protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); QuantityDiscountID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("QuantityDiscountID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("QuantityDiscountID") != "0") { Editing = true; QuantityDiscountID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("QuantityDiscountID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add: String NewGUID = DB.GetNewGUID(); sql.Append("insert into quantitydiscount(QuantityDiscountGUID,Name) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name"))); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select QuantityDiscountID from quantitydiscount with (NOLOCK) where QuantityDiscountGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); QuantityDiscountID = DB.RSFieldInt(rs, "QuantityDiscountID"); Editing = true; } } DataUpdated = true; Response.Redirect(AppLogic.AdminLinkUrl("editquantitydiscounttable.aspx") + "?QuantityDiscountID=" + QuantityDiscountID.ToString()); } else { // ok to update: sql.Append("update quantitydiscount set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name"))); sql.Append(" where QuantityDiscountID=" + QuantityDiscountID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("quantitydiscounts.aspx") + "\">" + AppLogic.GetString("admin.menu.QuantityDiscounts", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editquantitydiscount.ManageQuantityDiscounts", SkinID, LocaleSetting); RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { InitializeStores(); Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); SectionTitle = "Manage Shipping Methods"; if (!IsStoreFilterChangePostBack && CommonLogic.FormBool("IsSubmit")) { for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int ShippingMethodID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch { } DB.ExecuteSQL("update ShippingMethod set DisplayOrder=" + DispOrd.ToString() + " where ShippingMethodID=" + ShippingMethodID.ToString()); IsShippingMethod = true; } if (Request.Form.Keys[i].IndexOf("displayName") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int shippingMethodID = Localization.ParseUSInt(keys[1]); string displayName = Request.Form[Request.Form.Keys[i]]; DB.ExecuteSQL(String.Format("update ShippingMethod set DisplayName={0} where ShippingMethodID={1}", DB.SQuote(displayName), shippingMethodID)); } if (Request.Form.Keys[i].IndexOf("ShippingMethodCode") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int shippingMethodID = Localization.ParseUSInt(keys[1]); string shippingMethodCode = Request.Form[Request.Form.Keys[i]]; DB.ExecuteSQL(String.Format("update ShippingMethod set ShippingMethodCode={0} where ShippingMethodID={1}", DB.SQuote(shippingMethodCode), shippingMethodID)); } } // for the store mapping if (MultiStoreFilteringEnabled) { DB.ExecuteSQL(string.Format("DELETE ShippingMethodStore WHERE StoreId = {0}", StoreFilter)); var chkStoreMapElementNames = Request.Form.AllKeys.Where(elem => elem.StartsWith("chkStoreMap_")); foreach (string chkMap in chkStoreMapElementNames) { int shippingMethodId = chkMap.Split('_')[1].ToNativeInt(); DB.ExecuteSQL(string.Format("INSERT INTO ShippingMethodStore(StoreId, ShippingMethodId) Values({0}, {1})", StoreFilter, shippingMethodId)); } } } RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); _rtShippingProviderID = CommonLogic.QueryStringUSInt("RtShippingProviderID"); if (_rtShippingProviderID == 0) { Response.Redirect(AppLogic.AdminLinkUrl("rtshippingmgr.aspx")); } using (SqlConnection con = new SqlConnection(DB.GetDBConn())) { con.Open(); using (IDataReader reader = DB.GetRS(string.Format("SELECT [Name] FROM RTShippingProvider WHERE RTShippingProviderID = {0}", _rtShippingProviderID.ToString()), con)) { if (reader.Read()) { _rtShippingProviderName = DB.RSField(reader, "Name"); } } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("rtshippingmgr.aspx") + "\">RTShipping Providers</a> - Setting Allowed Countries for Real Time Shipping Providers: " + _rtShippingProviderName; if (CommonLogic.FormBool("IsSubmit")) { IsUpdated = true; DB.ExecuteSQL("delete from RTShippingProviderToCountryMap where RtShippingProviderID=" + _rtShippingProviderID.ToString()); foreach (String s in CommonLogic.FormCanBeDangerousContent("CountryList").Split(',')) { if (s.Trim().Length != 0) { DB.ExecuteSQL("insert RTShippingProviderToCountryMap(RtShippingProviderID,CountryID) values(" + _rtShippingProviderID.ToString() + "," + s + ")"); } } } if (CommonLogic.QueryStringCanBeDangerousContent("clearall").Length != 0) { DB.ExecuteSQL("delete from RTShippingProviderToCountryMap where RtShippingProviderID=" + _rtShippingProviderID.ToString()); } if (CommonLogic.QueryStringCanBeDangerousContent("allowall").Length != 0) { DB.ExecuteSQL("delete from RTShippingProviderToCountryMap where RtShippingProviderID=" + _rtShippingProviderID.ToString()); DB.ExecuteSQL("insert into RTShippingProviderToCountryMap(RtShippingProviderID,CountryID) select " + _rtShippingProviderID.ToString() + ",CountryID from Country"); } RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); SectionTitle = "Manage Shipping Methods"; // if this is a postback and the one triggered the postback // is the store combobox if (IsStoreFilterChangePostBack()) { StoreFilter = Request.Form["cboStores"].ToNativeInt(); } else { if (CommonLogic.FormBool("IsSubmit")) { for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int ShippingMethodID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch { } DB.ExecuteSQL("update ShippingMethod set DisplayOrder=" + DispOrd.ToString() + " where ShippingMethodID=" + ShippingMethodID.ToString()); IsShippingMethod = true; } } // for the store mapping if (Stores.Count > 1 && StoreFilter != Shipping.DONT_FILTER_PER_STORE) { DB.ExecuteSQL(string.Format("DELETE ShippingMethodStore WHERE StoreId = {0}", StoreFilter)); var chkStoreMapElementNames = Request.Form.AllKeys.Where(elem => elem.StartsWith("chkStoreMap_")); foreach (string chkMap in chkStoreMapElementNames) { int shippingMethodId = chkMap.Split('_')[1].ToNativeInt(); DB.ExecuteSQL(string.Format("INSERT INTO ShippingMethodStore(StoreId, ShippingMethodId) Values({0}, {1})", StoreFilter, shippingMethodId)); } } } } Render(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); VariantID = CommonLogic.QueryStringUSInt("VariantID"); ProductID = CommonLogic.QueryStringUSInt("ProductID"); VariantName = AppLogic.GetVariantName(VariantID, LocaleSetting); VariantSKUSuffix = AppLogic.GetVariantSKUSuffix(VariantID); if (VariantName.Length == 0) { VariantName = AppLogic.GetString("admin.editextendedprices.UnnamedVariant", SkinID, LocaleSetting); } if (VariantSKUSuffix.Length == 0) { VariantSKUSuffix = String.Empty; } if (ProductID == 0) { ProductID = AppLogic.GetVariantProductID(VariantID); } if (CommonLogic.FormBool("IsSubmit")) { // start with clean slate, to make all adds easy: DB.ExecuteSQL("delete from extendedprice where VariantID=" + VariantID.ToString()); for (int i = 0; i <= Request.Form.Count - 1; i++) { String FieldName = Request.Form.Keys[i]; if (FieldName.IndexOf("_vldt") == -1 && FieldName.IndexOf("Price_") != -1) { // this field should be processed decimal FieldVal = CommonLogic.FormUSDecimal(FieldName); String[] Parsed = FieldName.Split('_'); int CustomerLevelID = Localization.ParseUSInt(Parsed[1]); if (FieldVal != System.Decimal.Zero) { DB.ExecuteSQL("insert into ExtendedPrice(ExtendedPriceGUID,VariantID,CustomerLevelID,Price) values(" + DB.SQuote(DB.GetNewGUID()) + "," + VariantID.ToString() + "," + CustomerLevelID.ToString() + "," + Localization.CurrencyStringForDBWithoutExchangeRate(FieldVal) + ")"); } } } } VariantLink = " <a href=\"" + AppLogic.AdminLinkUrl("entityEditProductVariant.aspx") + "?productid=" + ProductID.ToString() + "&VariantID=" + VariantID.ToString() + "&entityname=CATEGORY&EntityID=0\">Variant</a> "; SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("variants.aspx") + "?productid=" + ProductID.ToString() + "\">" + AppLogic.GetString("admin.editextendedprices.Variants", SkinID, LocaleSetting) + "</a> - " + VariantLink + AppLogic.GetString("admin.editextendedprices.ExtendedPrices", SkinID, LocaleSetting); Render(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ProductID = CommonLogic.QueryStringUSInt("ProductID"); VariantID = CommonLogic.QueryStringUSInt("VariantID"); if (CommonLogic.FormBool("IsSubmit")) { DB.ExecuteSQL("Update productvariant set ProductID=" + CommonLogic.FormCanBeDangerousContent("NewProductID") + " where VariantID=" + VariantID.ToString()); } LoadContent(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); CustomerLevelID = CommonLogic.QueryStringUSInt("CustomerLevelID"); CustomerLevelName = Customer.GetCustomerLevelName(CustomerLevelID, LocaleSetting); if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { // remove this level from this customer: DB.ExecuteSQL("update Customer set CustomerLevelID=0 where CustomerID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID")); } if (CommonLogic.FormBool("IsSubmit")) { String EMail = CommonLogic.FormCanBeDangerousContent("EMail"); if (EMail.Length != 0) { int CustomerID = Customer.GetIDFromEMail(EMail); if (CustomerID == 0) { if (CommonLogic.IsInteger(CommonLogic.FormCanBeDangerousContent("EMail"))) { CustomerID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent("EMail")); // in case they just entered a customer id into the field. } } if (CustomerID != 0) { // clear the carts for this customer. This is to ensure their produce pricing is correct // their current cart can have customer level pricing, not retail pricing, and this prevents that: DB.ExecuteSQL("delete from shoppingcart where customerid=" + CustomerID.ToString()); DB.ExecuteSQL("delete from kitcart where customerid=" + CustomerID.ToString()); DB.ExecuteSQL("Update customer set CustomerLevelID=" + CustomerLevelID.ToString() + " where CustomerID=" + CustomerID.ToString()); } else { ErrorMsg = "That customer e-mail was not found in the database"; } } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("CustomerLevels.aspx") + "\">CustomerLevels</a> - Show Customer Level: " + CustomerLevelName; RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); cust = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer; EntityID = CommonLogic.QueryStringUSInt("EntityID");; EntityName = CommonLogic.QueryStringCanBeDangerousContent("EntityName"); m_EntitySpecs = EntityDefinitions.LookupSpecs(EntityName); Helper = new EntityHelper(m_EntitySpecs, 0); if (EntityID == 0 || EntityName.Length == 0) { ltBody.Text = "Invalid Parameters"; return; } if (CommonLogic.FormBool("IsSubmit")) { if (EntityID != 0) { DB.ExecuteSQL(String.Format("delete from {0}{1} where {2}ID={3}", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, EntityID.ToString())); } for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int ObjectID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch { } DB.ExecuteSQL(String.Format("insert into {0}{1}({2}ID,{3}ID,DisplayOrder) values({4},{5},{6})", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_ObjectName, EntityID.ToString(), ObjectID.ToString(), DispOrd.ToString())); } } } LoadBody(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ProductID = CommonLogic.QueryStringUSInt("ProductID"); VariantID = CommonLogic.QueryStringUSInt("VariantID"); if (CommonLogic.FormBool("IsSubmit")) { DB.ExecuteSQL("Update productvariant set ProductID=" + CommonLogic.FormCanBeDangerousContent("NewProductID") + " where VariantID=" + VariantID.ToString()); Response.Redirect(AppLogic.AdminLinkUrl("variants.aspx") + "?productid=" + ProductID.ToString()); } SectionTitle = String.Format(AppLogic.GetString("admin.sectiontitle.movevariant", SkinID, LocaleSetting), AppLogic.AdminLinkUrl("variants.aspx"), ProductID.ToString()); RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); if (AppLogic.ProductIsMLExpress() || AppLogic.ProductIsMLX()) { //not supported in Incartia and express Response.Redirect(AppLogic.AdminLinkUrl("restrictedfeature.aspx")); } ShippingMethodID = CommonLogic.QueryStringUSInt("ShippingMethodID"); if (ShippingMethodID == 0) { Response.Redirect(AppLogic.AdminLinkUrl("shippingmethods.aspx")); } ShippingMethodName = Shipping.GetShippingMethodName(ShippingMethodID, LocaleSetting); SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("shippingmethods.aspx") + "\">Shipping Methods</a> - Setting Allowed Zones for Shipping Method: " + ShippingMethodName; if (CommonLogic.FormBool("IsSubmit")) { IsUpdated = true; DB.ExecuteSQL("delete from ShippingMethodToZoneMap where ShippingMethodID=" + ShippingMethodID.ToString()); foreach (String s in CommonLogic.FormCanBeDangerousContent("ZoneList").Split(',')) { if (s.Trim().Length != 0) { DB.ExecuteSQL("insert ShippingMethodToZoneMap(ShippingMethodID,ShippingZoneID) values(" + ShippingMethodID.ToString() + "," + s + ")"); } } } if (CommonLogic.QueryStringCanBeDangerousContent("clearall").Length != 0) { DB.ExecuteSQL("delete from ShippingMethodToZoneMap where ShippingMethodID=" + ShippingMethodID.ToString()); } if (CommonLogic.QueryStringCanBeDangerousContent("allowall").Length != 0) { DB.ExecuteSQL("delete from ShippingMethodToZoneMap where ShippingMethodID=" + ShippingMethodID.ToString()); DB.ExecuteSQL("insert into ShippingMethodToZoneMap(ShippingMethodID,ShippingZoneID) select " + ShippingMethodID.ToString() + ",ShippingZoneID from ShippingZone"); } Render(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); if (CommonLogic.FormBool("IsSubmit")) { for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("XPrice_") != -1 && Request.Form.Keys[i].IndexOf("_vldt") == -1) { String[] keys = Request.Form.Keys[i].Split('_'); int VariantID = Localization.ParseUSInt(keys[1]); decimal Price = System.Decimal.Zero; try { if (CommonLogic.FormCanBeDangerousContent("XPrice_" + VariantID.ToString()).Length != 0) { Price = CommonLogic.FormUSDecimal("XPrice_" + VariantID.ToString()); } DB.ExecuteSQL("update ProductVariant set Price=" + CommonLogic.IIF(Price != System.Decimal.Zero, Localization.CurrencyStringForDBWithoutExchangeRate(Price), "NULL") + " where VariantID=" + VariantID.ToString()); } catch { } } if (Request.Form.Keys[i].IndexOf("YPrice") != -1 && Request.Form.Keys[i].IndexOf("_vldt") == -1) { String[] keys = Request.Form.Keys[i].Split('_'); int VariantID = Localization.ParseUSInt(keys[1]); decimal SalePrice = System.Decimal.Zero; try { if (CommonLogic.FormCanBeDangerousContent("YPrice_" + VariantID.ToString()).Length != 0) { SalePrice = CommonLogic.FormUSDecimal("YPrice_" + VariantID.ToString()); } DB.ExecuteSQL("update ProductVariant set SalePrice=" + CommonLogic.IIF(SalePrice != System.Decimal.Zero, Localization.CurrencyStringForDBWithoutExchangeRate(SalePrice), "NULL") + " where VariantID=" + VariantID.ToString()); } catch { } } } } RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); EntityID = CommonLogic.QueryStringUSInt("EntityID");; EntityName = CommonLogic.QueryStringCanBeDangerousContent("EntityName"); m_EntitySpecs = EntityDefinitions.LookupSpecs(EntityName); Helper = AppLogic.LookupHelper(EntityHelpers, m_EntitySpecs.m_EntityName); if (EntityID == 0 || EntityName.Length == 0) { Response.Redirect(AppLogic.AdminLinkUrl("default.aspx")); } if (CommonLogic.FormBool("IsSubmit")) { if (EntityID != 0) { DB.ExecuteSQL(String.Format("delete from {0}{1} where {2}ID={3}", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, EntityID.ToString())); } for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int ObjectID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch { } DB.ExecuteSQL(String.Format("insert into {0}{1}({2}ID,{3}ID,DisplayOrder) values({4},{5},{6})", m_EntitySpecs.m_ObjectName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_EntityName, m_EntitySpecs.m_ObjectName, EntityID.ToString(), ObjectID.ToString(), DispOrd.ToString())); } } } SectionTitle = AppLogic.GetString("admin.sectiontitle.displayorder", SkinID, LocaleSetting); RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ProductID = CommonLogic.QueryStringUSInt("ProductID"); VariantID = CommonLogic.QueryStringUSInt("VariantID"); TheSize = CommonLogic.QueryStringCanBeDangerousContent("Size"); if (TheSize.Length == 0) { TheSize = "medium"; } if (VariantID == 0) { VariantID = AppLogic.GetDefaultProductVariant(ProductID); } if (CommonLogic.FormBool("IsSubmit")) { String FN = ProductID.ToString(); if (AppLogic.AppConfigBool("UseSKUForProductImageName")) { using (SqlConnection conn = DB.dbConn()) { conn.Open(); using (IDataReader rs = DB.GetRS("select SKU from product with (NOLOCK) where productid=" + ProductID.ToString(), conn)) { if (rs.Read()) { String SKU = DB.RSField(rs, "SKU").Trim(); if (SKU.Length != 0) { FN = SKU; } } } } } try { for (int i = 0; i <= Request.Form.Count - 1; i++) { String FieldName = Request.Form.Keys[i]; if (FieldName.IndexOf("Key_") != -1) { String KeyVal = CommonLogic.FormCanBeDangerousContent(FieldName); // this field should be processed String[] KeyValSplit = KeyVal.Split('|'); int TheFieldID = Localization.ParseUSInt(KeyValSplit[0]); int TheProductID = Localization.ParseUSInt(KeyValSplit[1]); int TheVariantID = Localization.ParseUSInt(KeyValSplit[2]); String ImageNumber = AppLogic.CleanSizeColorOption(KeyValSplit[3]); String Color = AppLogic.CleanSizeColorOption(HttpContext.Current.Server.UrlDecode(KeyValSplit[4])); String SafeColor = CommonLogic.MakeSafeFilesystemName(Color); bool DeleteIt = (CommonLogic.FormCanBeDangerousContent("Delete_" + TheFieldID.ToString()).Length != 0); if (DeleteIt) { System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png"); } String Image2 = String.Empty; HttpPostedFile Image2File = Request.Files["Image" + TheFieldID.ToString()]; if (Image2File.ContentLength != 0) { // delete any current image file first try { System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png"); } catch { } String s = Image2File.ContentType; switch (Image2File.ContentType) { case "image/gif": Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif"; Image2File.SaveAs(Image2); break; case "image/x-png": Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png"; Image2File.SaveAs(Image2); break; case "image/jpg": case "image/jpeg": case "image/pjpeg": Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg"; Image2File.SaveAs(Image2); break; } } } } } catch (Exception ex) { ErrorMsg += CommonLogic.GetExceptionDetail(ex, "<br/>"); } } SectionTitle = String.Format(AppLogic.GetString("admin.sectiontitle.productimagemgr", SkinID, LocaleSetting), "<a href=\"" + AppLogic.AdminLinkUrl("editproduct.aspx") + "?productid=" + ProductID.ToString() + "\">", "</a>", TheSize); Render(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); NewsID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("NewsID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("NewsID") != "0") { Editing = true; NewsID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("NewsID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); DateTime dt = System.DateTime.Now.AddMonths(6); if (CommonLogic.FormCanBeDangerousContent("ExpiresOn").Length > 0) { dt = Localization.ParseNativeDateTime(CommonLogic.FormCanBeDangerousContent("ExpiresOn")); } if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into news(NewsGUID,ExpiresOn,Headline,NewsCopy,Published) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.DateQuote(Localization.ToDBDateTimeString(dt)) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Headline")) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("NewsCopy")) + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("Published")); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select NewsID from news with (NOLOCK) where deleted=0 and NewsGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); NewsID = DB.RSFieldInt(rs, "NewsID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update news set "); sql.Append("Headline=" + DB.SQuote(AppLogic.FormLocaleXml("Headline")) + ","); sql.Append("NewsCopy=" + DB.SQuote(AppLogic.FormLocaleXml("NewsCopy")) + ","); sql.Append("ExpiresOn=" + DB.DateQuote(Localization.ToDBDateTimeString(dt)) + ","); sql.Append("Published=" + CommonLogic.FormCanBeDangerousContent("Published")); sql.Append(" where NewsID=" + NewsID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("news.aspx") + "\">" + AppLogic.GetString("admin.default.News", SkinID, LocaleSetting) + "</a> - " + String.Format(AppLogic.GetString("admin.editnews.ManageNews", SkinID, LocaleSetting), CommonLogic.IIF(DataUpdated, " (Updated)", "")); RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); CardTypeID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("CardTypeID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("CardTypeID") != "0") { Editing = true; CardTypeID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("CardTypeID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { String redirectlink = "<a href=\"javascript:history.back(-1);\">go back</a>"; if (Editing) { // see if this card type already exists: int N = DB.GetSqlN("select count(CardType) as N from CreditCardType with (NOLOCK) where CardTypeID<>" + CardTypeID.ToString() + " and upper(CardType)=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("CardType").ToUpperInvariant())); if (N != 0) { ErrorMsg = "<p><b><font color=red>" + AppLogic.GetString("admin.common.Error", SkinID, LocaleSetting) + "<br/><br/></font><blockquote>" + String.Format(AppLogic.GetString("admin.editCreditCard.ExistingCard", SkinID, LocaleSetting), redirectlink) + ".</b></blockquote></p>"; } } else { // see if this cardtype is already there: int N = DB.GetSqlN("select count(CardType) as N from CreditCardType with (NOLOCK) where upper(CardType)=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("CardType").ToUpperInvariant())); if (N != 0) { ErrorMsg = "<p><b><font color=red>" + AppLogic.GetString("admin.common.Error", SkinID, LocaleSetting) + "<br/><br/></font><blockquote>" + String.Format(AppLogic.GetString("admin.editCreditCard.ExistingCard", SkinID, LocaleSetting), redirectlink) + ".</b></blockquote></p>"; } } if (ErrorMsg.Length == 0) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into CreditCardType(CardTypeGUID,CardType) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("CardType"), 100))); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select CardTypeID from CreditCardType with (NOLOCK) where CardTypeGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); CardTypeID = DB.RSFieldInt(rs, "CardTypeID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update CreditCardType set "); sql.Append("CardType=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("CardType"), 100))); sql.Append(" where CardTypeID=" + CardTypeID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("creditcards.aspx") + "\">Credit Cards</a> - Manage Credit Card Types"; Render(); }
public void ProcessRequest(HttpContext context) { context.Response.CacheControl = "private"; context.Response.Expires = 0; context.Response.AddHeader("pragma", "no-cache"); var ThisCustomer = ((InterpriseSuiteEcommercePrincipal)context.User).ThisCustomer; ThisCustomer.RequireCustomerRecord(); string ReturnURL = CommonLogic.QueryStringCanBeDangerousContent("ReturnURL"); if (ReturnURL.IndexOf("<script>", StringComparison.InvariantCultureIgnoreCase) != -1) { throw new ArgumentException("SECURITY EXCEPTION"); } //Anonymous users should not be allowed to used WishList, they must register first. if (ThisCustomer.IsNotRegistered) { string ErrMsg = string.Empty; if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1) { ErrMsg = AppLogic.GetString("signin.aspx.19", ThisCustomer.SkinID, ThisCustomer.LocaleSetting); context.Response.Redirect("signin.aspx?ErrorMsg=" + ErrMsg + "&ReturnUrl=" + Security.UrlEncode(ReturnURL)); } } string ShippingAddressID = CommonLogic.QueryStringCanBeDangerousContent("ShippingAddressID"); // only used for multi-ship if (ShippingAddressID.IsNullOrEmptyTrimmed()) { ShippingAddressID = CommonLogic.FormCanBeDangerousContent("ShippingAddressID"); } if (ShippingAddressID.IsNullOrEmptyTrimmed() && !ThisCustomer.PrimaryShippingAddressID.IsNullOrEmptyTrimmed()) { ShippingAddressID = ThisCustomer.PrimaryShippingAddressID; } string ProductID = CommonLogic.QueryStringCanBeDangerousContent("ProductID"); if (ProductID.IsNullOrEmptyTrimmed()) { ProductID = CommonLogic.FormCanBeDangerousContent("ProductID"); } string itemCode = CommonLogic.QueryStringCanBeDangerousContent("ItemCode"); // check if the item being added is matrix group // look for the matrix item and use it as itemcode instead if (!string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("MatrixItem"))) { itemCode = CommonLogic.FormCanBeDangerousContent("MatrixItem"); } bool itemExisting = false; string defaultUnitMeasure = string.Empty; if (itemCode.IsNullOrEmptyTrimmed()) { int itemCounter = 0; if (!ProductID.IsNullOrEmptyTrimmed() && int.TryParse(ProductID, out itemCounter) && itemCounter > 0) { using (var con = DB.NewSqlConnection()) { con.Open(); using (var reader = DB.GetRSFormat(con, "SELECT i.ItemCode, ium.UnitMeasureCode FROM InventoryItem i with (NOLOCK) INNER JOIN InventoryUnitMeasure ium with (NOLOCK) ON i.ItemCode = ium.ItemCode AND IsBase = 1 WHERE i.Counter = {0}", itemCounter)) { itemExisting = reader.Read(); if (itemExisting) { itemCode = DB.RSField(reader, "ItemCode"); defaultUnitMeasure = DB.RSField(reader, "UnitMeasureCode"); } } } } } else { // verify we have a valid item code using (var con = DB.NewSqlConnection()) { con.Open(); using (var reader = DB.GetRSFormat(con, "SELECT i.ItemCode FROM InventoryItem i with (NOLOCK) WHERE i.ItemCode = {0}", DB.SQuote(itemCode))) { itemExisting = reader.Read(); if (itemExisting) { itemCode = DB.RSField(reader, "ItemCode"); } } } } if (!itemExisting) { GoNextPage(context); } // get the unit measure code string unitMeasureCode = CommonLogic.QueryStringCanBeDangerousContent("UnitMeasureCode"); if (unitMeasureCode.IsNullOrEmptyTrimmed()) { unitMeasureCode = CommonLogic.FormCanBeDangerousContent("UnitMeasureCode"); } if (unitMeasureCode.IsNullOrEmptyTrimmed()) { unitMeasureCode = defaultUnitMeasure; } // check if the unit measure is default so that we won't have to check // if the unit measure specified is valid... if (false.Equals(unitMeasureCode.Equals(defaultUnitMeasure, StringComparison.InvariantCultureIgnoreCase))) { bool isValidUnitMeasureForThisItem = false; using (var con = DB.NewSqlConnection()) { con.Open(); using (var reader = DB.GetRSFormat(con, "SELECT UnitMeasureCode FROM InventoryUnitMeasure with (NOLOCK) WHERE ItemCode= {0} AND UnitMeasureCode = {1}", DB.SQuote(itemCode), DB.SQuote(unitMeasureCode))) { isValidUnitMeasureForThisItem = reader.Read(); if (isValidUnitMeasureForThisItem) { // maybe mixed case specified, just set.. unitMeasureCode = DB.RSField(reader, "UnitMeasureCode"); } } } if (!isValidUnitMeasureForThisItem) { GoNextPage(context); } } decimal Quantity = CommonLogic.FormLocaleDecimal("Quantity", ThisCustomer.LocaleSetting);//CommonLogic.QueryStringUSDecimal("Quantity"); if (Quantity == 0) { Quantity = CommonLogic.FormNativeDecimal("Quantity"); } if (Quantity == 0) { Quantity = 1; } Quantity = CommonLogic.RoundQuantity(Quantity); // Now let's check the shipping address if valid if specified if (ShippingAddressID != ThisCustomer.PrimaryShippingAddressID) { if (ThisCustomer.IsRegistered) { bool shippingAddressIsValidForThisCustomer = false; using (var con = DB.NewSqlConnection()) { con.Open(); using (var reader = DB.GetRSFormat(con, "SELECT ShipToCode FROM CustomerShipTo with (NOLOCK) WHERE CustomerCode = {0} AND IsActive = 1 AND ShipToCode = {1}", DB.SQuote(ThisCustomer.CustomerCode), DB.SQuote(ShippingAddressID))) { shippingAddressIsValidForThisCustomer = reader.Read(); if (shippingAddressIsValidForThisCustomer) { // maybe mixed case, just set... ShippingAddressID = DB.RSField(reader, "ShipToCode"); } } } if (!shippingAddressIsValidForThisCustomer) { GoNextPage(context); } } else { ShippingAddressID = ThisCustomer.PrimaryShippingAddressID; } } var CartType = CartTypeEnum.ShoppingCart; if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1) { CartType = CartTypeEnum.WishCart; } var giftRegistryItemType = GiftRegistryItemType.vItem; if (CommonLogic.FormNativeInt("IsAddToGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsAddToGiftRegistry") == 1) { CartType = CartTypeEnum.GiftRegistryCart; } if (CommonLogic.FormNativeInt("IsAddToGiftRegistryOption") == 1 || CommonLogic.QueryStringUSInt("IsAddToGiftRegistryOption") == 1) { CartType = CartTypeEnum.GiftRegistryCart; giftRegistryItemType = GiftRegistryItemType.vOption; } ShoppingCart cart = null; bool itemIsARegistryItem = false; if (!itemCode.IsNullOrEmptyTrimmed()) { #region " --GIFTREGISTRY-- " if (CartType == CartTypeEnum.GiftRegistryCart) { Guid?registryID = CommonLogic.FormCanBeDangerousContent("giftregistryOptions").TryParseGuid(); if (registryID.HasValue) { var selectedGiftRegistry = ThisCustomer.GiftRegistries.FindFromDb(registryID.Value); if (selectedGiftRegistry != null) { bool isKit = AppLogic.IsAKit(itemCode); KitComposition preferredComposition = null; GiftRegistryItem registryItem = null; if (isKit) { preferredComposition = KitComposition.FromForm(ThisCustomer, itemCode); var registrytems = selectedGiftRegistry.GiftRegistryItems.Where(giftItem => giftItem.ItemCode == itemCode && giftItem.GiftRegistryItemType == giftRegistryItemType); Guid?matchedRegitryItemCode = null; //Do this routine to check if there are kit items //matched the selected kit items from the cart in the registry items foreach (var regitm in registrytems) { regitm.IsKit = true; var compositionItems = regitm.GetKitItemsFromComposition(); if (compositionItems.Count() == 0) { continue; } var arrItemCodes = compositionItems.Select(item => item.ItemCode) .ToArray(); var preferredItemCodes = preferredComposition.Compositions.Select(kititem => kititem.ItemCode); var lst = arrItemCodes.Except(preferredItemCodes); //has match if (lst.Count() == 0) { matchedRegitryItemCode = regitm.RegistryItemCode; break; } } if (matchedRegitryItemCode.HasValue) { registryItem = selectedGiftRegistry.GiftRegistryItems.FirstOrDefault(giftItem => giftItem.RegistryItemCode == matchedRegitryItemCode); } } //if not kit item get the item as is if (registryItem == null && !isKit) { registryItem = selectedGiftRegistry.GiftRegistryItems.FirstOrDefault(giftItem => giftItem.ItemCode == itemCode && giftItem.GiftRegistryItemType == giftRegistryItemType); } if (registryItem != null) { registryItem.Quantity += Quantity; registryItem.UnitMeasureCode = unitMeasureCode; selectedGiftRegistry.GiftRegistryItems.UpdateToDb(registryItem); } else { registryItem = new GiftRegistryItem() { GiftRegistryItemType = giftRegistryItemType, RegistryItemCode = Guid.NewGuid(), ItemCode = itemCode, Quantity = Quantity, RegistryID = registryID.Value, UnitMeasureCode = unitMeasureCode }; selectedGiftRegistry.GiftRegistryItems.AddToDb(registryItem); } if (isKit && preferredComposition != null) { registryItem.ClearKitItemsFromComposition(); preferredComposition.AddToGiftRegistry(registryID.Value, registryItem.RegistryItemCode); } HttpContext.Current.Response.Redirect(string.Format("~/editgiftregistry.aspx?{0}={1}", DomainConstants.GIFTREGISTRYPARAMCHAR, registryID.Value)); } } GoNextPage(context); } #endregion CartRegistryParam registryCartParam = null; if (AppLogic.AppConfigBool("GiftRegistry.Enabled")) { registryCartParam = new CartRegistryParam() { RegistryID = CommonLogic.FormGuid("RegistryID"), RegistryItemCode = CommonLogic.FormGuid("RegistryItemCode") }; } if (registryCartParam != null && registryCartParam.RegistryID.HasValue && registryCartParam.RegistryItemCode.HasValue) { ShippingAddressID = GiftRegistryDA.GetPrimaryShippingAddressCodeOfOwnerByRegistryID(registryCartParam.RegistryID.Value); itemIsARegistryItem = true; } cart = new ShoppingCart(null, 1, ThisCustomer, CartType, string.Empty, false, true, string.Empty); if (Quantity > 0) { if (AppLogic.IsAKit(itemCode)) { var preferredComposition = KitComposition.FromForm(ThisCustomer, CartType, itemCode); if (preferredComposition == null) { int itemCounter = 0; int.TryParse(ProductID, out itemCounter); var kitData = KitItemData.GetKitComposition(ThisCustomer, itemCounter, itemCode); var kitContents = new StringBuilder(); foreach (var kitGroup in kitData.Groups) { if (kitContents.Length > 0) { kitContents.Append(","); } var selectedItems = new StringBuilder(); int kitGroupCounter = kitGroup.Id; var selectedKitItems = kitGroup.Items.Where(i => i.IsSelected == true); foreach (var item in selectedKitItems) { if (selectedItems.Length > 0) { selectedItems.Append(","); } //note: since we are adding the kit counter and kit item counter in KitItemData.GetKitComposition (stored proc. EcommerceGetKitItems) //as "kit item counter", we'll reverse the process in order to get the "real kit item counter" int kitItemCounter = item.Id - itemCounter; selectedItems.Append(kitGroupCounter.ToString() + DomainConstants.KITCOMPOSITION_DELIMITER + kitItemCounter.ToString()); } kitContents.Append(selectedItems.ToString()); } preferredComposition = KitComposition.FromComposition(kitContents.ToString(), ThisCustomer, CartType, itemCode); } preferredComposition.PricingType = CommonLogic.FormCanBeDangerousContent("KitPricingType"); if (CommonLogic.FormBool("IsEditKit") && !CommonLogic.IsStringNullOrEmpty(CommonLogic.FormCanBeDangerousContent("KitCartID")) && InterpriseHelper.IsValidGuid(CommonLogic.FormCanBeDangerousContent("KitCartID"))) { Guid cartID = new Guid(CommonLogic.FormCanBeDangerousContent("KitCartID")); preferredComposition.CartID = cartID; } cart.AddItem(ThisCustomer, ShippingAddressID, itemCode, int.Parse(ProductID), Quantity, unitMeasureCode, CartType, preferredComposition, registryCartParam); } else { cart.AddItem(ThisCustomer, ShippingAddressID, itemCode, int.Parse(ProductID), Quantity, unitMeasureCode, CartType, null, registryCartParam); } } string RelatedProducts = CommonLogic.QueryStringCanBeDangerousContent("relatedproducts").Trim(); string UpsellProducts = CommonLogic.FormCanBeDangerousContent("UpsellProducts").Trim(); string combined = string.Concat(RelatedProducts, UpsellProducts); if (combined.Length != 0 && CartType == CartTypeEnum.ShoppingCart) { string[] arrUpsell = combined.Split(','); foreach (string s in arrUpsell) { string PID = s.Trim(); if (PID.Length == 0) { continue; } int UpsellProductID; try { UpsellProductID = Localization.ParseUSInt(PID); if (UpsellProductID != 0) { string ItemCode = InterpriseHelper.GetInventoryItemCode(UpsellProductID); string itemUnitMeasure = string.Empty; using (var con = DB.NewSqlConnection()) { con.Open(); using (var reader = DB.GetRSFormat(con, "SELECT ium.UnitMeasureCode FROM InventoryItem i with (NOLOCK) INNER JOIN InventoryUnitMeasure ium with (NOLOCK) ON i.ItemCode = ium.ItemCode AND IsBase = 1 WHERE i.ItemCode = {0}", DB.SQuote(ItemCode))) { if (reader.Read()) { itemUnitMeasure = DB.RSField(reader, "UnitMeasureCode"); } } } cart.AddItem(ThisCustomer, ShippingAddressID, ItemCode, UpsellProductID, 1, itemUnitMeasure, CartType); } } catch { } } } } GoNextPage(context, itemIsARegistryItem, CartType, ThisCustomer); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ProductID = CommonLogic.QueryStringUSInt("ProductID"); VariantID = CommonLogic.QueryStringUSInt("VariantID"); TheSize = CommonLogic.QueryStringCanBeDangerousContent("Size"); if (TheSize.Length == 0) { TheSize = "medium"; } if (VariantID == 0) { VariantID = AppLogic.GetDefaultProductVariant(ProductID); } if (CommonLogic.FormBool("IsSubmit")) { var FN = ProductID.ToString(); if (AppLogic.AppConfigBool("UseSKUForProductImageName")) { using (var dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (var rs = DB.GetRS("select SKU from product with (NOLOCK) where productid=" + ProductID.ToString(), dbconn)) { if (rs.Read()) { var SKU = DB.RSField(rs, "SKU").Trim(); if (SKU.Length != 0) { FN = SKU; } } } } } try { for (int i = 0; i <= Request.Form.Count - 1; i++) { String FieldName = Request.Form.Keys[i]; if (FieldName.IndexOf("Key_") != -1) { String KeyVal = CommonLogic.FormCanBeDangerousContent(FieldName); // this field should be processed String[] KeyValSplit = KeyVal.Split('|'); int TheFieldID = Localization.ParseUSInt(KeyValSplit[0]); int TheProductID = Localization.ParseUSInt(KeyValSplit[1]); int TheVariantID = Localization.ParseUSInt(KeyValSplit[2]); String ImageNumber = AppLogic.CleanSizeColorOption(KeyValSplit[3]); String Color = AppLogic.CleanSizeColorOption(HttpContext.Current.Server.UrlDecode(KeyValSplit[4])); String SafeColor = CommonLogic.MakeSafeFilesystemName(Color); bool DeleteIt = (CommonLogic.FormCanBeDangerousContent("Delete_" + TheFieldID.ToString()).Length != 0); if (DeleteIt) { System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png"); System.IO.File.Delete(AppLogic.GetImagePath("Product", "micro", true) + FN + "_" + ImageNumber.ToLowerInvariant() + ".jpg"); } String Image2 = String.Empty; String TempImage2 = String.Empty; String ContentType = String.Empty; HttpPostedFile Image2File = Request.Files["Image" + TheFieldID.ToString()]; if (Image2File.ContentLength != 0) { // delete any current image file first try { System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png"); } catch { } String s = Image2File.ContentType; switch (Image2File.ContentType) { case "image/gif": TempImage2 = AppLogic.GetImagePath("Product", TheSize, true) + "tmp_" + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif"; Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".gif"; Image2File.SaveAs(TempImage2); ImageResize.ResizeEntityOrObject("Product", TempImage2, Image2, TheSize, "image/gif"); ContentType = "image/gif"; break; case "image/x-png": case "image/png": TempImage2 = AppLogic.GetImagePath("Product", TheSize, true) + "tmp_" + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png"; Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".png"; Image2File.SaveAs(TempImage2); ImageResize.ResizeEntityOrObject("Product", TempImage2, Image2, TheSize, "image/png"); ContentType = "image/png"; break; case "image/jpg": case "image/jpeg": case "image/pjpeg": TempImage2 = AppLogic.GetImagePath("Product", TheSize, true) + "tmp_" + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg"; Image2 = AppLogic.GetImagePath("Product", TheSize, true) + FN + "_" + ImageNumber.ToLowerInvariant() + "_" + SafeColor + ".jpg"; Image2File.SaveAs(TempImage2); ImageResize.ResizeEntityOrObject("Product", TempImage2, Image2, TheSize, "image/jpeg"); ContentType = "image/jpeg"; break; } // lets try and create the other multi images if using the large multi image manager if (TheSize == "large") { ImageResize.MakeOtherMultis(FN, ImageNumber, SafeColor, TempImage2, ContentType); } else if (AppLogic.AppConfigBool("MultiMakesMicros") && TheSize == "medium" && SafeColor == "") { // lets create micro images if using the medium multi image manager // since the medium icons are what show on the product pages ImageResize.MakeMicroPic(FN, TempImage2, ImageNumber); } // delete the temp image ImageResize.DisposeOfTempImage(TempImage2); } } } ctrlAlertMessage.PushAlertMessage(AppLogic.GetString("admin.common.ItemUpdated", SkinID, LocaleSetting), AlertMessage.AlertType.Success); } catch (Exception ex) { ctrlAlertMessage.PushAlertMessage(CommonLogic.GetExceptionDetail(ex, "<br/>"), AlertMessage.AlertType.Error); } String variantColors = String.Empty; using (var dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (var rsColors = DB.GetRS("select Colors from productvariant with (NOLOCK) where VariantID=" + VariantID.ToString(), dbconn)) { if (rsColors.Read()) { variantColors = DB.RSFieldByLocale(rsColors, "Colors", Localization.GetDefaultLocale()); } } } } this.LoadData(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); /****************************************************************************/ // * WARNING TO DEVELOPERS // * The redirect below is a SAFETY feature. Removing the redirect will not // * enable ML-only features on a lower version of AspDotNetStorefront. // * Attempting to do so can very easily result in a partially implemented // * feature, invalid or incomplete data in your DB, and other serious // * conditions that will cause your store to be non-functional. // * // * If you break your store attempting to enable ML-only features in PRO or // * Standard, our staff cannot help you fix it, and it will also invalidate // * your AspDotNetStorefront License. /***************************************************************************/ if (AppLogic.ProductIsMLExpress()) { Response.Redirect(AppLogic.AdminLinkUrl("restrictedfeature.aspx")); } CustomerLevelID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID") != "0") { Editing = true; CustomerLevelID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { if (ErrorMsg.Length == 0) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into CustomerLevel(CustomerLevelGUID,Name,LevelDiscountPercent,LevelDiscountAmount,LevelHasFreeShipping,LevelAllowsQuantityDiscounts,LevelAllowsPO,LevelHasNoTax,LevelAllowsCoupons,LevelDiscountsApplyToExtendedPrices) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append(Localization.DecimalStringForDB(CommonLogic.FormUSDecimal("LevelDiscountPercent")) + ","); sql.Append(Localization.CurrencyStringForDBWithoutExchangeRate(CommonLogic.FormUSDecimal("LevelDiscountAmount")) + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices")); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select CustomerLevelID from CustomerLevel with (NOLOCK) where deleted=0 and CustomerLevelGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); CustomerLevelID = DB.RSFieldInt(rs, "CustomerLevelID"); Editing = true; } } DataUpdated = true; Response.Redirect("customerlevels.aspx", true); } else { // ok to update: sql.Append("update CustomerLevel set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append("LevelDiscountPercent=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent")) + ","); sql.Append("LevelDiscountAmount=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount")) + ","); sql.Append("LevelHasFreeShipping=" + CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ","); sql.Append("LevelAllowsQuantityDiscounts=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ","); sql.Append("LevelAllowsPO=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ","); sql.Append("LevelHasNoTax=" + CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ","); sql.Append("LevelAllowsCoupons=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ","); sql.Append("LevelDiscountsApplyToExtendedPrices=" + CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices")); sql.Append(" where CustomerLevelID=" + CustomerLevelID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("CustomerLevels.aspx") + "\">CustomerLevels</a> - Manage Customer Levels"; Render(); }
protected void Page_Load(object sender, System.EventArgs e) { StringBuilder writer = new StringBuilder(); Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); int ONX = CommonLogic.QueryStringUSInt("OrderNumber"); Customer ThisCustomer = Context.GetCustomer(); int OrderCustomerID = 0; String OriginalTransactionID = String.Empty; String PM = String.Empty; using (var dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (var rs = DB.GetRS(String.Format("select CustomerID,AuthorizationPNREF,PaymentMethod from Orders with (NOLOCK) where OrderNumber={0}", ONX.ToString()), dbconn)) { if (rs.Read()) { OrderCustomerID = DB.RSFieldInt(rs, "CustomerID"); OriginalTransactionID = DB.RSField(rs, "AuthorizationPNREF"); PM = AppLogic.CleanPaymentMethod(DB.RSField(rs, "PaymentMethod")); } } } Customer OrderCustomer = new Customer(OrderCustomerID, true); String GW = AppLogic.ActivePaymentGatewayCleaned(); if (PM == AppLogic.ro_PMPayPalExpress) { GW = Gateway.ro_GWPAYPAL; } bool GatewayRequiresCC = GatewayLoader.GetProcessor(GW).RequiresCCForFurtherProcessing(); writer.Append("<div class=\"white-ui-box\">"); if (!ThisCustomer.IsAdminUser) { writer.Append("<b><font color=red>" + AppLogic.GetString("admin.common.PermissionDeniedUC", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</b></font>"); } else { if (ONX == 0 || OrderCustomerID == 0) { writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.1", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>"); writer.Append("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>"); } else { Address BillingAddress = new Address(); BillingAddress.LoadFromDB(OrderCustomer.PrimaryBillingAddressID); if (CommonLogic.FormBool("IsSubmit") && CommonLogic.FormCanBeDangerousContent("OrderTotal").Trim().Length != 0) { Decimal OrderTotal = CommonLogic.FormNativeDecimal("OrderTotal"); String OrderDescription = CommonLogic.FormCanBeDangerousContent("Description"); AppLogic.TransactionTypeEnum OrderType = (AppLogic.TransactionTypeEnum)Enum.Parse(typeof(AppLogic.TransactionTypeEnum), CommonLogic.FormCanBeDangerousContent("OrderType"), true); int NewOrderNumber = 0; if (OrderType == AppLogic.TransactionTypeEnum.CHARGE) { if (CommonLogic.FormCanBeDangerousContent("CardNumber").Length < 4) { Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard.Success", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID)); } else { Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard.Success", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length - 4).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID)); } } // use the billing info in the form, as the store admin may have overridden what was in the db // NOTE: we are NOT going to save this new updated billing info however, it is really up to the customer // to change their billing info, or the store admin should edit their billing address in the customers account page area BillingAddress.CardName = CommonLogic.FormCanBeDangerousContent("CardName"); // NOTE, this could be last4 at this point!! not a full CC #! that is ok, as this address will never be stored to the db anyway! BillingAddress.CardNumber = CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", ""); BillingAddress.CardType = CommonLogic.FormCanBeDangerousContent("CardType"); BillingAddress.CardExpirationMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth"); BillingAddress.CardExpirationYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear"); BillingAddress.CardStartDate = CommonLogic.FormCanBeDangerousContent("CardStartDate").Trim().Replace(" ", "").Replace("/", "").Replace("\\", ""); BillingAddress.CardIssueNumber = CommonLogic.FormCanBeDangerousContent("CardIssueNumber"); String CardExtraCode = CommonLogic.FormCanBeDangerousContent("CardExtraCode"); String Status = Gateway.MakeAdHocOrder(AppLogic.ActivePaymentGatewayCleaned(), ONX, OriginalTransactionID, OrderCustomer, BillingAddress, CardExtraCode, OrderTotal, OrderType, OrderDescription, out NewOrderNumber); //PABP Required cleanup of in-memory objects CardExtraCode = "11111"; CardExtraCode = "00000"; CardExtraCode = "11111"; CardExtraCode = String.Empty; if (Status == AppLogic.ro_OK) { Response.Redirect(AppLogic.AdminLinkUrl("adhocchargecomplete.aspx") + "?ordernumber=" + NewOrderNumber.ToString()); } else { Response.Write("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.3", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "<br/>" + Status + "</div>"); } Response.Write("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>"); } else { writer.Append("<script type=\"text/javascript\">\n"); writer.Append("var GatewayRequiresCC=" + CommonLogic.IIF(GatewayRequiresCC, "1", "0") + ";\n"); writer.Append("function getSelectedRadio(buttonGroup) {\n"); writer.Append(" // returns the array number of the selected radio button or -1 if no button is selected\n"); writer.Append(" if (buttonGroup[0]) { // if the button group is an array (one button is not an array)\n"); writer.Append(" for (var i=0; i<buttonGroup.length; i++) {\n"); writer.Append(" if (buttonGroup[i].checked) {\n"); writer.Append(" return i\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" } else {\n"); writer.Append(" if (buttonGroup.checked) { return 0; } // if the one button is checked, return zero\n"); writer.Append(" }\n"); writer.Append(" // if we get to this point, no radio button is selected\n"); writer.Append(" return -1;\n"); writer.Append("}"); writer.Append("\n"); writer.Append("function getSelectedRadioValue(buttonGroup) {\n"); writer.Append(" // returns the value of the selected radio button or '' if no button is selected\n"); writer.Append(" var i = getSelectedRadio(buttonGroup);\n"); writer.Append(" if (i == -1) {\n"); writer.Append(" return '';\n"); writer.Append(" } else {\n"); writer.Append(" if (buttonGroup[i]) { // Make sure the button group is an array (not just one button)\n"); writer.Append(" return buttonGroup[i].value;\n"); writer.Append(" } else { // The button group is just the one button, and it is checked\n"); writer.Append(" return buttonGroup.value;\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append("}"); writer.Append("\n"); writer.Append("function AdHocOrderTypeChanged()\n"); writer.Append("{\n"); writer.Append(" if(GatewayRequiresCC == 1 || getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "')\n"); writer.Append(" {\n"); writer.Append(" CCDiv.style.display = 'block';\n"); writer.Append(" }\n"); writer.Append(" else\n"); writer.Append(" {\n"); writer.Append(" CCDiv.style.display = 'none';\n"); writer.Append(" }\n"); writer.Append("}\n"); writer.Append("function AdHocChargeOrRefundForm_Validator(theForm)\n"); writer.Append("{\n"); writer.Append(" submitonce(theForm);\n"); writer.Append(" if(theForm.Description.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.4", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n"); writer.Append(" theForm.Description.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if((getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "') || (GatewayRequiresCC == 1 && getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "'))\n"); writer.Append(" {\n"); writer.Append(" if(theForm.CardName.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Name On Card") + "');\n"); writer.Append(" theForm.CardName.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardNumber.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Number") + "');\n"); writer.Append(" theForm.CardNumber.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(isNaN(theForm.CardNumber.value))\n"); writer.Append(" {\n"); writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.28", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n"); writer.Append(" theForm.CardNumber.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardExpirationMonth.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Month") + "');\n"); writer.Append(" theForm.CardExpirationMonth.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardExpirationYear.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Year") + "');\n"); writer.Append(" theForm.CardExpirationYear.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardType.selectedIndex < 1)\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Type") + "');\n"); writer.Append(" theForm.CardType.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (true);\n"); writer.Append("}\n"); writer.Append("</script>\n"); writer.Append(String.Format(AppLogic.GetString("adhoccharge.aspx.5", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), ONX.ToString())); writer.Append("<p>" + AppLogic.GetString("adhoccharge.aspx.6", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</p>"); String CNM = BillingAddress.CardName; String CN = BillingAddress.CardNumber; String Last4 = String.Empty; String CExpMonth = BillingAddress.CardExpirationMonth; String CExpYear = BillingAddress.CardExpirationYear; String CardType = BillingAddress.CardType; if (CN.Length == 0) { // try to pull it from order record: using (var dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (var rs2 = DB.GetRS(String.Format("SELECT CardNumber, CardName, Last4, CardExpirationMonth, CardExpirationYear, CardNumber, CardType, {0} FROM Orders WHERE OrderNumber = {1}", AppLogic.AppConfig("OrdersCCSaltField"), ONX), dbconn)) { if (rs2.Read()) { CN = DB.RSField(rs2, "CardNumber"); CNM = DB.RSField(rs2, "CardName"); Last4 = DB.RSField(rs2, "Last4"); CExpMonth = DB.RSField(rs2, "CardExpirationMonth"); CExpYear = DB.RSField(rs2, "CardExpirationYear"); CN = DB.RSField(rs2, "CardNumber"); CN = Security.UnmungeString(CN, DB.RSField(rs2, AppLogic.AppConfig("OrdersCCSaltField"))); if (CN.StartsWith(Security.ro_DecryptFailedPrefix, StringComparison.InvariantCultureIgnoreCase)) { CN = DB.RSField(rs2, "CardNumber"); } CardType = DB.RSField(rs2, "CardType"); } } } } if (AppLogic.AppConfigBool("StoreCCInDB") && OrderCustomer.StoreCCInDB && CN.Length > 0) { Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard.Success", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CN.Replace("*", "").Substring(CN.Replace("*", "").Length - 4).PadLeft(CN.Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID)); } if (GatewayRequiresCC) { writer.Append("<div class=\"alert alert-info\">" + AppLogic.GetString("adhoccharge.aspx.11", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>"); } else { writer.Append("<div class=\"alert alert-info\">" + AppLogic.GetString("adhoccharge.aspx.12", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>"); } if (!OrderCustomer.StoreCCInDB) { writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.13", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>"); } if (CN.Length == 0 || CN == AppLogic.ro_CCNotStoredString) { writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.14", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>"); } if (OrderCustomer.PrimaryBillingAddressID == 0) { writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.7", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>"); } else if (CN.Length == 0 && Last4.Length == 0 && GW != Gateway.ro_GWPAYPAL) { writer.Append("<div class=\"alert alert-danger\">" + AppLogic.GetString("adhoccharge.aspx.8", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</div>"); } else { if (CommonLogic.FormBool("IsSubmit") && CommonLogic.FormCanBeDangerousContent("OrderTotal").Trim().Length == 0) { writer.Append("<div class=\"alert alert-danger\">Please enter a valid charge amount</div>\n"); } writer.Append("<form id=\"AdHocChargeOrRefundForm\" name=\"AdHocChargeOrRefundForm\" method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("adhoccharge.aspx") + "?OrderNumber=" + ONX.ToString() + "\" >"); writer.Append(" <div class=\"item-action-bar\">"); writer.Append(" <input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B2\" onClick=\"javascript:self.close()\" class=\"btn btn-default\">"); writer.Append(" <input type=\"submit\" value=\"" + AppLogic.GetString("adhoccharge.aspx.21", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B1\" class=\"btn btn-primary\">"); writer.Append(" </div>"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n"); writer.Append("<table class=\"table\">"); writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.9", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OriginalTransactionID.ToString() + "</td></tr>"); writer.Append("<tr><td>" + AppLogic.GetString("admin.label.CustomerID", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.CustomerID.ToString() + "</td></tr>"); writer.Append("<tr><td>" + AppLogic.GetString("admin.label.CustomerName", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.FullName() + "</td></tr>"); writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.27", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + BillingAddress.Phone + "</td></tr>"); writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.16", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>"); writer.Append("<input onClick=\"AdHocOrderTypeChanged()\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "\" id=\"ChargeOrderType\" name=\"OrderType\">" + AppLogic.GetString("adhoccharge.aspx.17", ThisCustomer.SkinID, ThisCustomer.LocaleSetting)); writer.Append(" "); writer.Append("<input onClick=\"AdHocOrderTypeChanged()\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "\" id=\"RefundOrderType\" name=\"OrderType\" checked>" + AppLogic.GetString("adhoccharge.aspx.18", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>"); writer.Append("<tr><td>" + AppLogic.GetString("adhoccharge.aspx.19", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" name=\"OrderTotal\" size=\"7\"><input type=\"hidden\" name=\"OrderTotal_vldt\" value=\"[req][number][blankalert=" + AppLogic.GetString("adhoccharge.aspx.26", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "][invalidalert=" + AppLogic.GetString("admin.common.ValidDollarAmountPrompt", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "]\"> (xx.xx format)</td></tr>"); writer.Append("<tr><td colspan=\"2\">"); writer.Append("<div id=\"CCDiv\" name=\"CCDiv\" style=\"display:" + CommonLogic.IIF(GatewayRequiresCC, "block", "none") + ";\">"); writer.Append("<table class=\"table\">"); writer.Append("<tr>"); writer.Append("<td align=\"right\">" + AppLogic.GetString("address.cs.31", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td>"); writer.Append("<td>\n"); writer.Append("<select size=\"1\" name=\"CardType\" id=\"CardType\">"); writer.Append("<option value=\"\">" + AppLogic.GetString("address.cs.32", ThisCustomer.SkinID, ThisCustomer.LocaleSetting)); using (var dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (var rsCard = DB.GetRS("select * from creditcardtype with (NOLOCK) where Accepted=1 order by CardType", dbconn)) { while (rsCard.Read()) { writer.Append("<option value=\"" + DB.RSField(rsCard, "CardType") + "\" " + CommonLogic.IIF(CardType == DB.RSField(rsCard, "CardType"), " selected ", "") + ">" + DB.RSField(rsCard, "CardType") + "</option>\n"); } } } writer.Append("</select>\n"); writer.Append("</td>"); writer.Append("</tr>"); writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.10", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"100\" type=\"text\" name=\"CardName\" id=\"CardName\" value=\"" + CNM + "\"></td></tr>"); writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.24", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"19\" type=\"text\" autocomplete=\"off\" name=\"CardNumber\" id=\"CardNumber\" value=\"" + CN + "\"> " + String.Format(AppLogic.GetString("admin.adhoccharge.OriginalOrderLastFour", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), Last4) + ")</td></tr>"); writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.15", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"4\" maxlength=\"4\" type=\"text\" autocomplete=\"off\" name=\"CardExtraCode\" id=\"CardExtraCode\">"); writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.25", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" size=\"2\" maxlength=\"2\" name=\"CardExpirationMonth\" id=\"CardExpirationMonth\" value=\"" + CExpMonth + "\"> / <input size=\"4\" maxlength=\"4\" type=\"text\" name=\"CardExpirationYear\" id=\"CardExpirationYear\" value=\"" + CExpYear + "\"> (MM/YYYY)</td></tr>"); if (AppLogic.AppConfigBool("ShowCardStartDateFields")) { writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("address.cs.59", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardStartDate\" id=\"CardStartDate\" size=\"5\" maxlength=\"20\"> " + AppLogic.GetString("address.cs.64", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>"); writer.Append("<tr><td align=\"right\">" + AppLogic.GetString("address.cs.61", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardIssueNumber\" id=\"CardIssueNumber\" size=\"25\" maxlength=\"25\"> " + AppLogic.GetString("address.cs.63", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>"); } writer.Append("</table>"); writer.Append("</div>"); writer.Append("</td></tr>"); writer.Append("</table>"); writer.Append(" <p>" + AppLogic.GetString("adhoccharge.aspx.20", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </p>"); writer.Append(" <p><textarea class=\"text-multiline\" id=\"Description\" name=\"Description\" style=\"width: 90%\"></textarea></p>"); writer.Append(" <div class=\"item-action-bar\">"); writer.Append(" <input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B2\" onClick=\"javascript:self.close()\" class=\"btn btn-default\">"); writer.Append(" <input type=\"submit\" value=\"" + AppLogic.GetString("adhoccharge.aspx.21", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B1\" onClick=\"return AdHocChargeOrRefundForm_Validator(this.form);\" class=\"btn btn-primary\">"); writer.Append(" </div>"); writer.Append("</form>"); } } } } writer.Append("</div>"); ltContent.Text = writer.ToString(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ShippingZoneID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID") != "0") { Editing = true; ShippingZoneID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); string sZipCodesWithoutSpace = CleanZipCodes(CommonLogic.FormCanBeDangerousContent("ZipCodes")); int countryID = CommonLogic.FormNativeInt("hfAddressCountry"); bool zipCodeEntryValid = ValidateZipCodes(sZipCodesWithoutSpace, countryID); if (zipCodeEntryValid) { if (!Editing) { // ok to add: String NewGUID = DB.GetNewGUID(); sql.Append("insert into shippingZone(ShippingZoneGUID,Name,ZipCodes, CountryID) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append(DB.SQuote(sZipCodesWithoutSpace) + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("hfAddressCountry")); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select ShippingZoneID from shippingZone with (NOLOCK) where deleted=0 and ShippingZoneGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); ShippingZoneID = DB.RSFieldInt(rs, "ShippingZoneID"); Editing = true; } } DataUpdated = true; Response.Redirect("shippingzones.aspx", true); } else { int ZoneCountryID; if (!int.TryParse(CommonLogic.FormCanBeDangerousContent("hfAddressCountry"), out ZoneCountryID)) { ZoneCountryID = usCountryExist; } // ok to update: sql.Append("update shippingZone set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append("ZipCodes=" + DB.SQuote(Regex.Replace(CommonLogic.FormCanBeDangerousContent("ZipCodes"), "\\s+", "", RegexOptions.Compiled)) + ","); sql.Append("CountryID=" + ZoneCountryID); sql.Append(" where ShippingZoneID=" + ShippingZoneID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } else { Editing = true; DataUpdated = false; string exampleFormat = AppLogic.GetCountryPostalExample(countryID); ErrorMsg = string.Format(AppLogic.GetString("admin.editshippingzone.EnterZipCodes", SkinID, LocaleSetting), exampleFormat); } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("shippingzones.aspx") + "\">" + AppLogic.GetString("admin.menu.ShippingZones", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editshippingzone.ManageShippingZones", SkinID, LocaleSetting) + ""; RenderHtml(); }
private void RenderHtml() { StringBuilder writer = new StringBuilder(); int PollID = CommonLogic.QueryStringUSInt("PollID"); if (PollID == 0) { Response.Redirect(AppLogic.AdminLinkUrl("polls.aspx")); } String PollName = AppLogic.GetPollName(PollID, LocaleSetting); if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { // delete the mfg: DB.ExecuteSQL("update PollAnswer set deleted=1 where PollAnswerID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID")); } if (CommonLogic.FormBool("IsSubmit")) { for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int PollAnswerID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch {} DB.ExecuteSQL("update PollAnswer set DisplayOrder=" + DispOrd.ToString() + " where PollAnswerID=" + PollAnswerID.ToString()); } } } writer.Append("<p align=\"left\"" + String.Format(AppLogic.GetString("admin.pollanswers.EditinAnswers", SkinID, LocaleSetting), AppLogic.AdminLinkUrl("editpolls.aspx"), PollID.ToString(), PollName, PollID.ToString()) + "</p>\n"); writer.Append("<form id=\"Form1\" name=\"Form1\" method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("pollanswers.aspx") + "?Pollid=" + PollID.ToString() + "\">\n"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n"); writer.Append(" <table border=\"0\" cellpadding=\"0\" border=\"0\" cellspacing=\"0\" width=\"100%\">\n"); writer.Append(" <tr class=\"table-header\">\n"); writer.Append(" <td><b>ID</b></td>\n"); writer.Append(" <td><b>Answer</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.DisplayOrder", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" </tr>\n"); int counter = 0; using (SqlConnection conn = DB.dbConn()) { conn.Open(); using (IDataReader rs = DB.GetRS("select * from PollAnswer with (NOLOCK) where deleted=0 and PollID=" + PollID.ToString() + " order by DisplayOrder,Name", conn)) { while (rs.Read()) { if (counter % 2 == 0) { writer.Append(" <tr class=\"table-row2\">\n"); } else { writer.Append(" <tr class=\"table-alternatingrow2\">\n"); } writer.Append(" <td >" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "</td>\n"); writer.Append(" <td >"); writer.Append("<a href=\"" + AppLogic.AdminLinkUrl("editpollanswer.aspx") + "?Pollid=" + PollID.ToString() + "&PollAnswerid=" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\">" + CommonLogic.IIF(DB.RSFieldByLocale(rs, "Name", LocaleSetting).Length == 0, "(Unnamed Variant)", DB.RSFieldByLocale(rs, "Name", LocaleSetting)) + "</a>"); writer.Append("</td>\n"); writer.Append(" <td align=\"center\"><input size=2 type=\"text\" name=\"DisplayOrder_" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\" value=\"" + DB.RSFieldInt(rs, "DisplayOrder").ToString() + "\"></td>\n"); writer.Append(" <td align=\"center\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "\" name=\"Edit_" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpollanswer.aspx") + "?Pollid=" + PollID.ToString() + "&PollAnswerid=" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "'\"></td>\n"); writer.Append(" <td align=\"center\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + "\" onClick=\"DeleteAnswer(" + DB.RSFieldInt(rs, "PollAnswerID").ToString() + ")\"></td>\n"); writer.Append(" </tr>\n"); counter++; } } } writer.Append(" <tr>\n"); writer.Append(" <td colspan=\"2\" align=\"left\"></td>\n"); writer.Append(" <td align=\"center\" ><input type=\"submit\" value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"Submit\" class=\"normalButtons\"></td>\n"); writer.Append(" <td colspan=\"2\"></td>\n"); writer.Append(" </tr>\n"); writer.Append(" <tr>\n"); writer.Append(" <td colspan=\"5\" height=5></td>\n"); writer.Append(" </tr>\n"); writer.Append(" </table>\n"); writer.Append(" <input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.pollanswers.AddNew", SkinID, LocaleSetting) + "\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpollanswer.aspx") + "?Pollid=" + PollID.ToString() + "';\">\n"); writer.Append("</form>\n"); writer.Append("<script type=\"text/javascript\">\n"); writer.Append("function DeleteAnswer(id)\n"); writer.Append("{\n"); writer.Append("if(confirm('" + AppLogic.GetString("admin.pollanswers.ConfirmDelete", SkinID, LocaleSetting) + "' + id))\n"); writer.Append("{\n"); writer.Append("self.location = '" + AppLogic.AdminLinkUrl("pollanswers.aspx") + "?Pollid=" + PollID.ToString() + "&deleteid=' + id;\n"); writer.Append("}\n"); writer.Append("}\n"); writer.Append("</SCRIPT>\n"); ltContent.Text = writer.ToString(); }
private void Render() { StringBuilder writer = new StringBuilder(); if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { // delete any images: try { System.IO.File.Delete(AppLogic.GetImagePath("Gallery", "icon", true) + CommonLogic.QueryStringUSInt("DeleteID").ToString() + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("Gallery", "icon", true) + CommonLogic.QueryStringUSInt("DeleteID").ToString() + ".png"); System.IO.File.Delete(AppLogic.GetImagePath("Gallery", "icon", true) + CommonLogic.QueryStringUSInt("DeleteID").ToString() + ".gif"); } catch { } // delete the gallery directory also! String GalleryDirName = AppLogic.GetGalleryDir(CommonLogic.QueryStringUSInt("DeleteID")); String SFP = CommonLogic.SafeMapPath("../images/spacer.gif").Replace("images\\spacer.gif", "images\\gallery") + "\\" + GalleryDirName; try { if (Directory.Exists(SFP)) { String[] files = Directory.GetFiles(SFP, "*.*"); foreach (String file in files) { System.IO.File.Delete(file); } Directory.Delete(SFP); } } catch { } // delete the gallery: DB.ExecuteSQL("delete from gallery where GalleryID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID")); } if (CommonLogic.FormBool("IsSubmit")) { for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int GalleryID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch { } DB.ExecuteSQL("update gallery set DisplayOrder=" + DispOrd.ToString() + " where GalleryID=" + GalleryID.ToString()); } } } writer.Append("<form method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("galleries.aspx") + "\">\n"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n"); writer.Append(" <table border=\"0\" cellpadding=\"2\" border=\"0\" cellspacing=\"1\" width=\"100%\">\n"); writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.common.ID", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.editgallery.GalleryName", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.galleries.GalleryURL", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.DisplayOrder", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.ManageImages", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" </tr>\n"); using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select * from gallery with (NOLOCK) where deleted=0 order by DisplayOrder,Name", dbconn)) { while (rs.Read()) { writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n"); writer.Append(" <td>" + DB.RSFieldInt(rs, "GalleryID").ToString() + "</td>\n"); writer.Append(" <td >"); String Image1URL = AppLogic.LookupImage("Gallery", DB.RSFieldInt(rs, "GalleryID"), "icon", SkinID, LocaleSetting); if (Image1URL.Length != 0) { writer.Append("<a href=\"" + AppLogic.AdminLinkUrl("editGallery.aspx") + "?Galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\">"); writer.Append("<img src=\"" + Image1URL + "?" + CommonLogic.GetRandomNumber(1, 1000000).ToString() + "\" height=\"35\" border=\"0\" align=\"absmiddle\">"); writer.Append("</a> \n"); } writer.Append(" <a href=\"" + AppLogic.AdminLinkUrl("editGallery.aspx") + "?Galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\">"); writer.Append(DB.RSFieldByLocale(rs, "Name", LocaleSetting)); writer.Append("</a>"); writer.Append("</td>\n"); writer.Append(" <td><a target=\"_blank\" href=\"../showgallery.aspx?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\">showgallery.aspx?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "</a></td>\n"); writer.Append(" <td align=\"center\"><input size=2 type=\"text\" name=\"DisplayOrder_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" value=\"" + DB.RSFieldInt(rs, "DisplayOrder").ToString() + "\"></td>\n"); writer.Append(" <td align=\"center\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Edit", SkinID, LocaleSetting) + "\" name=\"Edit_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editgallery.aspx") + "?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "'\"></td>\n"); writer.Append(" <td align=\"center\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.galleries.AddDeleteGalleryImages", SkinID, LocaleSetting) + "\" name=\"ManageImages_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("galleryimages.aspx") + "?galleryid=" + DB.RSFieldInt(rs, "GalleryID").ToString() + "'\"></td>\n"); writer.Append(" <td align=\"center\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + DB.RSFieldInt(rs, "GalleryID").ToString() + "\" onClick=\"DeleteGallery(" + DB.RSFieldInt(rs, "GalleryID").ToString() + ")\"></td>\n"); writer.Append(" </tr>\n"); } } } writer.Append(" <tr>\n"); writer.Append(" <td colspan=\"4\" align=\"left\"></td>\n"); writer.Append(" <td align=\"center\" bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\"><input type=\"submit\" value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"Submit\"></td>\n"); writer.Append(" <td colspan=\"2\"></td>\n"); writer.Append(" </tr>\n"); writer.Append(" <tr>\n"); writer.Append(" <td colspan=\"7\" height=5></td>\n"); writer.Append(" </tr>\n"); writer.Append(" </table>\n"); writer.Append("<p align=\"left\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.galleries.AddNewGallery", SkinID, LocaleSetting) + "\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editgallery.aspx") + "';\"><p/>"); writer.Append("</form>\n"); writer.Append("<script type=\"text/javascript\">\n"); writer.Append("function DeleteGallery(id)\n"); writer.Append("{\n"); writer.Append("if(confirm('" + String.Format(AppLogic.GetString("admin.galleries.ConfirmDelete", SkinID, LocaleSetting), "+ id +?'")); writer.Append("{\n"); writer.Append("self.location = '" + AppLogic.AdminLinkUrl("galleries.aspx") + "?deleteid=' + id;\n"); writer.Append("}\n"); writer.Append("}\n"); writer.Append("</SCRIPT>\n"); ltContent.Text = writer.ToString(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); CustomerLevelID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID") != "0") { Editing = true; CustomerLevelID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("CustomerLevelID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { if (ErrorMsg.Length == 0) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into CustomerLevel(CustomerLevelGUID,Name,LevelDiscountPercent,LevelDiscountAmount,LevelHasFreeShipping,LevelAllowsQuantityDiscounts,LevelAllowsPO,LevelHasNoTax,LevelAllowsCoupons,LevelDiscountsApplyToExtendedPrices) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append(Localization.DecimalStringForDB(CommonLogic.FormUSDecimal("LevelDiscountPercent")) + ","); sql.Append(Localization.CurrencyStringForDBWithoutExchangeRate(CommonLogic.FormUSDecimal("LevelDiscountAmount")) + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices")); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select CustomerLevelID from CustomerLevel with (NOLOCK) where deleted=0 and CustomerLevelGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); CustomerLevelID = DB.RSFieldInt(rs, "CustomerLevelID"); Editing = true; } } DataUpdated = true; Response.Redirect("customerlevels.aspx", true); } else { // ok to update: sql.Append("update CustomerLevel set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append("LevelDiscountPercent=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountPercent")) + ","); sql.Append("LevelDiscountAmount=" + CommonLogic.IIF(CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount").Trim() == "", "0", CommonLogic.FormCanBeDangerousContent("LevelDiscountAmount")) + ","); sql.Append("LevelHasFreeShipping=" + CommonLogic.FormCanBeDangerousContent("LevelHasFreeShipping") + ","); sql.Append("LevelAllowsQuantityDiscounts=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsQuantityDiscounts") + ","); sql.Append("LevelAllowsPO=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsPO") + ","); sql.Append("LevelHasNoTax=" + CommonLogic.FormCanBeDangerousContent("LevelHasNoTax") + ","); sql.Append("LevelAllowsCoupons=" + CommonLogic.FormCanBeDangerousContent("LevelAllowsCoupons") + ","); sql.Append("LevelDiscountsApplyToExtendedPrices=" + CommonLogic.FormCanBeDangerousContent("LevelDiscountsApplyToExtendedPrices")); sql.Append(" where CustomerLevelID=" + CustomerLevelID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("CustomerLevels.aspx") + "\">CustomerLevels</a> - Manage Customer Levels"; RenderHtml(); }
private void RenderHtml() { StringBuilder writer = new StringBuilder(); if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { // delete the record: DB.ExecuteSQL("update Poll set deleted=1 where PollID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID")); } if (CommonLogic.FormBool("IsSubmit")) { for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int PollID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch {} DB.ExecuteSQL("update Poll set DisplayOrder=" + DispOrd.ToString() + " where PollID=" + PollID.ToString()); } } } writer.Append("<form method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("polls.aspx") + "\">\n"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n"); writer.Append("<p align=\"left\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.polls.AddNew", SkinID, LocaleSetting) + "\" class=\"normalButtons\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpolls.aspx") + "';\"><p>"); writer.Append(" <table border=\"0\" cellpadding=\"0\" border=\"0\" cellspacing=\"0\" width=\"100%\">\n"); writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n"); writer.Append(" <tr class=\"tablenormal\">\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.ID", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.Poll", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.ExpiresOn", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.NumVotes", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.common.DisplayOrder", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.ManageAnswers", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.ReviewVotes", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\">" + AppLogic.GetString("admin.polls.DeletePoll", SkinID, LocaleSetting) + "</td>\n"); writer.Append(" </tr>\n"); using (SqlConnection conn = DB.dbConn()) { conn.Open(); using (IDataReader rs = DB.GetRS("select * from Poll with (NOLOCK) where deleted=0 order by DisplayOrder,Name", conn)) { while (rs.Read()) { writer.Append(" <tr class=\"tabletdnormal\">\n"); writer.Append(" <td >" + DB.RSFieldInt(rs, "PollID").ToString() + "</td>\n"); writer.Append("<td>\n"); writer.Append("<a href=\"" + AppLogic.AdminLinkUrl("editpolls.aspx") + "?Pollid=" + DB.RSFieldInt(rs, "PollID").ToString() + "\">"); writer.Append(DB.RSFieldByLocale(rs, "Name", LocaleSetting)); writer.Append("</a>"); writer.Append("</td>\n"); writer.Append("<td align=\"left\" valign=\"middle\">" + Localization.ToThreadCultureShortDateString(DB.RSFieldDateTime(rs, "ExpiresOn")) + "</td>"); writer.Append("<td align=\"left\" valign=\"middle\">" + DB.GetSqlN("select count(*) as N from PollVotingRecord with (NOLOCK) where pollanswerid in (select distinct pollanswerid from pollanswer where deleted=0) and PollID=" + DB.RSFieldInt(rs, "PollID").ToString()).ToString() + "</td>"); writer.Append(" <td align=\"left\" valign=\"middle\"><input size=2 type=\"text\" name=\"DisplayOrder_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" value=\"" + DB.RSFieldInt(rs, "DisplayOrder").ToString() + "\"></td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.polls.ManageAnswers", SkinID, LocaleSetting) + "\" name=\"ManageAnswers_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("pollanswers.aspx") + "?Pollid=" + DB.RSFieldInt(rs, "PollID").ToString() + "'\"></td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.polls.ReviewVotes", SkinID, LocaleSetting) + "\" name=\"ReviewVotes_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("managepoll.aspx") + "?Pollid=" + DB.RSFieldInt(rs, "PollID").ToString() + "'\"></td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + DB.RSFieldInt(rs, "PollID").ToString() + "\" onClick=\"DeletePoll(" + DB.RSFieldInt(rs, "PollID").ToString() + ")\"></td>\n"); writer.Append(" </tr>\n"); } } } writer.Append(" <tr>\n"); writer.Append(" <td colspan=\"4\" align=\"left\"></td>\n"); writer.Append(" <td align=\"left\" valign=\"middle\" height=\"25px\"><input type=\"submit\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"Submit\"></td>\n"); writer.Append(" <td colspan=\"3\"></td>\n"); writer.Append(" </tr>\n"); writer.Append(" </table>\n"); writer.Append("<p align=\"left\"><input type=\"button\" value=\"" + AppLogic.GetString("admin.polls.AddNew", SkinID, LocaleSetting) + "\" class=\"normalButtons\" name=\"AddNew\" onClick=\"self.location='" + AppLogic.AdminLinkUrl("editpolls.aspx") + "';\"><p>"); writer.Append("</form>\n"); writer.Append("</center></b>\n"); writer.Append("<script type=\"text/javascript\">\n"); writer.Append("function DeletePoll(id)\n"); writer.Append("{\n"); writer.Append("if(confirm('" + AppLogic.GetString("admin.polls.ConfirmDelete", SkinID, LocaleSetting) + " ' + id))\n"); writer.Append("{\n"); writer.Append("self.location = '" + AppLogic.AdminLinkUrl("polls.aspx") + "?deleteid=' + id;\n"); writer.Append("}\n"); writer.Append("}\n"); writer.Append("</SCRIPT>\n"); ltContent.Text = writer.ToString(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); PollID = CommonLogic.QueryStringUSInt("PollID"); PollAnswerID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("PollAnswerID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("PollAnswerID") != "0") { Editing = true; PollAnswerID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("PollAnswerID")); } else { Editing = false; } if (PollID == 0) { Response.Redirect(AppLogic.AdminLinkUrl("polls.aspx")); } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add: String NewGUID = DB.GetNewGUID(); sql.Append("insert into PollAnswer(PollAnswerGUID,PollID,Name) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(PollID.ToString() + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name"))); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select PollAnswerID from PollAnswer with (NOLOCK) where deleted=0 and PollAnswerGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); PollAnswerID = DB.RSFieldInt(rs, "PollAnswerID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update PollAnswer set "); sql.Append("PollID=" + PollID.ToString() + ","); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name"))); sql.Append(" where PollAnswerID=" + PollAnswerID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } SectionTitle = "<a href=\"pollanswers.aspx" + "?Pollid=" + PollID.ToString() + "\">" + AppLogic.GetString("admin.editpollanswer.PollAnswers", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editpollanswer.ManagePollAnswers", SkinID, LocaleSetting) + ""; Render(); }
protected void Page_Load(object sender, System.EventArgs e) { StringBuilder writer = new StringBuilder(); Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); /****************************************************************************/ // * WARNING TO DEVELOPERS // * The redirect below is a SAFETY feature. Removing the redirect will not // * enable ML-only features on a lower version of AspDotNetStorefront. // * Attempting to do so can very easily result in a partially implemented // * feature, invalid or incomplete data in your DB, and other serious // * conditions that will cause your store to be non-functional. // * // * If you break your store attempting to enable ML-only features in PRO or // * Standard, our staff cannot help you fix it, and it will also invalidate // * your AspDotNetStorefront License. /***************************************************************************/ if (!AppLogic.m_ProductIsML() && !AppLogic.ProductIsMLExpress()) { Response.Redirect(AppLogic.AdminLinkUrl("restrictedfeature.aspx")); } int ONX = CommonLogic.QueryStringUSInt("OrderNumber"); Customer ThisCustomer = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer; int OrderCustomerID = 0; String OriginalTransactionID = String.Empty; String PM = String.Empty; using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (IDataReader rs = DB.GetRS(String.Format("select CustomerID,AuthorizationPNREF,PaymentMethod from Orders with (NOLOCK) where OrderNumber={0}", ONX.ToString()), dbconn)) { if (rs.Read()) { OrderCustomerID = DB.RSFieldInt(rs, "CustomerID"); OriginalTransactionID = DB.RSField(rs, "AuthorizationPNREF"); PM = AppLogic.CleanPaymentMethod(DB.RSField(rs, "PaymentMethod")); } } } Customer OrderCustomer = new Customer(OrderCustomerID, true); String GW = AppLogic.ActivePaymentGatewayCleaned(); if (PM == AppLogic.ro_PMPayPal || PM == AppLogic.ro_PMPayPalExpress) { GW = Gateway.ro_GWPAYPAL; } bool GatewayRequiresCC = GatewayLoader.GetProcessor(GW).RequiresCCForFurtherProcessing(); writer.Append("<div style=\"margin-left: 10px;\" align=\"left\">"); if (!ThisCustomer.IsAdminUser) { writer.Append("<b><font color=red>" + AppLogic.GetString("admin.common.PermissionDeniedUC", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</b></font>"); } else { if (ONX == 0 || OrderCustomerID == 0) { writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.1", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>"); writer.Append("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>"); } else { Address BillingAddress = new Address(); BillingAddress.LoadFromDB(OrderCustomer.PrimaryBillingAddressID); if (CommonLogic.FormBool("IsSubmit")) { if (CommonLogic.FormCanBeDangerousContent("OrderTotal").Trim().Length != 0) { Decimal OrderTotal = CommonLogic.FormNativeDecimal("OrderTotal"); String OrderDescription = CommonLogic.FormCanBeDangerousContent("Description"); AppLogic.TransactionTypeEnum OrderType = (AppLogic.TransactionTypeEnum)Enum.Parse(typeof(AppLogic.TransactionTypeEnum), CommonLogic.FormCanBeDangerousContent("OrderType"), true); int NewOrderNumber = 0; if (OrderType == AppLogic.TransactionTypeEnum.CHARGE) { if (CommonLogic.FormCanBeDangerousContent("CardNumber").Length < 4) { Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID)); } else { Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Substring(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length - 4).PadLeft(CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID)); } } // use the billing info in the form, as the store admin may have overridden what was in the db // NOTE: we are NOT going to save this new updated billing info however, it is really up to the customer // to change their billing info, or the store admin should edit their billing address in the customers account page area BillingAddress.CardName = CommonLogic.FormCanBeDangerousContent("CardName"); // NOTE, this could be last4 at this point!! not a full CC #! that is ok, as this address will never be stored to the db anyway! BillingAddress.CardNumber = CommonLogic.FormCanBeDangerousContent("CardNumber").Replace("*", ""); BillingAddress.CardType = CommonLogic.FormCanBeDangerousContent("CardType"); BillingAddress.CardExpirationMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth"); BillingAddress.CardExpirationYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear"); BillingAddress.CardStartDate = CommonLogic.FormCanBeDangerousContent("CardStartDate").Trim().Replace(" ", "").Replace("/", "").Replace("\\", ""); BillingAddress.CardIssueNumber = CommonLogic.FormCanBeDangerousContent("CardIssueNumber"); String CardExtraCode = CommonLogic.FormCanBeDangerousContent("CardExtraCode"); String Status = Gateway.MakeAdHocOrder(AppLogic.ActivePaymentGatewayCleaned(), ONX, OriginalTransactionID, OrderCustomer, BillingAddress, CardExtraCode, OrderTotal, OrderType, OrderDescription, out NewOrderNumber); //PABP Required cleanup of in-memory objects CardExtraCode = "11111"; CardExtraCode = "00000"; CardExtraCode = "11111"; CardExtraCode = String.Empty; if (Status == AppLogic.ro_OK) { DB.ExecuteSQL("update orders set IsNew=0 where ParentOrderNumber IS NOT NULL"); // any "ad hoc" orders should not be new. so this is a safety check to force that. Response.Redirect(AppLogic.AdminLinkUrl("adhocchargecomplete.aspx") + "?ordernumber=" + NewOrderNumber.ToString()); } else { Response.Write("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.3", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "<br/>" + Status + "</font></b></p>"); } Response.Write("<p><a href=\"javascript:self.close();\">" + AppLogic.GetString("admin.common.Close", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</a></p>"); } } else { writer.Append("<script type=\"text/javascript\">\n"); writer.Append("var GatewayRequiresCC=" + CommonLogic.IIF(GatewayRequiresCC, "1", "0") + ";\n"); writer.Append("function getSelectedRadio(buttonGroup) {\n"); writer.Append(" // returns the array number of the selected radio button or -1 if no button is selected\n"); writer.Append(" if (buttonGroup[0]) { // if the button group is an array (one button is not an array)\n"); writer.Append(" for (var i=0; i<buttonGroup.length; i++) {\n"); writer.Append(" if (buttonGroup[i].checked) {\n"); writer.Append(" return i\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" } else {\n"); writer.Append(" if (buttonGroup.checked) { return 0; } // if the one button is checked, return zero\n"); writer.Append(" }\n"); writer.Append(" // if we get to this point, no radio button is selected\n"); writer.Append(" return -1;\n"); writer.Append("}"); writer.Append("\n"); writer.Append("function getSelectedRadioValue(buttonGroup) {\n"); writer.Append(" // returns the value of the selected radio button or '' if no button is selected\n"); writer.Append(" var i = getSelectedRadio(buttonGroup);\n"); writer.Append(" if (i == -1) {\n"); writer.Append(" return '';\n"); writer.Append(" } else {\n"); writer.Append(" if (buttonGroup[i]) { // Make sure the button group is an array (not just one button)\n"); writer.Append(" return buttonGroup[i].value;\n"); writer.Append(" } else { // The button group is just the one button, and it is checked\n"); writer.Append(" return buttonGroup.value;\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append("}"); writer.Append("\n"); writer.Append("function getSelectedCheckbox(buttonGroup) {\n"); writer.Append(" // Go through all the check boxes. return an array of all the ones\n"); writer.Append(" // that are selected (their position numbers). if no boxes were checked,\n"); writer.Append(" // returned array will be empty (length will be zero)\n"); writer.Append(" var retArr = new Array();\n"); writer.Append(" var lastElement = 0;\n"); writer.Append(" if (buttonGroup[0]) { // if the button group is an array (one check box is not an array)\n"); writer.Append(" for (var i=0; i<buttonGroup.length; i++) {\n"); writer.Append(" if (buttonGroup[i].checked) {\n"); writer.Append(" retArr.length = lastElement;\n"); writer.Append(" retArr[lastElement] = i;\n"); writer.Append(" lastElement++;\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" } else { // There is only one check box (it's not an array)\n"); writer.Append(" if (buttonGroup.checked) { // if the one check box is checked\n"); writer.Append(" retArr.length = lastElement;\n"); writer.Append(" retArr[lastElement] = 0; // return zero as the only array value\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" return retArr;\n"); writer.Append("}"); writer.Append("\n"); writer.Append("function getSelectedCheckboxValue(buttonGroup) {\n"); writer.Append(" // return an array of values selected in the check box group. if no boxes\n"); writer.Append(" // were checked, returned array will be empty (length will be zero)\n"); writer.Append(" var retArr = new Array(); // set up empty array for the return values\n"); writer.Append(" var selectedItems = getSelectedCheckbox(buttonGroup);\n"); writer.Append(" if (selectedItems.length != 0) { // if there was something selected\n"); writer.Append(" retArr.length = selectedItems.length;\n"); writer.Append(" for (var i=0; i<selectedItems.length; i++) {\n"); writer.Append(" if (buttonGroup[selectedItems[i]]) { // Make sure it's an array\n"); writer.Append(" retArr[i] = buttonGroup[selectedItems[i]].value;\n"); writer.Append(" } else { // It's not an array (there's just one check box and it's selected)\n"); writer.Append(" retArr[i] = buttonGroup.value;// return that value\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" return retArr;\n"); writer.Append("}"); writer.Append("function AdHocOrderTypeChanged(theForm)\n"); writer.Append("{\n"); writer.Append(" if(GatewayRequiresCC == 1 || getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "')\n"); writer.Append(" {\n"); writer.Append(" CCDiv.style.display = 'block';\n"); writer.Append(" }\n"); writer.Append(" else\n"); writer.Append(" {\n"); writer.Append(" CCDiv.style.display = 'none';\n"); writer.Append(" }\n"); writer.Append("}\n"); writer.Append("function AdHocChargeOrRefundForm_Validator(theForm)\n"); writer.Append("{\n"); writer.Append(" submitonce(theForm);\n"); writer.Append(" if(theForm.Description.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.4", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n"); writer.Append(" theForm.Description.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if((getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "') || (GatewayRequiresCC == 1 && getSelectedRadioValue(theForm.OrderType) == '" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "'))\n"); writer.Append(" {\n"); writer.Append(" if(theForm.CardName.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Name On Card") + "');\n"); writer.Append(" theForm.CardName.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardNumber.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Number") + "');\n"); writer.Append(" theForm.CardNumber.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(isNaN(theForm.CardNumber.value))\n"); writer.Append(" {\n"); writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.28", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n"); writer.Append(" theForm.CardNumber.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(document.getElementById(\"CardNumber\").value.length <15)\n"); writer.Append(" {\n"); writer.Append(" alert('"+ AppLogic.GetString("adhoccharge.aspx.29", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "');\n"); writer.Append(" theForm.CardNumber.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardExpirationMonth.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Month") + "');\n"); writer.Append(" theForm.CardExpirationMonth.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardExpirationYear.value == '')\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Expiration Year") + "');\n"); writer.Append(" theForm.CardExpirationYear.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" if(theForm.CardType.selectedIndex < 1)\n"); writer.Append(" {\n"); writer.Append(" alert('"+ String.Format(AppLogic.GetString("adhoccharge.aspx.22", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), "Card Type") + "');\n"); writer.Append(" theForm.CardType.focus();\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (false);\n"); writer.Append(" }\n"); writer.Append(" }\n"); writer.Append(" submitenabled(theForm);\n"); writer.Append(" return (true);\n"); writer.Append("}\n"); writer.Append("</script>\n"); writer.Append(String.Format(AppLogic.GetString("adhoccharge.aspx.5", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), ONX.ToString())); writer.Append("<p>" + AppLogic.GetString("adhoccharge.aspx.6", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</p>"); String CNM = BillingAddress.CardName; String CN = BillingAddress.CardNumber; String Last4 = String.Empty; String CExpMonth = BillingAddress.CardExpirationMonth; String CExpYear = BillingAddress.CardExpirationYear; String CardType = BillingAddress.CardType; if (CN.Length == 0) { // try to pull it from order record: using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (IDataReader rs2 = DB.GetRS("select * from Orders with (NOLOCK) where OrderNumber=" + ONX.ToString(), dbconn)) { if (rs2.Read()) { CN = DB.RSField(rs2, "CardNumber"); CNM = DB.RSField(rs2, "CardName"); Last4 = DB.RSField(rs2, "Last4"); CExpMonth = DB.RSField(rs2, "CardExpirationMonth"); CExpYear = DB.RSField(rs2, "CardExpirationYear"); CN = DB.RSField(rs2, "CardNumber"); CN = Security.UnmungeString(CN, DB.RSField(rs2, AppLogic.AppConfig("OrdersCCSaltField"))); if (CN.StartsWith(Security.ro_DecryptFailedPrefix, StringComparison.InvariantCultureIgnoreCase)) { CN = DB.RSField(rs2, "CardNumber"); } CardType = DB.RSField(rs2, "CardType"); } } } } if (AppLogic.ProductIsMLExpress() == false) { if (AppLogic.AppConfigBool("StoreCCInDB") && OrderCustomer.StoreCCInDB && CN.Length > 0) { Security.LogEvent(AppLogic.GetString("admin.common.ViewedCreditCard", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), String.Format(AppLogic.GetString("admin.adhoccharge.ViewedCardNumber", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), CN.Replace("*", "").Substring(CN.Replace("*", "").Length - 4).PadLeft(CN.Replace("*", "").Length, '*'), ONX.ToString()), OrderCustomer.CustomerID, ThisCustomer.CustomerID, Convert.ToInt32(ThisCustomer.CurrentSessionID)); } } if (GatewayRequiresCC) { writer.Append("<p><b><font color=blue>" + AppLogic.GetString("adhoccharge.aspx.11", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>"); } else { writer.Append("<p><b><font color=blue>" + AppLogic.GetString("adhoccharge.aspx.12", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>"); } if (!OrderCustomer.StoreCCInDB) { writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.13", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>"); } if (CN.Length == 0 || CN == AppLogic.ro_CCNotStoredString) { writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.14", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>"); } if (OrderCustomer.PrimaryBillingAddressID == 0) { writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.7", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>"); } else if (CN.Length == 0 && Last4.Length == 0 && GW != Gateway.ro_GWPAYPAL) { writer.Append("<p><b><font color=red>" + AppLogic.GetString("adhoccharge.aspx.8", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</font></b></p>"); } else { writer.Append("<form id=\"AdHocChargeOrRefundForm\" name=\"AdHocChargeOrRefundForm\" method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("adhoccharge.aspx") + "?OrderNumber=" + ONX.ToString() + "\" onsubmit=\"return (validateForm(this) && AdHocChargeOrRefundForm_Validator(this))\" >"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n"); writer.Append("<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" width=\"100%\">"); writer.Append("<tr><td width=\"40%\" valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.9", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OriginalTransactionID.ToString() + "</td></tr>"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("admin.label.CustomerID", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.CustomerID.ToString() + "</td></tr>"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("admin.label.CustomerName", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + OrderCustomer.FullName() + "</td></tr>"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.27", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>" + BillingAddress.Phone + "</td></tr>"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.16", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td>"); writer.Append("<input onClick=\"AdHocOrderTypeChanged(AdHocChargeOrRefundForm)\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CHARGE.ToString() + "\" id=\"ChargeOrderType\" name=\"OrderType\">" + AppLogic.GetString("adhoccharge.aspx.17", ThisCustomer.SkinID, ThisCustomer.LocaleSetting)); writer.Append(" "); writer.Append("<input onClick=\"AdHocOrderTypeChanged(AdHocChargeOrRefundForm)\" type=\"radio\" value=\"" + AppLogic.TransactionTypeEnum.CREDIT.ToString() + "\" id=\"RefundOrderType\" name=\"OrderType\" checked>" + AppLogic.GetString("adhoccharge.aspx.18", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.19", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" name=\"OrderTotal\" size=\"7\"><input type=\"hidden\" name=\"OrderTotal_vldt\" value=\"[req][number][blankalert=" + AppLogic.GetString("adhoccharge.aspx.26", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "][invalidalert=" + AppLogic.GetString("admin.common.ValidDollarAmountPrompt", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "]\"> (xx.xx format)</td></tr>"); writer.Append("<tr><td colspan=\"2\">"); writer.Append("<div id=\"CCDiv\" name=\"CCDiv\" style=\"display:" + CommonLogic.IIF(GatewayRequiresCC, "block", "none") + ";\">"); writer.Append("<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" width=\"100%\">"); writer.Append("<tr>"); writer.Append("<td width=\"40%\" align=\"right\" valign=\"middle\">" + AppLogic.GetString("address.cs.31", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td>"); writer.Append("<td align=\"left\" valign=\"middle\">\n"); writer.Append("<select size=\"1\" name=\"CardType\" id=\"CardType\">"); writer.Append("<option value=\"\">" + AppLogic.GetString("address.cs.32", ThisCustomer.SkinID, ThisCustomer.LocaleSetting)); using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (IDataReader rsCard = DB.GetRS("select * from creditcardtype with (NOLOCK) where Accepted=1 order by CardType", dbconn)) { while (rsCard.Read()) { writer.Append("<option value=\"" + DB.RSField(rsCard, "CardType") + "\" " + CommonLogic.IIF(CardType == DB.RSField(rsCard, "CardType"), " selected ", "") + ">" + DB.RSField(rsCard, "CardType") + "</option>\n"); } } } writer.Append("</select>\n"); writer.Append("</td>"); writer.Append("</tr>"); writer.Append("<tr><td width=\"40%\" valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.10", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"100\" type=\"text\" name=\"CardName\" id=\"CardName\" value=\"" + CNM + "\"></td></tr>"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.24", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"20\" maxlength=\"16\" type=\"text\" autocomplete=\"off\" name=\"CardNumber\" id=\"CardNumber\" value=\"" + CN + "\"> " + String.Format(AppLogic.GetString("admin.adhoccharge.OriginalOrderLastFour", ThisCustomer.SkinID, ThisCustomer.LocaleSetting), Last4) + ")</td></tr>"); writer.Append("<tr><td valign =\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.15", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input size=\"4\" maxlength=\"4\" type=\"text\" autocomplete=\"off\" name=\"CardExtraCode\" id=\"CardExtraCode\">"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("adhoccharge.aspx.25", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </td><td><input type=\"text\" size=\"2\" maxlength=\"2\" name=\"CardExpirationMonth\" id=\"CardExpirationMonth\" value=\"" + CExpMonth + "\"> / <input size=\"4\" maxlength=\"4\" type=\"text\" name=\"CardExpirationYear\" id=\"CardExpirationYear\" value=\"" + CExpYear + "\"> (MM/YYYY)</td></tr>"); if (AppLogic.AppConfigBool("ShowCardStartDateFields")) { writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("address.cs.59", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardStartDate\" id=\"CardStartDate\" size=\"5\" maxlength=\"20\"> " + AppLogic.GetString("address.cs.64", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>"); writer.Append("<tr><td valign=\"middle\" align=\"right\">" + AppLogic.GetString("address.cs.61", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td><td><input type=\"text\" autocomplete=\"off\" name=\"CardIssueNumber\" id=\"CardIssueNumber\" size=\"2\" maxlength=\"2\"> " + AppLogic.GetString("address.cs.63", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "</td></tr>"); } writer.Append("</table>"); writer.Append("</div>"); writer.Append("</td></tr>"); writer.Append("</table>"); writer.Append(" <p>" + AppLogic.GetString("adhoccharge.aspx.20", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + " </p>"); writer.Append(" <p><textarea rows=\"8\" id=\"Description\" name=\"Description\" style=\"width: 90%\"></textarea></p>"); writer.Append(" <p align=\"center\"><input type=\"submit\" value=\"" + AppLogic.GetString("adhoccharge.aspx.21", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B1\" class=\"normalButtons\"> <input type=\"button\" value=\"" + AppLogic.GetString("admin.common.Cancel", ThisCustomer.SkinID, ThisCustomer.LocaleSetting) + "\" name=\"B2\" onClick=\"javascript:self.close()\" class=\"normalButtons\"></p>"); writer.Append("</form>"); } } } } writer.Append("</div>"); ltContent.Text = writer.ToString(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); SearchFor = CommonLogic.QueryStringCanBeDangerousContent("SearchFor"); GroupName = CommonLogic.QueryStringCanBeDangerousContent("GroupName"); BeginsWith = CommonLogic.QueryStringCanBeDangerousContent("BeginsWith"); SkinPreviewID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID") != "0") { Editing = true; SkinPreviewID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into SkinPreview(SkinPreviewGUID,Name,GroupName,SkinID) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("GroupName")) + ","); sql.Append(CommonLogic.FormUSInt("SkinID").ToString()); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select SkinPreviewID from SkinPreview with (NOLOCK) where SkinPreviewGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); SkinPreviewID = DB.RSFieldInt(rs, "SkinPreviewID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update SkinPreview set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append("GroupName=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("GroupName")) + ","); sql.Append("SkinID=" + CommonLogic.FormUSInt("SkinID").ToString()); sql.Append(" where SkinPreviewID=" + SkinPreviewID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } // handle image uploaded: String FN = SkinPreviewID.ToString(); try { String Image1 = String.Empty; HttpPostedFile Image1File = Request.Files["Image1"]; if (Image1File.ContentLength != 0) { // delete any current image file first try { System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".png"); } catch { } String s = Image1File.ContentType; switch (Image1File.ContentType) { case "image/gif": Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".gif"; Image1File.SaveAs(Image1); break; case "image/x-png": Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".png"; Image1File.SaveAs(Image1); break; case "image/jpg": case "image/jpeg": case "image/pjpeg": Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".jpg"; Image1File.SaveAs(Image1); break; } } String Image2 = String.Empty; HttpPostedFile Image2File = Request.Files["Image2"]; if (Image2File.ContentLength != 0) { // delete any current image file first try { System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".png"); } catch { } String s = Image2File.ContentType; switch (Image2File.ContentType) { case "image/gif": Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".gif"; Image2File.SaveAs(Image2); break; case "image/x-png": Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".png"; Image2File.SaveAs(Image2); break; case "image/jpg": case "image/jpeg": case "image/pjpeg": Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".jpg"; Image2File.SaveAs(Image2); break; } } } catch (Exception ex) { ErrorMsg = CommonLogic.GetExceptionDetail(ex, "<br/>"); } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("skinpreview.aspx") + "?GroupName=" + Server.UrlEncode(GroupName) + "&beginsWith=" + Server.UrlEncode(BeginsWith) + "&searchfor=" + Server.UrlEncode(SearchFor) + "\">" + AppLogic.GetString("admin.menu.SkinPreviews", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editskinpreview.AddEditSkinPreview", SkinID, LocaleSetting); RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); SearchFor = CommonLogic.QueryStringCanBeDangerousContent("SearchFor"); ShowLocaleSetting = Localization.CheckLocaleSettingForProperCase(CommonLogic.QueryStringCanBeDangerousContent("ShowLocaleSetting")); BeginsWith = CommonLogic.QueryStringCanBeDangerousContent("BeginsWith"); StringResourceID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("StringResourceID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("StringResourceID") != "0") { Editing = true; StringResourceID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("StringResourceID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into StringResource(StringResourceGUID,Name,LocaleSetting,ConfigValue) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name")) + ","); sql.Append(DB.SQuote(Localization.CheckLocaleSettingForProperCase(CommonLogic.FormCanBeDangerousContent("LocaleSetting"))) + ","); sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("ConfigValue"))); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select StringResourceID from StringResource with (NOLOCK) where StringResourceGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); StringResourceID = DB.RSFieldInt(rs, "StringResourceID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update StringResource set "); sql.Append("Name=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name")) + ","); sql.Append("LocaleSetting=" + DB.SQuote(Localization.CheckLocaleSettingForProperCase(CommonLogic.FormCanBeDangerousContent("LocaleSetting"))) + ","); sql.Append("ConfigValue=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("ConfigValue"))); sql.Append(" where StringResourceID=" + StringResourceID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } Render(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ThisCustomer.RequireCustomerRecord(); String ReturnURL = CommonLogic.QueryStringCanBeDangerousContent("ReturnURL"); AppLogic.CheckForScriptTag(ReturnURL); CartTypeEnum CartType = CartTypeEnum.ShoppingCart; if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1) { CartType = CartTypeEnum.WishCart; } if (CommonLogic.FormNativeInt("IsGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsGiftRegistry") == 1) { CartType = CartTypeEnum.GiftRegistryCart; } if (AppLogic.HideForWholesaleSite(ThisCustomer.CustomerLevelID)) { Response.Redirect("Default.aspx"); } if (!ThisCustomer.IsRegistered && AppLogic.AppConfigBool("DisallowAnonCustomerToCreateWishlist") && AppLogic.ProductIsMLExpress() == false) { string ErrMsg = string.Empty; ErrorMessage er; if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1) { ErrMsg = AppLogic.GetString("signin.aspx.27", 1, ThisCustomer.LocaleSetting); er = new ErrorMessage(ErrMsg); Response.Redirect("signin.aspx?ErrorMsg=" + er.MessageId + "&ReturnUrl=" + Security.UrlEncode(ReturnURL)); } if (CommonLogic.FormNativeInt("IsGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsGiftRegistry") == 1) { ErrMsg = AppLogic.GetString("signin.aspx.28", 1, ThisCustomer.LocaleSetting); er = new ErrorMessage(ErrMsg); Response.Redirect("signin.aspx?ErrorMsg=" + er.MessageId + "&ReturnUrl=" + Security.UrlEncode(ReturnURL)); } } // if editing, nuke what was there, it will be replaced from what was submitted now from the product page. // NOTE. if a kit or pack was "edited", you don't have to do this, and ShoppingCartRecID is not material (and should not be in the form post) // kits and packs are "moved" from active cart to temp cart records, so they won't have a cart record id to begin with. They are built in the KitCart and CustomCart tables instead int ShoppingCartRecID = CommonLogic.FormUSInt("CartRecID"); // only used for (non kit or pack) product/order edits from prior cart record if (ShoppingCartRecID == 0) { ShoppingCartRecID = CommonLogic.QueryStringUSInt("CartRecID"); } if (ShoppingCartRecID != 0) { DB.ExecuteSQL("delete from ShoppingCart where ShoppingCartRecID=" + ShoppingCartRecID.ToString() + " and CustomerID=" + ThisCustomer.CustomerID.ToString() + " and CartType=" + ((int)CartType).ToString() + " and StoreID = " + AppLogic.StoreID()); } int ShippingAddressID = CommonLogic.QueryStringUSInt("ShippingAddressID"); // only used for multi-ship if (ShippingAddressID == 0) { ShippingAddressID = CommonLogic.FormNativeInt("ShippingAddressID"); } if ((ShippingAddressID == 0 || !ThisCustomer.OwnsThisAddress(ShippingAddressID)) && ThisCustomer.PrimaryShippingAddressID != 0) { ShippingAddressID = ThisCustomer.PrimaryShippingAddressID; } int ProductID = CommonLogic.QueryStringUSInt("ProductID"); if (ProductID == 0) { ProductID = CommonLogic.FormUSInt("ProductID"); } int VariantID = CommonLogic.QueryStringUSInt("VariantID"); if (VariantID == 0) { VariantID = CommonLogic.FormUSInt("VariantID"); } if (ProductID == 0) { ProductID = AppLogic.GetVariantProductID(VariantID); } // if no VariantID is located, get the default variantID for the product if (VariantID == 0) { VariantID = AppLogic.GetDefaultProductVariant(ProductID); } int Quantity = CommonLogic.QueryStringUSInt("Quantity"); if (Quantity == 0) { Quantity = CommonLogic.FormNativeInt("Quantity"); } if (Quantity == 0) { Quantity = 1; } VariantStyleEnum VariantStyle = (VariantStyleEnum)CommonLogic.QueryStringUSInt("VariantStyle"); if (CommonLogic.QueryStringCanBeDangerousContent("VariantStyle").Length == 0) { VariantStyle = (VariantStyleEnum)CommonLogic.FormNativeInt("VariantStyle"); } decimal CustomerEnteredPrice = CommonLogic.FormNativeDecimal("Price"); if (CustomerEnteredPrice == System.Decimal.Zero) { CustomerEnteredPrice = CommonLogic.QueryStringNativeDecimal("Price"); } if (!AppLogic.VariantAllowsCustomerPricing(VariantID)) { CustomerEnteredPrice = System.Decimal.Zero; } if (CustomerEnteredPrice < System.Decimal.Zero) { CustomerEnteredPrice = -CustomerEnteredPrice; } int CustomerID = ThisCustomer.CustomerID; if (Currency.GetDefaultCurrency() != ThisCustomer.CurrencySetting && CustomerEnteredPrice != 0) { CustomerEnteredPrice = Currency.Convert(CustomerEnteredPrice, ThisCustomer.CurrencySetting, Localization.StoreCurrency()); } // QueryString params override Form Params! String ChosenColor = String.Empty; String ChosenColorSKUModifier = String.Empty; String ChosenSize = String.Empty; String ChosenSizeSKUModifier = String.Empty; String TextOption = CommonLogic.FormCanBeDangerousContent("TextOption"); if (CommonLogic.QueryStringCanBeDangerousContent("TextOption").Length != 0) { TextOption = Security.HtmlEncode(CommonLogic.QueryStringCanBeDangerousContent("TextOption")); } // the color & sizes coming in here are MUST be in the Master WebConfig Locale ALWAYS! if (CommonLogic.QueryStringCanBeDangerousContent("Color").Length != 0) { String[] ColorSel = CommonLogic.QueryStringCanBeDangerousContent("Color").Split(','); try { ChosenColor = Security.HtmlEncode(ColorSel[0]); } catch { } try { ChosenColorSKUModifier = Security.HtmlEncode(ColorSel[1]); } catch { } } if (ChosenColor.Length == 0 && CommonLogic.FormCanBeDangerousContent("Color").Length != 0) { String[] ColorSel = CommonLogic.FormCanBeDangerousContent("Color").Split(','); try { ChosenColor = Security.HtmlEncode(ColorSel[0]).Trim(); } catch { } try { ChosenColorSKUModifier = Security.HtmlEncode(ColorSel[1]); } catch { } } if (CommonLogic.QueryStringCanBeDangerousContent("Size").Length != 0) { String[] SizeSel = CommonLogic.QueryStringCanBeDangerousContent("Size").Split(','); try { ChosenSize = Security.HtmlEncode(SizeSel[0]).Trim(); } catch { } try { ChosenSizeSKUModifier = Security.HtmlEncode(SizeSel[1]); } catch { } } if (ChosenSize.Length == 0 && CommonLogic.FormCanBeDangerousContent("Size").Length != 0) { String[] SizeSel = CommonLogic.FormCanBeDangerousContent("Size").Split(','); try { ChosenSize = Security.HtmlEncode(SizeSel[0]).Trim(); } catch { } try { ChosenSizeSKUModifier = Security.HtmlEncode(SizeSel[1]); } catch { } } if (VariantStyle == VariantStyleEnum.ERPWithRollupAttributes) { String match = "<GroupAttributes></GroupAttributes>"; String match2 = "<GroupAttributes></GroupAttributes>"; if (ChosenSize.Trim().Length != 0 && ChosenColor.Trim().Length != 0) { match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenSize + "\"/><GroupAttributeName=\"Attr2\"Value=\"" + ChosenColor + "\"/></GroupAttributes>"; match2 = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenColor + "\"/><GroupAttributeName=\"Attr2\"Value=\"" + ChosenSize + "\"/></GroupAttributes>"; } else if (ChosenSize.Trim().Length != 0 && ChosenColor.Trim().Length == 0) { match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenSize + "\"/></GroupAttributes>"; } else if (ChosenSize.Trim().Length == 0 && ChosenColor.Trim().Length != 0) { match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenColor + "\"/></GroupAttributes>"; } // reset variant id to the proper attribute match! using (SqlConnection con = new SqlConnection(DB.GetDBConn())) { con.Open(); using (IDataReader rsERP = DB.GetRS("select VariantID,ExtensionData2 from ProductVariant with (NOLOCK) where VariantID=" + VariantID.ToString(), con)) { while (rsERP.Read()) { String thisVariantMatch = DB.RSField(rsERP, "ExtensionData2").Replace(" ", "").Trim(); match = Regex.Replace(match, "\\s+", "", RegexOptions.Compiled); match2 = Regex.Replace(match2, "\\s+", "", RegexOptions.Compiled); thisVariantMatch = Regex.Replace(thisVariantMatch, "\\s+", "", RegexOptions.Compiled); if (match.Equals(thisVariantMatch, StringComparison.InvariantCultureIgnoreCase) || match2.Equals(thisVariantMatch, StringComparison.InvariantCultureIgnoreCase)) { VariantID = DB.RSFieldInt(rsERP, "VariantID"); break; } } } } } ShoppingCart cart = new ShoppingCart(1, ThisCustomer, CartType, 0, false); if (Quantity > 0) { if (AppLogic.IsAKit(ProductID)) { // -- new kit format -- // bool productIsUsingKit2XmlPackage = !CommonLogic.IsStringNullOrEmpty(CommonLogic.FormCanBeDangerousContent("KitItems")); if (productIsUsingKit2XmlPackage) { if (CommonLogic.FormBool("IsEditKit") && CommonLogic.FormUSInt("CartRecID") > 0) { int cartId = CommonLogic.FormUSInt("CartRecID"); AppLogic.ClearKitItems(ThisCustomer, ProductID, VariantID, cartId); } KitComposition preferredComposition = KitComposition.FromForm(ThisCustomer, ProductID, VariantID); String tmp = DB.GetNewGUID(); int NewRecID = cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, string.Empty, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, System.Decimal.Zero, preferredComposition); } else { String tmp = DB.GetNewGUID(); int NewRecID = cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, System.Decimal.Zero); } } else { cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, CustomerEnteredPrice); } } // handle upsell products: String UpsellProducts = CommonLogic.FormCanBeDangerousContent("UpsellProducts").Trim(); if (UpsellProducts.Length != 0 && CartType == CartTypeEnum.ShoppingCart) { foreach (String s in UpsellProducts.Split(',')) { String PID = s.Trim(); if (PID.Length != 0) { int UpsellProductID = 0; try { UpsellProductID = Localization.ParseUSInt(PID); if (UpsellProductID != 0) { int UpsellVariantID = AppLogic.GetProductsFirstVariantID(UpsellProductID); if (UpsellVariantID != 0) { // this variant COULD have one size or color, so set it up like that: String Sizes = String.Empty; String SizeSKUModifiers = String.Empty; String Colors = String.Empty; String ColorSKUModifiers = String.Empty; using (SqlConnection con = new SqlConnection(DB.GetDBConn())) { con.Open(); using (IDataReader rs = DB.GetRS("select Sizes,SizeSKUModifiers,Colors,ColorSKUModifiers from ProductVariant with (NOLOCK) where VariantID=" + UpsellVariantID.ToString(), con)) { if (rs.Read()) { Sizes = DB.RSFieldByLocale(rs, "Sizes", Localization.GetDefaultLocale()); SizeSKUModifiers = DB.RSFieldByLocale(rs, "SizeSKUModifiers", Localization.GetDefaultLocale()); Colors = DB.RSFieldByLocale(rs, "Colors", Localization.GetDefaultLocale()); ColorSKUModifiers = DB.RSFieldByLocale(rs, "ColorSKUModifiers", Localization.GetDefaultLocale()); } } } // safety check: if (Sizes.IndexOf(',') != -1) { Sizes = String.Empty; SizeSKUModifiers = String.Empty; } // safety check: if (Colors.IndexOf(',') != -1) { Colors = String.Empty; ColorSKUModifiers = String.Empty; } cart.AddItem(ThisCustomer, ShippingAddressID, UpsellProductID, UpsellVariantID, 1, Colors, ColorSKUModifiers, Sizes, SizeSKUModifiers, String.Empty, CartType, false, false, 0, System.Decimal.Zero); Decimal PR = AppLogic.GetUpsellProductPrice(ProductID, UpsellProductID, ThisCustomer.CustomerLevelID); DB.ExecuteSQL("update shoppingcart set IsUpsell=1, ProductPrice=" + Localization.CurrencyStringForDBWithoutExchangeRate(PR) + " where CartType=" + ((int)CartType).ToString() + " and CustomerID=" + ThisCustomer.CustomerID.ToString() + " and ProductID=" + UpsellProductID.ToString() + " and VariantID=" + UpsellVariantID.ToString() + " and convert(nvarchar(1000),ChosenColor)='' and convert(nvarchar(1000),ChosenSize)='' and convert(nvarchar(1000),TextOption)=''"); } } } catch { } } } } cart = null; AppLogic.eventHandler("AddToCart").CallEvent("&AddToCart=true&VariantID=" + VariantID.ToString() + "&ProductID=" + ProductID.ToString() + "&ChosenColor=" + ChosenColor + "&ChosenSize=" + ChosenSize); if (AppLogic.AppConfig("AddToCartAction").Equals("STAY", StringComparison.InvariantCultureIgnoreCase) && ReturnURL.Length != 0) { Response.Redirect(ReturnURL); } else { if (ReturnURL.Length == 0) { ReturnURL = String.Empty; if (Request.UrlReferrer != null) { ReturnURL = Request.UrlReferrer.AbsoluteUri; // could be null } if (ReturnURL == null) { ReturnURL = String.Empty; } } if (CartType == CartTypeEnum.WishCart) { Response.Redirect("wishlist.aspx?ReturnUrl=" + Security.UrlEncode(ReturnURL)); } if (CartType == CartTypeEnum.GiftRegistryCart) { Response.Redirect("giftregistry.aspx?ReturnUrl=" + Security.UrlEncode(ReturnURL)); } Response.Redirect("ShoppingCart.aspx?add=true&ReturnUrl=" + Security.UrlEncode(ReturnURL)); } }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ProductID = CommonLogic.QueryStringUSInt("ProductID"); if (ProductID == 0) { Response.Redirect(AppLogic.AdminLinkUrl("products.aspx")); } ProductName = AppLogic.GetProductName(ProductID, LocaleSetting); ProductSKU = AppLogic.GetProductSKU(ProductID); ProductTracksInventoryBySizeAndColor = AppLogic.ProductTracksInventoryBySizeAndColor(ProductID); if (CommonLogic.QueryStringCanBeDangerousContent("CloneID").Length != 0) { int CloneID = CommonLogic.QueryStringUSInt("CloneID"); DB.ExecuteSQL("aspdnsf_CloneVariant " + CloneID.ToString() + "," + ThisCustomer.CustomerID.ToString()); } if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { int DeleteID = CommonLogic.QueryStringUSInt("DeleteID"); DB.ExecuteSQL("delete from CustomCart where VariantID=" + DeleteID.ToString()); DB.ExecuteSQL("delete from KitCart where VariantID=" + DeleteID.ToString()); DB.ExecuteSQL("delete from ShoppingCart where VariantID=" + DeleteID.ToString()); DB.ExecuteSQL("delete from ProductVariant where VariantID=" + DeleteID.ToString()); } if (CommonLogic.QueryStringBool("DeleteAllVariants")) { DB.ExecuteSQL("delete from CustomCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")"); DB.ExecuteSQL("delete from KitCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")"); DB.ExecuteSQL("delete from ShoppingCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")"); DB.ExecuteSQL("delete from ProductVariant where ProductID=" + ProductID.ToString());; } if (CommonLogic.FormBool("IsSubmit")) { DB.ExecuteSQL("update ProductVariant set IsDefault=0 where ProductID=" + ProductID.ToString()); if (CommonLogic.FormCanBeDangerousContent("IsDefault").Length == 0 || CommonLogic.FormUSInt("IsDefault") == 0) { // try to force a default variant, none was specified! DB.ExecuteSQL("update ProductVariant set IsDefault=1 where ProductID=" + ProductID.ToString() + " and VariantID in (SELECT top 1 VariantID from ProductVariant where ProductID=" + ProductID.ToString() + " order by DisplayOrder,Name)"); } else { DB.ExecuteSQL("update ProductVariant set IsDefault=1 where ProductID=" + ProductID.ToString() + " and VariantID=" + CommonLogic.FormUSInt("IsDefault").ToString()); } for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int VariantID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch { } DB.ExecuteSQL("update productvariant set DisplayOrder=" + DispOrd.ToString() + " where VariantID=" + VariantID.ToString()); } } } if (CommonLogic.QueryStringCanBeDangerousContent("DeleteAllVariants").Equals("TRUE", StringComparison.InvariantCultureIgnoreCase) == false) { AppLogic.MakeSureProductHasAtLeastOneVariant(ProductID); } AppLogic.EnsureProductHasADefaultVariantSet(ProductID); LoadData(); }