set_session("session_vc", $vc); set_session("session_payment_id", $payment_id); $return_page = "order_confirmation.php"; $items_text = ""; if ($parameters_number == 0) { header("Location: " . $return_page); exit; } if (strlen($cc_start_year) && strlen($cc_start_month)) { $r->set_value("cc_start_date", array($cc_start_year, $cc_start_month, 1, 0, 0, 0)); } if (strlen($cc_expiry_year) && strlen($cc_expiry_month)) { $r->set_value("cc_expiry_date", array($cc_expiry_year, $cc_expiry_month, 1, 0, 0, 0)); } if (strlen($action)) { if ($r->is_empty("order_id")) { $r->errors .= "Missing <b>Order number</b>.<br>"; } $cc_number = $r->get_value("cc_number"); if (strlen($cc_number) >= 10) { $ss = array("\\", "^", "\$", ".", "[", "]", "|", "(", ")", "+", "{", "}"); $rs = array("\\\\", "\\^", "\\\$", "\\.", "\\[", "\\]", "\\|", "\\(", "\\)", "\\+", "\\{", "\\}"); $cc_allowed_regexp = get_setting_value($cc_info, "cc_allowed", ""); $cc_allowed_regexp = preg_replace("/\\s/", "", $cc_allowed_regexp); if (strlen($cc_allowed_regexp)) { $cc_allowed_regexp = str_replace($ss, $rs, $cc_allowed_regexp); $cc_allowed_regexp = str_replace(array(",", ";", "*", "?"), array(")|(", ")|(", ".*", "."), $cc_allowed_regexp); $cc_allowed_regexp = "/^((" . $cc_allowed_regexp . "))\$/i"; } $cc_forbidden_regexp = get_setting_value($cc_info, "cc_forbidden", ""); $cc_forbidden_regexp = preg_replace("/\\s/", "", $cc_forbidden_regexp);
$r->add_textbox("secure_3d_check", TEXT); $r->add_textbox("secure_3d_status", TEXT); $r->add_textbox("secure_3d_md", TEXT); $r->add_textbox("secure_3d_xid", TEXT); $action = get_param("action"); $return_page = "order_final.php"; $items_text = ""; $t->set_var("site_url", $settings["site_url"]); $t->set_var("referer", $referer); $t->set_var("referrer", $referer); $t->set_var("HTTP_REFERER", $referer); $t->set_var("initial_ip", $initial_ip); $t->set_var("cookie_ip", $cookie_ip); $t->set_var("visit_number", $visit_number); if (strlen($action)) { if ($r->is_empty("order_id")) { $r->errors .= "Missing <b>Order number</b>.<br>"; } if (!strlen($r->errors)) { $is_advanced = false; if (strlen($payment_id)) { $db->query("SELECT * FROM " . $table_prefix . "payment_systems WHERE is_active=1 AND payment_id=" . $db->tosql($payment_id, INTEGER)); if ($db->next_record()) { $is_advanced = $db->f("is_advanced"); $advanced_url = $db->f("advanced_url"); $advanced_php_lib = $db->f("advanced_php_lib"); $success_status_id = $db->f("success_status_id"); $pending_status_id = $db->f("pending_status_id"); $failure_status_id = $db->f("failure_status_id"); $failure_action = $db->f("failure_action"); }
$r->change_property("subscribe", USE_IN_INSERT, false); $r->change_property("subscribe", USE_IN_UPDATE, false); if ($subscribe_block && ($login_field_type == 2 || $r->parameter_exists("email") && $r->get_property_value("email", SHOW) || $r->parameter_exists("delivery_email") && $r->get_property_value("delivery_email", SHOW))) { $r->change_property("subscribe", SHOW, true); } else { $r->change_property("subscribe", SHOW, false); } $r->get_form_values(); $r->set_value("user_type_id", $type_id); $r->set_value("type", $type_id); $r->set_value("registration_last_step", $registration_last_step); $r->set_value("registration_total_steps", $registration_total_steps); $r->set_value("is_sms_allowed", $group_sms_allowed); if ($r->parameter_exists("birth_date")) { //$r->change_property("birth_date", REQUIRED, false); if (!$r->is_empty("birth_month") || !$r->is_empty("birth_day") || !$r->is_empty("birth_year")) { $r->change_property("birth_month", REQUIRED, true); $r->change_property("birth_day", REQUIRED, true); $r->change_property("birth_year", REQUIRED, true); $birth_month = $r->get_value("birth_month"); $birth_day = $r->get_value("birth_day"); $birth_year = $r->get_value("birth_year"); if ($birth_month && $birth_day > 0 && $birth_day < 32 && $birth_year > 1900 && $birth_year < date("Y")) { $birth_date = $birth_year . "-" . $birth_month . "-" . $birth_day; $r->set_value("birth_date", $birth_date); } } } // get name if (!$user_email) { if ($r->parameter_exists("email")) {
$r->add_select("s_os", INTEGER, $order_statuses); $r->add_select("s_ci", TEXT, $countries); $r->add_select("s_category", TEXT, $categories); //Customization by Vital $r->add_select("s_si", TEXT, $states); $r->add_select("s_cct", TEXT, $credit_card_types); $r->add_select("s_ex", TEXT, $export_options); if ($sitelist) { $r->add_select("s_sti", TEXT, $sites); } $r->get_form_parameters(); $r->validate(); $where = ""; $product_search = false; if (!$r->errors) { if (!$r->is_empty("s_on")) { $s_on = $r->get_value("s_on"); if (preg_match("/^(\\d+)(,\\d+)*\$/", $s_on)) { $where = " (o.order_id IN (" . $s_on . ") "; $where .= " OR o.invoice_number=" . $db->tosql($s_on, TEXT); $where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") "; } else { $where .= " (o.invoice_number=" . $db->tosql($s_on, TEXT); $where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") "; } } if (!$r->is_empty("s_ne")) { if (strlen($where)) { $where .= " AND "; } $s_ne = $r->get_value("s_ne");
} else { header("Location: " . $payment_url); //original line exit; //original line } //end customization } } elseif ($user_id) { // set user details from user info $user_login = $user_info["login"]; for ($i = 0; $i < sizeof($parameters); $i++) { $r->set_value($parameters[$i], get_setting_value($user_info, $parameters[$i])); $r->set_value("delivery_" . $parameters[$i], get_setting_value($user_info, "delivery_" . $parameters[$i])); } if ($r->is_empty("email") && preg_match(EMAIL_REGEXP, $user_login)) { $r->set_value("email", $user_login); } // check if phone codes available phone_code_checks($phone_codes); } else { // set default values from cookies $cookie_order_info = trim(get_cookie("cookie_order_info")); if (strlen($cookie_order_info)) { $cookie_pairs = explode("|", $cookie_order_info); for ($i = 0; $i < sizeof($cookie_pairs); $i++) { $cookie_line = trim($cookie_pairs[$i]); if (strlen($cookie_line)) { $cookie_values = explode("=", $cookie_line, 2); if (isset($r->parameters[$cookie_values[0]])) { $r->set_value($cookie_values[0], $cookie_values[1]);
$r->change_property("password", MATCHED, "confirm"); $action = get_param("action"); $user_id = get_session("session_user_id"); $site_url = get_setting_value($settings, "site_url", ""); $secure_user_profile = get_setting_value($settings, "secure_user_profile", 0); $return_page = $site_url . get_custom_friendly_url("user_home.php"); $errors = ""; $r->get_form_values(); if (strlen($action)) { if ($action == "cancel") { header("Location: " . $return_page); exit; } $r->validate(); $password_encrypt = get_setting_value($settings, "password_encrypt", 0); if (!$r->is_empty("current_password")) { $current_password = $r->get_value("current_password"); if ($password_encrypt == 1) { $password_match = md5($current_password); } else { $password_match = $current_password; } $sql = " SELECT password FROM " . $table_prefix . "users WHERE user_id=" . $db->tosql($user_id, INTEGER); $sql .= " AND password="******"{field_name}", $r->parameters["current_password"][CONTROL_DESC], INCORRECT_VALUE_MESSAGE); } } if (!strlen($r->errors)) { if ($password_encrypt) {