File: /var/www/vhosts/paiskincare.com/httpdocs2/cto_osc_link.php
<?php
/*
Copyright (c) 2009 Lech Madrzyk
Released under the GNU General Public License
*/
//DebugBreak('1@localhost');
define('CTO_OSC_LINK_VERSION', '1.2.2');
ini_set('display_errors', 'On');
require('includes/configure.php');
if( file_exists('includes/version.php') ) include('includes/version.php');
$project_version = defined('PROJECT_VERSION') ? PROJECT_VERSION : ( defined('PROJECT_VERSION_NAME') ? PROJECT_VERSION_NAME : '' );
if( empty($project_version) && file_exists('includes/application_top.php') ) {
$at = file_get_contents('includes/application_top.php');
$matches = array();
preg_match('#define\(\'PROJECT_VERSION\', \'(.*?)\'\);#i', $at, $matches);
if( !empty($matches[1]) ) {
$project_version = $matches[1];
}
}
$osc_dist = 'osc';
switch( current(explode(' ', $project_version)) ) {
case 'CRE':
$osc_dist = 'creloaded';
break;
case 'Zen':
$osc_dist = 'zencart';
break;
case 'osCMax':
$osc_dist = 'oscmax';
break;
}
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
require(DIR_WS_INCLUDES . 'database_tables.php');
function tep_exit() {
exit();
}
function tep_redirect($url) {
if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}
if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page
if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url
$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL
}
}
header('Location: ' . $url);
tep_exit();
}
function tep_rand($min = null, $max = null) {
static $seeded;
if (!isset($seeded)) {
mt_srand((double)microtime()*1000000);
$seeded = true;
}
if (isset($min) && isset($max)) {
if ($min >= $max) {
return $min;
} else {
return mt_rand($min, $max);
}
} else {
return mt_rand();
}
}
function tep_create_random_value($length, $type = 'mixed') {
if ( ($type != 'mixed') && ($type != 'chars') && ($type != 'digits')) return false;
$rand_value = '';
while (strlen($rand_value) < $length) {
if ($type == 'digits') {
$char = tep_rand(0,9);
} else {
$char = chr(tep_rand(0,255));
}
if ($type == 'mixed') {
if (eregi('^[a-z0-9]$', $char)) $rand_value .= $char;
} elseif ($type == 'chars') {
if (eregi('^[a-z]$', $char)) $rand_value .= $char;
} elseif ($type == 'digits') {
if (ereg('^[0-9]$', $char)) $rand_value .= $char;
}
}
return $rand_value;
}
function tep_db_connect($server = DB_SERVER, $username = DB_SERVER_USERNAME, $password = DB_SERVER_PASSWORD, $database = DB_DATABASE, $link = 'db_link') {
global $$link;
if (USE_PCONNECT == 'true') {
$$link = mysql_pconnect($server, $username, $password);
} else {
$$link = mysql_connect($server, $username, $password);
}
if ($$link) mysql_select_db($database);
return $$link;
}
function tep_db_close($link = 'db_link') {
global $$link;
return mysql_close($$link);
}
function tep_db_error($query, $errno, $error) {
die('<font color="#000000"><b>' . $errno . ' - ' . $error . '<br><br>' . $query . '<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>');
}
function tep_db_query($query, $link = 'db_link') {
global $$link;
if (defined('STORE_DB_TRANSACTIONS') && (STORE_DB_TRANSACTIONS == 'true')) {
error_log('QUERY ' . $query . "\n", 3, STORE_PAGE_PARSE_TIME_LOG);
}
$result = mysql_query($query, $$link) or tep_db_error($query, mysql_errno(), mysql_error());
if (defined('STORE_DB_TRANSACTIONS') && (STORE_DB_TRANSACTIONS == 'true')) {
$result_error = mysql_error();
error_log('RESULT ' . $result . ' ' . $result_error . "\n", 3, STORE_PAGE_PARSE_TIME_LOG);
}
return $result;
}
function tep_db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link') {
reset($data);
if ($action == 'insert') {
$query = 'insert into ' . $table . ' (';
while (list($columns, ) = each($data)) {
$query .= $columns . ', ';
}
$query = substr($query, 0, -2) . ') values (';
reset($data);
while (list(, $value) = each($data)) {
switch ((string)$value) {
case 'now()':
$query .= 'now(), ';
break;
case 'null':
$query .= 'null, ';
break;
default:
$query .= '\'' . tep_db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ')';
} elseif ($action == 'update') {
$query = 'update ' . $table . ' set ';
while (list($columns, $value) = each($data)) {
switch ((string)$value) {
case 'now()':
$query .= $columns . ' = now(), ';
break;
case 'null':
$query .= $columns .= ' = null, ';
break;
default:
$query .= $columns . ' = \'' . tep_db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ' where ' . $parameters;
}
return tep_db_query($query, $link);
}
function tep_db_fetch_array($db_query) {
return mysql_fetch_array($db_query, MYSQL_ASSOC);
}
function tep_db_num_rows($db_query) {
return mysql_num_rows($db_query);
}
function tep_db_data_seek($db_query, $row_number) {
return mysql_data_seek($db_query, $row_number);
}
function tep_db_insert_id($link = 'db_link') {
global $$link;
return mysql_insert_id($$link);
}
function tep_db_free_result($db_query) {
return mysql_free_result($db_query);
}
function tep_db_fetch_fields($db_query) {
return mysql_fetch_field($db_query);
}
function tep_db_output($string) {
return htmlspecialchars($string);
}
function tep_db_input($string, $link = 'db_link') {
global $$link;
if (function_exists('mysql_real_escape_string')) {
return mysql_real_escape_string($string, $$link);
} elseif (function_exists('mysql_escape_string')) {
return mysql_escape_string($string);
}
return addslashes($string);
}
function tep_db_prepare_input($string) {
if (is_string($string)) {
return trim(tep_sanitize_string(stripslashes($string)));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = tep_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
tep_db_connect() or die('Unable to connect to database server!');
$configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);
while ($configuration = tep_db_fetch_array($configuration_query)) {
define($configuration['cfgKey'], $configuration['cfgValue']);
}
function cto_prepare_output($string) {
return utf8_encode(preg_replace('#[\n\r\t]#si', ' ', strip_tags($string)));
}
function cto_output_header_row($fields) {
$output = array();
foreach( $fields as $k => $v ) {
$output[] = $k;
}
return implode("\t", $output) . "\n";
}
function cto_output_row($fields) {
$output = array();
foreach( $fields as $k => $v ) {
$output[] = cto_prepare_output($v);
}
return implode("\t", $output) . "\n";
}
function cto_echo_data(&$query) {
$count = 1;
if( tep_db_num_rows($query) > 0 ) {
tep_db_data_seek($query, 0);
while( $row = tep_db_fetch_array($query) ) {
if( $count == 1 ) echo cto_output_header_row($row);
echo cto_output_row($row);
++$count;
}
}
else {
echo "\n";
}
}
function cto_post_encode($data, $keyprefix = '', $keypostfix = '') {
if( !empty($data) && is_array($data) ) {
$vars = '';
foreach( $data as $key=>$value ) {
if( is_array($value) ) $vars .= '&' . cto_post_encode($value, $keyprefix . urlencode($key) . $keypostfix . urlencode('['), urlencode(']'));
else $vars .= '&' . $keyprefix . urlencode($key) . $keypostfix . '=' . urlencode($value);
}
return substr($vars, 1);
}
else {
return false;
}
}
function cto_http_request($url, $post_data = array(), $login = '', $password = '', $additional_parameters = array(), $strict_ssl = true) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if( !empty($login) && !empty($password) ) {
curl_setopt($ch, CURLOPT_USERPWD, $login . ':' . $password);
}
if( !empty($post_data) ) {
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, cto_post_encode($post_data));
}
if( preg_match('#^https#', $url) && $strict_ssl ) {
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
}
if( !empty($additional_parameters) ) {
foreach( $additional_parameters as $key => $value ) {
curl_setopt($ch, constant($key), $value);
}
}
$return = array('status' => true,
'error_num' => '',
'error_msg' => '');
$return['content'] = curl_exec($ch);
if( curl_errno($ch) ) {
$return['status'] = false;
$return['error_num'] = curl_errno($ch);
$return['error_msg'] = curl_error($ch);
}
curl_close($ch);
return $return;
}
if( HTTP_SERVER == 'http://www.carrytheone.co.uk' ) ini_set('display_errors', 'On');
$cto_mode = isset($_GET['test']) ? 'bayarea' : 'live';
$access_key = isset($_POST['access_key']) ? $_POST['access_key'] : ( isset($_GET['access_key']) ? $_GET['access_key'] : '' );
$lu = isset($_POST['lu']) ? $_POST['lu'] : ( isset($_GET['lu']) ? $_GET['lu'] : '' );
$lii = isset($_POST['lii']) ? $_POST['lii'] : ( isset($_GET['lii']) ? $_GET['lii'] : 0 );
$start_date = isset($_POST['start_date']) ? $_POST['start_date'] : ( isset($_GET['start_date']) ? $_GET['start_date'] : '' );
if( !empty($access_key) && $access_key != CTO_ACCESS_KEY ) {
echo 'AUTHENTICATION_ERROR';
exit();
}
elseif( !empty($access_key) && $access_key == CTO_ACCESS_KEY && !empty($_GET['action']) && $_GET['action'] == 'delete_key' ) {
tep_db_query('delete from ' . TABLE_CONFIGURATION . ' where configuration_key = \'CTO_ACCESS_KEY\'');
}
elseif( !empty($access_key) && $access_key == CTO_ACCESS_KEY ) {
echo '<pre>';
echo "\n";
/*
require(DIR_WS_CLASSES . 'payment.php');
$payment_modules = new payment;
$active_payment_modules = $payment_modules->selection();
echo '[START:PAYMENT_MODULES]' . "\n";
echo 'id' . "\t" . 'text' . "\n";
foreach( $active_payment_modules as $module ) {
echo cto_prepare_output($module['id']) . "\t" . cto_prepare_output($module['module']) . "\n";
}
echo '[END:PAYMENT_MODULES]' . "\n";
require(DIR_WS_CLASSES . 'shipping.php');
$shipping_modules = new shipping;
echo '[START:SHIPPING_MODULES]' . "\n";
echo 'id' . "\t" . 'text' . "\n";
if( !empty($shipping_modules->modules) ) {
foreach( $shipping_modules->modules as $module ) {
$m = explode('.', $module);
echo cto_prepare_output($GLOBALS[ $m[0] ]->code) . "\t" . cto_prepare_output($GLOBALS[ $m[0] ]->title) . "\n";
}
}
echo '[END:SHIPPING_MODULES]' . "\n";
*/
echo '[START:INFO]' . "\n";
echo 'id' . "\t" . 'value' . "\n";
echo 'CTO_OSC_LINK_VERSION' . "\t" . CTO_OSC_LINK_VERSION . "\n";
echo 'CTO_OSC_DIST' . "\t" . $osc_dist . "\n";
echo 'CTO_OSC_DISPLAY_PRICE_WITH_TAX' . "\t" . DISPLAY_PRICE_WITH_TAX . "\n";
echo '[END:INFO]' . "\n";
echo '[START:ORDER_STATUSES]' . "\n";
echo 'id' . "\t" . 'text' . "\n";
$order_statuses_query = tep_db_query('select * from ' . TABLE_ORDERS_STATUS . ' where language_id = 1 order by orders_status_id');
while( $order_statuses = tep_db_fetch_array($order_statuses_query) ) {
echo cto_prepare_output($order_statuses['orders_status_id']) . "\t" . cto_prepare_output($order_statuses['orders_status_name']) . "\n";
}
echo '[END:ORDER_STATUSES]' . "\n";
$query = tep_db_query('select orders_status_history_id,
orders_id,
orders_status_id as orders_status,
date_added as order_status_date
from ' . TABLE_ORDERS_STATUS_HISTORY . '
where ' . ( !empty($lii) ? 'orders_status_history_id > ' . (int)$lii : 'UNIX_TIMESTAMP(date_added) > ' . (int)$lu . '
and UNIX_TIMESTAMP(date_added) > ' . (int)$start_date ) . '
order by date_added');
$order_ids = array();
if( !empty($lii) && tep_db_num_rows($query) > 0 ) {
while( $row = tep_db_fetch_array($query) ) {
$order_ids[ $row['orders_id'] ] = $row['orders_id'];
}
}
echo '[START:ORDERS_STATUS_HISTORY]' . "\n";
cto_echo_data($query);
echo '[END:ORDERS_STATUS_HISTORY]' . "\n";
$query = tep_db_query('select o.orders_id,
o.customers_id,
o.billing_name,
o.billing_company,
o.billing_street_address,
o.billing_suburb,
o.billing_city,
o.billing_postcode,
o.billing_state,
o.billing_country,
o.billing_address_format_id,
o.delivery_name,
o.delivery_company,
o.delivery_street_address,
o.delivery_suburb,
o.delivery_city,
o.delivery_postcode,
o.delivery_state,
o.delivery_country,
o.delivery_address_format_id,
o.payment_method,
o.last_modified,
o.date_purchased,
o.orders_status,
o.orders_date_finished,
o.currency,
o.currency_value,
c.customers_email_address,
' . ( $osc_dist != 'creloaded' ? 'c.customers_telephone,' : '\'\' as customers_telephone,' ) . '
cd.countries_iso_code_3,
cb.countries_iso_code_3 as billing_country_code
from ' . TABLE_ORDERS . ' o left join ' . TABLE_CUSTOMERS . ' c on o.customers_id = c.customers_id
left join ' . TABLE_COUNTRIES . ' cd on o.delivery_country = cd.countries_name
left join ' . TABLE_COUNTRIES . ' cb on o.billing_country = cb.countries_name
where ' . ( !empty($lii) ? ( !empty($order_ids) ? ' o.orders_id in (' . implode(',', $order_ids) . ')' : '1 = 0' ) : '( UNIX_TIMESTAMP(o.date_purchased) > ' . (int)$lu . '
or UNIX_TIMESTAMP(o.last_modified) > ' . (int)$lu . ' )
and UNIX_TIMESTAMP(o.date_purchased) > ' . (int)$start_date ) . '
order by o.orders_id');
echo '[START:ORDERS]' . "\n";
cto_echo_data($query);
echo '[END:ORDERS]' . "\n";
$query = tep_db_query('select op.*,
GROUP_CONCAT(CONCAT(products_options, \': \', products_options_values) SEPARATOR \'; \') as options
from ' . TABLE_ORDERS . ' o left join ' . TABLE_ORDERS_PRODUCTS . ' op on o.orders_id = op.orders_id
left join ' . TABLE_ORDERS_PRODUCTS_ATTRIBUTES . ' opa on op.orders_products_id = opa.orders_products_id
where ' . ( !empty($lii) ? ( !empty($order_ids) ? ' o.orders_id in (' . implode(',', $order_ids) . ')' : '1 = 0' ) : '( UNIX_TIMESTAMP(o.date_purchased) > ' . (int)$lu . '
or UNIX_TIMESTAMP(o.last_modified) > ' . (int)$lu . ' )
and UNIX_TIMESTAMP(o.date_purchased) > ' . (int)$start_date ) . '
group by op.orders_products_id
order by o.orders_id');
echo '[START:ORDERS_PRODUCTS]' . "\n";
cto_echo_data($query);
echo '[END:ORDERS_PRODUCTS]' . "\n";
$query = tep_db_query('select ot.orders_id,
TRIM(TRAILING \':\' FROM ot.title) as orders_total_module,
ot.value,
ot.class
from ' . TABLE_ORDERS_TOTAL . ' ot left join ' . TABLE_ORDERS . ' o on ot.orders_id = o.orders_id
where ' . ( !empty($lii) ? ( !empty($order_ids) ? ' o.orders_id in (' . implode(',', $order_ids) . ')' : '1 = 0' ) : '( UNIX_TIMESTAMP(o.date_purchased) > ' . (int)$lu . '
or UNIX_TIMESTAMP(o.last_modified) > ' . (int)$lu . ' )
and UNIX_TIMESTAMP(o.date_purchased) > ' . (int)$start_date ) . '
order by o.orders_id');
echo '[START:ORDERS_TOTAL]' . "\n";
cto_echo_data($query);
echo '[END:ORDERS_TOTAL]' . "\n";
echo '</pre>';
}
else {
$ssl = ENABLE_SSL === 'true' || ENABLE_SSL === true;
$url = ( $ssl ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . ( defined('DIR_WS_HTTP_CATALOG') ? DIR_WS_HTTP_CATALOG : ( defined('DIR_WS_CATALOG') ? DIR_WS_CATALOG : '/' ) ) ) . 'cto_osc_link.php';
preg_match('#^(https?)://(.*)$#i', $url, $matches);
$access = $matches[2];
/*
preg_match('#^(https?)://(.*)$#i', tep_href_link(basename($PHP_SELF), '', 'SSL', false), $matches);
$access = $matches[2];
$ssl = strtolower($matches[1]) == 'https' ? '1' : '0';
*/
if( !defined('CTO_ACCESS_KEY') ) {
$post = array();
$post['action'] = 'link_setup';
$post['access'] = $access;
$post['ssl'] = ( $ssl ? '1' : '0' );
$post['osc_dist'] = $osc_dist;
$access_key = tep_create_random_value(32);
$post['access_key'] = $access_key;
tep_db_query('insert into ' . TABLE_CONFIGURATION . ' (configuration_title, configuration_description, configuration_key, configuration_value, configuration_group_id, sort_order) values (\'CTO Access Key\', \'This key is used by CarryTheOne to access your order data. You should not change this unless you have been instructed to do so by CarryTheOne\', \'CTO_ACCESS_KEY\', \'' . tep_db_input($access_key) . '\', 1, 1000)');
$response = cto_http_request('https://www.carrytheone.co.uk/cto/' . $cto_mode . '/int/osc.php', $post);
if( !$response['status'] ) {
$response = cto_http_request('https://www.carrytheone.co.uk/cto/' . $cto_mode . '/int/osc.php', $post, '', '', array(), false);
if( !$response['status'] ) {
$response = cto_http_request('http://www.carrytheone.co.uk/cto/' . $cto_mode . '/int/osc.php', $post);
}
}
$error = !$response['status'] || $response['content'] != 'OK';
if( $error ) {
$query_name_value_pairs = array();
foreach( $post as $name => $value ) {
$query_name_value_pairs[] = urlencode($name) . '=' . urlencode($value);
}
$query = implode('&', $query_name_value_pairs);
tep_redirect('https://www.carrytheone.co.uk/cto/' . $cto_mode . '/int/osc.php?' . $query);
}
}
tep_redirect('https://www.carrytheone.co.uk/cto/' . $cto_mode . '/int/osc.php?action=setup&access=' . urlencode($access));
}
?>