// include needed functions
require_once DIR_FS_INC . 'xtc_image_button.inc.php';
require_once DIR_FS_INC . 'xtc_draw_input_field.inc.php';
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
// include boxes
require DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/source/boxes.php';
// include the mailer-class
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$check_affiliate_query = xtc_db_query("select affiliate_firstname, affiliate_lastname, affiliate_password, affiliate_id from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . $_POST['email_address'] . "'");
if (xtc_db_num_rows($check_affiliate_query)) {
$check_affiliate = xtc_db_fetch_array($check_affiliate_query);
// Crypted password mods - create a new password, update the database and mail it to them
$newpass = xtc_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = xtc_encrypt_password($newpass);
xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . $check_affiliate['affiliate_id'] . "'");
xtc_php_mail(AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, $_POST['email_address'], $check_affiliate['affiliate_firstname'] . " " . $check_affiliate['affiliate_lastname'], '', AFFILIATE_EMAIL_ADDRESS, STORE_OWNER, '', '', EMAIL_PASSWORD_REMINDER_SUBJECT, nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)), nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)));
if (!isset($mail_error)) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE, 'info_message=' . urlencode(TEXT_PASSWORD_SENT), 'SSL', true, false));
} else {
echo $mail_error;
}
} else {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'email=nonexistent', 'SSL'));
}
} else {
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_PASSWORD_FORGOTTEN, xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
$smarty->assign('FORM_ACTION', xtc_draw_form('password_forgotten', xtc_href_link(FILENAME_AFFILIATE_PASSWORD_FORGOTTEN, 'action=process', 'SSL')));
//file_put_contents ($file_name, $file_content);
store_config($file_name, $file_content);
}
}
//Make sure record does not already exist
$sql_where = SQL_WHERE . "customers_id = '1'";
$sql_from = SQL_FROM . TABLE_CUSTOMERS . $sql_where;
$result = xtc_db_query(SELECT_COUNT . $sql_from);
$repeat_installation = xtc_db_num_rows($result) > 0;
if ($repeat_installation) {
$result = xtc_db_query("delete" . $sql_from);
$result = xtc_db_query(DELETE_FROM . TABLE_CUSTOMERS_INFO . " where customers_info_id = '1'");
$result = xtc_db_query(DELETE_FROM . TABLE_ADDRESS_BOOK . $sql_where);
}
$sep = "', '";
xtc_db_query(INSERT_INTO . TABLE_CUSTOMERS . " (\n\t\t\tcustomers_id,\n\t\t\tcustomers_status,\n\t\t\tcustomers_firstname,\n\t\t\tcustomers_lastname,\n\t\t\tcustomers_email_address,\n\t\t\tcustomers_default_address_id,\n\t\t\tcustomers_telephone,\n\t\t\tcustomers_password,\n\t\t\tdelete_user) VALUES\n\t\t\t(\n\t\t\t'1',\n\t\t\t'0','" . $first_name . $sep . $last_name . $sep . $email_adress . "','1','" . $telephone . $sep . xtc_encrypt_password($password) . "','0')");
xtc_db_query(INSERT_INTO . TABLE_CUSTOMERS_INFO . " (\n\t\t\tcustomers_info_id,\n\t\t\tcustomers_info_date_of_last_logon,\n\t\t\tcustomers_info_number_of_logons,\n\t\t\tcustomers_info_date_account_created,\n\t\t\tcustomers_info_date_account_last_modified,\n\t\t\tglobal_product_notifications) VALUES\n\t\t\t('1','','','','','')");
xtc_db_query(INSERT_INTO . TABLE_ADDRESS_BOOK . " (\n\t\t\tcustomers_id,\n\t\t\tentry_company,\n\t\t\tentry_firstname,\n\t\t\tentry_lastname,\n\t\t\tentry_street_address,\n\t\t\tentry_postcode,\n\t\t\tentry_city,\n\t\t\tentry_state,\n\t\t\tentry_country_id,\n\t\t\tentry_zone_id) VALUES\n\t\t\t('1','" . $company . $sep . $first_name . $sep . $last_name . $sep . $street_adress . $sep . $post_code . $sep . $city . $sep . $state . $sep . $country . $sep . $zone_id . "'\n\t\t\t)");
$update_string = SQL_UPDATE . TABLE_CONFIGURATION . " SET configuration_value='";
$where_string = "' WHERE configuration_key = '";
for ($i = 0; $i < $old_fields_1_count; $i++) {
$field_name = $old_fields_1[$i][0];
if ($field_name) {
$variable_name = strtolower($field_name);
xtc_db_query($update_string . ${$variable_name} . $where_string . $field_name . APOS);
}
}
for ($i = 0; $i < $new_fields_count; $i++) {
$field_name = $new_fields[$i][0];
$variable_name = strtolower($field_name);
xtc_db_query($update_string . ${$variable_name} . $where_string . $field_name . APOS);
} else {
$entry_password_error = false;
}
// EOF - DokuMan - 2009-05-22 - Bugfix #0000218 - force to enter password when editing users
$check_email = xtc_db_query("SELECT customers_email_address\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = '" . xtc_db_input($customers_email_address) . "'\n AND customers_id <> '" . xtc_db_input($customers_id) . "'");
if (xtc_db_num_rows($check_email)) {
$error = true;
$entry_email_address_exists = true;
} else {
$entry_email_address_exists = false;
}
if ($error == false) {
$sql_data_array = array('customers_firstname' => $customers_firstname, 'customers_cid' => $customers_cid, 'customers_vat_id' => $customers_vat_id, 'customers_vat_id_status' => $customers_vat_id_status, 'customers_lastname' => $customers_lastname, 'customers_email_address' => $customers_email_address, 'customers_telephone' => $customers_telephone, 'customers_fax' => $customers_fax, 'customers_symbol' => $customers_symbol, 'payment_unallowed' => $payment_unallowed, 'shipping_unallowed' => $shipping_unallowed, 'customers_newsletter' => $customers_newsletter, 'customers_last_modified' => 'now()');
// if new password is set
if ($password != "") {
$sql_data_array['customers_password'] = xtc_encrypt_password($password);
}
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $customers_gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = xtc_date_raw($customers_dob);
}
//xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '".xtc_db_input($customers_id)."'");
xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND customers_default_address_id = '" . $address_book_id . "'");
xtc_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . "\n SET customers_info_date_account_last_modified = now()\n WHERE customers_info_id = '" . xtc_db_input($customers_id) . "'");
if ($entry_zone_id > 0) {
$entry_state = '';
}
$sql_data_array = array('entry_firstname' => $customers_firstname, 'entry_lastname' => $customers_lastname, 'entry_street_address' => $entry_street_address, 'entry_postcode' => $entry_postcode, 'entry_city' => $entry_city, 'entry_country_id' => $entry_country_id, 'address_last_modified' => 'now()');
if (ACCOUNT_GENDER == 'true') {
require_once DIR_FS_INC . 'xtc_get_order_data.inc.php';
require_once DIR_FS_INC . 'xtc_get_attributes_model.inc.php';
// check if customer is allowed to send this order!
$order_query_check = xtc_db_query("SELECT customers_id\n FROM " . TABLE_ORDERS . "\n WHERE orders_id='" . $insert_id . "'");
$order_check = xtc_db_fetch_array($order_query_check);
//BOF - web28 - 2010-03-20 - Send Order by Admin
//if ($_SESSION['customer_id'] == $order_check['customers_id'] ) {
if ($_SESSION['customer_id'] == $order_check['customers_id'] || $send_by_admin) {
//EOF - web28 - 2010-03-20 - Send Order by Admin
$order = new order($insert_id);
// BOF - Tomcraft - 2009-10-03 - Paypal Express Modul
if (isset($_SESSION['paypal_express_new_customer']) && $_SESSION['paypal_express_new_customer'] == 'true' && isset($_SESSION['ACCOUNT_PASSWORD']) && $_SESSION['ACCOUNT_PASSWORD'] == 'true') {
require_once DIR_FS_INC . 'xtc_create_password.inc.php';
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
$password_encrypted = xtc_RandomString(10);
$password = xtc_encrypt_password($password_encrypted);
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$smarty->assign('NEW_PASSWORD', $password_encrypted);
}
// EOF - Tomcraft - 2009-10-03 - Paypal Express Modul
//BOF - web28 - 2010-03-20 - Send Order by Admin
if (isset($send_by_admin)) {
//DokuMan - 2010-09-18 - Undefined variable: send_by_admin
$xtPrice = new xtcPrice($order->info['currency'], $order->info['status']);
}
//EOF - web28 - 2010-03-20 - Send Order by Admin
$smarty->assign('address_label_customer', xtc_address_format($order->customer['format_id'], $order->customer, 1, '', '<br />'));
$smarty->assign('address_label_shipping', xtc_address_format($order->delivery['format_id'], $order->delivery, 1, '', '<br />'));
$smarty->assign('address_label_payment', xtc_address_format($order->billing['format_id'], $order->billing, 1, '', '<br />'));
$smarty->assign('csID', $order->customer['csID']);
$order_total = $order->getTotalData($insert_id);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = xtc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = xtc_db_fetch_array($check_customer_query);
if (xtc_validate_password($password_current, $check_customer['customers_password'])) {
xtc_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_password = '******', customers_last_modified=now() WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xtc_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . " SET customers_info_date_account_last_modified = now() WHERE customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
xtc_redirect(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
if ($messageStack->size('account_password') > 0) {
$smarty->assign('error', $messageStack->output('account_password'));
}
function CustomersUpdate()
{
global $_POST, $Lang_folder;
$customers_id = -1;
// include PW function
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
if (isset($_POST['cID'])) {
$customers_id = xtc_db_prepare_input($_POST['cID']);
}
// security check, if user = admin, dont allow to perform changes
if ($customers_id != -1) {
$sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'");
$sec_data = xtc_db_fetch_array($sec_query);
if ($sec_data['customers_status'] == 0) {
print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', '');
return;
}
}
$sql_customers_data_array = array();
if (isset($_POST['customers_cid'])) {
$sql_customers_data_array['customers_cid'] = $_POST['customers_cid'];
}
if (isset($_POST['customers_firstname'])) {
$sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_dob'])) {
$sql_customers_data_array['customers_dob'] = $_POST['customers_dob'];
}
if (isset($_POST['customers_email'])) {
$sql_customers_data_array['customers_email_address'] = $_POST['customers_email'];
}
if (isset($_POST['customers_tele'])) {
$sql_customers_data_array['customers_telephone'] = $_POST['customers_tele'];
}
if (isset($_POST['customers_fax'])) {
$sql_customers_data_array['customers_fax'] = $_POST['customers_fax'];
}
if (isset($_POST['customers_gender'])) {
$sql_customers_data_array['customers_gender'] = $_POST['customers_gender'];
}
if (file_exists('cao_custupd_1.php')) {
include 'cao_custupd_1.php';
}
if (isset($_POST['customers_password'])) {
$sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']);
}
$sql_address_data_array = array();
if (isset($_POST['customers_firstname'])) {
$sql_address_data_array['entry_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_address_data_array['entry_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_company'])) {
$sql_address_data_array['entry_company'] = $_POST['customers_company'];
}
if (isset($_POST['customers_street'])) {
$sql_address_data_array['entry_street_address'] = $_POST['customers_street'];
}
if (isset($_POST['customers_city'])) {
$sql_address_data_array['entry_city'] = $_POST['customers_city'];
}
if (isset($_POST['customers_postcode'])) {
$sql_address_data_array['entry_postcode'] = $_POST['customers_postcode'];
}
if (isset($_POST['customers_gender'])) {
$sql_address_data_array['entry_gender'] = $_POST['customers_gender'];
}
if (isset($_POST['customers_country_id'])) {
$country_code = $_POST['customers_country_id'];
}
$country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1";
$country_result = xtc_db_query($country_query);
$row = xtc_db_fetch_array($country_result);
$sql_address_data_array['entry_country_id'] = $row['countries_id'];
$count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1");
$check = xtc_db_fetch_array($count_query);
if ($check['count'] > 0) {
$mode = 'UPDATE';
$address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1");
$customer = xtc_db_fetch_array($address_book_result);
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1");
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1");
xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1");
} else {
$mode = 'APPEND';
if (strlen($_POST['customers_password']) == 0) {
// generate PW if empty
$pw = xtc_RandomString(8);
$sql_customers_data_array['customers_password'] = xtc_create_password($pw);
} else {
$pw = $_POST['customers_password'];
}
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array);
$customers_id = xtc_db_insert_id();
$sql_address_data_array['customers_id'] = $customers_id;
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array);
$address_id = xtc_db_insert_id();
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'");
//JP20080401
if (!isset($_POST['customers_price_level'])) {
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'");
}
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())");
}
if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') {
// generate mail for customer if customer=new
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
require_once DIR_FS_INC . 'xtc_add_tax.inc.php';
require_once DIR_FS_INC . 'xtc_not_null.inc.php';
require_once DIR_FS_INC . 'xtc_href_link.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
require_once DIR_FS_INC . 'xtc_check_agent.inc.php';
require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php';
//JP 20080102
$smarty = new Smarty();
//$smarty->assign('language', $check_status['language']);
$smarty->assign('language', $Lang_folder);
$smarty->caching = false;
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
//BOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/');
//$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/');
//EOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']);
$smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']);
$smarty->assign('PASSWORD', $pw);
//$smarty->assign('language', $Lang_folder);
$smarty->assign('content', $module_content);
$smarty->caching = false;
$html_mail = $smarty->fetch('db:create_account_mail_admin.html');
$txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
// send mail with html/txt template
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
}
print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id);
}
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('" . $admin_id . "','','','now()','','')");
xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('" . $admin_id . "',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )");
// admin address connection
$address_book_id = xtc_db_insert_id();
xtc_db_query("UPDATE customers SET customers_default_address_id = '" . $address_book_id . "' WHERE customers_id = '" . $admin_id . "' ");
// customers_status
xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('" . $admin_id . "');");
$aa_spalten_qry = xtc_db_query("SHOW COLUMNS FROM admin_access");
while ($aa_spalten = xtc_db_fetch_array($aa_spalten_qry)) {
if ($aa_spalten['Type'] == 'int(1)') {
xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '1' WHERE customers_id = '" . $admin_id . "'");
}
}
xtc_redirect(xtc_href_link('install_additional_admins.php', '', 'NONSSL'));
} else {
xtc_db_query("insert into " . TABLE_CUSTOMERS . " (\n customers_id,\n customers_status,\n customers_firstname,\n customers_lastname,\n customers_gender,\n customers_email_address,\n customers_default_address_id,\n customers_telephone,\n customers_password,\n delete_user) VALUES\n ('1',\n '0',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($gender) . "',\n '" . xtc_db_input($email_address) . "',\n '1',\n '" . xtc_db_input($telephone) . "',\n '" . xtc_encrypt_password($password) . "',\n '0')");
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (\n customers_info_id,\n customers_info_date_of_last_logon,\n customers_info_number_of_logons,\n customers_info_date_account_created,\n customers_info_date_account_last_modified,\n global_product_notifications) VALUES\n ('1','','','now()','','')");
xtc_db_query("insert into " . TABLE_ADDRESS_BOOK . " (\n customers_id,\n entry_company,\n entry_firstname,\n entry_lastname,\n entry_street_address,\n entry_postcode,\n entry_city,\n entry_state,\n entry_country_id,\n entry_zone_id) VALUES\n ('1',\n '" . xtc_db_input($company) . "',\n '" . xtc_db_input($firstname) . "',\n '" . xtc_db_input($lastname) . "',\n '" . xtc_db_input($street_address) . "',\n '" . xtc_db_input($postcode) . "',\n '" . xtc_db_input($city) . "',\n '" . xtc_db_input($state) . "',\n '" . xtc_db_input($country) . "',\n '" . xtc_db_input($zone_id) . "'\n )");
// customers_status
xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('1');");
xtc_db_query("INSERT INTO " . TABLE_ADMIN_ACCESS . " (`customers_id`) VALUES ('groups');");
$aa_spalten_qry = xtc_db_query("SHOW COLUMNS FROM admin_access");
while ($aa_spalten = xtc_db_fetch_array($aa_spalten_qry)) {
if ($aa_spalten['Type'] == 'int(1)') {
xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '1' WHERE customers_id = '1'");
xtc_db_query("UPDATE admin_access SET " . $aa_spalten['Field'] . " = '2' WHERE customers_id = 'groups'");
}
}
// groups
$groups1_array = ['configuration', 'modules', 'countries', 'currencies', 'zones', 'geo_zones', 'tax_classes', 'tax_rates', 'accounting', 'backup', 'server_info', 'whos_online', 'languages', 'define_language', 'orders_status', 'shipping_status', 'module_export'];
$groups3_array = ['orders', 'campaigns', 'print_packingslip', 'print_order', 'popup_memo', 'coupon_admin', 'listproducts', 'listcategories'];
if (DISPLAY_PRIVACY_CHECK == 'true' && empty($privacy)) {
$error = true;
$messageStack->add('create_account', ENTRY_PRIVACY_ERROR);
}
if (isset($customers_status)) {
$customers_status = (int) $customers_status;
}
if (!isset($customers_status) || $customers_status == 0) {
if (DEFAULT_CUSTOMERS_STATUS_ID != 0) {
$customers_status = DEFAULT_CUSTOMERS_STATUS_ID;
} else {
$customers_status = 2;
}
}
if ($error == false) {
$sql_data_array = array('customers_vat_id' => $vat, 'customers_vat_id_status' => $customers_vat_id_status, 'customers_status' => $customers_status, 'customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_password' => xtc_encrypt_password($password), 'customers_date_added' => 'now()', 'customers_last_modified' => 'now()');
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = xtc_date_raw($dob);
}
xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = xtc_db_insert_id();
$user_id = xtc_db_insert_id();
xtc_write_user_info($user_id);
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country, 'address_date_added' => 'now()', 'address_last_modified' => 'now()');
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
if (ACCOUNT_COMPANY == 'true') {
$entry_suburb = xtc_db_prepare_input($_POST['entry_suburb']);
$entry_postcode = xtc_db_prepare_input($_POST['entry_postcode']);
$entry_city = xtc_db_prepare_input($_POST['entry_city']);
$entry_country_id = xtc_db_prepare_input($_POST['entry_country_id']);
$entry_company = xtc_db_prepare_input($_POST['entry_company']);
$entry_state = xtc_db_prepare_input($_POST['entry_state']);
$entry_zone_id = xtc_db_prepare_input($_POST['entry_zone_id']);
$customers_send_mail = xtc_db_prepare_input($_POST['customers_mail']);
$customers_password_encrypted = xtc_db_prepare_input($_POST['entry_password']);
$customers_password = xtc_encrypt_password($customers_password_encrypted);
$customers_mail_comments = xtc_db_prepare_input($_POST['mail_comments']);
$payment_unallowed = xtc_db_prepare_input($_POST['payment_unallowed']);
$shipping_unallowed = xtc_db_prepare_input($_POST['shipping_unallowed']);
if ($customers_password == '') {
$customers_password_encrypted = xtc_RandomString(8);
$customers_password = xtc_encrypt_password($customers_password_encrypted);
}
$error = false;
// reset error flag
if (ACCOUNT_GENDER == 'true') {
if ($customers_gender != 'm' && $customers_gender != 'f') {
$error = true;
$entry_gender_error = true;
} else {
$entry_gender_error = false;
}
}
if (strlen($customers_password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$entry_password_error = true;
} else {
$error = true;
$entry_agb_error = true;
}
// Check Company
$entry_company_error = false;
$entry_company_taxid_error = false;
// Check Payment
$entry_payment_check_error = false;
$entry_payment_paypal_error = false;
$entry_payment_bank_name_error = false;
$entry_payment_bank_branch_number_error = false;
$entry_payment_bank_swift_code_error = false;
$entry_payment_bank_account_name_error = false;
$entry_payment_bank_account_number_error = false;
if (!$error) {
$sql_data_array = array('affiliate_firstname' => $a_firstname, 'affiliate_lastname' => $a_lastname, 'affiliate_email_address' => $a_email_address, 'affiliate_payment_check' => $a_payment_check, 'affiliate_payment_paypal' => $a_payment_paypal, 'affiliate_payment_bank_name' => $a_payment_bank_name, 'affiliate_payment_bank_branch_number' => $a_payment_bank_branch_number, 'affiliate_payment_bank_swift_code' => $a_payment_bank_swift_code, 'affiliate_payment_bank_account_name' => $a_payment_bank_account_name, 'affiliate_payment_bank_account_number' => $a_payment_bank_account_number, 'affiliate_street_address' => $a_street_address, 'affiliate_postcode' => $a_postcode, 'affiliate_city' => $a_city, 'affiliate_country_id' => $a_country, 'affiliate_telephone' => $a_telephone, 'affiliate_fax' => $a_fax, 'affiliate_homepage' => $a_homepage, 'affiliate_password' => xtc_encrypt_password($a_password), 'affiliate_agb' => $a_agb);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['affiliate_gender'] = $a_gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['affiliate_dob'] = xtc_date_raw($a_dob);
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['affiliate_company'] = $a_company;
$sql_data_array['affiliate_company_taxid'] = $a_company_taxid;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['affiliate_suburb'] = $a_suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($a_zone_id > 0) {
