public static function updateCustomer() { global $db; global $config; // $encrypted_credit_card_number = ''; $is_new_cc_num = $_POST['credit_card_number_new'] != ''; $sql = "UPDATE \n " . TB_PREFIX . "customers \n SET \n name = :name,\n attention = :attention,\n street_address = :street_address,\n street_address2 = :street_address2,\n city = :city,\n state = :state,\n zip_code = :zip_code,\n country = :country,\n phone = :phone,\n mobile_phone = :mobile_phone,\n fax = :fax,\n email = :email,\n credit_card_holder_name = :credit_card_holder_name,\n " . ($is_new_cc_num ? 'credit_card_number = :credit_card_number,' : '') . "\n credit_card_expiry_month = :credit_card_expiry_month,\n credit_card_expiry_year = :credit_card_expiry_year,\n notes = :notes,\n parent_customer_id = :parent_customer_id,\n custom_field1 = :custom_field1,\n custom_field2 = :custom_field2,\n custom_field3 = :custom_field3,\n custom_field4 = :custom_field4,\n enabled = :enabled\n WHERE\n id = :id"; if ($is_new_cc_num) { $credit_card_number = $_POST['credit_card_number_new']; //cc $enc = new encryption(); $key = $config->encryption->default->key; $encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number); return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_number', $encrypted_credit_card_number, ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']); } else { return $db->query($sql, ':name', $_POST[name], ':attention', $_POST[attention], ':street_address', $_POST[street_address], ':street_address2', $_POST[street_address2], ':city', $_POST[city], ':state', $_POST[state], ':zip_code', $_POST[zip_code], ':country', $_POST[country], ':phone', $_POST[phone], ':mobile_phone', $_POST[mobile_phone], ':fax', $_POST[fax], ':email', $_POST[email], ':notes', $_POST[notes], ':credit_card_holder_name', $_POST[credit_card_holder_name], ':credit_card_expiry_month', $_POST[credit_card_expiry_month], ':credit_card_expiry_year', $_POST[credit_card_expiry_year], ':parent_customer_id', $_POST['parent_customer_id'], ':custom_field1', $_POST[custom_field1], ':custom_field2', $_POST[custom_field2], ':custom_field3', $_POST[custom_field3], ':custom_field4', $_POST[custom_field4], ':enabled', $_POST['enabled'], ':id', $_GET['id']); } }
function insertCustomer() { global $config; $domain_id = domain_id::get(); extract($_POST); $sql = "INSERT INTO \n\t\t\t" . TB_PREFIX . "customers\n\t\t\t(\n\t\t\t\tdomain_id, attention, name, department, street_address, street_address2,\n\t\t\t\tcity, state, zip_code, country, phone, mobile_phone,\n\t\t\t\tfax, email, notes,\n\t\t\t\tcredit_card_holder_name, credit_card_number,\n\t\t\t\tcredit_card_expiry_month, credit_card_expiry_year, \n\t\t\t\tcustom_field1, custom_field2,\n\t\t\t\tcustom_field3, custom_field4, enabled\n\t\t\t)\n\t\t\tVALUES \n\t\t\t(\n\t\t\t\t:domain_id ,:attention, :name, :department, :street_address, :street_address2,\n\t\t\t\t:city, :state, :zip_code, :country, :phone, :mobile_phone,\n\t\t\t\t:fax, :email, :notes, \n\t\t\t\t:credit_card_holder_name, :credit_card_number,\n\t\t\t\t:credit_card_expiry_month, :credit_card_expiry_year, \n\t\t\t\t:custom_field1, :custom_field2,\n\t\t\t\t:custom_field3, :custom_field4, :enabled\n\t\t\t)"; //cc $enc = new encryption(); $key = $config->encryption->default->key; $encrypted_credit_card_number = $enc->encrypt($key, $credit_card_number); return dbQuery($sql, ':attention', $attention, ':name', $name, ':department', $department, ':street_address', $street_address, ':street_address2', $street_address2, ':city', $city, ':state', $state, ':zip_code', $zip_code, ':country', $country, ':phone', $phone, ':mobile_phone', $mobile_phone, ':fax', $fax, ':email', $email, ':notes', $notes, ':credit_card_holder_name', $credit_card_holder_name, ':credit_card_number', $encrypted_credit_card_number, ':credit_card_expiry_month', $credit_card_expiry_month, ':credit_card_expiry_year', $credit_card_expiry_year, ':custom_field1', $custom_field1, ':custom_field2', $custom_field2, ':custom_field3', $custom_field3, ':custom_field4', $custom_field4, ':enabled', $enabled, ':domain_id', $domain_id); }
if (ENABLE_ENCRYPTION && $_POST['payment_cc_name'] && $_POST['payment_cc_number']) { // save payment info if (strlen($_SESSION['admin_encrypt']) > 1) { $card_name = db_prepare_input($_POST['payment_cc_name']); $card_num = db_prepare_input($_POST['payment_cc_number']); if ($card_num) { $card_num = preg_replace("/[^0-9]/", "", $card_num); $hint = substr($card_num, 0, 1); for ($a = 0; $a < strlen($card_num) - 5; $a++) { $hint .= '*'; } $hint .= substr($card_num, -4); $payment = array($card_name, $card_num, db_prepare_input($_POST['payment_exp_month']), db_prepare_input($_POST['payment_exp_year']), db_prepare_input($_POST['payment_cc_cvv2'])); $val = implode(':', $payment) . ':'; $encrypt = new encryption(); if (!($enc_value = $encrypt->encrypt($_SESSION['admin_encrypt'], $val, 128))) { $messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error'); $error = true; } $encryption_array = array('hint' => $hint, 'module' => 'contacts', 'enc_value' => $enc_value); } } else { $error = $messageStack->add(ACT_NO_KEY_EXISTS, 'error'); } } // address book fields $addresses = array(); foreach ($address_types as $value) { if ($value != 'im' && substr($value, 1, 1) == 'm' || $value == 'im' && $type == 'i' || $_POST[$value . '_primary_name'] != '') { // optional billing, shipping, and contact $addresses[$value]['address_id'] = db_prepare_input($_POST[$value . '_address_id']);
/** * Update a customer * * @param mixed $data * @param mixed $id * @return int */ public function update(array $data, $id) { $auth_session = Zend_Registry::get('auth_session'); $where = array(); $where[] = $this->getAdapter()->quoteInto('id = ?', $id); $where[] = $this->getAdapter()->quoteInto('domain_id = ?', $auth_session->domain_id); // IF Credit Card Number is present it must be cyphered if (array_key_exists('credit_card_number', $data)) { if (!empty($data['credit_card_number'])) { $config = Zend_Registry::get('config'); $enc = new encryption(); $key = $config->encryption->default->key; $data['credit_card_number'] = $enc->encrypt($key, $data['credit_card_number']); } } return parent::update($data, $where); }
function encrypt_payment($module, $card_key_pos = false) { global $db, $messageStack; if (strlen($_SESSION['admin_encrypt']) > 1) { $tmp = array(); $cnt = 0; $hint_val = false; while (true) { if (!isset($_POST[$module . '_field_' . $cnt])) { break; } $tmp[] = db_prepare_input($_POST[$module . '_field_' . $cnt]); if ($cnt === $card_key_pos) { $hint_val = trim(db_prepare_input($_POST[$module . '_field_' . $cnt])); } $cnt++; } if (sizeof($tmp) > 0) { require_once DIR_FS_MODULES . 'general/classes/encryption.php'; $hint = ''; if ($hint_val) { $hint = substr($hint_val, 0, 1); for ($a = 0; $a < strlen($hint_val) - 5; $a++) { $hint .= '*'; } $hint .= substr($hint_val, -4); } $encrypt = new encryption(); if (!($enc_value = $encrypt->encrypt($_SESSION['admin_encrypt'], implode(':', $tmp), 128))) { $messageStack->add('Encryption error - ' . implode('. ', $encrypt->errors), 'error'); return false; } $encryption_array = array('hint' => $hint, 'module' => 'contacts', 'enc_value' => $enc_value, 'ref_1' => $this->bill_acct_id, 'ref_2' => $this->bill_address_id); if ($this->payment_id) { db_perform(TABLE_DATA_SECURITY, $encryption_array, 'update', 'id = ' . $this->payment_id); } else { db_perform(TABLE_DATA_SECURITY, $encryption_array, 'insert'); } } } else { $messageStack->add(BNK_PAYMENT_NOT_SAVED, 'error'); return false; } return true; }