$items_text = ""; if ($parameters_number == 0) { header("Location: " . $return_page); exit; } if (strlen($cc_start_year) && strlen($cc_start_month)) { $r->set_value("cc_start_date", array($cc_start_year, $cc_start_month, 1, 0, 0, 0)); } if (strlen($cc_expiry_year) && strlen($cc_expiry_month)) { $r->set_value("cc_expiry_date", array($cc_expiry_year, $cc_expiry_month, 1, 0, 0, 0)); } if (strlen($action)) { if ($r->is_empty("order_id")) { $r->errors .= "Missing <b>Order number</b>.<br>"; } $cc_number = $r->get_value("cc_number"); if (strlen($cc_number) >= 10) { $ss = array("\\", "^", "\$", ".", "[", "]", "|", "(", ")", "+", "{", "}"); $rs = array("\\\\", "\\^", "\\\$", "\\.", "\\[", "\\]", "\\|", "\\(", "\\)", "\\+", "\\{", "\\}"); $cc_allowed_regexp = get_setting_value($cc_info, "cc_allowed", ""); $cc_allowed_regexp = preg_replace("/\\s/", "", $cc_allowed_regexp); if (strlen($cc_allowed_regexp)) { $cc_allowed_regexp = str_replace($ss, $rs, $cc_allowed_regexp); $cc_allowed_regexp = str_replace(array(",", ";", "*", "?"), array(")|(", ")|(", ".*", "."), $cc_allowed_regexp); $cc_allowed_regexp = "/^((" . $cc_allowed_regexp . "))\$/i"; } $cc_forbidden_regexp = get_setting_value($cc_info, "cc_forbidden", ""); $cc_forbidden_regexp = preg_replace("/\\s/", "", $cc_forbidden_regexp); if (strlen($cc_forbidden_regexp)) { $cc_forbidden_regexp = str_replace($ss, $rs, $cc_forbidden_regexp); $cc_forbidden_regexp = str_replace(array(",", ";", "*", "?"), array(")|(", ")|(", ".*", "."), $cc_forbidden_regexp);
$r->add_textbox("cc_last_name", TEXT); $r->add_textbox("cc_number", TEXT); $r->add_textbox("cc_start_date", DATETIME); $r->change_property("cc_start_date", VALUE_MASK, array("MM", " / ", "YYYY")); $r->add_textbox("cc_expiry_date", DATETIME); $r->change_property("cc_expiry_date", VALUE_MASK, array("MM", " / ", "YYYY")); $r->add_textbox("cc_type", INTEGER); $r->add_textbox("cc_issue_number", INTEGER); $r->add_textbox("cc_security_code", TEXT); $r->add_textbox("pay_without_cc", TEXT); if (!$order_errors) { $r->get_db_values(); $r->set_value("cc_number", get_session("session_cc_number")); $r->set_value("cc_security_code", get_session("session_cc_code")); } $cc_number = $r->get_value("cc_number"); $cc_number = format_cc_number($cc_number, "-", true); $r->set_value("cc_number", $cc_number); $payment_number = 0; for ($i = 0; $i < sizeof($cc_parameters); $i++) { $cc_param_name = $cc_parameters[$i]; if (!isset($cc_info["show_" . $cc_param_name]) || $cc_info["show_" . $cc_param_name] != 1 || $r->is_empty($cc_param_name)) { $r->parameters[$cc_param_name][SHOW] = false; } else { $payment_number++; } } $r->set_value("company_id", get_translation(get_db_value("SELECT company_name FROM " . $table_prefix . "companies WHERE company_id=" . $db->tosql($r->get_value("company_id"), INTEGER, true, false)))); $r->set_value("state_id", get_translation(get_db_value("SELECT state_name FROM " . $table_prefix . "states WHERE state_id=" . $db->tosql($r->get_value("state_id"), INTEGER)))); $r->set_value("country_id", get_translation(get_db_value("SELECT country_name FROM " . $table_prefix . "countries WHERE country_id=" . $db->tosql($r->get_value("country_id"), INTEGER)))); $r->set_value("delivery_company_id", get_translation(get_db_value("SELECT company_name FROM " . $table_prefix . "companies WHERE company_id=" . $db->tosql($r->get_value("delivery_company_id"), INTEGER, true, false))));
} else { $r->change_property("subscribe", SHOW, false); } $r->get_form_values(); $r->set_value("user_type_id", $type_id); $r->set_value("type", $type_id); $r->set_value("registration_last_step", $registration_last_step); $r->set_value("registration_total_steps", $registration_total_steps); $r->set_value("is_sms_allowed", $group_sms_allowed); if ($r->parameter_exists("birth_date")) { //$r->change_property("birth_date", REQUIRED, false); if (!$r->is_empty("birth_month") || !$r->is_empty("birth_day") || !$r->is_empty("birth_year")) { $r->change_property("birth_month", REQUIRED, true); $r->change_property("birth_day", REQUIRED, true); $r->change_property("birth_year", REQUIRED, true); $birth_month = $r->get_value("birth_month"); $birth_day = $r->get_value("birth_day"); $birth_year = $r->get_value("birth_year"); if ($birth_month && $birth_day > 0 && $birth_day < 32 && $birth_year > 1900 && $birth_year < date("Y")) { $birth_date = $birth_year . "-" . $birth_month . "-" . $birth_day; $r->set_value("birth_date", $birth_date); } } } // get name if (!$user_email) { if ($r->parameter_exists("email")) { $user_email = $r->get_value("email"); } if (!$user_email && $r->parameter_exists("delivery_email")) { $user_email = $r->get_value("delivery_email");
$r->add_select("s_ci", TEXT, $countries); $r->add_select("s_category", TEXT, $categories); //Customization by Vital $r->add_select("s_si", TEXT, $states); $r->add_select("s_cct", TEXT, $credit_card_types); $r->add_select("s_ex", TEXT, $export_options); if ($sitelist) { $r->add_select("s_sti", TEXT, $sites); } $r->get_form_parameters(); $r->validate(); $where = ""; $product_search = false; if (!$r->errors) { if (!$r->is_empty("s_on")) { $s_on = $r->get_value("s_on"); if (preg_match("/^(\\d+)(,\\d+)*\$/", $s_on)) { $where = " (o.order_id IN (" . $s_on . ") "; $where .= " OR o.invoice_number=" . $db->tosql($s_on, TEXT); $where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") "; } else { $where .= " (o.invoice_number=" . $db->tosql($s_on, TEXT); $where .= " OR o.transaction_id=" . $db->tosql($s_on, TEXT) . ") "; } } if (!$r->is_empty("s_ne")) { if (strlen($where)) { $where .= " AND "; } $s_ne = $r->get_value("s_ne"); $s_ne_sql = $db->tosql($s_ne, TEXT, false);
$r->set_value("delivery_country_id", $country_id); } else { $r->set_value("country_id", $country_id); } if ($order_info["show_delivery_state_id"] == 1) { $r->set_value("delivery_state_id", $state_id); } else { $r->set_value("state_id", $state_id); } if ($order_info["show_delivery_zip"] == 1) { $r->set_value("delivery_zip", $postal_code); } else { $r->set_value("zip", $postal_code); } } $variables["user_id"] = $r->get_value("user_id"); $variables["tax_name"] = $tax_names; $variables["tax_percent"] = $tax_percent_sum; if ($delivery_errors) { $delivery_errors = str_replace("{country_name}", get_array_value($country_id, $countries), $delivery_errors); $sc_errors .= $delivery_errors; } // disable phone fields for SQL's disable_phone_codes(); if (strlen($operation)) { if ($is_update) { if ($total_shipping_types > 1 && !strlen($shipping_type_id)) { $r->errors .= REQUIRED_DELIVERY_MSG . "<br>"; } if ($r->get_value("same_as_personal")) { for ($i = 0; $i < sizeof($parameters); $i++) {
$action = get_param("action"); $user_id = get_session("session_user_id"); $site_url = get_setting_value($settings, "site_url", ""); $secure_user_profile = get_setting_value($settings, "secure_user_profile", 0); $return_page = $site_url . get_custom_friendly_url("user_home.php"); $errors = ""; $r->get_form_values(); if (strlen($action)) { if ($action == "cancel") { header("Location: " . $return_page); exit; } $r->validate(); $password_encrypt = get_setting_value($settings, "password_encrypt", 0); if (!$r->is_empty("current_password")) { $current_password = $r->get_value("current_password"); if ($password_encrypt == 1) { $password_match = md5($current_password); } else { $password_match = $current_password; } $sql = " SELECT password FROM " . $table_prefix . "users WHERE user_id=" . $db->tosql($user_id, INTEGER); $sql .= " AND password="******"{field_name}", $r->parameters["current_password"][CONTROL_DESC], INCORRECT_VALUE_MESSAGE); } } if (!strlen($r->errors)) { if ($password_encrypt) { $r->set_value("password", md5($r->get_value("password")));