anyone else have a clue on this one? i hate to go back and lose all my changes.
Code:
#
# $Id: register.php,v 1.80.2.8 2004/03/26 09:47:32 svowl Exp $
#
if ( !defined('XCART_SESSION_START') ) { header("Location: ../"); die("Access denied"); }
x_session_register ("intershipper_recalc");
x_session_unregister("secure_oid");
require $xcart_dir."/include/countries.php";
require $xcart_dir."/include/states.php";
if (empty($mode)) $mode = "";
if ($REQUEST_METHOD == "POST") {
$allowed_registration = ($usertype == "C" || ($usertype == "B" && $config["Modules"]["partner_register"] == "Y") || ($current_area == "P" && $active_modules["Simple_Mode"]) || $current_area == "A");
$allowed_update = (($usertype == $current_area && !empty($login) && !empty($uname) && $login == $uname) || ($current_area == "P" && $active_modules["Simple_Mode"]) || $current_area == "A");
if ($mode!="update" && !$allowed_registration || $mode=="update" && !$allowed_update) {
func_header_location("error_message.php?access_denied");
}
#
# Do not check password mismatch
#
#$passwd2 = $passwd1;
#
# Anonymous registration (x-cart generates username by itself)
#
$anonymous_user=false;
$passed_uname = $uname;
if ($anonymous && empty($uname) && $config["General"]["disable_anonymous_checkout"]!="Y") {
$max_anonimous = array_pop(func_query_first("select max(replace(login, '$anonymous_username_prefix', '')-0) from $sql_tbl[customers] where login like '$anonymous_username_prefix%'"));
$max_anonimous_orders = array_pop(func_query_first("select max(replace(login, '$anonymous_username_prefix', '')-0) from $sql_tbl[orders] where login like '$anonymous_username_prefix%'"));
$max_anonimous = max($max_anonimous, $max_anonimous_orders);
if($max_anonimous) {
$next_anonimous_number = $max_anonimous+1;
$uname = $anonymous_username_prefix.$next_anonimous_number;
}
else
$uname = $anonymous_username_prefix."1";
#
# All anonymous accounts must be customers
#
$usertype = "C";
$passwd1 = $anonymous_password;
$passwd2 = $anonymous_password;
$anonymous_user=true;
}
if (!$anonymous) {
$anonymous_user = preg_match("/^".$anonymous_username_prefix."[0-9]+/", $uname);
}
#
# User registration info passed to register.php via POST method
#
$existing_user = func_query_first("select password, email from $sql_tbl[customers] where login='$uname'");
if (empty($existing_user))
$existing_user = func_query_first("SELECT login FROM $sql_tbl[orders] WHERE login='$uname'");
if ($mode=="update")
$uerror = false;
else {
$uerror = !(empty($uname)) && !empty($existing_user);
$uerror |= preg_match("/^".$anonymous_username_prefix."/", $passed_uname);
}
#
# Check for errors
#
$uname_tmp=stripslashes($uname);
if ( strcmp($uname_tmp, $uname) !=0) {$error="Username ".$uname_tmp." is invalid! Please correct"; } else $error='';
$smarty->assign("error",$error);
$fillerror = (empty($uname) || !empty($error) || empty($passwd1) || empty($passwd2) || ($passwd1 != $passwd2) || empty($b_address) || empty($b_city) || (!empty($states) && empty($b_state)) || empty($b_country) || empty($b_zipcode) || empty($phone) || empty($email));
$fillerror |= ($emailerror = !func_check_email($email));
if (!(@$uerror || @$eerror || @$fillerror || @$error)) {
#
# Fields filled without errors. User registered successfully
#
$crypted = text_crypt($passwd1);
$s_address = trim($s_address);
$s_city = trim($s_city);
$s_zipcode = trim($s_zipcode);
if (empty($s_address) && empty($fax) && empty($s_city) && empty($s_zipcode)) {
$fax = $company;
$s_state = $b_state;
$s_country = $b_country;
}
if (empty($s_address) && empty($fax)) $fax = $company;
if (empty($s_address)) $s_address = $b_address;
if (empty($s_city)) $s_city = $b_city;
if (empty($s_zipcode)) $s_zipcode = $b_zipcode;
#
# Add new member to newsletter list
#
if( !empty($existing_user) && $existing_user["email"] != $email )
db_query("delete from $sql_tbl[maillist] where email='".addslashes($existing_user["email"])."'");
if(!empty($newsletter)) {
$mailcnt = array_pop( func_query_first("select count(*) from $sql_tbl[maillist] where email='$email'") );
if( empty($mailcnt) )
db_query("insert into $sql_tbl[maillist] (email, since_date) values ('$email','".time()."')");
}
else
db_query("delete from $sql_tbl[maillist] where email='$email'");
#
# Update/Insert user info
#
if ($mode=="update") {
$intershipper_recalc = "Y";
db_query("UPDATE $sql_tbl[customers] SET password='$crypted', password_hint='$password_hint', password_hint_answer='$password_hint_answer', title='$title', firstname='$firstname', lastname='$lastname', company='$company', b_address='$b_address', b_city='$b_city', b_state='$b_state', b_country='$b_country', b_zipcode='$b_zipcode', s_address='$s_address', s_city='$s_city', s_state='$s_state', s_country='$s_country', s_zipcode='$s_zipcode', phone='$phone', email='$email', fax='$fax', url='$url', card_name='$card_name', card_type='$card_type', card_number='".text_crypt($card_number)."', card_expire='$card_expire', card_cvv2='$card_cvv2', pending_membership='$pending_membership', ssn='$ssn', change_password='$change_password' WHERE login='$login' and usertype='$login_type'");
#
# Update membership
#
if($current_area=="A" || ($active_modules["Simple_Mode"] && $current_area=="P")) db_query("update $sql_tbl[customers] set membership='$membership' where login='$login' and usertype='$login_type'");
$registered="Y";
#
# Send mail notifications to customer department and signed customer
#
if (!$anonymous_user) {
$newuser_info = func_userinfo($login,$login_type);
if (!empty($extended_userinfo))
$newuser_info = array_merge($newuser_info, $extended_userinfo);
$mail_smarty->assign("userinfo",$newuser_info);
#
# Send mail to registered user
#
$customer_language = func_get_language ($newuser_info["language"]);
func_send_mail($newuser_info["email"], "mail/profile_modified_subj.tpl", "mail/profile_modified.tpl", $config["Company"]["users_department"], false);
#
# Send mail to customers department
#
func_send_mail($config["Company"]["users_department"], "mail/profile_admin_modified_subj.tpl", "mail/profile_admin_modified.tpl", $newuser_info["email"], true);
}
} else {
#
# Add new person to customers table
#
$intershipper_recalc = "Y";
db_query("insert into $sql_tbl[customers] (login,usertype,membership,password,password_hint,password_hint_answer,title,firstname,lastname,company,b_address,b_city,b_state,b_country,b_zipcode,s_address,s_city,s_state,s_country,s_zipcode,phone,email,fax,url,card_name,card_type,card_number,card_expire,card_cvv2,first_login,status,referer,pending_membership,ssn) values ('$uname','$usertype','".@$membership."','$crypted','".@$password_hint."','".@$password_hint_answer."','$title','$firstname','$lastname','$company','$b_address','$b_city','$b_state','$b_country','$b_zipcode','$s_address','$s_city','$s_state','$s_country','$s_zipcode','$phone','$email','$fax','$url','".@$card_name."','".@$card_type."','".text_crypt(@$card_number)."','".@$card_expire."','".@$card_cvv2."','".time()."','Y','".@$RefererCookie."','".@$pending_membership."','".@$ssn."')");
#
# Update store language for new customer from current $store_language
#
if ($store_language)
db_query ("UPDATE $sql_tbl[customers] SET language='$store_language' WHERE login='$uname'");
#
# If it is partner, add his information
#
if ($usertype == "B") {
$commission_rate = intval($config["default_affiliate_plan"]);
db_query ("INSERT INTO $sql_tbl[partner_commissions] (login, plan_id) VALUES ('$uname','$commission_rate')");
}
#
# Set A-status
#
if($anonymous_user) db_query("update $sql_tbl[customers] set status='A' where login='$uname' and usertype='$usertype'");
$registered="Y";
#
# Send mail notifications to customer department and signed customer
#
$newuser_info = func_userinfo($uname,$usertype);
if (!empty($extended_userinfo))
$newuser_info = array_merge($newuser_info, $extended_userinfo);
$mail_smarty->assign("userinfo",$newuser_info);
#
# Send mail to registered user (do not send to anonymous)
#
if(!$anonymous_user)
if ($usertype=="B")
func_send_mail($email, "mail/signin_notification_subj.tpl", "mail/signin_partner_notif.tpl", $config["Company"]["users_department"], false);
else
func_send_mail($email, "mail/signin_notification_subj.tpl", "mail/signin_notification.tpl", $config["Company"]["users_department"], false);
#
# Send mail to customers department
#
if(!$anonymous_user)
func_send_mail($config["Company"]["users_department"], "mail/signin_admin_notif_subj.tpl", "mail/signin_admin_notification.tpl", $email, true);
#
# Auto-log in
#
#if($anonymous_user && $usertype=="C") [
if($usertype=="C" or ($usertype=="B" and $login=="")) {
$auto_login = true;
$login = $uname;
$login_type = $usertype;
$logged = "";
}
}
} else {
#
# Fields filled with errors
#
if (!empty($fillerror)) $reg_error="F";
if (!empty($eerror)) $reg_error="E";
if (!empty($uerror)) $reg_error="U";
}
if($anonymous_user) {
$uname="";
$passwd1="";
$passwd2="";
}
#
# Fill $userinfo array if error occured
#
$userinfo=$HTTP_POST_VARS;
$userinfo["login"] = $uname;
$userinfo["newsletter"] = (!empty($newsletter)?"Y":"");
}
else {
#
# REQUEST_METHOD = GET
#
if ($mode=="update") {
if ($action == "cart") {
$userinfo = func_userinfo($login,$login_type,true);
if (!empty($extended_userinfo))
$userinfo = array_merge($userinfo, $extended_userinfo);
}
else{
$userinfo = func_userinfo($login,$login_type);
if (!empty($extended_userinfo))
$userinfo = array_merge($userinfo, $extended_userinfo);
}
}
elseif ($mode=="delete" && @$confirmed=="Y") {
$olduser_info = func_userinfo($login,$login_type);
$customer_language = func_get_language ($olduser_info["language"]);
func_delete_profile($login,$login_type);
$login="";
$login_type="";
$smarty->clear_assign("login");
#
# Send mail notifications to customer department and signed customer
#
$mail_smarty->assign("userinfo",$olduser_info);
#
# Send mail to registered user
#
if (strstr($olduser_info["login"], $anonymous_username_prefix) ) $anonymous_user=true;
else $anonymous_user=false;
if(!$anonymous_user)
func_send_mail($olduser_info["email"], "mail/profile_deleted_subj.tpl", "mail/profile_deleted.tpl", $config["Company"]["users_department"], false);
#
# Send mail to customers department
#
if(!$anonymous_user)
func_send_mail($config["Company"]["users_department"], "mail/profile_admin_deleted_subj.tpl", "mail/profile_admin_deleted.tpl", $olduser_info["email"], true);
}
}
if (!empty($uerror) || !empty($eerror) || !empty($fillerror) || !empty($error)) {
$userinfo["firstname"]=stripslashes($firstname);
$userinfo["lastname"]=stripslashes($lastname);
$userinfo["company"]=stripslashes($company);
$userinfo["ssn"]=stripslashes(@$ssn);
$userinfo["b_address"]=stripslashes($b_address);
$userinfo["b_city"]=stripslashes($b_city);
$userinfo["b_state"]=stripslashes($b_state);
$userinfo["b_zipcode"]=stripslashes($b_zipcode);
$userinfo["s_address"]=stripslashes($s_address);
$userinfo["s_city"]=stripslashes($s_city);
$userinfo["s_state"]=stripslashes($s_state);
$userinfo["s_zipcode"]=stripslashes($s_zipcode);
$userinfo["phone"]=stripslashes($phone);
$userinfo["fax"]=stripslashes($fax);
$userinfo["email"]=stripslashes($email);
$userinfo["uname"]=stripslashes($uname);
$userinfo["login"]=stripslashes($uname);
$userinfo["passwd1"]=stripslashes($passwd1);
$userinfo["passwd2"]=stripslashes($passwd2);
$userinfo["password_hint"]=stripslashes(@$password_hint);
$userinfo["password_hint_answer"]=stripslashes(@$password_hint_answer);
}
if (!empty($userinfo)) {
foreach ($userinfo as $key=>$value){
if (is_string($value))
$userinfo[$key]=htmlspecialchars($value);
}
$smarty->assign("userinfo",$userinfo);
}
if (!empty($registered))
$smarty->assign("registered",$registered);
if (!empty($reg_error))
$smarty->assign("reg_error",$reg_error);
if (!empty($emailerror))
$smarty->assign("emailerror",$emailerror);
if($mode=="delete") {
$smarty->assign("main","profile_delete");
}
elseif($mode=="notdelete") {
$smarty->assign("main","profile_notdelete");
}
else
$smarty->assign("main","register");
x_session_save();
?>