set_session("session_vc", $vc);
set_session("session_payment_id", $payment_id);
$return_page = "order_confirmation.php";
$items_text = "";
if ($parameters_number == 0) {
header("Location: " . $return_page);
exit;
}
if (strlen($cc_start_year) && strlen($cc_start_month)) {
$r->set_value("cc_start_date", array($cc_start_year, $cc_start_month, 1, 0, 0, 0));
}
if (strlen($cc_expiry_year) && strlen($cc_expiry_month)) {
$r->set_value("cc_expiry_date", array($cc_expiry_year, $cc_expiry_month, 1, 0, 0, 0));
}
if (strlen($action)) {
if ($r->is_empty("order_id")) {
$r->errors .= "Missing <b>Order number</b>.<br>";
}
$cc_number = $r->get_value("cc_number");
if (strlen($cc_number) >= 10) {
$ss = array("\\", "^", "\$", ".", "[", "]", "|", "(", ")", "+", "{", "}");
$rs = array("\\\\", "\\^", "\\\$", "\\.", "\\[", "\\]", "\\|", "\\(", "\\)", "\\+", "\\{", "\\}");
$cc_allowed_regexp = get_setting_value($cc_info, "cc_allowed", "");
$cc_allowed_regexp = preg_replace("/\\s/", "", $cc_allowed_regexp);
if (strlen($cc_allowed_regexp)) {
$cc_allowed_regexp = str_replace($ss, $rs, $cc_allowed_regexp);
$cc_allowed_regexp = str_replace(array(",", ";", "*", "?"), array(")|(", ")|(", ".*", "."), $cc_allowed_regexp);
$cc_allowed_regexp = "/^((" . $cc_allowed_regexp . "))\$/i";
}
$cc_forbidden_regexp = get_setting_value($cc_info, "cc_forbidden", "");
$cc_forbidden_regexp = preg_replace("/\\s/", "", $cc_forbidden_regexp);
$r->add_textbox("secure_3d_check", TEXT);
$r->add_textbox("secure_3d_status", TEXT);
$r->add_textbox("secure_3d_md", TEXT);
$r->add_textbox("secure_3d_xid", TEXT);
$action = get_param("action");
$return_page = "order_final.php";
$items_text = "";
$t->set_var("site_url", $settings["site_url"]);
$t->set_var("referer", $referer);
$t->set_var("referrer", $referer);
$t->set_var("HTTP_REFERER", $referer);
$t->set_var("initial_ip", $initial_ip);
$t->set_var("cookie_ip", $cookie_ip);
$t->set_var("visit_number", $visit_number);
if (strlen($action)) {
if ($r->is_empty("order_id")) {
$r->errors .= "Missing <b>Order number</b>.<br>";
}
if (!strlen($r->errors)) {
$is_advanced = false;
if (strlen($payment_id)) {
$db->query("SELECT * FROM " . $table_prefix . "payment_systems WHERE is_active=1 AND payment_id=" . $db->tosql($payment_id, INTEGER));
if ($db->next_record()) {
$is_advanced = $db->f("is_advanced");
$advanced_url = $db->f("advanced_url");
$advanced_php_lib = $db->f("advanced_php_lib");
$success_status_id = $db->f("success_status_id");
$pending_status_id = $db->f("pending_status_id");
$failure_status_id = $db->f("failure_status_id");
$failure_action = $db->f("failure_action");
}
$r->change_property("subscribe", USE_IN_INSERT, false);
$r->change_property("subscribe", USE_IN_UPDATE, false);
if ($subscribe_block && ($login_field_type == 2 || $r->parameter_exists("email") && $r->get_property_value("email", SHOW) || $r->parameter_exists("delivery_email") && $r->get_property_value("delivery_email", SHOW))) {
$r->change_property("subscribe", SHOW, true);
} else {
$r->change_property("subscribe", SHOW, false);
}
$r->get_form_values();
$r->set_value("user_type_id", $type_id);
$r->set_value("type", $type_id);
$r->set_value("registration_last_step", $registration_last_step);
$r->set_value("registration_total_steps", $registration_total_steps);
$r->set_value("is_sms_allowed", $group_sms_allowed);
if ($r->parameter_exists("birth_date")) {
//$r->change_property("birth_date", REQUIRED, false);
if (!$r->is_empty("birth_month") || !$r->is_empty("birth_day") || !$r->is_empty("birth_year")) {
$r->change_property("birth_month", REQUIRED, true);
$r->change_property("birth_day", REQUIRED, true);
$r->change_property("birth_year", REQUIRED, true);
$birth_month = $r->get_value("birth_month");
$birth_day = $r->get_value("birth_day");
$birth_year = $r->get_value("birth_year");
if ($birth_month && $birth_day > 0 && $birth_day < 32 && $birth_year > 1900 && $birth_year < date("Y")) {
$birth_date = $birth_year . "-" . $birth_month . "-" . $birth_day;
$r->set_value("birth_date", $birth_date);
}
}
}
// get name
if (!$user_email) {
if ($r->parameter_exists("email")) {
$r->add_select("s_os", INTEGER, $order_statuses);
$r->add_select("s_ci", TEXT, $countries);
$r->add_select("s_category", TEXT, $categories);
//Customization by Vital
$r->add_select("s_si", TEXT, $states);
$r->add_select("s_cct", TEXT, $credit_card_types);
$r->add_select("s_ex", TEXT, $export_options);
if ($sitelist) {
$r->add_select("s_sti", TEXT, $sites);
}
$r->get_form_parameters();
$r->validate();
$where = "";
$product_search = false;
if (!$r->errors) {
if (!$r->is_empty("s_on")) {
$s_on = $r->get_value("s_on");
if (preg_match("/^(\\d+)(,\\d+)*\$/", $s_on)) {
$where = " (o.order_id IN (" . $s_on . ") ";
$where .= " OR o.invoice_number=" . $db->tosql($s_on, TEXT);
$where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") ";
} else {
$where .= " (o.invoice_number=" . $db->tosql($s_on, TEXT);
$where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") ";
}
}
if (!$r->is_empty("s_ne")) {
if (strlen($where)) {
$where .= " AND ";
}
$s_ne = $r->get_value("s_ne");
} else {
header("Location: " . $payment_url);
//original line
exit;
//original line
}
//end customization
}
} elseif ($user_id) {
// set user details from user info
$user_login = $user_info["login"];
for ($i = 0; $i < sizeof($parameters); $i++) {
$r->set_value($parameters[$i], get_setting_value($user_info, $parameters[$i]));
$r->set_value("delivery_" . $parameters[$i], get_setting_value($user_info, "delivery_" . $parameters[$i]));
}
if ($r->is_empty("email") && preg_match(EMAIL_REGEXP, $user_login)) {
$r->set_value("email", $user_login);
}
// check if phone codes available
phone_code_checks($phone_codes);
} else {
// set default values from cookies
$cookie_order_info = trim(get_cookie("cookie_order_info"));
if (strlen($cookie_order_info)) {
$cookie_pairs = explode("|", $cookie_order_info);
for ($i = 0; $i < sizeof($cookie_pairs); $i++) {
$cookie_line = trim($cookie_pairs[$i]);
if (strlen($cookie_line)) {
$cookie_values = explode("=", $cookie_line, 2);
if (isset($r->parameters[$cookie_values[0]])) {
$r->set_value($cookie_values[0], $cookie_values[1]);
$r->change_property("password", MATCHED, "confirm");
$action = get_param("action");
$user_id = get_session("session_user_id");
$site_url = get_setting_value($settings, "site_url", "");
$secure_user_profile = get_setting_value($settings, "secure_user_profile", 0);
$return_page = $site_url . get_custom_friendly_url("user_home.php");
$errors = "";
$r->get_form_values();
if (strlen($action)) {
if ($action == "cancel") {
header("Location: " . $return_page);
exit;
}
$r->validate();
$password_encrypt = get_setting_value($settings, "password_encrypt", 0);
if (!$r->is_empty("current_password")) {
$current_password = $r->get_value("current_password");
if ($password_encrypt == 1) {
$password_match = md5($current_password);
} else {
$password_match = $current_password;
}
$sql = " SELECT password FROM " . $table_prefix . "users WHERE user_id=" . $db->tosql($user_id, INTEGER);
$sql .= " AND password="******"{field_name}", $r->parameters["current_password"][CONTROL_DESC], INCORRECT_VALUE_MESSAGE);
}
}
if (!strlen($r->errors)) {
if ($password_encrypt) {
