Ok - I found a problem with the register.php mods - the "hear" field is not updated when the user or admin modifies the profile. I fixed this.
Code:
<?
/*****************************************************************************\
+-----------------------------------------------------------------------------+
| X-Cart |
| Copyright (c) 2001-2002 Ruslan R. Fazliev. All rights reserved. |
+-----------------------------------------------------------------------------+
| The Ruslan R. Fazliev forbids, under any circumstances, the unauthorized |
| reproduction of software or use of illegally obtained software. Making |
| illegal copies of software is prohibited. Individuals who violate copyright |
| law and software licensing agreements may be subject to criminal or civil |
| action by the owner of the copyright. |
| |
| 1. It is illegal to copy a software, and install that single program for |
| simultaneous use on multiple machines. |
| |
| 2. Unauthorized copies of software may not be used in any way. This applies |
| even though you yourself may not have made the illegal copy. |
| |
| 3. Purchase of the appropriate number of copies of a software is necessary |
| for maintaining legal status. |
| |
| DISCLAIMER |
| |
| THIS SOFTWARE IS PROVIDED BY Ruslan R. Fazliev ``AS IS'' AND ANY |
| EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
| WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| DISCLAIMED. IN NO EVENT SHALL Ruslan R. Fazliev OR ITS |
| CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
| OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
| OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
| ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
| The Initial Developer of the Original Code is Ruslan R. Fazliev. |
| Portions created by Ruslan R. Fazliev are Copyright (C) 2001-2002 |
| Ruslan R. Fazliev. All Rights Reserved. |
+-----------------------------------------------------------------------------+
\*****************************************************************************/
#
# $Id: register.php,v 1.60.2.2 2003/02/20 08:42:02 svowl Exp $
#
session_register ("intershipper_recalc");
require "../include/countries.php";
require "../include/states.php";
if ($REQUEST_METHOD == "POST") {
if ($current_area != "A" && $current_area!=$usertype && $mode!="checkout") {
echo "Hacking attempt!!!!"; exit;
}
#
# Do not check password mismatch
#
#$passwd2 = $passwd1;
#
# Anonymous registration (x-cart generates username by itself)
#
$anonymous_user=false;
if($anonymous && empty($uname)) {
$max_anonimous = func_query_first("select max(replace(login, '$anonymous_username_prefix', '')-0) from $sql_tbl[customers] where login like '$anonymous_username_prefix%'");
if($max_anonimous) {
$next_anonimous_number = array_pop($max_anonimous)+1;
$uname = $anonymous_username_prefix.$next_anonimous_number;
}
else
$uname = $anonymous_username_prefix."1";
#
# All anonymous accounts must be customers
#
$usertype = "C";
$passwd1 = $anonymous_password;
$passwd2 = $anonymous_password;
$anonymous_user=true;
}
#
# User registration info passed to register.php via POST method
#
$existing_user = func_query_first("select password, email from $sql_tbl[customers] where login='$uname'");
if ($mode=="update") $uerror = false; else $uerror = !(empty($uname)) && !empty($existing_user);
#
# Check for errors
#
$uname_tmp=stripslashes($uname);
if ( strcmp($uname_tmp, $uname) !=0) {$error="Username ".$uname_tmp." is invalid! Please correct"; } else $error='';
$smarty->assign("error",$error);
$fillerror = (empty($uname) || !empty($error) || empty($passwd1) || empty($passwd2) || ($passwd1 != $passwd2) || empty($firstname) || empty($lastname) || empty($b_address) || empty($b_city) || (!empty($states) && empty($b_state)) || empty($b_country) || empty($b_zipcode) || empty($phone) || empty($email));
if (!($uerror || $eerror || $fillerror || $error)) {
#
# Fields filled without errors. User registered successfully
#
$crypted = text_crypt($passwd1);
if (empty($s_address) && empty($s_city) && empty($s_zipcode)) {
$s_state = $b_state;
$s_country = $b_country;
}
if (empty($s_address)) $s_address = $b_address;
if (empty($s_city)) $s_city = $b_city;
if (empty($s_zipcode)) $s_zipcode = $b_zipcode;
#
# Add new member to newsletter list
#
db_query("delete from $sql_tbl[maillist] where email='$existing_user[email]'");
if($newsletter=="on") db_query("insert into $sql_tbl[maillist] (email, since_date) values ('$email','".time()."')");
#
# Update/Insert user info
#
if ($mode=="update") {
$intershipper_recalc = "Y";
db_query("update $sql_tbl[customers] set password='$crypted', password_hint='$password_hint', password_hint_answer='$password_hint_answer', title='$title', firstname='$firstname', lastname='$lastname', company='$company', b_address='$b_address', b_city='$b_city', b_state='$b_state', b_country='$b_country', b_zipcode='$b_zipcode', s_address='$s_address', s_city='$s_city', s_state='$s_state', s_country='$s_country', s_zipcode='$s_zipcode', phone='$phone', email='$email', fax='$fax', url='$url', card_name='$card_name', card_type='$card_type', card_number='".text_crypt($card_number)."', card_expire='$card_expire', card_cvv2='$card_cvv2', pending_membership='$pending_membership', ssn='$ssn' , hear='$hear' where login='$login' and usertype='$login_type'");
#
# Update membership
#
if($current_area=="A" || ($active_modules["Simple_Mode"] && $current_area=="P")) db_query("update $sql_tbl[customers] set membership='$membership' where login='$login' and usertype='$login_type'");
$registered="Y";
#
# Send mail notifications to customer department and signed customer
#
$newuser_info = func_userinfo($login,$login_type);
$mail_smarty->assign("userinfo",$newuser_info);
#
# Send mail to registered user
#
$customer_language = func_get_language ($newuser_info["language"]);
func_send_mail($newuser_info["email"], "mail/profile_modified_subj.tpl", "mail/profile_modified.tpl", $config["Company"]["users_department"], false);
#
# Send mail to customers department
#
func_send_mail($config["Company"]["users_department"], "mail/profile_admin_modified_subj.tpl", "mail/profile_admin_modified.tpl", $newuser_info["email"], true);
} else {
#
# Add new person to customers table
#
$intershipper_recalc = "Y";
db_query("insert into $sql_tbl[customers] (login,usertype,membership,password,password_hint,password_hint_answer,title,firstname,lastname,company,b_address,b_city,b_state,b_country,b_zipcode,s_address,s_city,s_state,s_country,s_zipcode,phone,email,fax,url,card_name,card_type,card_number,card_expire,card_cvv2,first_login,status,referer,pending_membership,ssn,hear) values ('$uname','$usertype','$membership','$crypted','$password_hint','$password_hint_answer','$title','$firstname','$lastname','$company','$b_address','$b_city','$b_state','$b_country','$b_zipcode','$s_address','$s_city','$s_state','$s_country','$s_zipcode','$phone','$email','$fax','$url','$card_name','$card_type','".text_crypt($card_number)."','$card_expire','$card_cvv2','".time()."','Y','$RefererCookie','$pending_membership','$ssn','$hear')");
#
# Update store language for new customer from current $store_language
#
if ($store_language)
db_query ("UPDATE $sql_tbl[customers] SET language='$store_language' WHERE login='$uname'");
#
# If it is partner, add his information
#
if ($usertype == "B") {
db_query ("INSERT INTO $sql_tbl[partner_commitions] (login, commition) VALUES ('$uname','0.00')");
}
#
# Set A-status
#
if($anonymous_user) db_query("update $sql_tbl[customers] set status='A' where login='$uname' and usertype='$usertype'");
$registered="Y";
#
# Send mail notifications to customer department and signed customer
#
$newuser_info = func_userinfo($uname,$usertype);
$mail_smarty->assign("userinfo",$newuser_info);
#
# Send mail to registered user (do not send to anonymous)
#
if(!$anonymous_user)
if ($usertype=="B")
func_send_mail($email, "mail/signin_notification_subj.tpl", "mail/signin_partner_notif.tpl", $config["Company"]["users_department"], false);
else
func_send_mail($email, "mail/signin_notification_subj.tpl", "mail/signin_notification.tpl", $config["Company"]["users_department"], false);
#
# Send mail to customers department
#
if(!$anonymous_user)
func_send_mail($config["Company"]["users_department"], "mail/signin_admin_notif_subj.tpl", "mail/signin_admin_notification.tpl", $email, true);
#
# Auto-log in
#
#if($anonymous_user && $usertype=="C") {
if($usertype=="C" or ($usertype=="B" and $login=="")) {
$auto_login = true;
$login = $uname;
$login_type = $usertype;
$logged = "";
}
}
} else {
#
# Fields filled with errors
#
if ($fillerror) $reg_error="F";
if ($eerror) $reg_error="E";
if ($uerror) $reg_error="U";
}
if($anonymous_user) {
$uname="";
$passwd1="";
$passwd2="";
}
#
# Fill $userinfo array if error occured
#
$userinfo=$HTTP_POST_VARS;
$userinfo["login"] = $uname;
$userinfo["newsletter"] = ($newsletter=="on"?"Y":"");
}
else {
#
# REQUEST_METHOD = GET
#
if ($mode=="update") {
$userinfo = func_userinfo($login,$login_type);
}
elseif ($mode=="delete" && $confirmed=="Y") {
$olduser_info = func_userinfo($login,$login_type);
$customer_language = func_get_language ($olduser_info);
func_delete_profile($login,$login_type);
$login="";
$login_type="";
$smarty->clear_assign("login");
#
# Send mail notifications to customer department and signed customer
#
$mail_smarty->assign("userinfo",$olduser_info);
#
# Send mail to registered user
#
if (strstr($olduser_info["login"], $anonymous_username_prefix) ) $anonymous_user=true;
else $anonymous_user=false;
if(!$anonymous_user)
func_send_mail($olduser_info["email"], "mail/profile_deleted_subj.tpl", "mail/profile_deleted.tpl", $config["Company"]["users_department"], false);
#
# Send mail to customers department
#
if(!$anonymous_user)
func_send_mail($config["Company"]["users_department"], "mail/profile_admin_deleted_subj.tpl", "mail/profile_admin_deleted.tpl", $olduser_info["email"], true);
}
}
#require "../include/countries.php";
#require "../include/states.php";
#$smarty->assign("current_category",$current_category);
if ($uerror || $eerror || $fillerror || $error) {
$userinfo[firstname]=stripslashes($firstname);
$userinfo[lastname]=stripslashes($lastname);
$userinfo[company]=stripslashes($company);
$userinfo[ssn]=stripslashes($ssn);
$userinfo[hear]=stripslashes($hear);
$userinfo[b_address]=stripslashes($b_address);
$userinfo[b_city]=stripslashes($b_city);
$userinfo[b_zipcode]=stripslashes($b_zipcode);
$userinfo[s_address]=stripslashes($s_address);
$userinfo[s_city]=stripslashes($s_city);
$userinfo[s_state]=stripslashes($s_state);
$userinfo[s_zipcode]=stripslashes($s_zipcode);
$userinfo[phone]=stripslashes($phone);
$userinfo[fax]=stripslashes($fax);
$userinfo[uname]=stripslashes($uname);
$userinfo[login]=stripslashes($uname);
$userinfo[passwd1]=stripslashes($passwd1);
$userinfo[passwd2]=stripslashes($passwd2);
$userinfo[password_hint]=stripslashes($password_hint);
$userinfo[password_hint_answer]=stripslashes($password_hint_answer);
}
if ($userinfo)
foreach ($userinfo as $key=>$value){
if (is_string($value))
$userinfo[$key]=htmlspecialchars($value);
}
$smarty->assign("userinfo",$userinfo);
$smarty->assign("registered",$registered);
$smarty->assign("reg_error",$reg_error);
if($mode=="delete") {
$smarty->assign("main","profile_delete");
}
elseif($mode=="notdelete") {
$smarty->assign("main","profile_notdelete");
}
else
$smarty->assign("main","register");
?>