// include needed functions require_once DIR_FS_INC . 'xtc_image_button.inc.php'; require_once DIR_FS_INC . 'xtc_draw_input_field.inc.php'; require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php'; require_once DIR_FS_INC . 'xtc_php_mail.inc.php'; // include boxes require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php'; // include the mailer-class require_once DIR_WS_CLASSES . 'class.phpmailer.php'; if (isset($_GET['action']) && $_GET['action'] == 'process') { $check_affiliate_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_password, affiliate_id from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . $_POST['email_address'] . "'"); if (xtc_db_num_rows($check_affiliate_query)) { $check_affiliate = xtc_db_fetch_array($check_affiliate_query); // Crypted password mods - create a new password, update the database and mail it to them $newpass = xtc_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $crypted_password = xtc_encrypt_password($newpass); xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . $check_affiliate['affiliate_id'] . "'"); xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $_POST['email_address'], $check_affiliate['affiliate_firstname'] . " " . $check_affiliate['affiliate_lastname'], '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', EMAIL_PASSWORD_REMINDER_SUBJECT, nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)), nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass))); if (!isset($mail_error)) { xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false)); } else { echo $mail_error; } } else { xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'email=nonexistent', 'SSL')); } } else { $breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_PASSWORD_FORGOTTEN, xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, '', 'SSL')); require DIR_WS_INCLUDES . 'header.php'; $smarty->assign('FORM_ACTION', xtc_draw_form('password_forgotten', xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'action=process', 'SSL')));
//file_put_contents ($file_name, $file_content); store_config($file_name, $file_content); } } //Make sure record does not already exist $sql_where = SQL_WHERE . "customers_id = '1'"; $sql_from = SQL_FROM . TABLE_CUSTOMERS . $sql_where; $result = xtc_db_query(SELECT_COUNT . $sql_from); $repeat_installation = xtc_db_num_rows($result) > 0; if ($repeat_installation) { $result = xtc_db_query("delete" . $sql_from); $result = xtc_db_query(DELETE_FROM . TABLE_CUSTOMERS_INFO . " where customers_info_id = '1'"); $result = xtc_db_query(DELETE_FROM . TABLE_ADDRESS_BOOK . $sql_where); } $sep = "', '"; xtc_db_query(INSERT_INTO . TABLE_CUSTOMERS . " (\n\t\t\tcustomers_id,\n\t\t\tcustomers_status,\n\t\t\tcustomers_firstname,\n\t\t\tcustomers_lastname,\n\t\t\tcustomers_email_address,\n\t\t\tcustomers_default_address_id,\n\t\t\tcustomers_telephone,\n\t\t\tcustomers_password,\n\t\t\tdelete_user) VALUES\n\t\t\t(\n\t\t\t'1',\n\t\t\t'0','" . $first_name . $sep . $last_name . $sep . $email_adress . "','1','" . $telephone . $sep . xtc_encrypt_password($password) . "','0')"); xtc_db_query(INSERT_INTO . TABLE_CUSTOMERS_INFO . " (\n\t\t\tcustomers_info_id,\n\t\t\tcustomers_info_date_of_last_logon,\n\t\t\tcustomers_info_number_of_logons,\n\t\t\tcustomers_info_date_account_created,\n\t\t\tcustomers_info_date_account_last_modified,\n\t\t\tglobal_product_notifications) VALUES\n\t\t\t('1','','','','','')"); xtc_db_query(INSERT_INTO . TABLE_ADDRESS_BOOK . " (\n\t\t\tcustomers_id,\n\t\t\tentry_company,\n\t\t\tentry_firstname,\n\t\t\tentry_lastname,\n\t\t\tentry_street_address,\n\t\t\tentry_postcode,\n\t\t\tentry_city,\n\t\t\tentry_state,\n\t\t\tentry_country_id,\n\t\t\tentry_zone_id) VALUES\n\t\t\t('1','" . $company . $sep . $first_name . $sep . $last_name . $sep . $street_adress . $sep . $post_code . $sep . $city . $sep . $state . $sep . $country . $sep . $zone_id . "'\n\t\t\t)"); $update_string = SQL_UPDATE . TABLE_CONFIGURATION . " SET configuration_value='"; $where_string = "' WHERE configuration_key = '"; for ($i = 0; $i < $old_fields_1_count; $i++) { $field_name = $old_fields_1[$i][0]; if ($field_name) { $variable_name = strtolower($field_name); xtc_db_query($update_string . ${$variable_name} . $where_string . $field_name . APOS); } } for ($i = 0; $i < $new_fields_count; $i++) { $field_name = $new_fields[$i][0]; $variable_name = strtolower($field_name); xtc_db_query($update_string . ${$variable_name} . $where_string . $field_name . APOS);
} else { $entry_password_error = false; } // EOF - DokuMan - 2009-05-22 - Bugfix #0000218 - force to enter password when editing users $check_email = xtc_db_query("SELECT customers_email_address\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = '" . xtc_db_input($customers_email_address) . "'\n AND customers_id <> '" . xtc_db_input($customers_id) . "'"); if (xtc_db_num_rows($check_email)) { $error = true; $entry_email_address_exists = true; } else { $entry_email_address_exists = false; } if ($error == false) { $sql_data_array = array('customers_firstname' => $customers_firstname, 'customers_cid' => $customers_cid, 'customers_vat_id' => $customers_vat_id, 'customers_vat_id_status' => $customers_vat_id_status, 'customers_lastname' => $customers_lastname, 'customers_email_address' => $customers_email_address, 'customers_telephone' => $customers_telephone, 'customers_fax' => $customers_fax, 'customers_symbol' => $customers_symbol, 'payment_unallowed' => $payment_unallowed, 'shipping_unallowed' => $shipping_unallowed, 'customers_newsletter' => $customers_newsletter, 'customers_last_modified' => 'now()'); // if new password is set if ($password != "") { $sql_data_array['customers_password'] = xtc_encrypt_password($password); } if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $customers_gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = xtc_date_raw($customers_dob); } //xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '".xtc_db_input($customers_id)."'"); xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND customers_default_address_id = '" . $address_book_id . "'"); xtc_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . "\n SET customers_info_date_account_last_modified = now()\n WHERE customers_info_id = '" . xtc_db_input($customers_id) . "'"); if ($entry_zone_id > 0) { $entry_state = ''; } $sql_data_array = array('entry_firstname' => $customers_firstname, 'entry_lastname' => $customers_lastname, 'entry_street_address' => $entry_street_address, 'entry_postcode' => $entry_postcode, 'entry_city' => $entry_city, 'entry_country_id' => $entry_country_id, 'address_last_modified' => 'now()'); if (ACCOUNT_GENDER == 'true') {
require_once DIR_FS_INC . 'xtc_get_order_data.inc.php'; require_once DIR_FS_INC . 'xtc_get_attributes_model.inc.php'; // check if customer is allowed to send this order! $order_query_check = xtc_db_query("SELECT customers_id\n FROM " . TABLE_ORDERS . "\n WHERE orders_id='" . $insert_id . "'"); $order_check = xtc_db_fetch_array($order_query_check); //BOF - web28 - 2010-03-20 - Send Order by Admin //if ($_SESSION['customer_id'] == $order_check['customers_id'] ) { if ($_SESSION['customer_id'] == $order_check['customers_id'] || $send_by_admin) { //EOF - web28 - 2010-03-20 - Send Order by Admin $order = new order($insert_id); // BOF - Tomcraft - 2009-10-03 - Paypal Express Modul if (isset($_SESSION['paypal_express_new_customer']) && $_SESSION['paypal_express_new_customer'] == 'true' && isset($_SESSION['ACCOUNT_PASSWORD']) && $_SESSION['ACCOUNT_PASSWORD'] == 'true') { require_once DIR_FS_INC . 'xtc_create_password.inc.php'; require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php'; $password_encrypted = xtc_RandomString(10); $password = xtc_encrypt_password($password_encrypted); xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $smarty->assign('NEW_PASSWORD', $password_encrypted); } // EOF - Tomcraft - 2009-10-03 - Paypal Express Modul //BOF - web28 - 2010-03-20 - Send Order by Admin if (isset($send_by_admin)) { //DokuMan - 2010-09-18 - Undefined variable: send_by_admin $xtPrice = new xtcPrice($order->info['currency'], $order->info['status']); } //EOF - web28 - 2010-03-20 - Send Order by Admin $smarty->assign('address_label_customer', xtc_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />')); $smarty->assign('address_label_shipping', xtc_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />')); $smarty->assign('address_label_payment', xtc_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />')); $smarty->assign('csID', $order->customer['csID']); $order_total = $order->getTotalData($insert_id);
$error = false; if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR); } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = xtc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $check_customer = xtc_db_fetch_array($check_customer_query); if (xtc_validate_password($password_current, $check_customer['customers_password'])) { xtc_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_password = '******', customers_last_modified=now() WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xtc_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . " SET customers_info_date_account_last_modified = now() WHERE customers_info_id = '" . (int) $_SESSION['customer_id'] . "'"); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); xtc_redirect(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL')); } else { $error = true; $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } } } $breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL')); require DIR_WS_INCLUDES . 'header.php'; if ($messageStack->size('account_password') > 0) { $smarty->assign('error', $messageStack->output('account_password')); }
function CustomersUpdate() { global $_POST, $Lang_folder; $customers_id = -1; // include PW function require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php'; if (isset($_POST['cID'])) { $customers_id = xtc_db_prepare_input($_POST['cID']); } // security check, if user = admin, dont allow to perform changes if ($customers_id != -1) { $sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'"); $sec_data = xtc_db_fetch_array($sec_query); if ($sec_data['customers_status'] == 0) { print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', ''); return; } } $sql_customers_data_array = array(); if (isset($_POST['customers_cid'])) { $sql_customers_data_array['customers_cid'] = $_POST['customers_cid']; } if (isset($_POST['customers_firstname'])) { $sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname']; } if (isset($_POST['customers_lastname'])) { $sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname']; } if (isset($_POST['customers_dob'])) { $sql_customers_data_array['customers_dob'] = $_POST['customers_dob']; } if (isset($_POST['customers_email'])) { $sql_customers_data_array['customers_email_address'] = $_POST['customers_email']; } if (isset($_POST['customers_tele'])) { $sql_customers_data_array['customers_telephone'] = $_POST['customers_tele']; } if (isset($_POST['customers_fax'])) { $sql_customers_data_array['customers_fax'] = $_POST['customers_fax']; } if (isset($_POST['customers_gender'])) { $sql_customers_data_array['customers_gender'] = $_POST['customers_gender']; } if (file_exists('cao_custupd_1.php')) { include 'cao_custupd_1.php'; } if (isset($_POST['customers_password'])) { $sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']); } $sql_address_data_array = array(); if (isset($_POST['customers_firstname'])) { $sql_address_data_array['entry_firstname'] = $_POST['customers_firstname']; } if (isset($_POST['customers_lastname'])) { $sql_address_data_array['entry_lastname'] = $_POST['customers_lastname']; } if (isset($_POST['customers_company'])) { $sql_address_data_array['entry_company'] = $_POST['customers_company']; } if (isset($_POST['customers_street'])) { $sql_address_data_array['entry_street_address'] = $_POST['customers_street']; } if (isset($_POST['customers_city'])) { $sql_address_data_array['entry_city'] = $_POST['customers_city']; } if (isset($_POST['customers_postcode'])) { $sql_address_data_array['entry_postcode'] = $_POST['customers_postcode']; } if (isset($_POST['customers_gender'])) { $sql_address_data_array['entry_gender'] = $_POST['customers_gender']; } if (isset($_POST['customers_country_id'])) { $country_code = $_POST['customers_country_id']; } $country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1"; $country_result = xtc_db_query($country_query); $row = xtc_db_fetch_array($country_result); $sql_address_data_array['entry_country_id'] = $row['countries_id']; $count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1"); $check = xtc_db_fetch_array($count_query); if ($check['count'] > 0) { $mode = 'UPDATE'; $address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1"); $customer = xtc_db_fetch_array($address_book_result); xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1"); xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1"); xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1"); } else { $mode = 'APPEND'; if (strlen($_POST['customers_password']) == 0) { // generate PW if empty $pw = xtc_RandomString(8); $sql_customers_data_array['customers_password'] = xtc_create_password($pw); } else { $pw = $_POST['customers_password']; } xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array); $customers_id = xtc_db_insert_id(); $sql_address_data_array['customers_id'] = $customers_id; xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array); $address_id = xtc_db_insert_id(); xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'"); //JP20080401 if (!isset($_POST['customers_price_level'])) { xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'"); } xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())"); } if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') { // generate mail for customer if customer=new require_once DIR_WS_CLASSES . 'class.phpmailer.php'; require_once DIR_FS_INC . 'xtc_php_mail.inc.php'; require_once DIR_FS_INC . 'xtc_add_tax.inc.php'; require_once DIR_FS_INC . 'xtc_not_null.inc.php'; require_once DIR_FS_INC . 'xtc_href_link.inc.php'; require_once DIR_FS_INC . 'xtc_date_long.inc.php'; require_once DIR_FS_INC . 'xtc_check_agent.inc.php'; require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php'; //JP 20080102 $smarty = new Smarty(); //$smarty->assign('language', $check_status['language']); $smarty->assign('language', $Lang_folder); $smarty->caching = false; $smarty->template_dir = DIR_FS_CATALOG . 'templates'; $smarty->compile_dir = DIR_FS_CATALOG . 'templates_c'; $smarty->config_dir = DIR_FS_CATALOG . 'lang'; //BOF - GTB - 2010-08-03 - Security Fix - Base $smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/'); //$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/'); //EOF - GTB - 2010-08-03 - Security Fix - Base $smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/'); $smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']); $smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']); $smarty->assign('PASSWORD', $pw); //$smarty->assign('language', $Lang_folder); $smarty->assign('content', $module_content); $smarty->caching = false; $html_mail = $smarty->fetch('db:create_account_mail_admin.html'); $txt_mail = $smarty->fetch('db:create_account_mail_admin.txt'); // send mail with html/txt template xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail); } print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id); }
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('" . $admin_id . "','','','now()','','')"); xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('" . $admin_id . "',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )"); // admin address connection $address_book_id = xtc_db_insert_id(); xtc_db_query("UPDATE customers SET customers_default_address_id = '" . $address_book_id . "' WHERE customers_id = '" . $admin_id . "' "); // customers_status xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('" . $admin_id . "');"); $aa_spalten_qry = xtc_db_query("SHOW COLUMNS FROM admin_access"); while ($aa_spalten = xtc_db_fetch_array($aa_spalten_qry)) { if ($aa_spalten['Type'] == 'int(1)') { xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '1' WHERE customers_id = '" . $admin_id . "'"); } } xtc_redirect(xtc_href_link('install_additional_admins.php', '', 'NONSSL')); } else { xtc_db_query("insert into " . TABLE_CUSTOMERS . " (\n customers_id,\n customers_status,\n customers_firstname,\n customers_lastname,\n customers_gender,\n customers_email_address,\n customers_default_address_id,\n customers_telephone,\n customers_password,\n delete_user) VALUES\n ('1',\n '0',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($gender) . "',\n '" . xtc_db_input($email_address) . "',\n '1',\n '" . xtc_db_input($telephone) . "',\n '" . xtc_encrypt_password($password) . "',\n '0')"); xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('1','','','now()','','')"); xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('1',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )"); // customers_status xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('1');"); xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('groups');"); $aa_spalten_qry = xtc_db_query("SHOW COLUMNS FROM admin_access"); while ($aa_spalten = xtc_db_fetch_array($aa_spalten_qry)) { if ($aa_spalten['Type'] == 'int(1)') { xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '1' WHERE customers_id = '1'"); xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '2' WHERE customers_id = 'groups'"); } } // groups $groups1_array = ['configuration', 'modules', 'countries', 'currencies', 'zones', 'geo_zones', 'tax_classes', 'tax_rates', 'accounting', 'backup', 'server_info', 'whos_online', 'languages', 'define_language', 'orders_status', 'shipping_status', 'module_export']; $groups3_array = ['orders', 'campaigns', 'print_packingslip', 'print_order', 'popup_memo', 'coupon_admin', 'listproducts', 'listcategories'];
if (DISPLAY_PRIVACY_CHECK == 'true' && empty($privacy)) { $error = true; $messageStack->add('create_account', ENTRY_PRIVACY_ERROR); } if (isset($customers_status)) { $customers_status = (int) $customers_status; } if (!isset($customers_status) || $customers_status == 0) { if (DEFAULT_CUSTOMERS_STATUS_ID != 0) { $customers_status = DEFAULT_CUSTOMERS_STATUS_ID; } else { $customers_status = 2; } } if ($error == false) { $sql_data_array = array('customers_vat_id' => $vat, 'customers_vat_id_status' => $customers_vat_id_status, 'customers_status' => $customers_status, 'customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_password' => xtc_encrypt_password($password), 'customers_date_added' => 'now()', 'customers_last_modified' => 'now()'); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = xtc_date_raw($dob); } xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array); $_SESSION['customer_id'] = xtc_db_insert_id(); $user_id = xtc_db_insert_id(); xtc_write_user_info($user_id); $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country, 'address_date_added' => 'now()', 'address_last_modified' => 'now()'); if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } if (ACCOUNT_COMPANY == 'true') {
$entry_suburb = xtc_db_prepare_input($_POST['entry_suburb']); $entry_postcode = xtc_db_prepare_input($_POST['entry_postcode']); $entry_city = xtc_db_prepare_input($_POST['entry_city']); $entry_country_id = xtc_db_prepare_input($_POST['entry_country_id']); $entry_company = xtc_db_prepare_input($_POST['entry_company']); $entry_state = xtc_db_prepare_input($_POST['entry_state']); $entry_zone_id = xtc_db_prepare_input($_POST['entry_zone_id']); $customers_send_mail = xtc_db_prepare_input($_POST['customers_mail']); $customers_password_encrypted = xtc_db_prepare_input($_POST['entry_password']); $customers_password = xtc_encrypt_password($customers_password_encrypted); $customers_mail_comments = xtc_db_prepare_input($_POST['mail_comments']); $payment_unallowed = xtc_db_prepare_input($_POST['payment_unallowed']); $shipping_unallowed = xtc_db_prepare_input($_POST['shipping_unallowed']); if ($customers_password == '') { $customers_password_encrypted = xtc_RandomString(8); $customers_password = xtc_encrypt_password($customers_password_encrypted); } $error = false; // reset error flag if (ACCOUNT_GENDER == 'true') { if ($customers_gender != 'm' && $customers_gender != 'f') { $error = true; $entry_gender_error = true; } else { $entry_gender_error = false; } } if (strlen($customers_password) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $entry_password_error = true; } else {
$error = true; $entry_agb_error = true; } // Check Company $entry_company_error = false; $entry_company_taxid_error = false; // Check Payment $entry_payment_check_error = false; $entry_payment_paypal_error = false; $entry_payment_bank_name_error = false; $entry_payment_bank_branch_number_error = false; $entry_payment_bank_swift_code_error = false; $entry_payment_bank_account_name_error = false; $entry_payment_bank_account_number_error = false; if (!$error) { $sql_data_array = array('affiliate_firstname' => $a_firstname, 'affiliate_lastname' => $a_lastname, 'affiliate_email_address' => $a_email_address, 'affiliate_payment_check' => $a_payment_check, 'affiliate_payment_paypal' => $a_payment_paypal, 'affiliate_payment_bank_name' => $a_payment_bank_name, 'affiliate_payment_bank_branch_number' => $a_payment_bank_branch_number, 'affiliate_payment_bank_swift_code' => $a_payment_bank_swift_code, 'affiliate_payment_bank_account_name' => $a_payment_bank_account_name, 'affiliate_payment_bank_account_number' => $a_payment_bank_account_number, 'affiliate_street_address' => $a_street_address, 'affiliate_postcode' => $a_postcode, 'affiliate_city' => $a_city, 'affiliate_country_id' => $a_country, 'affiliate_telephone' => $a_telephone, 'affiliate_fax' => $a_fax, 'affiliate_homepage' => $a_homepage, 'affiliate_password' => xtc_encrypt_password($a_password), 'affiliate_agb' => $a_agb); if (ACCOUNT_GENDER == 'true') { $sql_data_array['affiliate_gender'] = $a_gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['affiliate_dob'] = xtc_date_raw($a_dob); } if (ACCOUNT_COMPANY == 'true') { $sql_data_array['affiliate_company'] = $a_company; $sql_data_array['affiliate_company_taxid'] = $a_company_taxid; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['affiliate_suburb'] = $a_suburb; } if (ACCOUNT_STATE == 'true') { if ($a_zone_id > 0) {