protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
QuantityDiscountID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("QuantityDiscountID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("QuantityDiscountID") != "0")
{
Editing = true;
QuantityDiscountID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("QuantityDiscountID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
StringBuilder sql = new StringBuilder(2500);
if (!Editing)
{
// ok to add:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into quantitydiscount(QuantityDiscountGUID,Name) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select QuantityDiscountID from quantitydiscount with (NOLOCK) where QuantityDiscountGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
QuantityDiscountID = DB.RSFieldInt(rs, "QuantityDiscountID");
Editing = true;
}
}
DataUpdated = true;
Response.Redirect(AppLogic.AdminLinkUrl("editquantitydiscounttable.aspx") + "?QuantityDiscountID=" + QuantityDiscountID.ToString());
}
else
{
// ok to update:
sql.Append("update quantitydiscount set ");
sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")));
sql.Append(" where QuantityDiscountID=" + QuantityDiscountID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("quantitydiscounts.aspx") + "\">" + AppLogic.GetString("admin.menu.QuantityDiscounts", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editquantitydiscount.ManageQuantityDiscounts", SkinID, LocaleSetting);
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
InitializeStores();
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
SectionTitle = "Manage Shipping Methods";
if (!IsStoreFilterChangePostBack && CommonLogic.FormBool("IsSubmit"))
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int ShippingMethodID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch { }
DB.ExecuteSQL("update ShippingMethod set DisplayOrder=" + DispOrd.ToString() + " where ShippingMethodID=" + ShippingMethodID.ToString());
IsShippingMethod = true;
}
if (Request.Form.Keys[i].IndexOf("displayName") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int shippingMethodID = Localization.ParseUSInt(keys[1]);
string displayName = Request.Form[Request.Form.Keys[i]];
DB.ExecuteSQL(String.Format("update ShippingMethod set DisplayName={0} where ShippingMethodID={1}", DB.SQuote(displayName), shippingMethodID));
}
if (Request.Form.Keys[i].IndexOf("ShippingMethodCode") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int shippingMethodID = Localization.ParseUSInt(keys[1]);
string shippingMethodCode = Request.Form[Request.Form.Keys[i]];
DB.ExecuteSQL(String.Format("update ShippingMethod set ShippingMethodCode={0} where ShippingMethodID={1}", DB.SQuote(shippingMethodCode), shippingMethodID));
}
}
// for the store mapping
if (MultiStoreFilteringEnabled)
{
DB.ExecuteSQL(string.Format("DELETE ShippingMethodStore WHERE StoreId = {0}", StoreFilter));
var chkStoreMapElementNames = Request.Form.AllKeys.Where(elem => elem.StartsWith("chkStoreMap_"));
foreach (string chkMap in chkStoreMapElementNames)
{
int shippingMethodId = chkMap.Split('_')[1].ToNativeInt();
DB.ExecuteSQL(string.Format("INSERT INTO ShippingMethodStore(StoreId, ShippingMethodId) Values({0}, {1})", StoreFilter, shippingMethodId));
}
}
}
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
_rtShippingProviderID = CommonLogic.QueryStringUSInt("RtShippingProviderID");
if (_rtShippingProviderID == 0)
{
Response.Redirect(AppLogic.AdminLinkUrl("rtshippingmgr.aspx"));
}
using (SqlConnection con = new SqlConnection(DB.GetDBConn()))
{
con.Open();
using (IDataReader reader = DB.GetRS(string.Format("SELECT [Name] FROM RTShippingProvider WHERE RTShippingProviderID = {0}", _rtShippingProviderID.ToString()), con))
{
if (reader.Read())
{
_rtShippingProviderName = DB.RSField(reader, "Name");
}
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("rtshippingmgr.aspx") + "\">RTShipping Providers</a> - Setting Allowed Countries for Real Time Shipping Providers: " + _rtShippingProviderName;
if (CommonLogic.FormBool("IsSubmit"))
{
IsUpdated = true;
DB.ExecuteSQL("delete from RTShippingProviderToCountryMap where RtShippingProviderID=" + _rtShippingProviderID.ToString());
foreach (String s in CommonLogic.FormCanBeDangerousContent("CountryList").Split(','))
{
if (s.Trim().Length != 0)
{
DB.ExecuteSQL("insert RTShippingProviderToCountryMap(RtShippingProviderID,CountryID) values(" + _rtShippingProviderID.ToString() + "," + s + ")");
}
}
}
if (CommonLogic.QueryStringCanBeDangerousContent("clearall").Length != 0)
{
DB.ExecuteSQL("delete from RTShippingProviderToCountryMap where RtShippingProviderID=" + _rtShippingProviderID.ToString());
}
if (CommonLogic.QueryStringCanBeDangerousContent("allowall").Length != 0)
{
DB.ExecuteSQL("delete from RTShippingProviderToCountryMap where RtShippingProviderID=" + _rtShippingProviderID.ToString());
DB.ExecuteSQL("insert into RTShippingProviderToCountryMap(RtShippingProviderID,CountryID) select " + _rtShippingProviderID.ToString() + ",CountryID from Country");
}
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
SectionTitle = "Manage Shipping Methods";
// if this is a postback and the one triggered the postback
// is the store combobox
if (IsStoreFilterChangePostBack())
{
StoreFilter = Request.Form["cboStores"].ToNativeInt();
}
else
{
if (CommonLogic.FormBool("IsSubmit"))
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int ShippingMethodID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch { }
DB.ExecuteSQL("update ShippingMethod set DisplayOrder=" + DispOrd.ToString() + " where ShippingMethodID=" + ShippingMethodID.ToString());
IsShippingMethod = true;
}
}
// for the store mapping
if (Stores.Count > 1 && StoreFilter != Shipping.DONT_FILTER_PER_STORE)
{
DB.ExecuteSQL(string.Format("DELETE ShippingMethodStore WHERE StoreId = {0}", StoreFilter));
var chkStoreMapElementNames = Request.Form.AllKeys.Where(elem => elem.StartsWith("chkStoreMap_"));
foreach (string chkMap in chkStoreMapElementNames)
{
int shippingMethodId = chkMap.Split('_')[1].ToNativeInt();
DB.ExecuteSQL(string.Format("INSERT INTO ShippingMethodStore(StoreId, ShippingMethodId) Values({0}, {1})", StoreFilter, shippingMethodId));
}
}
}
}
Render();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
VariantID = CommonLogic.QueryStringUSInt("VariantID");
ProductID = CommonLogic.QueryStringUSInt("ProductID");
VariantName = AppLogic.GetVariantName(VariantID, LocaleSetting);
VariantSKUSuffix = AppLogic.GetVariantSKUSuffix(VariantID);
if (VariantName.Length == 0)
{
VariantName = AppLogic.GetString("admin.editextendedprices.UnnamedVariant", SkinID, LocaleSetting);
}
if (VariantSKUSuffix.Length == 0)
{
VariantSKUSuffix = String.Empty;
}
if (ProductID == 0)
{
ProductID = AppLogic.GetVariantProductID(VariantID);
}
if (CommonLogic.FormBool("IsSubmit"))
{
// start with clean slate, to make all adds easy:
DB.ExecuteSQL("delete from extendedprice where VariantID=" + VariantID.ToString());
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
String FieldName = Request.Form.Keys[i];
if (FieldName.IndexOf("_vldt") == -1 && FieldName.IndexOf("Price_") != -1)
{
// this field should be processed
decimal FieldVal = CommonLogic.FormUSDecimal(FieldName);
String[] Parsed = FieldName.Split('_');
int CustomerLevelID = Localization.ParseUSInt(Parsed[1]);
if (FieldVal != System.Decimal.Zero)
{
DB.ExecuteSQL("insert into ExtendedPrice(ExtendedPriceGUID,VariantID,CustomerLevelID,Price) values(" + DB.SQuote(DB.GetNewGUID()) + "," + VariantID.ToString() + "," + CustomerLevelID.ToString() + "," + Localization.CurrencyStringForDBWithoutExchangeRate(FieldVal) + ")");
}
}
}
}
VariantLink = " <a href=\"" + AppLogic.AdminLinkUrl("entityEditProductVariant.aspx") + "?productid=" + ProductID.ToString() + "&VariantID=" + VariantID.ToString() + "&entityname=CATEGORY&EntityID=0\">Variant</a> ";
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("variants.aspx") + "?productid=" + ProductID.ToString() + "\">" + AppLogic.GetString("admin.editextendedprices.Variants", SkinID, LocaleSetting) + "</a> - " + VariantLink + AppLogic.GetString("admin.editextendedprices.ExtendedPrices", SkinID, LocaleSetting);
Render();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
ProductID = CommonLogic.QueryStringUSInt("ProductID");
VariantID = CommonLogic.QueryStringUSInt("VariantID");
if (CommonLogic.FormBool("IsSubmit"))
{
DB.ExecuteSQL("Update productvariant set ProductID=" + CommonLogic.FormCanBeDangerousContent("NewProductID") + " where VariantID=" + VariantID.ToString());
}
LoadContent();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
CustomerLevelID = CommonLogic.QueryStringUSInt("CustomerLevelID");
CustomerLevelName = Customer.GetCustomerLevelName(CustomerLevelID, LocaleSetting);
if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0)
{
// remove this level from this customer:
DB.ExecuteSQL("update Customer set CustomerLevelID=0 where CustomerID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID"));
}
if (CommonLogic.FormBool("IsSubmit"))
{
String EMail = CommonLogic.FormCanBeDangerousContent("EMail");
if (EMail.Length != 0)
{
int CustomerID = Customer.GetIDFromEMail(EMail);
if (CustomerID == 0)
{
if (CommonLogic.IsInteger(CommonLogic.FormCanBeDangerousContent("EMail")))
{
CustomerID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent("EMail")); // in case they just entered a customer id into the field.
}
}
if (CustomerID != 0)
{
// clear the carts for this customer. This is to ensure their produce pricing is correct
// their current cart can have customer level pricing, not retail pricing, and this prevents that:
DB.ExecuteSQL("delete from shoppingcart where customerid=" + CustomerID.ToString());
DB.ExecuteSQL("delete from kitcart where customerid=" + CustomerID.ToString());
DB.ExecuteSQL("Update customer set CustomerLevelID=" + CustomerLevelID.ToString() + " where CustomerID=" + CustomerID.ToString());
}
else
{
ErrorMsg = "That customer e-mail was not found in the database";
}
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("CustomerLevels.aspx") + "\">CustomerLevels</a> - Show Customer Level: " + CustomerLevelName;
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
cust = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer;
EntityID = CommonLogic.QueryStringUSInt("EntityID");;
EntityName = CommonLogic.QueryStringCanBeDangerousContent("EntityName");
m_EntitySpecs = EntityDefinitions.LookupSpecs(EntityName);
Helper = new EntityHelper(m_EntitySpecs, 0);
if (EntityID == 0 || EntityName.Length == 0)
{
ltBody.Text = "Invalid Parameters";
return;
}
if (CommonLogic.FormBool("IsSubmit"))
{
if (EntityID != 0)
{
DB.ExecuteSQL(String.Format("delete from {0}{1} where {2}ID={3}", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, EntityID.ToString()));
}
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int ObjectID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch { }
DB.ExecuteSQL(String.Format("insert into {0}{1}({2}ID,{3}ID,DisplayOrder) values({4},{5},{6})", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_ObjectName, EntityID.ToString(), ObjectID.ToString(), DispOrd.ToString()));
}
}
}
LoadBody();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
ProductID = CommonLogic.QueryStringUSInt("ProductID");
VariantID = CommonLogic.QueryStringUSInt("VariantID");
if (CommonLogic.FormBool("IsSubmit"))
{
DB.ExecuteSQL("Update productvariant set ProductID=" + CommonLogic.FormCanBeDangerousContent("NewProductID") + " where VariantID=" + VariantID.ToString());
Response.Redirect(AppLogic.AdminLinkUrl("variants.aspx") + "?productid=" + ProductID.ToString());
}
SectionTitle = String.Format(AppLogic.GetString("admin.sectiontitle.movevariant", SkinID, LocaleSetting), AppLogic.AdminLinkUrl("variants.aspx"), ProductID.ToString());
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
if (AppLogic.ProductIsMLExpress() || AppLogic.ProductIsMLX())
{
//not supported in Incartia and express
Response.Redirect(AppLogic.AdminLinkUrl("restrictedfeature.aspx"));
}
ShippingMethodID = CommonLogic.QueryStringUSInt("ShippingMethodID");
if (ShippingMethodID == 0)
{
Response.Redirect(AppLogic.AdminLinkUrl("shippingmethods.aspx"));
}
ShippingMethodName = Shipping.GetShippingMethodName(ShippingMethodID, LocaleSetting);
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("shippingmethods.aspx") + "\">Shipping Methods</a> - Setting Allowed Zones for Shipping Method: " + ShippingMethodName;
if (CommonLogic.FormBool("IsSubmit"))
{
IsUpdated = true;
DB.ExecuteSQL("delete from ShippingMethodToZoneMap where ShippingMethodID=" + ShippingMethodID.ToString());
foreach (String s in CommonLogic.FormCanBeDangerousContent("ZoneList").Split(','))
{
if (s.Trim().Length != 0)
{
DB.ExecuteSQL("insert ShippingMethodToZoneMap(ShippingMethodID,ShippingZoneID) values(" + ShippingMethodID.ToString() + "," + s + ")");
}
}
}
if (CommonLogic.QueryStringCanBeDangerousContent("clearall").Length != 0)
{
DB.ExecuteSQL("delete from ShippingMethodToZoneMap where ShippingMethodID=" + ShippingMethodID.ToString());
}
if (CommonLogic.QueryStringCanBeDangerousContent("allowall").Length != 0)
{
DB.ExecuteSQL("delete from ShippingMethodToZoneMap where ShippingMethodID=" + ShippingMethodID.ToString());
DB.ExecuteSQL("insert into ShippingMethodToZoneMap(ShippingMethodID,ShippingZoneID) select " + ShippingMethodID.ToString() + ",ShippingZoneID from ShippingZone");
}
Render();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
if (CommonLogic.FormBool("IsSubmit"))
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("XPrice_") != -1 && Request.Form.Keys[i].IndexOf("_vldt") == -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int VariantID = Localization.ParseUSInt(keys[1]);
decimal Price = System.Decimal.Zero;
try
{
if (CommonLogic.FormCanBeDangerousContent("XPrice_" + VariantID.ToString()).Length != 0)
{
Price = CommonLogic.FormUSDecimal("XPrice_" + VariantID.ToString());
}
DB.ExecuteSQL("update ProductVariant set Price=" + CommonLogic.IIF(Price != System.Decimal.Zero, Localization.CurrencyStringForDBWithoutExchangeRate(Price), "NULL") + " where VariantID=" + VariantID.ToString());
}
catch { }
}
if (Request.Form.Keys[i].IndexOf("YPrice") != -1 && Request.Form.Keys[i].IndexOf("_vldt") == -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int VariantID = Localization.ParseUSInt(keys[1]);
decimal SalePrice = System.Decimal.Zero;
try
{
if (CommonLogic.FormCanBeDangerousContent("YPrice_" + VariantID.ToString()).Length != 0)
{
SalePrice = CommonLogic.FormUSDecimal("YPrice_" + VariantID.ToString());
}
DB.ExecuteSQL("update ProductVariant set SalePrice=" + CommonLogic.IIF(SalePrice != System.Decimal.Zero, Localization.CurrencyStringForDBWithoutExchangeRate(SalePrice), "NULL") + " where VariantID=" + VariantID.ToString());
}
catch { }
}
}
}
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
EntityID = CommonLogic.QueryStringUSInt("EntityID");;
EntityName = CommonLogic.QueryStringCanBeDangerousContent("EntityName");
m_EntitySpecs = EntityDefinitions.LookupSpecs(EntityName);
Helper = AppLogic.LookupHelper(EntityHelpers, m_EntitySpecs.m_EntityName);
if (EntityID == 0 || EntityName.Length == 0)
{
Response.Redirect(AppLogic.AdminLinkUrl("default.aspx"));
}
if (CommonLogic.FormBool("IsSubmit"))
{
if (EntityID != 0)
{
DB.ExecuteSQL(String.Format("delete from {0}{1} where {2}ID={3}", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, EntityID.ToString()));
}
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int ObjectID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch { }
DB.ExecuteSQL(String.Format("insert into {0}{1}({2}ID,{3}ID,DisplayOrder) values({4},{5},{6})", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_ObjectName, EntityID.ToString(), ObjectID.ToString(), DispOrd.ToString()));
}
}
}
SectionTitle = AppLogic.GetString("admin.sectiontitle.displayorder", SkinID, LocaleSetting);
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
ProductID = CommonLogic.QueryStringUSInt("ProductID");
VariantID = CommonLogic.QueryStringUSInt("VariantID");
TheSize = CommonLogic.QueryStringCanBeDangerousContent("Size");
if (TheSize.Length == 0)
{
TheSize = "medium";
}
if (VariantID == 0)
{
VariantID = AppLogic.GetDefaultProductVariant(ProductID);
}
if (CommonLogic.FormBool("IsSubmit"))
{
String FN = ProductID.ToString();
if (AppLogic.AppConfigBool("UseSKUForProductImageName"))
{
using (SqlConnection conn = DB.dbConn())
{
conn.Open();
using (IDataReader rs = DB.GetRS("select SKU from product with (NOLOCK) where productid=" + ProductID.ToString(), conn))
{
if (rs.Read())
{
String SKU = DB.RSField(rs, "SKU").Trim();
if (SKU.Length != 0)
{
FN = SKU;
}
}
}
}
}
try
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
String FieldName = Request.Form.Keys[i];
if (FieldName.IndexOf("Key_") != -1)
{
String KeyVal = CommonLogic.FormCanBeDangerousContent(FieldName);
// this field should be processed
String[] KeyValSplit = KeyVal.Split('|');
int TheFieldID = Localization.ParseUSInt(KeyValSplit[0]);
int TheProductID = Localization.ParseUSInt(KeyValSplit[1]);
int TheVariantID = Localization.ParseUSInt(KeyValSplit[2]);
String ImageNumber = AppLogic.CleanSizeColorOption(KeyValSplit[3]);
String Color = AppLogic.CleanSizeColorOption(HttpContext.Current.Server.UrlDecode(KeyValSplit[4]));
String SafeColor = CommonLogic.MakeSafeFilesystemName(Color);
bool DeleteIt = (CommonLogic.FormCanBeDangerousContent("Delete_" + TheFieldID.ToString()).Length != 0);
if (DeleteIt)
{
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png");
}
String Image2 = String.Empty;
HttpPostedFile Image2File = Request.Files["Image" + TheFieldID.ToString()];
if (Image2File.ContentLength != 0)
{
// delete any current image file first
try
{
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png");
}
catch
{ }
String s = Image2File.ContentType;
switch (Image2File.ContentType)
{
case "image/gif":
Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif";
Image2File.SaveAs(Image2);
break;
case "image/x-png":
Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png";
Image2File.SaveAs(Image2);
break;
case "image/jpg":
case "image/jpeg":
case "image/pjpeg":
Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg";
Image2File.SaveAs(Image2);
break;
}
}
}
}
}
catch (Exception ex)
{
ErrorMsg += CommonLogic.GetExceptionDetail(ex, "<br/>");
}
}
SectionTitle = String.Format(AppLogic.GetString("admin.sectiontitle.productimagemgr", SkinID, LocaleSetting), "<a href=\"" + AppLogic.AdminLinkUrl("editproduct.aspx") + "?productid=" + ProductID.ToString() + "\">", "</a>", TheSize);
Render();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
NewsID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("NewsID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("NewsID") != "0")
{
Editing = true;
NewsID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("NewsID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
StringBuilder sql = new StringBuilder(2500);
DateTime dt = System.DateTime.Now.AddMonths(6);
if (CommonLogic.FormCanBeDangerousContent("ExpiresOn").Length > 0)
{
dt = Localization.ParseNativeDateTime(CommonLogic.FormCanBeDangerousContent("ExpiresOn"));
}
if (!Editing)
{
// ok to add them:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into news(NewsGUID,ExpiresOn,Headline,NewsCopy,Published) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.DateQuote(Localization.ToDBDateTimeString(dt)) + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Headline")) + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("NewsCopy")) + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("Published"));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select NewsID from news with (NOLOCK) where deleted=0 and NewsGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
NewsID = DB.RSFieldInt(rs, "NewsID");
Editing = true;
}
}
DataUpdated = true;
}
else
{
// ok to update:
sql.Append("update news set ");
sql.Append("Headline=" + DB.SQuote(AppLogic.FormLocaleXml("Headline")) + ",");
sql.Append("NewsCopy=" + DB.SQuote(AppLogic.FormLocaleXml("NewsCopy")) + ",");
sql.Append("ExpiresOn=" + DB.DateQuote(Localization.ToDBDateTimeString(dt)) + ",");
sql.Append("Published=" + CommonLogic.FormCanBeDangerousContent("Published"));
sql.Append(" where NewsID=" + NewsID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("news.aspx") + "\">" + AppLogic.GetString("admin.default.News", SkinID, LocaleSetting) + "</a> - " + String.Format(AppLogic.GetString("admin.editnews.ManageNews", SkinID, LocaleSetting), CommonLogic.IIF(DataUpdated, " (Updated)", ""));
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
CardTypeID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("CardTypeID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("CardTypeID") != "0")
{
Editing = true;
CardTypeID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("CardTypeID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
String redirectlink = "<a href=\"javascript:history.back(-1);\">go back</a>";
if (Editing)
{
// see if this card type already exists:
int N = DB.GetSqlN("select count(CardType) as N from CreditCardType with (NOLOCK) where CardTypeID<>" + CardTypeID.ToString() + " and upper(CardType)=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("CardType").ToUpperInvariant()));
if (N != 0)
{
ErrorMsg = "<p><b><font color=red>" + AppLogic.GetString("admin.common.Error", SkinID, LocaleSetting) + "<br/><br/></font><blockquote>" + String.Format(AppLogic.GetString("admin.editCreditCard.ExistingCard", SkinID, LocaleSetting), redirectlink) + ".</b></blockquote></p>";
}
}
else
{
// see if this cardtype is already there:
int N = DB.GetSqlN("select count(CardType) as N from CreditCardType with (NOLOCK) where upper(CardType)=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("CardType").ToUpperInvariant()));
if (N != 0)
{
ErrorMsg = "<p><b><font color=red>" + AppLogic.GetString("admin.common.Error", SkinID, LocaleSetting) + "<br/><br/></font><blockquote>" + String.Format(AppLogic.GetString("admin.editCreditCard.ExistingCard", SkinID, LocaleSetting), redirectlink) + ".</b></blockquote></p>";
}
}
if (ErrorMsg.Length == 0)
{
StringBuilder sql = new StringBuilder(2500);
if (!Editing)
{
// ok to add them:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into CreditCardType(CardTypeGUID,CardType) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("CardType"), 100)));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select CardTypeID from CreditCardType with (NOLOCK) where CardTypeGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
CardTypeID = DB.RSFieldInt(rs, "CardTypeID");
Editing = true;
}
}
DataUpdated = true;
}
else
{
// ok to update:
sql.Append("update CreditCardType set ");
sql.Append("CardType=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("CardType"), 100)));
sql.Append(" where CardTypeID=" + CardTypeID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("creditcards.aspx") + "\">Credit Cards</a> - Manage Credit Card Types";
Render();
}
public void ProcessRequest(HttpContext context)
{
context.Response.CacheControl = "private";
context.Response.Expires = 0;
context.Response.AddHeader("pragma", "no-cache");
var ThisCustomer = ((InterpriseSuiteEcommercePrincipal)context.User).ThisCustomer;
ThisCustomer.RequireCustomerRecord();
string ReturnURL = CommonLogic.QueryStringCanBeDangerousContent("ReturnURL");
if (ReturnURL.IndexOf("<script>", StringComparison.InvariantCultureIgnoreCase) != -1)
{
throw new ArgumentException("SECURITY EXCEPTION");
}
//Anonymous users should not be allowed to used WishList, they must register first.
if (ThisCustomer.IsNotRegistered)
{
string ErrMsg = string.Empty;
if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1)
{
ErrMsg = AppLogic.GetString("signin.aspx.19", ThisCustomer.SkinID, ThisCustomer.LocaleSetting);
context.Response.Redirect("signin.aspx?ErrorMsg=" + ErrMsg + "&ReturnUrl=" + Security.UrlEncode(ReturnURL));
}
}
string ShippingAddressID = CommonLogic.QueryStringCanBeDangerousContent("ShippingAddressID"); // only used for multi-ship
if (ShippingAddressID.IsNullOrEmptyTrimmed())
{
ShippingAddressID = CommonLogic.FormCanBeDangerousContent("ShippingAddressID");
}
if (ShippingAddressID.IsNullOrEmptyTrimmed() && !ThisCustomer.PrimaryShippingAddressID.IsNullOrEmptyTrimmed())
{
ShippingAddressID = ThisCustomer.PrimaryShippingAddressID;
}
string ProductID = CommonLogic.QueryStringCanBeDangerousContent("ProductID");
if (ProductID.IsNullOrEmptyTrimmed())
{
ProductID = CommonLogic.FormCanBeDangerousContent("ProductID");
}
string itemCode = CommonLogic.QueryStringCanBeDangerousContent("ItemCode");
// check if the item being added is matrix group
// look for the matrix item and use it as itemcode instead
if (!string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("MatrixItem")))
{
itemCode = CommonLogic.FormCanBeDangerousContent("MatrixItem");
}
bool itemExisting = false;
string defaultUnitMeasure = string.Empty;
if (itemCode.IsNullOrEmptyTrimmed())
{
int itemCounter = 0;
if (!ProductID.IsNullOrEmptyTrimmed() &&
int.TryParse(ProductID, out itemCounter) &&
itemCounter > 0)
{
using (var con = DB.NewSqlConnection())
{
con.Open();
using (var reader = DB.GetRSFormat(con, "SELECT i.ItemCode, ium.UnitMeasureCode FROM InventoryItem i with (NOLOCK) INNER JOIN InventoryUnitMeasure ium with (NOLOCK) ON i.ItemCode = ium.ItemCode AND IsBase = 1 WHERE i.Counter = {0}", itemCounter))
{
itemExisting = reader.Read();
if (itemExisting)
{
itemCode = DB.RSField(reader, "ItemCode");
defaultUnitMeasure = DB.RSField(reader, "UnitMeasureCode");
}
}
}
}
}
else
{
// verify we have a valid item code
using (var con = DB.NewSqlConnection())
{
con.Open();
using (var reader = DB.GetRSFormat(con, "SELECT i.ItemCode FROM InventoryItem i with (NOLOCK) WHERE i.ItemCode = {0}", DB.SQuote(itemCode)))
{
itemExisting = reader.Read();
if (itemExisting)
{
itemCode = DB.RSField(reader, "ItemCode");
}
}
}
}
if (!itemExisting)
{
GoNextPage(context);
}
// get the unit measure code
string unitMeasureCode = CommonLogic.QueryStringCanBeDangerousContent("UnitMeasureCode");
if (unitMeasureCode.IsNullOrEmptyTrimmed())
{
unitMeasureCode = CommonLogic.FormCanBeDangerousContent("UnitMeasureCode");
}
if (unitMeasureCode.IsNullOrEmptyTrimmed())
{
unitMeasureCode = defaultUnitMeasure;
}
// check if the unit measure is default so that we won't have to check
// if the unit measure specified is valid...
if (false.Equals(unitMeasureCode.Equals(defaultUnitMeasure, StringComparison.InvariantCultureIgnoreCase)))
{
bool isValidUnitMeasureForThisItem = false;
using (var con = DB.NewSqlConnection())
{
con.Open();
using (var reader = DB.GetRSFormat(con, "SELECT UnitMeasureCode FROM InventoryUnitMeasure with (NOLOCK) WHERE ItemCode= {0} AND UnitMeasureCode = {1}", DB.SQuote(itemCode), DB.SQuote(unitMeasureCode)))
{
isValidUnitMeasureForThisItem = reader.Read();
if (isValidUnitMeasureForThisItem)
{
// maybe mixed case specified, just set..
unitMeasureCode = DB.RSField(reader, "UnitMeasureCode");
}
}
}
if (!isValidUnitMeasureForThisItem)
{
GoNextPage(context);
}
}
decimal Quantity = CommonLogic.FormLocaleDecimal("Quantity", ThisCustomer.LocaleSetting);//CommonLogic.QueryStringUSDecimal("Quantity");
if (Quantity == 0)
{
Quantity = CommonLogic.FormNativeDecimal("Quantity");
}
if (Quantity == 0)
{
Quantity = 1;
}
Quantity = CommonLogic.RoundQuantity(Quantity);
// Now let's check the shipping address if valid if specified
if (ShippingAddressID != ThisCustomer.PrimaryShippingAddressID)
{
if (ThisCustomer.IsRegistered)
{
bool shippingAddressIsValidForThisCustomer = false;
using (var con = DB.NewSqlConnection())
{
con.Open();
using (var reader = DB.GetRSFormat(con, "SELECT ShipToCode FROM CustomerShipTo with (NOLOCK) WHERE CustomerCode = {0} AND IsActive = 1 AND ShipToCode = {1}", DB.SQuote(ThisCustomer.CustomerCode), DB.SQuote(ShippingAddressID)))
{
shippingAddressIsValidForThisCustomer = reader.Read();
if (shippingAddressIsValidForThisCustomer)
{
// maybe mixed case, just set...
ShippingAddressID = DB.RSField(reader, "ShipToCode");
}
}
}
if (!shippingAddressIsValidForThisCustomer)
{
GoNextPage(context);
}
}
else
{
ShippingAddressID = ThisCustomer.PrimaryShippingAddressID;
}
}
var CartType = CartTypeEnum.ShoppingCart;
if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1)
{
CartType = CartTypeEnum.WishCart;
}
var giftRegistryItemType = GiftRegistryItemType.vItem;
if (CommonLogic.FormNativeInt("IsAddToGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsAddToGiftRegistry") == 1)
{
CartType = CartTypeEnum.GiftRegistryCart;
}
if (CommonLogic.FormNativeInt("IsAddToGiftRegistryOption") == 1 || CommonLogic.QueryStringUSInt("IsAddToGiftRegistryOption") == 1)
{
CartType = CartTypeEnum.GiftRegistryCart;
giftRegistryItemType = GiftRegistryItemType.vOption;
}
ShoppingCart cart = null;
bool itemIsARegistryItem = false;
if (!itemCode.IsNullOrEmptyTrimmed())
{
#region " --GIFTREGISTRY-- "
if (CartType == CartTypeEnum.GiftRegistryCart)
{
Guid?registryID = CommonLogic.FormCanBeDangerousContent("giftregistryOptions").TryParseGuid();
if (registryID.HasValue)
{
var selectedGiftRegistry = ThisCustomer.GiftRegistries.FindFromDb(registryID.Value);
if (selectedGiftRegistry != null)
{
bool isKit = AppLogic.IsAKit(itemCode);
KitComposition preferredComposition = null;
GiftRegistryItem registryItem = null;
if (isKit)
{
preferredComposition = KitComposition.FromForm(ThisCustomer, itemCode);
var registrytems = selectedGiftRegistry.GiftRegistryItems.Where(giftItem => giftItem.ItemCode == itemCode &&
giftItem.GiftRegistryItemType == giftRegistryItemType);
Guid?matchedRegitryItemCode = null;
//Do this routine to check if there are kit items
//matched the selected kit items from the cart in the registry items
foreach (var regitm in registrytems)
{
regitm.IsKit = true;
var compositionItems = regitm.GetKitItemsFromComposition();
if (compositionItems.Count() == 0)
{
continue;
}
var arrItemCodes = compositionItems.Select(item => item.ItemCode)
.ToArray();
var preferredItemCodes = preferredComposition.Compositions.Select(kititem => kititem.ItemCode);
var lst = arrItemCodes.Except(preferredItemCodes);
//has match
if (lst.Count() == 0)
{
matchedRegitryItemCode = regitm.RegistryItemCode;
break;
}
}
if (matchedRegitryItemCode.HasValue)
{
registryItem = selectedGiftRegistry.GiftRegistryItems.FirstOrDefault(giftItem => giftItem.RegistryItemCode == matchedRegitryItemCode);
}
}
//if not kit item get the item as is
if (registryItem == null && !isKit)
{
registryItem = selectedGiftRegistry.GiftRegistryItems.FirstOrDefault(giftItem => giftItem.ItemCode == itemCode &&
giftItem.GiftRegistryItemType == giftRegistryItemType);
}
if (registryItem != null)
{
registryItem.Quantity += Quantity;
registryItem.UnitMeasureCode = unitMeasureCode;
selectedGiftRegistry.GiftRegistryItems.UpdateToDb(registryItem);
}
else
{
registryItem = new GiftRegistryItem()
{
GiftRegistryItemType = giftRegistryItemType,
RegistryItemCode = Guid.NewGuid(),
ItemCode = itemCode,
Quantity = Quantity,
RegistryID = registryID.Value,
UnitMeasureCode = unitMeasureCode
};
selectedGiftRegistry.GiftRegistryItems.AddToDb(registryItem);
}
if (isKit && preferredComposition != null)
{
registryItem.ClearKitItemsFromComposition();
preferredComposition.AddToGiftRegistry(registryID.Value, registryItem.RegistryItemCode);
}
HttpContext.Current.Response.Redirect(string.Format("~/editgiftregistry.aspx?{0}={1}", DomainConstants.GIFTREGISTRYPARAMCHAR, registryID.Value));
}
}
GoNextPage(context);
}
#endregion
CartRegistryParam registryCartParam = null;
if (AppLogic.AppConfigBool("GiftRegistry.Enabled"))
{
registryCartParam = new CartRegistryParam()
{
RegistryID = CommonLogic.FormGuid("RegistryID"),
RegistryItemCode = CommonLogic.FormGuid("RegistryItemCode")
};
}
if (registryCartParam != null && registryCartParam.RegistryID.HasValue && registryCartParam.RegistryItemCode.HasValue)
{
ShippingAddressID = GiftRegistryDA.GetPrimaryShippingAddressCodeOfOwnerByRegistryID(registryCartParam.RegistryID.Value);
itemIsARegistryItem = true;
}
cart = new ShoppingCart(null, 1, ThisCustomer, CartType, string.Empty, false, true, string.Empty);
if (Quantity > 0)
{
if (AppLogic.IsAKit(itemCode))
{
var preferredComposition = KitComposition.FromForm(ThisCustomer, CartType, itemCode);
if (preferredComposition == null)
{
int itemCounter = 0;
int.TryParse(ProductID, out itemCounter);
var kitData = KitItemData.GetKitComposition(ThisCustomer, itemCounter, itemCode);
var kitContents = new StringBuilder();
foreach (var kitGroup in kitData.Groups)
{
if (kitContents.Length > 0)
{
kitContents.Append(",");
}
var selectedItems = new StringBuilder();
int kitGroupCounter = kitGroup.Id;
var selectedKitItems = kitGroup.Items.Where(i => i.IsSelected == true);
foreach (var item in selectedKitItems)
{
if (selectedItems.Length > 0)
{
selectedItems.Append(",");
}
//note: since we are adding the kit counter and kit item counter in KitItemData.GetKitComposition (stored proc. EcommerceGetKitItems)
//as "kit item counter", we'll reverse the process in order to get the "real kit item counter"
int kitItemCounter = item.Id - itemCounter;
selectedItems.Append(kitGroupCounter.ToString() + DomainConstants.KITCOMPOSITION_DELIMITER + kitItemCounter.ToString());
}
kitContents.Append(selectedItems.ToString());
}
preferredComposition = KitComposition.FromComposition(kitContents.ToString(), ThisCustomer, CartType, itemCode);
}
preferredComposition.PricingType = CommonLogic.FormCanBeDangerousContent("KitPricingType");
if (CommonLogic.FormBool("IsEditKit") &&
!CommonLogic.IsStringNullOrEmpty(CommonLogic.FormCanBeDangerousContent("KitCartID")) &&
InterpriseHelper.IsValidGuid(CommonLogic.FormCanBeDangerousContent("KitCartID")))
{
Guid cartID = new Guid(CommonLogic.FormCanBeDangerousContent("KitCartID"));
preferredComposition.CartID = cartID;
}
cart.AddItem(ThisCustomer, ShippingAddressID, itemCode, int.Parse(ProductID), Quantity, unitMeasureCode, CartType, preferredComposition, registryCartParam);
}
else
{
cart.AddItem(ThisCustomer, ShippingAddressID, itemCode, int.Parse(ProductID), Quantity, unitMeasureCode, CartType, null, registryCartParam);
}
}
string RelatedProducts = CommonLogic.QueryStringCanBeDangerousContent("relatedproducts").Trim();
string UpsellProducts = CommonLogic.FormCanBeDangerousContent("UpsellProducts").Trim();
string combined = string.Concat(RelatedProducts, UpsellProducts);
if (combined.Length != 0 && CartType == CartTypeEnum.ShoppingCart)
{
string[] arrUpsell = combined.Split(',');
foreach (string s in arrUpsell)
{
string PID = s.Trim();
if (PID.Length == 0)
{
continue;
}
int UpsellProductID;
try
{
UpsellProductID = Localization.ParseUSInt(PID);
if (UpsellProductID != 0)
{
string ItemCode = InterpriseHelper.GetInventoryItemCode(UpsellProductID);
string itemUnitMeasure = string.Empty;
using (var con = DB.NewSqlConnection())
{
con.Open();
using (var reader = DB.GetRSFormat(con, "SELECT ium.UnitMeasureCode FROM InventoryItem i with (NOLOCK) INNER JOIN InventoryUnitMeasure ium with (NOLOCK) ON i.ItemCode = ium.ItemCode AND IsBase = 1 WHERE i.ItemCode = {0}", DB.SQuote(ItemCode)))
{
if (reader.Read())
{
itemUnitMeasure = DB.RSField(reader, "UnitMeasureCode");
}
}
}
cart.AddItem(ThisCustomer, ShippingAddressID, ItemCode, UpsellProductID, 1, itemUnitMeasure, CartType);
}
}
catch { }
}
}
}
GoNextPage(context, itemIsARegistryItem, CartType, ThisCustomer);
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
ProductID = CommonLogic.QueryStringUSInt("ProductID");
VariantID = CommonLogic.QueryStringUSInt("VariantID");
TheSize = CommonLogic.QueryStringCanBeDangerousContent("Size");
if (TheSize.Length == 0)
{
TheSize = "medium";
}
if (VariantID == 0)
{
VariantID = AppLogic.GetDefaultProductVariant(ProductID);
}
if (CommonLogic.FormBool("IsSubmit"))
{
var FN = ProductID.ToString();
if (AppLogic.AppConfigBool("UseSKUForProductImageName"))
{
using (var dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (var rs = DB.GetRS("select SKU from product with (NOLOCK) where productid=" + ProductID.ToString(), dbconn))
{
if (rs.Read())
{
var SKU = DB.RSField(rs, "SKU").Trim();
if (SKU.Length != 0)
{
FN = SKU;
}
}
}
}
}
try
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
String FieldName = Request.Form.Keys[i];
if (FieldName.IndexOf("Key_") != -1)
{
String KeyVal = CommonLogic.FormCanBeDangerousContent(FieldName);
// this field should be processed
String[] KeyValSplit = KeyVal.Split('|');
int TheFieldID = Localization.ParseUSInt(KeyValSplit[0]);
int TheProductID = Localization.ParseUSInt(KeyValSplit[1]);
int TheVariantID = Localization.ParseUSInt(KeyValSplit[2]);
String ImageNumber = AppLogic.CleanSizeColorOption(KeyValSplit[3]);
String Color = AppLogic.CleanSizeColorOption(HttpContext.Current.Server.UrlDecode(KeyValSplit[4]));
String SafeColor = CommonLogic.MakeSafeFilesystemName(Color);
bool DeleteIt = (CommonLogic.FormCanBeDangerousContent("Delete_" + TheFieldID.ToString()).Length != 0);
if (DeleteIt)
{
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png");
System.IO.File.Delete(AppLogic.GetImagePath("Product", "micro", true) + FN + "_" + ImageNumber.ToLowerInvariant() + ".jpg");
}
String Image2 = String.Empty;
String TempImage2 = String.Empty;
String ContentType = String.Empty;
HttpPostedFile Image2File = Request.Files["Image" + TheFieldID.ToString()];
if (Image2File.ContentLength != 0)
{
// delete any current image file first
try
{
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif");
System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png");
}
catch
{ }
String s = Image2File.ContentType;
switch (Image2File.ContentType)
{
case "image/gif":
TempImage2 = AppLogic.GetImagePath("Product", TheSize, true) + "tmp_" + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif";
Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif";
Image2File.SaveAs(TempImage2);
ImageResize.ResizeEntityOrObject("Product", TempImage2, Image2, TheSize, "image/gif");
ContentType = "image/gif";
break;
case "image/x-png":
case "image/png":
TempImage2 = AppLogic.GetImagePath("Product", TheSize, true) + "tmp_" + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png";
Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png";
Image2File.SaveAs(TempImage2);
ImageResize.ResizeEntityOrObject("Product", TempImage2, Image2, TheSize, "image/png");
ContentType = "image/png";
break;
case "image/jpg":
case "image/jpeg":
case "image/pjpeg":
TempImage2 = AppLogic.GetImagePath("Product", TheSize, true) + "tmp_" + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg";
Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg";
Image2File.SaveAs(TempImage2);
ImageResize.ResizeEntityOrObject("Product", TempImage2, Image2, TheSize, "image/jpeg");
ContentType = "image/jpeg";
break;
}
// lets try and create the other multi images if using the large multi image manager
if (TheSize == "large")
{
ImageResize.MakeOtherMultis(FN, ImageNumber, SafeColor, TempImage2, ContentType);
}
else if (AppLogic.AppConfigBool("MultiMakesMicros") && TheSize == "medium" && SafeColor == "")
{
// lets create micro images if using the medium multi image manager
// since the medium icons are what show on the product pages
ImageResize.MakeMicroPic(FN, TempImage2, ImageNumber);
}
// delete the temp image
ImageResize.DisposeOfTempImage(TempImage2);
}
}
}
ctrlAlertMessage.PushAlertMessage(AppLogic.GetString("admin.common.ItemUpdated", SkinID, LocaleSetting), AlertMessage.AlertType.Success);
}
catch (Exception ex)
{
ctrlAlertMessage.PushAlertMessage(CommonLogic.GetExceptionDetail(ex, "<br/>"), AlertMessage.AlertType.Error);
}
String variantColors = String.Empty;
using (var dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (var rsColors = DB.GetRS("select Colors from productvariant with (NOLOCK) where VariantID=" + VariantID.ToString(), dbconn))
{
if (rsColors.Read())
{
variantColors = DB.RSFieldByLocale(rsColors, "Colors", Localization.GetDefaultLocale());
}
}
}
}
this.LoadData();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
/****************************************************************************/
// * WARNING TO DEVELOPERS
// * The redirect below is a SAFETY feature. Removing the redirect will not
// * enable ML-only features on a lower version of AspDotNetStorefront.
// * Attempting to do so can very easily result in a partially implemented
// * feature, invalid or incomplete data in your DB, and other serious
// * conditions that will cause your store to be non-functional.
// *
// * If you break your store attempting to enable ML-only features in PRO or
// * Standard, our staff cannot help you fix it, and it will also invalidate
// * your AspDotNetStorefront License.
/***************************************************************************/
if (AppLogic.ProductIsMLExpress())
{
Response.Redirect(AppLogic.AdminLinkUrl("restrictedfeature.aspx"));
}
CustomerLevelID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID") != "0")
{
Editing = true;
CustomerLevelID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
if (ErrorMsg.Length == 0)
{
StringBuilder sql = new StringBuilder(2500);
if (!Editing)
{
// ok to add them:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into CustomerLevel(CustomerLevelGUID,Name,LevelDiscountPercent,LevelDiscountAmount,LevelHasFreeShipping,LevelAllowsQuantityDiscounts,LevelAllowsPO,LevelHasNoTax,LevelAllowsCoupons,LevelDiscountsApplyToExtendedPrices) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append(Localization.DecimalStringForDB(CommonLogic.FormUSDecimal("LevelDiscountPercent")) + ",");
sql.Append(Localization.CurrencyStringForDBWithoutExchangeRate(CommonLogic.FormUSDecimal("LevelDiscountAmount")) + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices"));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select CustomerLevelID from CustomerLevel with (NOLOCK) where deleted=0 and CustomerLevelGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
CustomerLevelID = DB.RSFieldInt(rs, "CustomerLevelID");
Editing = true;
}
}
DataUpdated = true;
Response.Redirect("customerlevels.aspx", true);
}
else
{
// ok to update:
sql.Append("update CustomerLevel set ");
sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append("LevelDiscountPercent=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent")) + ",");
sql.Append("LevelDiscountAmount=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount")) + ",");
sql.Append("LevelHasFreeShipping=" + CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ",");
sql.Append("LevelAllowsQuantityDiscounts=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ",");
sql.Append("LevelAllowsPO=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ",");
sql.Append("LevelHasNoTax=" + CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ",");
sql.Append("LevelAllowsCoupons=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ",");
sql.Append("LevelDiscountsApplyToExtendedPrices=" + CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices"));
sql.Append(" where CustomerLevelID=" + CustomerLevelID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("CustomerLevels.aspx") + "\">CustomerLevels</a> - Manage Customer Levels";
Render();
}
protected void Page_Load(object sender, System.EventArgs e)
{
StringBuilder writer = new StringBuilder();
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
int ONX = CommonLogic.QueryStringUSInt("OrderNumber");
Customer ThisCustomer = Context.GetCustomer();
int OrderCustomerID = 0;
String OriginalTransactionID = String.Empty;
String PM = String.Empty;
using (var dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (var rs = DB.GetRS(String.Format("select CustomerID,AuthorizationPNREF,PaymentMethod from Orders with (NOLOCK) where OrderNumber={0}", ONX.ToString()), dbconn))
{
if (rs.Read())
{
OrderCustomerID = DB.RSFieldInt(rs, "CustomerID");
OriginalTransactionID = DB.RSField(rs, "AuthorizationPNREF");
PM = AppLogic.CleanPaymentMethod(DB.RSField(rs, "PaymentMethod"));
}
}
}
Customer OrderCustomer = new Customer(OrderCustomerID, true);
String GW = AppLogic.ActivePaymentGatewayCleaned();
if (PM == AppLogic.ro_PMPayPalExpress)
{
GW = Gateway.ro_GWPAYPAL;
}
bool GatewayRequiresCC = GatewayLoader.GetProcessor(GW).RequiresCCForFurtherProcessing();
writer.Append("<div class=\"white-ui-box\">");
if (!ThisCustomer.IsAdminUser)
{
writer.Append("<b><font color=red>" + AppLogic.GetString("admin.common.PermissionDeniedUC", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</b></font>");
}
else
{
if (ONX == 0 || OrderCustomerID == 0)
{
writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.1", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>");
writer.Append("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>");
}
else
{
Address BillingAddress = new Address();
BillingAddress.LoadFromDB(OrderCustomer.PrimaryBillingAddressID);
if (CommonLogic.FormBool("IsSubmit") && CommonLogic.FormCanBeDangerousContent("OrderTotal").Trim().Length != 0)
{
Decimal OrderTotal = CommonLogic.FormNativeDecimal("OrderTotal");
String OrderDescription = CommonLogic.FormCanBeDangerousContent("Description");
AppLogic.TransactionTypeEnum OrderType = (AppLogic.TransactionTypeEnum)Enum.Parse(typeof(AppLogic.TransactionTypeEnum), CommonLogic.FormCanBeDangerousContent("OrderType"), true);
int NewOrderNumber = 0;
if (OrderType == AppLogic.TransactionTypeEnum.CHARGE)
{
if (CommonLogic.FormCanBeDangerousContent("CardNumber").Length < 4)
{
Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard.Success", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID));
}
else
{
Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard.Success", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length - 4).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID));
}
}
// use the billing info in the form, as the store admin may have overridden what was in the db
// NOTE: we are NOT going to save this new updated billing info however, it is really up to the customer
// to change their billing info, or the store admin should edit their billing address in the customers account page area
BillingAddress.CardName = CommonLogic.FormCanBeDangerousContent("CardName");
// NOTE, this could be last4 at this point!! not a full CC #! that is ok, as this address will never be stored to the db anyway!
BillingAddress.CardNumber = CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "");
BillingAddress.CardType = CommonLogic.FormCanBeDangerousContent("CardType");
BillingAddress.CardExpirationMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth");
BillingAddress.CardExpirationYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear");
BillingAddress.CardStartDate = CommonLogic.FormCanBeDangerousContent("CardStartDate").Trim().Replace(" ", "").Replace("/", "").Replace("\\", "");
BillingAddress.CardIssueNumber = CommonLogic.FormCanBeDangerousContent("CardIssueNumber");
String CardExtraCode = CommonLogic.FormCanBeDangerousContent("CardExtraCode");
String Status = Gateway.MakeAdHocOrder(AppLogic.ActivePaymentGatewayCleaned(), ONX, OriginalTransactionID, OrderCustomer, BillingAddress, CardExtraCode, OrderTotal, OrderType, OrderDescription, out NewOrderNumber);
//PABP Required cleanup of in-memory objects
CardExtraCode = "11111";
CardExtraCode = "00000";
CardExtraCode = "11111";
CardExtraCode = String.Empty;
if (Status == AppLogic.ro_OK)
{
Response.Redirect(AppLogic.AdminLinkUrl("adhocchargecomplete.aspx") + "?ordernumber=" + NewOrderNumber.ToString());
}
else
{
Response.Write("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.3", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "<br/>" + Status + "</div>");
}
Response.Write("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>");
}
else
{
writer.Append("<script type=\"text/javascript\">\n");
writer.Append("var GatewayRequiresCC=" + CommonLogic.IIF(GatewayRequiresCC, "1", "0") + ";\n");
writer.Append("function getSelectedRadio(buttonGroup) {\n");
writer.Append(" // returns the array number of the selected radio button or -1 if no button is selected\n");
writer.Append(" if (buttonGroup[0]) { // if the button group is an array (one button is not an array)\n");
writer.Append(" for (var i=0; i<buttonGroup.length; i++) {\n");
writer.Append(" if (buttonGroup[i].checked) {\n");
writer.Append(" return i\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" } else {\n");
writer.Append(" if (buttonGroup.checked) { return 0; } // if the one button is checked, return zero\n");
writer.Append(" }\n");
writer.Append(" // if we get to this point, no radio button is selected\n");
writer.Append(" return -1;\n");
writer.Append("}");
writer.Append("\n");
writer.Append("function getSelectedRadioValue(buttonGroup) {\n");
writer.Append(" // returns the value of the selected radio button or '' if no button is selected\n");
writer.Append(" var i = getSelectedRadio(buttonGroup);\n");
writer.Append(" if (i == -1) {\n");
writer.Append(" return '';\n");
writer.Append(" } else {\n");
writer.Append(" if (buttonGroup[i]) { // Make sure the button group is an array (not just one button)\n");
writer.Append(" return buttonGroup[i].value;\n");
writer.Append(" } else { // The button group is just the one button, and it is checked\n");
writer.Append(" return buttonGroup.value;\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append("}");
writer.Append("\n");
writer.Append("function AdHocOrderTypeChanged()\n");
writer.Append("{\n");
writer.Append(" if(GatewayRequiresCC == 1 || getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "')\n");
writer.Append(" {\n");
writer.Append(" CCDiv.style.display = 'block';\n");
writer.Append(" }\n");
writer.Append(" else\n");
writer.Append(" {\n");
writer.Append(" CCDiv.style.display = 'none';\n");
writer.Append(" }\n");
writer.Append("}\n");
writer.Append("function AdHocChargeOrRefundForm_Validator(theForm)\n");
writer.Append("{\n");
writer.Append(" submitonce(theForm);\n");
writer.Append(" if(theForm.Description.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.4", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n");
writer.Append(" theForm.Description.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if((getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "') || (GatewayRequiresCC == 1 && getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "'))\n");
writer.Append(" {\n");
writer.Append(" if(theForm.CardName.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Name On Card") + "');\n");
writer.Append(" theForm.CardName.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardNumber.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Number") + "');\n");
writer.Append(" theForm.CardNumber.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(isNaN(theForm.CardNumber.value))\n");
writer.Append(" {\n");
writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.28", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n");
writer.Append(" theForm.CardNumber.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardExpirationMonth.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Month") + "');\n");
writer.Append(" theForm.CardExpirationMonth.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardExpirationYear.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Year") + "');\n");
writer.Append(" theForm.CardExpirationYear.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardType.selectedIndex < 1)\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Type") + "');\n");
writer.Append(" theForm.CardType.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (true);\n");
writer.Append("}\n");
writer.Append("</script>\n");
writer.Append(String.Format(AppLogic.GetString("adhoccharge.aspx.5", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), ONX.ToString()));
writer.Append("<p>" + AppLogic.GetString("adhoccharge.aspx.6", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</p>");
String CNM = BillingAddress.CardName;
String CN = BillingAddress.CardNumber;
String Last4 = String.Empty;
String CExpMonth = BillingAddress.CardExpirationMonth;
String CExpYear = BillingAddress.CardExpirationYear;
String CardType = BillingAddress.CardType;
if (CN.Length == 0)
{
// try to pull it from order record:
using (var dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (var rs2 = DB.GetRS(String.Format("SELECT CardNumber, CardName, Last4, CardExpirationMonth, CardExpirationYear, CardNumber, CardType, {0} FROM Orders WHERE OrderNumber = {1}", AppLogic.AppConfig("OrdersCCSaltField"), ONX), dbconn))
{
if (rs2.Read())
{
CN = DB.RSField(rs2, "CardNumber");
CNM = DB.RSField(rs2, "CardName");
Last4 = DB.RSField(rs2, "Last4");
CExpMonth = DB.RSField(rs2, "CardExpirationMonth");
CExpYear = DB.RSField(rs2, "CardExpirationYear");
CN = DB.RSField(rs2, "CardNumber");
CN = Security.UnmungeString(CN, DB.RSField(rs2, AppLogic.AppConfig("OrdersCCSaltField")));
if (CN.StartsWith(Security.ro_DecryptFailedPrefix, StringComparison.InvariantCultureIgnoreCase))
{
CN = DB.RSField(rs2, "CardNumber");
}
CardType = DB.RSField(rs2, "CardType");
}
}
}
}
if (AppLogic.AppConfigBool("StoreCCInDB") && OrderCustomer.StoreCCInDB && CN.Length > 0)
{
Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard.Success", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CN.Replace("*", "").Substring(CN.Replace("*", "").Length - 4).PadLeft(CN.Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID));
}
if (GatewayRequiresCC)
{
writer.Append("<div class=\"alert alert-info\">" + AppLogic.GetString("adhoccharge.aspx.11", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>");
}
else
{
writer.Append("<div class=\"alert alert-info\">" + AppLogic.GetString("adhoccharge.aspx.12", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>");
}
if (!OrderCustomer.StoreCCInDB)
{
writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.13", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>");
}
if (CN.Length == 0 || CN == AppLogic.ro_CCNotStoredString)
{
writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.14", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>");
}
if (OrderCustomer.PrimaryBillingAddressID == 0)
{
writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.7", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>");
}
else if (CN.Length == 0 && Last4.Length == 0 && GW != Gateway.ro_GWPAYPAL)
{
writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.8", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>");
}
else
{
if (CommonLogic.FormBool("IsSubmit") && CommonLogic.FormCanBeDangerousContent("OrderTotal").Trim().Length == 0)
{
writer.Append("<div class=\"alert alert-danger\">Please enter a valid charge amount</div>\n");
}
writer.Append("<form id=\"AdHocChargeOrRefundForm\" name=\"AdHocChargeOrRefundForm\" method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("adhoccharge.aspx") + "?OrderNumber=" + ONX.ToString() + "\" >");
writer.Append(" <div class=\"item-action-bar\">");
writer.Append(" <input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B2\" onClick=\"javascript:self.close()\" class=\"btn btn-default\">");
writer.Append(" <input type=\"submit\" value=\"" + AppLogic.GetString("adhoccharge.aspx.21", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B1\" class=\"btn btn-primary\">");
writer.Append(" </div>");
writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n");
writer.Append("<table class=\"table\">");
writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.9", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OriginalTransactionID.ToString() + "</td></tr>");
writer.Append("<tr><td>" + AppLogic.GetString("admin.label.CustomerID", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.CustomerID.ToString() + "</td></tr>");
writer.Append("<tr><td>" + AppLogic.GetString("admin.label.CustomerName", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.FullName() + "</td></tr>");
writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.27", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + BillingAddress.Phone + "</td></tr>");
writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.16", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>");
writer.Append("<input onClick=\"AdHocOrderTypeChanged()\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "\" id=\"ChargeOrderType\" name=\"OrderType\">" + AppLogic.GetString("adhoccharge.aspx.17", ThisCustomer.SkinID, ThisCustomer.LocaleSetting));
writer.Append(" ");
writer.Append("<input onClick=\"AdHocOrderTypeChanged()\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "\" id=\"RefundOrderType\" name=\"OrderType\" checked>" + AppLogic.GetString("adhoccharge.aspx.18", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>");
writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.19", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" name=\"OrderTotal\" size=\"7\"><input type=\"hidden\" name=\"OrderTotal_vldt\" value=\"[req][number][blankalert=" + AppLogic.GetString("adhoccharge.aspx.26", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "][invalidalert=" + AppLogic.GetString("admin.common.ValidDollarAmountPrompt", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "]\"> (xx.xx format)</td></tr>");
writer.Append("<tr><td colspan=\"2\">");
writer.Append("<div id=\"CCDiv\" name=\"CCDiv\" style=\"display:" + CommonLogic.IIF(GatewayRequiresCC, "block", "none") + ";\">");
writer.Append("<table class=\"table\">");
writer.Append("<tr>");
writer.Append("<td align=\"right\">" + AppLogic.GetString("address.cs.31", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td>");
writer.Append("<td>\n");
writer.Append("<select size=\"1\" name=\"CardType\" id=\"CardType\">");
writer.Append("<option value=\"\">" + AppLogic.GetString("address.cs.32", ThisCustomer.SkinID, ThisCustomer.LocaleSetting));
using (var dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (var rsCard = DB.GetRS("select * from creditcardtype with (NOLOCK) where Accepted=1 order by CardType", dbconn))
{
while (rsCard.Read())
{
writer.Append("<option value=\"" + DB.RSField(rsCard, "CardType") + "\" " + CommonLogic.IIF(CardType == DB.RSField(rsCard, "CardType"), " selected ", "") + ">" + DB.RSField(rsCard, "CardType") + "</option>\n");
}
}
}
writer.Append("</select>\n");
writer.Append("</td>");
writer.Append("</tr>");
writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.10", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"100\" type=\"text\" name=\"CardName\" id=\"CardName\" value=\"" + CNM + "\"></td></tr>");
writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.24", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"19\" type=\"text\" autocomplete=\"off\" name=\"CardNumber\" id=\"CardNumber\" value=\"" + CN + "\"> " + String.Format(AppLogic.GetString("admin.adhoccharge.OriginalOrderLastFour", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), Last4) + ")</td></tr>");
writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.15", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"4\" maxlength=\"4\" type=\"text\" autocomplete=\"off\" name=\"CardExtraCode\" id=\"CardExtraCode\">");
writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.25", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" size=\"2\" maxlength=\"2\" name=\"CardExpirationMonth\" id=\"CardExpirationMonth\" value=\"" + CExpMonth + "\"> / <input size=\"4\" maxlength=\"4\" type=\"text\" name=\"CardExpirationYear\" id=\"CardExpirationYear\" value=\"" + CExpYear + "\"> (MM/YYYY)</td></tr>");
if (AppLogic.AppConfigBool("ShowCardStartDateFields"))
{
writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("address.cs.59", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardStartDate\" id=\"CardStartDate\" size=\"5\" maxlength=\"20\"> " + AppLogic.GetString("address.cs.64", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>");
writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("address.cs.61", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardIssueNumber\" id=\"CardIssueNumber\" size=\"25\" maxlength=\"25\"> " + AppLogic.GetString("address.cs.63", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>");
}
writer.Append("</table>");
writer.Append("</div>");
writer.Append("</td></tr>");
writer.Append("</table>");
writer.Append(" <p>" + AppLogic.GetString("adhoccharge.aspx.20", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </p>");
writer.Append(" <p><textarea class=\"text-multiline\" id=\"Description\" name=\"Description\" style=\"width: 90%\"></textarea></p>");
writer.Append(" <div class=\"item-action-bar\">");
writer.Append(" <input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B2\" onClick=\"javascript:self.close()\" class=\"btn btn-default\">");
writer.Append(" <input type=\"submit\" value=\"" + AppLogic.GetString("adhoccharge.aspx.21", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B1\" onClick=\"return AdHocChargeOrRefundForm_Validator(this.form);\" class=\"btn btn-primary\">");
writer.Append(" </div>");
writer.Append("</form>");
}
}
}
}
writer.Append("</div>");
ltContent.Text = writer.ToString();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
ShippingZoneID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID") != "0")
{
Editing = true;
ShippingZoneID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
StringBuilder sql = new StringBuilder(2500);
string sZipCodesWithoutSpace = CleanZipCodes(CommonLogic.FormCanBeDangerousContent("ZipCodes"));
int countryID = CommonLogic.FormNativeInt("hfAddressCountry");
bool zipCodeEntryValid = ValidateZipCodes(sZipCodesWithoutSpace, countryID);
if (zipCodeEntryValid)
{
if (!Editing)
{
// ok to add:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into shippingZone(ShippingZoneGUID,Name,ZipCodes, CountryID) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append(DB.SQuote(sZipCodesWithoutSpace) + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("hfAddressCountry"));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select ShippingZoneID from shippingZone with (NOLOCK) where deleted=0 and ShippingZoneGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
ShippingZoneID = DB.RSFieldInt(rs, "ShippingZoneID");
Editing = true;
}
}
DataUpdated = true;
Response.Redirect("shippingzones.aspx", true);
}
else
{
int ZoneCountryID;
if (!int.TryParse(CommonLogic.FormCanBeDangerousContent("hfAddressCountry"), out ZoneCountryID))
{
ZoneCountryID = usCountryExist;
}
// ok to update:
sql.Append("update shippingZone set ");
sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append("ZipCodes=" + DB.SQuote(Regex.Replace(CommonLogic.FormCanBeDangerousContent("ZipCodes"), "\\s+", "", RegexOptions.Compiled)) + ",");
sql.Append("CountryID=" + ZoneCountryID);
sql.Append(" where ShippingZoneID=" + ShippingZoneID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
else
{
Editing = true;
DataUpdated = false;
string exampleFormat = AppLogic.GetCountryPostalExample(countryID);
ErrorMsg = string.Format(AppLogic.GetString("admin.editshippingzone.EnterZipCodes", SkinID, LocaleSetting), exampleFormat);
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("shippingzones.aspx") + "\">" + AppLogic.GetString("admin.menu.ShippingZones", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editshippingzone.ManageShippingZones", SkinID, LocaleSetting) + "";
RenderHtml();
}
private void RenderHtml()
{
StringBuilder writer = new StringBuilder();
int PollID = CommonLogic.QueryStringUSInt("PollID");
if (PollID == 0)
{
Response.Redirect(AppLogic.AdminLinkUrl("polls.aspx"));
}
String PollName = AppLogic.GetPollName(PollID, LocaleSetting);
if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0)
{
// delete the mfg:
DB.ExecuteSQL("update PollAnswer set deleted=1 where PollAnswerID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID"));
}
if (CommonLogic.FormBool("IsSubmit"))
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int PollAnswerID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch {}
DB.ExecuteSQL("update PollAnswer set DisplayOrder=" + DispOrd.ToString() + " where PollAnswerID=" + PollAnswerID.ToString());
}
}
}
writer.Append("<p align=\"left\"" + String.Format(AppLogic.GetString("admin.pollanswers.EditinAnswers", SkinID, LocaleSetting), AppLogic.AdminLinkUrl("editpolls.aspx"), PollID.ToString(), PollName, PollID.ToString()) + "</p>\n");
writer.Append("<form id=\"Form1\" name=\"Form1\" method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("pollanswers.aspx") + "?Pollid=" + PollID.ToString() + "\">\n");
writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n");
writer.Append(" <table border=\"0\" cellpadding=\"0\" border=\"0\" cellspacing=\"0\" width=\"100%\">\n");
writer.Append(" <tr class=\"table-header\">\n");
writer.Append(" <td><b>ID</b></td>\n");
writer.Append(" <td><b>Answer</b></td>\n");
writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.DisplayOrder", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" </tr>\n");
int counter = 0;
using (SqlConnection conn = DB.dbConn())
{
conn.Open();
using (IDataReader rs = DB.GetRS("select * from PollAnswer with (NOLOCK) where deleted=0 and PollID=" + PollID.ToString() + " order by DisplayOrder,Name", conn))
{
while (rs.Read())
{
if (counter % 2 == 0)
{
writer.Append(" <tr class=\"table-row2\">\n");
}
else
{
writer.Append(" <tr class=\"table-alternatingrow2\">\n");
}
writer.Append(" <td >" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "</td>\n");
writer.Append(" <td >");
writer.Append("<a href=\"" + AppLogic.AdminLinkUrl("editpollanswer.aspx") + "?Pollid=" + PollID.ToString() + "&PollAnswerid=" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\">" + CommonLogic.IIF(DB.RSFieldByLocale(rs, "Name", LocaleSetting).Length == 0, "(Unnamed Variant)", DB.RSFieldByLocale(rs, "Name", LocaleSetting)) + "</a>");
writer.Append("</td>\n");
writer.Append(" <td align=\"center\"><input size=2 type=\"text\" name=\"DisplayOrder_" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\" value=\"" + DB.RSFieldInt(rs, "DisplayOrder").ToString() + "\"></td>\n");
writer.Append(" <td align=\"center\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "\" name=\"Edit_" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpollanswer.aspx") + "?Pollid=" + PollID.ToString() + "&PollAnswerid=" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "'\"></td>\n");
writer.Append(" <td align=\"center\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\" onClick=\"DeleteAnswer(" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + ")\"></td>\n");
writer.Append(" </tr>\n");
counter++;
}
}
}
writer.Append(" <tr>\n");
writer.Append(" <td colspan=\"2\" align=\"left\"></td>\n");
writer.Append(" <td align=\"center\" ><input type=\"submit\" value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"Submit\" class=\"normalButtons\"></td>\n");
writer.Append(" <td colspan=\"2\"></td>\n");
writer.Append(" </tr>\n");
writer.Append(" <tr>\n");
writer.Append(" <td colspan=\"5\" height=5></td>\n");
writer.Append(" </tr>\n");
writer.Append(" </table>\n");
writer.Append(" <input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.pollanswers.AddNew", SkinID, LocaleSetting) + "\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpollanswer.aspx") + "?Pollid=" + PollID.ToString() + "';\">\n");
writer.Append("</form>\n");
writer.Append("<script type=\"text/javascript\">\n");
writer.Append("function DeleteAnswer(id)\n");
writer.Append("{\n");
writer.Append("if(confirm('" + AppLogic.GetString("admin.pollanswers.ConfirmDelete", SkinID, LocaleSetting) + "' + id))\n");
writer.Append("{\n");
writer.Append("self.location = '" + AppLogic.AdminLinkUrl("pollanswers.aspx") + "?Pollid=" + PollID.ToString() + "&deleteid=' + id;\n");
writer.Append("}\n");
writer.Append("}\n");
writer.Append("</SCRIPT>\n");
ltContent.Text = writer.ToString();
}
private void Render()
{
StringBuilder writer = new StringBuilder();
if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0)
{
// delete any images:
try
{
System.IO.File.Delete(AppLogic.GetImagePath("Gallery", "icon", true) + CommonLogic.QueryStringUSInt("DeleteID").ToString() + ".jpg");
System.IO.File.Delete(AppLogic.GetImagePath("Gallery", "icon", true) + CommonLogic.QueryStringUSInt("DeleteID").ToString() + ".png");
System.IO.File.Delete(AppLogic.GetImagePath("Gallery", "icon", true) + CommonLogic.QueryStringUSInt("DeleteID").ToString() + ".gif");
}
catch { }
// delete the gallery directory also!
String GalleryDirName = AppLogic.GetGalleryDir(CommonLogic.QueryStringUSInt("DeleteID"));
String SFP = CommonLogic.SafeMapPath("../images/spacer.gif").Replace("images\\spacer.gif", "images\\gallery") + "\\" + GalleryDirName;
try
{
if (Directory.Exists(SFP))
{
String[] files = Directory.GetFiles(SFP, "*.*");
foreach (String file in files)
{
System.IO.File.Delete(file);
}
Directory.Delete(SFP);
}
}
catch { }
// delete the gallery:
DB.ExecuteSQL("delete from gallery where GalleryID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID"));
}
if (CommonLogic.FormBool("IsSubmit"))
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int GalleryID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch { }
DB.ExecuteSQL("update gallery set DisplayOrder=" + DispOrd.ToString() + " where GalleryID=" + GalleryID.ToString());
}
}
}
writer.Append("<form method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("galleries.aspx") + "\">\n");
writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n");
writer.Append(" <table border=\"0\" cellpadding=\"2\" border=\"0\" cellspacing=\"1\" width=\"100%\">\n");
writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n");
writer.Append(" <td ><b>" + AppLogic.GetString("admin.common.ID", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td ><b>" + AppLogic.GetString("admin.editgallery.GalleryName", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td ><b>" + AppLogic.GetString("admin.galleries.GalleryURL", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.DisplayOrder", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.ManageImages", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "</b></td>\n");
writer.Append(" </tr>\n");
using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select * from gallery with (NOLOCK) where deleted=0 order by DisplayOrder,Name", dbconn))
{
while (rs.Read())
{
writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n");
writer.Append(" <td>" + DB.RSFieldInt(rs, "GalleryID").ToString() + "</td>\n");
writer.Append(" <td >");
String Image1URL = AppLogic.LookupImage("Gallery", DB.RSFieldInt(rs, "GalleryID"), "icon", SkinID, LocaleSetting);
if (Image1URL.Length != 0)
{
writer.Append("<a href=\"" + AppLogic.AdminLinkUrl("editGallery.aspx") + "?Galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\">");
writer.Append("<img src=\"" + Image1URL + "?" + CommonLogic.GetRandomNumber(1, 1000000).ToString() + "\" height=\"35\" border=\"0\" align=\"absmiddle\">");
writer.Append("</a> \n");
}
writer.Append(" <a href=\"" + AppLogic.AdminLinkUrl("editGallery.aspx") + "?Galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\">");
writer.Append(DB.RSFieldByLocale(rs, "Name", LocaleSetting));
writer.Append("</a>");
writer.Append("</td>\n");
writer.Append(" <td><a target=\"_blank\" href=\"../showgallery.aspx?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\">showgallery.aspx?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "</a></td>\n");
writer.Append(" <td align=\"center\"><input size=2 type=\"text\" name=\"DisplayOrder_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" value=\"" + DB.RSFieldInt(rs, "DisplayOrder").ToString() + "\"></td>\n");
writer.Append(" <td align=\"center\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "\" name=\"Edit_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editgallery.aspx") + "?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "'\"></td>\n");
writer.Append(" <td align=\"center\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.galleries.AddDeleteGalleryImages", SkinID, LocaleSetting) + "\" name=\"ManageImages_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("galleryimages.aspx") + "?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "'\"></td>\n");
writer.Append(" <td align=\"center\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" onClick=\"DeleteGallery(" + DB.RSFieldInt(rs, "GalleryID").ToString() + ")\"></td>\n");
writer.Append(" </tr>\n");
}
}
}
writer.Append(" <tr>\n");
writer.Append(" <td colspan=\"4\" align=\"left\"></td>\n");
writer.Append(" <td align=\"center\" bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\"><input type=\"submit\" value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"Submit\"></td>\n");
writer.Append(" <td colspan=\"2\"></td>\n");
writer.Append(" </tr>\n");
writer.Append(" <tr>\n");
writer.Append(" <td colspan=\"7\" height=5></td>\n");
writer.Append(" </tr>\n");
writer.Append(" </table>\n");
writer.Append("<p align=\"left\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.galleries.AddNewGallery", SkinID, LocaleSetting) + "\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editgallery.aspx") + "';\"><p/>");
writer.Append("</form>\n");
writer.Append("<script type=\"text/javascript\">\n");
writer.Append("function DeleteGallery(id)\n");
writer.Append("{\n");
writer.Append("if(confirm('" + String.Format(AppLogic.GetString("admin.galleries.ConfirmDelete", SkinID, LocaleSetting), "+ id +?'"));
writer.Append("{\n");
writer.Append("self.location = '" + AppLogic.AdminLinkUrl("galleries.aspx") + "?deleteid=' + id;\n");
writer.Append("}\n");
writer.Append("}\n");
writer.Append("</SCRIPT>\n");
ltContent.Text = writer.ToString();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
CustomerLevelID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID") != "0")
{
Editing = true;
CustomerLevelID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
if (ErrorMsg.Length == 0)
{
StringBuilder sql = new StringBuilder(2500);
if (!Editing)
{
// ok to add them:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into CustomerLevel(CustomerLevelGUID,Name,LevelDiscountPercent,LevelDiscountAmount,LevelHasFreeShipping,LevelAllowsQuantityDiscounts,LevelAllowsPO,LevelHasNoTax,LevelAllowsCoupons,LevelDiscountsApplyToExtendedPrices) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append(Localization.DecimalStringForDB(CommonLogic.FormUSDecimal("LevelDiscountPercent")) + ",");
sql.Append(Localization.CurrencyStringForDBWithoutExchangeRate(CommonLogic.FormUSDecimal("LevelDiscountAmount")) + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ",");
sql.Append(CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices"));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select CustomerLevelID from CustomerLevel with (NOLOCK) where deleted=0 and CustomerLevelGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
CustomerLevelID = DB.RSFieldInt(rs, "CustomerLevelID");
Editing = true;
}
}
DataUpdated = true;
Response.Redirect("customerlevels.aspx", true);
}
else
{
// ok to update:
sql.Append("update CustomerLevel set ");
sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append("LevelDiscountPercent=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent")) + ",");
sql.Append("LevelDiscountAmount=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount")) + ",");
sql.Append("LevelHasFreeShipping=" + CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ",");
sql.Append("LevelAllowsQuantityDiscounts=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ",");
sql.Append("LevelAllowsPO=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ",");
sql.Append("LevelHasNoTax=" + CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ",");
sql.Append("LevelAllowsCoupons=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ",");
sql.Append("LevelDiscountsApplyToExtendedPrices=" + CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices"));
sql.Append(" where CustomerLevelID=" + CustomerLevelID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("CustomerLevels.aspx") + "\">CustomerLevels</a> - Manage Customer Levels";
RenderHtml();
}
private void RenderHtml()
{
StringBuilder writer = new StringBuilder();
if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0)
{
// delete the record:
DB.ExecuteSQL("update Poll set deleted=1 where PollID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID"));
}
if (CommonLogic.FormBool("IsSubmit"))
{
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int PollID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch {}
DB.ExecuteSQL("update Poll set DisplayOrder=" + DispOrd.ToString() + " where PollID=" + PollID.ToString());
}
}
}
writer.Append("<form method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("polls.aspx") + "\">\n");
writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n");
writer.Append("<p align=\"left\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.polls.AddNew", SkinID, LocaleSetting) + "\" class=\"normalButtons\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpolls.aspx") + "';\"><p>");
writer.Append(" <table border=\"0\" cellpadding=\"0\" border=\"0\" cellspacing=\"0\" width=\"100%\">\n");
writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n");
writer.Append(" <tr class=\"tablenormal\">\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.ID", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.Poll", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.ExpiresOn", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.NumVotes", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.DisplayOrder", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.ManageAnswers", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.ReviewVotes", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.DeletePoll", SkinID, LocaleSetting) + "</td>\n");
writer.Append(" </tr>\n");
using (SqlConnection conn = DB.dbConn())
{
conn.Open();
using (IDataReader rs = DB.GetRS("select * from Poll with (NOLOCK) where deleted=0 order by DisplayOrder,Name", conn))
{
while (rs.Read())
{
writer.Append(" <tr class=\"tabletdnormal\">\n");
writer.Append(" <td >" + DB.RSFieldInt(rs, "PollID").ToString() + "</td>\n");
writer.Append("<td>\n");
writer.Append("<a href=\"" + AppLogic.AdminLinkUrl("editpolls.aspx") + "?Pollid=" + DB.RSFieldInt(rs, "PollID").ToString() + "\">");
writer.Append(DB.RSFieldByLocale(rs, "Name", LocaleSetting));
writer.Append("</a>");
writer.Append("</td>\n");
writer.Append("<td align=\"left\" valign=\"middle\">" + Localization.ToThreadCultureShortDateString(DB.RSFieldDateTime(rs, "ExpiresOn")) + "</td>");
writer.Append("<td align=\"left\" valign=\"middle\">" + DB.GetSqlN("select count(*) as N from PollVotingRecord with (NOLOCK) where pollanswerid in (select distinct pollanswerid from pollanswer where deleted=0) and PollID=" + DB.RSFieldInt(rs, "PollID").ToString()).ToString() + "</td>");
writer.Append(" <td align=\"left\" valign=\"middle\"><input size=2 type=\"text\" name=\"DisplayOrder_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" value=\"" + DB.RSFieldInt(rs, "DisplayOrder").ToString() + "\"></td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.polls.ManageAnswers", SkinID, LocaleSetting) + "\" name=\"ManageAnswers_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("pollanswers.aspx") + "?Pollid=" + DB.RSFieldInt(rs, "PollID").ToString() + "'\"></td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.polls.ReviewVotes", SkinID, LocaleSetting) + "\" name=\"ReviewVotes_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("managepoll.aspx") + "?Pollid=" + DB.RSFieldInt(rs, "PollID").ToString() + "'\"></td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" onClick=\"DeletePoll(" + DB.RSFieldInt(rs, "PollID").ToString() + ")\"></td>\n");
writer.Append(" </tr>\n");
}
}
}
writer.Append(" <tr>\n");
writer.Append(" <td colspan=\"4\" align=\"left\"></td>\n");
writer.Append(" <td align=\"left\" valign=\"middle\" height=\"25px\"><input type=\"submit\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"Submit\"></td>\n");
writer.Append(" <td colspan=\"3\"></td>\n");
writer.Append(" </tr>\n");
writer.Append(" </table>\n");
writer.Append("<p align=\"left\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.polls.AddNew", SkinID, LocaleSetting) + "\" class=\"normalButtons\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpolls.aspx") + "';\"><p>");
writer.Append("</form>\n");
writer.Append("</center></b>\n");
writer.Append("<script type=\"text/javascript\">\n");
writer.Append("function DeletePoll(id)\n");
writer.Append("{\n");
writer.Append("if(confirm('" + AppLogic.GetString("admin.polls.ConfirmDelete", SkinID, LocaleSetting) + " ' + id))\n");
writer.Append("{\n");
writer.Append("self.location = '" + AppLogic.AdminLinkUrl("polls.aspx") + "?deleteid=' + id;\n");
writer.Append("}\n");
writer.Append("}\n");
writer.Append("</SCRIPT>\n");
ltContent.Text = writer.ToString();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
PollID = CommonLogic.QueryStringUSInt("PollID");
PollAnswerID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("PollAnswerID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("PollAnswerID") != "0")
{
Editing = true;
PollAnswerID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("PollAnswerID"));
}
else
{
Editing = false;
}
if (PollID == 0)
{
Response.Redirect(AppLogic.AdminLinkUrl("polls.aspx"));
}
if (CommonLogic.FormBool("IsSubmit"))
{
StringBuilder sql = new StringBuilder(2500);
if (!Editing)
{
// ok to add:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into PollAnswer(PollAnswerGUID,PollID,Name) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(PollID.ToString() + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select PollAnswerID from PollAnswer with (NOLOCK) where deleted=0 and PollAnswerGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
PollAnswerID = DB.RSFieldInt(rs, "PollAnswerID");
Editing = true;
}
}
DataUpdated = true;
}
else
{
// ok to update:
sql.Append("update PollAnswer set ");
sql.Append("PollID=" + PollID.ToString() + ",");
sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")));
sql.Append(" where PollAnswerID=" + PollAnswerID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
SectionTitle = "<a href=\"pollanswers.aspx" + "?Pollid=" + PollID.ToString() + "\">" + AppLogic.GetString("admin.editpollanswer.PollAnswers", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editpollanswer.ManagePollAnswers", SkinID, LocaleSetting) + "";
Render();
}
protected void Page_Load(object sender, System.EventArgs e)
{
StringBuilder writer = new StringBuilder();
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
/****************************************************************************/
// * WARNING TO DEVELOPERS
// * The redirect below is a SAFETY feature. Removing the redirect will not
// * enable ML-only features on a lower version of AspDotNetStorefront.
// * Attempting to do so can very easily result in a partially implemented
// * feature, invalid or incomplete data in your DB, and other serious
// * conditions that will cause your store to be non-functional.
// *
// * If you break your store attempting to enable ML-only features in PRO or
// * Standard, our staff cannot help you fix it, and it will also invalidate
// * your AspDotNetStorefront License.
/***************************************************************************/
if (!AppLogic.m_ProductIsML() && !AppLogic.ProductIsMLExpress())
{
Response.Redirect(AppLogic.AdminLinkUrl("restrictedfeature.aspx"));
}
int ONX = CommonLogic.QueryStringUSInt("OrderNumber");
Customer ThisCustomer = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer;
int OrderCustomerID = 0;
String OriginalTransactionID = String.Empty;
String PM = String.Empty;
using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (IDataReader rs = DB.GetRS(String.Format("select CustomerID,AuthorizationPNREF,PaymentMethod from Orders with (NOLOCK) where OrderNumber={0}", ONX.ToString()), dbconn))
{
if (rs.Read())
{
OrderCustomerID = DB.RSFieldInt(rs, "CustomerID");
OriginalTransactionID = DB.RSField(rs, "AuthorizationPNREF");
PM = AppLogic.CleanPaymentMethod(DB.RSField(rs, "PaymentMethod"));
}
}
}
Customer OrderCustomer = new Customer(OrderCustomerID, true);
String GW = AppLogic.ActivePaymentGatewayCleaned();
if (PM == AppLogic.ro_PMPayPal || PM == AppLogic.ro_PMPayPalExpress)
{
GW = Gateway.ro_GWPAYPAL;
}
bool GatewayRequiresCC = GatewayLoader.GetProcessor(GW).RequiresCCForFurtherProcessing();
writer.Append("<div style=\"margin-left: 10px;\" align=\"left\">");
if (!ThisCustomer.IsAdminUser)
{
writer.Append("<b><font color=red>" + AppLogic.GetString("admin.common.PermissionDeniedUC", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</b></font>");
}
else
{
if (ONX == 0 || OrderCustomerID == 0)
{
writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.1", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>");
writer.Append("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>");
}
else
{
Address BillingAddress = new Address();
BillingAddress.LoadFromDB(OrderCustomer.PrimaryBillingAddressID);
if (CommonLogic.FormBool("IsSubmit"))
{
if (CommonLogic.FormCanBeDangerousContent("OrderTotal").Trim().Length != 0)
{
Decimal OrderTotal = CommonLogic.FormNativeDecimal("OrderTotal");
String OrderDescription = CommonLogic.FormCanBeDangerousContent("Description");
AppLogic.TransactionTypeEnum OrderType = (AppLogic.TransactionTypeEnum)Enum.Parse(typeof(AppLogic.TransactionTypeEnum), CommonLogic.FormCanBeDangerousContent("OrderType"), true);
int NewOrderNumber = 0;
if (OrderType == AppLogic.TransactionTypeEnum.CHARGE)
{
if (CommonLogic.FormCanBeDangerousContent("CardNumber").Length < 4)
{
Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID));
}
else
{
Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length - 4).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID));
}
}
// use the billing info in the form, as the store admin may have overridden what was in the db
// NOTE: we are NOT going to save this new updated billing info however, it is really up to the customer
// to change their billing info, or the store admin should edit their billing address in the customers account page area
BillingAddress.CardName = CommonLogic.FormCanBeDangerousContent("CardName");
// NOTE, this could be last4 at this point!! not a full CC #! that is ok, as this address will never be stored to the db anyway!
BillingAddress.CardNumber = CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "");
BillingAddress.CardType = CommonLogic.FormCanBeDangerousContent("CardType");
BillingAddress.CardExpirationMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth");
BillingAddress.CardExpirationYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear");
BillingAddress.CardStartDate = CommonLogic.FormCanBeDangerousContent("CardStartDate").Trim().Replace(" ", "").Replace("/", "").Replace("\\", "");
BillingAddress.CardIssueNumber = CommonLogic.FormCanBeDangerousContent("CardIssueNumber");
String CardExtraCode = CommonLogic.FormCanBeDangerousContent("CardExtraCode");
String Status = Gateway.MakeAdHocOrder(AppLogic.ActivePaymentGatewayCleaned(), ONX, OriginalTransactionID, OrderCustomer, BillingAddress, CardExtraCode, OrderTotal, OrderType, OrderDescription, out NewOrderNumber);
//PABP Required cleanup of in-memory objects
CardExtraCode = "11111";
CardExtraCode = "00000";
CardExtraCode = "11111";
CardExtraCode = String.Empty;
if (Status == AppLogic.ro_OK)
{
DB.ExecuteSQL("update orders set IsNew=0 where ParentOrderNumber IS NOT NULL"); // any "ad hoc" orders should not be new. so this is a safety check to force that.
Response.Redirect(AppLogic.AdminLinkUrl("adhocchargecomplete.aspx") + "?ordernumber=" + NewOrderNumber.ToString());
}
else
{
Response.Write("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.3", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "<br/>" + Status + "</font></b></p>");
}
Response.Write("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>");
}
}
else
{
writer.Append("<script type=\"text/javascript\">\n");
writer.Append("var GatewayRequiresCC=" + CommonLogic.IIF(GatewayRequiresCC, "1", "0") + ";\n");
writer.Append("function getSelectedRadio(buttonGroup) {\n");
writer.Append(" // returns the array number of the selected radio button or -1 if no button is selected\n");
writer.Append(" if (buttonGroup[0]) { // if the button group is an array (one button is not an array)\n");
writer.Append(" for (var i=0; i<buttonGroup.length; i++) {\n");
writer.Append(" if (buttonGroup[i].checked) {\n");
writer.Append(" return i\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" } else {\n");
writer.Append(" if (buttonGroup.checked) { return 0; } // if the one button is checked, return zero\n");
writer.Append(" }\n");
writer.Append(" // if we get to this point, no radio button is selected\n");
writer.Append(" return -1;\n");
writer.Append("}");
writer.Append("\n");
writer.Append("function getSelectedRadioValue(buttonGroup) {\n");
writer.Append(" // returns the value of the selected radio button or '' if no button is selected\n");
writer.Append(" var i = getSelectedRadio(buttonGroup);\n");
writer.Append(" if (i == -1) {\n");
writer.Append(" return '';\n");
writer.Append(" } else {\n");
writer.Append(" if (buttonGroup[i]) { // Make sure the button group is an array (not just one button)\n");
writer.Append(" return buttonGroup[i].value;\n");
writer.Append(" } else { // The button group is just the one button, and it is checked\n");
writer.Append(" return buttonGroup.value;\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append("}");
writer.Append("\n");
writer.Append("function getSelectedCheckbox(buttonGroup) {\n");
writer.Append(" // Go through all the check boxes. return an array of all the ones\n");
writer.Append(" // that are selected (their position numbers). if no boxes were checked,\n");
writer.Append(" // returned array will be empty (length will be zero)\n");
writer.Append(" var retArr = new Array();\n");
writer.Append(" var lastElement = 0;\n");
writer.Append(" if (buttonGroup[0]) { // if the button group is an array (one check box is not an array)\n");
writer.Append(" for (var i=0; i<buttonGroup.length; i++) {\n");
writer.Append(" if (buttonGroup[i].checked) {\n");
writer.Append(" retArr.length = lastElement;\n");
writer.Append(" retArr[lastElement] = i;\n");
writer.Append(" lastElement++;\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" } else { // There is only one check box (it's not an array)\n");
writer.Append(" if (buttonGroup.checked) { // if the one check box is checked\n");
writer.Append(" retArr.length = lastElement;\n");
writer.Append(" retArr[lastElement] = 0; // return zero as the only array value\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" return retArr;\n");
writer.Append("}");
writer.Append("\n");
writer.Append("function getSelectedCheckboxValue(buttonGroup) {\n");
writer.Append(" // return an array of values selected in the check box group. if no boxes\n");
writer.Append(" // were checked, returned array will be empty (length will be zero)\n");
writer.Append(" var retArr = new Array(); // set up empty array for the return values\n");
writer.Append(" var selectedItems = getSelectedCheckbox(buttonGroup);\n");
writer.Append(" if (selectedItems.length != 0) { // if there was something selected\n");
writer.Append(" retArr.length = selectedItems.length;\n");
writer.Append(" for (var i=0; i<selectedItems.length; i++) {\n");
writer.Append(" if (buttonGroup[selectedItems[i]]) { // Make sure it's an array\n");
writer.Append(" retArr[i] = buttonGroup[selectedItems[i]].value;\n");
writer.Append(" } else { // It's not an array (there's just one check box and it's selected)\n");
writer.Append(" retArr[i] = buttonGroup.value;// return that value\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" return retArr;\n");
writer.Append("}");
writer.Append("function AdHocOrderTypeChanged(theForm)\n");
writer.Append("{\n");
writer.Append(" if(GatewayRequiresCC == 1 || getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "')\n");
writer.Append(" {\n");
writer.Append(" CCDiv.style.display = 'block';\n");
writer.Append(" }\n");
writer.Append(" else\n");
writer.Append(" {\n");
writer.Append(" CCDiv.style.display = 'none';\n");
writer.Append(" }\n");
writer.Append("}\n");
writer.Append("function AdHocChargeOrRefundForm_Validator(theForm)\n");
writer.Append("{\n");
writer.Append(" submitonce(theForm);\n");
writer.Append(" if(theForm.Description.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.4", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n");
writer.Append(" theForm.Description.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if((getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "') || (GatewayRequiresCC == 1 && getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "'))\n");
writer.Append(" {\n");
writer.Append(" if(theForm.CardName.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Name On Card") + "');\n");
writer.Append(" theForm.CardName.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardNumber.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Number") + "');\n");
writer.Append(" theForm.CardNumber.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(isNaN(theForm.CardNumber.value))\n");
writer.Append(" {\n");
writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.28", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n");
writer.Append(" theForm.CardNumber.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(document.getElementById(\"CardNumber\").value.length <15)\n");
writer.Append(" {\n");
writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.29", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n");
writer.Append(" theForm.CardNumber.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardExpirationMonth.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Month") + "');\n");
writer.Append(" theForm.CardExpirationMonth.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardExpirationYear.value == '')\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Year") + "');\n");
writer.Append(" theForm.CardExpirationYear.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" if(theForm.CardType.selectedIndex < 1)\n");
writer.Append(" {\n");
writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Type") + "');\n");
writer.Append(" theForm.CardType.focus();\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (false);\n");
writer.Append(" }\n");
writer.Append(" }\n");
writer.Append(" submitenabled(theForm);\n");
writer.Append(" return (true);\n");
writer.Append("}\n");
writer.Append("</script>\n");
writer.Append(String.Format(AppLogic.GetString("adhoccharge.aspx.5", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), ONX.ToString()));
writer.Append("<p>" + AppLogic.GetString("adhoccharge.aspx.6", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</p>");
String CNM = BillingAddress.CardName;
String CN = BillingAddress.CardNumber;
String Last4 = String.Empty;
String CExpMonth = BillingAddress.CardExpirationMonth;
String CExpYear = BillingAddress.CardExpirationYear;
String CardType = BillingAddress.CardType;
if (CN.Length == 0)
{
// try to pull it from order record:
using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (IDataReader rs2 = DB.GetRS("select * from Orders with (NOLOCK) where OrderNumber=" + ONX.ToString(), dbconn))
{
if (rs2.Read())
{
CN = DB.RSField(rs2, "CardNumber");
CNM = DB.RSField(rs2, "CardName");
Last4 = DB.RSField(rs2, "Last4");
CExpMonth = DB.RSField(rs2, "CardExpirationMonth");
CExpYear = DB.RSField(rs2, "CardExpirationYear");
CN = DB.RSField(rs2, "CardNumber");
CN = Security.UnmungeString(CN, DB.RSField(rs2, AppLogic.AppConfig("OrdersCCSaltField")));
if (CN.StartsWith(Security.ro_DecryptFailedPrefix, StringComparison.InvariantCultureIgnoreCase))
{
CN = DB.RSField(rs2, "CardNumber");
}
CardType = DB.RSField(rs2, "CardType");
}
}
}
}
if (AppLogic.ProductIsMLExpress() == false)
{
if (AppLogic.AppConfigBool("StoreCCInDB") && OrderCustomer.StoreCCInDB && CN.Length > 0)
{
Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CN.Replace("*", "").Substring(CN.Replace("*", "").Length - 4).PadLeft(CN.Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID));
}
}
if (GatewayRequiresCC)
{
writer.Append("<p><b><font color=blue>" + AppLogic.GetString("adhoccharge.aspx.11", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>");
}
else
{
writer.Append("<p><b><font color=blue>" + AppLogic.GetString("adhoccharge.aspx.12", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>");
}
if (!OrderCustomer.StoreCCInDB)
{
writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.13", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>");
}
if (CN.Length == 0 || CN == AppLogic.ro_CCNotStoredString)
{
writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.14", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>");
}
if (OrderCustomer.PrimaryBillingAddressID == 0)
{
writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.7", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>");
}
else if (CN.Length == 0 && Last4.Length == 0 && GW != Gateway.ro_GWPAYPAL)
{
writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.8", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>");
}
else
{
writer.Append("<form id=\"AdHocChargeOrRefundForm\" name=\"AdHocChargeOrRefundForm\" method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("adhoccharge.aspx") + "?OrderNumber=" + ONX.ToString() + "\" onsubmit=\"return (validateForm(this) && AdHocChargeOrRefundForm_Validator(this))\" >");
writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n");
writer.Append("<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" width=\"100%\">");
writer.Append("<tr><td width=\"40%\" valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.9", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OriginalTransactionID.ToString() + "</td></tr>");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("admin.label.CustomerID", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.CustomerID.ToString() + "</td></tr>");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("admin.label.CustomerName", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.FullName() + "</td></tr>");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.27", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + BillingAddress.Phone + "</td></tr>");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.16", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>");
writer.Append("<input onClick=\"AdHocOrderTypeChanged(AdHocChargeOrRefundForm)\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "\" id=\"ChargeOrderType\" name=\"OrderType\">" + AppLogic.GetString("adhoccharge.aspx.17", ThisCustomer.SkinID, ThisCustomer.LocaleSetting));
writer.Append(" ");
writer.Append("<input onClick=\"AdHocOrderTypeChanged(AdHocChargeOrRefundForm)\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "\" id=\"RefundOrderType\" name=\"OrderType\" checked>" + AppLogic.GetString("adhoccharge.aspx.18", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.19", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" name=\"OrderTotal\" size=\"7\"><input type=\"hidden\" name=\"OrderTotal_vldt\" value=\"[req][number][blankalert=" + AppLogic.GetString("adhoccharge.aspx.26", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "][invalidalert=" + AppLogic.GetString("admin.common.ValidDollarAmountPrompt", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "]\"> (xx.xx format)</td></tr>");
writer.Append("<tr><td colspan=\"2\">");
writer.Append("<div id=\"CCDiv\" name=\"CCDiv\" style=\"display:" + CommonLogic.IIF(GatewayRequiresCC, "block", "none") + ";\">");
writer.Append("<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" width=\"100%\">");
writer.Append("<tr>");
writer.Append("<td width=\"40%\" align=\"right\" valign=\"middle\">" + AppLogic.GetString("address.cs.31", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td>");
writer.Append("<td align=\"left\" valign=\"middle\">\n");
writer.Append("<select size=\"1\" name=\"CardType\" id=\"CardType\">");
writer.Append("<option value=\"\">" + AppLogic.GetString("address.cs.32", ThisCustomer.SkinID, ThisCustomer.LocaleSetting));
using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn()))
{
dbconn.Open();
using (IDataReader rsCard = DB.GetRS("select * from creditcardtype with (NOLOCK) where Accepted=1 order by CardType", dbconn))
{
while (rsCard.Read())
{
writer.Append("<option value=\"" + DB.RSField(rsCard, "CardType") + "\" " + CommonLogic.IIF(CardType == DB.RSField(rsCard, "CardType"), " selected ", "") + ">" + DB.RSField(rsCard, "CardType") + "</option>\n");
}
}
}
writer.Append("</select>\n");
writer.Append("</td>");
writer.Append("</tr>");
writer.Append("<tr><td width=\"40%\" valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.10", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"100\" type=\"text\" name=\"CardName\" id=\"CardName\" value=\"" + CNM + "\"></td></tr>");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.24", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"16\" type=\"text\" autocomplete=\"off\" name=\"CardNumber\" id=\"CardNumber\" value=\"" + CN + "\"> " + String.Format(AppLogic.GetString("admin.adhoccharge.OriginalOrderLastFour", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), Last4) + ")</td></tr>");
writer.Append("<tr><td valign =\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.15", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"4\" maxlength=\"4\" type=\"text\" autocomplete=\"off\" name=\"CardExtraCode\" id=\"CardExtraCode\">");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.25", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" size=\"2\" maxlength=\"2\" name=\"CardExpirationMonth\" id=\"CardExpirationMonth\" value=\"" + CExpMonth + "\"> / <input size=\"4\" maxlength=\"4\" type=\"text\" name=\"CardExpirationYear\" id=\"CardExpirationYear\" value=\"" + CExpYear + "\"> (MM/YYYY)</td></tr>");
if (AppLogic.AppConfigBool("ShowCardStartDateFields"))
{
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("address.cs.59", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardStartDate\" id=\"CardStartDate\" size=\"5\" maxlength=\"20\"> " + AppLogic.GetString("address.cs.64", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>");
writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("address.cs.61", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardIssueNumber\" id=\"CardIssueNumber\" size=\"2\" maxlength=\"2\"> " + AppLogic.GetString("address.cs.63", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>");
}
writer.Append("</table>");
writer.Append("</div>");
writer.Append("</td></tr>");
writer.Append("</table>");
writer.Append(" <p>" + AppLogic.GetString("adhoccharge.aspx.20", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </p>");
writer.Append(" <p><textarea rows=\"8\" id=\"Description\" name=\"Description\" style=\"width: 90%\"></textarea></p>");
writer.Append(" <p align=\"center\"><input type=\"submit\" value=\"" + AppLogic.GetString("adhoccharge.aspx.21", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B1\" class=\"normalButtons\"> <input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Cancel", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B2\" onClick=\"javascript:self.close()\" class=\"normalButtons\"></p>");
writer.Append("</form>");
}
}
}
}
writer.Append("</div>");
ltContent.Text = writer.ToString();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
SearchFor = CommonLogic.QueryStringCanBeDangerousContent("SearchFor");
GroupName = CommonLogic.QueryStringCanBeDangerousContent("GroupName");
BeginsWith = CommonLogic.QueryStringCanBeDangerousContent("BeginsWith");
SkinPreviewID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID") != "0")
{
Editing = true;
SkinPreviewID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
StringBuilder sql = new StringBuilder(2500);
if (!Editing)
{
// ok to add them:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into SkinPreview(SkinPreviewGUID,Name,GroupName,SkinID) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("GroupName")) + ",");
sql.Append(CommonLogic.FormUSInt("SkinID").ToString());
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select SkinPreviewID from SkinPreview with (NOLOCK) where SkinPreviewGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
SkinPreviewID = DB.RSFieldInt(rs, "SkinPreviewID");
Editing = true;
}
}
DataUpdated = true;
}
else
{
// ok to update:
sql.Append("update SkinPreview set ");
sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ",");
sql.Append("GroupName=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("GroupName")) + ",");
sql.Append("SkinID=" + CommonLogic.FormUSInt("SkinID").ToString());
sql.Append(" where SkinPreviewID=" + SkinPreviewID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
// handle image uploaded:
String FN = SkinPreviewID.ToString();
try
{
String Image1 = String.Empty;
HttpPostedFile Image1File = Request.Files["Image1"];
if (Image1File.ContentLength != 0)
{
// delete any current image file first
try
{
System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".jpg");
System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".gif");
System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".png");
}
catch
{ }
String s = Image1File.ContentType;
switch (Image1File.ContentType)
{
case "image/gif":
Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".gif";
Image1File.SaveAs(Image1);
break;
case "image/x-png":
Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".png";
Image1File.SaveAs(Image1);
break;
case "image/jpg":
case "image/jpeg":
case "image/pjpeg":
Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".jpg";
Image1File.SaveAs(Image1);
break;
}
}
String Image2 = String.Empty;
HttpPostedFile Image2File = Request.Files["Image2"];
if (Image2File.ContentLength != 0)
{
// delete any current image file first
try
{
System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".jpg");
System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".gif");
System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".png");
}
catch
{ }
String s = Image2File.ContentType;
switch (Image2File.ContentType)
{
case "image/gif":
Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".gif";
Image2File.SaveAs(Image2);
break;
case "image/x-png":
Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".png";
Image2File.SaveAs(Image2);
break;
case "image/jpg":
case "image/jpeg":
case "image/pjpeg":
Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".jpg";
Image2File.SaveAs(Image2);
break;
}
}
}
catch (Exception ex)
{
ErrorMsg = CommonLogic.GetExceptionDetail(ex, "<br/>");
}
}
SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("skinpreview.aspx") + "?GroupName=" + Server.UrlEncode(GroupName) + "&beginsWith=" + Server.UrlEncode(BeginsWith) + "&searchfor=" + Server.UrlEncode(SearchFor) + "\">" + AppLogic.GetString("admin.menu.SkinPreviews", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editskinpreview.AddEditSkinPreview", SkinID, LocaleSetting);
RenderHtml();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
SearchFor = CommonLogic.QueryStringCanBeDangerousContent("SearchFor");
ShowLocaleSetting = Localization.CheckLocaleSettingForProperCase(CommonLogic.QueryStringCanBeDangerousContent("ShowLocaleSetting"));
BeginsWith = CommonLogic.QueryStringCanBeDangerousContent("BeginsWith");
StringResourceID = 0;
if (CommonLogic.QueryStringCanBeDangerousContent("StringResourceID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("StringResourceID") != "0")
{
Editing = true;
StringResourceID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("StringResourceID"));
}
else
{
Editing = false;
}
if (CommonLogic.FormBool("IsSubmit"))
{
StringBuilder sql = new StringBuilder(2500);
if (!Editing)
{
// ok to add them:
String NewGUID = DB.GetNewGUID();
sql.Append("insert into StringResource(StringResourceGUID,Name,LocaleSetting,ConfigValue) values(");
sql.Append(DB.SQuote(NewGUID) + ",");
sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name")) + ",");
sql.Append(DB.SQuote(Localization.CheckLocaleSettingForProperCase(CommonLogic.FormCanBeDangerousContent("LocaleSetting"))) + ",");
sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("ConfigValue")));
sql.Append(")");
DB.ExecuteSQL(sql.ToString());
using (SqlConnection dbconn = DB.dbConn())
{
dbconn.Open();
using (IDataReader rs = DB.GetRS("select StringResourceID from StringResource with (NOLOCK) where StringResourceGUID=" + DB.SQuote(NewGUID), dbconn))
{
rs.Read();
StringResourceID = DB.RSFieldInt(rs, "StringResourceID");
Editing = true;
}
}
DataUpdated = true;
}
else
{
// ok to update:
sql.Append("update StringResource set ");
sql.Append("Name=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name")) + ",");
sql.Append("LocaleSetting=" + DB.SQuote(Localization.CheckLocaleSettingForProperCase(CommonLogic.FormCanBeDangerousContent("LocaleSetting"))) + ",");
sql.Append("ConfigValue=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("ConfigValue")));
sql.Append(" where StringResourceID=" + StringResourceID.ToString());
DB.ExecuteSQL(sql.ToString());
DataUpdated = true;
Editing = true;
}
}
Render();
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
ThisCustomer.RequireCustomerRecord();
String ReturnURL = CommonLogic.QueryStringCanBeDangerousContent("ReturnURL");
AppLogic.CheckForScriptTag(ReturnURL);
CartTypeEnum CartType = CartTypeEnum.ShoppingCart;
if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1)
{
CartType = CartTypeEnum.WishCart;
}
if (CommonLogic.FormNativeInt("IsGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsGiftRegistry") == 1)
{
CartType = CartTypeEnum.GiftRegistryCart;
}
if (AppLogic.HideForWholesaleSite(ThisCustomer.CustomerLevelID))
{
Response.Redirect("Default.aspx");
}
if (!ThisCustomer.IsRegistered && AppLogic.AppConfigBool("DisallowAnonCustomerToCreateWishlist") && AppLogic.ProductIsMLExpress() == false)
{
string ErrMsg = string.Empty;
ErrorMessage er;
if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1)
{
ErrMsg = AppLogic.GetString("signin.aspx.27", 1, ThisCustomer.LocaleSetting);
er = new ErrorMessage(ErrMsg);
Response.Redirect("signin.aspx?ErrorMsg=" + er.MessageId + "&ReturnUrl=" + Security.UrlEncode(ReturnURL));
}
if (CommonLogic.FormNativeInt("IsGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsGiftRegistry") == 1)
{
ErrMsg = AppLogic.GetString("signin.aspx.28", 1, ThisCustomer.LocaleSetting);
er = new ErrorMessage(ErrMsg);
Response.Redirect("signin.aspx?ErrorMsg=" + er.MessageId + "&ReturnUrl=" + Security.UrlEncode(ReturnURL));
}
}
// if editing, nuke what was there, it will be replaced from what was submitted now from the product page.
// NOTE. if a kit or pack was "edited", you don't have to do this, and ShoppingCartRecID is not material (and should not be in the form post)
// kits and packs are "moved" from active cart to temp cart records, so they won't have a cart record id to begin with. They are built in the KitCart and CustomCart tables instead
int ShoppingCartRecID = CommonLogic.FormUSInt("CartRecID"); // only used for (non kit or pack) product/order edits from prior cart record
if (ShoppingCartRecID == 0)
{
ShoppingCartRecID = CommonLogic.QueryStringUSInt("CartRecID");
}
if (ShoppingCartRecID != 0)
{
DB.ExecuteSQL("delete from ShoppingCart where ShoppingCartRecID=" + ShoppingCartRecID.ToString() + " and CustomerID=" + ThisCustomer.CustomerID.ToString() + " and CartType=" + ((int)CartType).ToString() + " and StoreID = " + AppLogic.StoreID());
}
int ShippingAddressID = CommonLogic.QueryStringUSInt("ShippingAddressID"); // only used for multi-ship
if (ShippingAddressID == 0)
{
ShippingAddressID = CommonLogic.FormNativeInt("ShippingAddressID");
}
if ((ShippingAddressID == 0 || !ThisCustomer.OwnsThisAddress(ShippingAddressID)) && ThisCustomer.PrimaryShippingAddressID != 0)
{
ShippingAddressID = ThisCustomer.PrimaryShippingAddressID;
}
int ProductID = CommonLogic.QueryStringUSInt("ProductID");
if (ProductID == 0)
{
ProductID = CommonLogic.FormUSInt("ProductID");
}
int VariantID = CommonLogic.QueryStringUSInt("VariantID");
if (VariantID == 0)
{
VariantID = CommonLogic.FormUSInt("VariantID");
}
if (ProductID == 0)
{
ProductID = AppLogic.GetVariantProductID(VariantID);
}
// if no VariantID is located, get the default variantID for the product
if (VariantID == 0)
{
VariantID = AppLogic.GetDefaultProductVariant(ProductID);
}
int Quantity = CommonLogic.QueryStringUSInt("Quantity");
if (Quantity == 0)
{
Quantity = CommonLogic.FormNativeInt("Quantity");
}
if (Quantity == 0)
{
Quantity = 1;
}
VariantStyleEnum VariantStyle = (VariantStyleEnum)CommonLogic.QueryStringUSInt("VariantStyle");
if (CommonLogic.QueryStringCanBeDangerousContent("VariantStyle").Length == 0)
{
VariantStyle = (VariantStyleEnum)CommonLogic.FormNativeInt("VariantStyle");
}
decimal CustomerEnteredPrice = CommonLogic.FormNativeDecimal("Price");
if (CustomerEnteredPrice == System.Decimal.Zero)
{
CustomerEnteredPrice = CommonLogic.QueryStringNativeDecimal("Price");
}
if (!AppLogic.VariantAllowsCustomerPricing(VariantID))
{
CustomerEnteredPrice = System.Decimal.Zero;
}
if (CustomerEnteredPrice < System.Decimal.Zero)
{
CustomerEnteredPrice = -CustomerEnteredPrice;
}
int CustomerID = ThisCustomer.CustomerID;
if (Currency.GetDefaultCurrency() != ThisCustomer.CurrencySetting && CustomerEnteredPrice != 0)
{
CustomerEnteredPrice = Currency.Convert(CustomerEnteredPrice, ThisCustomer.CurrencySetting, Localization.StoreCurrency());
}
// QueryString params override Form Params!
String ChosenColor = String.Empty;
String ChosenColorSKUModifier = String.Empty;
String ChosenSize = String.Empty;
String ChosenSizeSKUModifier = String.Empty;
String TextOption = CommonLogic.FormCanBeDangerousContent("TextOption");
if (CommonLogic.QueryStringCanBeDangerousContent("TextOption").Length != 0)
{
TextOption = Security.HtmlEncode(CommonLogic.QueryStringCanBeDangerousContent("TextOption"));
}
// the color & sizes coming in here are MUST be in the Master WebConfig Locale ALWAYS!
if (CommonLogic.QueryStringCanBeDangerousContent("Color").Length != 0)
{
String[] ColorSel = CommonLogic.QueryStringCanBeDangerousContent("Color").Split(',');
try
{
ChosenColor = Security.HtmlEncode(ColorSel[0]);
}
catch { }
try
{
ChosenColorSKUModifier = Security.HtmlEncode(ColorSel[1]);
}
catch { }
}
if (ChosenColor.Length == 0 && CommonLogic.FormCanBeDangerousContent("Color").Length != 0)
{
String[] ColorSel = CommonLogic.FormCanBeDangerousContent("Color").Split(',');
try
{
ChosenColor = Security.HtmlEncode(ColorSel[0]).Trim();
}
catch { }
try
{
ChosenColorSKUModifier = Security.HtmlEncode(ColorSel[1]);
}
catch { }
}
if (CommonLogic.QueryStringCanBeDangerousContent("Size").Length != 0)
{
String[] SizeSel = CommonLogic.QueryStringCanBeDangerousContent("Size").Split(',');
try
{
ChosenSize = Security.HtmlEncode(SizeSel[0]).Trim();
}
catch { }
try
{
ChosenSizeSKUModifier = Security.HtmlEncode(SizeSel[1]);
}
catch { }
}
if (ChosenSize.Length == 0 && CommonLogic.FormCanBeDangerousContent("Size").Length != 0)
{
String[] SizeSel = CommonLogic.FormCanBeDangerousContent("Size").Split(',');
try
{
ChosenSize = Security.HtmlEncode(SizeSel[0]).Trim();
}
catch { }
try
{
ChosenSizeSKUModifier = Security.HtmlEncode(SizeSel[1]);
}
catch { }
}
if (VariantStyle == VariantStyleEnum.ERPWithRollupAttributes)
{
String match = "<GroupAttributes></GroupAttributes>";
String match2 = "<GroupAttributes></GroupAttributes>";
if (ChosenSize.Trim().Length != 0 && ChosenColor.Trim().Length != 0)
{
match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenSize + "\"/><GroupAttributeName=\"Attr2\"Value=\"" + ChosenColor + "\"/></GroupAttributes>";
match2 = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenColor + "\"/><GroupAttributeName=\"Attr2\"Value=\"" + ChosenSize + "\"/></GroupAttributes>";
}
else if (ChosenSize.Trim().Length != 0 && ChosenColor.Trim().Length == 0)
{
match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenSize + "\"/></GroupAttributes>";
}
else if (ChosenSize.Trim().Length == 0 && ChosenColor.Trim().Length != 0)
{
match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenColor + "\"/></GroupAttributes>";
}
// reset variant id to the proper attribute match!
using (SqlConnection con = new SqlConnection(DB.GetDBConn()))
{
con.Open();
using (IDataReader rsERP = DB.GetRS("select VariantID,ExtensionData2 from ProductVariant with (NOLOCK) where VariantID=" + VariantID.ToString(), con))
{
while (rsERP.Read())
{
String thisVariantMatch = DB.RSField(rsERP, "ExtensionData2").Replace(" ", "").Trim();
match = Regex.Replace(match, "\\s+", "", RegexOptions.Compiled);
match2 = Regex.Replace(match2, "\\s+", "", RegexOptions.Compiled);
thisVariantMatch = Regex.Replace(thisVariantMatch, "\\s+", "", RegexOptions.Compiled);
if (match.Equals(thisVariantMatch, StringComparison.InvariantCultureIgnoreCase) ||
match2.Equals(thisVariantMatch, StringComparison.InvariantCultureIgnoreCase))
{
VariantID = DB.RSFieldInt(rsERP, "VariantID");
break;
}
}
}
}
}
ShoppingCart cart = new ShoppingCart(1, ThisCustomer, CartType, 0, false);
if (Quantity > 0)
{
if (AppLogic.IsAKit(ProductID))
{
// -- new kit format -- //
bool productIsUsingKit2XmlPackage = !CommonLogic.IsStringNullOrEmpty(CommonLogic.FormCanBeDangerousContent("KitItems"));
if (productIsUsingKit2XmlPackage)
{
if (CommonLogic.FormBool("IsEditKit") && CommonLogic.FormUSInt("CartRecID") > 0)
{
int cartId = CommonLogic.FormUSInt("CartRecID");
AppLogic.ClearKitItems(ThisCustomer, ProductID, VariantID, cartId);
}
KitComposition preferredComposition = KitComposition.FromForm(ThisCustomer, ProductID, VariantID);
String tmp = DB.GetNewGUID();
int NewRecID = cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, string.Empty, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, System.Decimal.Zero, preferredComposition);
}
else
{
String tmp = DB.GetNewGUID();
int NewRecID = cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, System.Decimal.Zero);
}
}
else
{
cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, CustomerEnteredPrice);
}
}
// handle upsell products:
String UpsellProducts = CommonLogic.FormCanBeDangerousContent("UpsellProducts").Trim();
if (UpsellProducts.Length != 0 && CartType == CartTypeEnum.ShoppingCart)
{
foreach (String s in UpsellProducts.Split(','))
{
String PID = s.Trim();
if (PID.Length != 0)
{
int UpsellProductID = 0;
try
{
UpsellProductID = Localization.ParseUSInt(PID);
if (UpsellProductID != 0)
{
int UpsellVariantID = AppLogic.GetProductsFirstVariantID(UpsellProductID);
if (UpsellVariantID != 0)
{
// this variant COULD have one size or color, so set it up like that:
String Sizes = String.Empty;
String SizeSKUModifiers = String.Empty;
String Colors = String.Empty;
String ColorSKUModifiers = String.Empty;
using (SqlConnection con = new SqlConnection(DB.GetDBConn()))
{
con.Open();
using (IDataReader rs = DB.GetRS("select Sizes,SizeSKUModifiers,Colors,ColorSKUModifiers from ProductVariant with (NOLOCK) where VariantID=" + UpsellVariantID.ToString(), con))
{
if (rs.Read())
{
Sizes = DB.RSFieldByLocale(rs, "Sizes", Localization.GetDefaultLocale());
SizeSKUModifiers = DB.RSFieldByLocale(rs, "SizeSKUModifiers", Localization.GetDefaultLocale());
Colors = DB.RSFieldByLocale(rs, "Colors", Localization.GetDefaultLocale());
ColorSKUModifiers = DB.RSFieldByLocale(rs, "ColorSKUModifiers", Localization.GetDefaultLocale());
}
}
}
// safety check:
if (Sizes.IndexOf(',') != -1)
{
Sizes = String.Empty;
SizeSKUModifiers = String.Empty;
}
// safety check:
if (Colors.IndexOf(',') != -1)
{
Colors = String.Empty;
ColorSKUModifiers = String.Empty;
}
cart.AddItem(ThisCustomer, ShippingAddressID, UpsellProductID, UpsellVariantID, 1, Colors, ColorSKUModifiers, Sizes, SizeSKUModifiers, String.Empty, CartType, false, false, 0, System.Decimal.Zero);
Decimal PR = AppLogic.GetUpsellProductPrice(ProductID, UpsellProductID, ThisCustomer.CustomerLevelID);
DB.ExecuteSQL("update shoppingcart set IsUpsell=1, ProductPrice=" + Localization.CurrencyStringForDBWithoutExchangeRate(PR) + " where CartType=" + ((int)CartType).ToString() + " and CustomerID=" + ThisCustomer.CustomerID.ToString() + " and ProductID=" + UpsellProductID.ToString() + " and VariantID=" + UpsellVariantID.ToString() + " and convert(nvarchar(1000),ChosenColor)='' and convert(nvarchar(1000),ChosenSize)='' and convert(nvarchar(1000),TextOption)=''");
}
}
}
catch { }
}
}
}
cart = null;
AppLogic.eventHandler("AddToCart").CallEvent("&AddToCart=true&VariantID=" + VariantID.ToString() + "&ProductID=" + ProductID.ToString() + "&ChosenColor=" + ChosenColor + "&ChosenSize=" + ChosenSize);
if (AppLogic.AppConfig("AddToCartAction").Equals("STAY", StringComparison.InvariantCultureIgnoreCase) &&
ReturnURL.Length != 0)
{
Response.Redirect(ReturnURL);
}
else
{
if (ReturnURL.Length == 0)
{
ReturnURL = String.Empty;
if (Request.UrlReferrer != null)
{
ReturnURL = Request.UrlReferrer.AbsoluteUri; // could be null
}
if (ReturnURL == null)
{
ReturnURL = String.Empty;
}
}
if (CartType == CartTypeEnum.WishCart)
{
Response.Redirect("wishlist.aspx?ReturnUrl=" + Security.UrlEncode(ReturnURL));
}
if (CartType == CartTypeEnum.GiftRegistryCart)
{
Response.Redirect("giftregistry.aspx?ReturnUrl=" + Security.UrlEncode(ReturnURL));
}
Response.Redirect("ShoppingCart.aspx?add=true&ReturnUrl=" + Security.UrlEncode(ReturnURL));
}
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.CacheControl = "private";
Response.Expires = 0;
Response.AddHeader("pragma", "no-cache");
ProductID = CommonLogic.QueryStringUSInt("ProductID");
if (ProductID == 0)
{
Response.Redirect(AppLogic.AdminLinkUrl("products.aspx"));
}
ProductName = AppLogic.GetProductName(ProductID, LocaleSetting);
ProductSKU = AppLogic.GetProductSKU(ProductID);
ProductTracksInventoryBySizeAndColor = AppLogic.ProductTracksInventoryBySizeAndColor(ProductID);
if (CommonLogic.QueryStringCanBeDangerousContent("CloneID").Length != 0)
{
int CloneID = CommonLogic.QueryStringUSInt("CloneID");
DB.ExecuteSQL("aspdnsf_CloneVariant " + CloneID.ToString() + "," + ThisCustomer.CustomerID.ToString());
}
if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0)
{
int DeleteID = CommonLogic.QueryStringUSInt("DeleteID");
DB.ExecuteSQL("delete from CustomCart where VariantID=" + DeleteID.ToString());
DB.ExecuteSQL("delete from KitCart where VariantID=" + DeleteID.ToString());
DB.ExecuteSQL("delete from ShoppingCart where VariantID=" + DeleteID.ToString());
DB.ExecuteSQL("delete from ProductVariant where VariantID=" + DeleteID.ToString());
}
if (CommonLogic.QueryStringBool("DeleteAllVariants"))
{
DB.ExecuteSQL("delete from CustomCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")");
DB.ExecuteSQL("delete from KitCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")");
DB.ExecuteSQL("delete from ShoppingCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")");
DB.ExecuteSQL("delete from ProductVariant where ProductID=" + ProductID.ToString());;
}
if (CommonLogic.FormBool("IsSubmit"))
{
DB.ExecuteSQL("update ProductVariant set IsDefault=0 where ProductID=" + ProductID.ToString());
if (CommonLogic.FormCanBeDangerousContent("IsDefault").Length == 0 || CommonLogic.FormUSInt("IsDefault") == 0)
{
// try to force a default variant, none was specified!
DB.ExecuteSQL("update ProductVariant set IsDefault=1 where ProductID=" + ProductID.ToString() + " and VariantID in (SELECT top 1 VariantID from ProductVariant where ProductID=" + ProductID.ToString() + " order by DisplayOrder,Name)");
}
else
{
DB.ExecuteSQL("update ProductVariant set IsDefault=1 where ProductID=" + ProductID.ToString() + " and VariantID=" + CommonLogic.FormUSInt("IsDefault").ToString());
}
for (int i = 0; i <= Request.Form.Count - 1; i++)
{
if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1)
{
String[] keys = Request.Form.Keys[i].Split('_');
int VariantID = Localization.ParseUSInt(keys[1]);
int DispOrd = 1;
try
{
DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]);
}
catch { }
DB.ExecuteSQL("update productvariant set DisplayOrder=" + DispOrd.ToString() + " where VariantID=" + VariantID.ToString());
}
}
}
if (CommonLogic.QueryStringCanBeDangerousContent("DeleteAllVariants").Equals("TRUE", StringComparison.InvariantCultureIgnoreCase) == false)
{
AppLogic.MakeSureProductHasAtLeastOneVariant(ProductID);
}
AppLogic.EnsureProductHasADefaultVariantSet(ProductID);
LoadData();
}
