Projekt

Allgemein

Profil

Revision 1

Unterschiede anzeigen:

admin/includes/modules/customers_edit.php
1
<?php
2
 /*-------------------------------------------------------------
3
   $Id: customers_edit.php 13419 2021-02-09 15:13:48Z GTB $
4

  
5
   modified eCommerce Shopsoftware
6
   http://www.modified-shop.org
7

  
8
   Copyright (c) 2009 - 2013 [www.modified-shop.org]
9
   --------------------------------------------------------------
10
   Released under the GNU General Public License
11
   --------------------------------------------------------------*/
12
  
13
  defined( '_VALID_XTC' ) or die( 'Direct Access to this location is not allowed.' );
14

  
15

  
16
      if (isset($_GET['edit']) && $_GET['edit'] != '') {
17
        $check = "a.address_book_id = '". (int) $_GET['edit']."'";
18
        $customers_default_address_id_checkbox = xtc_draw_checkbox_field('primary', 'on', false);
19
      } else {
20
        $check = "c.customers_default_address_id = a.address_book_id";
21
      }
22

  
23
      if (!isset($cInfo) || !is_object($cInfo)) {
24
        $customers_query = xtc_db_query("SELECT c.customers_id,
25
                                                c.customers_cid,
26
                                                c.customers_vat_id,
27
                                                c.customers_vat_id_status,
28
                                                c.customers_status,
29
                                                c.customers_dob,
30
                                                c.customers_email_address,
31
                                                c.customers_default_address_id,
32
                                                c.customers_telephone,
33
                                                c.customers_fax,
34
                                                c.member_flag,
35
                                                c.payment_unallowed,
36
                                                c.shipping_unallowed,
37
                                                a.address_book_id,
38
                                                a.entry_gender AS customers_gender,
39
                                                a.entry_firstname AS customers_firstname,
40
                                                a.entry_lastname AS customers_lastname,
41
                                                a.entry_company,
42
                                                a.entry_street_address,
43
                                                a.entry_suburb,
44
                                                a.entry_postcode,
45
                                                a.entry_city,
46
                                                a.entry_state,
47
                                                a.entry_country_id,
48
                                                a.entry_zone_id,
49
                                                cgc.amount
50
                                           FROM ".TABLE_CUSTOMERS." c
51
                                      LEFT JOIN ".TABLE_ADDRESS_BOOK." a
52
                                                ON ".$check."
53
                                                   AND a.customers_id = c.customers_id
54
                                      LEFT JOIN ".TABLE_COUPON_GV_CUSTOMER." cgc
55
                                             ON c.customers_id = cgc.customer_id
56
                                          WHERE c.customers_id = '".(int)$_GET['cID']."'"
57
                                       );
58
        $customers = xtc_db_fetch_array($customers_query);
59
        if (xtc_db_num_rows($customers_query) != 0) {
60
          $cInfo = new objectInfo($customers);
61
        }
62
      }
63
      $newsletter_array = array (array ('id' => '1', 'text' => ENTRY_NEWSLETTER_YES), array ('id' => '0', 'text' => ENTRY_NEWSLETTER_NO));
64

  
65
      require_once(DIR_FS_CATALOG.DIR_WS_CLASSES.'xtcPrice.php');
66
      $xtPrice = new xtcPrice(DEFAULT_CURRENCY,$cInfo->customers_status);
67
      ?>
68
      <div class="pageHeadingImage"><?php echo xtc_image(DIR_WS_ICONS.'heading/icon_customers.png'); ?></div>
69
      <div class="flt-l">
70
        <div class="pageHeading"><?php echo $cInfo->customers_lastname.' '.$cInfo->customers_firstname; ?></div>
71
        <div class="main pdg2"><?php echo BOX_HEADING_CUSTOMERS; ?></div>
72
      </div>
73
      <div class="clear"></div>
74
      <div class="div_box mrg5">
75
        <div class="customers-groups">
76
          <div class="flt-l"><?php if ($customers_statuses_id_array[$cInfo->customers_status]['csa_image'] != '') { echo xtc_image(DIR_WS_CATALOG.DIR_WS_ICONS . $customers_statuses_id_array[$cInfo->customers_status]['csa_image'], ''); } ?></div>
77
          <div class="main" style="margin:12px 0;"><b><?php echo HEADING_TITLE_STATUS  .':</b> ' . $customers_statuses_id_array[$cInfo->customers_status]['text'] ; ?></div>
78
        </div>
79
        <div class="clear"></div>
80
        <?php echo xtc_draw_form('customers', FILENAME_CUSTOMERS, xtc_get_all_get_params(array('action')) . 'action=update', 'post') .
81
                   xtc_draw_hidden_field('customers_default_address_id', $cInfo->customers_default_address_id) .
82
                   xtc_draw_hidden_field('address_book_id', $cInfo->address_book_id) .
83
                   xtc_draw_hidden_field('customers_status', $cInfo->customers_status); ?>
84
        <div class="formAreaTitle"><span class="title"><?php echo CATEGORY_PERSONAL; ?></span></div>
85
        <div class="formAreaC">
86
          <table class="tableConfig borderall">
87
            <?php
88
              if (ACCOUNT_GENDER == 'true') {
89
            ?>
90
            <tr>
91
              <td class="dataTableConfig col-left"><?php echo ENTRY_GENDER; ?></td>
92
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_gender_error == true) ? ' col-error' : ''); ?>">
93
              <?php
94
              if ($error == true) {
95
                if ($entry_gender_error == true) {
96
                  echo xtc_draw_pull_down_menu('customers_gender', get_customers_gender(), $cInfo->customers_gender).'&nbsp;'.ENTRY_GENDER_ERROR;
97
                } else {
98
                  echo get_customers_gender($cInfo->customers_gender);
99
                  echo xtc_draw_hidden_field('customers_gender', $cInfo->customers_gender);
100
                }
101
              } else {
102
                echo xtc_draw_pull_down_menu('customers_gender', get_customers_gender(), $cInfo->customers_gender);
103
              }
104
              ?>
105
              </td>
106

  
107
            </tr>
108
            <?php
109
              }
110
            echo ($cInfo->customers_default_address_id != $cInfo->address_book_id) ? '<tr style="display:none;">' : '<tr>';
111
            ?>
112
              <td class="dataTableConfig col-left"><?php echo ENTRY_CID; ?></td>
113
              <td class="dataTableConfig col-single-right bg_notice">
114
                <?php
115
                echo xtc_draw_input_field('customers_cid', $cInfo->customers_cid, 'maxlength="32"', false);
116
                ?>
117
              </td>
118

  
119
            </tr>
120
            <tr>
121
              <td class="dataTableConfig col-left"><?php echo ENTRY_FIRST_NAME; ?></td>
122
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_firstname_error == true) ? ' col-error' : ''); ?>">
123
                <?php
124
                if ($error == true) {
125
                  if ($entry_firstname_error == true) {
126
                    echo xtc_draw_input_field('customers_firstname', $cInfo->customers_firstname, 'maxlength="32"').'&nbsp;'.ENTRY_FIRST_NAME_ERROR;
127
                  } else {
128
                    echo $cInfo->customers_firstname.xtc_draw_hidden_field('customers_firstname', $cInfo->customers_firstname);
129
                  }
130
                } else {
131
                  echo xtc_draw_input_field('customers_firstname', $cInfo->customers_firstname, 'maxlength="32"', true);
132
                }
133
                ?>
134
              </td>
135

  
136
            </tr>
137
            <tr>
138
              <td class="dataTableConfig col-left"><?php echo ENTRY_LAST_NAME; ?></td>
139
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_lastname_error == true) ? ' col-error' : ''); ?>">
140
                <?php
141
                if ($error == true) {
142
                  if ($entry_lastname_error == true) {
143
                    echo xtc_draw_input_field('customers_lastname', $cInfo->customers_lastname, 'maxlength="32"').'&nbsp;'.ENTRY_LAST_NAME_ERROR;
144
                  } else {
145
                    echo $cInfo->customers_lastname.xtc_draw_hidden_field('customers_lastname', $cInfo->customers_lastname);
146
                  }
147
                } else {
148
                  echo xtc_draw_input_field('customers_lastname', $cInfo->customers_lastname, 'maxlength="32"', true);
149
                }
150
                ?>
151
              </td>
152

  
153
            </tr>
154
            <?php
155
            if (ACCOUNT_DOB == 'true') {
156
              echo ($cInfo->customers_default_address_id != $cInfo->address_book_id) ? '<tr style="display:none;">' : '<tr>';
157
            ?>
158
              <td class="dataTableConfig col-left"><?php echo ENTRY_DATE_OF_BIRTH; ?></td>
159
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_date_of_birth_error == true) ? ' col-error' : ''); ?>">
160
                 <?php
161
                if ($error == true) {
162
                  if ($entry_date_of_birth_error == true) {
163
                    echo xtc_draw_input_field('customers_dob', xtc_date_short($cInfo->customers_dob), 'maxlength="10"').'&nbsp;'.ENTRY_DATE_OF_BIRTH_ERROR;
164
                  } else {
165
                    echo xtc_date_short($cInfo->customers_dob).xtc_draw_hidden_field('customers_dob', xtc_date_short($cInfo->customers_dob));
166
                  }
167
                } else {
168
                  echo xtc_draw_input_field('customers_dob', xtc_date_short($cInfo->customers_dob), 'maxlength="10"', true);
169
                }
170
                ?>
171
              </td>
172

  
173
            </tr>
174
            <?php
175
            }
176
             echo ($cInfo->customers_default_address_id != $cInfo->address_book_id) ? '<tr style="display:none;">' : '<tr>';
177
            ?>
178
              <td class="dataTableConfig col-left"><?php echo ENTRY_EMAIL_ADDRESS; ?></td>
179
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_email_address_error == true) ? ' col-error' : ''); ?>">
180
                <?php
181
                if ($error == true) {
182
                  if ($entry_email_address_error == true) {
183
                    echo xtc_draw_input_field('customers_email_address', $cInfo->customers_email_address, 'autocomplete="off" readonly="readonly" onfocus="this.removeAttribute(\'readonly\');" onblur="this.setAttribute(\'readonly\', \'readonly\');" maxlength="96"').'&nbsp;'.ENTRY_EMAIL_ADDRESS_ERROR;
184
                  } elseif ($entry_email_address_check_error == true) {
185
                    echo xtc_draw_input_field('customers_email_address', $cInfo->customers_email_address, 'autocomplete="off" readonly="readonly" onfocus="this.removeAttribute(\'readonly\');" onblur="this.setAttribute(\'readonly\', \'readonly\');" maxlength="96"').'&nbsp;'.ENTRY_EMAIL_ADDRESS_CHECK_ERROR;
186
                  } elseif ($entry_email_address_exists == true) {
187
                    echo xtc_draw_input_field('customers_email_address', $cInfo->customers_email_address, 'autocomplete="off" readonly="readonly" onfocus="this.removeAttribute(\'readonly\');" onblur="this.setAttribute(\'readonly\', \'readonly\');" maxlength="96"').'&nbsp;'.ENTRY_EMAIL_ADDRESS_ERROR_EXISTS;
188
                  } else {
189
                    echo $cInfo->customers_email_address.xtc_draw_hidden_field('customers_email_address', $cInfo->customers_email_address);
190
                  }
191
                } else {
192
                  echo xtc_draw_input_field('customers_email_address', $cInfo->customers_email_address, 'autocomplete="off" readonly="readonly" onfocus="this.removeAttribute(\'readonly\');" onblur="this.setAttribute(\'readonly\', \'readonly\');" maxlength="96"', true);
193
                }
194
                ?>
195
              </td>
196

  
197
            </tr>
198
          </table>
199
        </div>
200
        <?php
201
          if (ACCOUNT_COMPANY == 'true') {
202
        ?>
203
        <div class="formAreaTitle"><span class="title"><?php echo CATEGORY_COMPANY; ?></span></div>
204
        <div class="formAreaC">
205
          <table class="tableConfig borderall">
206
            <tr>
207
              <td class="dataTableConfig col-left"><?php echo ENTRY_COMPANY; ?></td>
208
              <td class="dataTableConfig col-single-right">
209
                <?php
210
                  echo xtc_draw_input_field('entry_company', $cInfo->entry_company, 'maxlength="64"');
211
                ?>
212
              </td>
213

  
214
            </tr>
215
            <?php
216
            if(ACCOUNT_COMPANY_VAT_CHECK == 'true'){
217
              if ($action == 'edit' && $cInfo->customers_vat_id != '') {
218
                switch ($cInfo->customers_vat_id_status) {
219
                  case '0' :
220
                    $entry_vat_error_text = TEXT_VAT_FALSE;
221
                    break;
222
                  case '1' :
223
                    $entry_vat_error_text = TEXT_VAT_TRUE;
224
                    break;
225
                  case '8' :
226
                    $entry_vat_error_text = TEXT_VAT_UNKNOWN_COUNTRY;
227
                    break;
228
                  case '94' :
229
                    $entry_vat_error_text = TEXT_VAT_INVALID_INPUT;
230
                    break;
231
                  case '95' :
232
                    $entry_vat_error_text = TEXT_VAT_SERVICE_UNAVAILABLE;
233
                    break;
234
                  case '96' :
235
                    $entry_vat_error_text = TEXT_VAT_MS_UNAVAILABLE;
236
                    break;
237
                  case '97' :
238
                    $entry_vat_error_text = TEXT_VAT_TIMEOUT;
239
                    break;
240
                  case '98' :
241
                    $entry_vat_error_text = TEXT_VAT_SERVER_BUSY;
242
                    break;
243
                  case '99' :
244
                    $entry_vat_error_text = TEXT_VAT_NO_PHP5_SOAP_SUPPORT;
245
                    break;
246
                }
247
              }
248
              echo ($cInfo->customers_default_address_id != $cInfo->address_book_id) ? '<tr style="display:none;">' : '<tr>';
249
              ?>
250
                <td class="dataTableConfig col-left"><?php echo ENTRY_VAT_ID; ?></td>
251
                <td class="dataTableConfig col-single-right">
252
                  <?php
253
                    echo xtc_draw_input_field('customers_vat_id', $cInfo->customers_vat_id, 'maxlength="32"').'&nbsp;'.$entry_vat_error_text;
254
                    /*
255
                    if ($error == true) {
256
                      if ($entry_vat_error == true) {
257
                        echo xtc_draw_input_field('customers_vat_id', $cInfo->customers_vat_id, 'maxlength="32"').'&nbsp;'.$entry_vat_error_text;
258
                      } else {
259
                        echo $cInfo->customers_vat_id.xtc_draw_hidden_field('customers_vat_id');
260
                      }
261
                    } else {
262
                      echo xtc_draw_input_field('customers_vat_id', $cInfo->customers_vat_id, 'maxlength="32"');
263
                    }
264
                    */
265
                    ?>
266
                  </td>
267
                </tr>
268
              <?php
269
              }
270
              ?>
271
            </table>
272
          </div>
273
        <?php
274
          }
275
        ?>
276

  
277
        <div class="formAreaTitle"><span class="title"><?php echo CATEGORY_ADDRESS; ?></span></div>
278
        <div class="formAreaC">
279
         <table class="tableConfig borderall">
280
            <tr>
281
              <td class="dataTableConfig col-left"><?php echo ENTRY_STREET_ADDRESS; ?></td>
282
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_street_address_error == true) ? ' col-error' : ''); ?>">
283
                <?php
284
                if ($error == true) {
285
                  if ($entry_street_address_error == true) {
286
                    echo xtc_draw_input_field('entry_street_address', $cInfo->entry_street_address, 'maxlength="64"').'&nbsp;'.ENTRY_STREET_ADDRESS_ERROR;
287
                  } else {
288
                    echo $cInfo->entry_street_address.xtc_draw_hidden_field('entry_street_address', $cInfo->entry_street_address);
289
                  }
290
                } else {
291
                  echo xtc_draw_input_field('entry_street_address', $cInfo->entry_street_address, 'maxlength="64"', true);
292
                }
293
                ?>
294
              </td>
295

  
296
            </tr>
297
            <?php
298
              if (ACCOUNT_SUBURB == 'true') {
299
            ?>
300
            <tr>
301
              <td class="dataTableConfig col-left"><?php echo ENTRY_SUBURB; ?></td>
302
              <td class="dataTableConfig col-single-right">
303
                <?php
304
                  echo xtc_draw_input_field('entry_suburb', $cInfo->entry_suburb, 'maxlength="32"');
305
                ?>
306
              </td>
307

  
308
            </tr>
309
            <?php
310
              }
311
            ?>
312
            <tr>
313
              <td class="dataTableConfig col-left"><?php echo ENTRY_POST_CODE; ?></td>
314
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_post_code_error == true) ? ' col-error' : ''); ?>">
315
                <?php
316
                if ($error == true) {
317
                  if ($entry_post_code_error == true) {
318
                    echo xtc_draw_input_field('entry_postcode', $cInfo->entry_postcode, 'maxlength="8"').'&nbsp;'.ENTRY_POST_CODE_ERROR;
319
                  } else {
320
                    echo $cInfo->entry_postcode.xtc_draw_hidden_field('entry_postcode', $cInfo->entry_postcode);
321
                  }
322
                } else {
323
                  echo xtc_draw_input_field('entry_postcode', $cInfo->entry_postcode, 'maxlength="8"', true);
324
                }
325
              ?>
326
              </td>
327

  
328
            </tr>
329
            <tr>
330
              <td class="dataTableConfig col-left"><?php echo ENTRY_CITY; ?></td>
331
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_city_error == true) ? ' col-error' : ''); ?>">
332
                <?php
333
                if ($error == true) {
334
                  if ($entry_city_error == true) {
335
                    echo xtc_draw_input_field('entry_city', $cInfo->entry_city, 'maxlength="32"').'&nbsp;'.ENTRY_CITY_ERROR;
336
                  } else {
337
                    echo $cInfo->entry_city.xtc_draw_hidden_field('entry_city', $cInfo->entry_city);
338
                  }
339
                } else {
340
                  echo xtc_draw_input_field('entry_city', $cInfo->entry_city, 'maxlength="32"', true);
341
                }
342
                ?>
343
              </td>
344

  
345
            </tr>
346
            
347
            <tr>
348
              <td class="dataTableConfig col-left"><?php echo ENTRY_COUNTRY; ?></td>
349
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_country_error == true) ? ' col-error' : ''); ?>">
350
                <?php
351
                if ($error == true) {
352
                  if ($entry_country_error == true) {
353
                    echo xtc_draw_pull_down_menu('entry_country_id', xtc_get_countries('',1), $cInfo->entry_country_id, 'style="width:250px"').'&nbsp;'.ENTRY_COUNTRY_ERROR;
354
                  } else {
355
                    echo xtc_get_country_name($cInfo->entry_country_id).xtc_draw_hidden_field('entry_country_id', $cInfo->entry_country_id);
356
                  }
357
                } else {
358
                  echo xtc_draw_pull_down_menu('entry_country_id', xtc_get_countries('',1), $cInfo->entry_country_id, 'style="width:250px"');
359
                }
360
                ?>
361
              </td>
362
            </tr>
363
            <?php
364
            if (ACCOUNT_STATE == 'true') {
365
            ?>
366
            <tr id="states">
367
              <td class="dataTableConfig col-left"><?php echo ENTRY_STATE; ?></td>
368
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_state_error == true) ? ' col-error' : ''); ?>" id="entry_state">
369
                <?php
370
                $entry_state = xtc_get_zone_code($cInfo->entry_country_id, $cInfo->entry_zone_id, $cInfo->entry_state);
371
                if ($error == true) {
372
                  if ($entry_state_error == true) {
373
                    if ($entry_state_has_zones == true) {
374
                      $zones_array = array ();
375
                      $zones_query = xtc_db_query("SELECT zone_name FROM ".TABLE_ZONES." WHERE zone_country_id = '".xtc_db_input($cInfo->entry_country_id)."' order by zone_name");
376
                      while ($zones_values = xtc_db_fetch_array($zones_query)) {
377
                        $zones_array[] = array ('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']);
378
                      }
379
                      echo xtc_draw_pull_down_menu('entry_state', $zones_array ,'', 'style="width:250px"').'&nbsp;'.ENTRY_STATE_ERROR;
380
                    } else {
381
                      echo xtc_draw_input_field('entry_state', xtc_get_zone_code($cInfo->entry_country_id, $cInfo->entry_zone_id, $cInfo->entry_state)).'&nbsp;'.ENTRY_STATE_ERROR;
382
                    }
383
                  } else {
384
                    echo $entry_state.xtc_draw_hidden_field('entry_zone_id', $cInfo->entry_zone_id).xtc_draw_hidden_field('entry_state', $cInfo->entry_state);
385
                  }
386
                } else {
387
                  echo xtc_draw_input_field('entry_state', xtc_get_zone_code($cInfo->entry_country_id, $cInfo->entry_zone_id, $cInfo->entry_state));
388
                }
389
                ?>
390
              </td>
391
            </tr>
392
            <?php
393
            }
394
            ?>
395

  
396
          </table>
397
        </div>
398
        <?php
399
        if ($cInfo->customers_default_address_id == $cInfo->address_book_id) {
400
        ?>
401

  
402
        <div class="formAreaTitle"><span class="title"><?php echo CATEGORY_CONTACT; ?></span></div>
403

  
404
        <?php
405
        }
406
        $style = ($cInfo->customers_default_address_id != $cInfo->address_book_id) ? ' style="display:none;"' : '';
407
        ?>
408
        <div class="formAreaC"<?php $style;?>>
409
          <table class="tableConfig borderall">
410
            <tr>
411
              <td class="dataTableConfig col-left"><?php echo ENTRY_TELEPHONE_NUMBER; ?></td>
412
              <td class="dataTableConfig col-single-right<?php echo (($error == true && $entry_telephone_error == true) ? ' col-error' : ''); ?>">
413
              <?php
414
                if ($error == true) {
415
                  if ($entry_telephone_error == true) {
416
                    echo xtc_draw_input_field('customers_telephone', $cInfo->customers_telephone, 'maxlength="32"').'&nbsp;'.ENTRY_TELEPHONE_NUMBER_ERROR;
417
                  } else {
418
                    echo $cInfo->customers_telephone.xtc_draw_hidden_field('customers_telephone', $cInfo->customers_telephone);
419
                  }
420
                } else {
421
                  echo xtc_draw_input_field('customers_telephone', $cInfo->customers_telephone, 'maxlength="32"', (ACCOUNT_TELEPHONE_OPTIONAL == 'false'));
422
                }
423
              ?>
424
              </td>
425

  
426
            </tr>
427
            <tr>
428
              <td class="dataTableConfig col-left"><?php echo ENTRY_FAX_NUMBER; ?></td>
429
              <td class="dataTableConfig col-single-right">
430
              <?php
431
                if ($processed == true) {
432
                  echo $cInfo->customers_fax.xtc_draw_hidden_field('customers_fax', $cInfo->customers_fax);
433
                } else {
434
                  echo xtc_draw_input_field('customers_fax', $cInfo->customers_fax, 'maxlength="32"');
435
                }
436
              ?>
437
              </td>
438

  
439
            </tr>
440
          </table>
441
        </div>
442
        <?php
443
        if ($cInfo->customers_default_address_id == $cInfo->address_book_id) {
444
        ?>
445

  
446
        <div class="formAreaTitle"><span class="title"><?php echo CATEGORY_OPTIONS; ?></span></div>
447
        <div class="formAreaC">
448
          <table class="tableConfig borderall">
449
            <tr>
450
              <td class="dataTableConfig col-left"><?php echo ENTRY_PAYMENT_UNALLOWED; ?></td>
451
              <td class="dataTableConfig col-single-right">
452
              <?php
453
                echo xtc_cfg_checkbox_unallowed_module('payment', 'payment_unallowed', $cInfo->payment_unallowed);
454
              ?>
455
              </td>
456
            </tr>
457
            <tr>
458
              <td class="dataTableConfig col-left"><?php echo ENTRY_SHIPPING_UNALLOWED; ?></td>
459
              <td class="dataTableConfig col-single-right">
460
              <?php
461
                echo xtc_cfg_checkbox_unallowed_module('shipping', 'shipping_unallowed', $cInfo->shipping_unallowed);
462
              ?>
463
              </td>
464
           </tr>
465
           <tr>
466
              <td class="dataTableConfig col-left"><?php echo ENTRY_NEW_PASSWORD; ?></td>
467
              <td class="dataTableConfig col-single-right bg_notice<?php echo (($error == true && $entry_password_error == true) ? ' col-error' : ''); ?>">
468
              <?php
469
                if ($error == true) {
470
                  if ($entry_password_error == true) {
471
                    echo xtc_draw_password_field('customers_password', $cInfo->customers_password, false, 'autocomplete="off" readonly="readonly" onfocus="this.removeAttribute(\'readonly\');" onblur="this.setAttribute(\'readonly\', \'readonly\');"').'&nbsp;'.ENTRY_PASSWORD_ERROR;
472
                  } else {
473
                    echo xtc_draw_password_field('customers_password', $cInfo->customers_password, false, 'autocomplete="off" readonly="readonly" onfocus="this.removeAttribute(\'readonly\');" onblur="this.setAttribute(\'readonly\', \'readonly\');"');
474
                  }
475
                } else {
476
                  echo xtc_draw_password_field('customers_password', '', false, 'autocomplete="off" readonly="readonly" onfocus="this.removeAttribute(\'readonly\');" onblur="this.setAttribute(\'readonly\', \'readonly\');"');
477
                }
478
                ?>
479
              </td>
480
           </tr>
481
           <?php
482
           if (ACTIVATE_GIFT_SYSTEM=='true') {
483
           ?>
484
           <tr>
485
            <td class="dataTableConfig col-left"><?php echo TABLE_HEADING_AMOUNT; ?></td>
486
            <td class="dataTableConfig col-single-right">
487
            <?php  echo $xtPrice->xtcFormatCurrency($cInfo->amount).xtc_draw_hidden_field('amount', $cInfo->amount);
488
              /*
489
              if ($processed == true) {
490
                echo $cInfo->amount.xtc_draw_hidden_field('amount', $cInfo->amount);
491
              } else {
492
                echo xtc_draw_input_field('amount', $cInfo->amount);
493
              }
494
              */
495
              ?>
496
            </td>
497
           </tr>
498
           <?php
499
           }
500
           ?>
501
           <tr>
502
             <?php
503
             include(DIR_WS_MODULES . FILENAME_CUSTOMER_MEMO);
504
             ?>
505
           </tr>
506
          </table>
507
        </div>
508
        <?php
509
        }
510
        ?>
511

  
512
        <div class="main mrg5"><input type="submit" class="button" onclick="this.blur();" value="<?php echo BUTTON_UPDATE; ?>"><?php echo ' <a class="button" onclick="this.blur();" href="' . xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array('action', 'edit'))) .'">' . BUTTON_CANCEL . '</a>'; ?></div>
513

  
514
      </form>
515
    </div>
516
    
517
    <?php require(DIR_WS_INCLUDES . 'javascript/jquery.entry_state.js.php'); ?>    
518
    <script>
519
      $(document).ready(function () {
520
        create_states($('select[name="entry_country_id"]').val(), 'entry_state');
521
    
522
        $('select[name="entry_country_id"]').change(function() {
523
          create_states($(this).val(), 'entry_state');
524
        });
525
      });
526
    </script>
admin/includes/application_top.php
1
<?php
2
/* --------------------------------------------------------------
3
   $Id: application_top.php 13484 2021-04-01 08:50:12Z GTB $
4

  
5
   modified eCommerce Shopsoftware
6
   http://www.modified-shop.org
7

  
8
   Copyright (c) 2009 - 2013 [www.modified-shop.org]
9
   --------------------------------------------------------------
10
   based on:
11
   (c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
12
   (c) 2002-2003 osCommerce(application_top.php,v 1.158 2003/03/22); www.oscommerce.com
13
   (c) 2003 nextcommerce (application_top.php,v 1.46 2003/08/24); www.nextcommerce.org
14
   (c) 2006 XT-Commerce (application_top.php 1323 2005-10-27) ; www.xt-commerce.com
15

  
16
   Released under the GNU General Public License
17
   --------------------------------------------------------------
18
   Third Party contribution:
19

  
20
   Customers Status v3.x  (c) 2002-2003 Copyright Elari elari@free.fr | www.unlockgsm.com/dload-osc/ | CVS : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/elari/?sortby=date#dirlist
21

  
22
   Credit Class/Gift Vouchers/Discount Coupons (Version 5.10)
23
   http://www.oscommerce.com/community/contributions,282
24
   Copyright (c) Strider | Strider@oscworks.com
25
   Copyright (c) Nick Stanko of UkiDev.com, nick@ukidev.com
26
   Copyright (c) Andre ambidex@gmx.net
27
   Copyright (c) 2001,2002 Ian C Wilson http://www.phesis.org
28

  
29
   Released under the GNU General Public License
30
   --------------------------------------------------------------*/
31

  
32
//Run Mode
33
define('RUN_MODE_ADMIN',true);
34

  
35
// Start the clock for the page parse time log
36
define('PAGE_PARSE_START_TIME', microtime(true));
37

  
38
// set the level of error reporting
39
@ini_set('display_errors', false);
40
error_reporting(0);
41

  
42
// security
43
define('_VALID_XTC',true);
44

  
45
// Disable use_trans_sid as xtc_href_link() does this manually
46
if (function_exists('ini_set')) {
47
  @ini_set('session.use_trans_sid', 0);
48
}
49

  
50
// configuration parameters
51
if (file_exists('../includes/local/configure.php')) {
52
  include_once('../includes/local/configure.php');
53
} else {
54
  include_once('../includes/configure.php');
55
}
56

  
57
// minimum requirement
58
if (version_compare(PHP_VERSION, '5.6', '<')) {
59
  die('<h1>Minimum requirement PHP Version 5.6</h1>');
60
}
61

  
62
// default time zone
63
date_default_timezone_set('Europe/Berlin');
64

  
65
// new error handling
66
if (is_file(DIR_FS_CATALOG.DIR_WS_INCLUDES.'error_reporting.php')) {
67
  require_once (DIR_FS_CATALOG.DIR_WS_INCLUDES.'error_reporting.php');
68
}
69

  
70
// security inputfilter for GET/POST/COOKIE
71
require (DIR_FS_CATALOG.DIR_WS_CLASSES.'inputfilter.php');
72
$inputfilter = new Inputfilter();
73
$_GET = $inputfilter->validate($_GET);
74
$_POST = $inputfilter->validate($_POST);
75
$_REQUEST = $inputfilter->validate($_REQUEST);
76

  
77
// auto include
78
require_once (DIR_FS_INC . 'auto_include.inc.php');
79

  
80
// project versison
81
require_once (DIR_WS_INCLUDES.'version.php');
82

  
83
// Base/PHP_SELF/SSL-PROXY
84
require_once(DIR_FS_INC . 'set_php_self.inc.php');
85
$PHP_SELF = set_php_self();
86

  
87
define('TAX_DECIMAL_PLACES', 0);
88

  
89
// include the list of project filenames
90
require (DIR_FS_ADMIN.DIR_WS_INCLUDES.'filenames.php');
91

  
92
// list of project database tables
93
require_once(DIR_FS_CATALOG.DIR_WS_INCLUDES.'database_tables.php');
94

  
95
// Database
96
require_once (DIR_FS_INC.'db_functions_'.DB_MYSQL_TYPE.'.inc.php');
97
require_once (DIR_FS_INC.'db_functions.inc.php');
98

  
99
// include needed functions
100
require_once(DIR_FS_INC . 'xtc_get_ip_address.inc.php');
101
require_once(DIR_FS_INC . 'xtc_setcookie.inc.php');
102
require_once(DIR_FS_INC . 'xtc_validate_email.inc.php');
103
require_once(DIR_FS_INC . 'xtc_not_null.inc.php');
104
require_once(DIR_FS_INC . 'xtc_add_tax.inc.php');
105
require_once(DIR_FS_INC . 'xtc_get_tax_rate.inc.php');
106
require_once(DIR_FS_INC . 'xtc_get_qty.inc.php');
107
require_once(DIR_FS_INC . 'xtc_product_link.inc.php');
108
require_once(DIR_FS_INC . 'xtc_cleanName.inc.php');
109
require_once(DIR_FS_INC . 'xtc_get_top_level_domain.inc.php');
110
require_once(DIR_FS_INC . 'html_encoding.php'); //new function for PHP5.4
111
require_once(DIR_FS_INC . 'xtc_backup_restore_configuration.php');
112
require_once(DIR_FS_INC . 'xtc_check_agent.inc.php');
113
require_once(DIR_FS_INC . 'xtc_parse_category_path.inc.php');
114
require_once(DIR_FS_INC . 'xtc_input_validation.inc.php');
115
require_once(DIR_FS_INC . 'xtc_get_category_path.inc.php');
116

  
117
foreach(auto_include(DIR_FS_ADMIN.'includes/extra/functions/','php') as $file) require ($file);
118

  
119
// design layout (wide of boxes in pixels) (default: 125)
120
define('BOX_WIDTH', 125);
121

  
122
// make a connection to the database... now
123
xtc_db_connect() or die('Unable to connect to database server!');
124

  
125
// set application wide parameters
126
define('DB_CACHE', 'false');
127
$duplicate_configuration = array();
128
$configuration_query = xtc_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION . '');
129
while ($configuration = xtc_db_fetch_array($configuration_query)) {
130
  if ($configuration['cfgKey'] != 'DB_CACHE' && $configuration['cfgKey'] != 'STORE_DB_TRANSACTIONS') {
131
    if (!defined($configuration['cfgKey'])) {
132
      define($configuration['cfgKey'], stripslashes($configuration['cfgValue']));
133
    } else {
134
      $duplicate_configuration[] = $configuration['cfgKey'];
135
    }
136
  }
137
}
138

  
139
foreach(auto_include(DIR_FS_ADMIN.'includes/extra/application_top/application_top_begin/','php') as $file) require ($file);
140

  
141
define('FILENAME_IMAGEMANIPULATOR',IMAGE_MANIPULATOR);
142

  
143
// initialize the logger class
144
require(DIR_WS_CLASSES . 'logger.php');
145

  
146
// shopping cart class
147
require(DIR_WS_CLASSES . 'shopping_cart.php');
148

  
149
// todo
150
require(DIR_WS_FUNCTIONS . 'general.php');
151

  
152
// define how the session functions will be used
153
require(DIR_WS_FUNCTIONS . 'sessions.php');
154

  
155
  // define our general functions used application-wide
156
require(DIR_WS_FUNCTIONS . 'html_output.php');
157

  
158
// set the type of request (secure or not)
159
if (file_exists(DIR_WS_INCLUDES . 'request_type.php')) {
160
  include (DIR_WS_INCLUDES . 'request_type.php');
161
} else {
162
  $request_type = 'NONSSL';
163
}
164

  
165
// set the top level domains
166
$http_domain_arr = xtc_get_top_level_domain(HTTP_SERVER);
167
$https_domain_arr = xtc_get_top_level_domain(HTTPS_SERVER);
168
$http_domain = $http_domain_arr['domain'];
169
$https_domain = $https_domain_arr['domain'];
170
$current_domain = (($request_type == 'NONSSL') ? $http_domain : $https_domain);
171

  
172
// set the top level domains to delete
173
$current_domain_delete = (($request_type == 'NONSSL') ? $http_domain_arr['delete'] : $https_domain_arr['delete']);
174

  
175
// set the session name and save path
176
// set the session cookie parameters
177
// set the session ID if it exists
178
// start the session
179
// Redirect search engines with session id to the same url without session id to prevent indexing session id urls
180
// check for Cookie usage
181
// check the Agent
182
include (DIR_FS_CATALOG.DIR_WS_MODULES.'set_session_and_cookie_parameters.php');
183

  
184
// verify the ssl_session_id if the feature is enabled
185
// verify the browser user agent if the feature is enabled
186
// verify the IP address if the feature is enabled
187
include (DIR_FS_CATALOG.DIR_WS_MODULES.'verify_session.php');
188

  
189
// set the language
190
include (DIR_FS_CATALOG.DIR_WS_MODULES.'set_language_sessions.php');
191

  
192
// include the language translations
193
require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.$_SESSION['language'] . '.php');
194
require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/buttons.php');
195
$current_page = basename($PHP_SELF);
196
if (is_file(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/' . $current_page)) {
197
  require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/' . $current_page);
198
}
199

  
200
// write customers status in session
201
require(DIR_FS_CATALOG.DIR_WS_INCLUDES.'write_customers_status.php');
202

  
203
// call from filemanager
204
if (defined('_IS_FILEMANAGER')) return;
205

  
206
// check permission
207
if (is_file(DIR_FS_ADMIN.$current_page) == false || $_SESSION['customers_status']['customers_status_id'] !== '0') {
208
  xtc_redirect(xtc_catalog_href_link(FILENAME_LOGIN));
209
}
210

  
211
// define our localization functions
212
require(DIR_WS_FUNCTIONS . 'localization.php');
213

  
214
// setup our boxes
215
require(DIR_WS_CLASSES . 'table_block.php');
216
require(DIR_WS_CLASSES . 'box.php');
217

  
218
// initialize the message stack for output messages
219
require(DIR_WS_CLASSES . 'message_stack.php');
220
$messageStack = new messageStack();
221

  
222
// verfiy CSRF Token
223
if (CSRF_TOKEN_SYSTEM == 'true') {
224
  require_once(DIR_FS_INC . 'csrf_token.inc.php');
225
}
226

  
227
// split-page-results
228
require(DIR_WS_CLASSES . 'split_page_results.php');
229

  
230
// entry/item info classes
231
require(DIR_WS_CLASSES . 'object_info.php');
232

  
233
// file uploading class
234
require(DIR_WS_CLASSES . 'upload.php');
235

  
236
// content, product, category - sql group_check/fsk_lock
237
require (DIR_FS_CATALOG.DIR_WS_INCLUDES.'define_conditions.php');
238

  
239
// add_select
240
require (DIR_FS_CATALOG.DIR_WS_INCLUDES.'define_add_select.php');
241

  
242
// calculate category path
243
$cPath = isset($_GET['cPath']) ? $_GET['cPath'] : '';
244
if (strlen($cPath) > 0) {
245
  $cPath_array = xtc_parse_category_path($cPath);
246
  $current_category_id = end($cPath_array);
247
} else {
248
  $current_category_id = 0;
249
}
250

  
251
// check if a default currency is set
252
if (!defined('DEFAULT_CURRENCY')) {
253
  $messageStack->add(ERROR_NO_DEFAULT_CURRENCY_DEFINED, 'error');
254
}
255

  
256
// check if a default language is set
257
if (!defined('DEFAULT_LANGUAGE')) {
258
  $messageStack->add(ERROR_NO_DEFAULT_LANGUAGE_DEFINED, 'error');
259
}
260

  
261
// for Customers Status
262
xtc_get_customers_statuses();
263

  
264
$pagename = strtok($current_page, '.');
265
if (!isset($_SESSION['customer_id'])) {
266
  xtc_redirect(xtc_catalog_href_link(FILENAME_LOGIN));
267
}
268

  
269
xtc_check_permission($pagename);
270

  
271
// set which precautions should be checked
272
defined('WARN_CONFIG_WRITEABLE') OR define('WARN_CONFIG_WRITEABLE', 'true');
273
defined('WARN_FILES_WRITEABLE') OR define('WARN_FILES_WRITEABLE', 'true');
274
defined('WARN_DIRS_WRITEABLE') OR define('WARN_DIRS_WRITEABLE', 'true');
275

  
276
foreach(auto_include(DIR_FS_ADMIN.'includes/extra/application_top/application_top_end/','php') as $file) require ($file);
277

  
278
//compatibility for modified eCommerce Shopsoftware 1.06 files
279
defined('DIR_WS_BASE') OR define('DIR_WS_BASE', '');
280
?>
admin/includes/column_left.php
1
<?php
2
  /* --------------------------------------------------------------
3
   $Id: column_left.php 13490 2021-04-01 10:15:45Z Tomcraft $
4

  
5
   modified eCommerce Shopsoftware
6
   http://www.modified-shop.org
7

  
8
   Copyright (c) 2009 - 2013 [www.modified-shop.org]
9
   --------------------------------------------------------------
10
   based on:
11
   (c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
12
   (c) 2002-2003 osCommerce(column_left.php,v 1.15 2002/01/11); www.oscommerce.com
13
   (c) 2003 nextcommerce (column_left.php,v 1.25 2003/08/19); www.nextcommerce.org
14
   (c) 2006 XT-Commerce (content_manager.php 1304 2005-10-12)
15

  
16
   Released under the GNU General Public License
17
   --------------------------------------------------------------*/
18
defined( '_VALID_XTC' ) or die( 'Direct Access to this location is not allowed.' );
19

  
20
$admin_access = array();
21
if (($_SESSION['customers_status']['customers_status_id'] == '0')) {
22
  $admin_access_query = xtc_db_query("SELECT * FROM " . TABLE_ADMIN_ACCESS . " WHERE customers_id = ".(int)$_SESSION['customer_id']);
23
  $admin_access = xtc_db_fetch_array($admin_access_query); 
24
}
25

  
26
//begin----------------------------functions----------------------------------------------------------------------------------
27

  
28
// mainMenue($box_title);
29
if (!function_exists('mainMenue')) { // erste ebene
30
  function mainMenue($box_title) {
31
    $html  = '<li>';            
32
    if (defined('NEW_ADMIN_STYLE')) {
33
      $html .= '<div class="dataNavHeadingContent"><a href="#"><strong>'.$box_title.'</strong></a></div>';
34
    } else {
35
      $html .= '<div class="dataNavHeadingContent"><strong>'.$box_title.'</strong></div>';
36
    }
37
    $html .= PHP_EOL .'<ul>'.PHP_EOL;
38
    return $html;
39
  }
40
}
41

  
42
// endMenue($box_title);
43
if (!function_exists('endMenue')) { // menue schliessen
44
  function endMenue($box_title) {    
45
    $html = '</ul>'.PHP_EOL;
46
    $html .= '</li>'.PHP_EOL;
47
    // extra menu
48
    if (function_exists('dynamicsAdds')) {
49
      $html  = dynamicsAdds($box_title) . $html;
50
    }
51
    return $html;
52
  }
53
}
54

  
55
//end----------------------------functions----------------------------------------------------------------------------------
56

  
57
// extra menu
58
if(file_exists(DIR_WS_INCLUDES.'extra_menu.php')) {
59
  require_once(DIR_WS_INCLUDES.'extra_menu.php');
60
}
61

  
62
//begin--------------------------HTML----------------------------------------------------------------------------------
63

  
64
echo '<div id="cssmenu" class="suckertreemenu">';
65
echo '<ul id="treemenu1">';
66

  
67
//---------------------------Ausgewaehlte Admin Sprache als Flagge
68
echo '<li><div id="lang_flag">' . xtc_image('../lang/' .  $_SESSION['language'] .'/admin/images/' . 'icon.gif', $_SESSION['language']). '</div></li>';
69

  
70
//---------------------------STARTSEITE
71
echo '<li><a href="' . xtc_href_link('start.php', '', 'NONSSL') . '" id="current"><b>' . TEXT_ADMIN_START . '</b></a></li>'; 
72

  
73
//---------------------------KUNDEN
74
echo mainMenue(BOX_HEADING_CUSTOMERS);
75
    if ($admin_access['customers'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CUSTOMERS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CUSTOMERS . '</a></li>';
76
    if ($admin_access['customers_status'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CUSTOMERS_STATUS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CUSTOMERS_STATUS . '</a></li>';
77
    if ($admin_access['customers_group'] == '1' && GROUP_CHECK == 'true') echo '<li><a href="' . xtc_href_link('customers_group.php', '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CUSTOMERS_GROUP . '</a></li>';
78
    if ($admin_access['orders'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_ORDERS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_ORDERS . '</a></li>';
79
    if ($admin_access['module_export'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULE_EXPORT, 'set=export&module=dsgvo_export', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_DSGVO_EXPORT . '</a></li>';
80
echo endMenue(BOX_HEADING_CUSTOMERS);
81

  
82
//---------------------------ARTIKELKATALOG
83
echo mainMenue(BOX_HEADING_PRODUCTS);
84
    if ($admin_access['categories'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CATEGORIES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CATEGORIES . '</a></li>';
85
    if ($admin_access['products_attributes'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_PRODUCTS_ATTRIBUTES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_PRODUCTS_ATTRIBUTES . '</a></li>';
86
    if ($admin_access['products_tags'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_PRODUCTS_TAGS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_PRODUCTS_TAGS . '</a></li>';
87
    if ($admin_access['manufacturers'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MANUFACTURERS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_MANUFACTURERS . '</a></li>';
88
    if ($admin_access['reviews'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_REVIEWS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_REVIEWS . '</a></li>';
89
    if ($admin_access['specials'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_SPECIALS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_SPECIALS . '</a></li>';
90
    if ($admin_access['products_expected'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_PRODUCTS_EXPECTED, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_PRODUCTS_EXPECTED . '</a></li>';
91
    if ($admin_access['stats_stock_warning'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_STATS_STOCK_WARNING, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_STOCK_WARNING . '</a></li>';
92
echo endMenue(BOX_HEADING_PRODUCTS);
93

  
94
//---------------------------MODULE
95
echo mainMenue(BOX_HEADING_MODULES);
96
    if ($admin_access['modules'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULES, 'set=payment', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_PAYMENT . '</a></li>';
97
    if ($admin_access['modules'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULES, 'set=shipping', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_SHIPPING . '</a></li>';
98
    if ($admin_access['modules'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULES, 'set=ordertotal', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_ORDER_TOTAL . '</a></li>';
99
    if ($admin_access['modules'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULES, 'set=categories', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_MODULE_TYPE . '</a></li>';
100
    if ($admin_access['module_export'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULE_EXPORT, 'set=export&module=sitemaporg', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_GOOGLE_SITEMAP . '</a></li>';
101
    if ($admin_access['module_export'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULE_EXPORT, 'set=system', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_MODULE_SYSTEM . '</a></li>';
102
    if ($admin_access['module_export'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULE_EXPORT, 'set=export', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_MODULE_EXPORT . '</a></li>';
103
echo endMenue(BOX_HEADING_MODULES);
104

  
105
//---------------------------PARTNER
106
echo mainMenue(BOX_HEADING_PARTNER_MODULES);
107
    if (isset($admin_access['janolaw']) && $admin_access['janolaw'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_JANOLAW, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_JANOLAW . '</a></li>';
108
    if (isset($admin_access['it_recht_kanzlei']) && $admin_access['it_recht_kanzlei'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_IT_RECHT_KANZLEI, '') . '" class="menuBoxContentLink"> -' . BOX_IT_RECHT_KANZLEI . '</a></li>';
109
    if (isset($admin_access['haendlerbund']) && $admin_access['haendlerbund'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_HAENDLERBUND, '') . '" class="menuBoxContentLink"> -' . BOX_HAENDLERBUND . '</a></li>';
110
    if (isset($admin_access['protectedshops']) && $admin_access['protectedshops'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_PROTECTEDSHOPS, '') . '" class="menuBoxContentLink"> -' . BOX_PROTECTEDSHOPS . '</a></li>';
111
    if (isset($admin_access['cleverreach']) && $admin_access['cleverreach'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CLEVERREACH, '') . '" class="menuBoxContentLink"> -' . BOX_CLEVERREACH . '</a></li>';
112
    if (isset($admin_access['supermailer']) && $admin_access['supermailer'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_SUPERMAILER, '') . '" class="menuBoxContentLink"> -' . BOX_SUPERMAILER . '</a></li>';
113
    if (isset($admin_access['trustedshops']) && $admin_access['trustedshops'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_TRUSTEDSHOPS, '') . '" class="menuBoxContentLink"> -' . BOX_TRUSTEDSHOPS . '</a></li>';
114

  
115
    ## PayPal
116
    include(DIR_FS_EXTERNAL.'paypal/modules/column_left.php');
117

  
118
    ## shipcloud
119
    include(DIR_FS_EXTERNAL.'shipcloud/column_left.php');
120
    
121
    ## Magnalister
122
    if(defined('MODULE_MAGNALISTER_STATUS') && MODULE_MAGNALISTER_STATUS=='True') {
123
      if (isset($admin_access['magnalister']) && $admin_access['magnalister'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MAGNALISTER."", '', 'NONSSL') . '" class="menuBoxContentLink"> -'.BOX_MAGNALISTER.'</a></li>';
124
    } else {
125
      if ($admin_access['modules'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULE_EXPORT, 'set=system&module=magnalister', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_MAGNALISTER . '</a></li>';
126
    }
127
    
128
    ## Payone
129
    include(DIR_FS_EXTERNAL.'payone/modules/column_left.php');
130
    
131
    ## Shopgate
132
    if(defined('MODULE_PAYMENT_SHOPGATE_STATUS') && MODULE_PAYMENT_SHOPGATE_STATUS=='True') {
133
      include_once (DIR_FS_CATALOG.'includes/external/shopgate/base/admin/includes/column_left.php');
134
    } else {
135
      if ($admin_access['shopgate'] == '1') echo '<li><a href="' . xtc_href_link('shopgate.php', 'sg_option=info', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_SHOPGATE . '</a></li>';
136
    }
137
    
138
    ## SEMKNOX
139
    if (isset($admin_access['semknox']) && $admin_access['semknox'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_SEMKNOX, '') . '" class="menuBoxContentLink"> -' . BOX_SEMKNOX . '</a></li>';
140
echo endMenue(BOX_HEADING_PARTNER_MODULES);
141

  
142
//---------------------------STATISTIKEN
143
echo mainMenue(BOX_HEADING_STATISTICS);
144
    if ($admin_access['stats_products_viewed'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_STATS_PRODUCTS_VIEWED, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_PRODUCTS_VIEWED . '</a></li>';
145
    if ($admin_access['stats_products_purchased'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_STATS_PRODUCTS_PURCHASED, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_PRODUCTS_PURCHASED . '</a></li>';
146
    if ($admin_access['stats_customers'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_STATS_CUSTOMERS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_STATS_CUSTOMERS . '</a></li>';
147
    if ($admin_access['stats_sales_report'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_SALES_REPORT, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_SALES_REPORT . '</a></li>';
148
    if ($admin_access['stats_campaigns'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CAMPAIGNS_REPORT, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CAMPAIGNS_REPORT . '</a></li>';
149
echo endMenue(BOX_HEADING_STATISTICS);
150

  
151
//---------------------------HILFSPROGRAMME
152
echo mainMenue(BOX_HEADING_TOOLS);
153
    if (defined('MODULE_NEWSLETTER_STATUS') && MODULE_NEWSLETTER_STATUS == 'true') {
154
      if ($admin_access['newsletter_recipients'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_NEWSLETTER_RECIPIENTS) . '" class="menuBoxContentLink"> -' . BOX_NEWSLETTER_RECIPIENTS . '</a></li>';
155
      if ($admin_access['module_newsletter'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_MODULE_NEWSLETTER) . '" class="menuBoxContentLink"> -' . BOX_MODULE_NEWSLETTER . '</a></li>';
156
    }
157
    if ($admin_access['content_manager'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CONTENT_MANAGER) . '" class="menuBoxContentLink"> -' . BOX_CONTENT . '</a></li>';
158
    if ($admin_access['removeoldpics'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_REMOVEOLDPICS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_REMOVEOLDPICS . '</a></li>';
159
    if ($admin_access['backup'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_BACKUP) . '" class="menuBoxContentLink"> -' . BOX_BACKUP . '</a></li>';
160
    if (defined('MODULE_BANNER_MANAGER_STATUS') && MODULE_BANNER_MANAGER_STATUS == 'true') {
161
      if ($admin_access['banner_manager'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_BANNER_MANAGER) . '" class="menuBoxContentLink"> -' . BOX_BANNER_MANAGER . '</a></li>';
162
    }
163
    if ($admin_access['server_info'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_SERVER_INFO) . '" class="menuBoxContentLink"> -' . BOX_SERVER_INFO . '</a></li>';
164
    if ($admin_access['whos_online'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_WHOS_ONLINE) . '" class="menuBoxContentLink"> -' . BOX_WHOS_ONLINE . '</a></li>';
165
    if ($admin_access['csv_backend'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CSV_BACKEND) . '" class="menuBoxContentLink"> -' . BOX_IMPORT . '</a></li>';
166
    if ($admin_access['parcel_carriers'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_PARCEL_CARRIERS) . '" class="menuBoxContentLink"> -' . BOX_PARCEL_CARRIERS . '</a></li>';
167
    if ($admin_access['logs'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_LOGS) . '" class="menuBoxContentLink"> -' . BOX_LOGS . '</a></li>';
168
    if ($admin_access['blacklist_logs'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_BLACKLIST_LOGS) . '" class="menuBoxContentLink"> -' . BOX_BLACKLIST_LOGS . '</a></li>';
169
echo endMenue(BOX_HEADING_TOOLS);
170

  
171
//---------------------------GUTSCHEINE
172
if (ACTIVATE_GIFT_SYSTEM=='true') {
173
echo mainMenue(BOX_HEADING_GV_ADMIN);
174
    if ($admin_access['coupon_admin'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_COUPON_ADMIN, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_COUPON_ADMIN . '</a></li>';
175
    if ($admin_access['gv_queue'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_GV_QUEUE, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_GV_ADMIN_QUEUE . '</a></li>';
176
    if ($admin_access['gv_mail'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_GV_MAIL, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_GV_ADMIN_MAIL . '</a></li>';
177
    if ($admin_access['gv_sent'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_GV_SENT, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_GV_ADMIN_SENT . '</a></li>';
178
    if ($admin_access['gv_customers'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_GV_CUSTOMERS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_GV_CUSTOMERS . '</a></li>';
179
echo endMenue(BOX_HEADING_GV_ADMIN); 
180
}
181

  
182
//---------------------------LAND / STEUER
183
echo mainMenue(BOX_HEADING_ZONE);
184
    if ($admin_access['languages'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_LANGUAGES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_LANGUAGES . '</a></li>';
185
    if ($admin_access['countries'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_COUNTRIES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_COUNTRIES . '</a></li>';
186
    if ($admin_access['currencies'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CURRENCIES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CURRENCIES. '</a></li>';
187
    if ($admin_access['zones'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_ZONES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_ZONES . '</a></li>';
188
    if ($admin_access['geo_zones'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_GEO_ZONES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_GEO_ZONES . '</a></li>';
189
    if ($admin_access['tax_classes'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_TAX_CLASSES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_TAX_CLASSES . '</a></li>';
190
    if ($admin_access['tax_rates'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_TAX_RATES, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_TAX_RATES . '</a></li>';
191
echo endMenue(BOX_HEADING_ZONE);
192

  
193
//---------------------------KONFIGURATION
194
echo mainMenue(BOX_HEADING_CONFIGURATION);
195
    if ($admin_access['configuration'] == '1') {
196
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=1', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_1 . '</a></li>';
197
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=1000', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_1000 . '</a></li>';
198
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=2', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_2 . '</a></li>';
199
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=3', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_3 . '</a></li>';
200
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=4', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_4 . '</a></li>';
201
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=5', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_5 . '</a></li>';
202
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=7', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_7 . '</a></li>';
203
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=8', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_8 . '</a></li>';
204
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=9', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_9 . '</a></li>';
205
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=12', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_12 . '</a></li>';
206
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=13', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_13 . '</a></li>';
207
    }
208
    if ($admin_access['orders_status'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_ORDERS_STATUS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_ORDERS_STATUS . '</a></li>';
209
    if (ACTIVATE_SHIPPING_STATUS=='true' && $admin_access['shipping_status'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_SHIPPING_STATUS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_SHIPPING_STATUS . '</a></li>';
210
    if ($admin_access['products_vpe'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_PRODUCTS_VPE, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_PRODUCTS_VPE . '</a></li>';
211
    if ($admin_access['campaigns'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_CAMPAIGNS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CAMPAIGNS . '</a></li>';
212
    if ($admin_access['cross_sell_groups'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_XSELL_GROUPS, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_ORDERS_XSELL_GROUP . '</a></li>';
213
    if (isset($admin_access['cookie_consent']) && $admin_access['cookie_consent'] == '1') echo '<li><a href="' . xtc_href_link(FILENAME_COOKIE_CONSENT, '', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_COOKIE_CONSENT . '</a></li>';
214
echo endMenue(BOX_HEADING_CONFIGURATION);
215

  
216
//---------------------------KONFIGURATION 2
217
echo mainMenue(BOX_HEADING_CONFIGURATION2);
218
    if ($admin_access['shop_offline'] == '1') echo '<li><a href="' . xtc_href_link('shop_offline.php', '', 'NONSSL') . '" class="menuBoxContentLink"> -'.'Shop online/offline'.'</a></li>';
219
    if ($admin_access['configuration'] == '1') {
220
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=10', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_10 . '</a></li>';
221
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=11', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_11 . '</a></li>';
222
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=14', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_14 . '</a></li>';
223
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=15', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_15 . '</a></li>';
224
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=16', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_16 . '</a></li>';
225
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=17', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_17 . '</a></li>';
226
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=18', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_18 . '</a></li>';
227
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=19', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_19 . '</a></li>';
228
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=22', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_22 . '</a></li>';
229
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=40', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_40 . '</a></li>'; 
230
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=24', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_24 . '</a></li>';
231
      echo '<li><a href="' . xtc_href_link(FILENAME_CONFIGURATION, 'gID=25', 'NONSSL') . '" class="menuBoxContentLink"> -' . BOX_CONFIGURATION_25 . '</a></li>';
232
    }
233
echo endMenue(BOX_HEADING_CONFIGURATION2);
234

  
235
echo '</ul>'; 
236
echo '</div>';
237

  
238
//end----------------------------HTML----------------------------------------------------------------------------------
admin/customers.php
1
<?php
2
  /* --------------------------------------------------------------
3
   $Id: customers.php 13419 2021-02-09 15:13:48Z GTB $
4

  
5
   modified eCommerce Shopsoftware
6
   http://www.modified-shop.org
7

  
8
   Copyright (c) 2009 - 2013 [www.modified-shop.org]
9
   --------------------------------------------------------------
10
   based on:
11
   (c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
12
   (c) 2002-2003 osCommerce(customers.php,v 1.76 2003/05/04); www.oscommerce.com
13
   (c) 2003   nextcommerce (customers.php,v 1.22 2003/08/24); www.nextcommerce.org
14
   (c) 2006 XT-Commerce (customers.php 1296 2005-10-08)
15

  
16
   Released under the GNU General Public License
17
   --------------------------------------------------------------
18
   Third Party contribution:
19
   Customers Status v3.x  (c) 2002-2003 Copyright Elari elari@free.fr | www.unlockgsm.com/dload-osc/ | CVS : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/elari/?sortby=date#dirlist
20

  
21
   Released under the GNU General Public License
22
   --------------------------------------------------------------*/
23

  
24
  require ('includes/application_top.php');
25
  
26
  require_once (DIR_FS_INC.'xtc_validate_vatid_status.inc.php');
27
  require_once (DIR_FS_INC.'xtc_get_geo_zone_code.inc.php');
28
  require_once (DIR_FS_INC.'xtc_encrypt_password.inc.php');
29
  require_once (DIR_FS_INC.'xtc_js_lang.php');
30
  require_once (DIR_FS_INC.'ip_clearing.inc.php');
31
  require_once (DIR_FS_INC.'get_customers_gender.inc.php');
32
  
33
  require(DIR_WS_INCLUDES . 'get_states.php');
34

  
35
  // split page results
36
  if(!defined('MAX_DISPLAY_LIST_CUSTOMERS')) {
37
    define('MAX_DISPLAY_LIST_CUSTOMERS', 100);
38
  }
39

  
40
  // customers totals
41
  require(DIR_WS_CLASSES . 'currencies.php');
42
  $currencies = new currencies();
43

  
44
  $customers_statuses_array = xtc_get_customers_statuses();
45
  // changes all $customers_statuses_array[xx] to $customers_statuses_id_array[xx]  in html section
46
  $customers_statuses_id_array = array();
47
  for ($i=0;$n=sizeof($customers_statuses_array),$i<$n;$i++) {
48
    $customers_statuses_id_array[$customers_statuses_array[$i]['id']] = $customers_statuses_array[$i];
49
  }
50

  
51
  $processed = false;
52
  $error = false;
53
  $entry_vat_error_text = '';
54
  $action = (isset($_GET['action']) ? $_GET['action'] : '');
55
  $customers_id = (isset($_GET['cID']) ? (int)$_GET['cID'] : 0);
56
  $page = (isset($_GET['page']) ? (int)$_GET['page'] : 1);
57

  
58
  if (isset($_GET['special']) && $_GET['special'] == 'remove_memo') {
59
    $mID = xtc_db_prepare_input($_GET['mID']);
60
    xtc_db_query("DELETE FROM ".TABLE_CUSTOMERS_MEMO." WHERE memo_id = '".(int)$mID."'");
61
    xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array('cID', 'action', 'special')).'cID='.$customers_id.'&action=edit'));
62
  }
63

  
64
  if (($action == 'edit' || $action == 'update') && !(($customers_id == 1 && $_SESSION['customer_id'] == 1) || $customers_id != 1)) {
65
    xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, ''));
66
  }
67

  
68
  if ($action) {
69
    switch ($action) {
70
      case 'new_order_confirm':
71
        // customers
72
        $customers1_query = xtc_db_query("SELECT * FROM ".TABLE_CUSTOMERS." WHERE customers_id = '".$customers_id."'");
73
        $customers1 = xtc_db_fetch_array($customers1_query);
74

  
75
        // customers default address
76
        $customers_query = xtc_db_query("SELECT * FROM ".TABLE_ADDRESS_BOOK."
77
                                          WHERE customers_id = '".$customers_id."'
78
                                            AND address_book_id =  '".$customers1['customers_default_address_id']."'");
79
        $customers = xtc_db_fetch_array($customers_query);
80

  
81
        // countries
82
        $country_query = xtc_db_query("SELECT countries_name, countries_iso_code_2, address_format_id
83
                                         FROM ".TABLE_COUNTRIES."
84
                                        WHERE countries_id = '".$customers['entry_country_id']."'");
85
        $country = xtc_db_fetch_array($country_query);
86

  
87
        // customers status
88
        $stat_query = xtc_db_query("SELECT * FROM ".TABLE_CUSTOMERS_STATUS." WHERE customers_status_id = '".(int)$customers1['customers_status']."' AND language_id = '".(int)$_SESSION['languages_id']."'");
89
        $stat = xtc_db_fetch_array($stat_query);
90

  
91
        if (file_exists(DIR_FS_LANGUAGES . $_SESSION['language'] . '/modules/shipping/' . $_POST['shipping'] . '.php')) {
92
          require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/modules/shipping/' . $_POST['shipping'] . '.php');
93
        }
94

  
95
        $sql_data_array = array (
96
            'customers_id' => xtc_db_prepare_input($customers['customers_id']),
97
            'customers_cid' => xtc_db_prepare_input($customers1['customers_cid']),
98
            'customers_vat_id' => xtc_db_prepare_input($customers1['customers_vat_id']),
99
            'customers_status' => xtc_db_prepare_input($customers1['customers_status']),
100
            'customers_status_name' => xtc_db_prepare_input($stat['customers_status_name']),
101
            'customers_status_image' => xtc_db_prepare_input($stat['customers_status_image']),
102
            'customers_status_discount' => xtc_db_prepare_input($stat['customers_status_discount']),
103
            'customers_name' => xtc_db_prepare_input($customers['entry_firstname'].' '.$customers['entry_lastname']),
104
            'customers_lastname' => xtc_db_prepare_input($customers['entry_lastname']),
105
            'customers_firstname' => xtc_db_prepare_input($customers['entry_firstname']),
106
            'customers_gender' => xtc_db_prepare_input($customers['entry_gender']),
107
            'customers_company' => xtc_db_prepare_input($customers['entry_company']),
108
            'customers_street_address' => xtc_db_prepare_input($customers['entry_street_address']),
109
            'customers_suburb' => xtc_db_prepare_input($customers['entry_suburb']),
110
            'customers_city' => xtc_db_prepare_input($customers['entry_city']),
111
            'customers_postcode' => xtc_db_prepare_input($customers['entry_postcode']),
112
            'customers_state' => xtc_db_prepare_input(xtc_get_zone_code($customers['entry_country_id'], $customers['entry_zone_id'], $customers['entry_state'])),
113
            'customers_country' => xtc_db_prepare_input($country['countries_name']),
114
            'customers_telephone' => xtc_db_prepare_input($customers1['customers_telephone']),
115
            'customers_email_address' => xtc_db_prepare_input($customers1['customers_email_address']),
116
            'customers_country_iso_code_2' => xtc_db_prepare_input($country['countries_iso_code_2']),
117
            'customers_address_format_id' => xtc_db_prepare_input($country['address_format_id']),
118
            'delivery_name' => xtc_db_prepare_input($customers['entry_firstname'].' '.$customers['entry_lastname']),
119
            'delivery_lastname' => xtc_db_prepare_input($customers['entry_lastname']),
120
            'delivery_firstname' => xtc_db_prepare_input($customers['entry_firstname']),
121
            'delivery_gender' => xtc_db_prepare_input($customers['entry_gender']),
122
            'delivery_company' => xtc_db_prepare_input($customers['entry_company']),
123
            'delivery_street_address' => xtc_db_prepare_input($customers['entry_street_address']),
124
            'delivery_suburb' => xtc_db_prepare_input($customers['entry_suburb']),
125
            'delivery_city' => xtc_db_prepare_input($customers['entry_city']),
126
            'delivery_postcode' => xtc_db_prepare_input($customers['entry_postcode']),
127
            'delivery_state' => xtc_db_prepare_input(xtc_get_zone_code($customers['entry_country_id'], $customers['entry_zone_id'], $customers['entry_state'])),
128
            'delivery_country' => xtc_db_prepare_input($country['countries_name']),
129
            'delivery_country_iso_code_2' => xtc_db_prepare_input($country['countries_iso_code_2']),
130
            'delivery_address_format_id' => xtc_db_prepare_input($country['address_format_id']),
131
            'billing_name' => xtc_db_prepare_input($customers['entry_firstname'].' '.$customers['entry_lastname']),
132
            'billing_lastname' => xtc_db_prepare_input($customers['entry_lastname']),
133
            'billing_firstname' => xtc_db_prepare_input($customers['entry_firstname']),
134
            'billing_gender' => xtc_db_prepare_input($customers['entry_gender']),
135
            'billing_company' => xtc_db_prepare_input($customers['entry_company']),
136
            'billing_street_address' => xtc_db_prepare_input($customers['entry_street_address']),
137
            'billing_suburb' => xtc_db_prepare_input($customers['entry_suburb']),
138
            'billing_city' => xtc_db_prepare_input($customers['entry_city']),
139
            'billing_postcode' => xtc_db_prepare_input($customers['entry_postcode']),
140
            'billing_state' => xtc_db_prepare_input(xtc_get_zone_code($customers['entry_country_id'], $customers['entry_zone_id'], $customers['entry_state'])),
141
            'billing_country' => xtc_db_prepare_input($country['countries_name']),
142
            'billing_country_iso_code_2' => xtc_db_prepare_input($country['countries_iso_code_2']),
143
            'billing_address_format_id' => xtc_db_prepare_input($country['address_format_id']),
144
            'payment_method' => xtc_db_prepare_input($_POST['payment']),
145
            'comments' => '',
146
            'date_purchased' => 'now()',
147
            'orders_status' => DEFAULT_ORDERS_STATUS_ID,
148
            'currency' => DEFAULT_CURRENCY,
149
            'currency_value' => '1.0000',
150
            'account_type' => $customers1['account_type'],
151
            'payment_class' => xtc_db_prepare_input($_POST['payment']),
152
            'shipping_method' => constant('MODULE_SHIPPING_'.strtoupper($_POST['shipping']).'_TEXT_TITLE'),
153
            'shipping_class' => xtc_db_prepare_input($_POST['shipping']).'_'.xtc_db_prepare_input($_POST['shipping']),
154
            'customers_ip' => ip_clearing($_SESSION['tracking']['ip']),
155
            'language' => $_SESSION['language'],
156
            'languages_id' => $_SESSION['languages_id']
157
          );
158

  
159
        xtc_db_perform(TABLE_ORDERS, $sql_data_array);
160
        $orders_id = xtc_db_insert_id();
161

  
162
        $sql_data_array = array (
163
            'orders_id' => (int)$orders_id,
164
            'orders_status_id' => DEFAULT_ORDERS_STATUS_ID,
165
            'date_added' => 'now()',
166
            'customer_notified' => '0',
167
            'comments' => '',
168
          );
169
        xtc_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
170

  
171
        require_once (DIR_FS_LANGUAGES.$_SESSION['language'].'/modules/order_total/ot_total.php');
172
        $sql_data_array = array(
173
            'orders_id' => (int)$orders_id,
174
            'title' => MODULE_ORDER_TOTAL_TOTAL_TITLE.':',
175
            'text' => '0',
176
            'value' => '0',
177
            'class' => 'ot_total',
178
            'sort_order' => MODULE_ORDER_TOTAL_TOTAL_SORT_ORDER
179
          );
180
        xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
181

  
182
        require_once (DIR_FS_LANGUAGES.$_SESSION['language'].'/modules/order_total/ot_shipping.php');
183
        $sql_data_array = array(
184
            'orders_id' => (int)$orders_id,
185
            'title' => constant('MODULE_SHIPPING_'.strtoupper($_POST['shipping']).'_TEXT_TITLE').':',
186
            'text' => '0',
187
            'value' => '0',
188
            'class' => 'ot_shipping',
189
            'sort_order' => MODULE_ORDER_TOTAL_SHIPPING_SORT_ORDER
190
          );
191
        xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
192

  
193
        require_once (DIR_FS_LANGUAGES.$_SESSION['language'].'/modules/order_total/ot_subtotal.php');
194
        $sql_data_array = array(
195
            'orders_id' => (int)$orders_id,
196
            'title' => MODULE_ORDER_TOTAL_SUBTOTAL_TITLE.':',
197
            'text' => '0',
198
            'value' => '0',
199
            'class' => 'ot_subtotal',
200
            'sort_order' => MODULE_ORDER_TOTAL_SUBTOTAL_SORT_ORDER
201
          );
202
        xtc_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
203

  
204
        xtc_redirect(xtc_href_link(FILENAME_ORDERS, 'oID='.(int)$orders_id.'&action=edit'));
205
        break;
206

  
207
      case 'delete_confirm_adressbook' :
208
          xtc_db_query("DELETE FROM ".TABLE_ADDRESS_BOOK."
209
                              WHERE address_book_id = '".(int) $_GET['address_book_id']."'
210
                                AND customers_id = '".$customers_id."'");
211
          xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array ('cID', 'action', 'delete_confirm_adressbook')).'cID='.(int)$customers_id));
212
          break;
213

  
214
       case 'update_default_adressbook' :
215
          $address_book_query = xtc_db_query("SELECT entry_gender AS customers_gender,
216
                                                     entry_firstname AS customers_firstname,
217
                                                     entry_lastname AS customers_lastname
218
                                                FROM ".TABLE_ADDRESS_BOOK."
219
                                               WHERE address_book_id = '".(int) $_GET['default']."'
220
                                                 AND customers_id = '".$customers_id."'");
221
          $address_book_array = xtc_db_fetch_array($address_book_query);
222

  
223
          if (ACCOUNT_GENDER != 'true') {
224
            unset($address_book_array['customers_gender']);
225
          }
226

  
227
          $sql_data_array = array (
228
              'customers_default_address_id' => (int) $_GET['default'],
229
              'customers_last_modified' => 'now()'
230
            );
231
          $sql_data_array = array_merge($address_book_array,$sql_data_array);
232
          xtc_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '". $customers_id ."'");
233

  
234
          xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array ('cID', 'action', 'update_default_adressbook', 'default')).'cID='.$customers_id.'&action=address_book'));
235
          break;
236

  
237
      case 'statusconfirm' :    
238
        if (!isset($_POST['multi_customers_confirm']) && (int)$customers_id > 0) {
239
          $_POST['multi_customers_confirm'] = array($customers_id);
240
        }
241
        
242
        if (isset($_POST['multi_customers_confirm']) && is_array($_POST['multi_customers_confirm'])) {
243
          foreach ($_POST['multi_customers_confirm'] as $customers_id) {
244
            $error = false;
245
            $check_status_query = xtc_db_query("SELECT customers_firstname,
246
                                                       customers_lastname,
247
                                                       customers_email_address,
248
                                                       customers_status,
249
                                                       member_flag
250
                                                  FROM ".TABLE_CUSTOMERS."
251
                                                 WHERE customers_id = '".$customers_id."'");
252
            $check_status = xtc_db_fetch_array($check_status_query);
253
            if ($check_status['customers_status'] != (int)$_POST['customers_status']) {
254
              $sql_data_array = array('customers_status' => (int)$_POST['customers_status']);
255
          
256
              $sql_add_data_array['account_type'] = '1';                        
257
              if ($_POST['customers_status'] != DEFAULT_CUSTOMERS_STATUS_ID_GUEST) {
258
                $sql_add_data_array['account_type'] = '0';
259
              }
260
          
261
              // check existing account
262
              if ($sql_add_data_array['account_type'] == '0') {
263
                $check_existing_customer_query = xtc_db_query("SELECT customers_id
264
                                                                 FROM ".TABLE_CUSTOMERS."
265
                                                                WHERE customers_email_address = '".xtc_db_input($check_status['customers_email_address'])."'
266
                                                                  AND account_type = '0'
267
                                                                  AND customers_id != '".$customers_id."'");
268
                if (xtc_db_num_rows($check_existing_customer_query) > 0) {
269
                  $error = true;
270
                  $messageStack->add_session(WARNING_CUSTOMER_ALREADY_EXISTS, 'warning');
271
                }
272
              }
273
          
274
              if ($error === false) {
275
                xtc_db_perform(TABLE_CUSTOMERS, array_merge($sql_data_array, $sql_add_data_array), 'update', "customers_id = '".$customers_id."'"); 
276

  
277
                // update customers status in newsletters_recipients
278
                xtc_db_perform(TABLE_NEWSLETTER_RECIPIENTS, $sql_data_array, 'update', "customers_id = '".$customers_id."'"); 
279
                    
280
                // create insert for admin access table if customers status is set to 0
281
                if ($_POST['customers_status'] == 0) {
282
                  xtc_db_query("INSERT INTO  ".TABLE_ADMIN_ACCESS." (customers_id) VALUES ('".$customers_id."')");
283
                } else {
284
                  xtc_db_query("DELETE FROM ".TABLE_ADMIN_ACCESS." WHERE customers_id = '".$customers_id."'");
285
                }
286
                $sql_data_array = array('customers_id' => $customers_id,
287
                                        'new_value' => (int)$_POST['customers_status'],
288
                                        'old_value' => $check_status['customers_status'],
289
                                        'date_added' => 'now()',
290
                                        'customer_notified' => '0');
291
                xtc_db_perform(TABLE_CUSTOMERS_STATUS_HISTORY, $sql_data_array);  
292
              }        
293
            }
294
          }
295
        }
296
        xtc_redirect(xtc_href_link(FILENAME_CUSTOMERS, xtc_get_all_get_params(array('cID', 'action')).'cID='.$customers_id));
297
        break;
298

  
299
      case 'update' :
300
        $customers_cid = xtc_db_prepare_input($_POST['customers_cid']);
301
        $customers_vat_id = xtc_db_prepare_input($_POST['customers_vat_id']);
302
        $customers_vat_id_status = (isset($_POST['customers_vat_id_status']) ? xtc_db_prepare_input($_POST['customers_vat_id_status']) : '');
303
        $customers_firstname = xtc_db_prepare_input($_POST['customers_firstname']);
304
        $customers_lastname = xtc_db_prepare_input($_POST['customers_lastname']);
305
        $customers_email_address = xtc_db_prepare_input($_POST['customers_email_address']);
306
        $customers_telephone = xtc_db_prepare_input($_POST['customers_telephone']);
307
        $customers_fax = xtc_db_prepare_input($_POST['customers_fax']);
308
        if (ACCOUNT_GENDER == 'true') $customers_gender = xtc_db_prepare_input($_POST['customers_gender']);
309
        if (ACCOUNT_DOB == 'true') $customers_dob = xtc_db_prepare_input($_POST['customers_dob']);
310
        $customers_default_address_id = xtc_db_prepare_input($_POST['customers_default_address_id']);
311
        $address_book_id = xtc_db_prepare_input($_POST['address_book_id']);
312
        $entry_street_address = xtc_db_prepare_input($_POST['entry_street_address']);
313
        if (ACCOUNT_SUBURB == 'true') $entry_suburb = xtc_db_prepare_input($_POST['entry_suburb']);
314
        $entry_postcode = xtc_db_prepare_input($_POST['entry_postcode']);
315
        $entry_city = xtc_db_prepare_input($_POST['entry_city']);
316
        $entry_country_id = xtc_db_prepare_input($_POST['entry_country_id']);
317
        if (ACCOUNT_COMPANY == 'true') $entry_company = xtc_db_prepare_input($_POST['entry_company']);
318
        if (ACCOUNT_STATE == 'true') $entry_state = xtc_db_prepare_input($_POST['entry_state']);
319
        if (ACCOUNT_STATE == 'true') $entry_zone_id = xtc_db_prepare_input($_POST['entry_zone_id']);
320
        $memo_title = xtc_db_prepare_input($_POST['memo_title']);
321
        $memo_text = xtc_db_prepare_input($_POST['memo_text']);
322
        $payment_unallowed = implode(',', (isset($_POST['payment_unallowed']) && is_array($_POST['payment_unallowed']) ? $_POST['payment_unallowed'] : array()));
323
        $shipping_unallowed = implode(',', (isset($_POST['shipping_unallowed']) && is_array($_POST['shipping_unallowed']) ? $_POST['shipping_unallowed'] : array()));
324
        $password = xtc_db_prepare_input($_POST['customers_password']);
325
        /*
326
        $amount = xtc_db_prepare_input($_POST['amount']);
327
        if ($amount != '') {
328
          $sql_data_array = array('customer_id' => $customers_id,
329
                                  'amount' => $amount
330
                                  );
331
          $check_gv_query = xtc_db_query("SELECT * FROM " . TABLE_COUPON_GV_CUSTOMER . " WHERE customer_id = '".$customers_id."'");
332
          if (xtc_db_num_rows($check_gv_query) > 0) {
333
            xtc_db_perform(TABLE_COUPON_GV_CUSTOMER, $sql_data_array, 'update', "customer_id = '".$customers_id."'");
334
          } else {
335
            xtc_db_perform(TABLE_COUPON_GV_CUSTOMER, $sql_data_array);
336
          }
337
        }*/
338

  
339
        // reset error flag
340
        $error = false;
341
        
342
        $entry_memo_title_error = false;
343
        $entry_memo_text_error = false;
344
        if ($memo_text != '' || $memo_title != '') {
345
          if ($memo_text != '' && $memo_title == '') {
346
            $error = true;
347
            $entry_memo_title_error = true;
348
          }
349
          if ($memo_text == '' && $memo_title != '') {
350
            $error = true;
351
            $entry_memo_text_error = true;
352
          }
353
          if ($error === false) {
354
            $sql_data_array = array ('customers_id' => $customers_id,
355
                                     'memo_date' => date("Y-m-d"),
356
                                     'memo_title' => $memo_title,
357
                                     'memo_text' => $memo_text,
358
                                     'poster_id' => (int)$_SESSION['customer_id']
359
                                    );
360
            xtc_db_perform(TABLE_CUSTOMERS_MEMO, $sql_data_array);
361
          }
362
        }
363
        
364
        if (strlen($customers_firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
365
          $error = true;
366
          $entry_firstname_error = true;
367
        } else {
368
          $entry_firstname_error = false;
369
        }
370

  
371
        if (strlen($customers_lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
372
          $error = true;
373
          $entry_lastname_error = true;
374
        } else {
375
          $entry_lastname_error = false;
376
        }
377

  
378
        if (ACCOUNT_GENDER == 'true') {
379
          if (($customers_gender == '')) {
380
            $error = true;
381
            $entry_gender_error = true;
382
          } else {
383
            $entry_gender_error = false;
384
          }
385
        }
386

  
387
        if (ACCOUNT_DOB == 'true') {
388
          if (checkdate(substr(xtc_date_raw($customers_dob), 4, 2), substr(xtc_date_raw($customers_dob), 6, 2), substr(xtc_date_raw($customers_dob), 0, 4))) {
389
            $entry_date_of_birth_error = false;
390
          } else {
391
            $error = true;
392
            $entry_date_of_birth_error = true;
393
          }
394
        }
395

  
396
        // New VAT Check
397
        if (xtc_get_geo_zone_code($entry_country_id) != '6') {
398
          require_once(DIR_FS_CATALOG.DIR_WS_CLASSES.'vat_validation.php');
399
          $vatID = new vat_validation($customers_vat_id, $customers_id, '', $entry_country_id);
400
          $customers_vat_id_status = isset($vatID->vat_info['vat_id_status']) ? $vatID->vat_info['vat_id_status'] : '';
401
          // display correct error code of VAT ID check
402
          switch ($customers_vat_id_status) {
403
            case '0' :// 'VAT invalid'
404
              $entry_vat_error_text = TEXT_VAT_FALSE;
405
              break;
406
            case '1' :// 'VAT valid'
407
              $entry_vat_error_text = TEXT_VAT_TRUE;
408
              break;
409
            case '2' :// 'SOAP ERROR: Connection to host not possible, europe.eu down?'
410
              $entry_vat_error_text = TEXT_VAT_CONNECTION_NOT_POSSIBLE;
411
              break;
412
            case '8' :// 'unknown country'
413
              $entry_vat_error_text = TEXT_VAT_UNKNOWN_COUNTRY;
414
              break;
415
            case '94' :// 'INVALID_INPUT' => 'The provided CountryCode is invalid or the VAT number is empty'
416
              $entry_vat_error_text = TEXT_VAT_INVALID_INPUT;
417
              break;
418
            case '95' :// 'SERVICE_UNAVAILABLE' => 'The SOAP service is unavailable, try again later'
419
              $entry_vat_error_text = TEXT_VAT_SERVICE_UNAVAILABLE;
420
              break;
421
            case '96' :// 'MS_UNAVAILABLE' => 'The Member State service is unavailable, try again later or with another Member State'
422
              $entry_vat_error_text = TEXT_VAT_MS_UNAVAILABLE;
423
              break;
424
            case '97' :// 'TIMEOUT' => 'The Member State service could not be reached in time, try again later or with another Member State',
425
              $entry_vat_error_text = TEXT_VAT_TIMEOUT;
426
              break;
427
            case '98' :// 'SERVER_BUSY' => 'The service cannot process your request. Try again later.'
428
              $entry_vat_error_text = TEXT_VAT_SERVER_BUSY;
429
              break;
430
            case '99' :// 'no PHP5 SOAP support'
431
              $entry_vat_error_text = TEXT_VAT_NO_PHP5_SOAP_SUPPORT;
432
              break;
433
            default:
434
              $entry_vat_error_text = '';
... Dieser Diff wurde abgeschnitten, weil er die maximale Anzahl anzuzeigender Zeilen überschreitet.

Auch abrufbar als: Unified diff