---------------------------------------------------------------------------------------*/
require_once DIR_FS_INC . 'xtc_get_order_data.inc.php';
require_once DIR_FS_INC . 'xtc_get_attributes_model.inc.php';
// check if customer is allowed to send this order!
$order_query_check = xtc_db_query("SELECT customers_id\n FROM " . TABLE_ORDERS . "\n WHERE orders_id='" . $insert_id . "'");
$order_check = xtc_db_fetch_array($order_query_check);
//BOF - web28 - 2010-03-20 - Send Order by Admin
//if ($_SESSION['customer_id'] == $order_check['customers_id'] ) {
if ($_SESSION['customer_id'] == $order_check['customers_id'] || $send_by_admin) {
//EOF - web28 - 2010-03-20 - Send Order by Admin
$order = new order($insert_id);
// BOF - Tomcraft - 2009-10-03 - Paypal Express Modul
if (isset($_SESSION['paypal_express_new_customer']) && $_SESSION['paypal_express_new_customer'] == 'true' && isset($_SESSION['ACCOUNT_PASSWORD']) && $_SESSION['ACCOUNT_PASSWORD'] == 'true') {
require_once DIR_FS_INC . 'xtc_create_password.inc.php';
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
$password_encrypted = xtc_RandomString(10);
$password = xtc_encrypt_password($password_encrypted);
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$smarty->assign('NEW_PASSWORD', $password_encrypted);
}
// EOF - Tomcraft - 2009-10-03 - Paypal Express Modul
//BOF - web28 - 2010-03-20 - Send Order by Admin
if (isset($send_by_admin)) {
//DokuMan - 2010-09-18 - Undefined variable: send_by_admin
$xtPrice = new xtcPrice($order->info['currency'], $order->info['status']);
}
//EOF - web28 - 2010-03-20 - Send Order by Admin
$smarty->assign('address_label_customer', xtc_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'));
$smarty->assign('address_label_shipping', xtc_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'));
$smarty->assign('address_label_payment', xtc_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'));
$smarty->assign('csID', $order->customer['csID']);
function xtc_create_password($length)
{
$pass = xtc_RandomString($length);
//DokuMan - 2011-02-10 - corrected typo $lenght -> $length
return md5($pass);
}
function CustomersUpdate()
{
global $_POST, $Lang_folder;
$customers_id = -1;
// include PW function
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
if (isset($_POST['cID'])) {
$customers_id = xtc_db_prepare_input($_POST['cID']);
}
// security check, if user = admin, dont allow to perform changes
if ($customers_id != -1) {
$sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'");
$sec_data = xtc_db_fetch_array($sec_query);
if ($sec_data['customers_status'] == 0) {
print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', '');
return;
}
}
$sql_customers_data_array = array();
if (isset($_POST['customers_cid'])) {
$sql_customers_data_array['customers_cid'] = $_POST['customers_cid'];
}
if (isset($_POST['customers_firstname'])) {
$sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_dob'])) {
$sql_customers_data_array['customers_dob'] = $_POST['customers_dob'];
}
if (isset($_POST['customers_email'])) {
$sql_customers_data_array['customers_email_address'] = $_POST['customers_email'];
}
if (isset($_POST['customers_tele'])) {
$sql_customers_data_array['customers_telephone'] = $_POST['customers_tele'];
}
if (isset($_POST['customers_fax'])) {
$sql_customers_data_array['customers_fax'] = $_POST['customers_fax'];
}
if (isset($_POST['customers_gender'])) {
$sql_customers_data_array['customers_gender'] = $_POST['customers_gender'];
}
if (file_exists('cao_custupd_1.php')) {
include 'cao_custupd_1.php';
}
if (isset($_POST['customers_password'])) {
$sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']);
}
$sql_address_data_array = array();
if (isset($_POST['customers_firstname'])) {
$sql_address_data_array['entry_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_address_data_array['entry_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_company'])) {
$sql_address_data_array['entry_company'] = $_POST['customers_company'];
}
if (isset($_POST['customers_street'])) {
$sql_address_data_array['entry_street_address'] = $_POST['customers_street'];
}
if (isset($_POST['customers_city'])) {
$sql_address_data_array['entry_city'] = $_POST['customers_city'];
}
if (isset($_POST['customers_postcode'])) {
$sql_address_data_array['entry_postcode'] = $_POST['customers_postcode'];
}
if (isset($_POST['customers_gender'])) {
$sql_address_data_array['entry_gender'] = $_POST['customers_gender'];
}
if (isset($_POST['customers_country_id'])) {
$country_code = $_POST['customers_country_id'];
}
$country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1";
$country_result = xtc_db_query($country_query);
$row = xtc_db_fetch_array($country_result);
$sql_address_data_array['entry_country_id'] = $row['countries_id'];
$count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1");
$check = xtc_db_fetch_array($count_query);
if ($check['count'] > 0) {
$mode = 'UPDATE';
$address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1");
$customer = xtc_db_fetch_array($address_book_result);
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1");
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1");
xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1");
} else {
$mode = 'APPEND';
if (strlen($_POST['customers_password']) == 0) {
// generate PW if empty
$pw = xtc_RandomString(8);
$sql_customers_data_array['customers_password'] = xtc_create_password($pw);
} else {
$pw = $_POST['customers_password'];
}
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array);
$customers_id = xtc_db_insert_id();
$sql_address_data_array['customers_id'] = $customers_id;
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array);
$address_id = xtc_db_insert_id();
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'");
//JP20080401
if (!isset($_POST['customers_price_level'])) {
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'");
}
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())");
}
if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') {
// generate mail for customer if customer=new
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
require_once DIR_FS_INC . 'xtc_add_tax.inc.php';
require_once DIR_FS_INC . 'xtc_not_null.inc.php';
require_once DIR_FS_INC . 'xtc_href_link.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
require_once DIR_FS_INC . 'xtc_check_agent.inc.php';
require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php';
//JP 20080102
$smarty = new Smarty();
//$smarty->assign('language', $check_status['language']);
$smarty->assign('language', $Lang_folder);
$smarty->caching = false;
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
//BOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/');
//$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/');
//EOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']);
$smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']);
$smarty->assign('PASSWORD', $pw);
//$smarty->assign('language', $Lang_folder);
$smarty->assign('content', $module_content);
$smarty->caching = false;
$html_mail = $smarty->fetch('db:create_account_mail_admin.html');
$txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
// send mail with html/txt template
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
}
print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id);
}
$entry_street_address = xtc_db_prepare_input($_POST['entry_street_address']);
$entry_suburb = xtc_db_prepare_input($_POST['entry_suburb']);
$entry_postcode = xtc_db_prepare_input($_POST['entry_postcode']);
$entry_city = xtc_db_prepare_input($_POST['entry_city']);
$entry_country_id = xtc_db_prepare_input($_POST['entry_country_id']);
$entry_company = xtc_db_prepare_input($_POST['entry_company']);
$entry_state = xtc_db_prepare_input($_POST['entry_state']);
$entry_zone_id = xtc_db_prepare_input($_POST['entry_zone_id']);
$customers_send_mail = xtc_db_prepare_input($_POST['customers_mail']);
$customers_password_encrypted = xtc_db_prepare_input($_POST['entry_password']);
$customers_password = xtc_encrypt_password($customers_password_encrypted);
$customers_mail_comments = xtc_db_prepare_input($_POST['mail_comments']);
$payment_unallowed = xtc_db_prepare_input($_POST['payment_unallowed']);
$shipping_unallowed = xtc_db_prepare_input($_POST['shipping_unallowed']);
if ($customers_password == '') {
$customers_password_encrypted = xtc_RandomString(8);
$customers_password = xtc_encrypt_password($customers_password_encrypted);
}
$error = false;
// reset error flag
if (ACCOUNT_GENDER == 'true') {
if ($customers_gender != 'm' && $customers_gender != 'f') {
$error = true;
$entry_gender_error = true;
} else {
$entry_gender_error = false;
}
}
if (strlen($customers_password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$entry_password_error = true;
