aschwarz/Leitgedanken
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Leitgedanken/msd2/myoos/includes/content/account_address_book_process.php
aschwarz a6523903eb PDF rausgenommen
2023-01-23 11:03:31 +01:00

431 lines
16 KiB
PHP
Raw Blame History

<?php
/* ----------------------------------------------------------------------
MyOOS [Shopsystem]
https://www.oos-shop.de
Copyright (c) 2003 - 2019 by the MyOOS Development Team.
----------------------------------------------------------------------
Based on:
File: address_book_process.php,v 1.73 2003/02/13 01:58:23 hpdl
----------------------------------------------------------------------
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
/** ensure this file is being included by a parent file */
defined( 'OOS_VALID_MOD' ) OR die( 'Direct Access to this location is not allowed.' );
// start the session
if ( $session->hasStarted() === FALSE ) $session->start();
if (!isset($_SESSION['customer_id'])) {
// navigation history
if (!isset($_SESSION['navigation'])) {
$_SESSION['navigation'] = new navigationHistory();
}
$_SESSION['navigation']->set_snapshot();
oos_redirect(oos_href_link($aContents['login']));
}
require_once MYOOS_INCLUDE_PATH . '/includes/functions/function_address.php';
require_once MYOOS_INCLUDE_PATH . '/includes/languages/' . $sLanguage . '/account_address_book_process.php';
if ( isset($_POST['action']) && ($_POST['action'] == 'deleteconfirm') && isset($_POST['entry_id']) && is_numeric($_POST['entry_id']) &&
( isset($_SESSION['formid']) && ($_SESSION['formid'] == $_POST['formid'])) ){
$entry_id = oos_db_prepare_input($_POST['entry_id']);
if ($entry_id == $_SESSION['customer_default_address_id']) {
$oMessage->add_session('addressbook', $aLang['warning_primary_address_deletion'], 'warning');
} else {
$address_booktable = $oostable['address_book'];
$query = "DELETE FROM $address_booktable
WHERE address_book_id = '" . intval($entry_id) . "'
AND customers_id = '" . intval($_SESSION['customer_id']) . "'";
$dbconn->Execute($query);
$oMessage->add_session('addressbook', $aLang['success_address_book_entry_deleted'], 'success');
}
oos_redirect(oos_href_link($aContents['account_address_book']));
}
// Post-entry error checking when updating or adding an entry
$bProcess = FALSE;
if ( isset($_POST['action']) && ($_POST['action'] == 'process') || ($_POST['action'] == 'update') &&
( isset($_SESSION['formid']) && ($_SESSION['formid'] == $_POST['formid'])) ){
$bProcess = TRUE;
if ( isset($_POST['entry_id']) && is_numeric($_POST['entry_id']) ) {
$entry_id = oos_db_prepare_input($_POST['entry_id']);
}
if (ACCOUNT_GENDER == 'true') {
if (isset($_POST['gender'])) {
$gender = oos_db_prepare_input($_POST['gender']);
} else {
$gender = FALSE;
}
}
$firstname = oos_db_prepare_input($_POST['firstname']);
$lastname = oos_db_prepare_input($_POST['lastname']);
if (ACCOUNT_COMPANY == 'true') $company = oos_db_prepare_input($_POST['company']);
if (ACCOUNT_OWNER == 'true') $owner = oos_db_prepare_input($_POST['owner']);
if (ACCOUNT_VAT_ID == 'true') $vat_id = oos_db_prepare_input($_POST['vat_id']);
$street_address = oos_db_prepare_input($_POST['street_address']);
$postcode = oos_db_prepare_input($_POST['postcode']);
$city = oos_db_prepare_input($_POST['city']);
if (ACCOUNT_STATE == 'true') {
$state = oos_db_prepare_input($_POST['state']);
if (isset($_POST['zone_id'])) {
$zone_id = oos_db_prepare_input($_POST['zone_id']);
} else {
$zone_id = FALSE;
}
}
$country = oos_db_prepare_input($_POST['country']);
$bError = FALSE; // reset error flag
if (ACCOUNT_GENDER == 'true') {
if ( ($gender != 'm') && ($gender != 'f') ) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_gender_error']);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_first_name_error'] );
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_last_name_error'] );
}
if (ACCOUNT_COMPANY_VAT_ID_CHECK == 'true'){
if (!empty($vat_id) && (!oos_validate_is_vatid($vat_id))) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_vat_id_error']);
} else {
$vatid_check_error = FALSE;
}
}
if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_street_address_error']);
}
if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_post_code_error']);
}
if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_city_error']);
}
if (is_numeric($country) == FALSE) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_country_error']);
}
if (ACCOUNT_STATE == 'true') {
$zone_id = 0;
$zonestable = $oostable['zones'];
$country_check_sql = "SELECT COUNT(*) AS total
FROM $zonestable
WHERE zone_country_id = '" . intval($country) . "'";
$country_check = $dbconn->Execute($country_check_sql);
$entry_state_has_zones = ($country_check->fields['total'] > 0);
if ($entry_state_has_zones == TRUE) {
$zonestable = $oostable['zones'];
$zone_query = "SELECT DISTINCT zone_id
FROM $zonestable
WHERE zone_country_id = '" . intval($country) . "'
AND (zone_name = '" . oos_db_input($state) . "'
OR zone_code = '" . oos_db_input($state) . "')";
$zone_result = $dbconn->Execute($zone_query);
if ($zone_result->RecordCount() == 1) {
$zone = $zone_result->fields;
$zone_id = $zone['zone_id'];
} else {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_state_error_select']);
}
} else {
if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
$bError = TRUE;
$oMessage->add_session('addressbook', $aLang['entry_state_error']);
}
}
}
if ($bError == FALSE) {
$sql_data_array = array('entry_firstname' => $firstname,
'entry_lastname' => $lastname,
'entry_street_address' => $street_address,
'entry_postcode' => $postcode,
'entry_city' => $city,
'entry_country_id' => $country);
if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender;
if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company;
if (ACCOUNT_OWNER == 'true') $sql_data_array['entry_owner'] = $owner;
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
if ((ACCOUNT_COMPANY_VAT_ID_CHECK == 'true') && ($vatid_check_error == FALSE)) {
$sql_data_array['entry_vat_id_status'] = '1';
} else {
$sql_data_array['entry_vat_id_status'] = '0';
}
if ($_POST['action'] == 'update') {
$address_booktable = $oostable['address_book'];
$check_query = "SELECT address_book_id FROM $address_booktable WHERE address_book_id = '" . intval($entry_id) . "'' AND customers_id = '" . intval($_SESSION['customer_id']) . "'";
$check_result = $dbconn->Execute($check_query);
if ($check_result->RecordCount()) {
oos_db_perform($oostable['address_book'], $sql_data_array, 'UPDATE', "address_book_id = '" . intval($entry_id) . "' AND customers_id ='" . intval($_SESSION['customer_id']) . "'");
if ( (isset($_POST['primary']) && ($_POST['primary'] == 'on')) || ($entry_id == $_SESSION['customer_default_address_id']) ) {
if (ACCOUNT_GENDER == 'true') $_SESSION['customer_gender'] = $gender;
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = (($zone_id > 0) ? (int)$zone_id : '0');
$_SESSION['customer_default_address_id'] = intval($entry_id);
if ((ACCOUNT_COMPANY_VAT_ID_CHECK == 'true') && ($vatid_check_error == FALSE)) {
$_SESSION['customers_vat_id_status'] = '1';
} else {
$_SESSION['customers_vat_id_status'] = '0';
}
$sql_data_array = array('customers_firstname' => $firstname,
'customers_lastname' => $lastname,
'customers_default_address_id' => intval($entry_id));
if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;
oos_db_perform($oostable['customers'], $sql_data_array, 'UPDATE', "customers_id = '" . intval($_SESSION['customer_id']) . "'");
$update_info_sql = "UPDATE " . $oostable['customers_info'] . "
SET customers_info_date_account_last_modified = now()
WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'";
$dbconn->Execute($update_info_sql);
}
}
} else {
$sql_data_array['customers_id'] = intval($_SESSION['customer_id']);
oos_db_perform($oostable['address_book'], $sql_data_array);
$new_address_book_id = $dbconn->Insert_ID();
if (isset($_POST['primary']) && ($_POST['primary'] == 'on')) {
if (ACCOUNT_GENDER == 'true') $_SESSION['customer_gender'] = $gender;
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = (($zone_id > 0) ? (int)$zone_id : '0');
$_SESSION['customer_default_address_id'] = $new_address_book_id;
if ((ACCOUNT_COMPANY_VAT_ID_CHECK == 'true') && ($vatid_check_error == FALSE)) {
$_SESSION['customers_vat_id_status'] = '1';
} else {
$_SESSION['customers_vat_id_status'] = '0';
}
$sql_data_array = array('customers_firstname' => $firstname,
'customers_lastname' => $lastname);
if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;
$sql_data_array['customers_default_address_id'] = $new_address_book_id;
oos_db_perform($oostable['customers'], $sql_data_array, 'UPDATE', "customers_id = '" . intval($_SESSION['customer_id']) . "'");
$update_info_sql = "UPDATE " . $oostable['customers_info'] . "
SET customers_info_date_account_last_modified = now()
WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'";
$dbconn->Execute($update_info_sql);
}
$oMessage->add_session('addressbook', $aLang['success_address_book_entry_updated'], 'success');
oos_redirect(oos_href_link($aContents['account_address_book']));
}
}
}
if (isset($_GET['edit']) && is_numeric($_GET['edit'])) {
$address_booktable = $oostable['address_book'];
$address_sql = "SELECT entry_gender, entry_company, entry_owner, entry_vat_id, entry_vat_id_status,
entry_firstname, entry_lastname, entry_street_address, entry_postcode, entry_city,
entry_state, entry_zone_id, entry_country_id
FROM $address_booktable
WHERE customers_id = '" . intval($_SESSION['customer_id']) . "'
AND address_book_id = '" . intval($_GET['edit']) . "'";
$entry_result = $dbconn->Execute($address_sql);
if (!$entry_result->RecordCount()) {
$oMessage->add_session('addressbook', $aLang['error_nonexisting_address_book_entry']);
oos_redirect(oos_href_link($aContents['account_address_book']));
}
$entry = $entry_result->fields;
} elseif (isset($_GET['delete']) && is_numeric($_GET['delete'])) {
$entry_id = oos_db_prepare_input($_GET['delete']);
if ($delete == $_SESSION['customer_default_address_id']) {
$oMessage->add_session('addressbook', $aLang['warning_primary_address_deletion'], 'warning');
oos_redirect(oos_href_link($aContents['account_address_book']));
} else {
$address_booktable = $oostable['address_book'];
$check_query = "SELECT count(*) as total FROM $address_booktable WHERE address_book_id = '" . intval($entry_id) . "' AND customers_id = '" . intval($_SESSION['customer_id']) . "'";
$check_result = $dbconn->Execute($check_query);
if ($check_result->fields['total'] < 1) {
$oMessage->add_session('addressbook', $aLang['error_nonexisting_address_book_entry']);
oos_redirect(oos_href_link($aContents['account_address_book']));
}
}
} else {
$entry = array('entry_country_id' => STORE_COUNTRY);
}
if (!isset($_GET['delete']) && !isset($_GET['edit'])) {
if (oos_count_customer_address_book_entries() >= MAX_ADDRESS_BOOK_ENTRIES) {
$oMessage->add_session('addressbook', $aLang['error_address_book_full']);
oos_redirect(oos_href_link($aContents['account_address_book']));
}
}
if ( isset($_GET['entry_id']) && is_numeric($_GET['entry_id']) ) {
$entry_id = oos_db_prepare_input($_GET['entry_id']);
}
$back_link = oos_href_link($aContents['account_address_book']);
// links breadcrumb
$oBreadcrumb->add($aLang['navbar_title_1'], oos_href_link($aContents['account']));
$oBreadcrumb->add($aLang['navbar_title_2'], oos_href_link($aContents['account_address_book']));
if (isset ($_GET['edit']) && is_numeric($_GET['edit'])) {
$oBreadcrumb->add($aLang['navbar_title_modify_entry'], oos_href_link($aContents['account_address_book_process'], 'edit=' . intval($_GET['edit'])));
} elseif (isset ($_GET['delete']) && is_numeric($_GET['delete'])) {
$oBreadcrumb->add($aLang['navbar_title_delete_entry'], oos_href_link($aContents['account_address_book_process'], 'delete=' . intval($_GET['delete'])));
} else {
$oBreadcrumb->add($aLang['navbar_title_add_entry'], oos_href_link($aContents['account_address_book_process']));
}
$aTemplate['page'] = $sTheme . '/page/address_book_process.html';
$nPageType = OOS_PAGE_TYPE_ACCOUNT;
$sPagetitle = $aLang['navbar_title_1'] . ' ' . $aLang['navbar_title_2'] . ' ' . OOS_META_TITLE;
require_once MYOOS_INCLUDE_PATH . '/includes/system.php';
if (!isset($option)) {
require_once MYOOS_INCLUDE_PATH . '/includes/message.php';
require_once MYOOS_INCLUDE_PATH . '/includes/blocks.php';
}
// assign Smarty variables;
$smarty->assign(
array(
'breadcrumb' => $oBreadcrumb->trail(),
'back_link' => $back_link,
'entry_id' => $entry_id,
'process' => $process
)
);
if (isset($_GET['action']) && $_GET['action'] == 'edit') {
$smarty->assign(
array(
'heading_title' => $aLang['heading_title_modify_entry']
)
);
} else {
$smarty->assign(
array(
'heading_title' => $aLang['heading_title_add_entry']
)
);
}
$smarty->assign(
array(
'robots' => 'noindex,nofollow,noodp,noydir',
'account_active' => 1,
'gender' => $gender,
'firstname' => $firstname,
'lastname' => $lastname,
'company' => $company,
'street_address' => $street_address,
'postcode' => $postcode,
'city' => $city,
'country' => $country
)
);
if ($state_has_zones == 'true') {
$aZonesNames = array();
$aZonesValues = array();
$zonestable = $oostable['zones'];
$zones_query = "SELECT zone_name FROM $zonestable
WHERE zone_country_id = '" . oos_db_input($country) . "'
ORDER BY zone_name";
$zones_result = $dbconn->Execute($zones_query);
while ($zones = $zones_result->fields) {
$aZonesNames[] = $zones['zone_name'];
$aZonesValues[] = $zones['zone_name'];
$zones_result->MoveNext();
}
$smarty->assign('zones_names', $aZonesNames);
$smarty->assign('zones_values', $aZonesValues);
} else {
$state = oos_get_zone_name($country, $zone_id, $state);
$smarty->assign('state', $state);
$smarty->assign('zone_id', $zone_id);
}
$country_name = oos_get_country_name($country);
$smarty->assign('country_name', $country_name);
$smarty->assign('entry', $entry);
// display the template
$smarty->display($aTemplate['page']);
Reference in New Issue View Git Blame Copy Permalink