Hi, it shows as appearing in 7 different files.

Also curiously for the create_account.php page it shows as being on line 402, yeat dreamweaver shows this as line 404 - is there a better way I should open php files to make sure I am looking at the correct line?

I am on version 1.3.9h

The full text for create_account.php (in case it helps) is:
Code:
<?php
/**
 * create_account header_php.php
 *
 * @package modules
 * @copyright Copyright 2003-2007 Zen Cart Development Team
 * @copyright Portions Copyright 2003 osCommerce
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 * @version $Id: create_account.php 6772 2007-08-21 12:33:29Z drbyte $
 */
// BOF Captcha
// This should be first line of the script:
$zco_notifier->notify('NOTIFY_MODULE_START_CREATE_ACCOUNT');

if (!defined('IS_ADMIN_FLAG')) {
  die('Illegal Access');
}
// BOF Captcha
if(CAPTCHA_CREATE_ACCOUNT != 'false') {
        require(DIR_WS_CLASSES . 'captcha.php');
        $captcha = new captcha();
}
// EOF Captcha
/**
 * Set some defaults
 */
  $process = false;
  $zone_name = '';
  $entry_state_has_zones = '';
  $error_state_input = false;
  $state = '';
  $zone_id = 0;
  $error = false;
  $email_format = (ACCOUNT_EMAIL_PREFERENCE == '1' ? 'HTML' : 'TEXT');
  $newsletter = (ACCOUNT_NEWSLETTER_STATUS == '1' || ACCOUNT_NEWSLETTER_STATUS == '0' ? false : true);
  $process_shipping = false;
  $zone_name_shipping = '';
  $entry_state_has_zones_shipping = '';
  $error_state_input_shipping = false;
  $state_shipping = '';
  $zone_id_shipping = 0;

/**
 * Process form contents
 */
if (isset($_POST['action']) && ($_POST['action'] == 'process')) {
  $process = true;

  if (ACCOUNT_GENDER == 'true') {
    if (isset($_POST['gender'])) {
      $gender = zen_db_prepare_input($_POST['gender']);
    } else {
      $gender = false;
    }
  }

  if (isset($_POST['email_format'])) {
    $email_format = zen_db_prepare_input($_POST['email_format']);
  }

  if (ACCOUNT_COMPANY == 'true') $company = zen_db_prepare_input($_POST['company']);
  $firstname = zen_db_prepare_input(zen_sanitize_string($_POST['firstname']));
  $lastname = zen_db_prepare_input(zen_sanitize_string($_POST['lastname']));
  $nick = zen_db_prepare_input($_POST['nick']);
  if (ACCOUNT_DOB == 'true') $dob = zen_db_prepare_input($_POST['dob']);
  $email_address = zen_db_prepare_input($_POST['email_address']);
  $street_address = zen_db_prepare_input($_POST['street_address']);
  if (ACCOUNT_SUBURB == 'true') $suburb = zen_db_prepare_input($_POST['suburb']);
  $postcode = zen_db_prepare_input($_POST['postcode']);
  $city = zen_db_prepare_input($_POST['city']);
  if (ACCOUNT_STATE == 'true') {
    $state = zen_db_prepare_input($_POST['state']);
    if (isset($_POST['zone_id'])) {
      $zone_id = zen_db_prepare_input($_POST['zone_id']);
    } else {
      $zone_id = false;
    }
  }
  $country = zen_db_prepare_input($_POST['zone_country_id']);
  if (ACCOUNT_TELEPHONE == 'true') {
  $telephone = zen_db_prepare_input($_POST['telephone']);
  }
  $fax = zen_db_prepare_input($_POST['fax']);
  $customers_authorization = CUSTOMERS_APPROVAL_AUTHORIZATION;
  $customers_referral = zen_db_prepare_input($_POST['customers_referral']);

  if (ACCOUNT_NEWSLETTER_STATUS == '1' || ACCOUNT_NEWSLETTER_STATUS == '2') {
    $newsletter = 0;
    if (isset($_POST['newsletter'])) {
      $newsletter = zen_db_prepare_input($_POST['newsletter']);
    }
  }

  $password = zen_db_prepare_input($_POST['password']);
  $confirmation = zen_db_prepare_input($_POST['confirmation']);

//rmh referral start
    $source = zen_db_prepare_input($_POST['source']);
    if (isset($_POST['source_other'])) $source_other = zen_db_prepare_input($_POST['source_other']);
//rmh referral end
// BOF Captcha
  if (is_object($captcha) && !$captcha->validateCaptchaCode()) {
    $error = true;
    $messageStack->add('create_account', ERROR_CAPTCHA);
  }
// EOF Captcha

  if (DISPLAY_PRIVACY_CONDITIONS == 'true') {
    if (!isset($_POST['privacy_conditions']) || ($_POST['privacy_conditions'] != '1')) {
      $error = true;
      $messageStack->add('create_account', ERROR_PRIVACY_STATEMENT_NOT_ACCEPTED, 'error');
    }
  }

  if (ACCOUNT_GENDER == 'true') {
    if ( ($gender != 'm') && ($gender != 'f') ) {
      $error = true;
      $messageStack->add('create_account', ENTRY_GENDER_ERROR);
    }
  }

  if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_FIRST_NAME_ERROR);
  }

  if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_LAST_NAME_ERROR);
  }

  if (ACCOUNT_DOB == 'true') {
    if (ENTRY_DOB_MIN_LENGTH > 0 or !empty($_POST['dob'])) {
      if (substr_count($dob,'/') > 2 || checkdate((int)substr(zen_date_raw($dob), 4, 2), (int)substr(zen_date_raw($dob), 6, 2), (int)substr(zen_date_raw($dob), 0, 4)) == false) {
        $error = true;
        $messageStack->add('create_account', ENTRY_DATE_OF_BIRTH_ERROR);
      }
    }
  }

  if (ACCOUNT_COMPANY == 'true') {
    if ((int)ENTRY_COMPANY_MIN_LENGTH > 0 && strlen($company) < ENTRY_COMPANY_MIN_LENGTH) {
      $error = true;
      $messageStack->add('create_account', ENTRY_COMPANY_ERROR);
    }
  }


  if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR);
  } elseif (zen_validate_email($email_address) == false) {
    $error = true;
    $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
  } else {
    $check_email_query = "select count(*) as total
                            from " . TABLE_CUSTOMERS . "
                            where customers_email_address = '" . zen_db_input($email_address) . "'
                            and COWOA_account != 1";
    $check_email = $db->Execute($check_email_query);

    if ($check_email->fields['total'] > 0) {
      $error = true;
      $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
    }
  }

  if ($phpBB->phpBB['installed'] == true) {
    if (strlen($nick) < ENTRY_NICK_MIN_LENGTH)  {
      $error = true;
      $messageStack->add('create_account', ENTRY_NICK_LENGTH_ERROR);
    } else {
      // check Zen Cart for duplicate nickname
      $sql = "select * from " . TABLE_CUSTOMERS  . "
                           where customers_nick = :nick:";
      $check_nick_query = $db->bindVars($sql, ':nick:', $nick, 'string');
      $check_nick = $db->Execute($check_nick_query);
      if ($check_nick->RecordCount() > 0 ) {
        $error = true;
        $messageStack->add('create_account', ENTRY_NICK_DUPLICATE_ERROR);
      }
      // check phpBB for duplicate nickname
      if ($phpBB->phpbb_check_for_duplicate_nick($nick) == 'already_exists' ) {
        $error = true;
        $messageStack->add('create_account', ENTRY_NICK_DUPLICATE_ERROR . ' (phpBB)');
      }
    }
  }

  if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_STREET_ADDRESS_ERROR);
  }
  // BEGIN PO Box Ban 1/1
  if (defined('PO_BOX_ERROR')) {
    if ( preg_match('/PO BOX/si', $street_address) ) {
      $error = true;
      $messageStack->add('create_account', PO_BOX_ERROR);
    } else if ( preg_match('/POBOX/si', $street_address) ) {
      $error = true;
      $messageStack->add('create_account', PO_BOX_ERROR);
    } else if ( preg_match('/P\.O\./si', $street_address) ) {
      $error = true;
      $messageStack->add('create_account', PO_BOX_ERROR);
    } else if ( preg_match('/P\.O/si', $street_address) ) {
      $error = true;
      $messageStack->add('create_account', PO_BOX_ERROR);
    } else if ( preg_match('/PO\./si', $street_address) ) {
      $error = true;
      $messageStack->add('create_account', PO_BOX_ERROR);
    }
  }
  // END PO Box Ban 1/1

  if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_CITY_ERROR);
  }

  if (ACCOUNT_STATE == 'true') {
    $check_query = "SELECT count(*) AS total
                    FROM " . TABLE_ZONES . "
                    WHERE zone_country_id = :zoneCountryID";
    $check_query = $db->bindVars($check_query, ':zoneCountryID', $country, 'integer');
    $check = $db->Execute($check_query);
    $entry_state_has_zones = ($check->fields['total'] > 0);
    if ($entry_state_has_zones == true) {
      $zone_query = "SELECT distinct zone_id, zone_name, zone_code
                     FROM " . TABLE_ZONES . "
                     WHERE zone_country_id = :zoneCountryID
                     AND " .
                     ((trim($state) != '' && $zone_id == 0) ? "(upper(zone_name) like ':zoneState%' OR upper(zone_code) like '%:zoneState%') OR " : "") .
                    "zone_id = :zoneID
                     ORDER BY zone_code ASC, zone_name";

      $zone_query = $db->bindVars($zone_query, ':zoneCountryID', $country, 'integer');
      $zone_query = $db->bindVars($zone_query, ':zoneState', strtoupper($state), 'noquotestring');
      $zone_query = $db->bindVars($zone_query, ':zoneID', $zone_id, 'integer');
      $zone = $db->Execute($zone_query);

      //look for an exact match on zone ISO code
      $found_exact_iso_match = ($zone->RecordCount() == 1);
      if ($zone->RecordCount() > 1) {
        while (!$zone->EOF && !$found_exact_iso_match) {
          if (strtoupper($zone->fields['zone_code']) == strtoupper($state) ) {
            $found_exact_iso_match = true;
            continue;
          }
          $zone->MoveNext();
        }
      }

      if ($found_exact_iso_match) {
        $zone_id = $zone->fields['zone_id'];
        $zone_name = $zone->fields['zone_name'];
      } else {
        $error = true;
        $error_state_input = true;
        $messageStack->add('create_account', ENTRY_STATE_ERROR_SELECT);
      }
    } else {
      if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
        $error = true;
        $error_state_input = true;
        $messageStack->add('create_account', ENTRY_STATE_ERROR);
      }
    }
  }

  if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_POST_CODE_ERROR);
  }

  if ( (is_numeric($country) == false) || ($country < 1) ) {
    $error = true;
    $messageStack->add('create_account', ENTRY_COUNTRY_ERROR);
  }

  if (ACCOUNT_TELEPHONE == 'true') {
  if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_TELEPHONE_NUMBER_ERROR);
    }
  }

  // confirm email address modification
  if (FEC_CONFIRM_EMAIL == 'true') {
    $email_address_confirm = zen_db_prepare_input($_POST['email_address_confirm']);
    if ($email_address != $email_address_confirm) {
      $error = true;
      $messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CONFIRM_ERROR);
    }
  }
//rmh referral start
    if ((REFERRAL_REQUIRED == 'true') && (is_numeric($source) == false)) {
        $error = true;
        $messageStack->add('create_account', ENTRY_SOURCE_ERROR);
    }
    if ((REFERRAL_REQUIRED == 'true') && (DISPLAY_REFERRAL_OTHER == 'true') &&($source == '9999') && (!zen_not_null($source_other)) ) {
        $error = true;
        $messageStack->add('create_account', ENTRY_SOURCE_OTHER_ERROR);
    }
//rmh referral end

  if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
    $error = true;
    $messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
  } elseif ($password != $confirmation) {
    $error = true;
    $messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
  }
// begin shipping
    if ($_GET['main_page'] != "create_account" && enable_shippingAddress()) {
      $process_shipping = true;
      if (ACCOUNT_GENDER == 'true') $gender_shipping = zen_db_prepare_input($_POST['gender_shipping']);
      if (ACCOUNT_COMPANY == 'true') $company_shipping = zen_db_prepare_input($_POST['company_shipping']);
      $firstname_shipping = zen_db_prepare_input($_POST['firstname_shipping']);
      $lastname_shipping = zen_db_prepare_input($_POST['lastname_shipping']);
      $street_address_shipping = zen_db_prepare_input($_POST['street_address_shipping']);
      if (ACCOUNT_SUBURB == 'true') $suburb_shipping = zen_db_prepare_input($_POST['suburb_shipping']);
      $postcode_shipping = zen_db_prepare_input($_POST['postcode_shipping']);
      $city_shipping = zen_db_prepare_input($_POST['city_shipping']);
      if (ACCOUNT_STATE == 'true') {
        $state_shipping = zen_db_prepare_input($_POST['state_shipping']);
        if (isset($_POST['zone_id_shipping'])) {
          $zone_id_shipping = zen_db_prepare_input($_POST['zone_id_shipping']);
        } else {
          $zone_id_shipping = false;
        }
      }
      $country_shipping = zen_db_prepare_input($_POST['zone_country_id_shipping']);
  //echo ' I SEE: country=' . $country . '&nbsp;&nbsp;&nbsp;state=' . $state . '&nbsp;&nbsp;&nbsp;zone_id=' . $zone_id;
      if (ACCOUNT_GENDER == 'true') {
        if ( ($gender_shipping != 'm') && ($gender_shipping != 'f') ) {
          $error = true;
          $messageStack->add('create_account', ENTRY_GENDER_ERROR);
        }
      }

      if (strlen($firstname_shipping) < ENTRY_FIRST_NAME_MIN_LENGTH) {
        $error = true;
        $messageStack->add('create_account', ENTRY_FIRST_NAME_ERROR);
      }

      if (strlen($lastname_shipping) < ENTRY_LAST_NAME_MIN_LENGTH) {
        $error = true;
        $messageStack->add('create_account', ENTRY_LAST_NAME_ERROR);
      }

      if (strlen($street_address_shipping) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
        $error = true;
        $messageStack->add('create_account', ENTRY_STREET_ADDRESS_ERROR);
      }

      if (strlen($city_shipping) < ENTRY_CITY_MIN_LENGTH) {
        $error = true;
        $messageStack->add('create_account', ENTRY_CITY_ERROR);
      }
      
      // BEGIN PO Box Ban 1/1
      if (defined('PO_BOX_ERROR')) {
        if ( preg_match('/PO BOX/si', $street_address_shipping) ) {
          $error = true;
          $messageStack->add('create_account', PO_BOX_ERROR);
        } else if ( preg_match('/POBOX/si', $street_address_shipping) ) {
          $error = true;
          $messageStack->add('create_account', PO_BOX_ERROR);
        } else if ( preg_match('/P\.O\./si', $street_address_shipping) ) {
          $error = true;
          $messageStack->add('create_account', PO_BOX_ERROR);
        } else if ( preg_match('/P\.O/si', $street_address_shipping) ) {
          $error = true;
          $messageStack->add('create_account', PO_BOX_ERROR);
        } else if ( preg_match('/PO\./si', $street_address_shipping) ) {
          $error = true;
          $messageStack->add('create_account', PO_BOX_ERROR);
        }
      }
      // END PO Box Ban 1/1

      if (ACCOUNT_STATE == 'true') {
        $check_query = "SELECT count(*) AS total
                        FROM " . TABLE_ZONES . "
                        WHERE zone_country_id = :zoneCountryID";
        $check_query = $db->bindVars($check_query, ':zoneCountryID', $country_shipping, 'integer');
        $check = $db->Execute($check_query);
        $entry_state_has_zones_shipping = ($check->fields['total'] > 0);
        if ($entry_state_has_zones_shipping == true) {
          $zone_query = "SELECT distinct zone_id, zone_name, zone_code
                         FROM " . TABLE_ZONES . "
                         WHERE zone_country_id = :zoneCountryID
                         AND " . 
                       ((trim($state_shipping) != '' && $zone_id_shipping == 0) ? "(upper(zone_name) like ':zoneState%' OR upper(zone_code) like '%:zoneState%') OR " : "") .
                        "zone_id = :zoneID
                         ORDER BY zone_code ASC, zone_name";

          $zone_query = $db->bindVars($zone_query, ':zoneCountryID', $country_shipping, 'integer');
          $zone_query = $db->bindVars($zone_query, ':zoneState', strtoupper($state_shipping), 'noquotestring');
          $zone_query = $db->bindVars($zone_query, ':zoneID', $zone_id_shipping, 'integer');
          $zone_shipping = $db->Execute($zone_query);

          //look for an exact match on zone ISO code
          $found_exact_iso_match_shipping = ($zone->RecordCount() == 1);
          if ($zone_shipping->RecordCount() > 1) {
            while (!$zone_shipping->EOF && !$found_exact_iso_match_shipping) {
              if (strtoupper($zone->fields['zone_code']) == strtoupper($state_shipping) ) {
                $found_exact_iso_match_shipping = true;
                continue;
              }
              $zone_shipping->MoveNext();
            }