[ Index ] |
PHP Cross Reference of osCMax 2.0.4 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 $Id: Order_Info_Process.php 3 2006-05-27 04:59:07Z user $ 4 by Richy C. 5 6 OSCommerce v2.2MS1 7 8 Modified versions of create_account.php and related 9 files. Allowing 'purchase without account'. 10 11 osCMax Power E-Commerce 12 http://oscdox.com 13 14 Copyright 2006 osCMax2005 osCMax, 2002 osCommerce 15 16 Released under the GNU General Public License 17 */ 18 19 // Most of this file is changed or moved to BTS - Basic Template System - format. 20 // For adding in contribution or modification - parts of this file has been moved to: catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change). 21 // catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change). 22 // (Sub 'fallback' with your current template to see if there is a template specific file.) 23 24 require ('includes/application_top.php'); 25 26 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CREATE_ACCOUNT); 27 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN); 28 29 define('FILENAME_ORDER_INFO', 'Order_Info.php'); 30 define('FILENAME_ORDER_INFO_PROCESS', 'Order_Info_Process.php'); 31 32 if ([email protected]$HTTP_POST_VARS['action']) { 33 tep_redirect(tep_href_link(FILENAME_ORDER_INFO, '', 'NONSSL')); 34 } 35 36 $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']); 37 $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']); 38 $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']); 39 if (ACCOUNT_DOB == 'true') $dob = tep_db_prepare_input($HTTP_POST_VARS['dob']); 40 $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); 41 $telephone = tep_db_prepare_input($HTTP_POST_VARS['telephone']); 42 $fax = tep_db_prepare_input($HTTP_POST_VARS['fax']); 43 $newsletter = tep_db_prepare_input($HTTP_POST_VARS['newsletter']); 44 // $password = tep_db_prepare_input($HTTP_POST_VARS['password']); 45 $password = tep_db_prepare_input(''); 46 $confirmation = tep_db_prepare_input($HTTP_POST_VARS['confirmation']); 47 $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']); 48 if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']); 49 if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']); 50 $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']); 51 $city = tep_db_prepare_input($HTTP_POST_VARS['city']); 52 // BOF: Bugfix 0000050 53 // $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']); 54 // $state = tep_db_prepare_input($HTTP_POST_VARS['state']); 55 if (ACCOUNT_STATE == 'true') { 56 $state = tep_db_prepare_input($HTTP_POST_VARS['state']); 57 if (isset($HTTP_POST_VARS['zone_id'])) { 58 $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']); 59 } else { 60 $zone_id = false; 61 } 62 } 63 // EOF: Bugfix 0000050 64 $country = tep_db_prepare_input($HTTP_POST_VARS['country']); 65 66 $error = false; // reset error flag 67 68 // +Country-State Selector 69 $refresh = false; 70 if (isset($HTTP_POST_VARS['action']) && (($HTTP_POST_VARS['action'] == 'process') || ($HTTP_POST_VARS['action'] == 'refresh'))) { 71 if ($HTTP_POST_VARS['action'] == 'process') $process = true; 72 if ($HTTP_POST_VARS['action'] == 'refresh') $refresh = true; 73 // -Country-State Selector 74 75 if (ACCOUNT_GENDER == 'true') { 76 if (($gender == 'm') || ($gender == 'f')) { 77 $entry_gender_error = false; 78 } else { 79 $error = true; 80 $entry_gender_error = true; 81 } 82 } 83 84 // +Country-State Selector 85 if ($process) { 86 // -Country-State Selector 87 $error = false; 88 89 if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) { 90 $error = true; 91 $entry_firstname_error = true; 92 } else { 93 $entry_firstname_error = false; 94 } 95 96 if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) { 97 $error = true; 98 $entry_lastname_error = true; 99 } else { 100 $entry_lastname_error = false; 101 } 102 103 if (ACCOUNT_DOB == 'true') { 104 if (checkdate(substr(tep_date_raw($dob), 4, 2), substr(tep_date_raw($dob), 6, 2), substr(tep_date_raw($dob), 0, 4))) { 105 $entry_date_of_birth_error = false; 106 } else { 107 $error = true; 108 $entry_date_of_birth_error = true; 109 } 110 } 111 112 if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) { 113 $error = true; 114 $entry_email_address_error = true; 115 } else { 116 $entry_email_address_error = false; 117 } 118 119 if (!tep_validate_email($email_address)) { 120 $error = true; 121 $entry_email_address_check_error = true; 122 } else { 123 $entry_email_address_check_error = false; 124 } 125 126 if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) { 127 $error = true; 128 $entry_street_address_error = true; 129 } else { 130 $entry_street_address_error = false; 131 } 132 133 if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) { 134 $error = true; 135 $entry_post_code_error = true; 136 } else { 137 $entry_post_code_error = false; 138 } 139 140 if (strlen($city) < ENTRY_CITY_MIN_LENGTH) { 141 $error = true; 142 $entry_city_error = true; 143 } else { 144 $entry_city_error = false; 145 } 146 147 if (!$country) { 148 $error = true; 149 $entry_country_error = true; 150 } else { 151 $entry_country_error = false; 152 } 153 154 if (ACCOUNT_STATE == 'true') { 155 // BOF: Bugfix 0000050 156 // BOF: MOD - Country-State Selector 157 /* $zones_array = array(); 158 $zones_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = " . $country . " order by zone_name"); 159 while ($zones_values = tep_db_fetch_array($zones_query)) { 160 $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']); 161 } 162 if (count($zones_array) > 0) { 163 echo tep_draw_pull_down_menu('state', $zones_array); 164 } else { 165 echo tep_draw_input_field('state'); 166 } 167 } 168 */ 169 // EOF: MOD - Country-State Selector 170 $zone_id = 0; 171 $check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'"); 172 $check = tep_db_fetch_array($check_query); 173 $entry_state_has_zones = ($check['total'] > 0); 174 if ($entry_state_has_zones == true) { 175 $zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')"); 176 if (tep_db_num_rows($zone_query) == 1) { 177 $zone = tep_db_fetch_array($zone_query); 178 $zone_id = $zone['zone_id']; 179 } else { 180 $error = true; 181 $messageStack->add('create_account', ENTRY_STATE_ERROR_SELECT); 182 } 183 } else { 184 if (strlen($state) < ENTRY_STATE_MIN_LENGTH) { 185 $error = true; 186 $messageStack->add('create_account', ENTRY_STATE_ERROR); 187 } 188 } 189 // EOF: Bugfix 0000050 190 } 191 192 if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) { 193 $error = true; 194 $entry_telephone_error = true; 195 } else { 196 $entry_telephone_error = false; 197 } 198 199 /* 200 $passlen = strlen($password); 201 if ($passlen < ENTRY_PASSWORD_MIN_LENGTH) { 202 $error = true; 203 $entry_password_error = true; 204 } else { 205 $entry_password_error = false; 206 } 207 208 if ($password != $confirmation) { 209 $error = true; 210 $entry_password_error = true; 211 } 212 */ 213 214 $entry_password_error = false; 215 /* 216 $check_email = tep_db_query("select customers_email_address from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' and customers_id <> '" . tep_db_input($customer_id) . "'"); 217 if (tep_db_num_rows($check_email)) { 218 $error = true; 219 $entry_email_address_exists = true; 220 } else { 221 $entry_email_address_exists = false; 222 } 223 */ 224 225 $entry_email_address_exists = false; 226 227 if ($error == true) { 228 $processed = true; 229 230 $breadcrumb->add(NAV_ORDER_INFO, tep_href_link(FILENAME_ORDER_INFO, '', 'NONSSL')); 231 // DDB - 040622 - no need $breadcrumb->add(NAVBAR_TITLE_2); 232 $content = Order_Info_Process; 233 } else { 234 235 // PWA 0.70 : SELECT using new method of determining a customer has purchased without account: 236 $check_customer_query = tep_db_query("select customers_id, purchased_without_account, 237 customers_firstname, customers_password, customers_email_address, 238 customers_default_address_id from " . TABLE_CUSTOMERS . " 239 where upper(customers_email_address) = '" . strtoupper($HTTP_POST_VARS['email_address']) . "' and 240 upper(customers_firstname) = '" . strtoupper($HTTP_POST_VARS['firstname']) . "' and 241 upper(customers_lastname) = '" . strtoupper($HTTP_POST_VARS['lastname']) . "'"); 242 243 // if password is EMPTY (null) and e-mail address is same then we just load up their account information. 244 // could be security flaw -- might want to setup password = somestring and have it recheck here (during the first initial 245 // creation 246 247 $check_customer = tep_db_fetch_array($check_customer_query); 248 249 if (tep_db_num_rows($check_customer_query)) { 250 251 // PWA 0.70 added this for backwards compatibility with older versions of PWA 252 // that made a blank password, causing logins to fail: 253 if(!$check_customer['purchased_without_account']) { 254 list($md5hash, $salt) = explode(':',$check_customer['customers_password']); 255 if(md5($salt) == $md5hash) { 256 // password was blank; customer purchased without account using a previous version of PWA code 257 $check_customer['purchased_without_account'] = 1; 258 } 259 } 260 261 if ($check_customer['purchased_without_account'] != 1) { 262 // Customer found and has account - make them log in. 263 tep_redirect(tep_href_link(FILENAME_LOGIN, 264 'login=fail&reason=' . urlencode( 265 str_replace('{EMAIL_ADDRESS}',$check_customer['customers_email_address'],PWA_FAIL_ACCOUNT_EXISTS)), 'SSL')); 266 } else { 267 // Customer found but no account - fetch their details. 268 269 $customer_id = $check_customer['customers_id']; 270 // now get latest address book entry: 271 $get_default_address = tep_db_query("select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " 272 where customers_id = '" . $customer_id . "' ORDER BY address_book_id DESC LIMIT 1"); 273 $default_address = tep_db_fetch_array($get_default_address); 274 $customer_default_address_id = $default_address['address_book_id']; 275 $customer_first_name = $check_customer['customers_firstname']; 276 $customer_country_id = $default_address['entry_country_id']; 277 $customer_zone_id = $default_address['entry_zone_id']; 278 tep_session_register('customer_id'); 279 tep_session_register('customer_default_address_id'); 280 tep_session_register('customer_first_name'); 281 tep_session_register('customer_country_id'); 282 tep_session_register('customer_zone_id'); 283 // PWA 0.71 update returning customer's address book: 284 $customer_update = array('customers_firstname' => $firstname, 285 'customers_lastname' => $lastname, 286 'customers_telephone' => $telephone, 287 'customers_fax' => $fax); 288 if (ACCOUNT_GENDER == 'true') $customer_update['customers_gender'] = $gender; 289 tep_db_perform(TABLE_CUSTOMERS, $customer_update, 'update', "customers_id = '".$customer_id."'"); 290 291 $address_book_update = array('customers_id' => $customer_id, 292 'entry_firstname' => $firstname, 293 'entry_lastname' => $lastname, 294 'entry_street_address' => $street_address, 295 'entry_postcode' => $postcode, 296 'entry_city' => $city, 297 'entry_country_id' => $country); 298 if (ACCOUNT_GENDER == 'true') $address_book_update['entry_gender'] = $gender; 299 if (ACCOUNT_COMPANY == 'true') $address_book_update['entry_company'] = $company; 300 if (ACCOUNT_SUBURB == 'true') $address_book_update['entry_suburb'] = $suburb; 301 if (ACCOUNT_STATE == 'true') { 302 if ($zone_id > 0) { 303 $address_book_update['entry_zone_id'] = $zone_id; 304 $address_book_update['entry_state'] = ''; 305 } else { 306 $address_book_update['entry_zone_id'] = '0'; 307 $address_book_update['entry_state'] = $state; 308 } 309 } 310 311 tep_db_perform(TABLE_ADDRESS_BOOK, $address_book_update, 'update', "address_book_id = '".$customer_default_address_id."'"); 312 } // if-else $pass_ok 313 314 if ($HTTP_POST_VARS['setcookie'] == '1') { 315 setcookie('email_address', $HTTP_POST_VARS['email_address'], time()+2592000); 316 setcookie('password', $HTTP_POST_VARS['password'], time()+2592000); 317 setcookie('first_name', $customer_first_name, time()+2592000); 318 } elseif ( ($HTTP_COOKIE_VARS['email_address']) && ($HTTP_COOKIE_VARS['password']) ) { 319 setcookie('email_address', ''); 320 setcookie('password', ''); 321 setcookie('first_name', ''); 322 } // if cookies 323 324 $date_now = date('Ymd'); 325 tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), 326 customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'"); 327 328 } else { 329 // if customer_exist = NO 330 331 // PWA 0.70 : new way of determining a customer purchased without an account : just say so! 332 $sql_data_array = array('purchased_without_account' => 1, 333 'customers_firstname' => $firstname, 334 'customers_lastname' => $lastname, 335 'customers_email_address' => $email_address, 336 'customers_telephone' => $telephone, 337 'customers_fax' => $fax, 338 'customers_newsletter' => $newsletter, 339 'customers_password' => tep_encrypt_password($password)); 340 // 'customers_default_address_id' => 1); 341 342 if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender; 343 if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = tep_date_raw($dob); 344 345 tep_db_perform(TABLE_CUSTOMERS, $sql_data_array); 346 347 $customer_id = tep_db_insert_id(); 348 349 $sql_data_array = array('customers_id' => $customer_id, 350 'address_book_id' => $address_id, 351 'entry_firstname' => $firstname, 352 'entry_lastname' => $lastname, 353 'entry_street_address' => $street_address, 354 'entry_postcode' => $postcode, 355 'entry_city' => $city, 356 'entry_country_id' => $country); 357 358 if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender; 359 if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company; 360 if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb; 361 if (ACCOUNT_STATE == 'true') { 362 if ($zone_id > 0) { 363 $sql_data_array['entry_zone_id'] = $zone_id; 364 $sql_data_array['entry_state'] = ''; 365 } else { 366 $sql_data_array['entry_zone_id'] = '0'; 367 $sql_data_array['entry_state'] = $state; 368 } 369 } 370 371 tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); 372 $address_id = tep_db_insert_id(); 373 374 tep_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int)$address_id . "' where customers_id = '" . (int)$customer_id . "'"); 375 376 tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int)$customer_id . "', '0', now())"); 377 // tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . tep_db_input($customer_id) . "', '0', now())"); 378 379 $customer_first_name = $firstname; 380 $customer_default_address_id = $address_id; 381 $customer_country_id = $country; 382 $customer_zone_id = $zone_id; 383 tep_session_register('customer_id'); 384 tep_session_register('customer_first_name'); 385 tep_session_register('customer_default_address_id'); 386 tep_session_register('customer_country_id'); 387 tep_session_register('customer_zone_id'); 388 389 } // ELSE CUSTOMER=NO 390 391 // restore cart contents 392 $cart->restore_contents(); 393 394 // build the message content 395 // DDB - 040622 - no mail will be sent 396 // $name = $firstname . " " . $lastname; 397 // 398 // if (ACCOUNT_GENDER == 'true') { 399 // if ($HTTP_POST_VARS['gender'] == 'm') { 400 // $email_text = EMAIL_GREET_MR; 401 // } else { 402 // $email_text = EMAIL_GREET_MS; 403 // } 404 // } else { 405 // $email_text = EMAIL_GREET_NONE; 406 // } 407 // 408 // $email_text .= EMAIL_WELCOME . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_WARNING; 409 // tep_mail($name, $email_address, EMAIL_SUBJECT, nl2br($email_text), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, ''); 410 411 // tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL')); 412 413 tep_session_register('noaccount'); 414 415 tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); 416 417 } 418 419 // BOF: MOD - Country-State Selector 420 } 421 if ($HTTP_POST_VARS['action'] == 'refresh') {$state = '';} 422 if (!isset($country)){$country = DEFAULT_COUNTRY;} 423 // EOF: MOD - Country-State Selector 424 } 425 $content = Order_Info; 426 include (bts_select('main', $content_template)); // BTSv1.5 427 require (DIR_WS_INCLUDES . 'application_bottom.php'); 428 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Fri Jan 1 13:43:16 2010 | Cross-referenced by PHPXref 0.7 |