---------------------------------------------------------------------------------------*/ require_once DIR_FS_INC . 'xtc_get_order_data.inc.php'; require_once DIR_FS_INC . 'xtc_get_attributes_model.inc.php'; // check if customer is allowed to send this order! $order_query_check = xtc_db_query("SELECT customers_id\n FROM " . TABLE_ORDERS . "\n WHERE orders_id='" . $insert_id . "'"); $order_check = xtc_db_fetch_array($order_query_check); //BOF - web28 - 2010-03-20 - Send Order by Admin //if ($_SESSION['customer_id'] == $order_check['customers_id'] ) { if ($_SESSION['customer_id'] == $order_check['customers_id'] || $send_by_admin) { //EOF - web28 - 2010-03-20 - Send Order by Admin $order = new order($insert_id); // BOF - Tomcraft - 2009-10-03 - Paypal Express Modul if (isset($_SESSION['paypal_express_new_customer']) && $_SESSION['paypal_express_new_customer'] == 'true' && isset($_SESSION['ACCOUNT_PASSWORD']) && $_SESSION['ACCOUNT_PASSWORD'] == 'true') { require_once DIR_FS_INC . 'xtc_create_password.inc.php'; require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php'; $password_encrypted = xtc_RandomString(10); $password = xtc_encrypt_password($password_encrypted); xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $smarty->assign('NEW_PASSWORD', $password_encrypted); } // EOF - Tomcraft - 2009-10-03 - Paypal Express Modul //BOF - web28 - 2010-03-20 - Send Order by Admin if (isset($send_by_admin)) { //DokuMan - 2010-09-18 - Undefined variable: send_by_admin $xtPrice = new xtcPrice($order->info['currency'], $order->info['status']); } //EOF - web28 - 2010-03-20 - Send Order by Admin $smarty->assign('address_label_customer', xtc_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />')); $smarty->assign('address_label_shipping', xtc_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />')); $smarty->assign('address_label_payment', xtc_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />')); $smarty->assign('csID', $order->customer['csID']);
function xtc_create_password($length) { $pass = xtc_RandomString($length); //DokuMan - 2011-02-10 - corrected typo $lenght -> $length return md5($pass); }
function CustomersUpdate() { global $_POST, $Lang_folder; $customers_id = -1; // include PW function require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php'; if (isset($_POST['cID'])) { $customers_id = xtc_db_prepare_input($_POST['cID']); } // security check, if user = admin, dont allow to perform changes if ($customers_id != -1) { $sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'"); $sec_data = xtc_db_fetch_array($sec_query); if ($sec_data['customers_status'] == 0) { print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', ''); return; } } $sql_customers_data_array = array(); if (isset($_POST['customers_cid'])) { $sql_customers_data_array['customers_cid'] = $_POST['customers_cid']; } if (isset($_POST['customers_firstname'])) { $sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname']; } if (isset($_POST['customers_lastname'])) { $sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname']; } if (isset($_POST['customers_dob'])) { $sql_customers_data_array['customers_dob'] = $_POST['customers_dob']; } if (isset($_POST['customers_email'])) { $sql_customers_data_array['customers_email_address'] = $_POST['customers_email']; } if (isset($_POST['customers_tele'])) { $sql_customers_data_array['customers_telephone'] = $_POST['customers_tele']; } if (isset($_POST['customers_fax'])) { $sql_customers_data_array['customers_fax'] = $_POST['customers_fax']; } if (isset($_POST['customers_gender'])) { $sql_customers_data_array['customers_gender'] = $_POST['customers_gender']; } if (file_exists('cao_custupd_1.php')) { include 'cao_custupd_1.php'; } if (isset($_POST['customers_password'])) { $sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']); } $sql_address_data_array = array(); if (isset($_POST['customers_firstname'])) { $sql_address_data_array['entry_firstname'] = $_POST['customers_firstname']; } if (isset($_POST['customers_lastname'])) { $sql_address_data_array['entry_lastname'] = $_POST['customers_lastname']; } if (isset($_POST['customers_company'])) { $sql_address_data_array['entry_company'] = $_POST['customers_company']; } if (isset($_POST['customers_street'])) { $sql_address_data_array['entry_street_address'] = $_POST['customers_street']; } if (isset($_POST['customers_city'])) { $sql_address_data_array['entry_city'] = $_POST['customers_city']; } if (isset($_POST['customers_postcode'])) { $sql_address_data_array['entry_postcode'] = $_POST['customers_postcode']; } if (isset($_POST['customers_gender'])) { $sql_address_data_array['entry_gender'] = $_POST['customers_gender']; } if (isset($_POST['customers_country_id'])) { $country_code = $_POST['customers_country_id']; } $country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1"; $country_result = xtc_db_query($country_query); $row = xtc_db_fetch_array($country_result); $sql_address_data_array['entry_country_id'] = $row['countries_id']; $count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1"); $check = xtc_db_fetch_array($count_query); if ($check['count'] > 0) { $mode = 'UPDATE'; $address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1"); $customer = xtc_db_fetch_array($address_book_result); xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1"); xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1"); xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1"); } else { $mode = 'APPEND'; if (strlen($_POST['customers_password']) == 0) { // generate PW if empty $pw = xtc_RandomString(8); $sql_customers_data_array['customers_password'] = xtc_create_password($pw); } else { $pw = $_POST['customers_password']; } xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array); $customers_id = xtc_db_insert_id(); $sql_address_data_array['customers_id'] = $customers_id; xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array); $address_id = xtc_db_insert_id(); xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'"); //JP20080401 if (!isset($_POST['customers_price_level'])) { xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'"); } xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())"); } if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') { // generate mail for customer if customer=new require_once DIR_WS_CLASSES . 'class.phpmailer.php'; require_once DIR_FS_INC . 'xtc_php_mail.inc.php'; require_once DIR_FS_INC . 'xtc_add_tax.inc.php'; require_once DIR_FS_INC . 'xtc_not_null.inc.php'; require_once DIR_FS_INC . 'xtc_href_link.inc.php'; require_once DIR_FS_INC . 'xtc_date_long.inc.php'; require_once DIR_FS_INC . 'xtc_check_agent.inc.php'; require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php'; //JP 20080102 $smarty = new Smarty(); //$smarty->assign('language', $check_status['language']); $smarty->assign('language', $Lang_folder); $smarty->caching = false; $smarty->template_dir = DIR_FS_CATALOG . 'templates'; $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c'; $smarty->config_dir = DIR_FS_CATALOG . 'lang'; //BOF - GTB - 2010-08-03 - Security Fix - Base $smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/'); //$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/'); //EOF - GTB - 2010-08-03 - Security Fix - Base $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/'); $smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']); $smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']); $smarty->assign('PASSWORD', $pw); //$smarty->assign('language', $Lang_folder); $smarty->assign('content', $module_content); $smarty->caching = false; $html_mail = $smarty->fetch('db:create_account_mail_admin.html'); $txt_mail = $smarty->fetch('db:create_account_mail_admin.txt'); // send mail with html/txt template xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail); } print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id); }
$entry_street_address = xtc_db_prepare_input($_POST['entry_street_address']); $entry_suburb = xtc_db_prepare_input($_POST['entry_suburb']); $entry_postcode = xtc_db_prepare_input($_POST['entry_postcode']); $entry_city = xtc_db_prepare_input($_POST['entry_city']); $entry_country_id = xtc_db_prepare_input($_POST['entry_country_id']); $entry_company = xtc_db_prepare_input($_POST['entry_company']); $entry_state = xtc_db_prepare_input($_POST['entry_state']); $entry_zone_id = xtc_db_prepare_input($_POST['entry_zone_id']); $customers_send_mail = xtc_db_prepare_input($_POST['customers_mail']); $customers_password_encrypted = xtc_db_prepare_input($_POST['entry_password']); $customers_password = xtc_encrypt_password($customers_password_encrypted); $customers_mail_comments = xtc_db_prepare_input($_POST['mail_comments']); $payment_unallowed = xtc_db_prepare_input($_POST['payment_unallowed']); $shipping_unallowed = xtc_db_prepare_input($_POST['shipping_unallowed']); if ($customers_password == '') { $customers_password_encrypted = xtc_RandomString(8); $customers_password = xtc_encrypt_password($customers_password_encrypted); } $error = false; // reset error flag if (ACCOUNT_GENDER == 'true') { if ($customers_gender != 'm' && $customers_gender != 'f') { $error = true; $entry_gender_error = true; } else { $entry_gender_error = false; } } if (strlen($customers_password) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $entry_password_error = true;