[ Index ]

PHP Cross Reference of osCMax 2.0.4

title

Body

[close]

/ -> Order_Info_Process.php (source)

   1  <?php
   2  /*

   3  $Id: Order_Info_Process.php 3 2006-05-27 04:59:07Z user $

   4    by Richy C.

   5  

   6          OSCommerce v2.2MS1

   7  

   8     Modified versions of create_account.php and related

   9    files.  Allowing 'purchase without account'.

  10  

  11    osCMax Power E-Commerce

  12    http://oscdox.com

  13  

  14    Copyright 2006 osCMax2005 osCMax, 2002 osCommerce

  15  

  16    Released under the GNU General Public License

  17  */
  18  
  19  // Most of this file is changed or moved to BTS - Basic Template System - format.

  20  // For adding in contribution or modification - parts of this file has been moved to: catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).

  21  //       catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).

  22  // (Sub 'fallback' with your current template to see if there is a template specific file.)

  23  
  24    require ('includes/application_top.php');
  25  
  26    require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CREATE_ACCOUNT);
  27    require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);
  28  
  29    define('FILENAME_ORDER_INFO', 'Order_Info.php');
  30    define('FILENAME_ORDER_INFO_PROCESS', 'Order_Info_Process.php');
  31  
  32    if ([email protected]$HTTP_POST_VARS['action']) {
  33      tep_redirect(tep_href_link(FILENAME_ORDER_INFO, '', 'NONSSL'));
  34    }
  35  
  36    $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']);
  37    $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
  38    $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']);
  39    if (ACCOUNT_DOB == 'true') $dob = tep_db_prepare_input($HTTP_POST_VARS['dob']);
  40    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
  41    $telephone = tep_db_prepare_input($HTTP_POST_VARS['telephone']);
  42    $fax = tep_db_prepare_input($HTTP_POST_VARS['fax']);
  43    $newsletter = tep_db_prepare_input($HTTP_POST_VARS['newsletter']);
  44  //  $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

  45          $password = tep_db_prepare_input('');
  46    $confirmation = tep_db_prepare_input($HTTP_POST_VARS['confirmation']);
  47    $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']);
  48    if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']);
  49    if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']);
  50    $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']);
  51    $city = tep_db_prepare_input($HTTP_POST_VARS['city']);
  52  // BOF: Bugfix 0000050

  53  // $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']);

  54  // $state = tep_db_prepare_input($HTTP_POST_VARS['state']);

  55    if (ACCOUNT_STATE == 'true') {
  56      $state = tep_db_prepare_input($HTTP_POST_VARS['state']);
  57      if (isset($HTTP_POST_VARS['zone_id'])) {
  58        $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']);
  59      } else {
  60        $zone_id = false;
  61      }
  62    }
  63  // EOF: Bugfix 0000050

  64    $country = tep_db_prepare_input($HTTP_POST_VARS['country']);
  65  
  66    $error = false; // reset error flag

  67  
  68      // +Country-State Selector

  69    $refresh = false;
  70    if (isset($HTTP_POST_VARS['action']) && (($HTTP_POST_VARS['action'] == 'process') || ($HTTP_POST_VARS['action'] == 'refresh'))) {
  71      if ($HTTP_POST_VARS['action'] == 'process')  $process = true;
  72      if ($HTTP_POST_VARS['action'] == 'refresh') $refresh = true;
  73    // -Country-State Selector

  74  
  75    if (ACCOUNT_GENDER == 'true') {
  76      if (($gender == 'm') || ($gender == 'f')) {
  77        $entry_gender_error = false;
  78      } else {
  79        $error = true;
  80        $entry_gender_error = true;
  81      }
  82    }
  83  
  84        // +Country-State Selector

  85      if ($process) {
  86      // -Country-State Selector

  87      $error = false;
  88  
  89    if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
  90      $error = true;
  91      $entry_firstname_error = true;
  92    } else {
  93      $entry_firstname_error = false;
  94    }
  95  
  96    if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
  97      $error = true;
  98      $entry_lastname_error = true;
  99    } else {
 100      $entry_lastname_error = false;
 101    }
 102  
 103    if (ACCOUNT_DOB == 'true') {
 104      if (checkdate(substr(tep_date_raw($dob), 4, 2), substr(tep_date_raw($dob), 6, 2), substr(tep_date_raw($dob), 0, 4))) {
 105        $entry_date_of_birth_error = false;
 106      } else {
 107        $error = true;
 108        $entry_date_of_birth_error = true;
 109      }
 110    }
 111  
 112    if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
 113      $error = true;
 114      $entry_email_address_error = true;
 115    } else {
 116      $entry_email_address_error = false;
 117    }
 118  
 119    if (!tep_validate_email($email_address)) {
 120      $error = true;
 121      $entry_email_address_check_error = true;
 122    } else {
 123      $entry_email_address_check_error = false;
 124    }
 125  
 126    if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
 127      $error = true;
 128      $entry_street_address_error = true;
 129    } else {
 130      $entry_street_address_error = false;
 131    }
 132  
 133    if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
 134      $error = true;
 135      $entry_post_code_error = true;
 136    } else {
 137      $entry_post_code_error = false;
 138    }
 139  
 140    if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
 141      $error = true;
 142      $entry_city_error = true;
 143    } else {
 144      $entry_city_error = false;
 145    }
 146  
 147    if (!$country) {
 148      $error = true;
 149      $entry_country_error = true;
 150    } else {
 151      $entry_country_error = false;
 152    }
 153  
 154    if (ACCOUNT_STATE == 'true') {
 155  // BOF: Bugfix 0000050

 156  // BOF: MOD - Country-State Selector

 157  /*  $zones_array = array();

 158      $zones_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = " . $country . " order by zone_name");

 159      while ($zones_values = tep_db_fetch_array($zones_query)) {

 160        $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']);

 161      }

 162        if (count($zones_array) > 0) {

 163        echo tep_draw_pull_down_menu('state', $zones_array);

 164            } else {

 165              echo tep_draw_input_field('state');

 166            }

 167      }

 168  */
 169  // EOF: MOD - Country-State Selector

 170      $zone_id = 0;
 171      $check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'");
 172      $check = tep_db_fetch_array($check_query);
 173      $entry_state_has_zones = ($check['total'] > 0);
 174      if ($entry_state_has_zones == true) {
 175        $zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')");
 176        if (tep_db_num_rows($zone_query) == 1) {
 177          $zone = tep_db_fetch_array($zone_query);
 178          $zone_id = $zone['zone_id'];
 179        } else {
 180          $error = true;
 181          $messageStack->add('create_account', ENTRY_STATE_ERROR_SELECT);
 182         }
 183      } else {
 184        if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
 185          $error = true;
 186          $messageStack->add('create_account', ENTRY_STATE_ERROR);
 187        }
 188      }
 189  // EOF: Bugfix 0000050

 190    }
 191  
 192    if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
 193      $error = true;
 194      $entry_telephone_error = true;
 195    } else {
 196      $entry_telephone_error = false;
 197    }
 198  
 199  /*

 200    $passlen = strlen($password);

 201    if ($passlen < ENTRY_PASSWORD_MIN_LENGTH) {

 202      $error = true;

 203      $entry_password_error = true;

 204    } else {

 205      $entry_password_error = false;

 206    }

 207  

 208    if ($password != $confirmation) {

 209      $error = true;

 210      $entry_password_error = true;

 211    }

 212  */
 213  
 214      $entry_password_error = false;
 215  /*

 216    $check_email = tep_db_query("select customers_email_address from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' and customers_id <> '" . tep_db_input($customer_id) . "'");

 217    if (tep_db_num_rows($check_email)) {

 218      $error = true;

 219      $entry_email_address_exists = true;

 220    } else {

 221      $entry_email_address_exists = false;

 222    }

 223  */
 224  
 225      $entry_email_address_exists = false;
 226  
 227    if ($error == true) {
 228      $processed = true;
 229  
 230      $breadcrumb->add(NAV_ORDER_INFO, tep_href_link(FILENAME_ORDER_INFO, '', 'NONSSL'));
 231  // DDB - 040622 - no need    $breadcrumb->add(NAVBAR_TITLE_2);

 232  $content = Order_Info_Process;
 233    } else {
 234  
 235          // PWA 0.70 : SELECT using new method of determining a customer has purchased without account:

 236      $check_customer_query = tep_db_query("select customers_id, purchased_without_account,
 237              customers_firstname, customers_password, customers_email_address,
 238              customers_default_address_id from " . TABLE_CUSTOMERS . "
 239              where upper(customers_email_address) = '" . strtoupper($HTTP_POST_VARS['email_address']) . "' and
 240          upper(customers_firstname) = '" . strtoupper($HTTP_POST_VARS['firstname']) . "' and
 241          upper(customers_lastname) = '" . strtoupper($HTTP_POST_VARS['lastname']) . "'");
 242  
 243  // if password is EMPTY (null) and e-mail address is same then we just load up their account information.

 244  // could be security flaw -- might want to setup password = somestring and have it recheck here (during the first initial

 245  // creation

 246  
 247      $check_customer = tep_db_fetch_array($check_customer_query);
 248      
 249      if (tep_db_num_rows($check_customer_query)) {
 250  
 251        // PWA 0.70 added this for backwards compatibility with older versions of PWA

 252        // that made a blank password, causing logins to fail:

 253        if(!$check_customer['purchased_without_account']) {
 254          list($md5hash, $salt) = explode(':',$check_customer['customers_password']);
 255          if(md5($salt) == $md5hash) {
 256            // password was blank; customer purchased without account using a previous version of PWA code

 257            $check_customer['purchased_without_account'] = 1;
 258          }
 259        }
 260  
 261        if ($check_customer['purchased_without_account'] != 1) {
 262          // Customer found and has account - make them log in.

 263          tep_redirect(tep_href_link(FILENAME_LOGIN, 
 264            'login=fail&reason=' . urlencode(
 265            str_replace('{EMAIL_ADDRESS}',$check_customer['customers_email_address'],PWA_FAIL_ACCOUNT_EXISTS)), 'SSL'));
 266        } else {
 267          // Customer found but no account - fetch their details.

 268          
 269          $customer_id = $check_customer['customers_id'];
 270          // now get latest address book entry:

 271          $get_default_address = tep_db_query("select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . "
 272            where customers_id = '" . $customer_id . "' ORDER BY address_book_id DESC LIMIT 1");
 273          $default_address = tep_db_fetch_array($get_default_address);
 274          $customer_default_address_id = $default_address['address_book_id'];
 275          $customer_first_name = $check_customer['customers_firstname'];
 276          $customer_country_id = $default_address['entry_country_id'];
 277          $customer_zone_id = $default_address['entry_zone_id'];
 278          tep_session_register('customer_id');
 279          tep_session_register('customer_default_address_id');
 280          tep_session_register('customer_first_name');
 281          tep_session_register('customer_country_id');
 282          tep_session_register('customer_zone_id');
 283          // PWA 0.71 update returning customer's address book:

 284          $customer_update = array('customers_firstname' => $firstname,
 285            'customers_lastname' => $lastname,
 286            'customers_telephone' => $telephone,
 287            'customers_fax' => $fax);
 288          if (ACCOUNT_GENDER == 'true') $customer_update['customers_gender'] = $gender;
 289          tep_db_perform(TABLE_CUSTOMERS, $customer_update, 'update', "customers_id = '".$customer_id."'");
 290     
 291          $address_book_update = array('customers_id' => $customer_id,
 292            'entry_firstname' => $firstname,
 293            'entry_lastname' => $lastname,
 294            'entry_street_address' => $street_address,
 295            'entry_postcode' => $postcode,
 296            'entry_city' => $city,
 297            'entry_country_id' => $country);
 298          if (ACCOUNT_GENDER == 'true') $address_book_update['entry_gender'] = $gender;
 299          if (ACCOUNT_COMPANY == 'true') $address_book_update['entry_company'] = $company;
 300          if (ACCOUNT_SUBURB == 'true') $address_book_update['entry_suburb'] = $suburb;
 301          if (ACCOUNT_STATE == 'true') {
 302            if ($zone_id > 0) {
 303              $address_book_update['entry_zone_id'] = $zone_id;
 304              $address_book_update['entry_state'] = '';
 305            } else {
 306              $address_book_update['entry_zone_id'] = '0';
 307              $address_book_update['entry_state'] = $state;
 308            }
 309          }
 310          
 311          tep_db_perform(TABLE_ADDRESS_BOOK, $address_book_update, 'update', "address_book_id = '".$customer_default_address_id."'");
 312        } // if-else $pass_ok

 313    
 314        if ($HTTP_POST_VARS['setcookie'] == '1') {
 315          setcookie('email_address', $HTTP_POST_VARS['email_address'], time()+2592000);
 316          setcookie('password', $HTTP_POST_VARS['password'], time()+2592000);
 317          setcookie('first_name', $customer_first_name, time()+2592000);
 318        } elseif ( ($HTTP_COOKIE_VARS['email_address']) && ($HTTP_COOKIE_VARS['password']) ) {
 319          setcookie('email_address', '');
 320          setcookie('password', '');
 321          setcookie('first_name', '');
 322        } // if cookies

 323  
 324        $date_now = date('Ymd');
 325        tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(),
 326          customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'");
 327  
 328        } else {
 329        // if customer_exist = NO

 330  
 331      // PWA 0.70 : new way of determining a customer purchased without an account : just say so!

 332      $sql_data_array = array('purchased_without_account' => 1,
 333                              'customers_firstname' => $firstname,
 334                              'customers_lastname' => $lastname,
 335                              'customers_email_address' => $email_address,
 336                              'customers_telephone' => $telephone,
 337                              'customers_fax' => $fax,
 338                              'customers_newsletter' => $newsletter,
 339                              'customers_password' => tep_encrypt_password($password));
 340  //                          'customers_default_address_id' => 1);

 341  
 342      if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;
 343      if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = tep_date_raw($dob);
 344  
 345      tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);
 346  
 347      $customer_id = tep_db_insert_id();
 348  
 349      $sql_data_array = array('customers_id' => $customer_id,
 350                              'address_book_id' => $address_id,
 351                              'entry_firstname' => $firstname,
 352                              'entry_lastname' => $lastname,
 353                              'entry_street_address' => $street_address,
 354                              'entry_postcode' => $postcode,
 355                              'entry_city' => $city,
 356                              'entry_country_id' => $country);
 357  
 358      if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender;
 359      if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company;
 360      if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb;
 361      if (ACCOUNT_STATE == 'true') {
 362        if ($zone_id > 0) {
 363          $sql_data_array['entry_zone_id'] = $zone_id;
 364          $sql_data_array['entry_state'] = '';
 365        } else {
 366          $sql_data_array['entry_zone_id'] = '0';
 367          $sql_data_array['entry_state'] = $state;
 368        }
 369      }
 370  
 371      tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
 372        $address_id = tep_db_insert_id();
 373  
 374        tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int)$address_id . "' where customers_id = '" . (int)$customer_id . "'");
 375  
 376        tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int)$customer_id . "', '0', now())");
 377  //    tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . tep_db_input($customer_id) . "', '0', now())");

 378  
 379      $customer_first_name = $firstname;
 380      $customer_default_address_id = $address_id;
 381      $customer_country_id = $country;
 382      $customer_zone_id = $zone_id;
 383      tep_session_register('customer_id');
 384      tep_session_register('customer_first_name');
 385      tep_session_register('customer_default_address_id');
 386      tep_session_register('customer_country_id');
 387      tep_session_register('customer_zone_id');
 388  
 389      } // ELSE CUSTOMER=NO

 390  
 391  // restore cart contents

 392      $cart->restore_contents();
 393  
 394      // build the message content

 395  // DDB - 040622 - no mail will be sent

 396  //    $name = $firstname . " " . $lastname;

 397  //

 398  //    if (ACCOUNT_GENDER == 'true') {

 399  //       if ($HTTP_POST_VARS['gender'] == 'm') {

 400  //         $email_text = EMAIL_GREET_MR;

 401  //       } else {

 402  //         $email_text = EMAIL_GREET_MS;

 403  //       }

 404  //    } else {

 405  //      $email_text = EMAIL_GREET_NONE;

 406  //    }

 407  //

 408  //    $email_text .= EMAIL_WELCOME . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_WARNING;

 409  //    tep_mail($name, $email_address, EMAIL_SUBJECT, nl2br($email_text), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');

 410  
 411  //    tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL'));

 412  
 413      tep_session_register('noaccount');
 414  
 415      tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
 416  
 417    }
 418  
 419  // BOF: MOD - Country-State Selector

 420   }
 421  if ($HTTP_POST_VARS['action'] == 'refresh') {$state = '';}
 422  if (!isset($country)){$country = DEFAULT_COUNTRY;}
 423  // EOF: MOD - Country-State Selector

 424  }
 425    $content = Order_Info;
 426    include (bts_select('main', $content_template)); // BTSv1.5

 427    require (DIR_WS_INCLUDES . 'application_bottom.php');
 428  ?>


Generated: Fri Jan 1 13:43:16 2010 Cross-referenced by PHPXref 0.7