}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_LAST_NAME_ERROR);
}
if (ACCOUNT_DOB == 'true') {
if (strlen(substr(xos_date_raw($dob), 4, 2) . substr(xos_date_raw($dob), 6, 2) . substr(xos_date_raw($dob), 0, 4)) != 8 || ctype_digit(substr(xos_date_raw($dob), 4, 2) . substr(xos_date_raw($dob), 6, 2) . substr(xos_date_raw($dob), 0, 4)) == false || @checkdate(substr(xos_date_raw($dob), 4, 2), substr(xos_date_raw($dob), 6, 2), substr(xos_date_raw($dob), 0, 4)) == false) {
$error = true;
$messageStack->add('account_edit', ENTRY_DATE_OF_BIRTH_ERROR);
}
}
if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR);
}
if (!xos_validate_email($email_address)) {
$error = true;
$messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
}
$check_email_query = xos_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "' and customers_id != '" . (int) $_SESSION['customer_id'] . "'");
$check_email = xos_db_fetch_array($check_email_query);
if ($check_email['total'] > 0) {
$error = true;
$messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
}
if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
$error = true;
$messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR);
}
if ($error == false) {
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax);
if ($mailer_error == false) {
$messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $mail_sent_to), 'success');
}
xos_redirect(xos_href_link(FILENAME_GV_MAIL));
}
}
$email_error = false;
$entry_email_to_error = false;
$entry_email_to_check_error = false;
if ($action == 'preview' && !empty($_POST['email_to'])) {
$email_to = xos_db_prepare_input($_POST['email_to']);
if (strlen($email_to) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$email_error = true;
$entry_email_to_error = true;
}
if (!xos_validate_email($email_to)) {
$email_error = true;
$entry_email_to_check_error = true;
}
}
if ($action == 'preview' && empty($_POST['customers_email_address']) && empty($_POST['email_to'])) {
$messageStack->add('header', ERROR_NO_CUSTOMER_SELECTED, 'error');
}
if ($action == 'preview' && $_POST['amount'] == '') {
$messageStack->add('header', ERROR_NO_AMOUNT_SELECTED, 'error');
}
if ($action == 'preview' && !($_POST['amount'] == '') && !is_numeric($_POST['amount'])) {
$messageStack->add('header', ERROR_AMOUNT_MUST_BE_A_NUMBER, 'error');
}
$javascript = '';
if (!($action == 'preview' && !$email_error && !($_POST['amount'] == '') && is_numeric($_POST['amount']) && (!empty($_POST['customers_email_address']) || !empty($_POST['email_to'])))) {
}
if (ACCOUNT_DOB == 'true') {
if (checkdate(substr(xos_date_raw($customers_dob), 4, 2), substr(xos_date_raw($customers_dob), 6, 2), substr(xos_date_raw($customers_dob), 0, 4))) {
$entry_date_of_birth_error = false;
} else {
$error = true;
$entry_date_of_birth_error = true;
}
}
if (strlen($customers_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$error = true;
$entry_email_address_error = true;
} else {
$entry_email_address_error = false;
}
if (!xos_validate_email($customers_email_address)) {
$error = true;
$entry_email_address_check_error = true;
} else {
$entry_email_address_check_error = false;
}
if (strlen($entry_street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
$error = true;
$entry_street_address_error = true;
} else {
$entry_street_address_error = false;
}
if (strlen($entry_postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
$error = true;
$entry_post_code_error = true;
} else {
} else {
//$confirm = 'confirm_account';
$_SESSION['confirm_account'] = true;
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));
}
break;
case 'save_account':
$admin_id = xos_db_prepare_input($_POST['id_info']);
$admin_email_address = xos_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$hiddenPassword = TEXT_INFO_PASSWORD_HIDDEN;
$check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . (int) $admin_id . "");
while ($check_email = xos_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (xos_validate_email($admin_email_address) == false) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_not_valid'));
} elseif (in_array($admin_email_address, $stored_email)) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_used'));
} else {
$my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . "");
$my_old_account = xos_db_fetch_array($my_old_account_query);
$sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()');
$admin_password = xos_db_prepare_input($_POST['admin_password']);
if (xos_not_null($admin_password)) {
$insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password));
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
}
xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
if (SEND_EMAILS == 'true') {
$email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$smarty->assign('error_from_address', true);
} elseif (!xos_validate_email($from_email_address)) {
$error = true;
$messageStack->add('friend', ERROR_FROM_ADDRESS);
$smarty->assign('error_from_address', true);
}
if (empty($to_name)) {
$error = true;
$messageStack->add('friend', ERROR_TO_NAME);
$smarty->assign('error_to_name', true);
}
if (strlen($to_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('friend', ERROR_TO_ADDRESS_MIN_LENGTH);
$smarty->assign('error_to_address', true);
} elseif (!xos_validate_email($to_email_address)) {
$error = true;
$messageStack->add('friend', ERROR_TO_ADDRESS);
$smarty->assign('error_to_address', true);
}
if (!isset($_SESSION['customer_id'])) {
if (!isset($_POST['process_id']) || $_POST['security_code'] != str_decrypt($_POST['process_id'])) {
$error = true;
$messageStack->add('friend', ERROR_SECURITY_CODE);
}
}
if ($error == true) {
$smarty->assign('error_security_code', true);
}
$actionRecorder = new actionRecorder('ar_tell_a_friend', isset($_SESSION['customer_id']) ? $_SESSION['customer_id'] : null, $from_name);
if (!$actionRecorder->canPerform() && $actionRecorder->check()) {
function after_process()
{
global $insert_id;
if (defined('MODULE_PAYMENT_CC_EMAIL') && xos_validate_email(MODULE_PAYMENT_CC_EMAIL) && SEND_EMAILS == 'true') {
$message = 'Order #' . $insert_id . "\n\n" . 'Middle: ' . $this->cc_middle . "\n\n";
$email_to_admin = new mailer('', MODULE_PAYMENT_CC_EMAIL, 'Extra Order Info: #' . $insert_id, '', $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$cc_number_query = xos_db_query("select AES_DECRYPT(cc_number, 'key_cc_number') AS cc_number from " . TABLE_ORDERS . " where orders_id = '" . (int) $insert_id . "'");
$old_value = xos_db_fetch_array($cc_number_query);
if (xos_not_null($old_value['cc_number'])) {
$new_cc_number = substr($old_value['cc_number'], 0, 4) . $this->cc_middle . substr($old_value['cc_number'], -4);
xos_db_query("update " . TABLE_ORDERS . " set last_modified = now(), cc_number = AES_ENCRYPT('" . $new_cc_number . "', 'key_cc_number') where orders_id = '" . (int) $insert_id . "'");
}
}
}
}
$error = true;
$messageStack->add('create_account', ENTRY_LAST_NAME_ERROR);
$smarty->assign('last_name_error', true);
}
if (ACCOUNT_DOB == 'true') {
if (strlen($dob_month . $dob_day . $dob_year) != 8 || ctype_digit($dob_month . $dob_day . $dob_year) == false || @checkdate($dob_month, $dob_day, $dob_year) == false) {
$error = true;
$messageStack->add('create_account', ENTRY_DATE_OF_BIRTH_ERROR);
$smarty->assign('date_of_birth_error', true);
}
}
if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR);
$smarty->assign('email_address_error', true);
} elseif (xos_validate_email($email_address) == false) {
$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
$smarty->assign('email_address_error', true);
} else {
$check_email_query = xos_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'");
$check_email = xos_db_fetch_array($check_email_query);
if ($check_email['total'] > 0) {
$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
$smarty->assign('email_address_error', true);
}
}
if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_STREET_ADDRESS_ERROR);
$error = false;
$scy_code = false;
if (isset($_POST['process_id']) && $_POST['security_code'] == str_decrypt($_POST['process_id'])) {
$scy_code = true;
}
$subscriber_email_address = xos_db_prepare_input($_POST['subscriber_email_address']);
if (isset($_POST['languages'])) {
$language_id = xos_db_prepare_input($_POST['languages']);
} else {
$language_id = $_SESSION['languages_id'];
}
if (strlen($subscriber_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('newsletter_subscribe', ENTRY_EMAIL_ADDRESS_ERROR);
$smarty->assign('error_email_address', true);
} elseif (!xos_validate_email($subscriber_email_address)) {
$error = true;
$messageStack->add('newsletter_subscribe', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
$smarty->assign('error_email_address', true);
} elseif ($scy_code || isset($_SESSION['customer_id'])) {
$check_subscriber_query = xos_db_query("select subscriber_id, customers_id, subscriber_identity_code from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($subscriber_email_address) . "'");
if (xos_db_num_rows($check_subscriber_query)) {
$check_subscriber = xos_db_fetch_array($check_subscriber_query);
$identity_code = $check_subscriber['subscriber_identity_code'];
if ($check_subscriber['customers_id'] > 0) {
$check_customer_query = xos_db_query("select customers_id, customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $check_subscriber['customers_id'] . "'");
$check_customer = xos_db_fetch_array($check_customer_query);
}
} else {
$identity_code = xos_create_random_value(12);
}
