private void Render() { StringBuilder writer = new StringBuilder(); String SFP = CommonLogic.SafeMapPath("../images/spacer.gif").Replace("images\\spacer.gif", "images\\upload"); if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { // delete the image: System.IO.File.Delete(SFP + "/" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID")); } if (CommonLogic.FormCanBeDangerousContent("IsSubmit") == "true") { // handle upload if any also: HttpPostedFile Image1File = Request.Files["Image1"]; if (Image1File.ContentLength != 0) { String tmp = Image1File.FileName.ToLowerInvariant(); if (tmp.EndsWith(".jpg", StringComparison.InvariantCultureIgnoreCase) || tmp.EndsWith(".png", StringComparison.InvariantCultureIgnoreCase) || tmp.EndsWith(".gif", StringComparison.InvariantCultureIgnoreCase)) { if (tmp.LastIndexOf('\\') != -1) { tmp = tmp.Substring(tmp.LastIndexOf('\\') + 1); } String fn = SFP + "/" + tmp; Image1File.SaveAs(fn); } } } writer.Append("<form enctype=\"multipart/form-data\" id=\"Form1\" name=\"Form1\" method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("images.aspx") + "\">\n"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n"); writer.Append(" <table border=\"0\" cellpadding=\"2\" border=\"0\" cellspacing=\"1\" width=\"100%\">\n"); writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n"); writer.Append(" <td class=\"tablenormal\"><b>" + AppLogic.GetString("admin.common.FileName", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td class=\"tablenormal\"><b>" + AppLogic.GetString("admin.common.ImgTagSrc", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td class=\"tablenormal\"><b>" + AppLogic.GetString("admin.common.Dimensions", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td class=\"tablenormal\"><b>" + AppLogic.GetString("admin.images.Size", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td class=\"tablenormal\"><b>" + AppLogic.GetString("admin.common.Image", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td class=\"tablenormal\"><b>" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" </tr>\n"); // create an array to hold the list of files ArrayList fArray = new ArrayList(); // get information about our initial directory DirectoryInfo dirInfo = new DirectoryInfo(SFP); // retrieve array of files & subdirectories FileSystemInfo[] myDir = dirInfo.GetFileSystemInfos(); for (int i = 0; i < myDir.Length; i++) { // check the file attributes // if a subdirectory, add it to the sArray // otherwise, add it to the fArray if (((Convert.ToUInt32(myDir[i].Attributes) & Convert.ToUInt32(FileAttributes.Directory)) > 0)) { } else { bool skipit = false; if (myDir[i].FullName.StartsWith("_") || (!myDir[i].FullName.EndsWith("jpg", StringComparison.InvariantCultureIgnoreCase) && !myDir[i].FullName.EndsWith("gif", StringComparison.InvariantCultureIgnoreCase) && !myDir[i].FullName.EndsWith("png", StringComparison.InvariantCultureIgnoreCase))) { skipit = true; } if (!skipit) { fArray.Add(Path.GetFileName(myDir[i].FullName)); } } } if (fArray.Count != 0) { // sort the files alphabetically fArray.Sort(0, fArray.Count, null); for (int i = 0; i < fArray.Count; i++) { string className = "gridRowPlain"; if (i % 2 == 0) { className = "gridAlternatingRowPlain"; } String src = "../images/upload/" + fArray[i].ToString(); System.Drawing.Size size = CommonLogic.GetImagePixelSize(src); long s = CommonLogic.GetImageSize(src); int SizeInKB = (int)s / 1000; writer.Append(" <tr bgcolor=\"" + AppLogic.AppConfig("LightCellColor") + "\">\n"); writer.Append(" <td class=\"" + className + "\">" + fArray[i].ToString() + "</td>\n"); writer.Append(" <td class=\"" + className + "\">../images/upload/" + fArray[i].ToString() + "</td>\n"); writer.Append(" <td class=\"" + className + "\">" + size.Width.ToString() + "x" + size.Height.ToString() + "</td>\n"); writer.Append(" <td class=\"" + className + "\">" + String.Format(AppLogic.GetString("admin.images.KB", SkinID, LocaleSetting), SizeInKB) + "</td>\n"); writer.Append("<td class=\"" + className + "\"><a target=\"_blank\" href=\"" + src + "\">\n"); writer.Append("<img border=\"0\" src=\"" + src + "?" + CommonLogic.GetRandomNumber(1, 1000000).ToString() + "\"" + CommonLogic.IIF(size.Height > 50, " height=\"50\"", "") + ">\n"); writer.Append("</a></td>\n"); writer.Append(" <td align=\"center\" class=\"" + className + "\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + i.ToString() + "\" onClick=\"DeleteImage(" + CommonLogic.SQuote(fArray[i].ToString()) + ")\"></td>\n"); writer.Append(" </tr>\n"); } } writer.Append(" <tr>\n"); writer.Append(" <td colspan=\"6\" height=5></td>\n"); writer.Append(" </tr>\n"); writer.Append(" </table>\n"); writer.Append("<p align=\"left\">" + AppLogic.GetString("admin.images.UploadNewImage", SkinID, LocaleSetting) + ": <input type=\"file\" name=\"Image1\" size=\"50\"><br/><input type=\"submit\" value=\"" + AppLogic.GetString("admin.common.Submit", SkinID, LocaleSetting) + "\" name=\"submit\" class=\"normalButtons\"></p>\n"); writer.Append("</form>\n"); writer.Append("</center></b>\n"); writer.Append("<script type=\"text/javascript\">\n"); writer.Append("function DeleteImage(name)\n"); writer.Append("{\n"); writer.Append("if(confirm('" + String.Format(AppLogic.GetString("admin.images.ConfirmDeleteImage", SkinID, LocaleSetting), "'+ name") + "))\n"); writer.Append("{\n"); writer.Append("self.location = '" + AppLogic.AdminLinkUrl("images.aspx") + "?deleteid=' + name;\n"); writer.Append("}\n"); writer.Append("}\n"); writer.Append("</SCRIPT>\n"); ltContent.Text = writer.ToString(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); SearchFor = CommonLogic.QueryStringCanBeDangerousContent("SearchFor"); GroupName = CommonLogic.QueryStringCanBeDangerousContent("GroupName"); BeginsWith = CommonLogic.QueryStringCanBeDangerousContent("BeginsWith"); SkinPreviewID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID") != "0") { Editing = true; SkinPreviewID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("SkinPreviewID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into SkinPreview(SkinPreviewGUID,Name,GroupName,SkinID) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("GroupName")) + ","); sql.Append(CommonLogic.FormUSInt("SkinID").ToString()); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select SkinPreviewID from SkinPreview with (NOLOCK) where SkinPreviewGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); SkinPreviewID = DB.RSFieldInt(rs, "SkinPreviewID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update SkinPreview set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append("GroupName=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("GroupName")) + ","); sql.Append("SkinID=" + CommonLogic.FormUSInt("SkinID").ToString()); sql.Append(" where SkinPreviewID=" + SkinPreviewID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } // handle image uploaded: String FN = SkinPreviewID.ToString(); try { String Image1 = String.Empty; HttpPostedFile Image1File = Request.Files["Image1"]; if (Image1File.ContentLength != 0) { // delete any current image file first try { System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".png"); } catch { } String s = Image1File.ContentType; switch (Image1File.ContentType) { case "image/gif": Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".gif"; Image1File.SaveAs(Image1); break; case "image/x-png": Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".png"; Image1File.SaveAs(Image1); break; case "image/jpg": case "image/jpeg": case "image/pjpeg": Image1 = AppLogic.GetImagePath("SkinPreviews", "icon", true) + FN + ".jpg"; Image1File.SaveAs(Image1); break; } } String Image2 = String.Empty; HttpPostedFile Image2File = Request.Files["Image2"]; if (Image2File.ContentLength != 0) { // delete any current image file first try { System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".jpg"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".gif"); System.IO.File.Delete(AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".png"); } catch { } String s = Image2File.ContentType; switch (Image2File.ContentType) { case "image/gif": Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".gif"; Image2File.SaveAs(Image2); break; case "image/x-png": Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".png"; Image2File.SaveAs(Image2); break; case "image/jpg": case "image/jpeg": case "image/pjpeg": Image2 = AppLogic.GetImagePath("SkinPreviews", "medium", true) + FN + ".jpg"; Image2File.SaveAs(Image2); break; } } } catch (Exception ex) { ErrorMsg = CommonLogic.GetExceptionDetail(ex, "<br/>"); } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("skinpreview.aspx") + "?GroupName=" + Server.UrlEncode(GroupName) + "&beginsWith=" + Server.UrlEncode(BeginsWith) + "&searchfor=" + Server.UrlEncode(SearchFor) + "\">" + AppLogic.GetString("admin.menu.SkinPreviews", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editskinpreview.AddEditSkinPreview", SkinID, LocaleSetting); RenderHtml(); }
private void ProcessCart() { bool ContinueCheckout = (CommonLogic.FormCanBeDangerousContent("continue") != ""); if (cart.IsEmpty()) { Response.Redirect("shoppingcart.aspx"); } if (CommonLogic.QueryStringBool("setallprimary")) { cart.ResetAllAddressToPrimaryShippingAddress(); if (ContinueCheckout) { Response.Redirect("checkoutshippingmult2.aspx"); } else { Response.Redirect("checkoutshippingmult.aspx"); } } Hashtable NewAddresses = new Hashtable(); Hashtable AddressIDs = new Hashtable(); StringBuilder xmlDoc = new StringBuilder(4096); xmlDoc.Append("<root>"); // add NEW address blocks, if necessary: foreach (CartItem c in cart.CartItems) { if (!c.IsDownload && c.Shippable && !GiftCard.s_IsEmailGiftCard(c.ProductID) && c.SKU != AppLogic.ro_PMMicropay) { for (int i = 1; i <= c.Quantity; i++) { int ThisAddressID = 0; String ThisID = c.ShoppingCartRecordID.ToString() + "_" + i.ToString(); String ShipToType = CommonLogic.FormCanBeDangerousContent("ShipToType_" + ThisID); switch (ShipToType.ToUpperInvariant()) { case "NEWADDRESS": { Address addr = new Address(); addr.CustomerID = ThisCustomer.CustomerID; addr.NickName = CommonLogic.FormCanBeDangerousContent("AddressNickName_" + ThisID); addr.FirstName = CommonLogic.FormCanBeDangerousContent("AddressFirstName_" + ThisID); addr.LastName = CommonLogic.FormCanBeDangerousContent("AddressLastName_" + ThisID); addr.Address1 = CommonLogic.FormCanBeDangerousContent("AddressAddress1_" + ThisID); addr.Address2 = CommonLogic.FormCanBeDangerousContent("AddressAddress2_" + ThisID); addr.Company = CommonLogic.FormCanBeDangerousContent("AddressCompany_" + ThisID); addr.Suite = CommonLogic.FormCanBeDangerousContent("AddressSuite_" + ThisID); addr.City = CommonLogic.FormCanBeDangerousContent("AddressCity_" + ThisID); addr.State = CommonLogic.FormCanBeDangerousContent("AddressState_" + ThisID); addr.Zip = CommonLogic.FormCanBeDangerousContent("AddressZip_" + ThisID); addr.Country = CommonLogic.FormCanBeDangerousContent("AddressCountry_" + ThisID); addr.Phone = CommonLogic.FormCanBeDangerousContent("AddressPhone_" + ThisID); // did we add this address already? if (NewAddresses.ContainsKey(addr.Address1)) { ThisAddressID = System.Int32.Parse(NewAddresses[addr.Address1].ToString()); } else { addr.AddressType = AddressTypes.Shipping; addr.InsertDB(); NewAddresses.Add(addr.Address1, addr.AddressID.ToString()); ThisAddressID = addr.AddressID; } break; } case "GIFTREGISTRYADDRESS": { int GiftCustomerID = c.GiftRegistryForCustomerID; ThisAddressID = AppLogic.GiftRegistryShippingAddressID(GiftCustomerID); break; } case "EXISTINGADDRESS": case "": { ThisAddressID = CommonLogic.FormUSInt(ThisID); break; } } if (ThisAddressID > 0) { xmlDoc.Append(String.Format("<row cartid=\"{0}\" addressid=\"{1}\" />", c.ShoppingCartRecordID.ToString(), ThisAddressID.ToString())); } else { UpdatepageContent(); ErrorMsgLabel.Text = AppLogic.GetString("checkoutshippingmult.aspx.27", ThisCustomer.SkinID, ThisCustomer.LocaleSetting); pnlErrorMsg.Visible = true; return; } } } } xmlDoc.Append("</root>"); cart.SetAddressesToXmlSpec(xmlDoc.ToString()); if (!ContinueCheckout) { UpdatepageContent(); } else { Response.Redirect("checkoutshippingmult2.aspx"); } }
private void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = -1; Response.AddHeader("pragma", "no-cache"); Response.Cache.SetAllowResponseInBrowserHistory(false); Customer ThisCustomer = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer; ThisCustomer.RequireCustomerRecord(); int CustomerID = ThisCustomer.CustomerID; String Payload = ThisCustomer.ThisCustomerSession["Cardinal.Payload"]; String PaRes = CommonLogic.FormCanBeDangerousContent("PaRes"); String TransactionID = ThisCustomer.ThisCustomerSession["Cardinal.TransactionID"]; int OrderNumber = ThisCustomer.ThisCustomerSession.SessionUSInt("Cardinal.OrderNumber"); String ReturnURL = String.Empty; if (ShoppingCart.CartIsEmpty(CustomerID, CartTypeEnum.ShoppingCart)) { ReturnURL = "ShoppingCart.aspx"; } ErrorMessage err; if (ReturnURL.Length == 0) { if (OrderNumber == 0) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("cardinal_process.aspcs.cs.1", 1, Localization.GetDefaultLocale()))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } } if (ReturnURL.Length == 0) { if (Payload.Length == 0 || TransactionID.Length == 0) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("cardinal_process.aspcs.cs.1", 1, Localization.GetDefaultLocale()))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } } String PAResStatus = String.Empty; String SignatureVerification = String.Empty; String ErrorNo = String.Empty; String ErrorDesc = String.Empty; if (ReturnURL.Length == 0) { String CardinalAuthenticateResult = String.Empty; String AuthResult = Cardinal.PreChargeAuthenticate(OrderNumber, PaRes, TransactionID, out PAResStatus, out SignatureVerification, out ErrorNo, out ErrorDesc, out CardinalAuthenticateResult); ThisCustomer.ThisCustomerSession["Cardinal.AuthenticateResult"] = CardinalAuthenticateResult; //===================================================================================== // Determine if the Authentication was Successful or Error // // Please consult the documentation regarding the handling of each response scenario. // // If the Authentication results (PAResStatus) is a Y or A, and the SignatureVerification is Y, then // the Payer Authentication was successful. The Authorization Message should be processed, // and the User taken to a Order Confirmation location. // // If the Authentication results were not successful (PAResStatus = N), or // the ErrorNo was NOT //0// then the Consumer should be redirected, and prompted for another // form of payment. // // If the Authentication results were not successful (PAResStatus = U) and the ErrorNo = //0// // then authorization message should be processed. In this case the merchant will retain // liability for this transaction if it is sent to authorization. // // Note that it is also important that you account for cases when your flow logic can account // for error cases, and the flow can be broken after //N// number of attempts //===================================================================================== // handle success cases: if (((PAResStatus == "Y" || PAResStatus == "A") && SignatureVerification == "Y") || (PAResStatus == "U" && ErrorNo == "0")) { ShoppingCart cart = new ShoppingCart(1, ThisCustomer, CartTypeEnum.ShoppingCart, 0, false); // GET CAVV from authenticate call result: String CAVV = CommonLogic.ExtractToken(ThisCustomer.ThisCustomerSession["Cardinal.AuthenticateResult"], "<Cavv>", "</Cavv>"); String ECI = CommonLogic.ExtractToken(ThisCustomer.ThisCustomerSession["Cardinal.AuthenticateResult"], "<EciFlag>", "</EciFlag>"); String XID = CommonLogic.ExtractToken(ThisCustomer.ThisCustomerSession["Cardinal.AuthenticateResult"], "<Xid>", "</Xid>"); Address UseBillingAddress = new Address(); UseBillingAddress.LoadByCustomer(ThisCustomer.CustomerID, ThisCustomer.PrimaryBillingAddressID, AddressTypes.Billing); String status = Gateway.MakeOrder(String.Empty, AppLogic.TransactionMode(), cart, OrderNumber, CAVV, ECI, XID, String.Empty); if (status != AppLogic.ro_OK) { err = new ErrorMessage(status); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } else { // store cardinal call results for posterity: DB.ExecuteSQL("update orders set CardinalLookupResult=" + DB.SQuote(ThisCustomer.ThisCustomerSession["Cardinal.LookupResult"]) + ", CardinalAuthenticateResult=" + DB.SQuote(ThisCustomer.ThisCustomerSession["Cardinal.AuthenticateResult"]) + " where OrderNumber=" + OrderNumber.ToString()); ReturnURL = "orderconfirmation.aspx?ordernumber=" + OrderNumber.ToString() + "&paymentmethod=Credit+Card"; } } // handle failure: if (PAResStatus == "N" || ErrorNo != "0") { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("cardinal_process.aspx.3", 1, Localization.GetDefaultLocale()))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } // handle failure: if (SignatureVerification == "N" || ErrorNo != "0") { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("cardinal_process.aspx.4", 1, Localization.GetDefaultLocale()))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } } if (ReturnURL.Length == 0) { err = new ErrorMessage(Server.HtmlEncode(String.Format(AppLogic.GetString("cardinal_process.aspx.5", 1, Localization.GetDefaultLocale()), ErrorDesc))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } ThisCustomer.ThisCustomerSession["Cardinal.LookupResult"] = String.Empty; ThisCustomer.ThisCustomerSession["Cardinal.AuthenticateResult"] = String.Empty; ThisCustomer.ThisCustomerSession["Cardinal.ACSUrl"] = String.Empty; ThisCustomer.ThisCustomerSession["Cardinal.Payload"] = String.Empty; ThisCustomer.ThisCustomerSession["Cardinal.TransactionID"] = String.Empty; ThisCustomer.ThisCustomerSession["Cardinal.OrderNumber"] = String.Empty; ThisCustomer.ThisCustomerSession["Cardinal.LookupResult"] = String.Empty; Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); Response.Write("<html><head><title>Cardinal Process</title></head><body>"); Response.Write("<script type=\"text/javascript\">\n"); Response.Write("top.location='" + ReturnURL + "';\n"); Response.Write("</SCRIPT>\n"); Response.Write("<div align=\"center\">" + String.Format(AppLogic.GetString("cardinal_process.aspx.6", 1, Localization.GetDefaultLocale()), ReturnURL) + "</div>"); Response.Write("</body></html>"); }
/// <summary> /// Update the restrictions /// </summary> private void UpdateRestrictions() { // Unrestricted // Do nothing...restrictions are ignored // States if(liState.Selected) { String allowedstateids = String.Empty; foreach(Control ctrl in pnlStateSelect.Controls) { string Type = ctrl.GetType().ToString(); if(Type == "System.Web.UI.WebControls.CheckBox") { CheckBox cb = (CheckBox)ctrl; if(cb.Checked) { allowedstateids += cb.ID.ToString().Remove(0, 4) + ","; } } } AppConfigManager.SetAppConfigValue( "RTShipping.LocalPickupRestrictionStates", allowedstateids.TrimEnd(',').Trim(), AppLogic.StoreID()); } // Zones if(liZone.Selected) { var allowedZoneIds = new List<string>(); String shippingZoneId = String.Empty; using(SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using(IDataReader rs = DB.GetRS("select ShippingZoneID from ShippingZone with (NOLOCK)", dbconn)) { while(rs.Read()) { shippingZoneId = DB.RSFieldInt(rs, "ShippingZoneID").ToString(); String cbxId = HttpContext.Current.Request.Form.AllKeys.FirstOrDefault(x => x.EndsWith(String.Format(CultureInfo.InvariantCulture, "ckb_{0}", shippingZoneId))); if(CommonLogic.FormCanBeDangerousContent(cbxId).Equals("on", StringComparison.InvariantCultureIgnoreCase)) { allowedZoneIds.Add(shippingZoneId); } } } } AppConfigManager.SetAppConfigValue( "RTShipping.LocalPickupRestrictionZones", string.Join(",", allowedZoneIds), AppLogic.StoreID()); } // Zips if(liZip.Selected) { AppConfigManager.SetAppConfigValue( "RTShipping.LocalPickupRestrictionZips", HttpUtility.HtmlEncode(txtRestrictionAllowedZips.Text).Trim().TrimEnd(','), AppLogic.StoreID()); } }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ShippingZoneID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID") != "0") { Editing = true; ShippingZoneID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("ShippingZoneID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); string sZipCodesWithoutSpace = CleanZipCodes(CommonLogic.FormCanBeDangerousContent("ZipCodes")); int countryID = CommonLogic.FormNativeInt("hfAddressCountry"); bool zipCodeEntryValid = ValidateZipCodes(sZipCodesWithoutSpace, countryID); if (zipCodeEntryValid) { if (!Editing) { // ok to add: String NewGUID = DB.GetNewGUID(); sql.Append("insert into shippingZone(ShippingZoneGUID,Name,ZipCodes, CountryID) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append(DB.SQuote(sZipCodesWithoutSpace) + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("hfAddressCountry")); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select ShippingZoneID from shippingZone with (NOLOCK) where deleted=0 and ShippingZoneGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); ShippingZoneID = DB.RSFieldInt(rs, "ShippingZoneID"); Editing = true; } } DataUpdated = true; Response.Redirect("shippingzones.aspx", true); } else { int ZoneCountryID; if (!int.TryParse(CommonLogic.FormCanBeDangerousContent("hfAddressCountry"), out ZoneCountryID)) { ZoneCountryID = usCountryExist; } // ok to update: sql.Append("update shippingZone set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append("ZipCodes=" + DB.SQuote(Regex.Replace(CommonLogic.FormCanBeDangerousContent("ZipCodes"), "\\s+", "", RegexOptions.Compiled)) + ","); sql.Append("CountryID=" + ZoneCountryID); sql.Append(" where ShippingZoneID=" + ShippingZoneID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } else { Editing = true; DataUpdated = false; string exampleFormat = AppLogic.GetCountryPostalExample(countryID); ErrorMsg = string.Format(AppLogic.GetString("admin.editshippingzone.EnterZipCodes", SkinID, LocaleSetting), exampleFormat); } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("shippingzones.aspx") + "\">" + AppLogic.GetString("admin.menu.ShippingZones", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.editshippingzone.ManageShippingZones", SkinID, LocaleSetting) + ""; Render(); }
protected void Page_Load(object sender, System.EventArgs e) { EntityID = CommonLogic.QueryStringUSInt("EntityID");; EntityName = CommonLogic.QueryStringCanBeDangerousContent("EntityName"); m_EntitySpecs = EntityDefinitions.LookupSpecs(EntityName); Helper = new EntityHelper(m_EntitySpecs, 0); if (EntityID == 0 || EntityName.Length == 0) { Response.Redirect(AppLogic.AdminLinkUrl("default.aspx")); } SelectedLocale = LocaleSource.GetDefaultLocale(); if (CommonLogic.FormCanBeDangerousContent("IsSubmit").Equals("TRUE", StringComparison.InvariantCultureIgnoreCase)) { for (var i = 0; i <= Request.Form.Count - 1; i++) { var FieldName = Request.Form.Keys[i]; if (FieldName.StartsWith("setitle", StringComparison.InvariantCultureIgnoreCase)) { var FieldNameSplit = FieldName.Split('_'); var TheProductID = Localization.ParseUSInt(FieldNameSplit[1]); var TheVariantID = Localization.ParseUSInt(FieldNameSplit[2]); var inputVal = AppLogic.FormLocaleXml("SETitle", CommonLogic.FormCanBeDangerousContent(FieldName), SelectedLocale.Name, "Product", TheProductID); if (inputVal.Length == 0) { DB.ExecuteSQL("update Product set SETitle=NULL where ProductID=" + TheProductID.ToString()); } else { DB.ExecuteSQL("update Product set SETitle=" + DB.SQuote(inputVal) + " where ProductID=" + TheProductID.ToString()); } } if (FieldName.StartsWith("sekeywords", StringComparison.InvariantCultureIgnoreCase)) { var FieldNameSplit = FieldName.Split('_'); var TheProductID = Localization.ParseUSInt(FieldNameSplit[1]); var TheVariantID = Localization.ParseUSInt(FieldNameSplit[2]); var inputVal = AppLogic.FormLocaleXml("SEKeywords", CommonLogic.FormCanBeDangerousContent(FieldName), SelectedLocale.Name, "Product", TheProductID); if (inputVal.Length == 0) { DB.ExecuteSQL("update Product set SEKeywords=NULL where ProductID=" + TheProductID.ToString()); } else { DB.ExecuteSQL("update Product set SEKeywords=" + DB.SQuote(inputVal) + " where ProductID=" + TheProductID.ToString()); } } if (FieldName.StartsWith("sedescription", StringComparison.InvariantCultureIgnoreCase)) { var FieldNameSplit = FieldName.Split('_'); var TheProductID = Localization.ParseUSInt(FieldNameSplit[1]); var TheVariantID = Localization.ParseUSInt(FieldNameSplit[2]); var inputVal = AppLogic.FormLocaleXml("SEDescription", CommonLogic.FormCanBeDangerousContent(FieldName), SelectedLocale.Name, "Product", TheProductID); if (inputVal.Length == 0) { DB.ExecuteSQL("update Product set SEDescription=NULL where ProductID=" + TheProductID.ToString()); } else { DB.ExecuteSQL("update Product set SEDescription=" + DB.SQuote(inputVal) + " where ProductID=" + TheProductID.ToString()); } } } AlertMessageDisplay.PushAlertMessage("The search engine fields have been saved.", AspDotNetStorefrontControls.AlertMessage.AlertType.Success); } LoadBody(SelectedLocale.Name); }
private void ProcessForm(bool UseValidationService, int AddressID) { string ResidenceType = ddlResidenceType.SelectedValue; bool valid = true; string errormsg = string.Empty; bool CardIncluded = false; if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("CardName"))) { valid = false; errormsg += "•" + AppLogic.GetString("admin.editaddressrecurring.CardNameIsRequired", SkinID, LocaleSetting) + "<br/>"; } if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("CardType"))) { valid = false; errormsg += "•" + AppLogic.GetString("admin.editaddressrecurring.CardTypeIsRequired", SkinID, LocaleSetting) + "<br/>"; } if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("CardNumber"))) { valid = false; errormsg += "•" + AppLogic.GetString("admin.editaddressrecurring.CardNumberIsRequired", SkinID, LocaleSetting) + "<br/>"; } else { CardIncluded = true; } int iexpMonth = 0; int iexpYear = 0; string expMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth"); string expYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear"); if (string.IsNullOrEmpty(expMonth) || !int.TryParse(expMonth, out iexpMonth) || !(iexpMonth > 0)) { valid = false; errormsg += "•" + AppLogic.GetString("admin.editaddressrecurring.CardExpirationMonthNotification", SkinID, LocaleSetting) + "<br/>"; } else { CardIncluded = true; } if (string.IsNullOrEmpty(expYear) || !int.TryParse(expYear, out iexpYear) || !(iexpYear > 0)) { valid = false; errormsg += "•" + AppLogic.GetString("admin.editaddressrecurring.CardExpirationYearNotification", SkinID, LocaleSetting) + "<br/>"; } else { CardIncluded = true; } if (!CardIncluded) { valid = true; } if (!Page.IsValid || !valid) { ErrorMsgLabel.Text = "<br /><br />" + AppLogic.GetString("admin.editaddressrecurring.ErrorUpdating", SkinID, LocaleSetting) + "<br /><br />"; foreach (IValidator aValidator in Validators) { if (!aValidator.IsValid) { ErrorMsgLabel.Text += "• " + aValidator.ErrorMessage + "<br />"; } } ErrorMsgLabel.Text += "<br />"; ErrorMsgLabel.Text += errormsg; InitializePageContent(); return; } else { ErrorMsgLabel.Text = String.Empty; } theAddress.AddressType = AddressTypes.Billing; theAddress.NickName = txtAddressNickName.Text; theAddress.FirstName = txtFirstName.Text; theAddress.LastName = txtLastName.Text; theAddress.Company = txtCompany.Text; theAddress.Address1 = txtAddress1.Text; theAddress.Address2 = txtAddress2.Text; theAddress.Suite = txtSuite.Text; theAddress.City = txtCity.Text; theAddress.State = ddlState.SelectedValue; theAddress.Zip = txtZip.Text; theAddress.Country = ddlCountry.SelectedValue; theAddress.Phone = txtPhone.Text; if (ResidenceType == "2") { theAddress.ResidenceType = ResidenceTypes.Commercial; } else if (ResidenceType == "1") { theAddress.ResidenceType = ResidenceTypes.Residential; } else { theAddress.ResidenceType = ResidenceTypes.Unknown; } if (CardIncluded) { theAddress.PaymentMethodLastUsed = AppLogic.ro_PMCreditCard; theAddress.CardName = CommonLogic.FormCanBeDangerousContent("CardName"); theAddress.CardType = CommonLogic.FormCanBeDangerousContent("CardType"); string tmpS = CommonLogic.FormCanBeDangerousContent("CardNumber"); if (!tmpS.StartsWith("*")) { theAddress.CardNumber = tmpS; } theAddress.CardExpirationMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth"); theAddress.CardExpirationYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear"); } theAddress.UpdateDB(); litCCForm.Text = theAddress.InputCardHTML(AddressCustomer, false, false); RecurringOrderMgr rmgr = new RecurringOrderMgr(EntityHelpers, GetParser); errormsg = rmgr.ProcessAutoBillAddressUpdate(OriginalRecurringOrderNumber, theAddress); ErrorMsgLabel.Text = errormsg != AppLogic.ro_OK ? errormsg : String.Empty; if (!AddressCustomer.MasterShouldWeStoreCreditCardInfo) { theAddress.ClearCCInfo(); theAddress.UpdateDB(); } }
private void Render() { StringBuilder writer = new StringBuilder(); string SuperuserFilter = CommonLogic.IIF(ThisCustomer.IsAdminSuperUser, String.Empty, " Customer.IsAdmin!=3 and "); String StartDate = CommonLogic.FormCanBeDangerousContent("StartDate"); String EndDate = CommonLogic.FormCanBeDangerousContent("EndDate"); String AffiliateID = CommonLogic.FormCanBeDangerousContent("AffiliateID"); String Gender = CommonLogic.FormCanBeDangerousContent("Gender"); String CouponCode = CommonLogic.FormCanBeDangerousContent("CouponCode"); String WithOrders = CommonLogic.FormCanBeDangerousContent("WithOrders"); String EasyRange = CommonLogic.FormCanBeDangerousContent("EasyRange"); String Day = CommonLogic.FormCanBeDangerousContent("Day"); String Month = CommonLogic.FormCanBeDangerousContent("Month"); String Year = CommonLogic.FormCanBeDangerousContent("Year"); String CustomerType = CommonLogic.FormCanBeDangerousContent("CustomerType"); if (StartDate.Length == 0) { DateTime DefaultDate = DateTime.Today.AddMonths(-1); StartDate = Localization.ToThreadCultureShortDateString(DefaultDate); } if (EndDate.Length == 0) { EndDate = Localization.ToThreadCultureShortDateString(System.DateTime.Now); } if (EasyRange.Length == 0) { EasyRange = "UseDatesAbove"; } if (CustomerType.Length == 0) { CustomerType = "AllCustomers"; } // reset date range here, to ensure new orders are visible: if (StartDate.Length == 0) { DateTime DefaultDate = DateTime.Today.AddMonths(-1); StartDate = Localization.ToThreadCultureShortDateString(DefaultDate); } if (EndDate.Length == 0) { EndDate = Localization.ToThreadCultureShortDateString(System.DateTime.Now.AddDays(1)); } writer.Append(" <!-- calendar stylesheet -->\n"); writer.Append(" <link rel=\"stylesheet\" type=\"text/css\" media=\"all\" href=\"jscalendar/calendar-win2k-cold-1.css\" title=\"win2k-cold-1\" />\n"); writer.Append("\n"); writer.Append(" <!-- main calendar program -->\n"); writer.Append(" <script type=\"text/javascript\" src=\"jscalendar/calendar.js\"></script>\n"); writer.Append("\n"); writer.Append(" <!-- language for the calendar -->\n"); writer.Append(" <script type=\"text/javascript\" src=\"jscalendar/lang/" + Localization.JSCalendarLanguageFile() + "\"></script>\n"); writer.Append("\n"); writer.Append(" <!-- the following script defines the Calendar.setup helper function, which makes\n"); writer.Append(" adding a calendar a matter of 1 or 2 lines of code. -->\n"); writer.Append(" <script type=\"text/javascript\" src=\"jscalendar/calendar-setup.js\"></script>\n"); writer.Append("<script type=\"text/javascript\">\n"); writer.Append("function ReportForm_Validator(theForm)\n"); writer.Append("{\n"); writer.Append("submitonce(theForm);\n"); writer.Append("return (true);\n"); writer.Append("}\n"); writer.Append("</script>\n"); writer.Append("<form method=\"GET\" action=\"" + AppLogic.AdminLinkUrl("rpt_EMails.aspx") + "\" id=\"ReportForm\" name=\"ReportForm\" onsubmit=\"return (validateForm(this) && ReportForm_Validator(this))\">"); writer.Append(" <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\">"); writer.Append(" <tr class=\"tablenormal\">"); writer.Append(" <td width=\"25%\" align=\"center\"><b>Date Range:</b></td>"); writer.Append(" <td width=\"25%\" align=\"center\"><b>Customer Qualifiers:</b></td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"25%\" valign=\"top\" align=\"left\" class=\"ordercustomer\">"); writer.Append(" <table border=\"0\" cellpadding=\"4\" cellspacing=\"0\" width=\"100%\">"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\">Start Date:</td>"); writer.Append(" <td width=\"50%\"><input type=\"text\" id=\"StartDate\" name=\"StartDate\" size=\"11\" value=\"" + StartDate + "\"> <button id=\"f_trigger_s\">...</button>"); writer.Append("</td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\">End Date:</td>"); writer.Append(" <td width=\"50%\"><input type=\"text\" id=\"EndDate\" name=\"EndDate\" size=\"11\" value=\"" + EndDate + "\"> <button id=\"f_trigger_e\">...</button>"); writer.Append(" </td>"); writer.Append(" </tr>"); writer.Append(" </table>"); writer.Append(" <hr size=\"1\">"); writer.Append(" <table border=\"0\" cellpadding=\"4\" cellspacing=\"0\" width=\"100%\">"); writer.Append(" <tr>"); writer.Append(" <td colspan=\"2\" align=\"left\" width=\"100%\"><input type=\"radio\" value=\"UseDatesAbove\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "UseDatesAbove" || EasyRange == "", "checked", "") + ">Use Dates Above</td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"Today\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "Today", "checked", "") + ">Today</td>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"Yesterday\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "Yesterday", "checked", "") + ">Yesterday</td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"ThisWeek\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "ThisWeek", "checked", "") + ">This Week</td>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"LastWeek\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "LastWeek", "checked", "") + ">Last Week</td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"ThisMonth\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "ThisMonth", "checked", "") + ">This Month</td>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"LastMonth\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "LastMonth", "checked", "") + ">Last Month</td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"ThisYear\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "ThisYear", "checked", "") + ">This Year</td>"); writer.Append(" <td width=\"50%\"><input type=\"radio\" value=\"LastYear\" name=\"EasyRange\" " + CommonLogic.IIF(EasyRange == "LastYear", "checked", "") + ">Last Year</td>"); writer.Append(" </tr>"); writer.Append(" </table>"); writer.Append(" </td>"); writer.Append(" <td width=\"25%\" valign=\"top\" align=\"left\" class=\"ordercustomer\">"); writer.Append(" <table border=\"0\" cellpadding=\"4\" cellspacing=\"0\" width=\"100%\">"); //We don't support affiliate in ML express if (AppLogic.ProductIsMLExpress() == false) { writer.Append(" <tr>"); writer.Append(" <td width=\"50%\">Affiliate:</td>"); writer.Append(" <td width=\"50%\"><select size=\"1\" name=\"AffiliateID\">"); writer.Append(" <option value=\"-\" " + CommonLogic.IIF(AffiliateID == "" || AffiliateID == "-", "selected", "") + ">-</option>"); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select * from affiliate with (NOLOCK) where deleted in (0,1) order by displayorder,name", dbconn)) { while (rs.Read()) { writer.Append("<option value=\"" + DB.RSFieldInt(rs, "AffiliateID").ToString() + "\"" + CommonLogic.IIF(AffiliateID == DB.RSFieldInt(rs, "AffiliateID").ToString(), "selected", "") + ">" + DB.RSField(rs, "Name") + "</option>"); } } } writer.Append(" </select></td>"); writer.Append(" </tr>"); } writer.Append(" <tr>"); writer.Append(" <td width=\"50%\">Gender:</td>"); writer.Append(" <td width=\"50%\"><select size=\"1\" name=\"Gender\">"); writer.Append(" <option value=\"-\" " + CommonLogic.IIF(Gender == "" || Gender == "-", "selected", "") + ">-</option>"); writer.Append(" <option value=\"M\"" + CommonLogic.IIF(Gender == "M", "selected", "") + ">Male</option>"); writer.Append(" <option value=\"F\"" + CommonLogic.IIF(Gender == "F", "selected", "") + ">Female</option>"); writer.Append(" </select></td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\">Coupon Code:</td>"); writer.Append(" <td width=\"50%\"><select size=\"1\" name=\"CouponCode\">"); writer.Append(" <option value=\"-\" " + CommonLogic.IIF(CouponCode == "" || CouponCode == "-", "selected", "") + ">-</option>"); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select * from Coupon with (NOLOCK) order by CouponCode", dbconn)) { while (rs.Read()) { writer.Append("<option value=\"" + DB.RSField(rs, "CouponCode").Replace("\"", "").Replace("'", "") + "\"" + CommonLogic.IIF(CouponCode == DB.RSField(rs, "CouponCode"), "selected", "") + ">" + Server.HtmlEncode(DB.RSField(rs, "CouponCode")) + "</option>"); } } } writer.Append(" </select></td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td width=\"50%\">With Orders:</td>"); writer.Append(" <td width=\"50%\">"); writer.Append(" <input type=\"radio\" name=\"WithOrders\" value=\"No\"" + CommonLogic.IIF(WithOrders == "No" || WithOrders.Length == 0, " checked ", "") + ">No "); writer.Append(" <input type=\"radio\" name=\"WithOrders\" value=\"Yes\"" + CommonLogic.IIF(WithOrders == "Yes", " checked ", "") + ">Yes"); writer.Append(" <input type=\"radio\" name=\"WithOrders\" value=\"Invert\"" + CommonLogic.IIF(WithOrders == "Invert", " checked ", "") + ">Without Orders"); writer.Append(" </td>"); writer.Append(" </tr>"); writer.Append(" </table>"); writer.Append(" </td>"); writer.Append(" </tr>"); writer.Append(" <tr>"); writer.Append(" <td style=\"border-top:solid 2px #1B427D; background-color:#ffffff\" width=\"100%\" valign=\"middle\" align=\"center\" bgcolor=\"#dfecff\" height=\"25px\" colspan=\"2\">"); writer.Append(" <input type=\"submit\" class=\"normalButtons\" value=\"submit\" name=\"B1\"> <input class=\"normalButtons\" type=\"button\" onClick=\"javascript:self.location='" + AppLogic.AdminLinkUrl("rpt_EMails.aspx") + "';\" value=\"Reset\" name=\"B2\">"); writer.Append(" </td>"); writer.Append(" </tr>"); writer.Append(" </table>"); writer.Append("\n<script type=\"text/javascript\">\n"); writer.Append(" Calendar.setup({\n"); writer.Append(" inputField : \"StartDate\", // id of the input field\n"); writer.Append(" ifFormat : \"" + Localization.JSCalendarDateFormatSpec() + "\", // format of the input field\n"); writer.Append(" showsTime : false, // will display a time selector\n"); writer.Append(" button : \"f_trigger_s\", // trigger for the calendar (button ID)\n"); writer.Append(" singleClick : true // Single-click mode\n"); writer.Append(" });\n"); writer.Append(" Calendar.setup({\n"); writer.Append(" inputField : \"EndDate\", // id of the input field\n"); writer.Append(" ifFormat : \"" + Localization.JSCalendarDateFormatSpec() + "\", // format of the input field\n"); writer.Append(" showsTime : false, // will display a time selector\n"); writer.Append(" button : \"f_trigger_e\", // trigger for the calendar (button ID)\n"); writer.Append(" singleClick : true // Single-click mode\n"); writer.Append(" });\n"); writer.Append("</script>\n"); DateTime RangeStartDate = System.DateTime.MinValue; DateTime RangeEndDate = System.DateTime.MaxValue; String DateWhere = String.Empty; switch (EasyRange) { case "UseDatesAbove": if (StartDate.Length != 0) { DateTime dt = Localization.ParseNativeDateTime(StartDate + " 12:00:00.000 AM"); DateWhere = " CreatedOn>=" + DB.DateQuote(Localization.ToDBDateTimeString(dt)); RangeStartDate = Localization.ParseNativeDateTime(StartDate); } else { RangeStartDate = System.DateTime.MinValue; // will get min date returned from either query } if (EndDate.Length != 0) { DateTime dt = Localization.ParseNativeDateTime(EndDate + " 11:59:59.999 PM"); DateWhere += CommonLogic.IIF(DateWhere.Length != 0, " and ", "") + "CreatedOn <=" + DB.DateQuote(Localization.ToDBDateTimeString(dt)); RangeEndDate = Localization.ParseNativeDateTime(EndDate); } else { RangeEndDate = System.DateTime.Now; } break; case "UseDatesBelow": if (Day.Length != 0 && Day != "0") { DateWhere = " day(CreatedOn)=" + Day + " "; } if (Month.Length != 0 && Month != "0") { if (DateWhere.Length != 0) { DateWhere += " and "; } DateWhere += " month(CreatedOn)=" + Month + " "; } if (Year.Length != 0 && Year != "0") { if (DateWhere.Length != 0) { DateWhere += " and "; } DateWhere += " year(CreatedOn)=" + Year + " "; } ; String DaySpec = CommonLogic.IIF(Day.Length == 0 || Day == "0", "1", Day); String MonthSpec = CommonLogic.IIF(Month.Length == 0 || Month == "0", "1", Month); String YearSpec = CommonLogic.IIF(Year.Length == 0 || Year == "0", System.DateTime.Now.Year.ToString(), Year); RangeStartDate = Localization.ParseNativeDateTime(MonthSpec + "/" + DaySpec + "/" + YearSpec); RangeEndDate = RangeStartDate; break; case "Today": DateWhere = "day(CreatedOn)=" + System.DateTime.Now.Day.ToString() + " and month(CreatedOn)=" + System.DateTime.Now.Month.ToString() + " and year(CreatedOn)=" + System.DateTime.Now.Year.ToString(); RangeStartDate = System.DateTime.Now; RangeEndDate = System.DateTime.Now; break; case "Yesterday": DateWhere = "day(CreatedOn)=" + System.DateTime.Now.AddDays(-1).Day.ToString() + " and month(CreatedOn)=" + System.DateTime.Now.AddDays(-1).Month.ToString() + " and year(CreatedOn)=" + System.DateTime.Now.AddDays(-1).Year.ToString(); RangeStartDate = System.DateTime.Now.AddDays(-1); RangeEndDate = System.DateTime.Now.AddDays(-1); break; case "ThisWeek": int DayOfWeek = (int)System.DateTime.Now.DayOfWeek; System.DateTime weekstart = System.DateTime.Now.AddDays(-(DayOfWeek)); System.DateTime weekend = weekstart.AddDays(6); int weekstartday = weekstart.DayOfYear; int weekendday = weekend.DayOfYear; DateWhere = "year(CreatedOn)=" + System.DateTime.Now.Year.ToString() + " and (datepart(\"dy\",CreatedOn)>=" + weekstartday.ToString() + " and datepart(\"dy\",CreatedOn)<=" + weekendday.ToString() + ")"; RangeStartDate = weekstart; RangeEndDate = weekend; break; case "LastWeek": int DayOfWeek2 = (int)System.DateTime.Now.DayOfWeek; System.DateTime weekstart2 = System.DateTime.Now.AddDays(-(DayOfWeek2)).AddDays(-7); System.DateTime weekend2 = weekstart2.AddDays(6); int weekstartday2 = weekstart2.DayOfYear; int weekendday2 = weekend2.DayOfYear; DateWhere = "year(CreatedOn)=" + System.DateTime.Now.Year.ToString() + " and (datepart(\"dy\",CreatedOn)>=" + weekstartday2.ToString() + " and datepart(\"dy\",CreatedOn)<=" + weekendday2.ToString() + ")"; RangeStartDate = weekstart2; RangeEndDate = weekend2; break; case "ThisMonth": DateWhere = "month(CreatedOn)=" + System.DateTime.Now.Month.ToString() + " and year(CreatedOn)=" + System.DateTime.Now.Year.ToString(); RangeStartDate = Localization.ParseNativeDateTime(System.DateTime.Now.Month.ToString() + "/1/" + System.DateTime.Now.Year.ToString()); RangeEndDate = RangeStartDate.AddMonths(1).AddDays(-1); break; case "LastMonth": DateWhere = "month(CreatedOn)=" + System.DateTime.Now.AddMonths(-1).Month.ToString() + " and year(CreatedOn)=" + System.DateTime.Now.AddMonths(-1).Year.ToString(); RangeStartDate = Localization.ParseNativeDateTime(System.DateTime.Now.AddMonths(-1).Month.ToString() + "/1/" + System.DateTime.Now.AddMonths(-1).Year.ToString()); RangeEndDate = RangeStartDate.AddMonths(1).AddDays(-1); break; case "ThisYear": DateWhere = "year(CreatedOn)=" + System.DateTime.Now.Year.ToString(); RangeStartDate = Localization.ParseUSDateTime("1/1/" + System.DateTime.Now.Year.ToString()); RangeEndDate = RangeStartDate.AddYears(1).AddDays(-1); if (RangeEndDate > System.DateTime.Now) { RangeEndDate = System.DateTime.Now; } break; case "LastYear": DateWhere = "year(CreatedOn)=" + System.DateTime.Now.AddYears(-1).Year.ToString(); RangeStartDate = Localization.ParseUSDateTime("1/1/" + System.DateTime.Now.AddYears(-1).Year.ToString()); RangeEndDate = RangeStartDate.AddYears(1).AddDays(-1); break; } if (DateWhere.Length != 0) { DateWhere = "(" + DateWhere + ")"; } String WhereClause = DateWhere; String GeneralWhere = String.Empty; String RegOnlyWhere = String.Empty; if (AffiliateID != "-" && AffiliateID.Length != 0) { if (GeneralWhere.Length != 0) { GeneralWhere += " and "; } GeneralWhere += "AffiliateID=" + AffiliateID.ToString(); } if (Gender != "-" && Gender.Length != 0) { if (GeneralWhere.Length != 0) { GeneralWhere += " and "; } GeneralWhere += "upper(Gender)=" + DB.SQuote(Gender.ToUpperInvariant()); } if (CouponCode != "-" && CouponCode.Length != 0) { if (GeneralWhere.Length != 0) { GeneralWhere += " and "; } GeneralWhere += "upper(CouponCode)=" + DB.SQuote(CouponCode.ToUpperInvariant()); } if (WithOrders == "Yes") { if (RegOnlyWhere.Length != 0) { RegOnlyWhere += " and "; } RegOnlyWhere += "customerid in (select distinct customerid from orders with (NOLOCK) )"; } if (WithOrders == "Invert") { if (RegOnlyWhere.Length != 0) { RegOnlyWhere += " and "; } RegOnlyWhere += "customerid not in (select distinct customerid from orders with (NOLOCK) )"; } if (GeneralWhere.Length != 0) { GeneralWhere = "(" + GeneralWhere + ")"; } if (RegOnlyWhere.Length != 0) { RegOnlyWhere = "(" + RegOnlyWhere + ")"; } if (DateWhere.Length != 0) { String sql = "select EMail from Customer with (NOLOCK) where " + SuperuserFilter.ToString() + " EMail <> '' " + CommonLogic.IIF(RegOnlyWhere.Length != 0, " and " + RegOnlyWhere, "") + CommonLogic.IIF(GeneralWhere.Length != 0, " and " + GeneralWhere, "") + CommonLogic.IIF(WhereClause.Length != 0, " and " + WhereClause, "") + " order by createdon desc"; if (AppLogic.AppConfigBool("Admin_ShowReportSQL")) { writer.Append("<p align=\"left\">SQL=" + sql + "</p>\n"); } using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS(sql, dbconn)) { while (rs.Read()) { writer.Append(DB.RSField(rs, "EMail") + "<br/>"); } } } } writer.Append("</form>"); ltContent.Text = writer.ToString(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); TargetCustomer = new Customer(CommonLogic.QueryStringUSInt("CustomerID"), true); if (TargetCustomer.CustomerID == 0) { AppLogic.AdminLinkUrl("Customers.aspx"); } if (TargetCustomer.IsAdminSuperUser && !ThisCustomer.IsAdminSuperUser) { throw new ArgumentException(AppLogic.GetString("admin.common.SecurityException", SkinID, LocaleSetting)); } if (CommonLogic.QueryStringUSInt("DeleteID") != 0) { DB.ExecuteSQL("delete from ShoppingCart where CustomerID=" + TargetCustomer.CustomerID.ToString() + " and ShoppingCartRecID=" + CommonLogic.QueryStringUSInt("DeleteID").ToString()); DB.ExecuteSQL("delete from kitcart where CustomerID=" + TargetCustomer.CustomerID.ToString() + " and ShoppingCartRecID=" + CommonLogic.QueryStringUSInt("DeleteID").ToString()); } if (CommonLogic.FormUSInt("OriginalRecurringOrderNumber") != 0) { int OriginalRecurringOrderNumber = CommonLogic.FormUSInt("OriginalRecurringOrderNumber"); int NewRecurringInterval = CommonLogic.FormUSInt("RecurringInterval"); DateIntervalTypeEnum NewRecurringIntervalType = (DateIntervalTypeEnum)CommonLogic.FormUSInt("RecurringIntervalType"); DateTime SetNextShipDate = System.DateTime.MinValue; if (CommonLogic.FormCanBeDangerousContent("NextRecurringShipDate").Length != 0) { try { SetNextShipDate = CommonLogic.FormNativeDateTime("NextRecurringShipDate"); } catch { } if (SetNextShipDate != System.DateTime.MinValue && OriginalRecurringOrderNumber != 0) { DB.ExecuteSQL(String.Format("update shoppingcart set NextRecurringShipDate={0} where customerid={1} and originalrecurringordernumber={2}", DB.DateQuote(Localization.ToDBShortDateString(SetNextShipDate)), TargetCustomer.CustomerID.ToString(), OriginalRecurringOrderNumber.ToString())); } } if (CommonLogic.FormUSInt("RecurringInterval") != 0) { DateTime CreatedOnDate = System.DateTime.MinValue; DateTime LastRecurringShipDate = System.DateTime.MinValue; int RecurringIndex = 1; int CurrentRecurringInterval = 0; DateIntervalTypeEnum CurrentRecurringIntervalType = DateIntervalTypeEnum.Monthly; using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs2 = DB.GetRS("select CreatedOn, NextRecurringShipDate,RecurringIndex,RecurringInterval,RecurringIntervalType from ShoppingCart with (NOLOCK) where CustomerID=" + TargetCustomer.CustomerID.ToString() + " and CartType=" + ((int)CartTypeEnum.RecurringCart).ToString() + " and OriginalRecurringOrderNumber=" + OriginalRecurringOrderNumber.ToString(), dbconn)) { if (rs2.Read()) { CurrentRecurringInterval = DB.RSFieldInt(rs2, "RecurringInterval"); CurrentRecurringIntervalType = (DateIntervalTypeEnum)DB.RSFieldInt(rs2, "RecurringIntervalType"); RecurringIndex = DB.RSFieldInt(rs2, "RecurringIndex"); CreatedOnDate = DB.RSFieldDateTime(rs2, "CreatedOn"); LastRecurringShipDate = DB.RSFieldDateTime(rs2, "NextRecurringShipDate"); // this must be "fixed" up below...we need the PRIOR ship date, not the date of next schedule ship } } } LastRecurringShipDate = System.DateTime.Now; DateTime NewShipDate = System.DateTime.MinValue; if (LastRecurringShipDate != System.DateTime.MinValue) { switch (CurrentRecurringIntervalType) { case DateIntervalTypeEnum.Day: NewShipDate = LastRecurringShipDate.AddDays(NewRecurringInterval); break; case DateIntervalTypeEnum.Week: NewShipDate = LastRecurringShipDate.AddDays(7 * NewRecurringInterval); break; case DateIntervalTypeEnum.Month: NewShipDate = LastRecurringShipDate.AddMonths(NewRecurringInterval); break; case DateIntervalTypeEnum.Year: NewShipDate = LastRecurringShipDate.AddYears(NewRecurringInterval); break; case DateIntervalTypeEnum.Weekly: NewShipDate = LastRecurringShipDate.AddDays(7); break; case DateIntervalTypeEnum.BiWeekly: NewShipDate = LastRecurringShipDate.AddDays(14); break; case DateIntervalTypeEnum.EveryFourWeeks: NewShipDate = LastRecurringShipDate.AddDays(28); break; case DateIntervalTypeEnum.Monthly: NewShipDate = LastRecurringShipDate.AddMonths(1); break; case DateIntervalTypeEnum.Quarterly: NewShipDate = LastRecurringShipDate.AddMonths(3); break; case DateIntervalTypeEnum.SemiYearly: NewShipDate = LastRecurringShipDate.AddMonths(6); break; case DateIntervalTypeEnum.Yearly: NewShipDate = LastRecurringShipDate.AddYears(1); break; default: NewShipDate = LastRecurringShipDate.AddMonths(NewRecurringInterval); break; } DB.ExecuteSQL("update ShoppingCart set RecurringInterval=" + NewRecurringInterval.ToString() + ", RecurringIntervalType=" + ((int)NewRecurringIntervalType).ToString() + ", NextRecurringShipDate=" + DB.DateQuote(Localization.ToDBDateTimeString(NewShipDate)) + " where CustomerID=" + TargetCustomer.CustomerID.ToString() + " and CartType=" + ((int)CartTypeEnum.RecurringCart).ToString() + " and OriginalRecurringOrderNumber=" + OriginalRecurringOrderNumber.ToString()); } } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("Customers.aspx") + "?searchfor=" + TargetCustomer.CustomerID.ToString() + "\">" + AppLogic.GetString("admin.menu.Customers", SkinID, LocaleSetting) + "</a> - <a href=\"" + AppLogic.AdminLinkUrl("cst_history.aspx") + "?customerid=" + TargetCustomer.CustomerID.ToString() + "\">" + AppLogic.GetString("admin.cst_recurring.OrderHistory", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.cst_recurring.RecurringShipmentsFor", SkinID, LocaleSetting) + " " + TargetCustomer.FullName() + " (" + TargetCustomer.EMail + ")"; RenderMarkup(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); Customer ThisCustomer = ((InterpriseSuiteEcommercePrincipal)Context.User).ThisCustomer; ThisCustomer.RequireCustomerRecord(); bool Checkout = CommonLogic.QueryStringBool("checkout"); String AddressID = CommonLogic.QueryStringCanBeDangerousContent("AddressID"); String AddressTypeString = CommonLogic.QueryStringCanBeDangerousContent("AddressType"); if (AddressTypeString.IndexOf("<script>", StringComparison.InvariantCultureIgnoreCase) != -1) { throw new ArgumentException("SECURITY EXCEPTION"); } AddressTypes AddressType = (AddressTypes)Enum.Parse(typeof(AddressTypes), AddressTypeString, true); String DeleteAddressID = CommonLogic.FormCanBeDangerousContent("DeleteAddressID"); bool AllowShipToDifferentThanBillTo = AppLogic.AppConfigBool("AllowShipToDifferentThanBillTo"); if (DeleteAddressID == String.Empty) { DeleteAddressID = CommonLogic.QueryStringCanBeDangerousContent("DeleteAddressID"); } if (DeleteAddressID != String.Empty) { Address adr = new Address(); adr.LoadByCustomer(ThisCustomer, AddressType, AddressID); Response.Redirect(String.Format("selectaddress.aspx?Checkout={0}&AddressType={1}", Checkout.ToString(), AddressType)); } Address thisAddress = new Address(); thisAddress.AddressID = AddressID; thisAddress.LoadByCustomer(ThisCustomer, AddressType, AddressID); thisAddress.AddressType = AddressType; thisAddress.PaymentMethod = CommonLogic.FormCanBeDangerousContent("PaymentMethod"); thisAddress.NickName = CommonLogic.FormCanBeDangerousContent("AddressNickName"); thisAddress.FirstName = CommonLogic.FormCanBeDangerousContent("AddressFirstName"); thisAddress.LastName = CommonLogic.FormCanBeDangerousContent("AddressLastName"); thisAddress.Company = CommonLogic.FormCanBeDangerousContent("AddressCompany"); thisAddress.Address1 = CommonLogic.FormCanBeDangerousContent("AddressAddress1"); thisAddress.Suite = CommonLogic.FormCanBeDangerousContent("AddressSuite"); thisAddress.City = CommonLogic.FormCanBeDangerousContent("AddressCity"); thisAddress.State = CommonLogic.FormCanBeDangerousContent("AddressState"); thisAddress.PostalCode = CommonLogic.FormCanBeDangerousContent("AddressZip"); thisAddress.Country = CommonLogic.FormCanBeDangerousContent("AddressCountry"); thisAddress.Phone = CommonLogic.FormCanBeDangerousContent("AddressPhone"); if ((thisAddress.AddressType & AddressTypes.Billing) != 0) { if (AppLogic.CleanPaymentMethod(thisAddress.PaymentMethod) == AppLogic.ro_PMCreditCard) { thisAddress.CardName = CommonLogic.FormCanBeDangerousContent("CardName"); thisAddress.CardType = CommonLogic.FormCanBeDangerousContent("CardType"); string tmpS = CommonLogic.FormCanBeDangerousContent("CardNumber"); if (!tmpS.StartsWith("*")) { thisAddress.CardNumber = tmpS; } thisAddress.CardExpirationMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth"); thisAddress.CardExpirationYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear"); } } Response.Redirect(String.Format("selectaddress.aspx?Checkout={0}&AddressType={1}", Checkout.ToString(), AddressType)); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); NewsID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("NewsID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("NewsID") != "0") { Editing = true; NewsID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("NewsID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); DateTime dt = System.DateTime.Now.AddMonths(6); if (CommonLogic.FormCanBeDangerousContent("ExpiresOn").Length > 0) { dt = Localization.ParseNativeDateTime(CommonLogic.FormCanBeDangerousContent("ExpiresOn")); } if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into news(NewsGUID,ExpiresOn,Headline,NewsCopy,Published) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.DateQuote(Localization.ToDBDateTimeString(dt)) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Headline")) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("NewsCopy")) + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("Published")); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select NewsID from news with (NOLOCK) where deleted=0 and NewsGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); NewsID = DB.RSFieldInt(rs, "NewsID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update news set "); sql.Append("Headline=" + DB.SQuote(AppLogic.FormLocaleXml("Headline")) + ","); sql.Append("NewsCopy=" + DB.SQuote(AppLogic.FormLocaleXml("NewsCopy")) + ","); sql.Append("ExpiresOn=" + DB.DateQuote(Localization.ToDBDateTimeString(dt)) + ","); sql.Append("Published=" + CommonLogic.FormCanBeDangerousContent("Published")); sql.Append(" where NewsID=" + NewsID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("news.aspx") + "\">" + AppLogic.GetString("admin.default.News", SkinID, LocaleSetting) + "</a> - " + String.Format(AppLogic.GetString("admin.editnews.ManageNews", SkinID, LocaleSetting), CommonLogic.IIF(DataUpdated, " (Updated)", "")); RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); LocaleSettingID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("LocaleSettingID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("LocaleSettingID") != "0") { Editing = true; LocaleSettingID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("LocaleSettingID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { String redirectlink = "<a href=\"javascript:history.back(-1);\">go back</a>"; if (Editing) { // see if this LocaleSetting already exists: int N = DB.GetSqlN("select count(name) as N from LocaleSetting with (NOLOCK) where LocaleSettingID<>" + LocaleSettingID.ToString() + " and Name=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name"))); if (N != 0) { ErrorMsg = "<p><b><font color=red>" + AppLogic.GetString("admin.common.Error", SkinID, LocaleSetting) + "<br/><br/></font><blockquote>" + String.Format(AppLogic.GetString("admin.editlocalesetting.ExistingLocale", SkinID, LocaleSetting), redirectlink) + "</b></blockquote></p>"; } } else { // see if this name is already there: int N = DB.GetSqlN("select count(name) as N from LocaleSetting with (NOLOCK) where Name=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name"))); if (N != 0) { ErrorMsg = "<p><b><font color=red>ERROR:<br/><br/></font><blockquote>" + String.Format(AppLogic.GetString("admin.editlocalesetting.ExistingLocale", SkinID, LocaleSetting), redirectlink) + "</b></blockquote></p>"; } } if (ErrorMsg.Length == 0) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into LocaleSetting(LocaleSettingGUID,Name,Description,DefaultCurrencyID) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("Name"), 10)) + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("Description"), 100)) + ","); sql.Append(Currency.GetCurrencyID(CommonLogic.FormCanBeDangerousContent("DefaultCurrency")).ToString()); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select LocaleSettingID from LocaleSetting with (NOLOCK) where LocaleSettingGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); LocaleSettingID = DB.RSFieldInt(rs, "LocaleSettingID"); Editing = true; } } DataUpdated = true; AppLogic.UpdateNumLocaleSettingsInstalled(); } else { // ok to update: sql.Append("update LocaleSetting set "); sql.Append("Name=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("Name"), 10)) + ","); sql.Append("Description=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("Description"), 100)) + ","); sql.Append("DefaultCurrencyID=" + Currency.GetCurrencyID(CommonLogic.FormCanBeDangerousContent("DefaultCurrency")).ToString()); sql.Append(" where LocaleSettingID=" + LocaleSettingID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("localesettings.aspx") + "\">" + AppLogic.GetString("admin.menu.LocaleSettings", SkinID, LocaleSetting) + "</a> - " + String.Format(AppLogic.GetString("admin.editlocalesetting.ManageLocales", SkinID, LocaleSetting), CommonLogic.IIF(DataUpdated, " (Updated)", "")); RenderHtml(); }
protected void Page_Load(object sender, System.EventArgs e) { Customer thisCustomer = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer; AspDotNetStorefrontCore.net.taxcloud.api.TaxCloud _tc = new AspDotNetStorefrontCore.net.taxcloud.api.TaxCloud(); string str = CommonLogic.FormCanBeDangerousContent("certificateID"); AspDotNetStorefrontCore.net.taxcloud.api.ExemptionCertificate _certificate = new ExemptionCertificate(); _certificate.Detail = new ExemptionCertificateDetail(); _certificate.Detail.SinglePurchaseOrderNumber = CommonLogic.FormCanBeDangerousContent("SinglePurchaseOrderNumber"); if (string.IsNullOrEmpty(_certificate.Detail.SinglePurchaseOrderNumber)) { _certificate.Detail.SinglePurchase = false; } else { _certificate.Detail.SinglePurchase = true; } ExemptState[] exemptState = new ExemptState[1]; exemptState[0] = new ExemptState(); exemptState[0].StateAbbr = (AspDotNetStorefrontCore.net.taxcloud.api.State)(Enum.Parse(typeof(AspDotNetStorefrontCore.net.taxcloud.api.State), CommonLogic.Form("ExemptState"), true)); //exemptState[0].ReasonForExemption = CommonLogic.FormCanBeDangerousContent("ReasonForExemption"); //exemptState[0].IdentificationNumber = CommonLogic.FormCanBeDangerousContent("IdentificationNumber"); _certificate.Detail.ExemptStates = exemptState; _certificate.Detail.PurchaserTaxID = new TaxID(); _certificate.Detail.PurchaserTaxID.TaxType = (TaxIDType)(Enum.Parse(typeof(TaxIDType), CommonLogic.Form("TaxType"), true)); _certificate.Detail.PurchaserTaxID.IDNumber = CommonLogic.FormCanBeDangerousContent("IDNumber");;; _certificate.Detail.PurchaserFirstName = CommonLogic.FormCanBeDangerousContent("PurchaserFirstName");;; _certificate.Detail.PurchaserLastName = CommonLogic.FormCanBeDangerousContent("PurchaserLastName");;; _certificate.Detail.PurchaserAddress1 = CommonLogic.FormCanBeDangerousContent("PurchaserAddress1");;; _certificate.Detail.PurchaserCity = CommonLogic.FormCanBeDangerousContent("PurchaserCity");;; _certificate.Detail.PurchaserState = (AspDotNetStorefrontCore.net.taxcloud.api.State)(Enum.Parse(typeof(AspDotNetStorefrontCore.net.taxcloud.api.State), CommonLogic.FormCanBeDangerousContent("PurchaserState"), true)); _certificate.Detail.PurchaserZip = CommonLogic.FormCanBeDangerousContent("PurchaserZip"); _certificate.Detail.PurchaserBusinessType = (BusinessType)(Enum.Parse(typeof(BusinessType), CommonLogic.FormCanBeDangerousContent("PurchaserBusinessType"), true)); _certificate.Detail.PurchaserExemptionReason = (ExemptionReason)(Enum.Parse(typeof(ExemptionReason), CommonLogic.FormCanBeDangerousContent("PurchaserExemptionReason"), true)); _certificate.Detail.PurchaserExemptionReasonValue = CommonLogic.FormCanBeDangerousContent("PurchaserExemptionReasonValue");;; AddCertificateRsp addRs = _tc.AddExemptCertificate(AppLogic.AppConfig("taxcloud.apiloginid"), AppLogic.AppConfig("taxcloud.apikey"), thisCustomer.CustomerID.ToString(), _certificate); if (addRs.ResponseType != MessageType.Error) { DB.ExecuteSQL("update shoppingcart set certificateID=" + DB.SQuote(addRs.CertificateID) + " where CustomerID=" + thisCustomer.CustomerID); } }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); EMailField = CommonLogic.FormCanBeDangerousContent("EMail").ToLowerInvariant().Trim(); if (!Customer.NewEmailPassesDuplicationRules(EMailField, 0, false)) { ErrorMsg = AppLogic.GetString("admin.common.CstMsg3", SkinID, LocaleSetting); } if (!(new EmailAddressValidator()).IsValidEmailAddress(EMailField)) { ErrorMsg = AppLogic.GetString("createaccount.aspx.17", SkinID, LocaleSetting); } CustomerID = 0; if (ErrorMsg.Length == 0) { try { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into Customer(CustomerGUID,IsRegistered, EMail,Password,SaltKey,Notes,DateOfBirth,SubscriptionExpiresOn,Gender,OKToEMail,FirstName,LastName,Phone,LocaleSetting,CurrencySetting,CouponCode,StoreID) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append("1,"); //IsRegistered sql.Append(DB.SQuote(CommonLogic.Left(EMailField, 100)) + ","); AspDotNetStorefrontCore.Password pwd = new Password(CommonLogic.FormCanBeDangerousContent("Password")); sql.Append(DB.SQuote(pwd.SaltedPassword) + ","); sql.Append(pwd.Salt.ToString() + ","); sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("Notes")) + ","); if (CommonLogic.FormCanBeDangerousContent("DateOfBirth").Length != 0) { try { DateTime dob = Localization.ParseNativeDateTime(CommonLogic.FormCanBeDangerousContent("DateOfBirth")); sql.Append(DB.DateQuote(Localization.ToDBShortDateString(dob)) + ","); } catch { sql.Append("NULL,"); } } else { sql.Append("NULL,"); } if (CommonLogic.FormCanBeDangerousContent("SubscriptionExpiresOn").Length != 0) { try { DateTime seo = Localization.ParseNativeDateTime(CommonLogic.FormCanBeDangerousContent("SubscriptionExpiresOn")); sql.Append(DB.DateQuote(Localization.ToDBShortDateString(seo)) + ","); } catch { sql.Append("NULL,"); } } else { sql.Append("NULL,"); } sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("Gender"), 1)) + ","); sql.Append(CommonLogic.FormCanBeDangerousContent("OKToEMail") + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("FirstName"), 50)) + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("LastName"), 50)) + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("Phone"), 25)) + ","); sql.Append(DB.SQuote(Localization.GetDefaultLocale()) + ","); sql.Append(DB.SQuote(Currency.GetDefaultCurrency()) + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("CouponCode"), 50)) + ","); sql.Append(DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("StoreName"), 50))); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select CustomerID from Customer with (NOLOCK) where deleted=0 and CustomerGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); CustomerID = DB.RSFieldInt(rs, "CustomerID"); Editing = true; } } } else { // ok to update: sql.Append("update Customer set "); sql.Append("EMail=" + DB.SQuote(CommonLogic.Left(EMailField, 100)) + ","); AspDotNetStorefrontCore.Password pwd = new Password(CommonLogic.FormCanBeDangerousContent("Password")); sql.Append("Password="******","); sql.Append("SaltKey=" + pwd.Salt.ToString() + ","); sql.Append("Notes=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("Notes")) + ","); if (CommonLogic.FormCanBeDangerousContent("DateOfBirth").Length != 0) { try { DateTime dob = Localization.ParseNativeDateTime(CommonLogic.FormCanBeDangerousContent("DateOfBirth")); sql.Append("DateOfBirth=" + DB.DateQuote(Localization.ToDBShortDateString(dob)) + ","); } catch { sql.Append("DateOfBirth=NULL,"); } } else { sql.Append("DateOfBirth=NULL,"); } if (CommonLogic.FormCanBeDangerousContent("SubscriptionExpiresOn").Length != 0) { try { DateTime seo = Localization.ParseNativeDateTime(CommonLogic.FormCanBeDangerousContent("SubscriptionExpiresOn")); sql.Append("SubscriptionExpiresOn=" + DB.DateQuote(Localization.ToDBShortDateString(seo)) + ","); } catch { sql.Append("SubscriptionExpiresOn=NULL,"); } } else { sql.Append("SubscriptionExpiresOn=NULL,"); } sql.Append("FirstName=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("FirstName"), 50)) + ","); sql.Append("LastName=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("LastName"), 50)) + ","); sql.Append("Phone=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("Phone"), 25)) + ","); sql.Append("CouponCode=" + DB.SQuote(CommonLogic.Left(CommonLogic.FormCanBeDangerousContent("CouponCode"), 50))); sql.Append(" where CustomerID=" + CustomerID.ToString()); DB.ExecuteSQL(sql.ToString()); Editing = true; } } catch (Exception ex) { ErrorMsg = "<p><b>" + AppLogic.GetString("admin.common.Error", SkinID, LocaleSetting) + " " + CommonLogic.GetExceptionDetail(ex, "<br/>") + "<br/><br/></b></p>"; } } SectionTitle = "<a href=\"" + AppLogic.AdminLinkUrl("customers.aspx") + "\">" + AppLogic.GetString("admin.menu.Customers", SkinID, LocaleSetting) + "</a> - " + AppLogic.GetString("admin.menu.CustomerAdd", SkinID, LocaleSetting) + ""; RenderHtml(); }
protected void btnSubmit_Click(object sender, EventArgs e) { if (!validateInput()) { return; } StringBuilder sql = new StringBuilder(2500); DateTime dt = txtDate.SelectedDate ?? System.DateTime.Now.AddMonths(1); if (!Editing) { String NewGUID = DB.GetNewGUID(); sql.Append("insert into Poll(PollGUID,Name,PollSortOrderID,Published,AnonsCanVote,ExpiresOn) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append(ddlSortOrder.SelectedValue + ","); sql.Append(rbPublished.SelectedValue + ","); sql.Append(rbAnon.SelectedValue + ","); sql.Append(DB.DateQuote(Localization.ToDBDateTimeString(dt))); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select PollID from Poll with (NOLOCK) where deleted=0 and PollGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); PollID = DB.RSFieldInt(rs, "PollID"); } } etsMapper.ObjectID = Localization.ParseNativeInt(PollID.ToString()); etsMapper.Save(); Editing = true; InitializePageContent(); } else { sql.Append("update Poll set "); sql.Append("Name=" + DB.SQuote(AppLogic.FormLocaleXml("Name")) + ","); sql.Append("PollSortOrderID=" + ddlSortOrder.SelectedValue + ","); sql.Append("Published=" + rbPublished.SelectedValue + ","); sql.Append("AnonsCanVote=" + rbAnon.SelectedValue + ","); sql.Append("ExpiresOn=" + DB.DateQuote(Localization.ToDBDateTimeString(dt))); sql.Append(" where PollID=" + PollID.ToString()); DB.ExecuteSQL(sql.ToString()); } // Update Category Mappings DB.ExecuteSQL("delete from Pollcategory where Pollid=" + PollID.ToString()); String CMap = CommonLogic.FormCanBeDangerousContent("CategoryMap"); if (CMap.Length != 0) { String[] CMapArray = CMap.Split(','); foreach (String s in CMapArray) { DB.ExecuteSQL("insert into Pollcategory(Pollid,categoryid) values(" + PollID.ToString() + "," + s + ")"); } } // Update Section Mappings DB.ExecuteSQL("delete from Pollsection where Pollid=" + PollID.ToString()); String SMap = CommonLogic.FormCanBeDangerousContent("SectionMap"); if (SMap.Length != 0) { String[] SMapArray = SMap.Split(','); foreach (String s in SMapArray) { DB.ExecuteSQL("insert into Pollsection(Pollid,sectionid) values(" + PollID.ToString() + "," + s + ")"); } } PollCategories = AppLogic.GetPollCategories(PollID); PollSections = AppLogic.GetPollSections(PollID); ltCategoryList.Text = GetCategoryList(PollID, PollCategories, 0, 1, LocaleSetting, EntityHelpers); ltSectionList.Text = GetSectionList(PollID, PollSections, 0, 1, LocaleSetting, EntityHelpers); // Update Multi Store etsMapper.ObjectID = Localization.ParseNativeInt(PollID.ToString()); etsMapper.Save(); resetError(AppLogic.GetString("admin.editCreditCard.Updated", SkinID, LocaleSetting), false); Response.Redirect("editpolls.aspx?Pollid=" + PollID); }
private void Render() { StringBuilder writer = new StringBuilder(); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select * from ShippingZone with (NOLOCK) where deleted=0 and ShippingZoneID=" + ShippingZoneID.ToString(), dbconn)) { Editing = false; if (rs.Read()) { Editing = true; } if (ErrorMsg.Length != 0) { writer.Append("<p align=\"left\"><b><font color=red>" + ErrorMsg + "</font></b></p>\n"); } if (DataUpdated) { writer.Append("<p align=\"left\"><b><font color=blue>" + AppLogic.GetString("admin.editCreditCard.Updated", SkinID, LocaleSetting) + "</font></b></p>\n"); } writer.Append(CommonLogic.ReadFile("jscripts/tabs.js", true)); if (Editing) { writer.Append("<p align=\"left\"><b>" + String.Format(AppLogic.GetString("admin.editshippingzone.EditingShippingZone", SkinID, LocaleSetting), DB.RSFieldByLocale(rs, "Name", LocaleSetting), DB.RSFieldInt(rs, "ShippingZoneID").ToString()) + "</p></b>\n"); } else { writer.Append("<div style=\"height:17;padding-top:3px;\" class=\"tablenormal\">" + AppLogic.GetString("admin.editshippingzone.AddNewShippingZone", SkinID, LocaleSetting) + ":</div>\n"); } writer.Append("<script type=\"text/javascript\">\n"); writer.Append("</script>\n"); writer.Append("<p align=\"left\">" + AppLogic.GetString("admin.editshippingzone.ZoneInfo", SkinID, LocaleSetting) + "</p>\n"); writer.Append("<form action=\"" + AppLogic.AdminLinkUrl("editshippingzone.aspx") + "?ShippingZoneID=" + ShippingZoneID.ToString() + "&edit=" + Editing.ToString() + "\" Method=\"post\" id=\"ShippingZoneForm\" name=\"ShippingZoneForm\" onsubmit=\"return (validateForm(this) && ShippingZoneForm_Validator(this))\" onReset=\"return confirm('" + AppLogic.GetString("admin.common.ResetAllFieldsPrompt", SkinID, LocaleSetting) + "');\">\n"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\">\n"); writer.Append("<input type=\"hidden\" name=\"hfAddressCountry\" id=\"hfAddressCountry\" value=\"\">\n"); writer.Append("<table width=\"100%\" cellpadding=\"4\" cellspacing=\"0\">\n"); writer.Append(" <tr valign=\"middle\">\n"); writer.Append(" <td width=\"100%\" colspan=\"2\" align=\"left\">\n"); writer.Append(" </td>\n"); writer.Append(" </tr>\n"); writer.Append(" <tr valign=\"middle\">\n"); writer.Append(" <td width=\"25%\" align=\"right\" valign=\"middle\">*" + AppLogic.GetString("admin.common.Name", SkinID, LocaleSetting) + ": </td>\n"); writer.Append(" <td align=\"left\" valign=\"top\">\n"); if (usCountryExist > 0) { string nameHTML = string.Empty; if (Editing) { nameHTML = DB.RSFieldByLocale(rs, "Name", LocaleSetting); } else { nameHTML = AppLogic.FormLocaleXml("Name"); } writer.Append(AppLogic.GetLocaleEntryFields(nameHTML, "Name", false, true, true, AppLogic.GetString("admin.editshippingzone.ZoneName", SkinID, LocaleSetting), 100, 30, 0, 0, false)); } else { writer.Append("<input type=\"text\" disabled size=\"30px\" value=\"" + DB.RSFieldByLocale(rs, "Name", LocaleSetting) + "\" />\n"); } writer.Append(" </td>\n"); writer.Append(" </tr>\n"); string sDisabled = "disabled"; bool USexist = false; writer.Append(" <tr valign=\"middle\">\n"); writer.Append(" <td width=\"25%\" align=\"right\" valign=\"top\">*" + AppLogic.GetString("admin.common.Country", SkinID, LocaleSetting) + ": </td>\n"); writer.Append(" <td align=\"left\" valign=\"top\">\n"); writer.Append(" <select name=\"AddressCountry\" id=\"AddressCountry\" size=\"1\" " + sDisabled + ">"); using (SqlConnection dbconn2 = DB.dbConn()) { dbconn2.Open(); using (IDataReader reader = DB.GetRS("select * from country with (NOLOCK) where Published = 1 order by DisplayOrder,Name", dbconn2)) { while (reader.Read()) { if (DB.RSField(reader, "TwoLetterISOCode").Equals("US", StringComparison.InvariantCultureIgnoreCase)) { writer.Append(" <option value=\"" + DB.RSFieldInt(reader, "CountryID") + "\" selected >" + DB.RSField(reader, "Name") + "</option>"); USexist = true; } } } } writer.Append(" </select><span> Shipping Zones are supported only in the U.S.</span>"); writer.Append(" </td>\n"); writer.Append(" </tr>\n"); writer.Append(" <tr valign=\"middle\">\n"); writer.Append(" <td width=\"25%\" align=\"right\" valign=\"top\">*" + AppLogic.GetString("admin.editshippingzone.ZipCodes", SkinID, LocaleSetting) + ": </td>\n"); writer.Append(" <td align=\"left\" valign=\"top\">\n"); writer.Append(AppLogic.GetString("admin.editshippingzone.EnterTarget", SkinID, LocaleSetting) + "<br/>"); string zipCodes = string.Empty; if (Editing) { zipCodes = DB.RSField(rs, "ZipCodes"); } else { zipCodes = CommonLogic.FormCanBeDangerousContent("ZipCodes"); } writer.Append(" <textarea id=\"ZipCodes\"" + CommonLogic.IIF(usCountryExist > 0, "", sDisabled) + " name=\"ZipCodes\" cols=\"" + AppLogic.AppConfig("Admin_TextareaWidth") + "\"" + CommonLogic.IIF(USexist, "", "disabled") + " rows=\"" + AppLogic.AppConfig("Admin_TextareaHeightSmall") + "\">" + Server.HtmlEncode(zipCodes) + "</textarea>\n"); writer.Append(" </td>\n"); writer.Append(" </tr>\n"); writer.Append("<tr>\n"); writer.Append("<td></td><td align=\"left\" valign=\"top\"><br/>\n"); if (Editing) { writer.Append("<input class=\"normalButtons\" type=\"submit\"" + CommonLogic.IIF(usCountryExist > 0, "", sDisabled) + " value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"submit\">\n"); } else { writer.Append("<input class=\"normalButtons\" type=\"submit\"" + CommonLogic.IIF(usCountryExist > 0, "", sDisabled) + " value=\"" + AppLogic.GetString("admin.common.AddNew", SkinID, LocaleSetting) + "\" name=\"submit\" onClick=\"ShippingZoneForm_Validator(this.Form);\">\n"); } writer.Append(" </td>\n"); writer.Append(" </tr>\n"); writer.Append(" </table>\n"); writer.Append("</form>\n"); } } ltContent.Text = writer.ToString(); }
protected void Page_Load(object sender, System.EventArgs e) { SectionTitle = AppLogic.GetString("sendform.aspx.1", SkinID, ThisCustomer.LocaleSetting); // DOS attack prevention: if (AppLogic.OnLiveServer() && (Request.UrlReferrer == null || Request.UrlReferrer.Authority != Request.Url.Authority)) { Response.Redirect("default.aspx", true); return; } // send form to store administrator: String FormContents = String.Empty; // Undocumented Feature: use XmlPackage if specified by AppConfig or in form post, to create the actual Email Contents (the XmlPackage has full access to all form post data). // you can force an XmlPackage for each form submitted here by including a hidden form field with the name "UseXmlPackage" and the value set to the name of the XmlPackage you want to use to handle that particular form String UseXmlPackage = CommonLogic.FormCanBeDangerousContent("UseXmlPackage").Trim(); if (UseXmlPackage.Length == 0) { UseXmlPackage = AppLogic.AppConfig("SendForm.XmlPackage").Trim(); } if (UseXmlPackage.Length != 0) { // use xmlpackage specified FormContents = AppLogic.RunXmlPackage(UseXmlPackage, base.GetParser, ThisCustomer, ThisCustomer.SkinID, String.Empty, String.Empty, true, false); } else { // just build up form inputs, and send them if (CommonLogic.FormCanBeDangerousContent("AsXml").Length == 0) { FormContents = CommonLogic.GetFormInput(true, ""); FormContents = FormContents + AppLogic.AppConfig("MailFooter"); } else { FormContents = CommonLogic.GetFormInputAsXml(true, "root"); } } String Subject = CommonLogic.FormCanBeDangerousContent("Subject"); if (Subject.Length == 0) { Subject = AppLogic.GetString("sendform.aspx.2", SkinID, ThisCustomer.LocaleSetting); } String SendTo = CommonLogic.FormCanBeDangerousContent("SendTo"); if (SendTo.Length == 0) { SendTo = AppLogic.AppConfig("GotOrderEMailTo"); } else { SendTo += "," + AppLogic.AppConfig("GotOrderEMailTo"); } foreach (String s in SendTo.Replace(",", ";").Split(';')) { String s2 = s.Trim(); if (AppLogic.AppConfig("GotOrderEMailFrom").Trim().Length == 0 || s2.Length == 0) { throw new ArgumentException("Please run your store Configuration Wizard in your admin site, to properly setup all your store e-mail address AppConfig values!"); } AppLogic.SendMail(Subject, FormContents, true, AppLogic.AppConfig("GotOrderEMailFrom"), AppLogic.AppConfig("GotOrderEMailFromName"), s2, s2, "", AppLogic.MailServer()); } Label1.Text = AppLogic.GetString("sendform.aspx.3", SkinID, ThisCustomer.LocaleSetting); }
private void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); Response.Cache.SetAllowResponseInBrowserHistory(false); Customer ThisCustomer = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer; ThisCustomer.RequireCustomerRecord(); int CustomerID = ThisCustomer.CustomerID; String paReq = ThisCustomer.ThisCustomerSession["3Dsecure.paReq"]; String PaRes = CommonLogic.FormCanBeDangerousContent("PaRes"); String MerchantData = CommonLogic.FormCanBeDangerousContent("MD"); String TransactionID = ThisCustomer.ThisCustomerSession["3Dsecure.XID"]; int OrderNumber = ThisCustomer.ThisCustomerSession.SessionUSInt("3Dsecure.OrderNumber"); String ErrorDesc = String.Empty; String ReturnURL = String.Empty; // The PaRes should have no whitespace in it, we need to strip it out. PaRes = PaRes.Replace(" ", ""); PaRes = PaRes.Replace("\r", ""); PaRes = PaRes.Replace("\n", ""); ErrorMessage err; if (PaRes.Length != 0) { ThisCustomer.ThisCustomerSession["3Dsecure.PaRes"] = PaRes; } if (ReturnURL.Length == 0 && MerchantData != ThisCustomer.ThisCustomerSession["3Dsecure.MD"]) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("secureprocess.aspx.1", 1, Localization.GetDefaultLocale()))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } if (ReturnURL.Length == 0 && ShoppingCart.CartIsEmpty(CustomerID, CartTypeEnum.ShoppingCart)) { ReturnURL = "ShoppingCart.aspx"; } if (ReturnURL.Length == 0 && OrderNumber == 0) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("secureprocess.aspx.1", 1, Localization.GetDefaultLocale()))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } if (ReturnURL.Length == 0) { if (paReq.Length == 0 || TransactionID.Length == 0) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("secureprocess.aspx.1", 1, Localization.GetDefaultLocale()))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } } if (ReturnURL.Length == 0) { ShoppingCart cart = new ShoppingCart(1, ThisCustomer, CartTypeEnum.ShoppingCart, 0, false); String status = Gateway.MakeOrder(String.Empty, AppLogic.TransactionMode(), cart, OrderNumber, String.Empty, String.Empty, String.Empty, String.Empty); // The session may have changed in MakeOrder, so get the latest values from the DB CustomerSession cSession = new CustomerSession(ThisCustomer.CustomerID); if (status == AppLogic.ro_OK) { if (cSession["3DSecure.LookupResult"].Length > 0) { // the data in this session variable will be encoded, so decode it before saving to the database byte[] decodedBytes = Convert.FromBase64String(cSession["3DSecure.LookupResult"]); String LookupResult = Encoding.UTF8.GetString(decodedBytes); DB.ExecuteSQL("update orders set CardinalLookupResult=" + DB.SQuote(LookupResult) + " where OrderNumber=" + OrderNumber.ToString()); cSession["3DSecure.LookupResult"] = String.Empty; // at this point we are done with the session altogether CustomerSession.StaticClear(ThisCustomer.CustomerID); } ReturnURL = "orderconfirmation.aspx?ordernumber=" + OrderNumber.ToString() + "&paymentmethod=Credit+Card"; } else { ErrorDesc = status; } } if (ReturnURL.Length == 0) { err = new ErrorMessage(Server.HtmlEncode(String.Format(AppLogic.GetString("secureprocess.aspx.5", 1, Localization.GetDefaultLocale()), ErrorDesc))); ReturnURL = "checkoutpayment.aspx?error=1&errormsg=" + err.MessageId; } ThisCustomer.ThisCustomerSession["3DSecure.CustomerID"] = String.Empty; ThisCustomer.ThisCustomerSession["3DSecure.OrderNumber"] = String.Empty; ThisCustomer.ThisCustomerSession["3DSecure.ACSUrl"] = String.Empty; ThisCustomer.ThisCustomerSession["3DSecure.paReq"] = String.Empty; ThisCustomer.ThisCustomerSession["3DSecure.XID"] = String.Empty; ThisCustomer.ThisCustomerSession["3DSecure.MD"] = String.Empty; ThisCustomer.ThisCustomerSession["3Dsecure.PaRes"] = String.Empty; Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); Response.Write("<html><head><title>3-D Secure Process</title></head><body>"); Response.Write("<script type=\"text/javascript\">\n"); Response.Write("top.location='" + ReturnURL + "';\n"); Response.Write("</SCRIPT>\n"); Response.Write("<div align=\"center\">" + String.Format(AppLogic.GetString("secureprocess.aspx.6", 1, Localization.GetDefaultLocale()), ReturnURL) + "</div>"); Response.Write("</body></html>"); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ThisCustomer.RequireCustomerRecord(); String ReturnURL = CommonLogic.QueryStringCanBeDangerousContent("ReturnURL"); AppLogic.CheckForScriptTag(ReturnURL); CartTypeEnum CartType = CartTypeEnum.ShoppingCart; if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1) { CartType = CartTypeEnum.WishCart; } if (CommonLogic.FormNativeInt("IsGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsGiftRegistry") == 1) { CartType = CartTypeEnum.GiftRegistryCart; } if (AppLogic.HideForWholesaleSite(ThisCustomer.CustomerLevelID)) { Response.Redirect("Default.aspx"); } if (!ThisCustomer.IsRegistered && AppLogic.AppConfigBool("DisallowAnonCustomerToCreateWishlist")) { string ErrMsg = string.Empty; ErrorMessage er; if (CommonLogic.FormNativeInt("IsWishList") == 1 || CommonLogic.QueryStringUSInt("IsWishList") == 1) { ErrMsg = AppLogic.GetString("signin.aspx.27", 1, ThisCustomer.LocaleSetting); er = new ErrorMessage(ErrMsg); Response.Redirect("signin.aspx?ErrorMsg=" + er.MessageId + "&ReturnUrl=" + Security.UrlEncode(ReturnURL)); } if (CommonLogic.FormNativeInt("IsGiftRegistry") == 1 || CommonLogic.QueryStringUSInt("IsGiftRegistry") == 1) { ErrMsg = AppLogic.GetString("signin.aspx.28", 1, ThisCustomer.LocaleSetting); er = new ErrorMessage(ErrMsg); Response.Redirect("signin.aspx?ErrorMsg=" + er.MessageId + "&ReturnUrl=" + Security.UrlEncode(ReturnURL)); } } // if editing, nuke what was there, it will be replaced from what was submitted now from the product page. // NOTE. if a kit or pack was "edited", you don't have to do this, and ShoppingCartRecID is not material (and should not be in the form post) // kits and packs are "moved" from active cart to temp cart records, so they won't have a cart record id to begin with. They are built in the KitCart table instead int ShoppingCartRecID = CommonLogic.FormUSInt("CartRecID"); // only used for (non kit or pack) product/order edits from prior cart record if (ShoppingCartRecID == 0) { ShoppingCartRecID = CommonLogic.QueryStringUSInt("CartRecID"); } if (ShoppingCartRecID != 0) { DB.ExecuteSQL("delete from ShoppingCart where ShoppingCartRecID=" + ShoppingCartRecID.ToString() + " and CustomerID=" + ThisCustomer.CustomerID.ToString() + " and CartType=" + ((int)CartType).ToString() + " and StoreID = " + AppLogic.StoreID()); } int ShippingAddressID = CommonLogic.QueryStringUSInt("ShippingAddressID"); // only used for multi-ship if (ShippingAddressID == 0) { ShippingAddressID = CommonLogic.FormNativeInt("ShippingAddressID"); } if ((ShippingAddressID == 0 || !ThisCustomer.OwnsThisAddress(ShippingAddressID)) && ThisCustomer.PrimaryShippingAddressID != 0) { ShippingAddressID = ThisCustomer.PrimaryShippingAddressID; } int ProductID = CommonLogic.QueryStringUSInt("ProductID"); if (ProductID == 0) { ProductID = CommonLogic.FormUSInt("ProductID"); } int VariantID = CommonLogic.QueryStringUSInt("VariantID"); if (VariantID == 0) { VariantID = CommonLogic.FormUSInt("VariantID"); } if (ProductID == 0) { ProductID = AppLogic.GetVariantProductID(VariantID); } // if no VariantID is located, get the default variantID for the product if (VariantID == 0) { VariantID = AppLogic.GetDefaultProductVariant(ProductID); } int Quantity = CommonLogic.QueryStringUSInt("Quantity"); if (Quantity == 0) { Quantity = CommonLogic.FormNativeInt("Quantity"); } if (Quantity == 0) { Quantity = 1; } VariantStyleEnum VariantStyle = (VariantStyleEnum)CommonLogic.QueryStringUSInt("VariantStyle"); if (CommonLogic.QueryStringCanBeDangerousContent("VariantStyle").Length == 0) { VariantStyle = (VariantStyleEnum)CommonLogic.FormNativeInt("VariantStyle"); } decimal CustomerEnteredPrice = CommonLogic.FormNativeDecimal("Price"); if (CustomerEnteredPrice == System.Decimal.Zero) { CustomerEnteredPrice = CommonLogic.QueryStringNativeDecimal("Price"); } if (!AppLogic.VariantAllowsCustomerPricing(VariantID)) { CustomerEnteredPrice = System.Decimal.Zero; } if (CustomerEnteredPrice < System.Decimal.Zero) { CustomerEnteredPrice = -CustomerEnteredPrice; } if (Currency.GetDefaultCurrency() != ThisCustomer.CurrencySetting && CustomerEnteredPrice != 0) { CustomerEnteredPrice = Currency.Convert(CustomerEnteredPrice, ThisCustomer.CurrencySetting, Localization.StoreCurrency()); } // QueryString params override Form Params! String ChosenColor = String.Empty; String ChosenColorSKUModifier = String.Empty; String ChosenSize = String.Empty; String ChosenSizeSKUModifier = String.Empty; String TextOption = CommonLogic.FormCanBeDangerousContent("TextOption"); if (CommonLogic.QueryStringCanBeDangerousContent("TextOption").Length != 0) { TextOption = Security.HtmlEncode(CommonLogic.QueryStringCanBeDangerousContent("TextOption")); } // the color & sizes coming in here are MUST be in the Master WebConfig Locale ALWAYS! if (CommonLogic.QueryStringCanBeDangerousContent("Color").Length != 0) { String[] ColorSel = CommonLogic.QueryStringCanBeDangerousContent("Color").Split(','); try { ChosenColor = Security.HtmlEncode(ColorSel[0]); } catch { } try { ChosenColorSKUModifier = Security.HtmlEncode(ColorSel[1]); } catch { } } if (ChosenColor.Length == 0 && CommonLogic.FormCanBeDangerousContent("Color").Length != 0) { String[] ColorSel = CommonLogic.FormCanBeDangerousContent("Color").Split(','); try { ChosenColor = Security.HtmlEncode(ColorSel[0]).Trim(); } catch { } try { ChosenColorSKUModifier = Security.HtmlEncode(ColorSel[1]); } catch { } } if (CommonLogic.QueryStringCanBeDangerousContent("Size").Length != 0) { String[] SizeSel = CommonLogic.QueryStringCanBeDangerousContent("Size").Split(','); try { ChosenSize = Security.HtmlEncode(SizeSel[0]).Trim(); } catch { } try { ChosenSizeSKUModifier = Security.HtmlEncode(SizeSel[1]); } catch { } } if (ChosenSize.Length == 0 && CommonLogic.FormCanBeDangerousContent("Size").Length != 0) { String[] SizeSel = CommonLogic.FormCanBeDangerousContent("Size").Split(','); try { ChosenSize = Security.HtmlEncode(SizeSel[0]).Trim(); } catch { } try { ChosenSizeSKUModifier = Security.HtmlEncode(SizeSel[1]); } catch { } } if (VariantStyle == VariantStyleEnum.ERPWithRollupAttributes) { String match = "<GroupAttributes></GroupAttributes>"; String match2 = "<GroupAttributes></GroupAttributes>"; if (ChosenSize.Trim().Length != 0 && ChosenColor.Trim().Length != 0) { match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenSize + "\"/><GroupAttributeName=\"Attr2\"Value=\"" + ChosenColor + "\"/></GroupAttributes>"; match2 = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenColor + "\"/><GroupAttributeName=\"Attr2\"Value=\"" + ChosenSize + "\"/></GroupAttributes>"; } else if (ChosenSize.Trim().Length != 0 && ChosenColor.Trim().Length == 0) { match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenSize + "\"/></GroupAttributes>"; } else if (ChosenSize.Trim().Length == 0 && ChosenColor.Trim().Length != 0) { match = "<GroupAttributes><GroupAttributeName=\"Attr1\"Value=\"" + ChosenColor + "\"/></GroupAttributes>"; } // reset variant id to the proper attribute match! using (SqlConnection con = new SqlConnection(DB.GetDBConn())) { con.Open(); using (IDataReader rsERP = DB.GetRS("select VariantID,ExtensionData2 from ProductVariant with (NOLOCK) where VariantID=" + VariantID.ToString(), con)) { while (rsERP.Read()) { String thisVariantMatch = DB.RSField(rsERP, "ExtensionData2").Replace(" ", "").Trim(); match = Regex.Replace(match, "\\s+", "", RegexOptions.Compiled); match2 = Regex.Replace(match2, "\\s+", "", RegexOptions.Compiled); thisVariantMatch = Regex.Replace(thisVariantMatch, "\\s+", "", RegexOptions.Compiled); if (match.Equals(thisVariantMatch, StringComparison.InvariantCultureIgnoreCase) || match2.Equals(thisVariantMatch, StringComparison.InvariantCultureIgnoreCase)) { VariantID = DB.RSFieldInt(rsERP, "VariantID"); break; } } } } } ShoppingCart cart = new ShoppingCart(1, ThisCustomer, CartType, 0, false); if (Quantity > 0) { if (AppLogic.IsAKit(ProductID)) { // -- new kit format -- // bool productIsUsingKit2XmlPackage = !CommonLogic.IsStringNullOrEmpty(CommonLogic.FormCanBeDangerousContent("KitItems")); if (productIsUsingKit2XmlPackage) { if (CommonLogic.FormBool("IsEditKit") && CommonLogic.FormUSInt("CartRecID") > 0) { int cartId = CommonLogic.FormUSInt("CartRecID"); AppLogic.ClearKitItems(ThisCustomer, ProductID, VariantID, cartId); } KitComposition preferredComposition = KitComposition.FromForm(ThisCustomer, ProductID, VariantID); cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, string.Empty, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, System.Decimal.Zero, preferredComposition); } else { cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, System.Decimal.Zero); } } else { cart.AddItem(ThisCustomer, ShippingAddressID, ProductID, VariantID, Quantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, TextOption, CartType, false, false, 0, CustomerEnteredPrice); } } // handle upsell products: String UpsellProducts = CommonLogic.FormCanBeDangerousContent("UpsellProducts").Trim(); if (UpsellProducts.Length != 0 && CartType == CartTypeEnum.ShoppingCart) { foreach (String s in UpsellProducts.Split(',')) { String PID = s.Trim(); if (PID.Length != 0) { int UpsellProductID = 0; try { UpsellProductID = Localization.ParseUSInt(PID); if (UpsellProductID != 0) { int UpsellVariantID = AppLogic.GetProductsDefaultVariantID(UpsellProductID); if (UpsellVariantID != 0) { // this variant COULD have one size or color, so set it up like that: String Sizes = String.Empty; String SizeSKUModifiers = String.Empty; String Colors = String.Empty; String ColorSKUModifiers = String.Empty; using (SqlConnection con = new SqlConnection(DB.GetDBConn())) { con.Open(); using (IDataReader rs = DB.GetRS("select Sizes,SizeSKUModifiers,Colors,ColorSKUModifiers from ProductVariant with (NOLOCK) where VariantID=" + UpsellVariantID.ToString(), con)) { if (rs.Read()) { Sizes = DB.RSFieldByLocale(rs, "Sizes", Localization.GetDefaultLocale()); SizeSKUModifiers = DB.RSFieldByLocale(rs, "SizeSKUModifiers", Localization.GetDefaultLocale()); Colors = DB.RSFieldByLocale(rs, "Colors", Localization.GetDefaultLocale()); ColorSKUModifiers = DB.RSFieldByLocale(rs, "ColorSKUModifiers", Localization.GetDefaultLocale()); } } } // safety check: if (Sizes.IndexOf(',') != -1) { Sizes = String.Empty; SizeSKUModifiers = String.Empty; } // safety check: if (Colors.IndexOf(',') != -1) { Colors = String.Empty; ColorSKUModifiers = String.Empty; } cart.AddItem(ThisCustomer, ShippingAddressID, UpsellProductID, UpsellVariantID, 1, Colors, ColorSKUModifiers, Sizes, SizeSKUModifiers, String.Empty, CartType, false, false, 0, System.Decimal.Zero); Decimal PR = AppLogic.GetUpsellProductPrice(ProductID, UpsellProductID, ThisCustomer.CustomerLevelID); DB.ExecuteSQL("update shoppingcart set IsUpsell=1, ProductPrice=" + Localization.CurrencyStringForDBWithoutExchangeRate(PR) + " where CartType=" + ((int)CartType).ToString() + " and CustomerID=" + ThisCustomer.CustomerID.ToString() + " and ProductID=" + UpsellProductID.ToString() + " and VariantID=" + UpsellVariantID.ToString() + " and convert(nvarchar(1000),ChosenColor)='' and convert(nvarchar(1000),ChosenSize)='' and convert(nvarchar(1000),TextOption)=''"); } } } catch { } } } } cart = null; AppLogic.eventHandler("AddToCart").CallEvent("&AddToCart=true&VariantID=" + VariantID.ToString() + "&ProductID=" + ProductID.ToString() + "&ChosenColor=" + ChosenColor + "&ChosenSize=" + ChosenSize); if (AppLogic.AppConfig("AddToCartAction").Equals("STAY", StringComparison.InvariantCultureIgnoreCase) && ReturnURL.Length != 0) { Response.Redirect(ReturnURL); } else { if (ReturnURL.Length == 0) { ReturnURL = String.Empty; if (Request.UrlReferrer != null) { ReturnURL = Request.UrlReferrer.AbsoluteUri; // could be null } if (ReturnURL == null) { ReturnURL = String.Empty; } } if (CartType == CartTypeEnum.WishCart) { Response.Redirect("wishlist.aspx?ReturnUrl=" + Security.UrlEncode(ReturnURL)); } if (CartType == CartTypeEnum.GiftRegistryCart) { Response.Redirect("giftregistry.aspx?ReturnUrl=" + Security.UrlEncode(ReturnURL)); } Response.Redirect("ShoppingCart.aspx?add=true&ReturnUrl=" + Security.UrlEncode(ReturnURL)); } }
protected void Page_Load(object sender, System.EventArgs e) { if (AppLogic.AppConfigBool("GoNonSecureAgain")) { SkinBase.GoNonSecureAgain(); } ProductID = CommonLogic.QueryStringUSInt("ProductID"); CategoryID = CommonLogic.QueryStringUSInt("CategoryID"); SectionID = CommonLogic.QueryStringUSInt("SectionID"); ManufacturerID = CommonLogic.QueryStringUSInt("ManufacturerID"); DistributorID = CommonLogic.QueryStringUSInt("DistributorID"); GenreID = CommonLogic.QueryStringUSInt("GenreID"); VectorID = CommonLogic.QueryStringUSInt("VectorID"); if (ProductID == 0) { if (IsAddToCartPostBack) { int PackID = 0; int packProductID = 0; int packVariantID = 0; int packQuantity = 0; int packProductTypeID = 0; bool FromCart = false; int packCartRecID = 0; String ChosenColor = String.Empty; String ChosenColorSKUModifier = String.Empty; String ChosenSize = String.Empty; String ChosenSizeSKUModifier = String.Empty; String color = string.Empty; String size = string.Empty; String TextOption = CommonLogic.FormCanBeDangerousContent("TextOption"); for (int i = 0; i <= HttpContext.Current.Request.Form.Count - 1; i++) { if (HttpContext.Current.Request.Form.Keys[i].StartsWith("ProductID", StringComparison.InvariantCultureIgnoreCase)) { packProductID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent("__EVENTARGUMENT").Split('_')[1]); } if (HttpContext.Current.Request.Form.Keys[i].StartsWith("VariantID", StringComparison.InvariantCultureIgnoreCase)) { packVariantID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent("__EVENTARGUMENT").Split('_')[2]); } if (HttpContext.Current.Request.Form.Keys[i].StartsWith("PackID", StringComparison.InvariantCultureIgnoreCase)) { PackID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i])); if (CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i]).Contains(",") && PackID == 0) { PackID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i]).Split(',')[0]); } } if (HttpContext.Current.Request.Form.Keys[i].StartsWith("Quantity", StringComparison.InvariantCultureIgnoreCase) && !HttpContext.Current.Request.Form.Keys[i].StartsWith("Quantity_vldt", StringComparison.InvariantCultureIgnoreCase)) { if (Localization.ParseUSInt(HttpContext.Current.Request.Form.Keys[i].Split('_')[2]) == packVariantID) { packQuantity = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i])); } } if (HttpContext.Current.Request.Form.Keys[i].StartsWith("CartRecID", StringComparison.InvariantCultureIgnoreCase)) { packCartRecID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i])); } if (HttpContext.Current.Request.Form.Keys[i].StartsWith("Color", StringComparison.InvariantCultureIgnoreCase)) { if (Localization.ParseUSInt(HttpContext.Current.Request.Form.Keys[i].Split('_')[2]) == packVariantID) { color = CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i]).ToString(); } } if (HttpContext.Current.Request.Form.Keys[i].StartsWith("Size", StringComparison.InvariantCultureIgnoreCase)) { if (Localization.ParseUSInt(HttpContext.Current.Request.Form.Keys[i].Split('_')[2]) == packVariantID) { size = CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i]).ToString(); } } if (HttpContext.Current.Request.Form.Keys[i].StartsWith("ProductTypeID", StringComparison.InvariantCultureIgnoreCase)) { if (Localization.ParseUSInt(HttpContext.Current.Request.Form.Keys[i].Split('_')[2]) == packVariantID) { packProductTypeID = Localization.ParseUSInt(CommonLogic.FormCanBeDangerousContent(HttpContext.Current.Request.Form.Keys[i])); } } } ThisCustomer.RequireCustomerRecord(); if (packQuantity == 0) { packQuantity = 1; } FromCart = (packCartRecID > 0); if (color.Length != 0) { String[] ColorSel = color.Split(','); try { ChosenColor = ColorSel[0]; } catch { } try { ChosenColorSKUModifier = ColorSel[1]; } catch { } } if (ChosenColor.Length != 0) { ThisCustomer.ThisCustomerSession["ChosenColor"] = ChosenColor; } if (size.Length != 0) { String[] SizeSel = size.Split(','); try { ChosenSize = SizeSel[0]; } catch { } try { ChosenSizeSKUModifier = SizeSel[1]; } catch { } } if (ChosenSize.Length != 0) { ThisCustomer.ThisCustomerSession["ChosenSize"] = ChosenSize; } if (packQuantity > 0) { // add to custom cart: if (FromCart) { CustomCart.AddItem(PackID, packProductID, packVariantID, packQuantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier, packCartRecID, ThisCustomer, CartTypeEnum.ShoppingCart); } else { CustomCart cart = new CustomCart(ThisCustomer, PackID, 1, CartTypeEnum.ShoppingCart); cart.AddItem(packProductID, packVariantID, packQuantity, ChosenColor, ChosenColorSKUModifier, ChosenSize, ChosenSizeSKUModifier); } } if (CommonLogic.QueryStringCanBeDangerousContent("UpdateCartPack") == "") { String url = "pb.aspx?type=" + packProductTypeID.ToString() + "&PackID=" + PackID.ToString() + "&ProductID=" + packProductID.ToString() + "&cartrecid=" + packCartRecID; Response.Redirect(url + CommonLogic.IIF(FromCart, "?cartrecid=" + packCartRecID.ToString(), "")); Response.Redirect(url); } else { Response.Redirect(ResolveClientUrl("~/shoppingcart.aspx")); } } } String ActualSEName = string.Empty; using (SqlConnection dbconn = new SqlConnection(DB.GetDBConn())) { dbconn.Open(); using (IDataReader rs = DB.GetRS(string.Format("select * from Product a with (NOLOCK) inner join (select a.ProductID, b.StoreID from Product a with (nolock) left join ProductStore b " + "with (NOLOCK) on a.ProductID = b.ProductID) b on a.ProductID = b.ProductID where Deleted=0 and a.ProductID={0} and ({1}=0 or StoreID={2})", + ProductID, CommonLogic.IIF(AppLogic.GlobalConfigBool("AllowProductFiltering") == true, 1, 0), AppLogic.StoreID()), dbconn)) { if (!rs.Read()) { Response.Redirect(SE.MakeDriverLink("ProductNotFound")); } else { bool a = DB.RSFieldBool(rs, "Published"); if (!a) { Response.Redirect(SE.MakeDriverLink("ProductNotFound")); } } String SENameINURL = CommonLogic.QueryStringCanBeDangerousContent("SEName"); ActualSEName = SE.MungeName(DB.RSField(rs, "SEName")); if (ActualSEName != SENameINURL) { String NewURL = AppLogic.GetStoreHTTPLocation(false, false) + SE.MakeProductLink(ProductID, ActualSEName); string QStr = "?"; bool first = true; for (int i = 0; i < Request.QueryString.Count; i++) { string key = Request.QueryString.GetKey(i); if ((key.Equals("productid", StringComparison.InvariantCultureIgnoreCase)) == false && (key.Equals("sename", StringComparison.InvariantCultureIgnoreCase)) == false) { if (!first) { QStr += "&"; } QStr += key + "=" + Request.QueryString[i]; first = false; } } if (QStr.Length > 1) { NewURL += QStr; } HttpContext.Current.Response.Write("<html><head><title>Object Moved</title></head><body><b>Object moved to <a href=\"" + NewURL + "\">HERE</a></b></body></html>"); Response.Status = "301 Moved Permanently"; Response.AddHeader("Location", NewURL); HttpContext.Current.Response.End(); } #region Vortx Mobile Xml Package Modification m_XmlPackage = Vortx.MobileFramework.MobileXmlPackageController.XmlPackageHook(DB.RSField(rs, "XmlPackage").ToLowerInvariant(), ThisCustomer); #endregion IsAKit = DB.RSFieldBool(rs, "IsAKit"); IsAPack = DB.RSFieldBool(rs, "IsAPack"); if (m_XmlPackage.Length == 0) { if (IsAKit) { m_XmlPackage = AppLogic.ro_DefaultProductKitXmlPackage; // provide a default } else if (IsAPack) { m_XmlPackage = AppLogic.ro_DefaultProductPackXmlPackage; // provide a default } else { m_XmlPackage = AppLogic.ro_DefaultProductXmlPackage; // provide a default } } RequiresReg = DB.RSFieldBool(rs, "RequiresRegistration"); ProductName = DB.RSFieldByLocale(rs, "Name", ThisCustomer.LocaleSetting); CategoryHelper = AppLogic.LookupHelper("Category", 0); SectionHelper = AppLogic.LookupHelper("Section", 0); ManufacturerHelper = AppLogic.LookupHelper("Manufacturer", 0); DistributorHelper = AppLogic.LookupHelper("Distributor", 0); GenreHelper = AppLogic.LookupHelper("Genre", 0); VectorHelper = AppLogic.LookupHelper("Vector", 0); String SEName = String.Empty; if (DB.RSFieldByLocale(rs, "SETitle", ThisCustomer.LocaleSetting).Length == 0) { SETitle = Security.HtmlEncode(AppLogic.AppConfig("StoreName") + " - " + ProductName); } else { SETitle = DB.RSFieldByLocale(rs, "SETitle", ThisCustomer.LocaleSetting); } if (DB.RSFieldByLocale(rs, "SEDescription", ThisCustomer.LocaleSetting).Length == 0) { SEDescription = Security.HtmlEncode(ProductName); } else { SEDescription = DB.RSFieldByLocale(rs, "SEDescription", ThisCustomer.LocaleSetting); } if (DB.RSFieldByLocale(rs, "SEKeywords", ThisCustomer.LocaleSetting).Length == 0) { SEKeywords = Security.HtmlEncode(ProductName); } else { SEKeywords = DB.RSFieldByLocale(rs, "SEKeywords", ThisCustomer.LocaleSetting); } SENoScript = DB.RSFieldByLocale(rs, "SENoScript", ThisCustomer.LocaleSetting); } } //Log all views of unknown and registered customer if (!AppLogic.ProductIsMLExpress() && (AppLogic.AppConfigBool("DynamicRelatedProducts.Enabled") || AppLogic.AppConfigBool("RecentlyViewedProducts.Enabled"))) { ThisCustomer.LogProductView(ProductID); } if (IsAKit && !Vortx.MobileFramework.MobileHelper.isMobile()) { Server.Transfer(ResolveClientUrl("~/kitproduct.aspx"), true); return; } else if (IsAKit && Vortx.MobileFramework.MobileHelper.isMobile()) { Server.Transfer(ResolveClientUrl("~/mobilekitproduct.aspx"), true); return; } CategoryName = CategoryHelper.GetEntityName(CategoryID, ThisCustomer.LocaleSetting); SectionName = SectionHelper.GetEntityName(SectionID, ThisCustomer.LocaleSetting); ManufacturerName = ManufacturerHelper.GetEntityName(ManufacturerID, ThisCustomer.LocaleSetting); DistributorName = DistributorHelper.GetEntityName(DistributorID, ThisCustomer.LocaleSetting); GenreName = GenreHelper.GetEntityName(GenreID, ThisCustomer.LocaleSetting); VectorName = VectorHelper.GetEntityName(VectorID, ThisCustomer.LocaleSetting); String SourceEntityInstanceName = String.Empty; if (ManufacturerID != 0) { Profile.LastViewedEntityName = EntityDefinitions.readonly_ManufacturerEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = ManufacturerID.ToString(); Profile.LastViewedEntityInstanceName = ManufacturerName; String NewURL = AppLogic.GetStoreHTTPLocation(false, false) + SE.MakeProductLink(ProductID, ActualSEName); HttpContext.Current.Response.Write("<html><head><title>Object Moved</title></head><body><b>Object moved to <a href=\"" + NewURL + "\">HERE</a></b></body></html>"); Response.Status = "301 Moved Permanently"; Response.AddHeader("Location", NewURL); HttpContext.Current.Response.End(); } else if (DistributorID != 0) { Profile.LastViewedEntityName = EntityDefinitions.readonly_DistributorEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = DistributorID.ToString(); Profile.LastViewedEntityInstanceName = DistributorName; String NewURL = AppLogic.GetStoreHTTPLocation(false, false) + SE.MakeProductLink(ProductID, ActualSEName); HttpContext.Current.Response.Write("<html><head><title>Object Moved</title></head><body><b>Object moved to <a href=\"" + NewURL + "\">HERE</a></b></body></html>"); Response.Status = "301 Moved Permanently"; Response.AddHeader("Location", NewURL); HttpContext.Current.Response.End(); } else if (GenreID != 0) { Profile.LastViewedEntityName = EntityDefinitions.readonly_GenreEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = GenreID.ToString(); Profile.LastViewedEntityInstanceName = GenreName; String NewURL = AppLogic.GetStoreHTTPLocation(false, false) + SE.MakeProductLink(ProductID, ActualSEName); HttpContext.Current.Response.Write("<html><head><title>Object Moved</title></head><body><b>Object moved to <a href=\"" + NewURL + "\">HERE</a></b></body></html>"); Response.Status = "301 Moved Permanently"; Response.AddHeader("Location", NewURL); HttpContext.Current.Response.End(); } else if (VectorID != 0) { Profile.LastViewedEntityName = EntityDefinitions.readonly_VectorEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = VectorID.ToString(); Profile.LastViewedEntityInstanceName = VectorName; String NewURL = AppLogic.GetStoreHTTPLocation(false, false) + SE.MakeProductLink(ProductID, ActualSEName); HttpContext.Current.Response.Write("<html><head><title>Object Moved</title></head><body><b>Object moved to <a href=\"" + NewURL + "\">HERE</a></b></body></html>"); Response.Status = "301 Moved Permanently"; Response.AddHeader("Location", NewURL); HttpContext.Current.Response.End(); } else if (CategoryID != 0) { Profile.LastViewedEntityName = EntityDefinitions.readonly_CategoryEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = CategoryID.ToString(); Profile.LastViewedEntityInstanceName = CategoryName; String NewURL = AppLogic.GetStoreHTTPLocation(false, false) + SE.MakeProductLink(ProductID, ActualSEName); HttpContext.Current.Response.Write("<html><head><title>Object Moved</title></head><body><b>Object moved to <a href=\"" + NewURL + "\">HERE</a></b></body></html>"); Response.Status = "301 Moved Permanently"; Response.AddHeader("Location", NewURL); HttpContext.Current.Response.End(); } else if (SectionID != 0) { Profile.LastViewedEntityName = EntityDefinitions.readonly_SectionEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = SectionID.ToString(); Profile.LastViewedEntityInstanceName = SectionName; String NewURL = AppLogic.GetStoreHTTPLocation(false, false) + SE.MakeProductLink(ProductID, ActualSEName); HttpContext.Current.Response.Write("<html><head><title>Object Moved</title></head><body><b>Object moved to <a href=\"" + NewURL + "\">HERE</a></b></body></html>"); Response.Status = "301 Moved Permanently"; Response.AddHeader("Location", NewURL); HttpContext.Current.Response.End(); } SourceEntity = Profile.LastViewedEntityName; SourceEntityInstanceName = Profile.LastViewedEntityInstanceName; SourceEntityID = int.Parse(CommonLogic.IIF(CommonLogic.IsInteger(Profile.LastViewedEntityInstanceID), Profile.LastViewedEntityInstanceID, "0")); // validate that source entity id is actually valid for this product: if (SourceEntityID != 0) { String sqlx = string.Format("select count(*) as N from productentity a with (nolock) inner join (select distinct a.entityid, a.EntityType from productentity a with (nolock) left join EntityStore b with (nolock) " + "on a.EntityID = b.EntityID where ({0} = 0 or StoreID = {1})) b on a.EntityID = b.EntityID and a.EntityType=b.EntityType where ProductID = {2} and a.EntityID = {3} and a.EntityType = {4}" , CommonLogic.IIF(AppLogic.GlobalConfigBool("AllowEntityFiltering") == true, 1, 0), AppLogic.StoreID(), ProductID, SourceEntityID, DB.SQuote(SourceEntity)); if (DB.GetSqlN(sqlx) == 0) { SourceEntityID = 0; } } // we had no entity context coming in, try to find a category context for this product, so they have some context if possible: if (SourceEntityID == 0) { SourceEntityID = EntityHelper.GetProductsFirstEntity(ProductID, EntityDefinitions.readonly_CategoryEntitySpecs.m_EntityName); if (SourceEntityID > 0) { CategoryID = SourceEntityID; CategoryName = CategoryHelper.GetEntityName(CategoryID, ThisCustomer.LocaleSetting); Profile.LastViewedEntityName = EntityDefinitions.readonly_CategoryEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = CategoryID.ToString(); Profile.LastViewedEntityInstanceName = CategoryName; SourceEntity = EntityDefinitions.readonly_CategoryEntitySpecs.m_EntityName; SourceEntityInstanceName = CategoryName; } } // we had no entity context coming in, try to find a section context for this product, so they have some context if possible: if (SourceEntityID == 0) { SourceEntityID = EntityHelper.GetProductsFirstEntity(ProductID, EntityDefinitions.readonly_SectionEntitySpecs.m_EntityName); if (SourceEntityID > 0) { SectionID = SourceEntityID; SectionName = CategoryHelper.GetEntityName(SectionID, ThisCustomer.LocaleSetting); Profile.LastViewedEntityName = EntityDefinitions.readonly_SectionEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = SectionID.ToString(); Profile.LastViewedEntityInstanceName = SectionName; SourceEntity = EntityDefinitions.readonly_SectionEntitySpecs.m_EntityName; SourceEntityInstanceName = SectionName; } } // we had no entity context coming in, try to find a Manufacturer context for this product, so they have some context if possible: if (SourceEntityID == 0) { SourceEntityID = EntityHelper.GetProductsFirstEntity(ProductID, EntityDefinitions.readonly_ManufacturerEntitySpecs.m_EntityName); if (SourceEntityID > 0) { ManufacturerID = SourceEntityID; ManufacturerName = CategoryHelper.GetEntityName(ManufacturerID, ThisCustomer.LocaleSetting); Profile.LastViewedEntityName = EntityDefinitions.readonly_ManufacturerEntitySpecs.m_EntityName; Profile.LastViewedEntityInstanceID = ManufacturerID.ToString(); Profile.LastViewedEntityInstanceName = ManufacturerName; SourceEntity = EntityDefinitions.readonly_ManufacturerEntitySpecs.m_EntityName; SourceEntityInstanceName = ManufacturerName; } } // build up breadcrumb if we need: SectionTitle = Breadcrumb.GetProductBreadcrumb(ProductID, ProductName, SourceEntity, SourceEntityID, ThisCustomer); //Reset LastViewedEntityInstanceID to zero if no entities are mapped to the product so the left nav will render properly. if (SourceEntityID <= 0) { HttpContext.Current.Profile.SetPropertyValue("LastViewedEntityInstanceID", "0"); } if (RequiresReg && !ThisCustomer.IsRegistered) { m_PageOutput += "<br/><br/><br/><br/><b>" + AppLogic.GetString("showproduct.aspx.1", SkinID, ThisCustomer.LocaleSetting) + "</b><br/><br/><br/><a href=\"signin.aspx?returnurl=" + CommonLogic.GetThisPageName(false) + "?ProductID=" + ProductID.ToString() + CommonLogic.IIF(CommonLogic.ServerVariables("QUERY_STRING").Trim().Length > 0, "&" + Security.HtmlEncode(Security.UrlEncode(CommonLogic.ServerVariables("QUERY_STRING"))), String.Empty) + "\">" + AppLogic.GetString("showproduct.aspx.2", SkinID, ThisCustomer.LocaleSetting) + "</a> " + AppLogic.GetString("showproduct.aspx.3", SkinID, ThisCustomer.LocaleSetting); } else { AppLogic.eventHandler("ViewProductPage").CallEvent("&ViewProductPage=true"); // check if the postback was caused by an addtocart button if (this.IsPostBack && this.IsAddToCartPostBack) { HandleAddToCart(); return; } DB.ExecuteSQL("update product set Looks=Looks+1 where ProductID=" + ProductID.ToString()); m_PageOutput = "<!-- XmlPackage: " + m_XmlPackage + " -->\n"; if (m_XmlPackage.Length == 0) { m_PageOutput += "<p><b><font color=red>XmlPackage format was chosen, but no XmlPackage was specified!</font></b></p>"; } else { using (XmlPackage2 p = new XmlPackage2(m_XmlPackage, ThisCustomer, SkinID, "", "EntityName=" + SourceEntity + "&EntityID=" + SourceEntityID.ToString() + CommonLogic.IIF(CommonLogic.ServerVariables("QUERY_STRING").IndexOf("cartrecid") != -1, "&cartrecid=" + CommonLogic.QueryStringUSInt("cartrecid").ToString(), "&showproduct=1"), String.Empty, true)) { m_PageOutput += AppLogic.RunXmlPackage(p, base.GetParser, ThisCustomer, SkinID, true, true); if (p.SectionTitle != "") { SectionTitle = p.SectionTitle; } if (p.SETitle != "") { SETitle = p.SETitle; } if (p.SEDescription != "") { SEDescription = p.SEDescription; } if (p.SEKeywords != "") { SEKeywords = p.SEKeywords; } if (p.SENoScript != "") { SENoScript = p.SENoScript; } } } } litOutput.Text = m_PageOutput; }
private void RenderHtml() { StringBuilder writer = new StringBuilder(); if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { // handle delete: DB.ExecuteSQL("delete from Currency where CurrencyID=" + CommonLogic.QueryStringCanBeDangerousContent("DeleteID")); } if (CommonLogic.FormCanBeDangerousContent("IsSubmit").Length != 0) { // handle updates: AppLogic.SetAppConfig("Localization.CurrencyFeedUrl", CommonLogic.FormCanBeDangerousContent("CurrencyFeedUrl").Trim()); AppLogic.SetAppConfig("Localization.CurrencyFeedXmlPackage", CommonLogic.FormCanBeDangerousContent("CurrencyFeedXmlPackage").Trim()); AppLogic.SetAppConfig("Localization.CurrencyFeedBaseRateCurrencyCode", CommonLogic.FormCanBeDangerousContent("CurrencyFeedBaseRateCurrencyCode").Trim()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("Select * from currency with (NOLOCK)", dbconn)) { while (rs.Read()) { int ID = DB.RSFieldInt(rs, "CurrencyID"); String Name = CommonLogic.FormCanBeDangerousContent("Name_" + ID.ToString()); String CurrencyCode = CommonLogic.FormCanBeDangerousContent("CurrencyCode_" + ID.ToString()); String Symbol = CommonLogic.FormCanBeDangerousContent("Symbol_" + ID.ToString()); Decimal ExchangeRate = CommonLogic.FormUSDecimal("ExchangeRate_" + ID.ToString()); String DisplayLocaleFormat = CommonLogic.FormCanBeDangerousContent("DisplayLocaleFormat_" + ID.ToString()); String DisplaySpec = CommonLogic.FormCanBeDangerousContent("DisplaySpec_" + ID.ToString()); bool Published = (CommonLogic.FormCanBeDangerousContent("Published_" + ID.ToString()).Length != 0); int DisplayOrder = CommonLogic.FormUSInt("DisplayOrder_" + ID.ToString()); DB.ExecuteSQL("update Currency set Name=" + DB.SQuote(Name) + ", WasLiveRate=0, CurrencyCode=" + DB.SQuote(CurrencyCode) + ", Symbol=" + DB.SQuote(Symbol) + ", ExchangeRate=" + Localization.DecimalStringForDB(ExchangeRate) + ", DisplayLocaleFormat=" + DB.SQuote(DisplayLocaleFormat) + ", DisplaySpec=" + DB.SQuote(DisplaySpec) + ", Published=" + CommonLogic.IIF(Published, "1", "0") + ", DisplayOrder=" + DisplayOrder.ToString() + ", LastUpdated=getdate() where CurrencyID=" + ID.ToString()); } } } // handle new add: if (CommonLogic.FormCanBeDangerousContent("Name_0").Trim().Length != 0) { String Name = CommonLogic.FormCanBeDangerousContent("Name_0"); String CurrencyCode = CommonLogic.FormCanBeDangerousContent("CurrencyCode_0"); String Symbol = CommonLogic.FormCanBeDangerousContent("Symbol_0"); Decimal ExchangeRate = CommonLogic.FormNativeDecimal("ExchangeRate_0"); String DisplayLocaleFormat = CommonLogic.FormCanBeDangerousContent("DisplayLocaleFormat_0"); String DisplaySpec = CommonLogic.FormCanBeDangerousContent("DisplaySpec_0"); bool Published = (CommonLogic.FormCanBeDangerousContent("Published_0").Length != 0); int DisplayOrder = CommonLogic.FormUSInt("DisplayOrder_0"); DB.ExecuteSQL("insert Currency(Name,CurrencyCode,Symbol,ExchangeRate,WasLiveRate,DisplayLocaleFormat,DisplaySpec,Published,DisplayOrder) values(" + DB.SQuote(Name) + "," + DB.SQuote(CurrencyCode) + "," + DB.SQuote(Symbol) + "," + Localization.DecimalStringForDB(ExchangeRate) + ",0," + DB.SQuote(DisplayLocaleFormat) + "," + DB.SQuote(DisplaySpec) + "," + CommonLogic.IIF(Published, "1", "0") + "," + DisplayOrder.ToString() + ")"); } } Currency.FlushCache(); writer.Append("<script type=\"text/javascript\">\n"); writer.Append("function Form_Validator(theForm)\n"); writer.Append("{\n"); writer.Append("submitonce(theForm);\n"); writer.Append("return (true);\n"); writer.Append("}\n"); writer.Append("</script>\n"); writer.Append("<p align=\"left\"><input type=\"button\" class=\"normalButtons\" value=\"" + AppLogic.GetString("admin.currencies.GetLiveRates", SkinID, LocaleSetting) + "\" onClick=\"javascript:self.location='" + AppLogic.AdminLinkUrl("currencies.aspx") + "?update=true';\"></p>\n"); writer.Append("<form method=\"POST\" action=\"" + AppLogic.AdminLinkUrl("currencies.aspx") + "\" onsubmit=\"alert('" + AppLogic.GetString("admin.currencies.Notification", SkinID, LocaleSetting) + "');return (validateForm(document.forms[0]) && Form_Validator(document.forms[0]))\" onReset=\"return confirm('" + AppLogic.GetString("admin.common.ResetAllFieldsPrompt", SkinID, LocaleSetting) + "');\">\n"); writer.Append("<input type=\"hidden\" name=\"IsSubmit\" value=\"true\"/>\n"); writer.Append("<table>"); writer.Append("<tr><td style=\"border-style: solid; border-width: 1px;\" width=\"280\"><b>" + String.Format(AppLogic.GetString("admin.currencies.CurrencyFeedUrl", SkinID, LocaleSetting), CommonLogic.IIF(AppLogic.AppConfig("Localization.CurrencyFeedUrl").Length != 0, " (<a href=\"" + AppLogic.AppConfig("Localization.CurrencyFeedUrl") + "\" target=\"_blank\">test</a>)", "")) + "</b></td><td style=\"border-style: solid; border-width: 1px;\" ><input type=\"text\" size=\"60\" id=\"CurrencyFeedUrl\" name=\"CurrencyFeedUrl\" value=\"" + AppLogic.AppConfig("Localization.CurrencyFeedUrl") + "\"></td><td style=\"border-style: solid; border-width: 1px;\" ><small>" + AppLogic.GetString("admin.currencies.EmptyString", SkinID, LocaleSetting) + "</small></td></tr>"); writer.Append("<tr><td style=\"border-style: solid; border-width: 1px;\" width=\"280\"><b>" + AppLogic.GetString("admin.currencies.CurrencyFeedBaseCurrencyCode", SkinID, LocaleSetting) + "</b></td><td style=\"border-style: solid; border-width: 1px;\" ><input type=\"text\" size=\"3\" id=\"CurrencyFeedBaseRateCurrencyCode\" name=\"CurrencyFeedBaseRateCurrencyCode\" value=\"" + AppLogic.AppConfig("Localization.CurrencyFeedBaseRateCurrencyCode") + "\"></td><td style=\"border-style: solid; border-width: 1px;\" ><small>" + AppLogic.GetString("admin.currencies.CurrencyCodeValidity", SkinID, LocaleSetting) + "</small></td></tr>"); writer.Append("<tr><td style=\"border-style: solid; border-width: 1px;\" width=\"280\"><b>" + AppLogic.GetString("admin.currencies.CurrencyFeedXmlPackage", SkinID, LocaleSetting) + "</b></td><td style=\"border-style: solid; border-width: 1px;\" ><input type=\"text\" size=\"40\" id=\"CurrencyFeedXmlPackage\" name=\"CurrencyFeedXmlPackage\" value=\"" + AppLogic.AppConfig("Localization.CurrencyFeedXmlPackage") + "\"></td><td style=\"border-style: solid; border-width: 1px;\" ><small>" + AppLogic.GetString("admin.currencies.EmptyString", SkinID, LocaleSetting) + "</small></td></tr>"); writer.Append("</table>"); writer.Append("<p align=\"left\">"); writer.Append("<b>Test Conversion</b> "); Decimal SourceAmount = CommonLogic.FormNativeDecimal("SourceAmount"); if (SourceAmount == System.Decimal.Zero) { SourceAmount = 1.00M; } writer.Append(AppLogic.GetString("admin.currencies.Amount", SkinID, LocaleSetting) + " <input type=\"text\" size=\"8\" id=\"SourceAmount\" name=\"SourceAmount\" value=\"" + Localization.CurrencyStringForDBWithoutExchangeRate(SourceAmount) + "\">"); String SourceCurrency = CommonLogic.FormCanBeDangerousContent("SourceCurrency"); writer.Append(" " + AppLogic.GetString("admin.systemlog.Source", SkinID, LocaleSetting) + " " + Currency.GetSelectList("SourceCurrency", String.Empty, String.Empty, SourceCurrency)); String TargetCurrency = CommonLogic.FormCanBeDangerousContent("TargetCurrency"); writer.Append(" " + AppLogic.GetString("admin.currencies.Target", SkinID, LocaleSetting) + " " + Currency.GetSelectList("TargetCurrency", String.Empty, String.Empty, TargetCurrency)); if (SourceCurrency.Length != 0 && TargetCurrency.Length != 0) { Decimal TargetAmount = Currency.Convert(SourceAmount, SourceCurrency, TargetCurrency); writer.Append(" " + AppLogic.GetString("admin.currencies.Result", SkinID, LocaleSetting) + " <input type=\"text\" size=\"8\" id=\"TargetAmount\" name=\"TargetAmount\" value=\"" + Currency.ToString(TargetAmount, TargetCurrency) + "\" READONLY/>"); } writer.Append(" <input class=\"normalButtons\" type=\"submit\" value=\"" + AppLogic.GetString("admin.currencies.UpdateAndConvert", SkinID, LocaleSetting) + "\" name=\"Submit\"/>"); writer.Append("</p>"); writer.Append("<p align=\"left\"><input class=\"normalButtons\" type=\"submit\" value=\"" + AppLogic.GetString("admin.common.Update", SkinID, LocaleSetting) + "\" name=\"Submit\"/></p>\n"); writer.Append(" <table border=\"0\" cellpadding=\"0\" border=\"0\" cellspacing=\"0\" width=\"100%\">"); writer.Append(" <tr class=\"table-header\">\n"); writer.Append("</td>"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.common.ID", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>*" + AppLogic.GetString("admin.common.Name", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>*" + AppLogic.GetString("admin.currencies.Code", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.currencies.Symbol", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.currencies.ExchangeRate", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.currencies.DisplayLocale", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.currencies.DisplaySpec", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.currencies.Published", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>" + AppLogic.GetString("admin.currencies.LastUpdatedOn", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td ><b>*" + AppLogic.GetString("admin.common.DisplayOrder", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" <td align=\"center\"><b>" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "</b></td>\n"); writer.Append(" </tr>\n"); string style; int counter = 0; using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select * from Currency with (NOLOCK) order by published desc, displayorder,name", dbconn)) { while (rs.Read()) { if (counter % 2 == 0) { style = "\"table-row2\""; } else { style = "\"table-alternatingrow2\""; } int ID = DB.RSFieldInt(rs, "CurrencyID"); writer.Append("<tr class=" + style + ">\n"); writer.Append("<td>" + ID.ToString() + "</td>\n"); writer.Append("<td><input type=\"text\" size=\"30\" id=\"Name_" + ID.ToString() + "\" name=\"Name_" + ID.ToString() + "\" value=\"" + DB.RSField(rs, "Name").ToString() + "\"/></td>\n"); writer.Append("<td><input type=\"text\" size=\"4\" id=\"CurrencyCode_" + ID.ToString() + "\" name=\"CurrencyCode_" + ID.ToString() + "\" value=\"" + DB.RSField(rs, "CurrencyCode").ToString() + "\"/><input type=\"hidden\" id=\"CurrencyCode_" + ID.ToString() + "_vldt\" name=\"CurrencyCode_" + ID.ToString() + "_vldt\" value=\"[req]\"/></td>\n"); writer.Append("<td><input type=\"text\" size=\"5\" id=\"Symbol_" + ID.ToString() + "\" name=\"Symbol_" + ID.ToString() + "\" value=\"" + DB.RSField(rs, "Symbol").ToString() + "\"/></td>\n"); writer.Append("<td>"); String RTX = Localization.DecimalStringForDB(DB.RSFieldDecimal(rs, "ExchangeRate")); if (DB.RSFieldDecimal(rs, "ExchangeRate") == System.Decimal.Zero && DB.RSFieldBool(rs, "Published")) { RTX = String.Empty; // force entry for all published currencies, 0.0 exchange rate is totally invalid! } writer.Append("<input type=\"text\" size=\"6\" id=\"ExchangeRate_" + ID.ToString() + "\" name=\"ExchangeRate_" + ID.ToString() + "\" value=\"" + RTX + "\"/>" + CommonLogic.IIF(DB.RSFieldBool(rs, "WasLiveRate"), " (Live)", "")); writer.Append("<input type=\"hidden\" id=\"ExchangeRate_" + ID.ToString() + "_vldt\" name=\"ExchangeRate_" + ID.ToString() + "_vldt\" value=\"[req][number][blankalert=" + AppLogic.GetString("admin.currencies.EnterExchangeRate", SkinID, LocaleSetting) + "][invalidalert=" + AppLogic.GetString("admin.currencies.ValidDollarAmount", SkinID, LocaleSetting) + "]\"/>"); writer.Append("</td>\n"); writer.Append("<td><input type=\"text\" id=\"DisplayLocaleFormat_" + ID.ToString() + "\" name=\"DisplayLocaleFormat_" + ID.ToString() + "\" value=\"" + DB.RSField(rs, "DisplayLocaleFormat").ToString() + "\"/></td>\n"); writer.Append("<td><input type=\"text\" id=\"DisplaySpec_" + ID.ToString() + "\" name=\"DisplaySpec_" + ID.ToString() + "\" value=\"" + DB.RSField(rs, "DisplaySpec").ToString() + "\"/></td>\n"); writer.Append("<td><input type=\"checkbox\" id=\"Published_" + ID.ToString() + "\" name=\"Published_" + ID.ToString() + "\" " + CommonLogic.IIF(DB.RSFieldBool(rs, "Published"), " checked=\"checked\" ", "") + "/></td>\n"); writer.Append("<td>" + Localization.ToNativeDateTimeString(DB.RSFieldDateTime(rs, "LastUpdated")) + "</td>\n"); writer.Append("<td align=\"center\"><input size=\"2\" type=\"text\" name=\"DisplayOrder_" + ID.ToString() + "\" value=\"" + DB.RSFieldInt(rs, "DisplayOrder").ToString() + "\"/></td>\n"); writer.Append("<td align=\"center\"><input class=\"normalButtons\" type=\"button\" value=\"" + AppLogic.GetString("admin.common.Delete", SkinID, LocaleSetting) + "\" name=\"Delete_" + ID.ToString() + "\" onClick=\"DeleteCurrency(" + ID.ToString() + ")\"/></td>\n"); writer.Append("</tr>\n"); counter++; } } } writer.Append("<tr>\n"); writer.Append("<td>" + AppLogic.GetString("admin.currencies.AddNew", SkinID, LocaleSetting) + "</td>\n"); writer.Append("<td><input type=\"text\" size=\"30\" id=\"Name_0\" name=\"Name_0\"/></td>\n"); writer.Append("<td><input type=\"text\" size=\"4\" id=\"CurrencyCode_0\" name=\"CurrencyCode_0\"/></td>\n"); writer.Append("<td><input type=\"text\" size=\"5\" id=\"Symbol_0\" name=\"Symbol_0\"/></td>\n"); writer.Append("<td><input type=\"text\" size=\"6\" id=\"ExchangeRate_0\" name=\"ExchangeRate_0\"/></td>\n"); writer.Append("<td><input type=\"text\" id=\"DisplayLocaleFormat_0\" name=\"DisplayLocaleFormat_0\"/></td>\n"); writer.Append("<td><input type=\"text\" id=\"DisplaySpec_0\" name=\"DisplaySpec_0\"/></td>\n"); writer.Append("<td><input type=\"checkbox\" id=\"Published_0\" name=\"Published_0\"/></td>\n"); writer.Append("<td> </td>\n"); writer.Append("<td align=\"center\"><input size=\"2\" type=\"text\" name=\"DisplayOrder_0\"/></td>\n"); writer.Append("<td align=\"center\"> </td>\n"); writer.Append("</tr>\n"); writer.Append("</table>\n"); writer.Append("<p align=\"left\"><input class=\"normalButtons\" type=\"submit\" value=\"" + AppLogic.GetString("admin.currencies.UpdateChangesAbove", SkinID, LocaleSetting) + "\" name=\"Submit\"/></p>\n"); writer.Append("</form>\n"); writer.Append("<script type=\"text/javascript\">\n"); writer.Append("function DeleteCurrency(id)\n"); writer.Append("{\n"); writer.Append("if(confirm('" + AppLogic.GetString("admin.currencies.DeleteCurrency", SkinID, LocaleSetting) + " ' + id))\n"); writer.Append("{\n"); writer.Append("self.location = '" + AppLogic.AdminLinkUrl("currencies.aspx") + "?deleteid=' + id;\n"); writer.Append("}\n"); writer.Append("}\n"); writer.Append("</SCRIPT>\n"); writer.Append("<hr size=\"1\">"); writer.Append("<b>" + AppLogic.GetString("admin.currencies.XmlPackageDoc", SkinID, LocaleSetting) + "</b><br/>"); writer.Append("<textarea style=\"width: 100%\" rows=\"60\">" + XmlCommon.PrettyPrintXml(Currency.m_LastRatesResponseXml) + "</textarea>"); writer.Append("<b>" + AppLogic.GetString("admin.currencies.TransformMasterXml", SkinID, LocaleSetting) + "</b><br/>"); writer.Append("<textarea style=\"width: 100%\" rows=\"60\">" + XmlCommon.PrettyPrintXml(Currency.m_LastRatesTransformedXml) + "</textarea>"); ltContent.Text = writer.ToString(); }
private void ProcessForm(bool UseValidationService, int AddressID) { ThisCustomer.RequireCustomerRecord(); bool AllowShipToDifferentThanBillTo = AppLogic.AppConfigBool("AllowShipToDifferentThanBillTo") && !AppLogic.AppConfigBool("SkipShippingOnCheckout"); string ResidenceType = ddlResidenceType.SelectedValue; bool valid = true; string errormsg = string.Empty; // Payment method validations if (AddressType == AddressTypes.Billing) { string paymentMethodLastUsed = AppLogic.CleanPaymentMethod(CommonLogic.FormCanBeDangerousContent("PaymentMethod")); if (paymentMethodLastUsed == AppLogic.ro_PMECheck && ShowEcheck) { if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("ECheckBankABACode"))) { valid = false; errormsg += "•Bank ABA Code is required<br/>"; } if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("ECheckBankAccountNumber"))) { valid = false; errormsg += "•Bank Account Number is required<br/>"; } if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("ECheckBankName"))) { valid = false; errormsg += "•Bank Account Name is required<br/>"; } if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("ECheckBankAccountName"))) { valid = false; errormsg += "•Bank Account Name is required<br/>"; } } if (paymentMethodLastUsed == AppLogic.ro_PMCreditCard) { if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("CardName"))) { valid = false; errormsg += "•Card Name is required<br/>"; } if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("CardType"))) { valid = false; errormsg += "•Card Type is required<br/>"; } if (string.IsNullOrEmpty(CommonLogic.FormCanBeDangerousContent("CardNumber"))) { valid = false; errormsg += "•Card Number is required<br/>"; } int iexpMonth = 0; int iexpYear = 0; string expMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth"); string expYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear"); if (string.IsNullOrEmpty(expMonth) || !int.TryParse(expMonth, out iexpMonth) || !(iexpMonth > 0)) { valid = false; errormsg += "•Please select the Card Expiration Month<br/>"; } if (string.IsNullOrEmpty(expYear) || !int.TryParse(expYear, out iexpYear) || !(iexpYear > 0)) { valid = false; errormsg += "•Please select the Card Expiration Year<br/>"; } } } if (!Page.IsValid || !valid) { ErrorMsgLabel.Text = "<br /><br />" + AppLogic.GetString("editaddress.aspx.15", SkinID, ThisCustomer.LocaleSetting) + "<br /><br />"; foreach (IValidator aValidator in this.Validators) { if (!aValidator.IsValid) { ErrorMsgLabel.Text += "• " + aValidator.ErrorMessage + "<br />"; } } ErrorMsgLabel.Text += "<br />"; ErrorMsgLabel.Text += errormsg; InitializePageContent(); return; } theAddress.AddressType = AddressType; theAddress.NickName = txtAddressNickName.Text; theAddress.FirstName = txtFirstName.Text; theAddress.LastName = txtLastName.Text; theAddress.Company = txtCompany.Text; theAddress.Address1 = txtAddress1.Text; theAddress.Address2 = txtAddress2.Text; theAddress.Suite = txtSuite.Text; theAddress.City = txtCity.Text; theAddress.State = ddlState.SelectedValue; theAddress.Zip = txtZip.Text; theAddress.Country = ddlCountry.SelectedValue; theAddress.Phone = txtPhone.Text; if (ResidenceType == "2") { theAddress.ResidenceType = ResidenceTypes.Commercial; } else if (ResidenceType == "1") { theAddress.ResidenceType = ResidenceTypes.Residential; } else { theAddress.ResidenceType = ResidenceTypes.Unknown; } if (theAddress.AddressType == AddressTypes.Billing) { theAddress.PaymentMethodLastUsed = AppLogic.CleanPaymentMethod(CommonLogic.FormCanBeDangerousContent("PaymentMethod")); if (theAddress.PaymentMethodLastUsed == AppLogic.ro_PMECheck && ShowEcheck) { string eCheckABACode = CommonLogic.FormCanBeDangerousContent("ECheckBankABACode"); if (!eCheckABACode.StartsWith("*")) { theAddress.ECheckBankABACode = CommonLogic.FormCanBeDangerousContent("ECheckBankABACode"); } string eCheckBankAccountNumber = CommonLogic.FormCanBeDangerousContent("ECheckBankAccountNumber"); if (!eCheckBankAccountNumber.StartsWith("*")) { theAddress.ECheckBankAccountNumber = CommonLogic.FormCanBeDangerousContent("ECheckBankAccountNumber"); } theAddress.ECheckBankName = CommonLogic.FormCanBeDangerousContent("ECheckBankName"); theAddress.ECheckBankAccountName = CommonLogic.FormCanBeDangerousContent("ECheckBankAccountName"); theAddress.ECheckBankAccountType = CommonLogic.FormCanBeDangerousContent("ECheckBankAccountType"); } if (theAddress.PaymentMethodLastUsed == AppLogic.ro_PMCreditCard) { theAddress.CardName = CommonLogic.FormCanBeDangerousContent("CardName"); theAddress.CardType = CommonLogic.FormCanBeDangerousContent("CardType"); string tmpS = CommonLogic.FormCanBeDangerousContent("CardNumber"); if (!tmpS.StartsWith("*")) { theAddress.CardNumber = tmpS; } theAddress.CardExpirationMonth = CommonLogic.FormCanBeDangerousContent("CardExpirationMonth"); theAddress.CardExpirationYear = CommonLogic.FormCanBeDangerousContent("CardExpirationYear"); } } theAddress.UpdateDB(); string RETURNURL = ""; if (ViewState["RETURNURL"] != null) { RETURNURL = "&ReturnUrl=" + ViewState["RETURNURL"].ToString(); } if (UseValidationService) { Address StandardizedAddress = new Address(); String ValidateResult = AddressValidation.RunValidate(theAddress, out StandardizedAddress); theAddress = StandardizedAddress; theAddress.UpdateDB(); if (ValidateResult != AppLogic.ro_OK) { Response.Redirect("editaddress.aspx?Checkout=" + Checkout.ToString() + "&AddressType=" + AddressType.ToString() + "&AddressID=" + AddressID.ToString() + "&prompt=" + ValidateResult + RETURNURL); } } Response.Redirect(String.Format("selectaddress.aspx?Checkout={0}&AddressType={1}" + RETURNURL, Checkout.ToString(), AddressType)); }
public string GetTempFileStub() { string name = GetTempFileStubName(); return(CommonLogic.FormCanBeDangerousContent(name)); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); SearchFor = CommonLogic.QueryStringCanBeDangerousContent("SearchFor"); ShowLocaleSetting = Localization.CheckLocaleSettingForProperCase(CommonLogic.QueryStringCanBeDangerousContent("ShowLocaleSetting")); BeginsWith = CommonLogic.QueryStringCanBeDangerousContent("BeginsWith"); StringResourceID = 0; if (CommonLogic.QueryStringCanBeDangerousContent("StringResourceID").Length != 0 && CommonLogic.QueryStringCanBeDangerousContent("StringResourceID") != "0") { Editing = true; StringResourceID = Localization.ParseUSInt(CommonLogic.QueryStringCanBeDangerousContent("StringResourceID")); } else { Editing = false; } if (CommonLogic.FormBool("IsSubmit")) { StringBuilder sql = new StringBuilder(2500); if (!Editing) { // ok to add them: String NewGUID = DB.GetNewGUID(); sql.Append("insert into StringResource(StringResourceGUID,Name,LocaleSetting,ConfigValue) values("); sql.Append(DB.SQuote(NewGUID) + ","); sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name")) + ","); sql.Append(DB.SQuote(Localization.CheckLocaleSettingForProperCase(CommonLogic.FormCanBeDangerousContent("LocaleSetting"))) + ","); sql.Append(DB.SQuote(CommonLogic.FormCanBeDangerousContent("ConfigValue"))); sql.Append(")"); DB.ExecuteSQL(sql.ToString()); using (SqlConnection dbconn = DB.dbConn()) { dbconn.Open(); using (IDataReader rs = DB.GetRS("select StringResourceID from StringResource with (NOLOCK) where StringResourceGUID=" + DB.SQuote(NewGUID), dbconn)) { rs.Read(); StringResourceID = DB.RSFieldInt(rs, "StringResourceID"); Editing = true; } } DataUpdated = true; } else { // ok to update: sql.Append("update StringResource set "); sql.Append("Name=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("Name")) + ","); sql.Append("LocaleSetting=" + DB.SQuote(Localization.CheckLocaleSettingForProperCase(CommonLogic.FormCanBeDangerousContent("LocaleSetting"))) + ","); sql.Append("ConfigValue=" + DB.SQuote(CommonLogic.FormCanBeDangerousContent("ConfigValue"))); sql.Append(" where StringResourceID=" + StringResourceID.ToString()); DB.ExecuteSQL(sql.ToString()); DataUpdated = true; Editing = true; } } Render(); }
protected void AddToCart(CartTypeEnum cartType) { try { if (KitData.HasFileUploadGroup) { KitData.MoveAllTempImagesToOrdered(); } KitComposition composition = ComposeAddToCart(); if (KitData.HasRequiredGroups) { List <String> RequiredGroupNames = new List <String>(); foreach (KitGroupData requiredGroup in KitData.Groups) { if (requiredGroup.IsRequired) { int hasBeenSelected = composition.Compositions.Where(kci => kci.KitGroupID.Equals(requiredGroup.Id)).Count(); if (hasBeenSelected == 0) { RequiredGroupNames.Add(requiredGroup.Name); } } } if (RequiredGroupNames.Count > 0) { StringBuilder sb = new StringBuilder(1000); sb.Append(AppLogic.GetString("product.kit2product.xml.config.16", ThisCustomer.LocaleSetting)); sb.Append("<ul>"); foreach (String requiredGroup in RequiredGroupNames) { sb.Append("<li>" + requiredGroup + "</li>"); } sb.Append("</ul>"); ShowError(sb.ToString()); return; } } String tmp = DB.GetNewGUID(); ShoppingCart cart = new ShoppingCart(1, ThisCustomer, cartType, 0, false); int qty = GetQuantity(); if (KitData.HasCartMapping) { AppLogic.ClearKitItems(ThisCustomer, KitData.Id, KitData.VariantId, KitData.ShoppingCartRecordId); CartItem lineItem = cart.CartItems.FirstOrDefault(item => item.ShoppingCartRecordID == KitData.ShoppingCartRecordId); cart.SetItemQuantity(lineItem.ShoppingCartRecordID, qty); cart.ProcessKitComposition(composition, KitData.Id, KitData.VariantId, KitData.ShoppingCartRecordId); } else { //GFS - If customer a session has been cleared and no cookies are available, we must create a customer record to associate the new cart ID to. //If this is not done, adding a kit product within the said environment will render an empty shopping cart. ThisCustomer.RequireCustomerRecord(); int shipId = ThisCustomer.PrimaryShippingAddressID; int NewRecID = cart.AddItem(ThisCustomer, ThisCustomer.PrimaryShippingAddressID, KitData.Id, KitData.VariantId, qty, string.Empty, string.Empty, string.Empty, string.Empty, string.Empty, cartType, false, false, 0, System.Decimal.Zero, composition); } // check for upsell products if (CommonLogic.FormCanBeDangerousContent("Upsell").Length != 0) { foreach (String s in CommonLogic.FormCanBeDangerousContent("Upsell").Split(',')) { int ProductID = Localization.ParseUSInt(s); if (ProductID != 0) { int VariantID = AppLogic.GetProductsDefaultVariantID(ProductID); if (VariantID != 0) { int NewRecID = cart.AddItem(ThisCustomer, ThisCustomer.PrimaryShippingAddressID, ProductID, VariantID, 1, String.Empty, String.Empty, String.Empty, String.Empty, String.Empty, CartTypeEnum.ShoppingCart, true, false, 0, System.Decimal.Zero); Decimal PR = AppLogic.GetUpsellProductPrice(0, ProductID, ThisCustomer.CustomerLevelID); SqlParameter[] spa = { DB.CreateSQLParameter("@Price", SqlDbType.Decimal, 10, PR, ParameterDirection.Input), DB.CreateSQLParameter("@CartRecID", SqlDbType.Int, 4, NewRecID, ParameterDirection.Input) }; DB.ExecuteSQL("update shoppingcart set IsUpsell=1, ProductPrice=@Price where ShoppingCartRecID=@CartRecID", spa); } } } } } catch { } bool stayOnThisPage = AppLogic.AppConfig("AddToCartAction").Equals("STAY", StringComparison.InvariantCultureIgnoreCase); if (stayOnThisPage) { // some tokens like the shoppingcart qty may already be rendered // we therefore need to re-display the page to display the correct qty Response.Redirect(this.Request.Url.ToString()); } else { string returnUrl = CommonLogic.GetThisPageName(false) + "?" + CommonLogic.ServerVariables("QUERY_STRING"); switch (cartType) { case CartTypeEnum.ShoppingCart: Response.Redirect(ResolveClientUrl("~/ShoppingCart.aspx?add=true&ReturnUrl=" + Security.UrlEncode(returnUrl))); break; case CartTypeEnum.GiftRegistryCart: Response.Redirect(ResolveClientUrl("~/giftregistry.aspx?ReturnUrl=" + Security.UrlEncode(returnUrl))); break; case CartTypeEnum.WishCart: Response.Redirect(ResolveClientUrl("~/wishlist.aspx?ReturnUrl=" + Security.UrlEncode(returnUrl))); break; } } }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); ProductID = CommonLogic.QueryStringUSInt("ProductID"); if (ProductID == 0) { Response.Redirect(AppLogic.AdminLinkUrl("products.aspx")); } ProductName = AppLogic.GetProductName(ProductID, LocaleSetting); ProductSKU = AppLogic.GetProductSKU(ProductID); ProductTracksInventoryBySizeAndColor = AppLogic.ProductTracksInventoryBySizeAndColor(ProductID); if (CommonLogic.QueryStringCanBeDangerousContent("CloneID").Length != 0) { int CloneID = CommonLogic.QueryStringUSInt("CloneID"); DB.ExecuteSQL("aspdnsf_CloneVariant " + CloneID.ToString() + "," + ThisCustomer.CustomerID.ToString()); } if (CommonLogic.QueryStringCanBeDangerousContent("DeleteID").Length != 0) { int DeleteID = CommonLogic.QueryStringUSInt("DeleteID"); DB.ExecuteSQL("delete from CustomCart where VariantID=" + DeleteID.ToString()); DB.ExecuteSQL("delete from KitCart where VariantID=" + DeleteID.ToString()); DB.ExecuteSQL("delete from ShoppingCart where VariantID=" + DeleteID.ToString()); DB.ExecuteSQL("delete from ProductVariant where VariantID=" + DeleteID.ToString()); } if (CommonLogic.QueryStringBool("DeleteAllVariants")) { DB.ExecuteSQL("delete from CustomCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")"); DB.ExecuteSQL("delete from KitCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")"); DB.ExecuteSQL("delete from ShoppingCart where VariantID in (select VariantID from ProductVariant where ProductID=" + ProductID.ToString() + ")"); DB.ExecuteSQL("delete from ProductVariant where ProductID=" + ProductID.ToString());; } if (CommonLogic.FormBool("IsSubmit")) { DB.ExecuteSQL("update ProductVariant set IsDefault=0 where ProductID=" + ProductID.ToString()); if (CommonLogic.FormCanBeDangerousContent("IsDefault").Length == 0 || CommonLogic.FormUSInt("IsDefault") == 0) { // try to force a default variant, none was specified! DB.ExecuteSQL("update ProductVariant set IsDefault=1 where ProductID=" + ProductID.ToString() + " and VariantID in (SELECT top 1 VariantID from ProductVariant where ProductID=" + ProductID.ToString() + " order by DisplayOrder,Name)"); } else { DB.ExecuteSQL("update ProductVariant set IsDefault=1 where ProductID=" + ProductID.ToString() + " and VariantID=" + CommonLogic.FormUSInt("IsDefault").ToString()); } for (int i = 0; i <= Request.Form.Count - 1; i++) { if (Request.Form.Keys[i].IndexOf("DisplayOrder_") != -1) { String[] keys = Request.Form.Keys[i].Split('_'); int VariantID = Localization.ParseUSInt(keys[1]); int DispOrd = 1; try { DispOrd = Localization.ParseUSInt(Request.Form[Request.Form.Keys[i]]); } catch { } DB.ExecuteSQL("update productvariant set DisplayOrder=" + DispOrd.ToString() + " where VariantID=" + VariantID.ToString()); } } } if (CommonLogic.QueryStringCanBeDangerousContent("DeleteAllVariants").Equals("TRUE", StringComparison.InvariantCultureIgnoreCase) == false) { AppLogic.MakeSureProductHasAtLeastOneVariant(ProductID); } AppLogic.EnsureProductHasADefaultVariantSet(ProductID); LoadData(); }
protected void Page_Load(object sender, System.EventArgs e) { Response.CacheControl = "private"; Response.Expires = 0; Response.AddHeader("pragma", "no-cache"); Customer ThisCustomer = ((AspDotNetStorefrontPrincipal)Context.User).ThisCustomer; int AddressID = CommonLogic.QueryStringUSInt("AddressID"); int CustomerID = CommonLogic.QueryStringUSInt("CustomerID"); int OriginalRecurringOrderNumber = CommonLogic.QueryStringUSInt("OriginalRecurringOrderNumber"); string ReturnUrl = CommonLogic.QueryStringCanBeDangerousContent("ReturnUrl"); // clean.. ReturnUrl = AppLogic.ReturnURLDecode(ReturnUrl); String AddressTypeString = CommonLogic.QueryStringCanBeDangerousContent("AddressType"); AddressTypes AddressType = (AddressTypes)Enum.Parse(typeof(AddressTypes), AddressTypeString, true); bool AllowShipToDifferentThanBillTo = AppLogic.AppConfigBool("AllowShipToDifferentThanBillTo") && !AppLogic.AppConfigBool("SkipShippingOnCheckout"); if (!AllowShipToDifferentThanBillTo) { //Shipping and Billing address nust be the same so save both AddressType = AddressTypes.Billing | AddressTypes.Shipping; } Address thisAddress = new Address(); if (AddressID != 0) //Users Selected an ID from the Address Grid { if (OriginalRecurringOrderNumber == 0) { thisAddress.LoadFromDB(AddressID); thisAddress.MakeCustomersPrimaryAddress(AddressType); } } else //Entered a new address to add { thisAddress.CustomerID = CustomerID; thisAddress.NickName = CommonLogic.FormCanBeDangerousContent("AddressNickName"); thisAddress.FirstName = CommonLogic.FormCanBeDangerousContent("AddressFirstName"); thisAddress.LastName = CommonLogic.FormCanBeDangerousContent("AddressLastName"); thisAddress.Company = CommonLogic.FormCanBeDangerousContent("AddressCompany"); thisAddress.Address1 = CommonLogic.FormCanBeDangerousContent("AddressAddress1"); thisAddress.Address2 = CommonLogic.FormCanBeDangerousContent("AddressAddress2"); thisAddress.Suite = CommonLogic.FormCanBeDangerousContent("AddressSuite"); thisAddress.City = CommonLogic.FormCanBeDangerousContent("AddressCity"); thisAddress.State = CommonLogic.FormCanBeDangerousContent("AddressState"); thisAddress.Zip = CommonLogic.FormCanBeDangerousContent("AddressZip"); thisAddress.Country = CommonLogic.FormCanBeDangerousContent("AddressCountry"); thisAddress.Phone = CommonLogic.FormCanBeDangerousContent("AddressPhone"); thisAddress.InsertDB(); AddressID = thisAddress.AddressID; if (OriginalRecurringOrderNumber == 0) { thisAddress.MakeCustomersPrimaryAddress(AddressType); } } if (OriginalRecurringOrderNumber != 0) { //put it in the ShoppingCart record string sql = String.Empty; if ((AddressType & AddressTypes.Billing) != 0) { sql = String.Format("BillingAddressID={0}", AddressID); } if ((AddressType & AddressTypes.Shipping) != 0) { if (sql.Length != 0) { sql += ","; } sql += String.Format("ShippingAddressID={0}", AddressID); } sql = String.Format("update ShoppingCart set " + sql + " where OriginalRecurringOrderNumber={0}", OriginalRecurringOrderNumber); DB.ExecuteSQL(sql); } Response.Redirect(ReturnUrl); }
protected void Page_Load(object sender, System.EventArgs e) { Response.Expires = -1; Response.AddHeader("pragma", "no-cache"); Response.AddHeader("Last-Modified", DateTime.Now.AddMinutes(-10).ToUniversalTime() + " GMT"); Response.AddHeader("Cache-Control", "no-store, no-cache, must-revalidate"); // HTTP/1.1 Response.AddHeader("Cache-Control", "post-check=0, pre-check=0"); Response.AddHeader("Pragma", "no-cache"); // HTTP/1.0 ErrorMessage err; if (AppLogic.AppConfigBool("RequireOver13Checked") && !ThisCustomer.IsOver13) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("checkout.over13required", ThisCustomer.SkinID, ThisCustomer.LocaleSetting))); Response.Redirect("shoppingcart.aspx?errormsg=" + err.MessageId); } RequireSecurePage(); // ----------------------------------------------------------------------------------------------- // NOTE ON PAGE LOAD LOGIC: // We are checking here for required elements to allowing the customer to stay on this page. // Many of these checks may be redundant, and they DO add a bit of overhead in terms of db calls, but ANYTHING really // could have changed since the customer was on the last page. Remember, the web is completely stateless. Assume this // page was executed by ANYONE at ANYTIME (even someone trying to break the cart). // It could have been yesterday, or 1 second ago, and other customers could have purchased limitied inventory products, // coupons may no longer be valid, etc, etc, etc... // ----------------------------------------------------------------------------------------------- ThisCustomer.RequireCustomerRecord(); if (!ThisCustomer.IsRegistered) { bool boolAllowAnon = AppLogic.AppConfigBool("PasswordIsOptionalDuringCheckout"); if (!boolAllowAnon && ThisCustomer.PrimaryBillingAddressID > 0) { Address BillingAddress = new Address(); BillingAddress.LoadByCustomer(ThisCustomer.CustomerID, ThisCustomer.PrimaryBillingAddressID, AddressTypes.Billing); if (BillingAddress.PaymentMethodLastUsed == AppLogic.ro_PMPayPalExpress || BillingAddress.PaymentMethodLastUsed == AppLogic.ro_PMPayPalExpressMark) { boolAllowAnon = AppLogic.AppConfigBool("PayPal.Express.AllowAnonCheckout"); } } if (!boolAllowAnon) { Response.Redirect("createaccount.aspx?checkout=true"); } } if (ThisCustomer.PrimaryBillingAddressID == 0 || ThisCustomer.PrimaryShippingAddressID == 0) { err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("checkoutpayment.aspx.2", SkinID, ThisCustomer.LocaleSetting))); //checkout not allowed without primary shipping/billing addy Response.Redirect("shoppingcart.aspx?resetlinkback=1&errormsg=" + err.MessageId); } SectionTitle = AppLogic.GetString("checkoutshippingmult.aspx.1", SkinID, ThisCustomer.LocaleSetting); //shipping options cart.ValidProceedCheckout(); // will not come back from this if any issue. they are sent back to the cart page! GatewayCheckoutByAmazon.CheckoutByAmazon checkoutByAmazon = new GatewayCheckoutByAmazon.CheckoutByAmazon(); if (cart.IsAllDownloadComponents() || !Shipping.MultiShipEnabled() || cart.TotalQuantity() > AppLogic.MultiShipMaxNumItemsAllowed() || !cart.CartAllowsShippingMethodSelection || checkoutByAmazon.IsCheckingOut) { // not allowed then: err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("checkoutshippingmult.aspx.12", SkinID, ThisCustomer.LocaleSetting))); Response.Redirect("shoppingcart.aspx?resetlinkback=1&errormsg=" + err.MessageId); } CartItem FirstCartItem = (CartItem)cart.CartItems[0]; Address FirstItemShippingAddress = new Address(); FirstItemShippingAddress.LoadByCustomer(ThisCustomer.CustomerID, FirstCartItem.ShippingAddressID, AddressTypes.Shipping); if (FirstItemShippingAddress.AddressID == 0) { // not allowed here anymore! err = new ErrorMessage(Server.HtmlEncode(AppLogic.GetString("checkoutshippingmult.aspx.10", SkinID, ThisCustomer.LocaleSetting))); Response.Redirect("shoppingcart.aspx?errormsg=" + err.MessageId); } if (!IsPostBack && CommonLogic.FormCanBeDangerousContent("update") == "" && CommonLogic.FormCanBeDangerousContent("continue") == "" && CommonLogic.QueryStringCanBeDangerousContent("setallprimary") == "") { UpdatepageContent(); } if (CommonLogic.FormCanBeDangerousContent("update") != "" || CommonLogic.FormCanBeDangerousContent("continue") != "" || CommonLogic.QueryStringCanBeDangerousContent("setallprimary") != "") { ProcessCart(); } JSPopupRoutines.Text = AppLogic.GetJSPopupRoutines(); AppLogic.eventHandler("CheckoutShipping").CallEvent("&CheckoutShipping=true"); }
private void ProcessSignup() { if (Page.IsValid) { int AffiliateID = int.Parse(CommonLogic.IIF(CommonLogic.IsInteger(Profile.LATAffiliateID), Profile.LATAffiliateID, "0")); String ErrorMsg = String.Empty; String EMailField = EMail.Text.ToLowerInvariant().Trim(); bool Editing = false; if (Affiliate.EmailInUse(EMailField)) { ErrorMsg = "That email address has already been registered. Please use another email."; } if (ErrorMsg.Length == 0) { try { StringBuilder sql = new StringBuilder(2500); String Name = CommonLogic.FormCanBeDangerousContent("Name"); if (Name.Length == 0) { if (FirstName.Text.Length != 0) { Name = (FirstName.Text + " " + LastName.Text).Trim(); } else { Name = LastName.Text; } } if (!Editing) { // ok to add them: Password p = new Password(AffPassword.Text); object dob = null; if (Localization.ParseNativeDateTime(DateOfBirth.Text) != DateTime.MinValue) { dob = Localization.ParseNativeDateTime(DateOfBirth.Text); } // ok to add them: Affiliate a = Affiliate.CreateAffiliate(CommonLogic.Left(EMailField, 100), p.SaltedPassword, dob, null, "", false, CommonLogic.Left(FirstName.Text, 50), CommonLogic.Left(LastName.Text, 50), CommonLogic.Left(Name, 100), CommonLogic.Left(Company.Text, 50), Address1.Text.Replace("\x0D\x0A", ""), Address2.Text.Replace("\x0D\x0A", ""), Suite.Text, City.Text, State.Text, Zip.Text, Country.Text, Phone.Text, WebSiteName.Text, WebSiteDescription.Text, CommonLogic.Left(URL.Text, 80), (CommonLogic.FormCanBeDangerousContent("TrackingOnly") == "1"), 1, 0, 1, null, null, null, null, null, null, null, false, p.Salt); AffiliateID = a.AffiliateID; if (a != null) { Editing = true; lblErrorMsg.Visible = false; } else { Editing = false; lblErrorMsg.Text = "Unable to create affiliate."; lblErrorMsg.Visible = true; } } else { // ok to update: sql.Append("update Affiliate set "); sql.Append("EMail=" + CommonLogic.SQuote(CommonLogic.Left(EMailField, 100)) + ","); if (AffPassword.Text.Trim().Length != 0) { Password p = new Password(AffPassword.Text); sql.Append("Password="******","); sql.Append("SaltKey=" + p.Salt.ToString() + ","); } sql.Append("IsOnline=" + CommonLogic.IIF(URL.Text.Length == 0, "0", "1") + ","); sql.Append("FirstName=" + CommonLogic.SQuote(CommonLogic.Left(FirstName.Text, 50)) + ","); sql.Append("LastName=" + CommonLogic.SQuote(CommonLogic.Left(LastName.Text, 50)) + ","); sql.Append("Name=" + CommonLogic.SQuote(CommonLogic.Left(Name, 100)) + ","); if (DateOfBirth.Text.Length != 0) { sql.Append("DateOfBirth=" + CommonLogic.SQuote(DateOfBirth.Text) + ","); } if (Company.Text.Length != 0) { sql.Append("Company=" + CommonLogic.SQuote(Company.Text) + ","); } else { sql.Append("Company=NULL,"); } if (Address1.Text.Length != 0) { sql.Append("Address1=" + CommonLogic.SQuote(Address1.Text.Replace("\x0D\x0A", "")) + ","); } else { sql.Append("Address1=NULL,"); } if (Address2.Text.Length != 0) { sql.Append("Address2=" + CommonLogic.SQuote(Address2.Text.Replace("\x0D\x0A", "")) + ","); } else { sql.Append("Address2=NULL,"); } if (Suite.Text.Length != 0) { sql.Append("Suite=" + CommonLogic.SQuote(Suite.Text) + ","); } else { sql.Append("Suite=NULL,"); } if (City.Text.Length != 0) { sql.Append("City=" + CommonLogic.SQuote(City.Text) + ","); } else { sql.Append("City=NULL,"); } if (State.SelectedValue.Length != 0) { sql.Append("State=" + CommonLogic.SQuote(State.SelectedValue) + ","); } else { sql.Append("State=NULL,"); } if (Zip.Text.Length != 0) { sql.Append("Zip=" + CommonLogic.SQuote(Zip.Text) + ","); } else { sql.Append("Zip=NULL,"); } if (Country.SelectedValue.Length != 0) { sql.Append("Country=" + CommonLogic.SQuote(Country.SelectedValue) + ","); } else { sql.Append("Country=NULL,"); } if (Phone.Text.Length != 0) { sql.Append("Phone=" + CommonLogic.SQuote(AppLogic.MakeProperPhoneFormat(Phone.Text)) + ","); } else { sql.Append("Phone=NULL,"); } if (WebSiteName.Text.Length != 0) { sql.Append("WebSiteName=" + CommonLogic.SQuote(WebSiteName.Text) + ","); } else { sql.Append("WebSiteName=NULL,"); } if (WebSiteDescription.Text.Length != 0) { sql.Append("WebSiteDescription=" + CommonLogic.SQuote(WebSiteDescription.Text) + ","); } else { sql.Append("WebSiteDescription=NULL,"); } if (URL.Text.Length != 0) { String theUrl2 = CommonLogic.Left(URL.Text, 80); if (theUrl2.IndexOf("http://") == -1 && theUrl2.Length != 0) { theUrl2 = "http://" + theUrl2; } if (theUrl2.Length != 0) { sql.Append("URL=" + CommonLogic.SQuote(theUrl2)); } else { sql.Append("URL=NULL"); } } else { sql.Append("URL=NULL"); } sql.Append(" where AffiliateID=" + AffiliateID.ToString()); DB.ExecuteSQL(sql.ToString()); Editing = true; } } catch { lblErrorMsg.Text = "<p><b>ERROR: There was an unknown error in adding your new account record. Please <a href=\"contactus.aspx\">contact a service representative</a> for assistance.</b></p>"; } } Profile.LATAffiliateID = AffiliateID.ToString(); lblErrorMsg.Text = ErrorMsg; if (lblErrorMsg.Text.Length == 0) { pnlSignedInMsg.Visible = false; pnlSignUpForm.Visible = false; pnlBeforeSignup.Visible = false; pnlAfterSignup.Visible = true; try { // send admin notification: String FormContents = String.Empty; for (int i = 0; i <= Request.Form.Count - 1; i++) { if (!Request.Form.Keys[i].StartsWith("__")) { FormContents += "<b>" + Request.Form.Keys[i] + "</b>=" + Request.Form[Request.Form.Keys[i]] + ""; } } AppLogic.SendMail("" + AppLogic.GetString("AppConfig.AffiliateProgramName", SkinID, ThisCustomer.LocaleSetting) + " New Member Notification", FormContents, true, AppLogic.AppConfig("MailMe_FromAddress"), AppLogic.AppConfig("MailMe_FromName"), AppLogic.AppConfig("AffiliateEMailAddress"), AppLogic.AppConfig("AffiliateEMailAddress"), AppLogic.AppConfig("MailMe_FromAddress"), AppLogic.MailServer()); } catch { } lblSignupSuccess.Text = "CONGRATULATIONS AND WELCOME TO THE " + AppLogic.GetString("AppConfig.AffiliateProgramName", SkinID, ThisCustomer.LocaleSetting).ToUpperInvariant() + " PROGRAM!Your sign-up was successful.<a href=\"lat_account.aspx\">Click here</a> to go to your " + AppLogic.GetString("AppConfig.AffiliateProgramName", SkinID, ThisCustomer.LocaleSetting) + " Account Page."; pnlSignupSuccess.Visible = true; } } else { lblErrorMsg.Text += " Some errors occurred trying to create your affiliate account. Please correct them and try again."; } GetJavaScriptFunctions(); }