$items_text = "";
if ($parameters_number == 0) {
header("Location: " . $return_page);
exit;
}
if (strlen($cc_start_year) && strlen($cc_start_month)) {
$r->set_value("cc_start_date", array($cc_start_year, $cc_start_month, 1, 0, 0, 0));
}
if (strlen($cc_expiry_year) && strlen($cc_expiry_month)) {
$r->set_value("cc_expiry_date", array($cc_expiry_year, $cc_expiry_month, 1, 0, 0, 0));
}
if (strlen($action)) {
if ($r->is_empty("order_id")) {
$r->errors .= "Missing <b>Order number</b>.<br>";
}
$cc_number = $r->get_value("cc_number");
if (strlen($cc_number) >= 10) {
$ss = array("\\", "^", "\$", ".", "[", "]", "|", "(", ")", "+", "{", "}");
$rs = array("\\\\", "\\^", "\\\$", "\\.", "\\[", "\\]", "\\|", "\\(", "\\)", "\\+", "\\{", "\\}");
$cc_allowed_regexp = get_setting_value($cc_info, "cc_allowed", "");
$cc_allowed_regexp = preg_replace("/\\s/", "", $cc_allowed_regexp);
if (strlen($cc_allowed_regexp)) {
$cc_allowed_regexp = str_replace($ss, $rs, $cc_allowed_regexp);
$cc_allowed_regexp = str_replace(array(",", ";", "*", "?"), array(")|(", ")|(", ".*", "."), $cc_allowed_regexp);
$cc_allowed_regexp = "/^((" . $cc_allowed_regexp . "))\$/i";
}
$cc_forbidden_regexp = get_setting_value($cc_info, "cc_forbidden", "");
$cc_forbidden_regexp = preg_replace("/\\s/", "", $cc_forbidden_regexp);
if (strlen($cc_forbidden_regexp)) {
$cc_forbidden_regexp = str_replace($ss, $rs, $cc_forbidden_regexp);
$cc_forbidden_regexp = str_replace(array(",", ";", "*", "?"), array(")|(", ")|(", ".*", "."), $cc_forbidden_regexp);
$r->add_textbox("cc_last_name", TEXT);
$r->add_textbox("cc_number", TEXT);
$r->add_textbox("cc_start_date", DATETIME);
$r->change_property("cc_start_date", VALUE_MASK, array("MM", " / ", "YYYY"));
$r->add_textbox("cc_expiry_date", DATETIME);
$r->change_property("cc_expiry_date", VALUE_MASK, array("MM", " / ", "YYYY"));
$r->add_textbox("cc_type", INTEGER);
$r->add_textbox("cc_issue_number", INTEGER);
$r->add_textbox("cc_security_code", TEXT);
$r->add_textbox("pay_without_cc", TEXT);
if (!$order_errors) {
$r->get_db_values();
$r->set_value("cc_number", get_session("session_cc_number"));
$r->set_value("cc_security_code", get_session("session_cc_code"));
}
$cc_number = $r->get_value("cc_number");
$cc_number = format_cc_number($cc_number, "-", true);
$r->set_value("cc_number", $cc_number);
$payment_number = 0;
for ($i = 0; $i < sizeof($cc_parameters); $i++) {
$cc_param_name = $cc_parameters[$i];
if (!isset($cc_info["show_" . $cc_param_name]) || $cc_info["show_" . $cc_param_name] != 1 || $r->is_empty($cc_param_name)) {
$r->parameters[$cc_param_name][SHOW] = false;
} else {
$payment_number++;
}
}
$r->set_value("company_id", get_translation(get_db_value("SELECT company_name FROM " . $table_prefix . "companies WHERE company_id=" . $db->tosql($r->get_value("company_id"), INTEGER, true, false))));
$r->set_value("state_id", get_translation(get_db_value("SELECT state_name FROM " . $table_prefix . "states WHERE state_id=" . $db->tosql($r->get_value("state_id"), INTEGER))));
$r->set_value("country_id", get_translation(get_db_value("SELECT country_name FROM " . $table_prefix . "countries WHERE country_id=" . $db->tosql($r->get_value("country_id"), INTEGER))));
$r->set_value("delivery_company_id", get_translation(get_db_value("SELECT company_name FROM " . $table_prefix . "companies WHERE company_id=" . $db->tosql($r->get_value("delivery_company_id"), INTEGER, true, false))));
} else {
$r->change_property("subscribe", SHOW, false);
}
$r->get_form_values();
$r->set_value("user_type_id", $type_id);
$r->set_value("type", $type_id);
$r->set_value("registration_last_step", $registration_last_step);
$r->set_value("registration_total_steps", $registration_total_steps);
$r->set_value("is_sms_allowed", $group_sms_allowed);
if ($r->parameter_exists("birth_date")) {
//$r->change_property("birth_date", REQUIRED, false);
if (!$r->is_empty("birth_month") || !$r->is_empty("birth_day") || !$r->is_empty("birth_year")) {
$r->change_property("birth_month", REQUIRED, true);
$r->change_property("birth_day", REQUIRED, true);
$r->change_property("birth_year", REQUIRED, true);
$birth_month = $r->get_value("birth_month");
$birth_day = $r->get_value("birth_day");
$birth_year = $r->get_value("birth_year");
if ($birth_month && $birth_day > 0 && $birth_day < 32 && $birth_year > 1900 && $birth_year < date("Y")) {
$birth_date = $birth_year . "-" . $birth_month . "-" . $birth_day;
$r->set_value("birth_date", $birth_date);
}
}
}
// get name
if (!$user_email) {
if ($r->parameter_exists("email")) {
$user_email = $r->get_value("email");
}
if (!$user_email && $r->parameter_exists("delivery_email")) {
$user_email = $r->get_value("delivery_email");
$r->add_select("s_ci", TEXT, $countries);
$r->add_select("s_category", TEXT, $categories);
//Customization by Vital
$r->add_select("s_si", TEXT, $states);
$r->add_select("s_cct", TEXT, $credit_card_types);
$r->add_select("s_ex", TEXT, $export_options);
if ($sitelist) {
$r->add_select("s_sti", TEXT, $sites);
}
$r->get_form_parameters();
$r->validate();
$where = "";
$product_search = false;
if (!$r->errors) {
if (!$r->is_empty("s_on")) {
$s_on = $r->get_value("s_on");
if (preg_match("/^(\\d+)(,\\d+)*\$/", $s_on)) {
$where = " (o.order_id IN (" . $s_on . ") ";
$where .= " OR o.invoice_number=" . $db->tosql($s_on, TEXT);
$where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") ";
} else {
$where .= " (o.invoice_number=" . $db->tosql($s_on, TEXT);
$where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") ";
}
}
if (!$r->is_empty("s_ne")) {
if (strlen($where)) {
$where .= " AND ";
}
$s_ne = $r->get_value("s_ne");
$s_ne_sql = $db->tosql($s_ne, TEXT, false);
$r->set_value("delivery_country_id", $country_id);
} else {
$r->set_value("country_id", $country_id);
}
if ($order_info["show_delivery_state_id"] == 1) {
$r->set_value("delivery_state_id", $state_id);
} else {
$r->set_value("state_id", $state_id);
}
if ($order_info["show_delivery_zip"] == 1) {
$r->set_value("delivery_zip", $postal_code);
} else {
$r->set_value("zip", $postal_code);
}
}
$variables["user_id"] = $r->get_value("user_id");
$variables["tax_name"] = $tax_names;
$variables["tax_percent"] = $tax_percent_sum;
if ($delivery_errors) {
$delivery_errors = str_replace("{country_name}", get_array_value($country_id, $countries), $delivery_errors);
$sc_errors .= $delivery_errors;
}
// disable phone fields for SQL's
disable_phone_codes();
if (strlen($operation)) {
if ($is_update) {
if ($total_shipping_types > 1 && !strlen($shipping_type_id)) {
$r->errors .= REQUIRED_DELIVERY_MSG . "<br>";
}
if ($r->get_value("same_as_personal")) {
for ($i = 0; $i < sizeof($parameters); $i++) {
$action = get_param("action");
$user_id = get_session("session_user_id");
$site_url = get_setting_value($settings, "site_url", "");
$secure_user_profile = get_setting_value($settings, "secure_user_profile", 0);
$return_page = $site_url . get_custom_friendly_url("user_home.php");
$errors = "";
$r->get_form_values();
if (strlen($action)) {
if ($action == "cancel") {
header("Location: " . $return_page);
exit;
}
$r->validate();
$password_encrypt = get_setting_value($settings, "password_encrypt", 0);
if (!$r->is_empty("current_password")) {
$current_password = $r->get_value("current_password");
if ($password_encrypt == 1) {
$password_match = md5($current_password);
} else {
$password_match = $current_password;
}
$sql = " SELECT password FROM " . $table_prefix . "users WHERE user_id=" . $db->tosql($user_id, INTEGER);
$sql .= " AND password="******"{field_name}", $r->parameters["current_password"][CONTROL_DESC], INCORRECT_VALUE_MESSAGE);
}
}
if (!strlen($r->errors)) {
if ($password_encrypt) {
$r->set_value("password", md5($r->get_value("password")));
