public static function updateCustomer()
{
global $db;
global $config;
// $encrypted_credit_card_number = '';
$is_new_cc_num = $_POST['credit_card_number_new'] != '';
$sql = "UPDATE \n " . TB_PREFIX . "customers \n SET \n name = :name,\n attention = :attention,\n street_address = :street_address,\n street_address2 = :street_address2,\n city = :city,\n state = :state,\n zip_code = :zip_code,\n country = :country,\n phone = :phone,\n mobile_phone = :mobile_phone,\n fax = :fax,\n email = :email,\n credit_card_holder_name = :credit_card_holder_name,\n " . ($is_new_cc_num ? 'credit_card_number = :credit_card_number,' : '') . "\n credit_card_expiry_month = :credit_card_expiry_month,\n credit_card_expiry_year = :credit_card_expiry_year,\n notes = :notes,\n parent_customer_id = :parent_customer_id,\n custom_field1 = :custom_field1,\n custom_field2 = :custom_field2,\n custom_field3 = :custom_field3,\n custom_field4 = :custom_field4,\n enabled = :enabled\n WHERE\n id = :id";
if ($is_new_cc_num) {
$credit_card_number = $_POST['credit_card_number_new'];
//cc
$enc = new encryption();
$key = $config->encryption->default->key;
$encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number);
return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_number', $encrypted_credit_card_number, ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']);
} else {
return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']);
}
}
function insertCustomer()
{
global $config;
$domain_id = domain_id::get();
extract($_POST);
$sql = "INSERT INTO \n\t\t\t" . TB_PREFIX . "customers\n\t\t\t(\n\t\t\t\tdomain_id, attention, name, department, street_address, street_address2,\n\t\t\t\tcity, state, zip_code, country, phone, mobile_phone,\n\t\t\t\tfax, email, notes,\n\t\t\t\tcredit_card_holder_name, credit_card_number,\n\t\t\t\tcredit_card_expiry_month, credit_card_expiry_year, \n\t\t\t\tcustom_field1, custom_field2,\n\t\t\t\tcustom_field3, custom_field4, enabled\n\t\t\t)\n\t\t\tVALUES \n\t\t\t(\n\t\t\t\t:domain_id ,:attention, :name, :department, :street_address, :street_address2,\n\t\t\t\t:city, :state, :zip_code, :country, :phone, :mobile_phone,\n\t\t\t\t:fax, :email, :notes, \n\t\t\t\t:credit_card_holder_name, :credit_card_number,\n\t\t\t\t:credit_card_expiry_month, :credit_card_expiry_year, \n\t\t\t\t:custom_field1, :custom_field2,\n\t\t\t\t:custom_field3, :custom_field4, :enabled\n\t\t\t)";
//cc
$enc = new encryption();
$key = $config->encryption->default->key;
$encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number);
return dbQuery($sql, ':attention', $attention, ':name', $name, ':department', $department, ':street_address', $street_address, ':street_address2', $street_address2, ':city', $city, ':state', $state, ':zip_code', $zip_code, ':country', $country, ':phone', $phone, ':mobile_phone', $mobile_phone, ':fax', $fax, ':email', $email, ':notes', $notes, ':credit_card_holder_name', $credit_card_holder_name, ':credit_card_number', $encrypted_credit_card_number, ':credit_card_expiry_month', $credit_card_expiry_month, ':credit_card_expiry_year', $credit_card_expiry_year, ':custom_field1', $custom_field1, ':custom_field2', $custom_field2, ':custom_field3', $custom_field3, ':custom_field4', $custom_field4, ':enabled', $enabled, ':domain_id', $domain_id);
}
if (ENABLE_ENCRYPTION && $_POST['payment_cc_name'] && $_POST['payment_cc_number']) {
// save payment info
if (strlen($_SESSION['admin_encrypt']) > 1) {
$card_name = db_prepare_input($_POST['payment_cc_name']);
$card_num = db_prepare_input($_POST['payment_cc_number']);
if ($card_num) {
$card_num = preg_replace("/[^0-9]/", "", $card_num);
$hint = substr($card_num, 0, 1);
for ($a = 0; $a < strlen($card_num) - 5; $a++) {
$hint .= '*';
}
$hint .= substr($card_num, -4);
$payment = array($card_name, $card_num, db_prepare_input($_POST['payment_exp_month']), db_prepare_input($_POST['payment_exp_year']), db_prepare_input($_POST['payment_cc_cvv2']));
$val = implode(':', $payment) . ':';
$encrypt = new encryption();
if (!($enc_value = $encrypt->encrypt($_SESSION['admin_encrypt'], $val, 128))) {
$messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error');
$error = true;
}
$encryption_array = array('hint' => $hint, 'module' => 'contacts', 'enc_value' => $enc_value);
}
} else {
$error = $messageStack->add(ACT_NO_KEY_EXISTS, 'error');
}
}
// address book fields
$addresses = array();
foreach ($address_types as $value) {
if ($value != 'im' && substr($value, 1, 1) == 'm' || $value == 'im' && $type == 'i' || $_POST[$value . '_primary_name'] != '') {
// optional billing, shipping, and contact
$addresses[$value]['address_id'] = db_prepare_input($_POST[$value . '_address_id']);
/**
* Update a customer
*
* @param mixed $data
* @param mixed $id
* @return int
*/
public function update(array $data, $id)
{
$auth_session = Zend_Registry::get('auth_session');
$where = array();
$where[] = $this->getAdapter()->quoteInto('id = ?', $id);
$where[] = $this->getAdapter()->quoteInto('domain_id = ?', $auth_session->domain_id);
// IF Credit Card Number is present it must be cyphered
if (array_key_exists('credit_card_number', $data)) {
if (!empty($data['credit_card_number'])) {
$config = Zend_Registry::get('config');
$enc = new encryption();
$key = $config->encryption->default->key;
$data['credit_card_number'] = $enc->encrypt($key, $data['credit_card_number']);
}
}
return parent::update($data, $where);
}
function encrypt_payment($module, $card_key_pos = false)
{
global $db, $messageStack;
if (strlen($_SESSION['admin_encrypt']) > 1) {
$tmp = array();
$cnt = 0;
$hint_val = false;
while (true) {
if (!isset($_POST[$module . '_field_' . $cnt])) {
break;
}
$tmp[] = db_prepare_input($_POST[$module . '_field_' . $cnt]);
if ($cnt === $card_key_pos) {
$hint_val = trim(db_prepare_input($_POST[$module . '_field_' . $cnt]));
}
$cnt++;
}
if (sizeof($tmp) > 0) {
require_once DIR_FS_MODULES . 'general/classes/encryption.php';
$hint = '';
if ($hint_val) {
$hint = substr($hint_val, 0, 1);
for ($a = 0; $a < strlen($hint_val) - 5; $a++) {
$hint .= '*';
}
$hint .= substr($hint_val, -4);
}
$encrypt = new encryption();
if (!($enc_value = $encrypt->encrypt($_SESSION['admin_encrypt'], implode(':', $tmp), 128))) {
$messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error');
return false;
}
$encryption_array = array('hint' => $hint, 'module' => 'contacts', 'enc_value' => $enc_value, 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id);
if ($this->payment_id) {
db_perform(TABLE_DATA_SECURITY, $encryption_array, 'update', 'id = ' . $this->payment_id);
} else {
db_perform(TABLE_DATA_SECURITY, $encryption_array, 'insert');
}
}
} else {
$messageStack->add(BNK_PAYMENT_NOT_SAVED, 'error');
return false;
}
return true;
}
