function _process()
{
global $messageStack, $osC_Database, $osC_Customer;
if (!isset($_POST['password_current']) || strlen(trim($_POST['password_current'])) < ACCOUNT_PASSWORD) {
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (!isset($_POST['password_new']) || strlen(trim($_POST['password_new'])) < ACCOUNT_PASSWORD) {
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif (!isset($_POST['password_confirmation']) || trim($_POST['password_new']) != trim($_POST['password_confirmation'])) {
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($messageStack->size('account_password') === 0) {
$Qcheck = $osC_Database->query('select customers_password from :table_customers where customers_id = :customers_id');
$Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcheck->bindInt(':customers_id', $osC_Customer->id);
$Qcheck->execute();
if (tep_validate_password(trim($_POST['password_current']), $Qcheck->value('customers_password'))) {
$Qupdate = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id');
$Qupdate->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qupdate->bindValue(':customers_password', tep_encrypt_password(trim($_POST['password_new'])));
$Qupdate->bindInt(':customers_id', $osC_Customer->id);
$Qupdate->execute();
$Qupdate = $osC_Database->query('update :table_customers_info set customers_info_date_account_last_modified = now() where customers_info_id = :customers_info_id');
$Qupdate->bindTable(':table_customers_info', TABLE_CUSTOMERS_INFO);
$Qupdate->bindInt(':customers_info_id', $osC_Customer->id);
$Qupdate->execute();
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
function execute()
{
global $login_customer_id, $messageStack, $oscTemplate;
$OSCOM_Db = Registry::get('Db');
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = HTML::sanitize($_POST['email_address']);
$password = HTML::sanitize($_POST['password']);
// Check if email exists
$Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
if ($Qcustomer->fetch() === false) {
$error = true;
} else {
// Check that password is good
if (!tep_validate_password($password, $Qcustomer->value('customers_password'))) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = $Qcustomer->valueInt('customers_id');
// migrate old hashed password to new phpass password
if (tep_password_type($Qcustomer->value('customers_password')) != 'phpass') {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password)], ['customers_id' => $login_customer_id]);
}
}
}
}
if ($error == true) {
$messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
}
ob_start();
include DIR_WS_MODULES . 'content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
/**
* @param $first_name
* @param $last_name
* @param $email
* @return integer Customer ID
*/
public static function create_user($first_name, $last_name, $email)
{
$existing_customer = self::get_customer_id_by_email($email);
if (!$existing_customer) {
// Customer doesn't exist, create them.
// tep_encrypt_password deals with actual hashing, this is simply generating a longer string.
$password_string = md5(self::gen_random_string());
$customer_data = array('customers_firstname' => $first_name, 'customers_lastname' => $last_name, 'customers_email_address' => $email, 'customers_gender' => '', 'customers_dob' => tep_db_prepare_input('0001-01-01 00:00:00'), 'customers_telephone' => '', 'customers_newsletter' => '0', 'customers_default_address_id' => 0, 'customers_password' => tep_encrypt_password($password_string));
$cust = tep_db_perform(TABLE_CUSTOMERS, $customer_data);
$cust_id = tep_db_insert_id();
if (!$cust_id) {
return FALSE;
}
// Set an invalid password
$query = "UPDATE " . TABLE_CUSTOMERS . " SET `customers_password` = :pw WHERE `customers_id` = :id";
$query = bind_vars($query, ':pw', 'LOGINWITHAMAZON00000000000000000');
$query = bind_vars($query, ':id', $cust_id);
tep_db_query($query);
// Add user to the Amazon users table
$amazon_table_safe = tep_db_input(self::TABLE_NAME_ONLY);
$cust_id_safe = tep_db_input($cust_id);
$query = "INSERT INTO " . $amazon_table_safe . " (customer_id) VALUES (" . $cust_id_safe . ")";
tep_db_query($query);
// Create customer info entry
tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $cust_id . "', '0', now())");
return $cust_id;
} else {
return $existing_customer;
}
}
function execute()
{
global $sessiontoken, $login_customer_id, $messageStack, $oscTemplate;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $sessiontoken) {
$email_address = tep_db_prepare_input($_POST['email_address']);
$password = tep_db_prepare_input($_POST['password']);
// Check if email exists
$customer_query = tep_db_query("select customers_id, customers_password from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1");
if (!tep_db_num_rows($customer_query)) {
$error = true;
} else {
$customer = tep_db_fetch_array($customer_query);
// Check that password is good
if (!tep_validate_password($password, $customer['customers_password'])) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = (int) $customer['customers_id'];
// migrate old hashed password to new phpass password
if (tep_password_type($customer['customers_password']) != 'phpass') {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $login_customer_id . "'");
}
}
}
}
if ($error == true) {
$messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
}
ob_start();
include 'includes/modules/content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
function create_temp_customer($customer_info)
{
global $customer_id, $customer_first_name, $customer_default_address_id, $customer_country_id, $customer_zone_id, $billto, $sendto;
$query = tep_db_query("SELECT c.customers_id as customer_id, c.customers_firstname, c.customers_default_address_id as customer_default_address_id, ab.entry_country_id as customer_country_id, ab.entry_zone_id as customer_zone_id FROM " . TABLE_CUSTOMERS . " c, " . TABLE_ADDRESS_BOOK . " ab WHERE c.customers_id = ab.customers_id AND c.customers_default_address_id = ab.address_book_id AND c.customers_email_address = '" . $customer_info['EMAIL'] . "'");
if (tep_db_num_rows($query) > 0) {
$data = tep_db_fetch_array($query);
$customer_id = $data['customer_id'];
$customer_first_name = $data['customer_first_name'];
$customer_default_address_id = $data['customer_default_address_id'];
$customer_country_id = $data['customer_country_id'];
$customer_zone_id = $data['customer_zone_id'];
} else {
$_SESSION['temp_password'] = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$sql_data_array = array('customers_firstname' => $customer_info['FIRSTNAME'], 'customers_lastname' => $customer_info['LASTNAME'], 'customers_email_address' => $customer_info['EMAIL'], 'customers_validation' => '1', 'customers_password' => tep_encrypt_password($_SESSION['temp_password']));
tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = tep_db_insert_id();
$sql_query = tep_db_query("SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $customer_info['SHIPTOCOUNTRYCODE'] . "'");
if (tep_db_num_rows($sql_query) == 0) {
$sql_query = tep_db_query("SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $customer_info['COUNTRYCODE'] . "'");
}
$country = tep_db_fetch_array($sql_query);
$customer_country_id = $country['countries_id'];
$zone = tep_db_fetch_array(tep_db_query("SELECT zone_id FROM " . TABLE_ZONES . " WHERE zone_country_id = '" . $country['countries_id'] . "' AND zone_code = '" . $customer_info['SHIPTOSTATE'] . "'"));
if (tep_not_null($zone['zone_id'])) {
$customer_zone_id = $zone['zone_id'];
$state = '';
} else {
$customer_zone_id = '0';
$state = $customer_info['SHIPTOSTATE'];
}
$customer_first_name = $customer_info['FIRSTNAME'];
$customer_last_name = $customer_info['LASTNAME'];
$sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $customer_first_name, 'entry_lastname' => $customer_last_name, 'entry_telephone' => $customer_info['PHONENUM'], 'entry_street_address' => $customer_info['SHIPTOSTREET'], 'entry_postcode' => $customer_info['SHIPTOZIP'], 'entry_city' => $customer_info['SHIPTOCITY'], 'entry_country_id' => $customer_country_id, 'entry_zone_id' => $customer_zone_id, 'entry_state' => $state);
tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$customer_default_address_id = tep_db_insert_id();
$billto = $customer_default_address_id;
$sendto = $customer_default_address_id;
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $customer_default_address_id . "' where customers_id = '" . (int) $customer_id . "'");
tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())");
$_SESSION['paypalxc_create_account'] = '1';
}
$_SESSION['customer_id'] = $customer_id;
$_SESSION['customer_first_name'] = $customer_first_name;
$_SESSION['customer_default_address_id'] = $customer_default_address_id;
$_SESSION['customer_country_id'] = $customer_country_id;
$_SESSION['customer_zone_id'] = $customer_zone_id;
}
}
// needs to be included earlier to set the success message in the messageStack
require 'includes/languages/' . $language . '/modules/content/account/cm_account_set_password.php';
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $sessiontoken) {
$password_new = tep_db_prepare_input($_POST['password_new']);
$password_confirmation = tep_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
tep_db_query("update customers set customers_password = '******' where customers_id = '" . (int) $customer_id . "'");
tep_db_query("update customers_info set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'");
$messageStack->add_session('account', MODULE_CONTENT_ACCOUNT_SET_PASSWORD_SUCCESS_PASSWORD_SET, 'success');
tep_redirect(tep_href_link('account.php', '', 'SSL'));
}
}
$breadcrumb->add(MODULE_CONTENT_ACCOUNT_SET_PASSWORD_NAVBAR_TITLE_1, tep_href_link('account.php', '', 'SSL'));
$breadcrumb->add(MODULE_CONTENT_ACCOUNT_SET_PASSWORD_NAVBAR_TITLE_2, tep_href_link('ext/modules/content/account/set_password.php', '', 'SSL'));
require 'includes/template_top.php';
?>
<div class="page-header">
<h1><?php
echo MODULE_CONTENT_ACCOUNT_SET_PASSWORD_HEADING_TITLE;
?>
</h1>
}
}
if ($entity == 0) {
$setperson = $worketc->SetPerson(array('person' => array('Title' => $title, 'FirstName' => $firstname, 'MiddleName' => '', 'Surname' => $lastname, 'Gender' => $newgender, 'EntityID' => 0, 'LastActivity' => date('c'), 'DateLastModified' => date('c'), 'CreationDate' => date('c'), 'Email' => $email_address, 'CustomerCredentials' => 'SupportPersonal', 'Delete' => false, 'RemoveParentLinks' => false, 'OwnerID' => $OwnerID, 'SupplierRate' => 3.1, 'SupplierUnit' => 'None', 'Website' => $website, 'Addresses' => array('Address' => array('AddressID' => $addid, 'AddressType' => 'Home', 'Street' => $street_address, 'Suburb' => $city, 'StateOrProv' => $state, 'PostalCode' => $postcode, 'Country' => tep_get_country_name($country), 'Phone' => $telephone, 'PhoneExt' => $customers_telephone_ext, 'Fax' => $fax, 'Delete' => false, 'RemoveParentLinks' => false, 'DateLastModified' => date('c'))), 'RelatedBranches' => array('BranchResult' => array('BranchName' => $company, 'BranchLabel' => $company, 'CompanyName' => $company, 'EntityID' => 0, 'IsPrimary' => true, 'BranchID' => 0, 'Delete' => false)))));
$entityid = $setperson->EntityID;
} else {
$findcompany = $worketc->FindCompanies(array('keywords' => $company));
$company_id = $findcompany->Company->Branches->Branch->BranchID;
$setperson = $worketc->SetPerson(array('person' => array('Title' => $title, 'FirstName' => $firstname, 'MiddleName' => '', 'Surname' => $lastname, 'Gender' => $newgender, 'EntityID' => $entity, 'LastActivity' => date('c'), 'DateLastModified' => date('c'), 'CreationDate' => date('c'), 'Email' => $email_address, 'CustomerCredentials' => 'SupportPersonal', 'Delete' => false, 'RemoveParentLinks' => false, 'OwnerID' => $OwnerID, 'SupplierRate' => 3.1, 'SupplierUnit' => 'None', 'Website' => $website, 'Addresses' => array('Address' => array('AddressID' => $addid, 'AddressType' => 'Home', 'Street' => $street_address, 'Suburb' => $city, 'StateOrProv' => $state, 'PostalCode' => $postcode, 'Country' => tep_get_country_name($country), 'Phone' => $telephone, 'PhoneExt' => $customers_telephone_ext, 'Fax' => $fax, 'Delete' => false, 'RemoveParentLinks' => false, 'DateLastModified' => date('c'))), 'RelatedBranches' => array('BranchResult' => array('BranchName' => $company, 'BranchLabel' => $company, 'CompanyName' => $company, 'EntityID' => $entity, 'IsPrimary' => true, 'BranchID' => 0, 'Delete' => false)))));
$entityid = $entity;
}
$worketc->EntityAddTag(array('EntityID' => $entityid, 'Tag' => "Registered Online"));
}
//end etc
if ($error == false) {
$sql_data_array = array('customers_firstname' => $firstname, 'referral' => $referral, 'referral_other' => $referral_other, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_telephone_ext' => $customers_telephone_ext, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_group' => $group, 'website' => $website, 'title' => $title, 'st' => $st, 'ip' => $_SERVER['REMOTE_ADDR'], 'customers_password' => tep_encrypt_password($password));
tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = tep_db_insert_id();
if (WORKETC_ENABLE == 'True' && tep_connect_worketc() != 0) {
$sql_data_array2 = array('customer_id' => $customer_id, 'tag_id' => 1);
tep_db_perform('customers_to_tag', $sql_data_array2);
}
$sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
$sql_data_array['entry_company'] = $company;
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = tep_db_insert_id();
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customer_id . "'");
tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())");
if (SESSION_RECREATE == 'True') {
}
}
}
if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_TELEPHONE_NUMBER_ERROR);
}
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($error == false) {
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_password' => tep_encrypt_password($password));
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = tep_date_raw($dob);
}
tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = tep_db_insert_id();
$sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['entry_company'] = $company;
}
}
if ($error == true) {
OSCOM::redirect('password_forgotten.php');
}
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$password_new = HTML::sanitize($_POST['password']);
$password_confirmation = HTML::sanitize($_POST['confirmation']);
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('password_reset', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('password_reset', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password_new)], ['customers_id' => $Qcheck->valueInt('customers_id')]);
$OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()', 'password_reset_key' => 'null', 'password_reset_date' => 'null'], ['customers_info_id' => $Qcheck->valueInt('customers_id')]);
$messageStack->add_session('login', SUCCESS_PASSWORD_RESET, 'success');
OSCOM::redirect('login.php', '', 'SSL');
}
}
$breadcrumb->add(NAVBAR_TITLE_1, OSCOM::link('login.php', '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2);
require 'includes/template_top.php';
?>
<div class="page-header">
<h1><?php
echo HEADING_TITLE;
?>
</h1>
break;
case 'logoff':
tep_session_unregister('selected_box');
tep_session_unregister('admin');
if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
tep_session_register('auth_ignore');
$auth_ignore = true;
}
tep_redirect(tep_href_link(FILENAME_DEFAULT));
break;
case 'create':
$check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");
if (tep_db_num_rows($check_query) == 0) {
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
tep_db_query("insert into " . TABLE_ADMINISTRATORS . " (user_name, user_password) values ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')");
}
tep_redirect(tep_href_link(FILENAME_LOGIN));
break;
}
}
$languages = tep_get_languages();
$languages_array = array();
$languages_selected = DEFAULT_LANGUAGE;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$languages_array[] = array('id' => $languages[$i]['code'], 'text' => $languages[$i]['name']);
if ($languages[$i]['directory'] == $language) {
$languages_selected = $languages[$i]['code'];
}
}
$admins_check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");
if (!isset($_POST['password']) || strlen(trim($_POST['password'])) < ACCOUNT_PASSWORD) {
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
} elseif (!isset($_POST['confirmation']) || trim($_POST['password']) != trim($_POST['confirmation'])) {
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($messageStack->size('create_account') === 0) {
$osC_Database->startTransaction();
$Qcustomer = $osC_Database->query('insert into :table_customers (customers_firstname, customers_lastname, customers_email_address, customers_newsletter, customers_status, customers_ip_address, customers_password, customers_gender, customers_dob) values (:customers_firstname, :customers_lastname, :customers_email_address, :customers_newsletter, :customers_status, :customers_ip_address, :customers_password, :customers_gender, :customers_dob)');
$Qcustomer->bindRaw(':table_customers', TABLE_CUSTOMERS);
$Qcustomer->bindValue(':customers_firstname', trim($_POST['firstname']));
$Qcustomer->bindValue(':customers_lastname', trim($_POST['lastname']));
$Qcustomer->bindValue(':customers_email_address', trim($_POST['email_address']));
$Qcustomer->bindValue(':customers_newsletter', isset($_POST['newsletter']) && $_POST['newsletter'] == '1' ? '1' : '');
$Qcustomer->bindValue(':customers_status', '1');
$Qcustomer->bindValue(':customers_ip_address', tep_get_ip_address());
$Qcustomer->bindValue(':customers_password', tep_encrypt_password(trim($_POST['password'])));
$Qcustomer->bindValue(':customers_gender', ACCOUNT_GENDER > -1 && isset($_POST['gender']) && ($_POST['gender'] == 'm' || $_POST['gender'] == 'f') ? $_POST['gender'] : '');
$Qcustomer->bindValue(':customers_dob', ACCOUNT_DATE_OF_BIRTH > -1 ? date('Ymd', $dob) : '');
$Qcustomer->execute();
if ($Qcustomer->affectedRows() === 1) {
$customer_id = $osC_Database->nextID();
$Qci = $osC_Database->query('insert into :table_customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values (:customers_info_id, :customers_info_number_of_logons, :customers_info_date_account_created)');
$Qci->bindRaw(':table_customers_info', TABLE_CUSTOMERS_INFO);
$Qci->bindInt(':customers_info_id', $customer_id);
$Qci->bindInt(':customers_info_number_of_logons', 0);
$Qci->bindRaw(':customers_info_date_account_created', 'now()');
$Qci->execute();
if ($Qci->affectedRows() === 1) {
$osC_Database->commitTransaction();
if (SERVICE_SESSION_REGENERATE_ID == 'True') {
$osC_Session->recreate();
function randomize()
{
$salt = "ABCDEFGHIJKLMNOPQRSTUVWXWZabchefghjkmnpqrstuvwxyz0123456789";
srand((double) microtime() * 1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$makePassword = randomize();
tep_mail($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
tep_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'");
}
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo CHARSET;
?>
">
<title><?php
$password_confirmation = tep_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('a_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_affiliate_query = tep_db_query("select affiliate_password from " . TABLE_AFFILIATE . " where affiliate_id = '" . (int) $affiliate_id . "'");
$check_affiliate = tep_db_fetch_array($check_affiliate_query);
if (tep_validate_password($password_current, $check_affiliate['affiliate_password'])) {
tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . (int) $affiliate_id . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
tep_redirect(tep_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL'));
} else {
$error = true;
$messageStack->add('a_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_AFFILIATE_PASSWORD, '', 'SSL'));
$content = affiliate_password;
include bts_select('main');
// BTSv1.5
require DIR_WS_INCLUDES . 'application_bottom.php';
} else {
function randomize()
{
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double) microtime() * 1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$makePassword = randomize();
$sql_data_array = array('admin_groups_id' => tep_db_prepare_input($_POST['admin_groups_id']), 'admin_firstname' => tep_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => tep_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => tep_db_prepare_input($_POST['admin_email_address']), 'admin_password' => tep_encrypt_password($makePassword), 'admin_created' => 'now()');
tep_db_perform(TABLE_ADMIN, $sql_data_array);
$admin_id = tep_db_insert_id();
tep_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
tep_redirect(tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&mID=' . $admin_id));
}
break;
case 'member_edit':
$admin_id = tep_db_prepare_input($_POST['admin_id']);
$hiddenPassword = '******';
$stored_email[] = 'NONE';
$check_email_query = tep_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
while ($check_email = tep_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (in_array($_POST['admin_email_address'], $stored_email)) {
Copyright 2006 osCMax2002 -2003 osCommerce
Released under the GNU General Public License
*/
// Most of this file is changed or moved to BTS - Basic Template System - format.
// For adding in contribution or modification - parts of this file has been moved to: catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).
// catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).
// (Sub 'fallback' with your current template to see if there is a template specific file.)
require 'includes/application_top.php';
require bts_select('language', FILENAME_AFFILIATE_PASSWORD_FORGOTTEN);
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$check_affiliate_query = tep_db_query("select affiliate_firstname, affiliate_lastname, affiliate_password, affiliate_id from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . $_POST['email_address'] . "'");
if (tep_db_num_rows($check_affiliate_query)) {
$check_affiliate = tep_db_fetch_array($check_affiliate_query);
// Crypted password mods - create a new password, update the database and mail it to them
$newpass = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = tep_encrypt_password($newpass);
tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . $check_affiliate['affiliate_id'] . "'");
tep_mail($check_affiliate['affiliate_firstname'] . " " . $check_affiliate['affiliate_lastname'], $_POST['email_address'], sprintf(EMAIL_PASSWORD_REMINDER_SUBJECT, STORE_NAME), nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, STORE_NAME, $newpass)), STORE_OWNER, AFFILIATE_EMAIL_ADDRESS);
tep_redirect(tep_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
} else {
tep_redirect(tep_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'email=nonexistent', 'SSL'));
}
} else {
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, '', 'SSL'));
$content = affiliate_password_forgotten;
include bts_select('main');
// BTSv1.5
require DIR_WS_INCLUDES . 'application_bottom.php';
}
function setCheckoutAddress($action)
{
global $order, $onepage, $customer_id;
if ($action == 'setSendTo' && !tep_not_null($_POST['shipping_country'])) {
$prefix = 'billing_';
} else {
$prefix = $action == 'setSendTo' ? 'shipping_' : 'billing_';
}
if (ACCOUNT_GENDER == 'true') {
$gender = $_POST[$prefix . 'gender'];
}
if (ACCOUNT_COMPANY == 'true') {
$company = tep_db_prepare_input($_POST[$prefix . 'company']);
}
if (ACCOUNT_COMPANY == 'true') {
$btwnr = tep_db_prepare_input($_POST['btwnr']);
}
if (ACCOUNT_SUBURB == 'true') {
$suburb = tep_db_prepare_input($_POST[$prefix . 'suburb']);
}
if (!isset($_POST[$prefix . 'zipcode'])) {
if (ONEPAGE_AUTO_SHOW_BILLING_SHIPPING == 'True') {
$zip_code = tep_db_prepare_input(ONEPAGE_AUTO_SHOW_DEFAULT_ZIP);
}
} else {
$zip_code = tep_db_prepare_input($_POST[$prefix . 'zipcode']);
}
if (!isset($_POST[$prefix . 'country'])) {
if (ONEPAGE_AUTO_SHOW_BILLING_SHIPPING == 'True') {
$country = tep_db_prepare_input(ONEPAGE_AUTO_SHOW_DEFAULT_COUNTRY);
}
} else {
$country = tep_db_prepare_input($_POST[$prefix . 'country']);
}
if (ACCOUNT_STATE == 'true') {
if (isset($_POST[$prefix . 'zone_id'])) {
$zone_id = tep_db_prepare_input($_POST[$prefix . 'zone_id']);
} else {
if (!isset($_POST[$prefix . 'zone_id'])) {
if (ONEPAGE_AUTO_SHOW_BILLING_SHIPPING == 'True') {
if ($country == ONEPAGE_AUTO_SHOW_DEFAULT_COUNTRY) {
$zone_id = tep_db_prepare_input(ONEPAGE_AUTO_SHOW_DEFAULT_STATE);
}
}
} else {
$zone_id = false;
}
}
if ($prefix == 'shipping_') {
$state = tep_db_prepare_input($_POST['delivery_state']);
} else {
$state = tep_db_prepare_input($_POST[$prefix . 'state']);
}
$zone_name = '';
$zone_id = 0;
$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "'");
$check = tep_db_fetch_array($check_query);
$entry_state_has_zones = $check['total'] > 0;
if ($entry_state_has_zones == true) {
$zone_query = tep_db_query("select distinct zone_id, zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country . "' and (zone_name = '" . tep_db_input($state) . "' or zone_code = '" . tep_db_input($state) . "')");
if (tep_db_num_rows($zone_query) == 1) {
$zone = tep_db_fetch_array($zone_query);
$zone_id = $zone['zone_id'];
$zone_name = $zone['zone_name'];
}
}
}
$tva_query = tep_db_query('select ab.billing_tva_intracom from customers c, ' . TABLE_ADDRESS_BOOK . ' ab where c.customers_id = "' . (int) $customer_id . '" and ab.customers_id = "' . (int) $customer_id . '" and c.customers_default_address_id = ab.address_book_id');
$tva = tep_db_fetch_array($tva_query);
$QcInfo = tep_db_query('select * from ' . TABLE_COUNTRIES . ' where countries_id = "' . $country . '"');
$cInfo = tep_db_fetch_array($QcInfo);
if ($action == 'setBillTo') {
$varName = 'billing';
if (ACCOUNT_DOB == 'true' && tep_not_null($_POST[$prefix . 'dob'])) {
$dob = $_POST[$prefix . 'dob'];
}
} else {
$varName = 'delivery';
}
if ($action == 'setBillTo') {
if (ACCOUNT_DOB == 'true') {
$dob = tep_db_prepare_input($_POST[$prefix . 'dob']);
$order->customer['dob'] = $dob;
$onepage['customer']['dob'] = $dob;
}
if (tep_not_null($_POST['billing_email_address'])) {
$order->customer['email_address'] = tep_db_prepare_input($_POST['billing_email_address']);
$onepage['customer']['email_address'] = $order->customer['email_address'];
$order->{$varName}['email_address'] = $order->customer['email_address'];
}
if (tep_not_null($_POST['billing_telephone'])) {
$order->customer['telephone'] = tep_db_prepare_input($_POST['billing_telephone']);
$onepage['customer']['telephone'] = $order->customer['telephone'];
$order->{$varName}['telephone'] = $order->customer['telephone'];
}
if (tep_not_null($_POST['password'])) {
$onepage['customer']['password'] = tep_encrypt_password($_POST['password']);
}
}
$order->{$varName}['gender'] = $gender;
$order->{$varName}['firstname'] = tep_db_prepare_input($_POST[$prefix . 'firstname']);
$order->{$varName}['lastname'] = tep_db_prepare_input($_POST[$prefix . 'lastname']);
$order->{$varName}['company'] = $company;
$order->{$varName}['btwnr'] = $btwnr;
$order->{$varName}['street_address'] = tep_db_prepare_input($_POST[$prefix . 'street_address']);
$order->{$varName}['suburb'] = $suburb;
$order->{$varName}['city'] = tep_db_prepare_input($_POST[$prefix . 'city']);
$order->{$varName}['postcode'] = $zip_code;
$order->{$varName}['state'] = isset($zone_name) && tep_not_null($zone_name) ? $zone_name : $state;
$order->{$varName}['zone_id'] = $zone_id;
$order->{$varName}['country'] = array('id' => $cInfo['countries_id'], 'title' => $cInfo['countries_name'], 'iso_code_2' => $cInfo['countries_iso_code_2'], 'iso_code_3' => $cInfo['countries_iso_code_3']);
$order->{$varName}['country_id'] = $cInfo['countries_id'];
$order->{$varName}['format_id'] = $cInfo['address_format_id'];
$order->{$varName}['billing_tva_intracom'] = $tva['billing_tva_intracom'];
if ($action == 'setSendTo' && !tep_not_null($_POST['shipping_firstname'])) {
$onepage['customer'] = array_merge($onepage['customer'], $order->billing);
}
$onepage[$varName] = array_merge($onepage[$varName], $order->{$varName});
return '{
"success": "true"
}';
}
public function create_customer($data)
{
global $user, $auth, $cart, $customer_id, $currencies;
$errors = array();
$process = true;
$error = false;
//Gender
if ($this->options['customers_gender'] == 'on') {
if (isset($data['gender'])) {
$gender = mysql_real_escape_string($data['gender']);
} else {
$gender = false;
}
}
//Name
if (isset($data['firstname']) || isset($data['lastname'])) {
$name = '';
if ($this->options['customers_firstname'] == 'on') {
$name .= $data['firstname'];
}
if ($this->options['customers_firstname'] == 'on' && $this->options['customers_lastname'] == 'on') {
$name .= ' ';
}
if ($this->options['customers_lastname'] == 'on') {
$name .= $data['lastname'];
}
} else {
if ($data['name']) {
$name = $data['name'];
} else {
if ($data['fullname']) {
$name = $data['fullname'];
}
}
}
if (strlen($name) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$errors['name'] = sprintf(Translate('Uw voornaam moet minstens %s karakters bevatten'), ENTRY_FIRST_NAME_MIN_LENGTH);
}
//Day of birth
if ($this->options['customers_dob'] == 'on') {
$dob = mysql_real_escape_string($data['dob']);
}
//Email adress
if ($this->options['customers_email_address'] == 'on') {
$email_address = mysql_real_escape_string($data['email_address']);
if (tep_validate_email($email_address) == false) {
$error = true;
$errors['email_address'] = Translate('Gelieve een geldig e-mailadres in te geven');
} else {
$check_email_query = tep_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
$check_email = tep_db_fetch_array($check_email_query);
if ($check_email['total'] > 0) {
$error = true;
$errors['email_address_exists'] = Translate('Het ingegeven e-mailadres bestaat al in ons systeem. Gelieve in te loggen of een account te registreren met een ander e-mailadres');
}
}
}
//Company
if ($this->options['entry_company'] == 'on') {
$company = mysql_real_escape_string($data['company']);
}
//BTW nummer
if ($this->options['billing_tva_intracom'] == 'on') {
$btwnr = mysql_real_escape_string($data['btwnr']);
}
//Forum
if (FORUM_ACTIVE == 'true' && FORUM_SYNC_USERS == 'true') {
if (!isset($data['forum_username'])) {
$data['forum_username'] = $name;
}
$forum_username = mysql_real_escape_string($data['forum_username']);
if (strlen($forum_username) < ENTRY_FORUM_USERNAME_MIN_LENGTH) {
$error = true;
$errors['forum_username'] = sprintf(Translate('Uw gebruikersnaam moet minstens %s karakters bevatten'), ENTRY_FORUM_USERNAME_MIN_LENGTH);
}
/*check username*/
$check_username_query = tep_db_query("SELECT user_id FROM " . FORUM_DB_DATABASE . ".users WHERE username_clean = '" . strtolower($forum_username) . "'");
$check_username = tep_db_fetch_array($check_username_query);
if (tep_db_num_rows($check_username_query) > 0) {
$error = true;
$errors['forum_username_exists'] = Translate('Deze gebruikernaam voor het forum is reeds in gebruik.');
}
/*check username*/
$check_email_query = tep_db_query("SELECT user_id FROM " . FORUM_DB_DATABASE . ".users WHERE user_email = '" . strtolower($email_address) . "'");
$check_email = tep_db_fetch_array($check_email_query);
if (tep_db_num_rows($check_email_query) > 0) {
$error = true;
$errors['email_address_exists'] = Translate('Het ingegeven e-mailadres bestaat al in ons systeem. Gelieve in te loggen of een account te registreren met een ander e-mailadres');
}
}
//Street address
if ($this->options['entry_street_address'] == 'on') {
$street_address = mysql_real_escape_string($data['street_address']);
if (!preg_match("/[a-zA-Z]\\s\\d/", $street_address)) {
$error = true;
$errors['street_address'] = Translate('Gelieve uw straat EN huisnummer in te geven.');
}
}
//Suburb
if ($this->options['entry_suburb'] == 'on') {
$suburb = mysql_real_escape_string($data['suburb']);
}
//Postcode
if ($this->options['entry_postcode'] == 'on') {
$postcode = mysql_real_escape_string($data['postcode']);
if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
$error = true;
$errors['postcode'] = sprintf(Translate('Uw postcode moet minstens %s karakters bevatten'), ENTRY_POSTCODE_MIN_LENGTH);
}
}
//City
if ($this->options['entry_city'] == 'on') {
$city = mysql_real_escape_string($data['city']);
if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
$error = true;
$errors['city'] = sprintf(Translate('Uw woonplaats moet minstens %s karakters bevatten'), ENTRY_CITY_MIN_LENGTH);
}
}
//State
if ($this->options['entry_state'] == 'on') {
$state = mysql_real_escape_string($data['state']);
}
//Zone
if ($this->options['entry_zone'] == 'on' && isset($data['zone_id'])) {
$zone_id = mysql_real_escape_string($data['zone_id']);
} else {
$zone_id = false;
}
//Country
if ($this->options['entry_country'] == 'on') {
$country = mysql_real_escape_string($data['country']);
if (is_numeric($country) == false || $country == '0') {
$error = true;
$errors['country'] = Translate('Gelieve een land uit de lijst te selecteren');
}
}
//Telephone
if ($this->options['customers_telephone'] == 'on') {
$telephone = mysql_real_escape_string($data['telephone']);
if (strlen($telephone) < 5) {
$error = true;
$errors['telephone'] = Translate('Gelieve op een correcte manier uw telefoonnummer in te geven.');
}
}
//Fax
if ($this->options['customers_fax'] == 'on') {
$fax = mysql_real_escape_string($data['fax']);
if ($fax != '') {
if (strlen($fax) < 5) {
$error = true;
$errors['fax'] = Translate('Gelieve op de correcte manier uw faxnummer in te geven.');
}
}
}
//Create account type
if ($this->options['create_account_mode'] == 'Direct access' || $this->options['create_account_mode'] == 'Moderated access') {
$password = mysql_real_escape_string($data['password']);
$confirmation = mysql_real_escape_string($data['confirmation']);
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$errors['password'] = sprintf(Translate('Uw paswoord moet minstens %s karakters bevatten'), ENTRY_PASSWORD_MIN_LENGTH);
} elseif ($password != $confirmation) {
$error = true;
$errors['confirmation'] = Translate('De ingevoerde wachtwoorden moeten hetzelfde zijn. Voer ze opnieuw in.');
}
}
if ($this->options['conditions_create_account'] != 'Uitgeschakeld' && CONDITIONS_MUST_ACCEPT == 'true') {
$terms = mysql_real_escape_string($data['TermsAgree']);
if (!$terms) {
$error = true;
$errors['terms'] = Translate('U moet akkoord gaan met de algemene voorwaarden voor u een account kan aanmaken!');
}
}
//Check if error
if ($error) {
return array('errors' => $errors);
} else {
if ($this->options['create_account_mode'] == 'Direct access' || $this->options['create_account_mode'] == 'Moderated access') {
/********************************/
/* Direct Or Moderated access */
/********************************/
if ($this->options['create_account_mode'] == 'Moderated access') {
$status = '0';
} else {
$status = '1';
}
//Newsletter
$lists = PHPLIST_LISTNUMBERS;
$lists = explode(';', $lists);
$newsletter = false;
foreach ($lists as $key => $list) {
if (isset($data['newsletters_' . $list])) {
put_user_in_list($list, 'subscribe', $email_address, $lastname . ' ' . $firstname);
$newsletter = true;
}
}
//Customers table
$sql_data_array = array('customers_firstname' => $name, 'customers_lastname' => '', 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_password' => tep_encrypt_password($password), 'status' => $status);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = tep_date_raw($dob);
}
tep_db_perform('customers', $sql_data_array);
$customer_id = tep_db_insert_id();
//Address book table
$sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $name, 'entry_lastname' => '', 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['billing_tva_intracom'] = $btwnr;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
tep_db_perform('address_book', $sql_data_array);
$address_id = tep_db_insert_id();
tep_db_query("update customers set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customer_id . "'");
//Customers info table
tep_db_query("insert into customers_info (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())");
//Session
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
$customer_first_name = $name;
$customer_default_address_id = $address_id;
$customer_country_id = $country;
$customer_zone_id = $zone_id;
if ($this->options['create_account_mode'] == 'Direct access') {
/********************/
/* Direct access */
/********************/
//Forum
if (FORUM_ACTIVE == 'true' && FORUM_SYNC_USERS == 'true' && !empty($forum_username)) {
/*add user*/
$sql_data_array = array('user_type' => '0', 'group_id' => '10', 'user_permissions' => '', 'user_ip' => $_SERVER['REMOTE_ADDR'], 'user_regdate' => time(), 'username' => $forum_username, 'username_clean' => strtolower($forum_username), 'user_password' => phpbb_hash($password), 'user_passchg' => time(), 'user_email' => strtolower($email_address), 'user_email_hash' => phpbb_email_hash(strtolower($email_address)), 'user_lastvisit' => time(), 'user_lastmark' => time(), 'user_lastpage' => FILENAME_CREATE_ACCOUNT, 'user_lang' => 'nl', 'user_timezone' => '1.00', 'user_dst' => '1', 'user_dateformat' => 'd M Y, H:i', 'user_style' => '3', 'user_form_salt' => unique_id(), 'user_new' => '1');
tep_db_perform(FORUM_DB_DATABASE . '.users', $sql_data_array, 'insert', false);
/*get user id*/
$get_forum_user_query = tep_db_query("SELECT user_id FROM " . FORUM_DB_DATABASE . ".users WHERE user_email = '" . $email_address . "'");
$get_forum_user = tep_db_fetch_array($get_forum_user_query);
$get_usergroup_query = tep_db_query("SELECT group_id FROM " . FORUM_DB_DATABASE . ".groups WHERE group_name = 'REGISTERED'");
$get_usergroup = tep_db_fetch_array($get_usergroup_query);
/*add user to groups*/
tep_db_query("INSERT INTO " . FORUM_DB_DATABASE . ".user_group (group_id, user_id, group_leader, user_pending) VALUES ('" . $get_usergroup['group_id'] . "','" . $get_forum_user['user_id'] . "','0','0')");
/*user is created, let's add session for autologin*/
if (FORUM_CROSS_LOGIN == 'true') {
$user->session_begin();
$auth->acl($user->data);
$auth->login(strtolower($forum_username), $password, false, 1, 0);
}
}
//Session
$_SESSION['customer_id'] = $customer_id;
$_SESSION['customer_first_name'] = $customer_first_name;
$_SESSION['customer_default_address_id'] = $customer_default_address_id;
$_SESSION['customer_country_id'] = $customer_country_id;
$_SESSION['customer_zone_id'] = $customer_zone_id;
// restore cart contents
$cart->restore_contents();
//HTML mail
$email_table = '<table cellspacing="0" cellpadding="0" border="0" width="587" bgcolor="#ffffff">';
$email_table .= '<tr><td style="width:5px;"></td><td>';
$email_table .= Translate('Beste ') . ' ' . $name . "\n\n";
$email_table .= "\n" . sprintf(Translate('Wij heten u welkom bij <b>%s</b>'), STORE_NAME) . "\n\n";
$email_table .= "\n" . Translate('U kunt nu gebruik maken van <b>verschillende services</b> die wij aanbieden. Enkele van deze services zijn:' . "\n\n" . '<li><b>Permanente Winkelwagen</b> - Elk product die u hierin plaatst zal daar blijven totdat u ze zelf verwijderd, of gaat afrekenen.' . "\n" . '<li><b>Bestel Geschiedenis</b> - Bekijk de bestellingen die u eerder heeft geplaatst.' . "\n\n");
//Cadeaubon voor nieuwe klanten
if (NEW_SIGNUP_GIFT_VOUCHER_AMOUNT > 0) {
$coupon_code = create_coupon_code();
$insert_query = tep_db_query("insert into coupons (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $coupon_code . "', 'G', '" . NEW_SIGNUP_GIFT_VOUCHER_AMOUNT . "', now())");
$insert_id = tep_db_insert_id();
$insert_query = tep_db_query("insert into coupon_email_track (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $email_address . "', now() )");
$email_table .= sprintf(Translate('Als deel van de verwelkoming van nieuwe klanten hebben wij u een cadeaubon verstuurd ter waarde van %s'), $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT)) . "\n\n";
$email_table .= Translate('U kan de cadeaubon valideren door op deze link te klikken') . ' <a href="' . tep_href_link(FILENAME_GV_REDEEM, 'gift=' . $coupon_code, 'NONSSL', false) . '">' . tep_href_link(FILENAME_GV_REDEEM, 'gift=' . $coupon_code, 'NONSSL', false) . '</a>' . "\n\n";
}
//Coupon code voor nieuwe klanten
if (NEW_SIGNUP_DISCOUNT_COUPON != '') {
$coupon_code = NEW_SIGNUP_DISCOUNT_COUPON;
$coupon_query = tep_db_query("select * from coupons where coupon_code = '" . $coupon_code . "'");
$coupon = tep_db_fetch_array($coupon_query);
$coupon_id = $coupon['coupon_id'];
$coupon_desc_query = tep_db_query("select * from coupons_description where coupon_id = '" . $coupon_id . "' and language_id = '" . (int) $languages_id . "'");
$coupon_desc = tep_db_fetch_array($coupon_desc_query);
$insert_query = tep_db_query("insert into coupon_email_track (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )");
$email_table .= Translate('Proficiat, om uw eerste bezoek aan onze shop aangenamer te maken zenden wij u een kortings coupon.') . "\n";
$email_table .= sprintf(Translate('Om de coupon te gebruiken vult u de coupon code, %s, in tijdens de checkout.'), $coupon['coupon_code']) . "\n\n";
}
$email_table .= "\n" . Translate('Voor hulp met een van deze services kunt u een email sturen naar ' . STORE_NAME . ': ' . STORE_OWNER_EMAIL_ADDRESS . '.' . "\n\n");
$email_table .= '</td><td style="width: 5px;"></td></tr></table>';
$Varlogo = '<a href="' . HTTP_SERVER . DIR_WS_CATALOG . '"><img src="' . HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . 'mail/logo.jpg" border="0" /></a> ';
$Vartable1 = '<table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#ffffff">';
$Vartable2 = '<table width="100%" border="0" cellpadding="3" cellspacing="3" bgcolor="#EFEFEF">';
$Vartext1 = '<h1>' . Translate('Account aanmaken') . '</h1>';
$Vartext2 = $email_table;
//content
$Varcopyright = 'Copyright © ' . date('Y');
$Varmailfooter = Translate('Dit email adres is ingegeven op onze website door u of door een van onze bezoekers. Als u zich niet ingeschreven hebt op onze website contacteer ons dan via') . ' <a href="mailto:' . STORE_OWNER_EMAIL_ADDRESS . '">' . STORE_OWNER_EMAIL_ADDRESS . '</a>';
require DIR_WS_MODULES . 'email/html_create_account.php';
$email_text = $html_email_text;
//Send mail
tep_mail($name, $email_address, sprintf(Translate('Welkom bij %s'), STORE_NAME), $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
} else {
/************************/
/* Moderated access */
/************************/
//Mail to store owner
$email_table = '<table cellspacing="0" cellpadding="0" border="0" width="587" bgcolor="#ffffff">';
$email_table .= '<tr><td style="width:5px;"></td><td>';
$email_table .= Translate('Beste ') . ' ' . Translate('beheerder') . "\n\n";
$email_table .= "\n" . sprintf(Translate('Een bezoeker heeft zich geregistreerd via %s'), STORE_NAME) . "\n\n";
$email_table .= "\n\n" . Translate('Deze klant zal pas kunnen inloggen op het beveiligd gedeelte van de website, nadat u de account activeert door middel van onderstaande link.') . "\n\n";
$email_table .= "\n\n" . '<a href="' . HTTP_SERVER . DIR_WS_HTTP_CATALOG . 'scripts/user_activate.php?user='******'">' . Translate('account activeren') . "</a>" . "\n\n";
$email_table .= '<table cellspacing="0" cellpadding="3" border="0" width="100%">';
$email_table .= '<tr><td width="150">' . Translate('Naam') . ': </td><td>' . $name . '</td></tr>';
//Email
if ($this->options['customers_email_address'] == 'on') {
$email_table .= "<tr><td>" . Translate('E-mailadres') . ': </td><td>' . $email_address . '</td></tr>';
}
//Company
if ($this->options['entry_company'] == 'on') {
$email_table .= "<tr><td>" . Translate('Bedrijfsnaam') . ': </td><td>' . $company . '</td></tr>';
}
//BTW nummer
if ($this->options['billing_tva_intracom'] == 'on') {
$email_table .= "<tr><td>" . Translate('BTW Nummer') . ': </td><td>' . $btwnr . '</td></tr>';
}
//Street address
if ($this->options['entry_street_address'] == 'on') {
$email_table .= "<tr><td>" . Translate('Straat en huisnummer') . ': </td><td>' . $street_address . '</td></tr>';
}
//Postcode
if ($this->options['entry_postcode'] == 'on') {
$email_table .= "<tr><td>" . Translate('Postcode') . ': </td><td>' . $postcode . '</td></tr>';
}
//City
if ($this->options['entry_city'] == 'on') {
$email_table .= "<tr><td>" . Translate('Woonplaats') . ': </td><td>' . $city . '</td></tr>';
}
//Telephone
if ($this->options['customers_telephone'] == 'on') {
$email_table .= "<tr><td>" . Translate('Telefoonnummer') . ': </td><td>' . $telephone . '</td></tr>';
}
//Fax
if ($this->options['customers_fax'] == 'on') {
$email_table .= "<tr><td>" . Translate('Faxnummer') . ': </td><td>' . $fax . '</td></tr>';
}
//Country
if ($this->options['entry_country'] == 'on') {
$email_table .= "<tr><td>" . Translate('Land') . ': </td><td>' . tep_get_country_name($country) . '</td></tr>';
}
$email_table .= '</table>';
$email_table .= '</td><td style="width: 5px;"></td></tr></table>';
$Varlogo = '<a href="' . HTTP_SERVER . DIR_WS_CATALOG . '"><img src="' . HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . 'mail/logo.jpg" border="0" /></a> ';
$Vartable1 = '<table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#ffffff">';
$Vartable2 = '<table width="100%" border="0" cellpadding="3" cellspacing="3" bgcolor="#EFEFEF">';
$Vartext1 = '<h1>' . Translate('Account aanmaken') . '</h1>';
$Vartext2 = $email_table;
//content
$Varcopyright = Translate('Copyright © 2010');
$Varmailfooter = Translate('Dit email adres is ingegeven op onze website door u of door een van onze bezoekers. Als u zich niet ingeschreven hebt op onze website contacteer ons dan via') . ' <a href="mailto:' . STORE_OWNER_EMAIL_ADDRESS . '">' . STORE_OWNER_EMAIL_ADDRESS . '</a>';
require DIR_WS_MODULES . 'email/html_create_account.php';
$email_text = $html_email_text;
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, Translate('Nieuwe registratie'), $email_text, $name, $email_address);
//Mail to customer
$email_table = '<table cellspacing="0" cellpadding="0" border="0" width="587" bgcolor="#ffffff">';
$email_table .= '<tr><td style="width:5px;"></td><td>';
$email_table .= Translate('Beste ') . ' ' . $name . "\n\n";
$email_table .= "\n\n" . Translate('Uw account voor onze website werd succesvol aangevraagd. Hieronder vind u nog eens de ingevulde gegevens. Uw gegevens zijn aan ons doorgegeven voor moderatie. Van zodra uw account geactiveerd is, ontvangt u hierover een e-mail.') . "\n\n";
$email_table .= '<table cellspacing="0" cellpadding="3" border="0" width="100%">';
$email_table .= '<tr><td width="150">' . Translate('Naam') . ': </td><td>' . $name . '</td></tr>';
//Email
if ($this->options['customers_email_address'] == 'on') {
$email_table .= "<tr><td>" . Translate('E-mailadres') . ': </td><td>' . $email_address . '</td></tr>';
}
//Company
if ($this->options['entry_company'] == 'on') {
$email_table .= "<tr><td>" . Translate('Bedrijfsnaam') . ': </td><td>' . $company . '</td></tr>';
}
//BTW nummer
if ($this->options['billing_tva_intracom'] == 'on') {
$email_table .= "<tr><td>" . Translate('BTW Nummer') . ': </td><td>' . $btwnr . '</td></tr>';
}
//Street address
if ($this->options['entry_street_address'] == 'on') {
$email_table .= "<tr><td>" . Translate('Straat en huisnummer') . ': </td><td>' . $street_address . '</td></tr>';
}
//Postcode
if ($this->options['entry_postcode'] == 'on') {
$email_table .= "<tr><td>" . Translate('Postcode') . ': </td><td>' . $postcode . '</td></tr>';
}
//City
if ($this->options['entry_city'] == 'on') {
$email_table .= "<tr><td>" . Translate('Woonplaats') . ': </td><td>' . $city . '</td></tr>';
}
//Telephone
if ($this->options['customers_telephone'] == 'on') {
$email_table .= "<tr><td>" . Translate('Telefoonnummer') . ': </td><td>' . $telephone . '</td></tr>';
}
//Fax
if ($this->options['customers_fax'] == 'on') {
$email_table .= "<tr><td>" . Translate('Faxnummer') . ': </td><td>' . $fax . '</td></tr>';
}
//Country
if ($this->options['entry_country'] == 'on') {
$email_table .= "<tr><td>" . Translate('Land') . ': </td><td>' . tep_get_country_name($country) . '</td></tr>';
}
$email_table .= '</table>';
$email_table .= '</td><td style="width: 5px;"></td></tr></table>';
$Varlogo = '<a href="' . HTTP_SERVER . DIR_WS_CATALOG . '"><img src="' . HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . 'mail/logo.jpg" border="0" /></a> ';
$Vartable1 = '<table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#ffffff">';
$Vartable2 = '<table width="100%" border="0" cellpadding="3" cellspacing="3" bgcolor="#EFEFEF">';
$Vartext1 = '<h1>' . Translate('Account aanmaken') . '</h1>';
$Vartext2 = $email_table;
//content
$Varcopyright = Translate('Copyright © 2010');
$Varmailfooter = Translate('Dit email adres is ingegeven op onze website door u of door een van onze bezoekers. Als u zich niet ingeschreven hebt op onze website contacteer ons dan via') . ' <a href="mailto:' . STORE_OWNER_EMAIL_ADDRESS . '">' . STORE_OWNER_EMAIL_ADDRESS . '</a>';
require DIR_WS_MODULES . 'email/html_create_account.php';
$email_text = $html_email_text;
tep_mail($name, $email_address, Translate('Nieuwe registratie'), $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
} else {
/********************/
/* Request account */
/********************/
$email_table = '<table cellspacing="0" cellpadding="0" border="0" width="587" bgcolor="#ffffff">';
$email_table .= '<tr><td style="width:5px;"></td><td>';
$email_table .= Translate('Beste ') . ' ' . Translate('beheerder') . "\n\n";
$email_table .= "\n" . sprintf(Translate('Een bezoeker heeft zich geregistreerd via %s'), STORE_NAME) . "\n\n";
$email_table .= '<table cellspacing="0" cellpadding="3" border="0" width="100%">';
$email_table .= '<tr><td width="150">' . Translate('Naam') . ': </td><td>' . $name . '</td></tr>';
//Email
if ($this->options['customers_email_address'] == 'on') {
$email_table .= "<tr><td>" . Translate('E-mailadres') . ': </td><td>' . $email_address . '</td></tr>';
}
//Company
if ($this->options['entry_company'] == 'on') {
$email_table .= "<tr><td>" . Translate('Bedrijfsnaam') . ': </td><td>' . $company . '</td></tr>';
}
//BTW nummer
if ($this->options['billing_tva_intracom'] == 'on') {
$email_table .= "<tr><td>" . Translate('BTW Nummer') . ': </td><td>' . $btwnr . '</td></tr>';
}
//Street address
if ($this->options['entry_street_address'] == 'on') {
$email_table .= "<tr><td>" . Translate('Straat en huisnummer') . ': </td><td>' . $street_address . '</td></tr>';
}
//Postcode
if ($this->options['entry_postcode'] == 'on') {
$email_table .= "<tr><td>" . Translate('Postcode') . ': </td><td>' . $postcode . '</td></tr>';
}
//City
if ($this->options['entry_city'] == 'on') {
$email_table .= "<tr><td>" . Translate('Woonplaats') . ': </td><td>' . $city . '</td></tr>';
}
//Telephone
if ($this->options['customers_telephone'] == 'on') {
$email_table .= "<tr><td>" . Translate('Telefoonnummer') . ': </td><td>' . $telephone . '</td></tr>';
}
//Fax
if ($this->options['customers_fax'] == 'on') {
$email_table .= "<tr><td>" . Translate('Faxnummer') . ': </td><td>' . $fax . '</td></tr>';
}
//Country
if ($this->options['entry_country'] == 'on') {
$email_table .= "<tr><td>" . Translate('Land') . ': </td><td>' . tep_get_country_name($country) . '</td></tr>';
}
$email_table .= '</table>';
$email_table .= "\n\n" . Translate('Zonder manuele toevoeging in het softwarepakket, zal deze klant niet toegelaten worden in het beveiligde gedeelte van de website. ') . "\n\n";
$email_table .= '</td><td style="width: 5px;"></td></tr></table>';
$Varlogo = '<a href="' . HTTP_SERVER . DIR_WS_CATALOG . '"><img src="' . HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . 'mail/logo.jpg" border="0" /></a> ';
$Vartable1 = '<table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#ffffff">';
$Vartable2 = '<table width="100%" border="0" cellpadding="3" cellspacing="3" bgcolor="#EFEFEF">';
$Vartext1 = '<h1>' . Translate('Account aanmaken') . '</h1>';
$Vartext2 = $email_table;
//content
$Varcopyright = Translate('Copyright © 2010');
$Varmailfooter = Translate('Dit email adres is ingegeven op onze website door u of door een van onze bezoekers. Als u zich niet ingeschreven hebt op onze website contacteer ons dan via') . ' <a href="mailto:' . STORE_OWNER_EMAIL_ADDRESS . '">' . STORE_OWNER_EMAIL_ADDRESS . '</a>';
require DIR_WS_MODULES . 'email/html_create_account.php';
$email_text = $html_email_text;
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, Translate('Nieuwe registratie'), $email_text, $name, $email_address);
}
return array('address_book_id' => $address_id, 'customer_id' => $customer_id);
}
}
}
// Check Company
$entry_company_error = false;
$entry_company_taxid_error = false;
// Check Newsletter
$entry_newsletter_error = false;
// Check Payment
$entry_payment_check_error = false;
$entry_payment_paypal_error = false;
$entry_payment_bank_name_error = false;
$entry_payment_bank_branch_number_error = false;
$entry_payment_bank_swift_code_error = false;
$entry_payment_bank_account_name_error = false;
$entry_payment_bank_account_number_error = false;
if (!$error) {
$sql_data_array = array('affiliate_firstname' => $a_firstname, 'affiliate_lastname' => $a_lastname, 'affiliate_email_address' => $a_email_address, 'affiliate_payment_check' => $a_payment_check, 'affiliate_payment_paypal' => $a_payment_paypal, 'affiliate_payment_bank_name' => $a_payment_bank_name, 'affiliate_payment_bank_branch_number' => $a_payment_bank_branch_number, 'affiliate_payment_bank_swift_code' => $a_payment_bank_swift_code, 'affiliate_payment_bank_account_name' => $a_payment_bank_account_name, 'affiliate_payment_bank_account_number' => $a_payment_bank_account_number, 'affiliate_street_address' => $a_street_address, 'affiliate_postcode' => $a_postcode, 'affiliate_city' => $a_city, 'affiliate_country_id' => $a_country, 'affiliate_telephone' => $a_telephone, 'affiliate_fax' => $a_fax, 'affiliate_homepage' => $a_homepage, 'affiliate_password' => tep_encrypt_password($a_password), 'affiliate_agb' => '1', 'affiliate_newsletter' => $a_newsletter);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['affiliate_gender'] = $a_gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['affiliate_dob'] = tep_date_raw($a_dob);
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['affiliate_company'] = $a_company;
$sql_data_array['affiliate_company_taxid'] = $a_company_taxid;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['affiliate_suburb'] = $a_suburb;
}
if (ACCOUNT_STATE == 'true') {
// +Country-State Selector
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT;
try {
$dateset = date("Y-m-d");
$dateto = tep_db_prepare_input($HTTP_POST_VARS['dateden']);
$datego = tep_db_prepare_input($HTTP_POST_VARS['datedi']);
$payment = tep_db_prepare_input($HTTP_POST_VARS['payment']);
$numberroom = tep_db_prepare_input($HTTP_POST_VARS['numberroom']);
$accuont_id = null;
if (tep_session_is_registered('customer_first_name') && tep_session_is_registered('customer_id')) {
$custommer_id = $customer_first_name;
} else {
$name = tep_db_prepare_input($HTTP_POST_VARS['name']);
$stress_address = tep_db_prepare_input($HTTP_POST_VARS['address']);
$telephone = tep_db_prepare_input($HTTP_POST_VARS['telephone']);
$sql_data_array = array('customers_firstname' => $name, 'customers_lastname' => $stress_address, 'customers_gender' => $gender, 'customers_dob' => $birthday, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_password' => tep_encrypt_password($password));
tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = tep_db_insert_id();
}
$sql_data_array = array('booking_form_dateset' => $dateset, 'booking_form_dateto' => $dateto, 'booking_form_datego' => $datego, 'booking_form_custommers_id' => $customer_id, 'booking_form_account_id' => $accuont_id, 'booking_form_payment_methods_id' => $payment, 'booking_form_number_room' => $numberroom);
tep_db_perform(booking_form, $sql_data_array);
$booking_form_id = tep_db_insert_id();
echo "Thanh cong";
} catch (Exception $e) {
echo 'Exception caught: ', $e->getMessage(), "\n";
}
foreach ($_SESSION['cart_room'] as $key => $value) {
if ($key != null and $value != NULL) {
}
}
tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));
}
break;
case 'save_account':
$admin_id = tep_db_prepare_input($_POST['id_info']);
$admin_email_address = tep_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$hiddenPassword = '******';
$check_email_query = tep_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
while ($check_email = tep_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (in_array($_POST['admin_email_address'], $stored_email)) {
tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email'));
} else {
$sql_data_array = array('admin_username' => tep_db_prepare_input($_POST['admin_username']), 'admin_firstname' => tep_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => tep_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => tep_db_prepare_input($_POST['admin_email_address']), 'admin_password' => tep_encrypt_password(tep_db_prepare_input($_POST['admin_password'])), 'admin_modified' => 'now()');
tep_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
tep_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_username'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'page=' . $_GET['page'] . '&mID=' . $admin_id));
}
break;
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN;
if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (tep_db_num_rows($check_customer_query)) {
$check_customer = tep_db_fetch_array($check_customer_query);
$new_password = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = tep_encrypt_password($new_password);
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
} else {
$messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
}
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL'));
require DIR_WS_INCLUDES . 'template_top.php';
?>
<?php
echo tep_draw_form('password_forgotten', tep_href_link(FILENAME_PASSWORD_FORGOTTEN, 'action=process', 'SSL'), 'post', '', true);
}
// needs to be included earlier to set the success message in the messageStack
require DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/content/account/cm_account_set_password.php';
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$password_new = HTML::sanitize($_POST['password_new']);
$password_confirmation = HTML::sanitize($_POST['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password_new)], ['customers_id' => $_SESSION['customer_id']]);
$OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => $_SESSION['customer_id']]);
$messageStack->add_session('account', MODULE_CONTENT_ACCOUNT_SET_PASSWORD_SUCCESS_PASSWORD_SET, 'success');
OSCOM::redirect('account.php', '', 'SSL');
}
}
$breadcrumb->add(MODULE_CONTENT_ACCOUNT_SET_PASSWORD_NAVBAR_TITLE_1, OSCOM::link('account.php', '', 'SSL'));
$breadcrumb->add(MODULE_CONTENT_ACCOUNT_SET_PASSWORD_NAVBAR_TITLE_2, OSCOM::link('ext/modules/content/account/set_password.php', '', 'SSL'));
require 'includes/template_top.php';
?>
<div class="page-header">
<h1><?php
echo MODULE_CONTENT_ACCOUNT_SET_PASSWORD_HEADING_TITLE;
?>
</h1>
}
}
}
$messageStack->add(ERROR_INVALID_ADMINISTRATOR, 'error');
break;
case 'logoff':
tep_session_unregister('selected_box');
tep_session_unregister('admin');
tep_redirect(tep_href_link(FILENAME_DEFAULT));
break;
case 'create':
$check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");
if (tep_db_num_rows($check_query) == 0) {
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
tep_db_query('insert into ' . TABLE_ADMINISTRATORS . ' (user_name, user_password) values ("' . $username . '", "' . tep_encrypt_password($password) . '")');
}
tep_redirect(tep_href_link(FILENAME_LOGIN));
break;
}
}
$languages = tep_get_languages();
$languages_array = array();
$languages_selected = DEFAULT_LANGUAGE;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$languages_array[] = array('id' => $languages[$i]['code'], 'text' => $languages[$i]['name']);
if ($languages[$i]['directory'] == $language) {
$languages_selected = $languages[$i]['code'];
}
}
$admins_check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");
function ec_step2()
{
global $HTTP_GET_VARS, $paypal_ec_token, $customer_id, $customer_first_name, $language;
global $customer_default_address_id, $sendto;
//Visitor just came back from PayPal and so we collect all the info returned, create an account if necessary,
//then log them in, and then send them to checkout_shipping.php. What a long, strange trip it's been.
if ($paypal_ec_token == '') {
if (isset($HTTP_GET_VARS['token'])) {
$paypal_ec_token = $HTTP_GET_VARS['token'];
} else {
$this->away_with_you(MODULE_PAYMENT_PAYPAL_DP_INVALID_RESPONSE, true);
}
}
//Make sure the token is in the correct format
if (!ereg("([C-E]{2})-([A-Z0-9]{17})", $paypal_ec_token)) {
$this->away_with_you(MODULE_PAYMENT_PAYPAL_DP_INVALID_RESPONSE, true);
}
$caller = $this->paypal_init();
$ecdt =& Services_PayPal::getType('GetExpressCheckoutDetailsRequestType');
$ecdt->setToken($paypal_ec_token);
$response = $caller->GetExpressCheckoutDetails($ecdt);
if (strlen(Services_PayPal::isError($response)) > 0 || $response->Ack != 'Success' && $response->Ack != 'SuccessWithWarning') {
if ($this->enableDebugging == '1') {
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'PayPal Error Dump', "In function: ec_step2()\r\n\r\n" . var_dump($response), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
$this->away_with_you(MODULE_PAYMENT_PAYPAL_DP_GEN_ERROR . $this->return_transaction_errors($response->Errors), true);
} else {
//This is an array of all the info sent back by PayPal
$details = $response->getGetExpressCheckoutDetailsResponseDetails();
$payer_info = $details->getPayerInfo();
if (MODULE_PAYMENT_PAYPAL_DP_REQ_VERIFIED == 'Yes' && strtolower($payer_info->PayerStatus) != 'verified') {
$this->away_with_you(MODULE_PAYMENT_PAYPAL_DP_TEXT_UNVERIFIED, true);
}
$paypal_ec_payer_id = $payer_info->getPayerID();
tep_session_register('paypal_ec_payer_id');
$_SESSION['paypal_ec_payer_id'] = $paypal_ec_payer_id;
$fullname = $payer_info->getPayerName();
$address_info = $payer_info->getAddress();
//Hoag: Begin telephone fix (1 of 3)
$phone = $details->getContactPhone();
//Hoag: End telephone fix (1 of 3)
//I didn't include the international variables since PayPal only supports USD at this time
$paypal_ec_payer_info = array('payer_id' => $payer_info->PayerID, 'payer_email' => $payer_info->Payer, 'payer_firstname' => $fullname->FirstName, 'payer_lastname' => $fullname->LastName, 'payer_business' => $payer_info->PayerBusiness, 'payer_status' => $payer_info->PayerStatus, 'ship_owner' => $address_info->AddressOwner, 'ship_name' => $address_info->Name, 'ship_street_1' => $address_info->Street1, 'ship_street_2' => $address_info->Street2, 'ship_city' => $address_info->CityName, 'ship_state' => $address_info->StateOrProvince, 'ship_postal_code' => $address_info->PostalCode, 'ship_country' => $address_info->Country, 'ship_country_name' => $address_info->CountryName, 'ship_phone' => $address_info->Phone, 'ship_phone' => $phone, 'ship_address_status' => $address_info->AddressStatus);
//$_SESSION['paypal_ec_payer_info'] = $paypal_ec_payer_info;
tep_session_register('paypal_ec_payer_info');
//Get the customer's country ID.
$country_query = tep_db_query("SELECT countries_id, address_format_id FROM " . TABLE_COUNTRIES . " WHERE countries_name = '" . $paypal_ec_payer_info['ship_country_name'] . "' LIMIT 1");
if (tep_db_num_rows($country_query) > 0) {
$country = tep_db_fetch_array($country_query);
$country_id = $country['countries_id'];
$address_format_id = $country['address_format_id'];
} else {
$country_id = '';
$address_format_id = '2';
//2 is the American format
}
$states_query = tep_db_query("SELECT zone_id FROM " . TABLE_ZONES . " WHERE zone_code = '" . $paypal_ec_payer_info['ship_state'] . "' AND zone_country_id = '" . $country_id . "' LIMIT 1");
if (tep_db_num_rows($states_query) > 0) {
$states = tep_db_fetch_array($states_query);
$state_id = $states['zone_id'];
} else {
$state_id = '';
}
$order->customer['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname'];
$order->customer['company'] = $paypal_ec_payer_info['payer_business'];
$order->customer['street_address'] = $paypal_ec_payer_info['ship_street_1'];
$order->customer['suburb'] = $paypal_ec_payer_info['ship_street_2'];
$order->customer['city'] = $paypal_ec_payer_info['ship_city'];
$order->customer['postcode'] = $paypal_ec_payer_info['ship_postal_code'];
$order->customer['state'] = $paypal_ec_payer_info['ship_state'];
$order->customer['country'] = $paypal_ec_payer_info['ship_country_name'];
$order->customer['format_id'] = $address_format_id;
$order->customer['email_address'] = $paypal_ec_payer_info['payer_email'];
//Hoag: Begin telephone fix (3 of 3)
$order->customer['telephone'] = $paypal_ec_payer_info['ship_phone'];
//Hoag: End telephone fix (3 of 3)
//For some reason, $order->billing gets erased between here and checkout_confirmation.php
$order->billing['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname'];
$order->billing['company'] = $paypal_ec_payer_info['payer_business'];
$order->billing['street_address'] = $paypal_ec_payer_info['ship_street_1'];
$order->billing['suburb'] = $paypal_ec_payer_info['ship_street_2'];
$order->billing['city'] = $paypal_ec_payer_info['ship_city'];
$order->billing['postcode'] = $paypal_ec_payer_info['ship_postal_code'];
$order->billing['state'] = $paypal_ec_payer_info['ship_state'];
$order->billing['country'] = $paypal_ec_payer_info['ship_country_name'];
$order->billing['format_id'] = $address_format_id;
/*Disabled for now
//If they selected an address on PayPal's site with a different zipcode than was previously selected
//send them back to the shipping page
if ($order->delivery['postcode'] == $paypal_ec_payer_info['ship_postal_code']) {
$goto_shipping = false;
} else {
$goto_shipping = true;
}
*/
$order->delivery['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname'];
$order->delivery['company'] = $paypal_ec_payer_info['payer_business'];
$order->delivery['street_address'] = $paypal_ec_payer_info['ship_street_1'];
$order->delivery['suburb'] = $paypal_ec_payer_info['ship_street_2'];
$order->delivery['city'] = $paypal_ec_payer_info['ship_city'];
$order->delivery['postcode'] = $paypal_ec_payer_info['ship_postal_code'];
$order->delivery['state'] = $paypal_ec_payer_info['ship_state'];
$order->delivery['country'] = $paypal_ec_payer_info['ship_country_name'];
$order->delivery['format_id'] = $address_format_id;
if (!tep_session_is_registered('paypal_ec_temp')) {
tep_session_register('paypal_ec_temp');
}
if (tep_session_is_registered('customer_first_name') && tep_session_is_registered('customer_id')) {
//They're logged in, so forward them straight to checkout_shipping.php
$order->customer['id'] = $customer_id;
if (!tep_session_is_registered('sendto')) {
tep_session_register('sendto');
}
$_SESSION['sendto'] = $customer_default_address_id;
$_SESSION['paypal_ec_temp'] = false;
$this->away_with_you();
/*disabled for now
//0.6.2b modification. If they already have a shipping amount calculated for this zip code, send them on instead of backwards
if ($goto_shipping) {
$this->away_with_you();
} else {
$this->away_with_you('', false, FILENAME_CHECKOUT_CONFIRMATION);
}
*/
} else {
//They're not logged in. Create an account if necessary, and then log them in.
//First, see if they're an existing customer
//If Paypal didn't send an email address, something went wrong
if (trim($paypal_ec_payer_info['payer_email']) == '') {
$this->away_with_you(MODULE_PAYMENT_PAYPAL_DP_INVALID_RESPONSE, true);
}
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_paypal_payerid, customers_paypal_ec from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($paypal_ec_payer_info['payer_email']) . "'");
$check_customer = tep_db_fetch_array($check_customer_query);
if (tep_db_num_rows($check_customer_query) > 0) {
$check_customer = tep_db_fetch_array($check_customer_query);
$acct_exists = true;
if ($check_customer['customers_paypal_ec'] == '1') {
//Delete the existing temporary account
$this->ec_delete_user($check_customer['customers_id']);
$acct_exists = false;
}
}
//Create an account
if (!$acct_exists) {
//Generate a random 8-char password
$salt = "46z3haZzegmn676PA3rUw2vrkhcLEn2p1c6gf7vp2ny4u3qqfqBh5j6kDhuLmyv9xf";
srand((double) microtime() * 1000000);
$password = '';
for ($x = 0; $x < 7; $x++) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$password = $password . $tmp;
}
$sql_data_array = array('customers_firstname' => $paypal_ec_payer_info['payer_firstname'], 'customers_lastname' => $paypal_ec_payer_info['payer_lastname'], 'customers_email_address' => $paypal_ec_payer_info['payer_email'], 'customers_telephone' => $paypal_ec_payer_info['ship_phone'], 'customers_fax' => '', 'customers_newsletter' => '0', 'customers_password' => tep_encrypt_password($password), 'customers_paypal_payerid' => $paypal_ec_payer_id);
tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = tep_db_insert_id();
$sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $paypal_ec_payer_info['payer_firstname'], 'entry_lastname' => $paypal_ec_payer_info['payer_lastname'], 'entry_street_address' => $paypal_ec_payer_info['ship_street_1'], 'entry_suburb' => $paypal_ec_payer_info['ship_street_2'], 'entry_city' => $paypal_ec_payer_info['ship_city'], 'entry_zone_id' => $state_id, 'entry_postcode' => $paypal_ec_payer_info['ship_postal_code'], 'entry_country_id' => $country_id);
tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = tep_db_insert_id();
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customer_id . "'");
tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())");
if (MODULE_PAYMENT_PAYPAL_DP_NEW_ACCT_NOTIFY == 'Yes') {
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_CREATE_ACCOUNT;
$email_text = sprintf(EMAIL_GREET_NONE, $paypal_ec_payer_info['payer_firstname']) . EMAIL_WELCOME . EMAIL_TEXT;
$email_text .= EMAIL_EC_ACCOUNT_INFORMATION . "Username: "******"\nPassword: "******"\n\n";
$email_text .= EMAIL_CONTACT;
tep_mail($paypal_ec_payer_info['payer_firstname'] . " " . $paypal_ec_payer_info['payer_lastname'], $paypal_ec_payer_info['payer_email'], EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$_SESSION['paypal_ec_temp'] = false;
} else {
//Make it a temporary account that'll be deleted once they've checked out
tep_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_paypal_ec = '1' WHERE customers_id = '" . (int) $customer_id . "'");
$_SESSION['paypal_ec_temp'] = True;
}
} else {
$_SESSION['paypal_ec_temp'] = false;
}
$sendto = $address_id;
if (!tep_session_is_registered('sendto')) {
tep_session_register('sendto');
}
$this->user_login($_SESSION['paypal_ec_payer_info']['payer_email']);
}
}
}
?>
<script type="text/javascript">
$(document).ready(function() {
$('#emailCheck').css({ 'display': 'block'});
$("#TermsAgree").removeAttr("checked");
$('#Customers_info_input_password').val('');
$('#Customers_info_input_password').attr("placeholder", "Wachtwoord");
$('#Customers_info_input_password2').val('');
$('#Customers_info_input_password2').attr("placeholder", "Wachtwoord bevestigen");
});
</script>
<?php
} else {
$sql_data_array = array('customers_firstname' => $lastname . ' ' . $firstname, 'customers_lastname' => '', 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_password' => tep_encrypt_password($password), 'status' => '1');
tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = tep_db_insert_id();
$sql_data_array1 = array('customers_id' => $customer_id, 'entry_firstname' => $lastname . ' ' . $firstname, 'entry_lastname' => '', 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array1);
$address_id = tep_db_insert_id();
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customer_id . "'");
tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customer_id . "', '0', now())");
}
?>
<?php
}
// nikhil
?>
</div>
</div>
$messageStack->add_session(ERROR_ADMINISTRATOR_EXISTS, 'error');
}
tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
break;
case 'save':
require 'includes/functions/password_funcs.php';
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
$check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
$check = tep_db_fetch_array($check_query);
if ($admin['id'] == $check['id']) {
$admin['username'] = $username;
}
tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_name = '" . tep_db_input($username) . "' where id = '" . (int) $HTTP_GET_VARS['aID'] . "'");
if (tep_not_null($password)) {
tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_password = '******' where id = '" . (int) $HTTP_GET_VARS['aID'] . "'");
}
tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . (int) $HTTP_GET_VARS['aID']));
break;
case 'deleteconfirm':
$id = tep_db_prepare_input($HTTP_GET_VARS['aID']);
$check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
$check = tep_db_fetch_array($check_query);
if ($id == $check['id']) {
tep_session_unregister('admin');
}
tep_db_query("delete from " . TABLE_ADMINISTRATORS . " where id = '" . (int) $id . "'");
tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
break;
}
}
Copyright (c) 2005 osCommerce
Released under the GNU General Public License
*/
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $osC_Session->value('language') . '/' . FILENAME_PASSWORD_FORGOTTEN;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$Qcheck = $osC_Database->query('select customers_id, customers_firstname, customers_lastname, customers_password from :table_customers where customers_email_address = :customers_email_address');
$Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcheck->bindValue(':customers_email_address', $_POST['email_address']);
$Qcheck->execute();
if ($Qcheck->numberOfRows()) {
$new_password = tep_create_random_value(ACCOUNT_PASSWORD);
$Qupdate = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id');
$Qupdate->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qupdate->bindValue(':customers_password', tep_encrypt_password($new_password));
$Qupdate->bindInt(':customers_id', $Qcheck->valueInt('customers_id'));
$Qupdate->execute();
tep_mail($Qcheck->valueProtected('customers_firstname') . ' ' . $Qcheck->valueProtected('customers_lastname'), $_POST['email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
} else {
$messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
}
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL'));
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php
echo HTML_PARAMS;
// Check if email exists
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
if (!tep_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
// migrate old hashed password to new phpass password
if (tep_password_type($check_customer['customers_password']) != 'phpass') {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
}
$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
$customer_id = $check_customer['customers_id'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
tep_session_register('customer_id');
tep_session_register('customer_default_address_id');
tep_session_register('customer_first_name');
tep_session_register('customer_country_id');
tep_session_register('customer_zone_id');
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = '" . (int) $customer_id . "'");
// reset session token
}
// needs to be included earlier to set the success message in the messageStack
require DIR_WS_LANGUAGES . $_SESSION['language'] . '/modules/content/account/cm_account_set_password.php';
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$password_new = tep_db_prepare_input($_POST['password_new']);
$password_confirmation = tep_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $customer_id . "'");
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'");
$messageStack->add_session('account', MODULE_CONTENT_ACCOUNT_SET_PASSWORD_SUCCESS_PASSWORD_SET, 'success');
tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}
}
$breadcrumb->add(MODULE_CONTENT_ACCOUNT_SET_PASSWORD_NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(MODULE_CONTENT_ACCOUNT_SET_PASSWORD_NAVBAR_TITLE_2, tep_href_link('ext/modules/content/account/set_password.php', '', 'SSL'));
require DIR_WS_INCLUDES . 'template_top.php';
?>
<div class="page-header">
<h1><?php
echo MODULE_CONTENT_ACCOUNT_SET_PASSWORD_HEADING_TITLE;
?>
</h1>
/**
* Process a <new-order-notification>.
*
* If the email user does not exist, create the user and log in.
*
* If the user does not exist as a Google Checkout user, add them
* to the google_checkout table to match the buyer_id and customer_id.
*
* Add the order to the logged-in user.
*
* TODO(eddavisson): This function is way too long. Split into pieces.
*/
function process_new_order_notification($google_response, $google_checkout)
{
global $order, $currencies, $languages_id;
list($root, $gc_data) = $google_response->GetParsedXML();
// Check if the order was already processed.
$google_order = tep_db_fetch_array(tep_db_query("select orders_id " . " from " . $google_checkout->table_order . " " . " where google_order_number = " . $gc_data[$root]['google-order-number']['VALUE']));
// Check if order was alread processed.
if ($google_order['orders_id'] != '') {
//Send ACK http 200 to avoid notification resend.
$google_response->log->logError(sprintf(GOOGLECHECKOUT_ERR_DUPLICATED_ORDER, $gc_data[$root]['google-order-number']['VALUE'], $google_order['orders_id']));
$google_response->SendAck();
}
// Check if the email exists.
$customer_exists = tep_db_fetch_array(tep_db_query("select customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . gc_make_sql_string($gc_data[$root]['buyer-billing-address']['email']['VALUE']) . "'"));
// Check if the GC buyer id exists
$customer_info = tep_db_fetch_array(tep_db_query("select gct.customers_id from " . $google_checkout->table_name . " gct " . " inner join " . TABLE_CUSTOMERS . " tc on gct.customers_id = tc.customers_id " . " where gct.buyer_id = " . gc_make_sql_string($gc_data[$root]['buyer-id']['VALUE'])));
$new_user = false;
// Ignore session to avoid mix of Cart-GC sessions/emails
// GC email is the most important one
if ($customer_exists['customers_id'] != '') {
$customer_id = $customer_exists['customers_id'];
tep_session_register('customer_id');
} else {
if ($customer_info['customers_id'] != '') {
$customer_id = $customer_info['customers_id'];
tep_session_register('customer_id');
} else {
list($firstname, $lastname) = explode(' ', gc_make_sql_string($gc_data[$root]['buyer-billing-address']['contact-name']['VALUE']), 2);
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $gc_data[$root]['buyer-billing-address']['email']['VALUE'], 'customers_telephone' => $gc_data[$root]['buyer-billing-address']['phone']['VALUE'], 'customers_fax' => $gc_data[$root]['buyer-billing-address']['fax']['VALUE'], 'customers_default_address_id' => 0, 'customers_password' => tep_encrypt_password(gc_make_sql_string($gc_data[$root]['buyer-id']['VALUE'])), 'customers_newsletter' => $gc_data[$root]['buyer-marketing-preferences']['email-allowed']['VALUE'] == 'true' ? 1 : 0);
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = 'now()';
}
tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = tep_db_insert_id();
tep_session_register('customer_id');
tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . "\n (customers_info_id, customers_info_number_of_logons,\n customers_info_date_account_created)\n values ('" . (int) $customer_id . "', '0', now())");
tep_db_query("insert into " . $google_checkout->table_name . " " . " values ( " . $customer_id . ", " . $gc_data[$root]['buyer-id']['VALUE'] . ")");
$new_user = true;
}
}
// The user exists and is logged in.
// Check database to see if the address exist.
$address_book = tep_db_query("select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . "\n where customers_id = '" . $customer_id . "'\n and entry_street_address = '" . gc_make_sql_string($gc_data[$root]['buyer-shipping-address']['address1']['VALUE']) . "'\n and entry_suburb = '" . gc_make_sql_string($gc_data[$root]['buyer-shipping-address']['address2']['VALUE']) . "'\n and entry_postcode = '" . gc_make_sql_string($gc_data[$root]['buyer-shipping-address']['postal-code']['VALUE']) . "'\n and entry_city = '" . gc_make_sql_string($gc_data[$root]['buyer-shipping-address']['city']['VALUE']) . "'");
// If not, add the address as the default.
if (!tep_db_num_rows($address_book)) {
$buyer_state = $gc_data[$root]['buyer-shipping-address']['region']['VALUE'];
$zone_answer = tep_db_fetch_array(tep_db_query("select zone_id, zone_country_id from " . TABLE_ZONES . " where zone_code = '" . $buyer_state . "'"));
list($firstname, $lastname) = explode(' ', gc_make_sql_string($gc_data[$root]['buyer-shipping-address']['contact-name']['VALUE']), 2);
$sql_data_array = array('customers_id' => $customer_id, 'entry_gender' => '', 'entry_company' => $gc_data[$root]['buyer-shipping-address']['company-name']['VALUE'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $gc_data[$root]['buyer-shipping-address']['address1']['VALUE'], 'entry_suburb' => $gc_data[$root]['buyer-shipping-address']['address2']['VALUE'], 'entry_postcode' => $gc_data[$root]['buyer-shipping-address']['postal-code']['VALUE'], 'entry_city' => $gc_data[$root]['buyer-shipping-address']['city']['VALUE'], 'entry_state' => $buyer_state, 'entry_country_id' => $zone_answer['zone_country_id'], 'entry_zone_id' => $zone_answer['zone_id']);
tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = tep_db_insert_id();
tep_db_query("update " . TABLE_CUSTOMERS . "\n set customers_default_address_id = '" . (int) $address_id . "'\n where customers_id = '" . (int) $customer_id . "'");
$customer_default_address_id = $address_id;
$customer_country_id = $zone_answer['zone_country_id'];
$customer_zone_id = $zone_answer['zone_id'];
} else {
$customer_default_address_id = $address_book['address_book_id'];
$customer_country_id = $address_book['entry_country_id'];
$customer_zone_id = $address_book['entry_zone_id'];
}
$customer_first_name = $gc_data[$root]['buyer-billing-address']['contact-name']['VALUE'];
tep_session_register('customer_default_address_id');
tep_session_register('customer_country_id');
tep_session_register('customer_zone_id');
tep_session_register('customer_first_name');
// Customer exists, is logged and address book is up to date.
list($shipping, $shipping_cost, $shipping_method_name, $shipping_method_code) = get_shipping_info($google_checkout, $gc_data[$root]);
$tax_amt = $gc_data[$root]['order-adjustment']['total-tax']['VALUE'];
//$order_total = $gc_data[$root]['order-total']['VALUE'];
require DIR_WS_CLASSES . 'order.php';
$order = new order();
// Load the selected shipping module.
$payment_method = $google_checkout->title;
if (MODULE_PAYMENT_GOOGLECHECKOUT_MODE == 'https://sandbox.google.com/checkout/') {
$payment_method .= " - SANDBOX";
}
//$method_name = '';
//if (!empty($shipping)) {
// require (DIR_WS_CLASSES . 'shipping.php');
// $shipping_modules = new shipping($shipping);
// list ($a, $method_name) = explode(': ', $shipping, 2);
//}
// Set up order info.
list($order->customer['firstname'], $order->customer['lastname']) = explode(' ', $gc_data[$root]['buyer-billing-address']['contact-name']['VALUE'], 2);
$order->customer['company'] = $gc_data[$root]['buyer-billing-address']['company-name']['VALUE'];
$order->customer['street_address'] = $gc_data[$root]['buyer-billing-address']['address1']['VALUE'];
$order->customer['suburb'] = $gc_data[$root]['buyer-billing-address']['address2']['VALUE'];
$order->customer['city'] = $gc_data[$root]['buyer-billing-address']['city']['VALUE'];
$order->customer['postcode'] = $gc_data[$root]['buyer-billing-address']['postal-code']['VALUE'];
$order->customer['state'] = $gc_data[$root]['buyer-billing-address']['region']['VALUE'];
$order->customer['country']['title'] = $gc_data[$root]['buyer-billing-address']['country-code']['VALUE'];
$order->customer['telephone'] = $gc_data[$root]['buyer-billing-address']['phone']['VALUE'];
$order->customer['email_address'] = $gc_data[$root]['buyer-billing-address']['email']['VALUE'];
$order->customer['format_id'] = 2;
list($order->delivery['firstname'], $order->delivery['lastname']) = explode(' ', $gc_data[$root]['buyer-shipping-address']['contact-name']['VALUE'], 2);
$order->delivery['company'] = $gc_data[$root]['buyer-shipping-address']['company-name']['VALUE'];
$order->delivery['street_address'] = $gc_data[$root]['buyer-shipping-address']['address1']['VALUE'];
$order->delivery['suburb'] = $gc_data[$root]['buyer-shipping-address']['address2']['VALUE'];
$order->delivery['city'] = $gc_data[$root]['buyer-shipping-address']['city']['VALUE'];
$order->delivery['postcode'] = $gc_data[$root]['buyer-shipping-address']['postal-code']['VALUE'];
$order->delivery['state'] = $gc_data[$root]['buyer-shipping-address']['region']['VALUE'];
$order->delivery['country']['title'] = $gc_data[$root]['buyer-shipping-address']['country-code']['VALUE'];
$order->delivery['format_id'] = 2;
list($order->billing['firstname'], $order->billing['lastname']) = explode(' ', $gc_data[$root]['buyer-billing-address']['contact-name']['VALUE'], 2);
$order->billing['company'] = $gc_data[$root]['buyer-billing-address']['company-name']['VALUE'];
$order->billing['street_address'] = $gc_data[$root]['buyer-billing-address']['address1']['VALUE'];
$order->billing['suburb'] = $gc_data[$root]['buyer-billing-address']['address2']['VALUE'];
$order->billing['city'] = $gc_data[$root]['buyer-billing-address']['city']['VALUE'];
$order->billing['postcode'] = $gc_data[$root]['buyer-billing-address']['postal-code']['VALUE'];
$order->billing['state'] = $gc_data[$root]['buyer-billing-address']['region']['VALUE'];
$order->billing['country']['title'] = $gc_data[$root]['buyer-billing-address']['country-code']['VALUE'];
$order->billing['format_id'] = 2;
$order->info['payment_method'] = $payment_method;
$order->info['payment_module_code'] = $google_checkout->code;
$order->info['shipping_method'] = $shipping_method_name;
$order->info['shipping_module_code'] = $shipping_method_code;
$order->info['cc_type'] = '';
$order->info['cc_owner'] = '';
$order->info['cc_number'] = '';
$order->info['cc_expires'] = '';
$order->info['order_status'] = GC_STATE_NEW;
$order->info['tax'] = $tax_amt;
$order->info['currency'] = $gc_data[$root]['order-total']['currency'];
$order->info['currency_value'] = 1;
//$customers_ip_address'] = $gc_data[$root]['shopping-cart']['merchant-private-data']['ip-address']['VALUE'];
$order->info['comments'] = GOOGLECHECKOUT_STATE_NEW_ORDER_NUM . $gc_data[$root]['google-order-number']['VALUE'] . "\n" . GOOGLECHECKOUT_STATE_NEW_ORDER_MC_USED . (@$gc_data[$root]['order-adjustment']['merchant-calculation-successful']['VALUE'] == 'true' ? 'True' : 'False') . ($new_user ? "\n" . GOOGLECHECKOUT_STATE_NEW_ORDER_BUYER_USER . $gc_data[$root]['buyer-billing-address']['email']['VALUE'] . "\n" . GOOGLECHECKOUT_STATE_NEW_ORDER_BUYER_PASS . $gc_data[$root]['buyer-id']['VALUE'] : '');
$coupons = gc_get_arr_result(@$gc_data[$root]['order-adjustment']['merchant-codes']['coupon-adjustment']);
//$gift_cert = get_arr_result(@$gc_data[$root]['order-adjustment']['merchant-codes']['gift-certificate-adjustment']);
$items = gc_get_arr_result($gc_data[$root]['shopping-cart']['items']['item']);
// Get Coustoms OT
$custom_order_totals_total = 0;
$custom_order_totals = array();
$order->products = array();
foreach ($items as $item) {
if (isset($item['merchant-private-item-data']['item']['VALUE'])) {
$order->products[] = unserialize(base64_decode($item['merchant-private-item-data']['item']['VALUE']));
} else {
if ($item['merchant-private-item-data']['order_total']['VALUE']) {
$order_total = unserialize(base64_decode($item['merchant-private-item-data']['order_total']['VALUE']));
$custom_order_totals[] = $order_total;
$order_total_value = $order_total['value'] * (strrpos($order_total['text'], '-') === false ? 1 : -1);
$custom_order_totals_total += $currencies->get_value($gc_data[$root]['order-total']['currency']) * $order_total_value;
} else {
// For invoices.
$order->products[] = array('qty' => $item['quantity']['VALUE'], 'name' => $item['item-name']['VALUE'], 'model' => $item['item-description']['VALUE'], 'tax' => 0, 'tax_description' => @$item['tax-table-selector']['VALUE'], 'price' => $item['unit-price']['VALUE'], 'final_price' => $item['unit-price']['VALUE'], 'onetime_charges' => 0, 'weight' => 0, 'products_priced_by_attribute' => 0, 'product_is_free' => 0, 'products_discount_type' => 0, 'products_discount_type_from' => 0, 'id' => @$item['merchant-item-id']['VALUE']);
}
}
}
$cart = new shoppingCart();
$prod_attr = gc_get_prattr($order->products);
foreach ($prod_attr as $product_id => $item_data) {
//$products_id, $qty = '1', $attributes = '
$cart->add_cart($product_id, $item_data['qty'], $item_data['attr']);
}
// Update values so that order_total modules get the correct values.
$order->info['total'] = $gc_data[$root]['order-total']['VALUE'];
$order->info['subtotal'] = $gc_data[$root]['order-total']['VALUE'] - ($shipping_cost + $tax_amt) + @$coupons[0]['applied-amount']['VALUE'] - $custom_order_totals_total;
$order->info['coupon_code'] = @$coupons[0]['code']['VALUE'];
$order->info['shipping_method'] = $shipping;
$order->info['shipping_cost'] = $shipping_cost;
$order->info['tax_groups']['tax'] = $tax_amt;
$order->info['currency'] = $gc_data[$root]['order-total']['currency'];
$order->info['currency_value'] = 1;
require DIR_WS_CLASSES . 'order_total.php';
$order_total_modules = new order_total();
// Disable OT sent as items in the GC cart
foreach ($order_total_modules->modules as $order_total_code => $order_total) {
if (!in_array(substr($order_total, 0, strrpos($order_total, '.')), $google_checkout->ignore_order_total)) {
unset($order_total_modules->modules[$order_total_code]);
}
}
$order_totals = $order_total_modules->process();
// Not necessary, since order totals are already disabled.
//foreach($order_totals as $order_total_code => $order_total){
// if(!in_array($order_total['code'], $google_checkout->ignore_order_total)){
// unset($order_totals[$order_total_code]);
// }
//}
// Merge all order totals.
$order_totals = array_merge($order_totals, $custom_order_totals);
if (isset($gc_data[$root]['order-adjustment']['merchant-codes']['coupon-adjustment'])) {
$order_totals[] = array('code' => 'ot_coupon', 'title' => "<b>" . MODULE_ORDER_TOTAL_COUPON_TITLE . " " . @$coupons[0]['code']['VALUE'] . ":</b>", 'text' => $currencies->format(@$coupons[0]['applied-amount']['VALUE'] * -1, false, @$coupons[0]['applied-amount']['currency']), 'value' => @$coupons[0]['applied-amount']['VALUE'], 'sort_order' => 280);
}
function order_total_compare($a, $b)
{
if ($a['sort_order'] == $b['sort_order']) {
return 0;
} else {
return $a['sort_order'] < $b['sort_order'] ? -1 : 1;
}
}
usort($order_totals, "order_total_compare");
$sql_data_array = array('customers_id' => $customer_id, 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_company' => $order->customer['company'], 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->info['cc_owner'], 'cc_number' => $order->info['cc_number'], 'cc_expires' => $order->info['cc_expires'], 'date_purchased' => 'now()', 'orders_status' => $order->info['order_status'], 'currency' => $order->info['currency'], 'currency_value' => $order->info['currency_value']);
tep_db_perform(TABLE_ORDERS, $sql_data_array);
$insert_id = tep_db_insert_id();
for ($i = 0, $n = sizeof($order_totals); $i < $n; $i++) {
$sql_data_array = array('orders_id' => $insert_id, 'title' => $order_totals[$i]['title'], 'text' => $order_totals[$i]['text'], 'value' => $order_totals[$i]['value'], 'class' => $order_totals[$i]['code'], 'sort_order' => $order_totals[$i]['sort_order']);
tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
}
$customer_notification = SEND_EMAILS == 'true' ? '1' : '0';
$sql_data_array = array('orders_id' => $insert_id, 'orders_status_id' => $order->info['order_status'], 'date_added' => 'now()', 'customer_notified' => $customer_notification, 'comments' => $order->info['comments']);
tep_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
// Initialized for the email confirmation.
$products_ordered = '';
$subtotal = 0;
$total_tax = 0;
$total_weight = 0;
$total_products_price = 0;
$products_tax = 0;
$total_cost = 0;
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
// Stock Update - Joao Correia.
if (STOCK_LIMITED == 'true') {
if (DOWNLOAD_ENABLED == 'true') {
$stock_query_raw = "SELECT products_quantity, pad.products_attributes_filename\n FROM " . TABLE_PRODUCTS . " p\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n ON p.products_id=pa.products_id\n LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n ON pa.products_attributes_id=pad.products_attributes_id\n WHERE p.products_id = '" . tep_get_prid($order->products[$i]['id']) . "'";
// Will work with only one option for downloadable products
// otherwise, we have to build the query dynamically with a loop
$products_attributes = @$order->products[$i]['attributes'];
if (is_array($products_attributes)) {
$stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'";
}
$stock_query = tep_db_query($stock_query_raw);
} else {
$stock_query = tep_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
}
if (tep_db_num_rows($stock_query) > 0) {
$stock_values = tep_db_fetch_array($stock_query);
// Do not decrement quantities if products_attributes_filename exists
if (DOWNLOAD_ENABLED != 'true' || !$stock_values['products_attributes_filename']) {
$stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];
} else {
$stock_left = $stock_values['products_quantity'];
}
tep_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
if ($stock_left < 1 && STOCK_ALLOW_CHECKOUT == 'false') {
tep_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
}
}
}
// Update products_ordered (for bestsellers list)
tep_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
$sql_data_array = array('orders_id' => $insert_id, 'products_id' => tep_get_prid($order->products[$i]['id']), 'products_model' => $order->products[$i]['model'], 'products_name' => $order->products[$i]['name'], 'products_price' => $order->products[$i]['price'], 'final_price' => $order->products[$i]['final_price'], 'products_tax' => $order->products[$i]['tax'], 'products_quantity' => $order->products[$i]['qty']);
tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
$order_products_id = tep_db_insert_id();
// Insert customer-chosen options into order.
$attributes_exist = '0';
$products_ordered_attributes = '';
if (isset($order->products[$i]['attributes'])) {
$attributes_exist = '1';
for ($j = 0, $n2 = sizeof($order->products[$i]['attributes']); $j < $n2; $j++) {
if (DOWNLOAD_ENABLED == 'true') {
$attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename\n from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa\n left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad\n on pa.products_attributes_id=pad.products_attributes_id\n where pa.products_id = '" . $order->products[$i]['id'] . "'\n and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'\n and pa.options_id = popt.products_options_id\n and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'\n and pa.options_values_id = poval.products_options_values_id\n and popt.language_id = '" . $languages_id . "'\n and poval.language_id = '" . $languages_id . "'";
$attributes = tep_db_query($attributes_query);
} else {
$attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");
}
$attributes_values = tep_db_fetch_array($attributes);
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'products_options' => $attributes_values['products_options_name'], 'products_options_values' => $attributes_values['products_options_values_name'], 'options_values_price' => $attributes_values['options_values_price'], 'price_prefix' => $attributes_values['price_prefix']);
tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
if (DOWNLOAD_ENABLED == 'true' && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {
$sql_data_array = array('orders_id' => $insert_id, 'orders_products_id' => $order_products_id, 'orders_products_filename' => $attributes_values['products_attributes_filename'], 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 'download_count' => $attributes_values['products_attributes_maxcount']);
tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
}
$products_ordered_attributes .= "\n\t" . $attributes_values['products_options_name'] . ' ' . $attributes_values['products_options_values_name'];
}
}
$total_weight += $order->products[$i]['qty'] * $order->products[$i]['weight'];
$total_tax += tep_calculate_tax($total_products_price, $products_tax) * $order->products[$i]['qty'];
$total_cost += $total_products_price;
$products_ordered .= $order->products[$i]['qty'] . ' x ' . $order->products[$i]['name'] . ' (' . $order->products[$i]['model'] . ') = ' . $currencies->display_price($order->products[$i]['final_price'], $order->products[$i]['tax'], $order->products[$i]['qty']) . $products_ordered_attributes . "\n";
}
// FOR COUPON SUPPORT
/*
$insert_id = $order->create($order_totals, 2);
//$order_total_modules = new order_total();
// Store the product info to the order.
$order->create_add_products($insert_id);
//$order_number_created'] = $insert_id;
// Add coupon to redeem track.
if (isset ($gc_data[$root]['order-adjustment']['merchant-codes']['coupon-adjustment'])) {
$sql = "select coupon_id
from " . TABLE_COUPONS . "
where coupon_code= :couponCodeEntered
and coupon_active='Y'";
$sql = $db->bindVars($sql, ':couponCodeEntered', $coupons[0]['code']['VALUE'], 'string');
$coupon_result = tep_db_query($sql);
$cc_id = $coupon_result['coupon_id'];
tep_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . "
(coupon_id, redeem_date, redeem_ip, customer_id, order_id)
values ('" . (int) $cc_id . "', now(), '" .
$gc_data[$root]['shopping-cart']['merchant-private-data']['ip-address']['VALUE'] .
"', '" . (int) $customer_id . "', '" . (int) $insert_id . "')");
$cc_id = "";
}
*/
// Add the order details to the table.
// This table could be modified to hold the merchant id and key if required
// so that different mids and mkeys can be used for different orders.
tep_db_query("insert into " . $google_checkout->table_order . " values (" . $insert_id . ", " . gc_make_sql_string($gc_data[$root]['google-order-number']['VALUE']) . ", " . gc_make_sql_float($gc_data[$root]['order-total']['VALUE']) . ")");
$cart->reset(TRUE);
tep_session_unregister('sendto');
tep_session_unregister('billto');
tep_session_unregister('shipping');
tep_session_unregister('payment');
tep_session_unregister('comments');
$google_response->SendAck();
}