-----------------------------------------------------------------------------------------
   based on:
   (c) 2006 XT-Commerce

   Released under the GNU General Public License
   ---------------------------------------------------------------------------------------*/
//included by shop_content.php
//use contact_us.php language file
require_once DIR_WS_LANGUAGES . $_SESSION['language'] . '/contact_us.php';
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'send') {
    //BOF - web28 - 2010-04-03 - New error handling for required fileds
    //jedes Feld kann hier auf die gew�nschte Bedingung getestet und eine Fehlermeldung zugeordnet werden
    //BOF error handling
    $err_msg = '';
    if (!xtc_validate_email(trim($_POST['email']))) {
        $err_msg .= ERROR_EMAIL;
    }
    if (!empty($_POST['email2_FT7ughj521dfdf'])) {
        $err_msg .= ERROR_HONEYPOT;
    }
    if (trim($_POST['message_body']) == '') {
        $err_msg .= ERROR_MSG_BODY;
    }
    if (CONTACT_FORM_CONSENT == 'true') {
        if (!isset($_POST['checkbox'])) {
            $err_msg .= ERROR_CHECKBOX;
        }
    }
    //EOF error handling
    $smarty->assign('error_message', ERROR_MAIL . $err_msg);
             break;
     }
     // EOF - Dokuman - 2011-09-13 - display correct error code of VAT ID check
     if ($vatID->vat_info['error'] == 1) {
         $entry_vat_error = true;
         $error = true;
     }
 }
 // New VAT CHECK END
 if (strlen($customers_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
     $error = true;
     $entry_email_address_error = true;
 } else {
     $entry_email_address_error = false;
 }
 if (!xtc_validate_email($customers_email_address)) {
     $error = true;
     $entry_email_address_check_error = true;
 } else {
     $entry_email_address_check_error = false;
 }
 if (strlen($entry_street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
     $error = true;
     $entry_street_address_error = true;
 } else {
     $entry_street_address_error = false;
 }
 if (strlen($entry_postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
     $error = true;
     $entry_post_code_error = true;
 } else {
 function pre_confirmation_check()
 {
     if (@$_POST['banktransfer_fax'] == false && @$_POST['recheckok'] != 'true') {
         include DIR_WS_CLASSES . 'banktransfer_validation.php';
         // iban / classic?
         $number = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['banktransfer_number']);
         if (ctype_digit($number) && MODULE_PAYMENT_BANKTRANSFER_IBAN_ONLY == 'false') {
             // classic
             $banktransfer_validation = new AccountCheck();
             $banktransfer_result = $banktransfer_validation->CheckAccount($number, $_POST['banktransfer_blz']);
             // some error codes <> 0/OK pass as OK
             if ($banktransfer_validation->account_acceptable($banktransfer_result)) {
                 $banktransfer_result = 0;
             }
         } else {
             // iban
             $banktransfer_validation = new IbanAccountCheck();
             $banktransfer_result = $banktransfer_validation->IbanCheckAccount($number, $_POST['banktransfer_blz']);
             // some error codes <> 0/OK pass as OK
             if ($banktransfer_validation->account_acceptable($banktransfer_result)) {
                 $banktransfer_result = 0;
             }
             // owner email ?
             if ($banktransfer_result == 0 && isset($_POST['banktransfer_owner_email'])) {
                 require_once DIR_FS_INC . 'xtc_validate_email.inc.php';
                 if (!xtc_validate_email($_POST['banktransfer_owner_email'])) {
                     $banktransfer_result = 13;
                 }
             }
             // iban country allowed in payment zone?
             if ($banktransfer_result == 0 && (int) MODULE_PAYMENT_BANKTRANSFER_ZONE > 0) {
                 $check_query = xtc_db_query("SELECT DISTINCT z.geo_zone_id \n                                                    FROM " . TABLE_ZONES_TO_GEO_ZONES . " z\n                                                    JOIN " . TABLE_COUNTRIES . " c on c.countries_id = z.zone_country_id\n                                                   WHERE z.geo_zone_id = " . MODULE_PAYMENT_BANKTRANSFER_ZONE . "\n                                                     AND c.countries_iso_code_2 = '" . $banktransfer_validation->IBAN_country . "'");
                 if (xtc_db_num_rows($check_query) == 0) {
                     $banktransfer_result = 14;
                 }
             }
             // map return codes. refine where necessary
             // iban not ok
             if (in_array($banktransfer_result, array(1000, 1010, 1020, 1030, 1040))) {
                 $banktransfer_result = 12;
             } else {
                 if (in_array($banktransfer_result, array(1050, 1060, 1070, 1080))) {
                     $banktransfer_result = 11;
                 } else {
                     if ($banktransfer_result > 2000) {
                         $banktransfer_result -= 2000;
                     }
                 }
             }
         }
         if (!empty($banktransfer_validation->Bankname)) {
             $this->banktransfer_bankname = $banktransfer_validation->Bankname;
         } else {
             $this->banktransfer_bankname = xtc_db_prepare_input($_POST['banktransfer_bankname']);
         }
         if (isset($_POST['banktransfer_owner']) && $_POST['banktransfer_owner'] == '') {
             $banktransfer_result = 10;
         }
         switch ($banktransfer_result) {
             case 0:
                 // payment o.k.
                 $error = 'O.K.';
                 $recheckok = 'false';
                 break;
             case 1:
                 // number & blz not ok
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_1;
                 $recheckok = 'false';
                 break;
             case 2:
                 // account number has no calculation method
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_2;
                 $recheckok = 'true';
                 break;
             case 3:
                 // No calculation method implemented
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_3;
                 $recheckok = 'true';
                 break;
             case 4:
                 // Number cannot be checked
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_4;
                 $recheckok = 'true';
                 break;
             case 5:
                 // BLZ not found
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_5;
                 $recheckok = 'false';
                 // Set "true" if you have not the latest BLZ table!
                 break;
             case 8:
                 // no BLZ entered
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_8;
                 $recheckok = 'false';
                 break;
             case 9:
                 // no number entered
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_9;
                 $recheckok = 'false';
                 break;
             case 10:
                 // no account holder entered
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_10;
                 $recheckok = 'false';
                 break;
             case 11:
                 // no bic entered
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_11;
                 $recheckok = 'false';
                 break;
             case 12:
                 // iban not o.k.
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_12;
                 $recheckok = 'false';
                 break;
             case 13:
                 // no account holder notification email entered
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_13;
                 $recheckok = 'false';
                 break;
             case 14:
                 // iban country not allowed in payment zone
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_14;
                 $recheckok = 'false';
                 break;
             case 128:
                 // Internal error
                 $error = 'Internal error, please check again to process your payment';
                 $recheckok = 'true';
                 break;
             default:
                 $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_4;
                 $recheckok = 'true';
                 break;
         }
         if ($banktransfer_result > 0 && $_POST['recheckok'] != 'true') {
             $payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error) . '&banktransfer_owner=' . urlencode($_POST['banktransfer_owner']) . '&banktransfer_number=' . urlencode($_POST['banktransfer_number']) . '&banktransfer_blz=' . urlencode($_POST['banktransfer_blz']) . '&banktransfer_bankname=' . urlencode($_POST['banktransfer_bankname']) . '&banktransfer_owner_email=' . urlencode($_POST['banktransfer_owner_email']) . '&recheckok=' . $recheckok;
             xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false));
         }
         $this->iban_mode = $banktransfer_validation->checkmode == 'iban';
         $this->banktransfer_owner = xtc_db_prepare_input($_POST['banktransfer_owner']);
         $this->banktransfer_owner_email = xtc_db_prepare_input($_POST['banktransfer_owner_email']);
         $this->banktransfer_iban = $banktransfer_validation->banktransfer_iban;
         $this->banktransfer_bic = $banktransfer_validation->banktransfer_bic;
         $this->banktransfer_number = $banktransfer_validation->banktransfer_number;
         $this->banktransfer_blz = $banktransfer_validation->banktransfer_blz;
         $this->banktransfer_prz = $banktransfer_validation->PRZ;
         $this->banktransfer_status = $banktransfer_result;
     }
 }
        }
    }
    //BOF - DokuMan - 2012-05-31 - show warning if PayPal payment module activated, but not configured for live mode yet
    if (strpos($check['configuration_value'], 'paypal') !== false && defined('PAYPAL_API_USER') && PAYPAL_API_USER == '') {
        $warnings[] = '<p>' . sprintf(TEXT_PAYPAL_CONFIG, xtc_href_link(FILENAME_CONFIGURATION, 'gID=111125')) . '</p>';
    }
    //EOF - DokuMan - 2012-05-31 - show warning if PayPal payment module activated, but not configured for live mode yet
}
/*******************************************************************************
 ** Email adress check:
 ******************************************************************************/
$check = array();
$emails = array('STORE_OWNER_EMAIL_ADDRESS', 'EMAIL_BILLING_ADDRESS', 'EMAIL_BILLING_REPLY_ADDRESS', 'CONTACT_US_EMAIL_ADDRESS', 'EMAIL_SUPPORT_ADDRESS');
foreach ($emails as $name) {
    $email = constant($name);
    if (empty($email) or !xtc_validate_email($email)) {
        include DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/configuration.php';
        $checks[] = sprintf(ERROR_EMAIL_CHECK_INFO, constant($name . '_TITLE'), $email);
    }
}
if (!empty($check)) {
    $warnings[] = ERROR_EMAIL_CHECK . '<ul><li>' . implode('</li><li>', $check) . '</li></ul>';
}
/** ----------------------------------------------------------------------------
 ** Check for enabled FILE options on MySQL database - possible injection
 ** ------------------------------------------------------------------------- */
/* //for further use
$sql = '-- admin/includes/modules/security_check FILE perms
  show grants';
$stmt = xtc_db_query($sql);
while ($row = xtc_db_fetch_array($stmt)) {
                    xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($_POST['email']), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail);
                }
            } else {
                $info_message = TEXT_EMAIL_EXIST_NEWSLETTER;
            }
        }
    } else {
        //BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
        //$info_message = TEXT_WRONG_CODE;
        if (!xtc_validate_email(trim($_POST['email']))) {
            $info_message .= ERROR_EMAIL;
        }
        //EOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
    }
    //BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
    if (xtc_validate_email(trim($_POST['email'])) && isset($_POST['delete'])) {
        //EOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING
        $check_mail_query = xtc_db_query("select customers_email_address from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address = '" . xtc_db_input($_POST['email']) . "'");
        if (!xtc_db_num_rows($check_mail_query)) {
            $info_message = TEXT_EMAIL_NOT_EXIST;
        } else {
            $del_query = xtc_db_query("delete from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address ='" . xtc_db_input($_POST['email']) . "'");
            $info_message = TEXT_EMAIL_DEL;
        }
    }
}
// Accountaktivierung per Emaillink
if (isset($_GET['action']) && $_GET['action'] == 'activate') {
    $check_mail_query = xtc_db_query("select mail_key from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address = '" . xtc_db_input($_GET['email']) . "'");
    if (!xtc_db_num_rows($check_mail_query)) {
        $info_message = TEXT_EMAIL_NOT_EXIST;
 // New VAT Check
 if (ACCOUNT_COMPANY_VAT_CHECK == 'true') {
     require_once DIR_WS_CLASSES . 'vat_validation.php';
     $vatID = new vat_validation($vat, '', '', $country, true);
     $customers_status = $vatID->vat_info['status'];
     $customers_vat_id_status = isset($vatID->vat_info['vat_id_status']) ? $vatID->vat_info['vat_id_status'] : '';
     if (isset($vatID->vat_info['error']) && $vatID->vat_info['error'] == 1) {
         $messageStack->add('create_account', ENTRY_VAT_ERROR);
         $error = true;
     }
 }
 // email check
 if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
     $error = true;
     $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR);
 } elseif (xtc_validate_email($email_address) == false) {
     $error = true;
     $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
 } elseif ($email_address != $confirm_email_address) {
     $error = true;
     $messageStack->add('create_account', ENTRY_EMAIL_ERROR_NOT_MATCHING);
 }
 if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
     $error = true;
     $messageStack->add('create_account', ENTRY_STREET_ADDRESS_ERROR);
 }
 if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
     $error = true;
     $messageStack->add('create_account', ENTRY_POST_CODE_ERROR);
 }
 if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
 $city = xtc_db_prepare_input($_POST['CITY']);
 $country = xtc_db_prepare_input($_POST['COUNTRY']);
 $telephone_number = xtc_db_prepare_input($_POST['TELEPHONE']);
 $error = false;
 if (strlen($store_name) < '3') {
     $error = true;
     $messageStack->add('install_shopinfo_step', ENTRY_STORE_NAME_ERROR);
 }
 if (strlen($company) < '2') {
     $error = true;
     $messageStack->add('install_shopinfo_step', ENTRY_COMPANY_NAME_ERROR);
 }
 if (strlen($email_from) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
     $error = true;
     $messageStack->add('install_shopinfo_step', ENTRY_EMAIL_ADDRESS_FROM_ERROR);
 } elseif (xtc_validate_email($email_from) == false) {
     $error = true;
     $messageStack->add('install_shopinfo_step', ENTRY_EMAIL_ADDRESS_FROM_CHECK_ERROR);
 }
 if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
     $error = true;
     $messageStack->add('install_shopinfo_step', ENTRY_POST_CODE_ERROR);
 }
 if (strlen($street_address) < '3') {
     $error = true;
     $messageStack->add('install_shopinfo_step', ENTRY_STREET_ADDRESS_ERROR);
 }
 if (strlen($telephone_number) < '6') {
     $error = true;
     $messageStack->add('install_shopinfo_step', ENTRY_TELEPHONE_NUMBER_ERROR);
 }
 }
 if (ACCOUNT_DOB == 'true') {
     if (checkdate(substr(xtc_date_raw($a_dob), 4, 2), substr(xtc_date_raw($a_dob), 6, 2), substr(xtc_date_raw($a_dob), 0, 4))) {
         $entry_date_of_birth_error = false;
     } else {
         $error = true;
         $entry_date_of_birth_error = true;
     }
 }
 if (strlen($a_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
     $error = true;
     $entry_email_address_error = true;
 } else {
     $entry_email_address_error = false;
 }
 if (!xtc_validate_email($a_email_address)) {
     $error = true;
     $entry_email_address_check_error = true;
 } else {
     $entry_email_address_check_error = false;
 }
 if (strlen($a_street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
     $error = true;
     $entry_street_address_error = true;
 } else {
     $entry_street_address_error = false;
 }
 if (strlen($a_postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
     $error = true;
     $entry_post_code_error = true;
 } else {
 } elseif ($_GET['action'] == 'save') {
     $url_action = 'edit';
     $check_if_name_exist = xtc_db_find_database_field(TABLE_WHOLESALERS, 'wholesaler_name', $wholesaler_name);
 }
 if (!$wholesaler_name || $check_if_name_exist) {
     if ($_GET['action'] == 'save') {
         if ($check_if_name_exist['wholesaler_id'] != $wholesaler_id) {
             $error[] = ERROR_TEXT_NAME;
         }
     } else {
         $error[] = ERROR_TEXT_NAME;
     }
 }
 if (!$wholesaler_email) {
     $error[] = ERROR_TEXT_EMAIL;
 } elseif (!xtc_validate_email($wholesaler_email)) {
     $error[] = ERROR_TEXT_EMAIL_INVALID;
 }
 if (!$wholesaler_file) {
     $error[] = ERROR_TEXT_FILE;
 }
 if (empty($error)) {
     if ($_GET['action'] == 'insert') {
         xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array);
         $wholesaler_id = xtc_db_insert_id();
         // BOF - Mail Manager Template
         xtc_db_query("INSERT INTO email_manager (em_name, em_language, em_body, em_delete, em_type, em_body_txt) VALUES\r\n('" . $wholesaler_file . "',\t2,\t'<p>Sehr geehrte Damen und Herren,</p>\\r\\n<p>wir m&ouml;chten bitte folgende Produkte bei Ihnen Nachbestellen:</p>\\r\\n<p><br />\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}{\$order_values.products_quantity} x {\$order_values.products_name}<br />\\r\\n{/foreach}</p>',\t0,\t'wholesaler',\t'Sehr geehrte Damen und Herren,\\r\\n\\r\\nwir möchten bitte folgende Produkte bei Ihnen Nachbestellen\\r\\n\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}\\r\\n{\$order_values.products_quantity} x {\$order_values.products_name}\\r\\n{/foreach}');\r\n");
         // EOF - Mail Manager Template
     } elseif ($_GET['action'] == 'save') {
         xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array, 'update', "wholesaler_id = '" . xtc_db_input($wholesaler_id) . "'");
     }