Location: PHPKode > projects > FreeWebshop > customer.php
<?php
/*  customer.php
    Copyright 2006, 2007, 2008 Elmar Wenners
    Support site: http://www.chaozz.nl

    This file is part of FreeWebshop.org.

    FreeWebshop.org is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    FreeWebshop.org is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with FreeWebshop.org; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

*/
?>
<?php if ($index_refer <> 1) { exit(); } ?>
<?php
        if ($action == "show" || $action == "save") {
	         $eror = 0;
	         // read post values if needed
	         if (!empty($_POST['login'])) {
	   	         $login=$_POST['login'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['pass1'])) {
		         $pass1=$_POST['pass1'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['pass2'])) {
	   	         $pass2=$_POST['pass2'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['name'])) {
		         $name=$_POST['name'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['initials'])) {
		         $initials=$_POST['initials'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['address'])) {
	   	         $address=$_POST['address'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['zip'])) {
		         $zip=$_POST['zip'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['city'])) {
	   	         $city=$_POST['city'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['state'])) {
	   	         $state=$_POST['state'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['email'])) {
	   	         $email=$_POST['email'];
	         }
	         else { $error =1 ; }
	         if (!empty($_POST['country'])) {
	   	         $country=$_POST['country'];
	         }
	         else { $error =1 ; }

	         // optional, so don't raise error if null
	         if (!empty($_POST['company'])) {
	   	         $company=$_POST['company'];
	         }
	         else { $company = ""; }
	         if (!empty($_POST['phone'])) {
		         $phone=$_POST['phone'];
	         }
	         else { $phone = ""; }
	         if (!empty($_POST['middle'])) {
	   	         $middle=$_POST['middle'];
	         }
	         else { $middle = ""; }
	         $newsletter = CheckBox($_POST['newsletter']);
         }

         // is it an admin?
         if (IsAdmin() == true) {
	        // customerid can be send from different forms in different ways so we need to check POST and GET
            if (!empty($_POST['customerid'])) {
   	           $customerid=intval($_POST['customerid']);
   	        }
            if (!empty($_GET['customerid'])) {
   	           $customerid=intval($_GET['customerid']);
   	        }
         }

      if ($action=="delete" && IsAdmin() == true) {
	     // are you removing a customer or accidently an admin?
         $query = "SELECT * FROM `".$dbtablesprefix."customer` WHERE ID = " . $customerid ;
         $sql = mysql_query($query) or die(mysql_error());
         $row = mysql_fetch_row($sql); 
         
         if ($row[13] != "ADMIN") {
             $del_query="DELETE FROM `".$dbtablesprefix."customer` WHERE ID = " . $customerid ;
             $del_sql = mysql_query($del_query) or die(mysql_error());
             PutWindow($gfx_dir, $txt['general13'] , $txt['customer2'], "dustbin.gif", "50");
         }
         else {
               PutWindow($gfx_dir, $txt['general12'] , $txt['customer32'], "warning.gif", "50");
         }
      }

      if ($action=="save") {
	      // are all values send?
	      if ($error == 1) {
		      PutWindow($gfx_dir, $txt['general12'], $txt['customer6'] . "<br /><br />" . $txt['customer5'], "warning.gif", "50");
	      }

	      // is the username alpanumeric?
	      if (!ctype_alnum($login) && $error == 0) {
		      PutWindow($gfx_dir, $txt['general12'], $txt['customer7'] . "<br /><br />" . $txt['customer5'], "warning.gif", "50");
		      $error =1;
	      }

	      // did the customer type the password twice the same?
	      if ($pass1<>$pass2 && $error == 0) {
		      PutWindow($gfx_dir, $txt['general12'], $txt['customer8'] . "<br /><br />" . $txt['customer5'], "warning.gif", "50");
		      $error =1;
	      }
          // ok, is it long enough (is it ever?)
	      if (strlen($pass1)< 5 && $error == 0) {
		      PutWindow($gfx_dir, $txt['general12'], $txt['customer9'] . "<br /><br />" . $txt['customer5'], "warning.gif", "50");
		      $error =1;
	      }

	      // is the email address somewhat ok? does it have a @ and a . in it?
	      if (isvalid_email_address($email) == false && $error == 0) {
		      PutWindow($gfx_dir, $txt['general12'], $txt['customer10'] . "<br /><br />" . $txt['customer5'], "warning.gif", "50");
		      $error =1;
	      }

          if ($error == 0) {
		      if (LoggedIn() == false) {
			      // new customer, so we need to check some stuff
			     
	              // captcha, for prevention of robot-users (R2D2)
	              if ($use_captcha == 1) {
		             $number = "0"; 
	       			 if (!empty($_POST['image_code'])) { $number = $_POST['image_code']; }
	      			 if(!file_exists("addons/captcha/".$number.".key") || $number == "0"){
		                 PutWindow($gfx_dir, $txt['general12'], $txt['general16'], "warning.gif", "50");
		                 $error = 1;
				      }
				      else { unlink ("addons/captcha/".$number.".key"); }
			      }
			      
                  // if you would want to check for reserved usernames, THIS would be the place!!!
                  // here you could check for loginnames like: ADMIN, WEBMASTER and bad language.
                  // [.. code not here yet ..]


	      	      // check if the loginname is unique
                  $query = sprintf("SELECT * FROM `".$dbtablesprefix."customer` WHERE `LOGINNAME` = %s", quote_smart($login));
                  $sql = mysql_query($query) or die(mysql_error());
                  if (!mysql_num_rows($sql) == 0) {
	                 PutWindow($gfx_dir, $txt['general12'], $txt['customer29'], "warning.gif", "50");
	                 $error =1;
                  }
	      	      // check if the email address is unique
                  $query = sprintf("SELECT * FROM `".$dbtablesprefix."customer` WHERE `EMAIL` = %s", quote_smart($email));
                  $sql = mysql_query($query) or die(mysql_error());
                  if (!mysql_num_rows($sql) == 0) {
	                 PutWindow($gfx_dir, $txt['general12'], $txt['customer34'], "warning.gif", "50");
                     $error =1;
                  }
                  // everything ok? then lets put the new customer in the database
	              if ($error == 0) {
			          include ($lang_file);
		              $query = sprintf("INSERT INTO `".$dbtablesprefix."customer` ( `LOGINNAME`, `PASSWORD`, `LASTNAME`, `MIDDLENAME`, `INITIALS`, `IP`, `ADDRESS`, `ZIP`, `CITY`, `STATE`, `PHONE`, `EMAIL`, `GROUP`, `COUNTRY`,`COMPANY`,`JOINDATE`,`NEWSLETTER`) VALUES (%s, %s, %s, %s, %s, '".GetUserIP()."', %s, %s, %s, %s, %s, %s, 'CUSTOMER', %s, %s, '".Date($date_format)."', '".$newsletter."')", quote_smart($login), quote_smart(md5($pass1)), quote_smart($name), quote_smart($middle), quote_smart($initials), quote_smart($address), quote_smart($zip), quote_smart($city), quote_smart($state), quote_smart($phone), quote_smart($email), quote_smart($country), quote_smart($company));
                      mymail($webmaster_mail, $webmaster_mail, $txt['customer36'], $txt['customer37']."<br /><br />".$txt['customer12'], $charset);
		              mymail($webmaster_mail, $email, $txt['customer11'], $txt['customer12'], $charset);
	                  $sql = mysql_query($query) or die(mysql_error());
	                  PutWindow($gfx_dir, $txt['general13'], $txt['customer13'], "notify.gif", "50"); // succesfully saved
			          echo "<h4><a href=\"index.php?page=my\">".$txt['customer35']."</a></h4>";  // click here to login
	              }
	          }
	          else {
	              // update existing customer
		          $query = sprintf("UPDATE `".$dbtablesprefix."customer` SET `LOGINNAME` =%s, `PASSWORD` = %s, `LASTNAME` = %s, `MIDDLENAME` = %s, `INITIALS` = %s, `IP` = '".GetUserIP()."', `ADDRESS` = %s, `ZIP` = %s, `CITY` = %s, `STATE` = %s, `PHONE` = %s, `EMAIL` = %s, `COUNTRY` = %s, `COMPANY` = %s, `NEWSLETTER` = '".$newsletter."' WHERE ID = %s", quote_smart($login), quote_smart(md5($pass1)), quote_smart($name), quote_smart($middle), quote_smart($initials), quote_smart($address), quote_smart($zip), quote_smart($city), quote_smart($state), quote_smart($phone), quote_smart($email), quote_smart($country), quote_smart($company), quote_smart($customerid));
	              $sql = mysql_query($query) or die(mysql_error());
	              PutWindow($gfx_dir, $txt['general13'], $txt['customer13'], "notify.gif", "50"); // succesfully saved
     			  $action =  "show";
	          }
          }
      }
      
      $country = $send_default_country; // if it's a new customer, let's suggest this country as the default one.
      
      if ($action == "show" && LoggedIn() == true) {
         $query = sprintf("SELECT * FROM `".$dbtablesprefix."customer` WHERE `ID` = %s", quote_smart($customerid));
         $sql = mysql_query($query) or die(mysql_error());
         $row = mysql_fetch_row($sql);
         $login      = $row[1];
         $pass1      = $row[2];
         $pass2      = $row[2];
         $name       = $row[3];
         $middle     = $row[4];
         $initials   = $row[5];
         $address    = $row[7];
         $zip        = $row[8];
         $city       = $row[9];
         $state      = $row[10];
         $phone      = $row[11];
         $email      = $row[12];
         $country    = $row[14];
         $company    = $row[15];
         $newsletter = $row[17];
      }
      if ($action != "delete" && $action != "save") {
         ?>
		    <table width="80%" class="datatable">
		      <caption><?php echo $txt['customer14']; ?></caption>
		       <tr><td>
                 <table width="100%" class="borderless">

                  <form method="POST" action="index.php?page=customer&action=save">
	              <tr><td><?php echo $txt['customer15'] ?> (*)</td>
	              <?php
	                    if ($action == show && IsAdmin() == false) { echo "<td>" . $login . "<input type=hidden name=login value='" . $login . "'></td>"; }
	                    else {
		                    ?>
		                    <td><input type="text" name="login" size="15" maxlength="15" value="<?php echo $login ?>"></td>
		          <?php } ?>
     	          </tr>
	              <tr><td><?php echo $txt['customer16'] ?> (*)</td>
	                  <td><input type="password" name="pass1" size="10" maxlength="10" value=""> <?php echo $txt['customer33']; ?></td>
        	      </tr>
	              <tr><td><?php echo $txt['customer17'] ?> (*)</td>
	                  <td><input type="password" name="pass2" size="10" maxlength="10" value=""></td>
	              </tr>
	              <tr><td><?php echo $txt['customer18'] ?> (*)</td>
	                  <td><input type="text" name="name" size="30" maxlength="30" value="<?php echo $name ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer19'] ?></td>
	                  <td><input type="text" name="middle" size="10" maxlength="10" value="<?php echo $middle ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer20'] ?> (*)</td>
	                  <td><input type="text" name="initials" size="10" maxlength="10" value="<?php echo $initials ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer30'] ?></td>
	                  <td><input type="text" name="company" size="30" maxlength="70" value="<?php echo $company ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer21'] ?> (*)</td>
	                  <td><input type="text" name="address" size="30" maxlength="75" value="<?php echo $address ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer22'] ?> (*)</td>
	                  <td><input type="text" name="zip" size="15" maxlength="15" value="<?php echo $zip ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer23'] ?> (*)</td>
	                  <td><input type="text" name="city" size="30" maxlength="50" value="<?php echo $city ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer1'] ?> (*)</td>
	                  <td><input type="text" name="state" size="30" maxlength="150" value="<?php echo $state ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer24'] ?> (*)</td>
	                  <td>
                         <SELECT NAME="country">
                          <OPTION VALUE="<?php echo $country ?>" SELECTED><?php echo $country ?>
                            <?php
                             // read countries
                             $file = file('countries.txt');
                             @array_walk($file, 'file_trim');
                             while (list($key, $val) = each($file)) {
                                     if ($val != $country) { echo "<OPTION VALUE=\"".$val."\">".$val; }
                             }
                          ?>
                         </SELECT>
                        </td>
                  </tr>
	              <tr><td><?php echo $txt['customer25'] ?></td>
	                  <td><input type="text" name="phone" size="20" maxlength="20" value="<?php echo $phone ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer26'] ?> (*)</td>
	                  <td><input type="text" name="email" size="30" maxlength="50" value="<?php echo $email ?>"></td>
	              </tr>
	              <tr><td><?php echo $txt['customer38'] ?></td>
	                  <td><input type="checkbox" name="newsletter" <?php if ($newsletter == 1) { echo "checked"; } ?>></td>
	              </tr>
<?php
			      if (LoggedIn() == false) {
				      // new customer, so lets use captcha to make sure it's human ;-)
		             if ($use_captcha == 1) {
						 echo "<tr><td><img src=\"addons/captcha/php_captcha.php\"><br />".$txt['general15']."</td>";
			             echo "<td><input type=\"text\" name=\"image_code\" size=\"10\"></td></tr>";
		             }
			      }
?> 	              
                  <tr><td class="borderless" colspan=2><div style="text-align:center;"><br /><input type="submit" value="<?php echo $txt['customer28'] ?>" name="sub"><br />
                      (<?php echo $txt['customer27'] ?>)</div></td>
	              </tr>
	              <input type="hidden" name="customerid" value="<?php echo $customerid ?>">
                 </form>
               </td></td>
              </table>
            </table>
<?php
      }
?>            
Return current item: FreeWebshop