downloads_lock' action hook which calls this function is nonce and capability checked 
  298. * in wpsc_do_purchase_log_actions() before triggering do_action( 'wpsc_purchase_log_action-downloads_lock' ). 
  299. * 
  300. * @since 3.9.0 
  301. * 
  302. * @param int $log_id Purchase log ID. 
  303. */ 
  304. function wpsc_purchase_log_action_downloads_lock( $log_id ) { 
  305.  
  306. wpsc_purchlog_clear_download_items( $log_id ); 
  307.  
  308. // Redirect back to purchase logs list 
  309. $sendback = wp_get_referer(); 
  310. $sendback = esc_url_raw( add_query_arg( 'cleared', 1, $sendback ) ); 
  311. wp_redirect( $sendback ); 
  312. exit(); 
  313.  
  314. add_action( 'wpsc_purchase_log_action-downloads_lock', 'wpsc_purchase_log_action_downloads_lock' ); 
  315.  
  316. /** 
  317. * Handle delete purchase log action 
  318. * 
  319. * The 'wpsc_purchase_log_action-delete' action hook which calls this function is nonce and capability checked 
  320. * in wpsc_do_purchase_log_actions() before triggering do_action( 'wpsc_purchase_log_action-delete' ). 
  321. * 
  322. * @since 3.9.0 
  323. * 
  324. * @param int $log_id Purchase log ID. 
  325. */ 
  326. function wpsc_purchase_log_action_delete( $log_id ) { 
  327.  
  328. $log = new WPSC_Purchase_Log( $log_id ); 
  329. $deleted = $log->delete(); 
  330.  
  331. // Redirect back to purchase logs list 
  332. $sendback = wp_get_referer(); 
  333. $sendback = remove_query_arg( array( 'c', 'id' ), $sendback ); 
  334. $sendback = esc_url_raw( add_query_arg( 'deleted', absint( $deleted ), $sendback ) ); 
  335. wp_redirect( $sendback ); 
  336. exit(); 
  337.  
  338. add_action( 'wpsc_purchase_log_action-delete', 'wpsc_purchase_log_action_delete' ); 
  339.  
  340. /** 
  341. * Handle email receipt purchase log action 
  342. * 
  343. * The 'wpsc_purchase_log_action-email_receipt' action hook which calls this function is nonce and capability checked 
  344. * in wpsc_do_purchase_log_actions() before triggering do_action( 'wpsc_purchase_log_action-email_receipt' ). 
  345. * 
  346. * @since 3.9.0 
  347. * 
  348. * @param int $log_id Purchase log ID. 
  349. */ 
  350. function wpsc_purchase_log_action_email_receipt( $log_id ) { 
  351.  
  352. $sent = wpsc_purchlog_resend_email( $log_id ); 
  353.  
  354. // Redirect back to purchase logs list 
  355. $sendback = wp_get_referer(); 
  356. $sendback = esc_url_raw( add_query_arg( 'sent', absint( $sent ), $sendback ) ); 
  357. wp_redirect( $sendback ); 
  358. exit(); 
  359.  
  360. add_action( 'wpsc_purchase_log_action-email_receipt', 'wpsc_purchase_log_action_email_receipt' ); 
  361.  
  362. /** 
  363. * Resend Purchase Log Email 
  364. * 
  365. * @param int|string $log_id Required. Purchase log ID (empty string is deprecated). 
  366. * @return boolean Sent successfully. 
  367. */ 
  368. function wpsc_purchlog_resend_email( $log_id = '' ) { 
  369.  
  370. if ( ! wpsc_is_store_admin() ) { 
  371. return; 
  372.  
  373. global $wpdb; 
  374.  
  375. // Deprecate empty purchase log ID parameter. 
  376. if ( $log_id == '' ) { 
  377. _wpsc_doing_it_wrong( 'wpsc_purchlog_resend_email', __( '$log_id parameter requires a numeric purchase log ID.', 'wpsc' ), '3.9.0' ); 
  378.  
  379. // Support redirect for legacy purposes for the moment 
  380. $sendback = esc_url_raw( add_query_arg( 'sent', 0, wp_get_referer() ) ); 
  381. wp_redirect( $sendback ); 
  382. exit(); 
  383.  
  384.  
  385. $log_id = absint( $log_id ); 
  386.  
  387. if ( $log_id > 0 ) { 
  388.  
  389. $wpec_taxes_controller = new wpec_taxes_controller(); 
  390.  
  391. if ( is_numeric( $log_id ) ) { 
  392. $purchase_log = new WPSC_Purchase_Log( $log_id ); 
  393. return wpsc_send_customer_email( $purchase_log ); 
  394.  
  395.  
  396. return false; 
  397.  
  398.  
  399. // Deprecate resending purchase log email receipt via URL query 
  400. if ( isset( $_REQUEST['email_buyer_id'] ) && is_numeric( $_REQUEST['email_buyer_id'] ) ) { 
  401. _wpsc_doing_it_wrong( 'wpsc_purchlog_resend_email', __( 'Do not trigger resend purchase log email action via email_buyer_id URL query. Instead use the Purchase Log Action Links API.', 'wpsc' ), '3.9.0' ); 
  402.  
  403. /** 
  404. * Clear Purchase Log Download Locks 
  405. * 
  406. * @param string $log_id Required. Purchase log ID (empty string is deprecated). 
  407. * @return boolean 
  408. */ 
  409. function wpsc_purchlog_clear_download_items( $log_id = '' ) { 
  410.  
  411. if ( ! wpsc_is_store_admin() ) { 
  412. return; 
  413.  
  414. global $wpdb; 
  415.  
  416. // Deprecate empty purchase log ID parameter. 
  417. if ( $log_id == '' ) { 
  418. _wpsc_doing_it_wrong( 'wpsc_purchlog_clear_download_items', __( '$log_id parameter requires a numeric purchase log ID.', 'wpsc' ), '3.9.0' ); 
  419. return false; 
  420.  
  421. $log_id = absint( $log_id ); 
  422.  
  423. if ( $log_id > 0 ) { 
  424.  
  425. $downloadable_items = (array) $wpdb->get_results( $wpdb->prepare( "SELECT * FROM `" . WPSC_TABLE_DOWNLOAD_STATUS . "` WHERE `purchid` = %d", $log_id ), ARRAY_A ); 
  426.  
  427. $wpdb->update( WPSC_TABLE_DOWNLOAD_STATUS, array( 'ip_number' => '' ), array( 'purchid' => $log_id ), '%s', '%d' ); 
  428.  
  429. $email_form_field = $wpdb->get_var( "SELECT `id` FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `type` IN ('email') AND `active` = '1' ORDER BY `checkout_order` ASC LIMIT 1" ); 
  430. $email_address = $wpdb->get_var( $wpdb->prepare( "SELECT `value` FROM `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "` WHERE `log_id` = %d AND `form_id` = '{$email_form_field}' LIMIT 1", $log_id ) ); 
  431.  
  432. foreach ( $downloadable_items as $downloadable_item ) { 
  433. $download_links .= add_query_arg( 'downloadid', $downloadable_item['uniqueid'], home_url() ) . "\n"; 
  434.  
  435. wp_mail( $email_address, __( 'The administrator has unlocked your file', 'wpsc' ), str_replace( "[download_links]", $download_links, __( 'Dear CustomerWe are pleased to advise you that your order has been updated and your downloads are now active.Please download your purchase using the links provided below.[download_links]Thank you for your custom.', 'wpsc' ) ), "From: " . get_option( 'return_email' ) ); 
  436.  
  437. return true; 
  438.  
  439.  
  440. return false; 
  441.  
  442.  
  443. // Deprecate clearing purchase log download locks via URL query 
  444. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'clear_locks') ) { 
  445. _wpsc_doing_it_wrong( 'wpsc_purchlog_clear_download_items', __( 'Do not trigger clear purchase log download locks action via wpsc_admin_action = clear_locks URL query. Instead use the Purchase Log Action Links API.', 'wpsc' ), '3.9.0' ); 
  446.  
  447. //bulk actions for purchase log 
  448. function wpsc_purchlog_bulk_modify() { 
  449.  
  450. if ( ! wpsc_is_store_admin() ) { 
  451. return; 
  452.  
  453. if ( $_POST['purchlog_multiple_status_change'] != -1 ) { 
  454. if ( is_numeric( $_POST['purchlog_multiple_status_change'] ) && $_POST['purchlog_multiple_status_change'] != 'delete' ) { 
  455. foreach ( (array)$_POST['purchlogids'] as $purchlogid ) { 
  456. wpsc_purchlog_edit_status( $purchlogid, $_POST['purchlog_multiple_status_change'] ); 
  457. $updated++; 
  458. } elseif ( $_POST['purchlog_multiple_status_change'] == 'delete' ) { 
  459. foreach ( (array)$_POST['purchlogids'] as $purchlogid ) { 
  460.  
  461. $log = new WPSC_Purchase_Log( $purchlogid ); 
  462. $deleted_log = $log->delete(); 
  463. if ( $deleted_log ) { 
  464. $deleted++; 
  465.  
  466. $sendback = wp_get_referer(); 
  467. if ( isset( $updated ) ) { 
  468. $sendback = add_query_arg( 'updated', $updated, $sendback ); 
  469. if ( isset( $deleted ) ) { 
  470. $sendback = add_query_arg( 'deleted', $deleted, $sendback ); 
  471. if ( isset( $_POST['view_purchlogs_by'] ) ) { 
  472. $sendback = add_query_arg( 'view_purchlogs_by', $_POST['view_purchlogs_by'], $sendback ); 
  473. if ( isset( $_POST['view_purchlogs_by_status'] ) ) { 
  474. $sendback = add_query_arg( 'view_purchlogs_by_status', $_POST['view_purchlogs_by_status'], $sendback ); 
  475. wp_redirect( esc_url_raw( $sendback ) ); 
  476. exit(); 
  477.  
  478. if ( isset( $_REQUEST['wpsc_admin_action2'] ) && ($_REQUEST['wpsc_admin_action2'] == 'purchlog_bulk_modify') ) { 
  479. add_action( 'admin_init', 'wpsc_purchlog_bulk_modify' ); 
  480.  
  481. /** 
  482. * Update Purchase Log Notes 
  483. * 
  484. * @param int $purchlog_id Purchase log ID. 
  485. * @param string $purchlog_notes Notes. 
  486. */ 
  487. function wpsc_purchlogs_update_notes( $purchlog_id = 0, $purchlog_notes = '' ) { 
  488. if ( isset( $_POST['wpsc_purchlogs_update_notes_nonce'] ) && wp_verify_nonce( $_POST['wpsc_purchlogs_update_notes_nonce'], 'wpsc_purchlogs_update_notes' ) ) { 
  489. if ( 0 == $purchlog_id && isset( $_POST['purchlog_id'] ) && '' == $purchlog_notes ) { 
  490. $purchlog_id = absint( $_POST['purchlog_id'] ); 
  491. $purchlog_notes = stripslashes( $_POST['purchlog_notes'] ); 
  492.  
  493. if ( $purchlog_id > 0 ) { 
  494. $purchase_log = new WPSC_Purchase_Log( $purchlog_id ); 
  495. $purchase_log->set( 'notes', $purchlog_notes ); 
  496. $purchase_log->save(); 
  497. if ( isset( $_REQUEST['wpsc_admin_action'] ) && $_REQUEST['wpsc_admin_action'] == 'purchlogs_update_notes' ) { 
  498. add_action( 'admin_init', 'wpsc_purchlogs_update_notes' ); 
  499.  
  500. /** 
  501. * Delete a purchase log 
  502. * 
  503. * @deprecated Use WPSC_Purchase_Log->delete() instead. 
  504. * 
  505. * @param int|string $purchlog_id Required. Purchase log ID (empty string is deprecated). 
  506. * @return boolean Deleted successfully. 
  507. */ 
  508. function wpsc_delete_purchlog( $purchlog_id = '' ) { 
  509.  
  510. global $wpdb; 
  511.  
  512. // Deprecate empty purchase log ID parameter. 
  513. if ( $purchlog_id == '' ) { 
  514. _wpsc_doing_it_wrong( 'wpsc_delete_purchlog', __( '$purchlog_id parameter requires a numeric purchase log ID.', 'wpsc' ), '3.9.0' ); 
  515. return false; 
  516.  
  517. $log = new WPSC_Purchase_Log( $purchlog_id ); 
  518.  
  519. return $log->delete(); 
  520.  
  521.  
  522. // Deprecate deleting purchase log via URL query 
  523. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ( $_REQUEST['wpsc_admin_action'] == 'delete_purchlog' ) ) { 
  524. _wpsc_doing_it_wrong( 'wpsc_delete_purchlog', __( 'Do not trigger delete purchase log action via wpsc_admin_action = delete_purchlog URL query. Instead use the Purchase Log Action Links API.', 'wpsc' ), '3.9.0' ); 
  525.  
  526. function wpsc_update_option_product_category_hierarchical_url() { 
  527. flush_rewrite_rules( false ); 
  528.  
  529. add_action( 'update_option_product_category_hierarchical_url', 'wpsc_update_option_product_category_hierarchical_url' ); 
  530.  
  531. function _wpsc_action_sanitize_option_grid_number_per_row( $value, $option ) { 
  532. $value = (int) $value; 
  533. if ( $value === 0 ) { 
  534. add_settings_error( $option, 'invalid_grid_number_per_row', __( 'You just set the number of item per row for the grid view to 0. This means the column width will fall back to using whatever CSS you have for it. This could break your theme layout, so please make sure you have adjusted your theme\'s CSS accordingly.', 'wpsc' ) ); 
  535.  
  536. return $value; 
  537. add_filter( 'sanitize_option_grid_number_per_row', '_wpsc_action_sanitize_option_grid_number_per_row', 10, 2 ); 
  538.  
  539. /** 
  540. * Automatically enable "Anyone can register" if registration before checkout is required. 
  541. * 
  542. * @since 3.8.9 
  543. * @access private 
  544. * @param mixed $old_value Old value 
  545. * @param mixed $new_value New value 
  546. */ 
  547. function _wpsc_action_update_option_require_register( $old_value, $new_value ) { 
  548. if ( $new_value == 1 && ! get_option( 'users_can_register' ) ) { 
  549. update_option( 'users_can_register', 1 ); 
  550. $message = __( 'You wanted to require your customers to log in before checking out. However, the WordPress setting <a href="%s">"Anyone can register"</a> was disabled. WP eCommerce has enabled that setting for you automatically.', 'wpsc' ); 
  551. $message = sprintf( $message, admin_url( 'options-general.php' ) ); 
  552. add_settings_error( 'require_register', 'users_can_register_turned_on', $message, 'updated' ); 
  553. add_action( 'update_option_require_register', '_wpsc_action_update_option_require_register', 10, 2 ); 
  554.  
  555. /** 
  556. * Automatically turn off "require registration before checkout" if "Anyone can register" is disabled. 
  557. * 
  558. * @since 3.8.9 
  559. * @access private 
  560. * @param mixed $old_value Old value 
  561. * @param mixed $new_value New value 
  562. */ 
  563. function _wpsc_action_update_option_users_can_register( $old_value, $new_value ) { 
  564. if ( ! $new_value && get_option( 'require_register' ) ) { 
  565. update_option( 'require_register', 0 ); 
  566. $message = __( 'You just disabled the "Anyone can register" setting. As a result, the <a href="%s">"Require registration before checking out"</a> setting has been disabled.', 'wpsc' ); 
  567. $message = sprintf( $message, admin_url( 'options-general.php?page=wpsc-settings&tab=checkout' ) ); 
  568. add_settings_error( 'users_can_register', 'require_register_turned_off', $message, 'updated' ); 
  569. add_action( 'update_option_users_can_register', '_wpsc_action_update_option_users_can_register', 10, 2 ); 
  570.  
  571. /** 
  572. * wpsc_update_page_urls gets the permalinks for products pages and stores them in the options for quick reference 
  573. * @public 
  574. * 
  575. * @since 3.6 
  576. * @param $auto (Boolean) true if coming from WordPress Permalink Page, false otherwise 
  577. * @return nothing 
  578. */ 
  579. function wpsc_update_page_urls( $auto = false ) { 
  580.  
  581. if ( ! wpsc_is_store_admin() ) { 
  582. return; 
  583.  
  584. wpsc_update_permalink_slugs(); 
  585. wpsc_core_load_page_titles(); 
  586. wpsc_register_post_types(); 
  587.  
  588. if ( ! $auto ) { 
  589. $sendback = wp_get_referer(); 
  590. if ( isset( $updated ) ) 
  591. $sendback = add_query_arg( 'updated', $updated, $sendback ); 
  592.  
  593. if ( isset( $_SESSION['wpsc_settings_curr_page'] ) ) 
  594. $sendback = add_query_arg( 'tab', $_SESSION['wpsc_settings_curr_page'], $sendback ); 
  595.  
  596. wp_redirect( esc_url_raw( $sendback ) ); 
  597. exit(); 
  598. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'update_page_urls') ) 
  599. add_action( 'admin_init', 'wpsc_update_page_urls' ); 
  600.  
  601. //change the regions tax settings 
  602. function wpsc_change_region_tax() { 
  603.  
  604. if ( ! wpsc_is_store_admin() ) { 
  605. return; 
  606.  
  607. global $wpdb; 
  608. if ( is_array( $_POST['region_tax'] ) ) { 
  609. foreach ( $_POST['region_tax'] as $region_id => $tax ) { 
  610. if ( is_numeric( $region_id ) && is_numeric( $tax ) ) { 
  611. $previous_tax = $wpdb->get_var( $wpdb->prepare( "SELECT `tax` FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE `id` = %d LIMIT 1", $region_id ) ); 
  612. if ( $tax != $previous_tax ) { 
  613. $wpdb->update( 
  614. WPSC_TABLE_REGION_TAX,  
  615. array( 
  616. 'tax' => $tax 
  617. ),  
  618. array( 
  619. 'id' => $region_id 
  620. ),  
  621. '%s',  
  622. '%d' 
  623. ); 
  624. $changes_made = true; 
  625. $sendback = wp_get_referer(); 
  626. wp_redirect( $sendback ); 
  627. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'change_region_tax') ) 
  628. add_action( 'admin_init', 'wpsc_change_region_tax' ); 
  629.  
  630. function wpsc_product_files_existing() { 
  631. //List all product_files, with checkboxes 
  632.  
  633. if ( ! wpsc_is_store_admin() ) { 
  634. return; 
  635.  
  636. $product_id = absint( $_GET["product_id"] ); 
  637. $file_list = wpsc_uploaded_files(); 
  638.  
  639. $args = array( 
  640. 'post_type' => 'wpsc-product-file',  
  641. 'post_parent' => $product_id,  
  642. 'numberposts' => -1,  
  643. 'post_status' => 'all' 
  644. ); 
  645. $attached_files = (array)get_posts( $args ); 
  646.  
  647. foreach ( $attached_files as $key => $attached_file ) { 
  648. $attached_files_by_file[$attached_file->post_title] = & $attached_files[$key]; 
  649.  
  650. $output = "<span class='admin_product_notes select_product_note '>" . esc_html__( 'Choose a downloadable file for this product:', 'wpsc' ) . "</span><br>"; 
  651. $output .= "<form method='post' class='product_upload'>"; 
  652. $output .= '<div class="ui-widget-content multiple-select select_product_file" style="width:100%">'; 
  653. $num = 0; 
  654. foreach ( (array)$file_list as $file ) { 
  655. $num++; 
  656. $checked_curr_file = ""; 
  657. if ( isset( $attached_files_by_file[$file['display_filename']] ) ) { 
  658. $checked_curr_file = "checked='checked'"; 
  659.  
  660. $output .= "<p " . ((($num % 2) > 0) ? '' : "class='alt'") . " id='select_product_file_row_$num'>\n"; 
  661. $output .= " <input type='checkbox' name='select_product_file[]' value='" . $file['real_filename'] . "' id='select_product_file_$num' " . $checked_curr_file . " />\n"; 
  662. $output .= " <label for='select_product_file_$num'>" . $file['display_filename'] . "</label>\n"; 
  663. $output .= "</p>\n"; 
  664.  
  665. $output .= "</div>"; 
  666. $output .= "<input type='hidden' id='hidden_id' value='$product_id' />"; 
  667. $output .= "<input data-nonce='" . _wpsc_create_ajax_nonce( 'upload_product_file' ) . "' type='submit' name='save' name='product_files_submit' class='button-primary prdfil' value='" . esc_html__( 'Save Product Files', 'wpsc' ) . "' />"; 
  668. $output .= "</form>"; 
  669. $output .= "<div class='" . ((is_numeric( $product_id )) ? "edit_" : "") . "select_product_handle'><div></div></div>"; 
  670. $output .= "<script type='text/javascript'>\n\r"; 
  671. $output .= "var select_min_height = " . (25 * 3) . ";\n\r"; 
  672. $output .= "var select_max_height = " . (25 * ($num + 1)) . ";\n\r"; 
  673. $output .= "</script>"; 
  674.  
  675.  
  676. echo $output; 
  677. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action'] == 'product_files_existing') ) 
  678. add_action( 'admin_init', 'wpsc_product_files_existing' ); 
  679.  
  680. function wpsc_update_variations() { 
  681. $product_id = absint( $_POST["product_id"] ); 
  682. $product_type_object = get_post_type_object('wpsc-product'); 
  683. if (!current_user_can($product_type_object->cap->edit_post, $product_id)) 
  684. return; 
  685.  
  686. //Setup postdata 
  687. $post_data = array(); 
  688. $post_data['edit_var_val'] = isset( $_POST['edit_var_val'] ) ? $_POST["edit_var_val"] : ''; 
  689.  
  690. //Add or delete variations 
  691. wpsc_edit_product_variations( $product_id, $post_data ); 
  692.  
  693. if ( isset($_POST["edit_var_val"]) ) 
  694. add_action( 'admin_init', 'wpsc_update_variations', 50 ); 
  695.  
  696. function wpsc_delete_variation_set() { 
  697. check_admin_referer( 'delete-variation' ); 
  698.  
  699. if ( is_numeric( $_GET['deleteid'] ) ) { 
  700. $variation_id = absint( $_GET['deleteid'] ); 
  701.  
  702. $variation_set = get_term( $variation_id, 'wpsc-variation', ARRAY_A ); 
  703.  
  704.  
  705. $variations = get_terms( 'wpsc-variation', array( 
  706. 'hide_empty' => 0,  
  707. 'parent' => $variation_id 
  708. ) ); 
  709.  
  710. foreach ( (array)$variations as $variation ) { 
  711. $return_value = wp_delete_term( $variation->term_id, 'wpsc-variation' ); 
  712.  
  713. if ( !empty( $variation_set ) ) { 
  714. $return_value = wp_delete_term( $variation_set['term_id'], 'wpsc-variation' ); 
  715. $deleted = 1; 
  716.  
  717. $sendback = wp_get_referer(); 
  718. if ( isset( $deleted ) ) { 
  719. $sendback = add_query_arg( 'deleted', $deleted, $sendback ); 
  720. $sendback = remove_query_arg( array( 
  721. 'deleteid',  
  722. 'variation_id' 
  723. ), $sendback ); 
  724.  
  725. wp_redirect( esc_url_raw( $sendback ) ); 
  726. exit(); 
  727.  
  728. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ( 'wpsc-delete-variation-set' == $_REQUEST['wpsc_admin_action'] ) ) 
  729. add_action( 'admin_init', 'wpsc_delete_variation_set' ); 
  730.  
  731. function wpsc_backup_theme() { 
  732.  
  733. if ( ! wpsc_is_store_admin() ) { 
  734. return; 
  735.  
  736. $wp_theme_path = get_stylesheet_directory(); 
  737. wpsc_recursive_copy( $wp_theme_path, WPSC_THEME_BACKUP_DIR ); 
  738. $_SESSION['wpsc_themes_backup'] = true; 
  739. $sendback = wp_get_referer(); 
  740. wp_redirect( $sendback ); 
  741.  
  742. exit(); 
  743. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ( $_REQUEST['wpsc_admin_action'] == 'backup_themes' ) ) 
  744. add_action( 'admin_init', 'wpsc_backup_theme' ); 
  745.  
  746. function wpsc_delete_coupon() { 
  747. global $wpdb; 
  748.  
  749. check_admin_referer( 'delete-coupon' ); 
  750. $coupon_id = (int)$_GET['delete_id']; 
  751.  
  752. if(isset($coupon_id)) { 
  753. $wpdb->query( $wpdb->prepare( "DELETE FROM `".WPSC_TABLE_COUPON_CODES."` WHERE `id` = %d LIMIT 1", $coupon_id ) ); 
  754. $deleted = 1; 
  755. $sendback = wp_get_referer(); 
  756.  
  757. if ( isset( $deleted ) ) 
  758. $sendback = add_query_arg( 'deleted', $deleted, $sendback ); 
  759.  
  760. $sendback = remove_query_arg( array( 'deleteid', 'wpsc_admin_action' ), $sendback ); 
  761. wp_redirect( esc_url_raw( $sendback ) ); 
  762. exit(); 
  763.  
  764. //Delete Coupon 
  765. if ( isset( $_REQUEST['wpsc_admin_action'] ) && ( 'wpsc-delete-coupon' == $_REQUEST['wpsc_admin_action'] ) ) 
  766. add_action( 'admin_init', 'wpsc_delete_coupon' ); 
  767.  
  768. function _wpsc_action_update_option_base_country( $old_value, $new_value ) { 
  769. global $wpdb; 
  770. $region_count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(`regions`.`id`) FROM `" . WPSC_TABLE_REGION_TAX . "` AS `regions` INNER JOIN `" . WPSC_TABLE_CURRENCY_LIST . "` AS `country` ON `country`.`id` = `regions`.`country_id` WHERE `country`.`isocode` IN('%s')", $new_value ) ); 
  771. if ( ! $region_count ) 
  772. update_option( 'base_region', '' ); 
  773. add_action( 'update_option_base_country', '_wpsc_action_update_option_base_country', 10, 2 ); 
.