Code:
<?php
/**
* create_account header_php.php
*
* @package modules
* @copyright Copyright 2003-2007 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: create_account.php 6772 2007-08-21 12:33:29Z drbyte $
*/
// BOF Captcha
// This should be first line of the script:
$zco_notifier->notify('NOTIFY_MODULE_START_CREATE_ACCOUNT');
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
// BOF Captcha
if(CAPTCHA_CREATE_ACCOUNT != 'false') {
require(DIR_WS_CLASSES . 'captcha.php');
$captcha = new captcha();
}
// EOF Captcha
/**
* Set some defaults
*/
$process = false;
$zone_name = '';
$entry_state_has_zones = '';
$error_state_input = false;
$state = '';
$zone_id = 0;
$error = false;
$email_format = (ACCOUNT_EMAIL_PREFERENCE == '1' ? 'HTML' : 'TEXT');
$newsletter = (ACCOUNT_NEWSLETTER_STATUS == '1' || ACCOUNT_NEWSLETTER_STATUS == '0' ? false : true);
$process_shipping = false;
$zone_name_shipping = '';
$entry_state_has_zones_shipping = '';
$error_state_input_shipping = false;
$state_shipping = '';
$zone_id_shipping = 0;
/**
* Process form contents
*/
if (isset($_POST['action']) && ($_POST['action'] == 'process')) {
$process = true;
if (ACCOUNT_GENDER == 'true') {
if (isset($_POST['gender'])) {
$gender = zen_db_prepare_input($_POST['gender']);
} else {
$gender = false;
}
}
if (isset($_POST['email_format'])) {
$email_format = zen_db_prepare_input($_POST['email_format']);
}
if (ACCOUNT_COMPANY == 'true') $company = zen_db_prepare_input($_POST['company']);
$firstname = zen_db_prepare_input(zen_sanitize_string($_POST['firstname']));
$lastname = zen_db_prepare_input(zen_sanitize_string($_POST['lastname']));
$nick = zen_db_prepare_input($_POST['nick']);
if (ACCOUNT_DOB == 'true') $dob = zen_db_prepare_input($_POST['dob']);
$email_address = zen_db_prepare_input($_POST['email_address']);
$street_address = zen_db_prepare_input($_POST['street_address']);
if (ACCOUNT_SUBURB == 'true') $suburb = zen_db_prepare_input($_POST['suburb']);
$postcode = zen_db_prepare_input($_POST['postcode']);
$city = zen_db_prepare_input($_POST['city']);
if (ACCOUNT_STATE == 'true') {
$state = zen_db_prepare_input($_POST['state']);
if (isset($_POST['zone_id'])) {
$zone_id = zen_db_prepare_input($_POST['zone_id']);
} else {
$zone_id = false;
}
}
$country = zen_db_prepare_input($_POST['zone_country_id']);
if (ACCOUNT_TELEPHONE == 'true') {
$telephone = zen_db_prepare_input($_POST['telephone']);
}
$fax = zen_db_prepare_input($_POST['fax']);
$customers_authorization = CUSTOMERS_APPROVAL_AUTHORIZATION;
$customers_referral = zen_db_prepare_input($_POST['customers_referral']);
if (ACCOUNT_NEWSLETTER_STATUS == '1' || ACCOUNT_NEWSLETTER_STATUS == '2') {
$newsletter = 0;
if (isset($_POST['newsletter'])) {
$newsletter = zen_db_prepare_input($_POST['newsletter']);
}
}
$password = zen_db_prepare_input($_POST['password']);
$confirmation = zen_db_prepare_input($_POST['confirmation']);
//rmh referral start
$source = zen_db_prepare_input($_POST['source']);
if (isset($_POST['source_other'])) $source_other = zen_db_prepare_input($_POST['source_other']);
//rmh referral end
// BOF Captcha
if (is_object($captcha) && !$captcha->validateCaptchaCode()) {
$error = true;
$messageStack->add('create_account', ERROR_CAPTCHA);
}
// EOF Captcha
if (DISPLAY_PRIVACY_CONDITIONS == 'true') {
if (!isset($_POST['privacy_conditions']) || ($_POST['privacy_conditions'] != '1')) {
$error = true;
$messageStack->add('create_account', ERROR_PRIVACY_STATEMENT_NOT_ACCEPTED, 'error');
}
}
if (ACCOUNT_GENDER == 'true') {
if ( ($gender != 'm') && ($gender != 'f') ) {
$error = true;
$messageStack->add('create_account', ENTRY_GENDER_ERROR);
}
}
if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_FIRST_NAME_ERROR);
}
if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_LAST_NAME_ERROR);
}
if (ACCOUNT_DOB == 'true') {
if (ENTRY_DOB_MIN_LENGTH > 0 or !empty($_POST['dob'])) {
if (substr_count($dob,'/') > 2 || checkdate((int)substr(zen_date_raw($dob), 4, 2), (int)substr(zen_date_raw($dob), 6, 2), (int)substr(zen_date_raw($dob), 0, 4)) == false) {
$error = true;
$messageStack->add('create_account', ENTRY_DATE_OF_BIRTH_ERROR);
}
}
}
if (ACCOUNT_COMPANY == 'true') {
if ((int)ENTRY_COMPANY_MIN_LENGTH > 0 && strlen($company) < ENTRY_COMPANY_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_COMPANY_ERROR);
}
}
if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR);
} elseif (zen_validate_email($email_address) == false) {
$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
} else {
$check_email_query = "select count(*) as total
from " . TABLE_CUSTOMERS . "
where customers_email_address = '" . zen_db_input($email_address) . "'
and COWOA_account != 1";
$check_email = $db->Execute($check_email_query);
if ($check_email->fields['total'] > 0) {
$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
}
}
if ($phpBB->phpBB['installed'] == true) {
if (strlen($nick) < ENTRY_NICK_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_NICK_LENGTH_ERROR);
} else {
// check Zen Cart for duplicate nickname
$sql = "select * from " . TABLE_CUSTOMERS . "
where customers_nick = :nick:";
$check_nick_query = $db->bindVars($sql, ':nick:', $nick, 'string');
$check_nick = $db->Execute($check_nick_query);
if ($check_nick->RecordCount() > 0 ) {
$error = true;
$messageStack->add('create_account', ENTRY_NICK_DUPLICATE_ERROR);
}
// check phpBB for duplicate nickname
if ($phpBB->phpbb_check_for_duplicate_nick($nick) == 'already_exists' ) {
$error = true;
$messageStack->add('create_account', ENTRY_NICK_DUPLICATE_ERROR . ' (phpBB)');
}
}
}
if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_STREET_ADDRESS_ERROR);
}
// BEGIN PO Box Ban 1/1
if (defined('PO_BOX_ERROR')) {
if ( preg_match('/PO BOX/si', $street_address) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/POBOX/si', $street_address) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/P\.O\./si', $street_address) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/P\.O/si', $street_address) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/PO\./si', $street_address) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
}
}
// END PO Box Ban 1/1
if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_CITY_ERROR);
}
if (ACCOUNT_STATE == 'true') {
$check_query = "SELECT count(*) AS total
FROM " . TABLE_ZONES . "
WHERE zone_country_id = :zoneCountryID";
$check_query = $db->bindVars($check_query, ':zoneCountryID', $country, 'integer');
$check = $db->Execute($check_query);
$entry_state_has_zones = ($check->fields['total'] > 0);
if ($entry_state_has_zones == true) {
$zone_query = "SELECT distinct zone_id, zone_name, zone_code
FROM " . TABLE_ZONES . "
WHERE zone_country_id = :zoneCountryID
AND " .
((trim($state) != '' && $zone_id == 0) ? "(upper(zone_name) like ':zoneState%' OR upper(zone_code) like '%:zoneState%') OR " : "") .
"zone_id = :zoneID
ORDER BY zone_code ASC, zone_name";
$zone_query = $db->bindVars($zone_query, ':zoneCountryID', $country, 'integer');
$zone_query = $db->bindVars($zone_query, ':zoneState', strtoupper($state), 'noquotestring');
$zone_query = $db->bindVars($zone_query, ':zoneID', $zone_id, 'integer');
$zone = $db->Execute($zone_query);
//look for an exact match on zone ISO code
$found_exact_iso_match = ($zone->RecordCount() == 1);
if ($zone->RecordCount() > 1) {
while (!$zone->EOF && !$found_exact_iso_match) {
if (strtoupper($zone->fields['zone_code']) == strtoupper($state) ) {
$found_exact_iso_match = true;
continue;
}
$zone->MoveNext();
}
}
if ($found_exact_iso_match) {
$zone_id = $zone->fields['zone_id'];
$zone_name = $zone->fields['zone_name'];
} else {
$error = true;
$error_state_input = true;
$messageStack->add('create_account', ENTRY_STATE_ERROR_SELECT);
}
} else {
if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
$error = true;
$error_state_input = true;
$messageStack->add('create_account', ENTRY_STATE_ERROR);
}
}
}
if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_POST_CODE_ERROR);
}
if ( (is_numeric($country) == false) || ($country < 1) ) {
$error = true;
$messageStack->add('create_account', ENTRY_COUNTRY_ERROR);
}
if (ACCOUNT_TELEPHONE == 'true') {
if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_TELEPHONE_NUMBER_ERROR);
}
}
// confirm email address modification
if (FEC_CONFIRM_EMAIL == 'true') {
$email_address_confirm = zen_db_prepare_input($_POST['email_address_confirm']);
if ($email_address != $email_address_confirm) {
$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CONFIRM_ERROR);
}
}
//rmh referral start
if ((REFERRAL_REQUIRED == 'true') && (is_numeric($source) == false)) {
$error = true;
$messageStack->add('create_account', ENTRY_SOURCE_ERROR);
}
if ((REFERRAL_REQUIRED == 'true') && (DISPLAY_REFERRAL_OTHER == 'true') &&($source == '9999') && (!zen_not_null($source_other)) ) {
$error = true;
$messageStack->add('create_account', ENTRY_SOURCE_OTHER_ERROR);
}
//rmh referral end
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
// begin shipping
if ($_GET['main_page'] != "create_account" && enable_shippingAddress()) {
$process_shipping = true;
if (ACCOUNT_GENDER == 'true') $gender_shipping = zen_db_prepare_input($_POST['gender_shipping']);
if (ACCOUNT_COMPANY == 'true') $company_shipping = zen_db_prepare_input($_POST['company_shipping']);
$firstname_shipping = zen_db_prepare_input($_POST['firstname_shipping']);
$lastname_shipping = zen_db_prepare_input($_POST['lastname_shipping']);
$street_address_shipping = zen_db_prepare_input($_POST['street_address_shipping']);
if (ACCOUNT_SUBURB == 'true') $suburb_shipping = zen_db_prepare_input($_POST['suburb_shipping']);
$postcode_shipping = zen_db_prepare_input($_POST['postcode_shipping']);
$city_shipping = zen_db_prepare_input($_POST['city_shipping']);
if (ACCOUNT_STATE == 'true') {
$state_shipping = zen_db_prepare_input($_POST['state_shipping']);
if (isset($_POST['zone_id_shipping'])) {
$zone_id_shipping = zen_db_prepare_input($_POST['zone_id_shipping']);
} else {
$zone_id_shipping = false;
}
}
$country_shipping = zen_db_prepare_input($_POST['zone_country_id_shipping']);
//echo ' I SEE: country=' . $country . ' state=' . $state . ' zone_id=' . $zone_id;
if (ACCOUNT_GENDER == 'true') {
if ( ($gender_shipping != 'm') && ($gender_shipping != 'f') ) {
$error = true;
$messageStack->add('create_account', ENTRY_GENDER_ERROR);
}
}
if (strlen($firstname_shipping) < ENTRY_FIRST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_FIRST_NAME_ERROR);
}
if (strlen($lastname_shipping) < ENTRY_LAST_NAME_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_LAST_NAME_ERROR);
}
if (strlen($street_address_shipping) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_STREET_ADDRESS_ERROR);
}
if (strlen($city_shipping) < ENTRY_CITY_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_CITY_ERROR);
}
// BEGIN PO Box Ban 1/1
if (defined('PO_BOX_ERROR')) {
if ( preg_match('/PO BOX/si', $street_address_shipping) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/POBOX/si', $street_address_shipping) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/P\.O\./si', $street_address_shipping) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/P\.O/si', $street_address_shipping) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
} else if ( preg_match('/PO\./si', $street_address_shipping) ) {
$error = true;
$messageStack->add('create_account', PO_BOX_ERROR);
}
}
// END PO Box Ban 1/1
if (ACCOUNT_STATE == 'true') {
$check_query = "SELECT count(*) AS total
FROM " . TABLE_ZONES . "
WHERE zone_country_id = :zoneCountryID";
$check_query = $db->bindVars($check_query, ':zoneCountryID', $country_shipping, 'integer');
$check = $db->Execute($check_query);
$entry_state_has_zones_shipping = ($check->fields['total'] > 0);
if ($entry_state_has_zones_shipping == true) {
$zone_query = "SELECT distinct zone_id, zone_name, zone_code
FROM " . TABLE_ZONES . "
WHERE zone_country_id = :zoneCountryID
AND " .
((trim($state_shipping) != '' && $zone_id_shipping == 0) ? "(upper(zone_name) like ':zoneState%' OR upper(zone_code) like '%:zoneState%') OR " : "") .
"zone_id = :zoneID
ORDER BY zone_code ASC, zone_name";
$zone_query = $db->bindVars($zone_query, ':zoneCountryID', $country_shipping, 'integer');
$zone_query = $db->bindVars($zone_query, ':zoneState', strtoupper($state_shipping), 'noquotestring');
$zone_query = $db->bindVars($zone_query, ':zoneID', $zone_id_shipping, 'integer');
$zone_shipping = $db->Execute($zone_query);
//look for an exact match on zone ISO code
$found_exact_iso_match_shipping = ($zone->RecordCount() == 1);
if ($zone_shipping->RecordCount() > 1) {
while (!$zone_shipping->EOF && !$found_exact_iso_match_shipping) {
if (strtoupper($zone->fields['zone_code']) == strtoupper($state_shipping) ) {
$found_exact_iso_match_shipping = true;
continue;
}
$zone_shipping->MoveNext();
}