----------------------------------------------------------------------------------------- based on: (c) 2006 XT-Commerce Released under the GNU General Public License ---------------------------------------------------------------------------------------*/ //included by shop_content.php //use contact_us.php language file require_once DIR_WS_LANGUAGES . $_SESSION['language'] . '/contact_us.php'; $error = false; if (isset($_GET['action']) && $_GET['action'] == 'send') { //BOF - web28 - 2010-04-03 - New error handling for required fileds //jedes Feld kann hier auf die gew�nschte Bedingung getestet und eine Fehlermeldung zugeordnet werden //BOF error handling $err_msg = ''; if (!xtc_validate_email(trim($_POST['email']))) { $err_msg .= ERROR_EMAIL; } if (!empty($_POST['email2_FT7ughj521dfdf'])) { $err_msg .= ERROR_HONEYPOT; } if (trim($_POST['message_body']) == '') { $err_msg .= ERROR_MSG_BODY; } if (CONTACT_FORM_CONSENT == 'true') { if (!isset($_POST['checkbox'])) { $err_msg .= ERROR_CHECKBOX; } } //EOF error handling $smarty->assign('error_message', ERROR_MAIL . $err_msg);
break; } // EOF - Dokuman - 2011-09-13 - display correct error code of VAT ID check if ($vatID->vat_info['error'] == 1) { $entry_vat_error = true; $error = true; } } // New VAT CHECK END if (strlen($customers_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) { $error = true; $entry_email_address_error = true; } else { $entry_email_address_error = false; } if (!xtc_validate_email($customers_email_address)) { $error = true; $entry_email_address_check_error = true; } else { $entry_email_address_check_error = false; } if (strlen($entry_street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) { $error = true; $entry_street_address_error = true; } else { $entry_street_address_error = false; } if (strlen($entry_postcode) < ENTRY_POSTCODE_MIN_LENGTH) { $error = true; $entry_post_code_error = true; } else {
function pre_confirmation_check() { if (@$_POST['banktransfer_fax'] == false && @$_POST['recheckok'] != 'true') { include DIR_WS_CLASSES . 'banktransfer_validation.php'; // iban / classic? $number = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['banktransfer_number']); if (ctype_digit($number) && MODULE_PAYMENT_BANKTRANSFER_IBAN_ONLY == 'false') { // classic $banktransfer_validation = new AccountCheck(); $banktransfer_result = $banktransfer_validation->CheckAccount($number, $_POST['banktransfer_blz']); // some error codes <> 0/OK pass as OK if ($banktransfer_validation->account_acceptable($banktransfer_result)) { $banktransfer_result = 0; } } else { // iban $banktransfer_validation = new IbanAccountCheck(); $banktransfer_result = $banktransfer_validation->IbanCheckAccount($number, $_POST['banktransfer_blz']); // some error codes <> 0/OK pass as OK if ($banktransfer_validation->account_acceptable($banktransfer_result)) { $banktransfer_result = 0; } // owner email ? if ($banktransfer_result == 0 && isset($_POST['banktransfer_owner_email'])) { require_once DIR_FS_INC . 'xtc_validate_email.inc.php'; if (!xtc_validate_email($_POST['banktransfer_owner_email'])) { $banktransfer_result = 13; } } // iban country allowed in payment zone? if ($banktransfer_result == 0 && (int) MODULE_PAYMENT_BANKTRANSFER_ZONE > 0) { $check_query = xtc_db_query("SELECT DISTINCT z.geo_zone_id \n FROM " . TABLE_ZONES_TO_GEO_ZONES . " z\n JOIN " . TABLE_COUNTRIES . " c on c.countries_id = z.zone_country_id\n WHERE z.geo_zone_id = " . MODULE_PAYMENT_BANKTRANSFER_ZONE . "\n AND c.countries_iso_code_2 = '" . $banktransfer_validation->IBAN_country . "'"); if (xtc_db_num_rows($check_query) == 0) { $banktransfer_result = 14; } } // map return codes. refine where necessary // iban not ok if (in_array($banktransfer_result, array(1000, 1010, 1020, 1030, 1040))) { $banktransfer_result = 12; } else { if (in_array($banktransfer_result, array(1050, 1060, 1070, 1080))) { $banktransfer_result = 11; } else { if ($banktransfer_result > 2000) { $banktransfer_result -= 2000; } } } } if (!empty($banktransfer_validation->Bankname)) { $this->banktransfer_bankname = $banktransfer_validation->Bankname; } else { $this->banktransfer_bankname = xtc_db_prepare_input($_POST['banktransfer_bankname']); } if (isset($_POST['banktransfer_owner']) && $_POST['banktransfer_owner'] == '') { $banktransfer_result = 10; } switch ($banktransfer_result) { case 0: // payment o.k. $error = 'O.K.'; $recheckok = 'false'; break; case 1: // number & blz not ok $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_1; $recheckok = 'false'; break; case 2: // account number has no calculation method $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_2; $recheckok = 'true'; break; case 3: // No calculation method implemented $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_3; $recheckok = 'true'; break; case 4: // Number cannot be checked $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_4; $recheckok = 'true'; break; case 5: // BLZ not found $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_5; $recheckok = 'false'; // Set "true" if you have not the latest BLZ table! break; case 8: // no BLZ entered $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_8; $recheckok = 'false'; break; case 9: // no number entered $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_9; $recheckok = 'false'; break; case 10: // no account holder entered $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_10; $recheckok = 'false'; break; case 11: // no bic entered $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_11; $recheckok = 'false'; break; case 12: // iban not o.k. $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_12; $recheckok = 'false'; break; case 13: // no account holder notification email entered $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_13; $recheckok = 'false'; break; case 14: // iban country not allowed in payment zone $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_14; $recheckok = 'false'; break; case 128: // Internal error $error = 'Internal error, please check again to process your payment'; $recheckok = 'true'; break; default: $error = MODULE_PAYMENT_BANKTRANSFER_TEXT_BANK_ERROR_4; $recheckok = 'true'; break; } if ($banktransfer_result > 0 && $_POST['recheckok'] != 'true') { $payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error) . '&banktransfer_owner=' . urlencode($_POST['banktransfer_owner']) . '&banktransfer_number=' . urlencode($_POST['banktransfer_number']) . '&banktransfer_blz=' . urlencode($_POST['banktransfer_blz']) . '&banktransfer_bankname=' . urlencode($_POST['banktransfer_bankname']) . '&banktransfer_owner_email=' . urlencode($_POST['banktransfer_owner_email']) . '&recheckok=' . $recheckok; xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false)); } $this->iban_mode = $banktransfer_validation->checkmode == 'iban'; $this->banktransfer_owner = xtc_db_prepare_input($_POST['banktransfer_owner']); $this->banktransfer_owner_email = xtc_db_prepare_input($_POST['banktransfer_owner_email']); $this->banktransfer_iban = $banktransfer_validation->banktransfer_iban; $this->banktransfer_bic = $banktransfer_validation->banktransfer_bic; $this->banktransfer_number = $banktransfer_validation->banktransfer_number; $this->banktransfer_blz = $banktransfer_validation->banktransfer_blz; $this->banktransfer_prz = $banktransfer_validation->PRZ; $this->banktransfer_status = $banktransfer_result; } }
} } //BOF - DokuMan - 2012-05-31 - show warning if PayPal payment module activated, but not configured for live mode yet if (strpos($check['configuration_value'], 'paypal') !== false && defined('PAYPAL_API_USER') && PAYPAL_API_USER == '') { $warnings[] = '<p>' . sprintf(TEXT_PAYPAL_CONFIG, xtc_href_link(FILENAME_CONFIGURATION, 'gID=111125')) . '</p>'; } //EOF - DokuMan - 2012-05-31 - show warning if PayPal payment module activated, but not configured for live mode yet } /******************************************************************************* ** Email adress check: ******************************************************************************/ $check = array(); $emails = array('STORE_OWNER_EMAIL_ADDRESS', 'EMAIL_BILLING_ADDRESS', 'EMAIL_BILLING_REPLY_ADDRESS', 'CONTACT_US_EMAIL_ADDRESS', 'EMAIL_SUPPORT_ADDRESS'); foreach ($emails as $name) { $email = constant($name); if (empty($email) or !xtc_validate_email($email)) { include DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/configuration.php'; $checks[] = sprintf(ERROR_EMAIL_CHECK_INFO, constant($name . '_TITLE'), $email); } } if (!empty($check)) { $warnings[] = ERROR_EMAIL_CHECK . '<ul><li>' . implode('</li><li>', $check) . '</li></ul>'; } /** ---------------------------------------------------------------------------- ** Check for enabled FILE options on MySQL database - possible injection ** ------------------------------------------------------------------------- */ /* //for further use $sql = '-- admin/includes/modules/security_check FILE perms show grants'; $stmt = xtc_db_query($sql); while ($row = xtc_db_fetch_array($stmt)) {
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, xtc_db_input($_POST['email']), '', '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail); } } else { $info_message = TEXT_EMAIL_EXIST_NEWSLETTER; } } } else { //BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING //$info_message = TEXT_WRONG_CODE; if (!xtc_validate_email(trim($_POST['email']))) { $info_message .= ERROR_EMAIL; } //EOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING } //BOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING if (xtc_validate_email(trim($_POST['email'])) && isset($_POST['delete'])) { //EOF - web28 - 2010-02-09: NEWSLETTER ERROR HANDLING $check_mail_query = xtc_db_query("select customers_email_address from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address = '" . xtc_db_input($_POST['email']) . "'"); if (!xtc_db_num_rows($check_mail_query)) { $info_message = TEXT_EMAIL_NOT_EXIST; } else { $del_query = xtc_db_query("delete from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address ='" . xtc_db_input($_POST['email']) . "'"); $info_message = TEXT_EMAIL_DEL; } } } // Accountaktivierung per Emaillink if (isset($_GET['action']) && $_GET['action'] == 'activate') { $check_mail_query = xtc_db_query("select mail_key from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address = '" . xtc_db_input($_GET['email']) . "'"); if (!xtc_db_num_rows($check_mail_query)) { $info_message = TEXT_EMAIL_NOT_EXIST;
// New VAT Check if (ACCOUNT_COMPANY_VAT_CHECK == 'true') { require_once DIR_WS_CLASSES . 'vat_validation.php'; $vatID = new vat_validation($vat, '', '', $country, true); $customers_status = $vatID->vat_info['status']; $customers_vat_id_status = isset($vatID->vat_info['vat_id_status']) ? $vatID->vat_info['vat_id_status'] : ''; if (isset($vatID->vat_info['error']) && $vatID->vat_info['error'] == 1) { $messageStack->add('create_account', ENTRY_VAT_ERROR); $error = true; } } // email check if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) { $error = true; $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR); } elseif (xtc_validate_email($email_address) == false) { $error = true; $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } elseif ($email_address != $confirm_email_address) { $error = true; $messageStack->add('create_account', ENTRY_EMAIL_ERROR_NOT_MATCHING); } if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) { $error = true; $messageStack->add('create_account', ENTRY_STREET_ADDRESS_ERROR); } if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) { $error = true; $messageStack->add('create_account', ENTRY_POST_CODE_ERROR); } if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
$city = xtc_db_prepare_input($_POST['CITY']); $country = xtc_db_prepare_input($_POST['COUNTRY']); $telephone_number = xtc_db_prepare_input($_POST['TELEPHONE']); $error = false; if (strlen($store_name) < '3') { $error = true; $messageStack->add('install_shopinfo_step', ENTRY_STORE_NAME_ERROR); } if (strlen($company) < '2') { $error = true; $messageStack->add('install_shopinfo_step', ENTRY_COMPANY_NAME_ERROR); } if (strlen($email_from) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) { $error = true; $messageStack->add('install_shopinfo_step', ENTRY_EMAIL_ADDRESS_FROM_ERROR); } elseif (xtc_validate_email($email_from) == false) { $error = true; $messageStack->add('install_shopinfo_step', ENTRY_EMAIL_ADDRESS_FROM_CHECK_ERROR); } if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) { $error = true; $messageStack->add('install_shopinfo_step', ENTRY_POST_CODE_ERROR); } if (strlen($street_address) < '3') { $error = true; $messageStack->add('install_shopinfo_step', ENTRY_STREET_ADDRESS_ERROR); } if (strlen($telephone_number) < '6') { $error = true; $messageStack->add('install_shopinfo_step', ENTRY_TELEPHONE_NUMBER_ERROR); }
} if (ACCOUNT_DOB == 'true') { if (checkdate(substr(xtc_date_raw($a_dob), 4, 2), substr(xtc_date_raw($a_dob), 6, 2), substr(xtc_date_raw($a_dob), 0, 4))) { $entry_date_of_birth_error = false; } else { $error = true; $entry_date_of_birth_error = true; } } if (strlen($a_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) { $error = true; $entry_email_address_error = true; } else { $entry_email_address_error = false; } if (!xtc_validate_email($a_email_address)) { $error = true; $entry_email_address_check_error = true; } else { $entry_email_address_check_error = false; } if (strlen($a_street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) { $error = true; $entry_street_address_error = true; } else { $entry_street_address_error = false; } if (strlen($a_postcode) < ENTRY_POSTCODE_MIN_LENGTH) { $error = true; $entry_post_code_error = true; } else {
} elseif ($_GET['action'] == 'save') { $url_action = 'edit'; $check_if_name_exist = xtc_db_find_database_field(TABLE_WHOLESALERS, 'wholesaler_name', $wholesaler_name); } if (!$wholesaler_name || $check_if_name_exist) { if ($_GET['action'] == 'save') { if ($check_if_name_exist['wholesaler_id'] != $wholesaler_id) { $error[] = ERROR_TEXT_NAME; } } else { $error[] = ERROR_TEXT_NAME; } } if (!$wholesaler_email) { $error[] = ERROR_TEXT_EMAIL; } elseif (!xtc_validate_email($wholesaler_email)) { $error[] = ERROR_TEXT_EMAIL_INVALID; } if (!$wholesaler_file) { $error[] = ERROR_TEXT_FILE; } if (empty($error)) { if ($_GET['action'] == 'insert') { xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array); $wholesaler_id = xtc_db_insert_id(); // BOF - Mail Manager Template xtc_db_query("INSERT INTO email_manager (em_name, em_language, em_body, em_delete, em_type, em_body_txt) VALUES\r\n('" . $wholesaler_file . "',\t2,\t'<p>Sehr geehrte Damen und Herren,</p>\\r\\n<p>wir möchten bitte folgende Produkte bei Ihnen Nachbestellen:</p>\\r\\n<p><br />\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}{\$order_values.products_quantity} x {\$order_values.products_name}<br />\\r\\n{/foreach}</p>',\t0,\t'wholesaler',\t'Sehr geehrte Damen und Herren,\\r\\n\\r\\nwir möchten bitte folgende Produkte bei Ihnen Nachbestellen\\r\\n\\r\\n{foreach name=aussen item=order_values from=\$PRODUCTS}\\r\\n{\$order_values.products_quantity} x {\$order_values.products_name}\\r\\n{/foreach}');\r\n"); // EOF - Mail Manager Template } elseif ($_GET['action'] == 'save') { xtc_db_perform(TABLE_WHOLESALERS, $sql_data_array, 'update', "wholesaler_id = '" . xtc_db_input($wholesaler_id) . "'"); }