function CustomersUpdate()
{
global $_POST, $Lang_folder;
$customers_id = -1;
// include PW function
require_once DIR_FS_INC . 'xtc_encrypt_password.inc.php';
if (isset($_POST['cID'])) {
$customers_id = xtc_db_prepare_input($_POST['cID']);
}
// security check, if user = admin, dont allow to perform changes
if ($customers_id != -1) {
$sec_query = xtc_db_query("SELECT customers_status FROM " . TABLE_CUSTOMERS . " where customers_id='" . $customers_id . "'");
$sec_data = xtc_db_fetch_array($sec_query);
if ($sec_data['customers_status'] == 0) {
print_xml_status(120, $_POST['action'], 'CAN NOT CHANGE ADMIN USER!', '', '', '');
return;
}
}
$sql_customers_data_array = array();
if (isset($_POST['customers_cid'])) {
$sql_customers_data_array['customers_cid'] = $_POST['customers_cid'];
}
if (isset($_POST['customers_firstname'])) {
$sql_customers_data_array['customers_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_customers_data_array['customers_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_dob'])) {
$sql_customers_data_array['customers_dob'] = $_POST['customers_dob'];
}
if (isset($_POST['customers_email'])) {
$sql_customers_data_array['customers_email_address'] = $_POST['customers_email'];
}
if (isset($_POST['customers_tele'])) {
$sql_customers_data_array['customers_telephone'] = $_POST['customers_tele'];
}
if (isset($_POST['customers_fax'])) {
$sql_customers_data_array['customers_fax'] = $_POST['customers_fax'];
}
if (isset($_POST['customers_gender'])) {
$sql_customers_data_array['customers_gender'] = $_POST['customers_gender'];
}
if (file_exists('cao_custupd_1.php')) {
include 'cao_custupd_1.php';
}
if (isset($_POST['customers_password'])) {
$sql_customers_data_array['customers_password'] = xtc_encrypt_password($_POST['customers_password']);
}
$sql_address_data_array = array();
if (isset($_POST['customers_firstname'])) {
$sql_address_data_array['entry_firstname'] = $_POST['customers_firstname'];
}
if (isset($_POST['customers_lastname'])) {
$sql_address_data_array['entry_lastname'] = $_POST['customers_lastname'];
}
if (isset($_POST['customers_company'])) {
$sql_address_data_array['entry_company'] = $_POST['customers_company'];
}
if (isset($_POST['customers_street'])) {
$sql_address_data_array['entry_street_address'] = $_POST['customers_street'];
}
if (isset($_POST['customers_city'])) {
$sql_address_data_array['entry_city'] = $_POST['customers_city'];
}
if (isset($_POST['customers_postcode'])) {
$sql_address_data_array['entry_postcode'] = $_POST['customers_postcode'];
}
if (isset($_POST['customers_gender'])) {
$sql_address_data_array['entry_gender'] = $_POST['customers_gender'];
}
if (isset($_POST['customers_country_id'])) {
$country_code = $_POST['customers_country_id'];
}
$country_query = "SELECT countries_id FROM " . TABLE_COUNTRIES . " WHERE countries_iso_code_2 = '" . $country_code . "' LIMIT 1";
$country_result = xtc_db_query($country_query);
$row = xtc_db_fetch_array($country_result);
$sql_address_data_array['entry_country_id'] = $row['countries_id'];
$count_query = xtc_db_query("SELECT count(*) as count FROM " . TABLE_CUSTOMERS . " WHERE customers_id='" . (int) $customers_id . "' LIMIT 1");
$check = xtc_db_fetch_array($count_query);
if ($check['count'] > 0) {
$mode = 'UPDATE';
$address_book_result = xtc_db_query("SELECT customers_default_address_id FROM " . TABLE_CUSTOMERS . " WHERE customers_id = '" . (int) $customers_id . "' LIMIT 1");
$customer = xtc_db_fetch_array($address_book_result);
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' LIMIT 1");
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array, 'update', "customers_id = '" . xtc_db_input($customers_id) . "' AND address_book_id = '" . $customer['customers_default_address_id'] . "' LIMIT 1");
xtc_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customers_id . "' LIMIT 1");
} else {
$mode = 'APPEND';
if (strlen($_POST['customers_password']) == 0) {
// generate PW if empty
$pw = xtc_RandomString(8);
$sql_customers_data_array['customers_password'] = xtc_create_password($pw);
} else {
$pw = $_POST['customers_password'];
}
xtc_db_perform(TABLE_CUSTOMERS, $sql_customers_data_array);
$customers_id = xtc_db_insert_id();
$sql_address_data_array['customers_id'] = $customers_id;
xtc_db_perform(TABLE_ADDRESS_BOOK, $sql_address_data_array);
$address_id = xtc_db_insert_id();
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $customers_id . "'");
//JP20080401
if (!isset($_POST['customers_price_level'])) {
xtc_db_query("update " . TABLE_CUSTOMERS . " set customers_status = '" . STANDARD_GROUP . "' where customers_id = '" . (int) $customers_id . "'");
}
xtc_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $customers_id . "', '0', now())");
}
if (SEND_ACCOUNT_MAIL == true && $mode == 'APPEND' && $sql_customers_data_array['customers_email_address'] != '') {
// generate mail for customer if customer=new
require_once DIR_WS_CLASSES . 'class.phpmailer.php';
require_once DIR_FS_INC . 'xtc_php_mail.inc.php';
require_once DIR_FS_INC . 'xtc_add_tax.inc.php';
require_once DIR_FS_INC . 'xtc_not_null.inc.php';
require_once DIR_FS_INC . 'xtc_href_link.inc.php';
require_once DIR_FS_INC . 'xtc_date_long.inc.php';
require_once DIR_FS_INC . 'xtc_check_agent.inc.php';
require_once DIR_FS_LANGUAGES . $Lang_folder . '/admin/' . $Lang_folder . '.php';
//JP 20080102
$smarty = new Smarty();
//$smarty->assign('language', $check_status['language']);
$smarty->assign('language', $Lang_folder);
$smarty->caching = false;
$smarty->template_dir = DIR_FS_CATALOG . 'templates';
$smarty->compile_dir = DIR_FS_CATALOG . 'templates_c';
$smarty->config_dir = DIR_FS_CATALOG . 'lang';
//BOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('tpl_path', DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/');
//$smarty->assign('tpl_path','templates/'.CURRENT_TEMPLATE.'/');
//EOF - GTB - 2010-08-03 - Security Fix - Base
$smarty->assign('logo_path', HTTP_SERVER . DIR_WS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/img/');
$smarty->assign('NAME', $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname']);
$smarty->assign('EMAIL', $sql_customers_data_array['customers_email_address']);
$smarty->assign('PASSWORD', $pw);
//$smarty->assign('language', $Lang_folder);
$smarty->assign('content', $module_content);
$smarty->caching = false;
$html_mail = $smarty->fetch('db:create_account_mail_admin.html');
$txt_mail = $smarty->fetch('db:create_account_mail_admin.txt');
// send mail with html/txt template
xtc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $sql_customers_data_array['customers_email_address'], $sql_customers_data_array['customers_lastname'] . ' ' . $sql_customers_data_array['customers_firstname'], '', EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, '', '', EMAIL_SUPPORT_SUBJECT, $html_mail, $txt_mail);
}
print_xml_status(0, $_POST['action'], 'OK', $mode, 'CUSTOMERS_ID', $customers_id);
}
$messageStack->add('create_account', ENTRY_PRIVACY_ERROR);
}
if (isset($customers_status)) {
$customers_status = (int) $customers_status;
}
if (!isset($customers_status) || $customers_status == 0) {
if (DEFAULT_CUSTOMERS_STATUS_ID_GUEST != 0) {
$customers_status = DEFAULT_CUSTOMERS_STATUS_ID_GUEST;
} else {
$customers_status = 1;
}
}
if (!$newsletter) {
$newsletter = '';
}
$password = xtc_create_password(8);
if ($error == false) {
$sql_data_array = array('customers_vat_id' => $vat, 'customers_vat_id_status' => $customers_vat_id_status, 'customers_status' => $customers_status, 'customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'account_type' => '1', 'customers_password' => $password, 'customers_date_added' => 'now()', 'customers_last_modified' => 'now()');
$_SESSION['account_type'] = '1';
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = xtc_date_raw($dob);
}
xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = xtc_db_insert_id();
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country, 'address_date_added' => 'now()', 'address_last_modified' => 'now()');
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}