262 replies to this topic

[aelalfy1989]

tigergirl, on 27 January 2010 - 07:50 PM, said:

Please read the included instruction file for the answer:
Sam's_anti-hacker_account_mods.html

OMG, This is from the instructions. I'm quoting parts of the instruction that I dont understand

[tigergirl]

aelalfy1989, on 27 January 2010 - 09:06 PM, said:

OMG, This is from the instructions. I'm quoting parts of the instruction that I dont understand

in the instruction file quoted it says:

Quote

The line $strong_pw = false; apears in account_secure.php, set to true to require a strong password (at least one lower case, one upper case & one number )

which answers part of your original post. there are no settings in admin for this mod. if you look at that file you will find the code. unless I'm misunderstanding your question. there are 2 installation files...

and if you enable stong paaswords then in includes/languages/english.php you may wish to

find:
define('ENTRY_PASSWORD_TEXT', '*');
define('ENTRY_PASSWORD_NEW_TEXT', '*');
Replace with:
define('ENTRY_PASSWORD_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');
define('ENTRY_PASSWORD_NEW_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');

[aelalfy1989]

Hi everyone,

I tried to install this contribution and got an error. The website till runs somewhat but I have this error above it

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/a/e/l/aelalfy1989/html/includes/functions/html_output.php:353) in /home/content/a/e/l/aelalfy1989/html/includes/functions/sessions.php on line 97

I think this has to do with the other contribution I installed that was suppose to auto set my state in a dropdown menu (contribution name: dhtml_state_selection) . Can anyone help me correct this please? also if i try to log in, add to cart or soemthing, it does what i tell it to but gives me a blank page of error then when i got back im logged in or item been added to cart. here is the other error:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/a/e/l/aelalfy1989/html/includes/functions/html_output.php:353) in /home/content/a/e/l/aelalfy1989/html/includes/functions/sessions.php on line 97

Warning: Cannot modify header information - headers already sent by (output started at /home/content/a/e/l/aelalfy1989/html/includes/functions/html_output.php:353) in /home/content/a/e/l/aelalfy1989/html/includes/functions/general.php on line 36

ILL ADD THE CODE FOR AL THE ABOVE MENTIONED ERRORS

CODE FOR SESSIONS.PHP:

<?php
/*
  $Id: sessions.php,v 1.19 2003/07/02 22:10:34 hpdl Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2007 osCommerce

  Released under the GNU General Public License
*/

  if (STORE_SESSIONS == 'mysql') {
	if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
	  $SESS_LIFE = 1440;
	}

	function _sess_open($save_path, $session_name) {
	  return true;
	}

	function _sess_close() {
	  return true;
	}

	function _sess_read($key) {
	  $value_query = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'");
	  $value = tep_db_fetch_array($value_query);

	  if (isset($value['value'])) {
		return $value['value'];
	  }

	  return false;
	}

	function _sess_write($key, $val) {
	  global $SESS_LIFE;

	  $expiry = time() + $SESS_LIFE;
	  $value = $val;

	  $check_query = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
	  $check = tep_db_fetch_array($check_query);

	  if ($check['total'] > 0) {
		return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'");
	  } else {
		return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')");
	  }
	}

	function _sess_destroy($key) {
	  return tep_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
	}

	function _sess_gc($maxlifetime) {
	  tep_db_query("delete from " . TABLE_SESSIONS . " where expiry < '" . time() . "'");

	  return true;
	}

	session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
  }

  function tep_session_start() {
	global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;

	$sane_session_id = true;

	if (isset($HTTP_GET_VARS[tep_session_name()])) {
	  if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) {
		unset($HTTP_GET_VARS[tep_session_name()]);

		$sane_session_id = false;
	  }
	} elseif (isset($HTTP_POST_VARS[tep_session_name()])) {
	  if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) {
		unset($HTTP_POST_VARS[tep_session_name()]);

		$sane_session_id = false;
	  }
	} elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {
	  if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) {
		$session_data = session_get_cookie_params();

		setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']);

		$sane_session_id = false;
	  }
	}

	if ($sane_session_id == false) {
	  tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
	}

	return session_start();
  }

  function tep_session_register($variable) {
	global $session_started;

	if ($session_started == true) {
	  if (PHP_VERSION < 4.3) {
		return session_register($variable);
	  } else {
		$_SESSION[$variable] = (isset($GLOBALS[$variable])) ? $GLOBALS[$variable] : null;

		$GLOBALS[$variable] =& $_SESSION[$variable];
	  }
	}

	return false;
  }

  function tep_session_is_registered($variable) {
	if (PHP_VERSION < 4.3) {
	  return session_is_registered($variable);
	} else {
	  return isset($_SESSION[$variable]);
	}
  }

  function tep_session_unregister($variable) {
	if (PHP_VERSION < 4.3) {
	  return session_unregister($variable);
	} else {
	  unset($_SESSION[$variable]);
	}
  }

  function tep_session_id($sessid = '') {
	if (!empty($sessid)) {
	  return session_id($sessid);
	} else {
	  return session_id();
	}
  }

  function tep_session_name($name = '') {
	if (!empty($name)) {
	  return session_name($name);
	} else {
	  return session_name();
	}
  }

  function tep_session_close() {
	if (PHP_VERSION >= '4.0.4') {
	  return session_write_close();
	} elseif (function_exists('session_close')) {
	  return session_close();
	}
  }

  function tep_session_destroy() {
	return session_destroy();
  }

  function tep_session_save_path($path = '') {
	if (!empty($path)) {
	  return session_save_path($path);
	} else {
	  return session_save_path();
	}
  }

  function tep_session_recreate() {
	if (PHP_VERSION >= 4.1) {
	  $session_backup = $_SESSION;

	  unset($_COOKIE[tep_session_name()]);

	  tep_session_destroy();

	  if (STORE_SESSIONS == 'mysql') {
		session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
	  }

	  tep_session_start();

	  $_SESSION = $session_backup;
	  unset($session_backup);
	}
  }
?>

CODE FOR HTML_OUTPUT.PHP

<?php
/*
  $Id: html_output.php,v 1.56 2003/07/09 01:15:48 hpdl Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2007 osCommerce

  Released under the GNU General Public License
*/

//// 
// ULTIMATE Seo Urls 5 by FWR Media 
// The HTML href link wrapper function 
  function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { 
	global $seo_urls, $languages_id, $request_type, $session_started, $sid;				 
	if ( !is_object($seo_urls) ){ 
	  include_once DIR_WS_MODULES . 'ultimate_seo_urls5' . DIRECTORY_SEPARATOR . 'classes' . DIRECTORY_SEPARATOR . 'usu.php'; 
	  $seo_urls = new usu($languages_id, $request_type, $session_started, $sid); 
	} 
	return $seo_urls->href_link($page, $parameters, $connection, $add_session_id); 

  }


////
// The HTML image wrapper function
  function tep_image($src, $alt = '', $width = '', $height = '', $parameters = '') {
	if ( (empty($src) || ($src == DIR_WS_IMAGES)) && (IMAGE_REQUIRED == 'false') ) {
	  return false;
	}

// alt is added to the img tag even if it is null to prevent browsers from outputting
// the image filename as default
	$image = '<img src="' . tep_output_string($src) . '" border="0" alt="' . tep_output_string($alt) . '"';

	if (tep_not_null($alt)) {
	  $image .= ' title=" ' . tep_output_string($alt) . ' "';
	}

	if ( (CONFIG_CALCULATE_IMAGE_SIZE == 'true') && (empty($width) || empty($height)) ) {
	  if ($image_size = @getimagesize($src)) {
		if (empty($width) && tep_not_null($height)) {
		  $ratio = $height / $image_size[1];
		  $width = intval($image_size[0] * $ratio);
		} elseif (tep_not_null($width) && empty($height)) {
		  $ratio = $width / $image_size[0];
		  $height = intval($image_size[1] * $ratio);
		} elseif (empty($width) && empty($height)) {
		  $width = $image_size[0];
		  $height = $image_size[1];
		}
	  } elseif (IMAGE_REQUIRED == 'false') {
		return false;
	  }
	}

	if (tep_not_null($width) && tep_not_null($height)) {
	  $image .= ' width="' . tep_output_string($width) . '" height="' . tep_output_string($height) . '"';
	}

	if (tep_not_null($parameters)) $image .= ' ' . $parameters;

	$image .= '>';

	return $image;
  }

////
// The HTML form submit button wrapper function
// Outputs a button in the selected language
  function tep_image_submit($image, $alt = '', $parameters = '') {
	global $language;

	$image_submit = '<input type="image" src="' . tep_output_string(DIR_WS_LANGUAGES . $language . '/images/buttons/' . $image) . '" border="0" alt="' . tep_output_string($alt) . '"';

	if (tep_not_null($alt)) $image_submit .= ' title=" ' . tep_output_string($alt) . ' "';

	if (tep_not_null($parameters)) $image_submit .= ' ' . $parameters;

	$image_submit .= '>';

	return $image_submit;
  }

////
// Output a function button in the selected language
  function tep_image_button($image, $alt = '', $parameters = '') {
	global $language;

	return tep_image(DIR_WS_LANGUAGES . $language . '/images/buttons/' . $image, $alt, '', '', $parameters);
  }

////
// Output a separator either through whitespace, or with an image
  function tep_draw_separator($image = 'pixel_black.gif', $width = '100%', $height = '1') {
	return tep_image(DIR_WS_IMAGES . $image, '', $width, $height);
  }

////
// Output a form
  function tep_draw_form($name, $action, $method = 'post', $parameters = '') {
	$form = '<form name="' . tep_output_string($name) . '" action="' . tep_output_string($action) . '" method="' . tep_output_string($method) . '"';

	if (tep_not_null($parameters)) $form .= ' ' . $parameters;

	$form .= '>';

	return $form;
  }

////
// Output a form input field
  function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) {
	global $HTTP_GET_VARS, $HTTP_POST_VARS;

	$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';

	if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
	  if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
		$value = stripslashes($HTTP_GET_VARS[$name]);
	  } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
		$value = stripslashes($HTTP_POST_VARS[$name]);
	  }
	}

	if (tep_not_null($value)) {
	  $field .= ' value="' . tep_output_string($value) . '"';
	}

	if (tep_not_null($parameters)) $field .= ' ' . $parameters;

	$field .= '>';

	return $field;
  }

////
// Output a form password field
  function tep_draw_password_field($name, $value = '', $parameters = 'maxlength="40"') {
	return tep_draw_input_field($name, $value, $parameters, 'password', false);
  }

////
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field()
  function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') {
	global $HTTP_GET_VARS, $HTTP_POST_VARS;

	$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';

	if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"';

	if ( ($checked == true) || (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name]) && (($HTTP_GET_VARS[$name] == 'on') || (stripslashes($HTTP_GET_VARS[$name]) == $value))) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name]) && (($HTTP_POST_VARS[$name] == 'on') || (stripslashes($HTTP_POST_VARS[$name]) == $value))) ) {
	  $selection .= ' CHECKED';
	}

	if (tep_not_null($parameters)) $selection .= ' ' . $parameters;

	$selection .= '>';

	return $selection;
  }

////
// Output a form checkbox field
  function tep_draw_checkbox_field($name, $value = '', $checked = false, $parameters = ' style="background:none;"') {
	return tep_draw_selection_field($name, 'checkbox', $value, $checked, $parameters);
  }

////
// Output a form radio field
  function tep_draw_radio_field($name, $value = '', $checked = false, $parameters = ' style="background:none;"') {
	return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters);
  }

////
// Output a form textarea field
  function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) {
	global $HTTP_GET_VARS, $HTTP_POST_VARS;

	$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"';

	if (tep_not_null($parameters)) $field .= ' ' . $parameters;

	$field .= '>';

	if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
	  if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
		$field .= tep_output_string_protected(stripslashes($HTTP_GET_VARS[$name]));
	  } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
		$field .= tep_output_string_protected(stripslashes($HTTP_POST_VARS[$name]));
	  }
	} elseif (tep_not_null($text)) {
	  $field .= tep_output_string_protected($text);
	}

	$field .= '</textarea>';

	return $field;
  }


////
// Output a form textarea field w/ fckeditor
  function tep_draw_fckeditor($name, $width, $height, $text) {

	$oFCKeditor = new FCKeditor($name);
	$oFCKeditor -> Width  = $width;
	$oFCKeditor -> Height = $height;
	$oFCKeditor -> BasePath	= 'fckeditor/';
	$oFCKeditor -> Value = $text;

	$field = $oFCKeditor->Create($name);

	return $field;
  }

////
// Output a form hidden field
  function tep_draw_hidden_field($name, $value = '', $parameters = '') {
	global $HTTP_GET_VARS, $HTTP_POST_VARS;

	$field = '<input type="hidden" name="' . tep_output_string($name) . '"';

	if (tep_not_null($value)) {
	  $field .= ' value="' . tep_output_string($value) . '"';
	} elseif ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) {
	  if ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) ) {
		$field .= ' value="' . tep_output_string(stripslashes($HTTP_GET_VARS[$name])) . '"';
	  } elseif ( (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) {
		$field .= ' value="' . tep_output_string(stripslashes($HTTP_POST_VARS[$name])) . '"';
	  }
	}

	if (tep_not_null($parameters)) $field .= ' ' . $parameters;

	$field .= '>';

	return $field;
  }

////
// Hide form elements
  function tep_hide_session_id() {
	global $session_started, $SID;

	if (($session_started == true) && tep_not_null($SID)) {
	  return tep_draw_hidden_field(tep_session_name(), tep_session_id());
	}
  }

////
// Output a form pull down menu
  function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) {
	global $HTTP_GET_VARS, $HTTP_POST_VARS;

	$field = '<select name="' . tep_output_string($name) . '"';

	if (tep_not_null($parameters)) $field .= ' ' . $parameters;

	$field .= '>';

	if (empty($default) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
	  if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
		$default = stripslashes($HTTP_GET_VARS[$name]);
	  } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
		$default = stripslashes($HTTP_POST_VARS[$name]);
	  }
	}

	for ($i=0, $n=sizeof($values); $i<$n; $i++) {
	  $field .= '<option value="' . tep_output_string($values[$i]['id']) . '"';
	  if ($default == $values[$i]['id']) {
		$field .= ' SELECTED';
	  }

	  $field .= '>' . tep_output_string($values[$i]['text'], array('"' => '&quot;', '\'' => ''', '<' => '&lt;', '>' => '&gt;')) . '</option>';
	}
	$field .= '</select>';

	if ($required == true) $field .= TEXT_FIELD_REQUIRED;

	return $field;
  }

////
// Creates a pull-down list of countries
  function tep_get_country_list($name, $selected = '', $parameters = '') {
	$countries_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT));
	$countries = tep_get_countries();

	for ($i=0, $n=sizeof($countries); $i<$n; $i++) {
	  $countries_array[] = array('id' => $countries[$i]['countries_id'], 'text' => $countries[$i]['countries_name']);
	}

	return tep_draw_pull_down_menu($name, $countries_array, $selected, $parameters);
  }

////
// Creates a pull-down list for dates	
	function tep_pull_down_date($name='date', $day='', $month='', $year='', $mnth=false, $starty=1900){
	$day = $day ? $day : date('d');
	$month = $month ? $month : date('m');
	$year = $year ? $year : date('Y');
	$endy = date('Y') - 8; // latest year in drop (ie 8 years ago)
	if ($starty=='') {$starty=date('Y')-1;$endy=date('Y')+2;} 
	$named = $name . 'd';
	$namem = $name . 'm';
	// Array for days
	$days=array();
	$days[] = array('id' => '00', 'text' => ENTRY_DAY);
	for($i=1; $i<=31; $i++){
  	$j = strlen($i)!= 2 ? '0' . $i : $i;
  	$days[] = array('id' => $j, 'text' => $j); 
	}
	// Array for months
	if ($mnth) {  // if true output full textual month otherwise numeric
		$months[] = array('id' => '00', 'text' => ENTRY_MONTH);
		for($i=1; $i<=12; $i++){
		  $j = strlen($i)!= 2 ? '0' . $i : $i;
		$months[] = array('id' => $j, 'text' => date('F',mktime(0, 0, 0, $i, 12, 1980)));
		}
	} else {
		for($i=1; $i<=12; $i++){
		 $j = strlen($i)!= 2 ? '0' . $i : $i;
	 	 $months[] = array('id' => $j, 'text' => $j); 
	}
	}
  // Array for years
	for($i=$starty; $i<=$endy; $i++){
		$years[] = array('id' => $i, 'text' => $i); 
	}
	// Output drop formated by country

	// mm dd yy contries = 38 canada,139 Micronesia,163 Palau,168 Philippines,223 & 224 United States
  $rev_dates = array(223, 224, 38, 139, 163, 168);
	if (in_array(STORE_COUNTRY,$rev_dates)) { 
		$field = tep_draw_pull_down_menu($named, $months, $month);
		$field .= tep_draw_pull_down_menu($namem, $days, $day); 
	} else {
		$field = tep_draw_pull_down_menu($named, $days, $day);
		$field .= tep_draw_pull_down_menu($namem, $months, $month); 
	}
	$field .= tep_draw_pull_down_menu($name, $years, $year);

return $field ;
	}


?>

CODE FOR GENERAL.PHP:

<?php
/*
  $Id: general.php,v 1.231 2003/07/09 01:15:48 hpdl Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2007 osCommerce

  Released under the GNU General Public License
*/

////
// Stop from parsing any further PHP code
  function tep_exit() {
   tep_session_close();
   exit();
  }

// ULTIMATE Seo Urls 5 by FWR Media 
// Redirect to another page or site 
  function tep_redirect($url) { 
	if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {  
	  tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); 
	} 

	if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page 
	  if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url 
		$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL 
	  } 
	} 
	if ( false !== strpos($url, '&amp;') ){ 
	  $url = str_replace('&amp;', '&', $url); 
	} 
	session_write_close(); 
	header('Location: ' . $url); 
	exit; 
  }

////
// Parse the data used in the html tags to ensure the tags will not break
  function tep_parse_input_field_data($data, $parse) {
	return strtr(trim($data), $parse);
  }

  function tep_output_string($string, $translate = false, $protected = false) {
	if ($protected == true) {
	  return htmlspecialchars($string);
	} else {
	  if ($translate == false) {
		return tep_parse_input_field_data($string, array('"' => '&quot;'));
	  } else {
		return tep_parse_input_field_data($string, $translate);
	  }
	}
  }

  function tep_output_string_protected($string) {
	return tep_output_string($string, false, true);
  }

  function tep_sanitize_string($string) {
	$string = ereg_replace(' +', ' ', trim($string));

	return preg_replace("/[<>]/", '_', $string);
  }

////
// Return a random row from a database query
  function tep_random_select($query) {
	$random_product = '';
	$random_query = tep_db_query($query);
	$num_rows = tep_db_num_rows($random_query);
	if ($num_rows > 0) {
	  $random_row = tep_rand(0, ($num_rows - 1));
	  tep_db_data_seek($random_query, $random_row);
	  $random_product = tep_db_fetch_array($random_query);
	}

	return $random_product;
  }

////
// Return a product's name
// TABLES: products
  function tep_get_products_name($product_id, $language = '') {
	global $languages_id;

	if (empty($language)) $language = $languages_id;

	$product_query = tep_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int)$product_id . "' and language_id = '" . (int)$language . "'");
	$product = tep_db_fetch_array($product_query);

	return $product['products_name'];
  }

////
// Return a product's special price (returns nothing if there is no offer)
// TABLES: products
  function tep_get_products_special_price($product_id) {
	$product_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$product_id . "' and status");
	$product = tep_db_fetch_array($product_query);

	return $product['specials_new_products_price'];
  }

////
// Return a product's stock
// TABLES: products
  function tep_get_products_stock($products_id) {
	$products_id = tep_get_prid($products_id);
	$stock_query = tep_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int)$products_id . "'");
	$stock_values = tep_db_fetch_array($stock_query);

	return $stock_values['products_quantity'];
  }

////
// Check if the required stock is available
// If insufficent stock is available return an out of stock message
  function tep_check_stock($products_id, $products_quantity) {
	$stock_left = tep_get_products_stock($products_id) - $products_quantity;
	$out_of_stock = '';

	if ($stock_left < 0) {
	  $out_of_stock = '<span class="markProductOutOfStock">' . STOCK_MARK_PRODUCT_OUT_OF_STOCK . '</span>';
	}

	return $out_of_stock;
  }

////
// Break a word in a string if it is longer than a specified length ($len)
  function tep_break_string($string, $len, $break_char = '-') {
	$l = 0;
	$output = '';
	for ($i=0, $n=strlen($string); $i<$n; $i++) {
	  $char = substr($string, $i, 1);
	  if ($char != ' ') {
		$l++;
	  } else {
		$l = 0;
	  }
	  if ($l > $len) {
		$l = 1;
		$output .= $break_char;
	  }
	  $output .= $char;
	}

	return $output;
  }

////
// Return all HTTP GET variables, except those passed as a parameter
  function tep_get_all_get_params($exclude_array = '') {
	global $HTTP_GET_VARS;

	if (!is_array($exclude_array)) $exclude_array = array();

	$get_url = '';
	if (is_array($HTTP_GET_VARS) && (sizeof($HTTP_GET_VARS) > 0)) {
	  reset($HTTP_GET_VARS);
	  while (list($key, $value) = each($HTTP_GET_VARS)) {
		if ( (strlen($value) > 0) && ($key != tep_session_name()) && ($key != 'error') && (!in_array($key, $exclude_array)) && ($key != 'x') && ($key != 'y') ) {
		  $get_url .= $key . '=' . rawurlencode(stripslashes($value)) . '&';
		}
	  }
	}

	return $get_url;
  }

////
// Returns an array with countries
// TABLES: countries
  function tep_get_countries($countries_id = '', $with_iso_codes = false) {
	$countries_array = array();
	if (tep_not_null($countries_id)) {
	  if ($with_iso_codes == true) {
		$countries = tep_db_query("select countries_name, countries_iso_code_2, countries_iso_code_3 from " . TABLE_COUNTRIES . " where countries_id = '" . (int)$countries_id . "' order by countries_name");
		$countries_values = tep_db_fetch_array($countries);
		$countries_array = array('countries_name' => $countries_values['countries_name'],
								 'countries_iso_code_2' => $countries_values['countries_iso_code_2'],
								 'countries_iso_code_3' => $countries_values['countries_iso_code_3']);
	  } else {
		$countries = tep_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_id = '" . (int)$countries_id . "'");
		$countries_values = tep_db_fetch_array($countries);
		$countries_array = array('countries_name' => $countries_values['countries_name']);
	  }
	} else {
	  $countries = tep_db_query("select countries_id, countries_name from " . TABLE_COUNTRIES . " order by countries_name");
	  while ($countries_values = tep_db_fetch_array($countries)) {
		$countries_array[] = array('countries_id' => $countries_values['countries_id'],
								   'countries_name' => $countries_values['countries_name']);
	  }
	}

	return $countries_array;
  }

////
// Alias function to tep_get_countries, which also returns the countries iso codes
  function tep_get_countries_with_iso_codes($countries_id) {
	return tep_get_countries($countries_id, true);
  }

////
// Generate a path to categories
  function tep_get_path($current_category_id = '') {
	global $cPath_array;

	if (tep_not_null($current_category_id)) {
	  $cp_size = sizeof($cPath_array);
	  if ($cp_size == 0) {
		$cPath_new = $current_category_id;
	  } else {
		$cPath_new = '';
		$last_category_query = tep_db_query("select parent_id from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$cPath_array[($cp_size-1)] . "'");
		$last_category = tep_db_fetch_array($last_category_query);

		$current_category_query = tep_db_query("select parent_id from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");
		$current_category = tep_db_fetch_array($current_category_query);

		if ($last_category['parent_id'] == $current_category['parent_id']) {
		  for ($i=0; $i<($cp_size-1); $i++) {
			$cPath_new .= '_' . $cPath_array[$i];
		  }
		} else {
		  for ($i=0; $i<$cp_size; $i++) {
			$cPath_new .= '_' . $cPath_array[$i];
		  }
		}
		$cPath_new .= '_' . $current_category_id;

		if (substr($cPath_new, 0, 1) == '_') {
		  $cPath_new = substr($cPath_new, 1);
		}
	  }
	} else {
	  $cPath_new = implode('_', $cPath_array);
	}

	return 'cPath=' . $cPath_new;
  }

////
// Returns the clients browser
  function tep_browser_detect($component) {
	global $HTTP_USER_AGENT;

	return stristr($HTTP_USER_AGENT, $component);
  }

////
// Alias function to tep_get_countries()
  function tep_get_country_name($country_id) {
	$country_array = tep_get_countries($country_id);

	return $country_array['countries_name'];
  }

////
// Returns the zone (State/Province) name
// TABLES: zones
  function tep_get_zone_name($country_id, $zone_id, $default_zone) {
	$zone_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country_id . "' and zone_id = '" . (int)$zone_id . "'");
	if (tep_db_num_rows($zone_query)) {
	  $zone = tep_db_fetch_array($zone_query);
	  return $zone['zone_name'];
	} else {
	  return $default_zone;
	}
  }

////
// Returns the zone (State/Province) code
// TABLES: zones
  function tep_get_zone_code($country_id, $zone_id, $default_zone) {
	$zone_query = tep_db_query("select zone_code from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country_id . "' and zone_id = '" . (int)$zone_id . "'");
	if (tep_db_num_rows($zone_query)) {
	  $zone = tep_db_fetch_array($zone_query);
	  return $zone['zone_code'];
	} else {
	  return $default_zone;
	}
  }

////
// Wrapper function for round()
  function tep_round($number, $precision) {
	if (strpos($number, '.') && (strlen(substr($number, strpos($number, '.')+1)) > $precision)) {
	  $number = substr($number, 0, strpos($number, '.') + 1 + $precision + 1);

	  if (substr($number, -1) >= 5) {
		if ($precision > 1) {
		  $number = substr($number, 0, -1) + ('0.' . str_repeat(0, $precision-1) . '1');
		} elseif ($precision == 1) {
		  $number = substr($number, 0, -1) + 0.1;
		} else {
		  $number = substr($number, 0, -1) + 1;
		}
	  } else {
		$number = substr($number, 0, -1);
	  }
	}

	return $number;
  }

////
// Returns the tax rate for a zone / class
// TABLES: tax_rates, zones_to_geo_zones
  function tep_get_tax_rate($class_id, $country_id = -1, $zone_id = -1) {
	global $customer_zone_id, $customer_country_id;

	if ( ($country_id == -1) && ($zone_id == -1) ) {
	  if (!tep_session_is_registered('customer_id')) {
		$country_id = STORE_COUNTRY;
		$zone_id = STORE_ZONE;
	  } else {
		$country_id = $customer_country_id;
		$zone_id = $customer_zone_id;
	  }
	}

	$tax_query = tep_db_query("select sum(tax_rate) as tax_rate from " . TABLE_TAX_RATES . " tr left join " . TABLE_ZONES_TO_GEO_ZONES . " za on (tr.tax_zone_id = za.geo_zone_id) left join " . TABLE_GEO_ZONES . " tz on (tz.geo_zone_id = tr.tax_zone_id) where (za.zone_country_id is null or za.zone_country_id = '0' or za.zone_country_id = '" . (int)$country_id . "') and (za.zone_id is null or za.zone_id = '0' or za.zone_id = '" . (int)$zone_id . "') and tr.tax_class_id = '" . (int)$class_id . "' group by tr.tax_priority");
	if (tep_db_num_rows($tax_query)) {
	  $tax_multiplier = 1.0;
	  while ($tax = tep_db_fetch_array($tax_query)) {
		$tax_multiplier *= 1.0 + ($tax['tax_rate'] / 100);
	  }
	  return ($tax_multiplier - 1.0) * 100;
	} else {
	  return 0;
	}
  }

////
// Return the tax description for a zone / class
// TABLES: tax_rates;
  function tep_get_tax_description($class_id, $country_id, $zone_id) {
	$tax_query = tep_db_query("select tax_description from " . TABLE_TAX_RATES . " tr left join " . TABLE_ZONES_TO_GEO_ZONES . " za on (tr.tax_zone_id = za.geo_zone_id) left join " . TABLE_GEO_ZONES . " tz on (tz.geo_zone_id = tr.tax_zone_id) where (za.zone_country_id is null or za.zone_country_id = '0' or za.zone_country_id = '" . (int)$country_id . "') and (za.zone_id is null or za.zone_id = '0' or za.zone_id = '" . (int)$zone_id . "') and tr.tax_class_id = '" . (int)$class_id . "' order by tr.tax_priority");
	if (tep_db_num_rows($tax_query)) {
	  $tax_description = '';
	  while ($tax = tep_db_fetch_array($tax_query)) {
		$tax_description .= $tax['tax_description'] . ' + ';
	  }
	  $tax_description = substr($tax_description, 0, -3);

	  return $tax_description;
	} else {
	  return TEXT_UNKNOWN_TAX_RATE;
	}
  }

////
// Add tax to a products price
  function tep_add_tax($price, $tax) {
	if ( (DISPLAY_PRICE_WITH_TAX == 'true') && ($tax > 0) ) {
	  return $price + tep_calculate_tax($price, $tax);
	} else {
	  return $price;
	}
  }

// Calculates Tax rounding the result
  function tep_calculate_tax($price, $tax) {
	return $price * $tax / 100;
  }

////
// Return the number of products in a category
// TABLES: products, products_to_categories, categories
  function tep_count_products_in_category($category_id, $include_inactive = false) {
	$products_count = 0;
	if ($include_inactive == true) {
	  $products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$category_id . "'");
	} else {
	  $products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = p2c.products_id and p.products_status = '1' and p2c.categories_id = '" . (int)$category_id . "'");
	}
	$products = tep_db_fetch_array($products_query);
	$products_count += $products['total'];

	$child_categories_query = tep_db_query("select categories_id from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$category_id . "'");
	if (tep_db_num_rows($child_categories_query)) {
	  while ($child_categories = tep_db_fetch_array($child_categories_query)) {
		$products_count += tep_count_products_in_category($child_categories['categories_id'], $include_inactive);
	  }
	}

	return $products_count;
  }

////
// Return true if the category has subcategories
// TABLES: categories
  function tep_has_category_subcategories($category_id) {
	$child_category_query = tep_db_query("select count(*) as count from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$category_id . "'");
	$child_category = tep_db_fetch_array($child_category_query);

	if ($child_category['count'] > 0) {
	  return true;
	} else {
	  return false;
	}
  }

////
// Returns the address_format_id for the given country
// TABLES: countries;
  function tep_get_address_format_id($country_id) {
	$address_format_query = tep_db_query("select address_format_id as format_id from " . TABLE_COUNTRIES . " where countries_id = '" . (int)$country_id . "'");
	if (tep_db_num_rows($address_format_query)) {
	  $address_format = tep_db_fetch_array($address_format_query);
	  return $address_format['format_id'];
	} else {
	  return '1';
	}
  }

////
// Return a formatted address
// TABLES: address_format
  function tep_address_format($address_format_id, $address, $html, $boln, $eoln) {
	$address_format_query = tep_db_query("select address_format as format from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . (int)$address_format_id . "'");
	$address_format = tep_db_fetch_array($address_format_query);

	$company = tep_output_string_protected($address['company']);
	if (isset($address['firstname']) && tep_not_null($address['firstname'])) {
	  $firstname = tep_output_string_protected($address['firstname']);
	  $lastname = tep_output_string_protected($address['lastname']);
	} elseif (isset($address['name']) && tep_not_null($address['name'])) {
	  $firstname = tep_output_string_protected($address['name']);
	  $lastname = '';
	} else {
	  $firstname = '';
	  $lastname = '';
	}
	$street = tep_output_string_protected($address['street_address']);
	$suburb = tep_output_string_protected($address['suburb']);
	$city = tep_output_string_protected($address['city']);
	$state = tep_output_string_protected($address['state']);
	if (isset($address['country_id']) && tep_not_null($address['country_id'])) {
	  $country = tep_get_country_name($address['country_id']);

	  if (isset($address['zone_id']) && tep_not_null($address['zone_id'])) {
		$state = tep_get_zone_code($address['country_id'], $address['zone_id'], $state);
	  }
	} elseif (isset($address['country']) && tep_not_null($address['country'])) {
	  $country = tep_output_string_protected($address['country']['title']);
	} else {
	  $country = '';
	}
	$postcode = tep_output_string_protected($address['postcode']);
	$zip = $postcode;

	if ($html) {
// HTML Mode
	  $HR = '<hr>';
	  $hr = '<hr>';
	  if ( ($boln == '') && ($eoln == "\n") ) { // Values not specified, use rational defaults
		$CR = '<br>';
		$cr = '<br>';
		$eoln = $cr;
	  } else { // Use values supplied
		$CR = $eoln . $boln;
		$cr = $CR;
	  }
	} else {
// Text Mode
	  $CR = $eoln;
	  $cr = $CR;
	  $HR = '----------------------------------------';
	  $hr = '----------------------------------------';
	}

	$statecomma = '';
	$streets = $street;
	if ($suburb != '') $streets = $street . $cr . $suburb;
	if ($state != '') $statecomma = $state . ', ';

	$fmt = $address_format['format'];
	eval("\$address = \"$fmt\";");

	if ( (ACCOUNT_COMPANY == 'true') && (tep_not_null($company)) ) {
	  $address = $company . $cr . $address;
	}

	return $address;
  }

////
// Return a formatted address
// TABLES: customers, address_book
  function tep_address_label($customers_id, $address_id = 1, $html = false, $boln = '', $eoln = "\n") {
	$address_query = tep_db_query("select entry_firstname as firstname, entry_lastname as lastname, entry_company as company, entry_street_address as street_address, entry_suburb as suburb, entry_city as city, entry_postcode as postcode, entry_state as state, entry_zone_id as zone_id, entry_country_id as country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customers_id . "' and address_book_id = '" . (int)$address_id . "'");
	$address = tep_db_fetch_array($address_query);

	$format_id = tep_get_address_format_id($address['country_id']);

	return tep_address_format($format_id, $address, $html, $boln, $eoln);
  }

  function tep_row_number_format($number) {
	if ( ($number < 10) && (substr($number, 0, 1) != '0') ) $number = '0' . $number;

	return $number;
  }

  function tep_get_categories($categories_array = '', $parent_id = '0', $indent = '') {
	global $languages_id;

	if (!is_array($categories_array)) $categories_array = array();

	$categories_query = tep_db_query("select c.categories_id, cd.categories_name from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where parent_id = '" . (int)$parent_id . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name");
	while ($categories = tep_db_fetch_array($categories_query)) {
	  $categories_array[] = array('id' => $categories['categories_id'],
								  'text' => $indent . $categories['categories_name']);

	  if ($categories['categories_id'] != $parent_id) {
		$categories_array = tep_get_categories($categories_array, $categories['categories_id'], $indent . '&nbsp;&nbsp;');
	  }
	}

	return $categories_array;
  }

  function tep_get_manufacturers($manufacturers_array = '') {
	if (!is_array($manufacturers_array)) $manufacturers_array = array();

	$manufacturers_query = tep_db_query("select manufacturers_id, manufacturers_name from " . TABLE_MANUFACTURERS . " order by manufacturers_name");
	while ($manufacturers = tep_db_fetch_array($manufacturers_query)) {
	  $manufacturers_array[] = array('id' => $manufacturers['manufacturers_id'], 'text' => $manufacturers['manufacturers_name']);
	}

	return $manufacturers_array;
  }

////
// Return all subcategory IDs
// TABLES: categories
  function tep_get_subcategories(&$subcategories_array, $parent_id = 0) {
	$subcategories_query = tep_db_query("select categories_id from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$parent_id . "'");
	while ($subcategories = tep_db_fetch_array($subcategories_query)) {
	  $subcategories_array[sizeof($subcategories_array)] = $subcategories['categories_id'];
	  if ($subcategories['categories_id'] != $parent_id) {
		tep_get_subcategories($subcategories_array, $subcategories['categories_id']);
	  }
	}
  }

// Output a raw date string in the selected locale date format
// $raw_date needs to be in this format: YYYY-MM-DD HH:MM:SS
  function tep_date_long($raw_date) {
	if ( ($raw_date == '0000-00-00 00:00:00') || ($raw_date == '') ) return false;

	$year = (int)substr($raw_date, 0, 4);
	$month = (int)substr($raw_date, 5, 2);
	$day = (int)substr($raw_date, 8, 2);
	$hour = (int)substr($raw_date, 11, 2);
	$minute = (int)substr($raw_date, 14, 2);
	$second = (int)substr($raw_date, 17, 2);

	return strftime(DATE_FORMAT_LONG, mktime($hour,$minute,$second,$month,$day,$year));
  }

////
// Output a raw date string in the selected locale date format
// $raw_date needs to be in this format: YYYY-MM-DD HH:MM:SS
// NOTE: Includes a workaround for dates before 01/01/1970 that fail on windows servers
  function tep_date_short($raw_date) {
	if ( ($raw_date == '0000-00-00 00:00:00') || empty($raw_date) ) return false;

	$year = substr($raw_date, 0, 4);
	$month = (int)substr($raw_date, 5, 2);
	$day = (int)substr($raw_date, 8, 2);
	$hour = (int)substr($raw_date, 11, 2);
	$minute = (int)substr($raw_date, 14, 2);
	$second = (int)substr($raw_date, 17, 2);

	if (@date('Y', mktime($hour, $minute, $second, $month, $day, $year)) == $year) {
	  return date(DATE_FORMAT, mktime($hour, $minute, $second, $month, $day, $year));
	} else {
	  return ereg_replace('2037' . '$', $year, date(DATE_FORMAT, mktime($hour, $minute, $second, $month, $day, 2037)));
	}
  }

////
// Parse search string into indivual objects
  function tep_parse_search_string($search_str = '', &$objects) {
	$search_str = trim(strtolower($search_str));

// Break up $search_str on whitespace; quoted string will be reconstructed later
	$pieces = split('[[:space:]]+', $search_str);
	$objects = array();
	$tmpstring = '';
	$flag = '';

	for ($k=0; $k<count($pieces); $k++) {
	  while (substr($pieces[$k], 0, 1) == '(') {
		$objects[] = '(';
		if (strlen($pieces[$k]) > 1) {
		  $pieces[$k] = substr($pieces[$k], 1);
		} else {
		  $pieces[$k] = '';
		}
	  }

	  $post_objects = array();

	  while (substr($pieces[$k], -1) == ')')  {
		$post_objects[] = ')';
		if (strlen($pieces[$k]) > 1) {
		  $pieces[$k] = substr($pieces[$k], 0, -1);
		} else {
		  $pieces[$k] = '';
		}
	  }

// Check individual words

	  if ( (substr($pieces[$k], -1) != '"') && (substr($pieces[$k], 0, 1) != '"') ) {
		$objects[] = trim($pieces[$k]);

		for ($j=0; $j<count($post_objects); $j++) {
		  $objects[] = $post_objects[$j];
		}
	  } else {
/* This means that the $piece is either the beginning or the end of a string.
   So, we'll slurp up the $pieces and stick them together until we get to the
   end of the string or run out of pieces.
*/

// Add this word to the $tmpstring, starting the $tmpstring
		$tmpstring = trim(ereg_replace('"', ' ', $pieces[$k]));

// Check for one possible exception to the rule. That there is a single quoted word.
		if (substr($pieces[$k], -1 ) == '"') {
// Turn the flag off for future iterations
		  $flag = 'off';

		  $objects[] = trim($pieces[$k]);

		  for ($j=0; $j<count($post_objects); $j++) {
			$objects[] = $post_objects[$j];
		  }

		  unset($tmpstring);

// Stop looking for the end of the string and move onto the next word.
		  continue;
		}

// Otherwise, turn on the flag to indicate no quotes have been found attached to this word in the string.
		$flag = 'on';

// Move on to the next word
		$k++;

// Keep reading until the end of the string as long as the $flag is on

		while ( ($flag == 'on') && ($k < count($pieces)) ) {
		  while (substr($pieces[$k], -1) == ')') {
			$post_objects[] = ')';
			if (strlen($pieces[$k]) > 1) {
			  $pieces[$k] = substr($pieces[$k], 0, -1);
			} else {
			  $pieces[$k] = '';
			}
		  }

// If the word doesn't end in double quotes, append it to the $tmpstring.
		  if (substr($pieces[$k], -1) != '"') {
// Tack this word onto the current string entity
			$tmpstring .= ' ' . $pieces[$k];

// Move on to the next word
			$k++;
			continue;
		  } else {
/* If the $piece ends in double quotes, strip the double quotes, tack the
   $piece onto the tail of the string, push the $tmpstring onto the $haves,
   kill the $tmpstring, turn the $flag "off", and return.
*/
			$tmpstring .= ' ' . trim(ereg_replace('"', ' ', $pieces[$k]));

// Push the $tmpstring onto the array of stuff to search for
			$objects[] = trim($tmpstring);

			for ($j=0; $j<count($post_objects); $j++) {
			  $objects[] = $post_objects[$j];
			}

			unset($tmpstring);

// Turn off the flag to exit the loop
			$flag = 'off';
		  }
		}
	  }
	}

// add default logical operators if needed
	$temp = array();
	for($i=0; $i<(count($objects)-1); $i++) {
	  $temp[] = $objects[$i];
	  if ( ($objects[$i] != 'and') &&
		   ($objects[$i] != 'or') &&
		   ($objects[$i] != '(') &&
		   ($objects[$i+1] != 'and') &&
		   ($objects[$i+1] != 'or') &&
		   ($objects[$i+1] != ')') ) {
		$temp[] = ADVANCED_SEARCH_DEFAULT_OPERATOR;
	  }
	}
	$temp[] = $objects[$i];
	$objects = $temp;

	$keyword_count = 0;
	$operator_count = 0;
	$balance = 0;
	for($i=0; $i<count($objects); $i++) {
	  if ($objects[$i] == '(') $balance --;
	  if ($objects[$i] == ')') $balance ++;
	  if ( ($objects[$i] == 'and') || ($objects[$i] == 'or') ) {
		$operator_count ++;
	  } elseif ( ($objects[$i]) && ($objects[$i] != '(') && ($objects[$i] != ')') ) {
		$keyword_count ++;
	  }
	}

	if ( ($operator_count < $keyword_count) && ($balance == 0) ) {
	  return true;
	} else {
	  return false;
	}
  }

////
// Check date
  function tep_checkdate($date_to_check, $format_string, &$date_array) {
	$separator_idx = -1;

	$separators = array('-', ' ', '/', '.');
	$month_abbr = array('jan','feb','mar','apr','may','jun','jul','aug','sep','oct','nov','dec');
	$no_of_days = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);

	$format_string = strtolower($format_string);

	if (strlen($date_to_check) != strlen($format_string)) {
	  return false;
	}

	$size = sizeof($separators);
	for ($i=0; $i<$size; $i++) {
	  $pos_separator = strpos($date_to_check, $separators[$i]);
	  if ($pos_separator != false) {
		$date_separator_idx = $i;
		break;
	  }
	}

	for ($i=0; $i<$size; $i++) {
	  $pos_separator = strpos($format_string, $separators[$i]);
	  if ($pos_separator != false) {
		$format_separator_idx = $i;
		break;
	  }
	}

	if ($date_separator_idx != $format_separator_idx) {
	  return false;
	}

	if ($date_separator_idx != -1) {
	  $format_string_array = explode( $separators[$date_separator_idx], $format_string );
	  if (sizeof($format_string_array) != 3) {
		return false;
	  }

	  $date_to_check_array = explode( $separators[$date_separator_idx], $date_to_check );
	  if (sizeof($date_to_check_array) != 3) {
		return false;
	  }

	  $size = sizeof($format_string_array);
	  for ($i=0; $i<$size; $i++) {
		if ($format_string_array[$i] == 'mm' || $format_string_array[$i] == 'mmm') $month = $date_to_check_array[$i];
		if ($format_string_array[$i] == 'dd') $day = $date_to_check_array[$i];
		if ( ($format_string_array[$i] == 'yyyy') || ($format_string_array[$i] == 'aaaa') ) $year = $date_to_check_array[$i];
	  }
	} else {
	  if (strlen($format_string) == 8 || strlen($format_string) == 9) {
		$pos_month = strpos($format_string, 'mmm');
		if ($pos_month != false) {
		  $month = substr( $date_to_check, $pos_month, 3 );
		  $size = sizeof($month_abbr);
		  for ($i=0; $i<$size; $i++) {
			if ($month == $month_abbr[$i]) {
			  $month = $i;
			  break;
			}
		  }
		} else {
		  $month = substr($date_to_check, strpos($format_string, 'mm'), 2);
		}
	  } else {
		return false;
	  }

	  $day = substr($date_to_check, strpos($format_string, 'dd'), 2);
	  $year = substr($date_to_check, strpos($format_string, 'yyyy'), 4);
	}

	if (strlen($year) != 4) {
	  return false;
	}

	if (!settype($year, 'integer') || !settype($month, 'integer') || !settype($day, 'integer')) {
	  return false;
	}

	if ($month > 12 || $month < 1) {
	  return false;
	}

	if ($day < 1) {
	  return false;
	}

	if (tep_is_leap_year($year)) {
	  $no_of_days[1] = 29;
	}

	if ($day > $no_of_days[$month - 1]) {
	  return false;
	}

	$date_array = array($year, $month, $day);

	return true;
  }

////
// Check if year is a leap year
  function tep_is_leap_year($year) {
	if ($year % 100 == 0) {
	  if ($year % 400 == 0) return true;
	} else {
	  if (($year % 4) == 0) return true;
	}

	return false;
  }

////
// Return table heading with sorting capabilities
  function tep_create_sort_heading($sortby, $colnum, $heading) {
	global $PHP_SELF;

	$sort_prefix = '';
	$sort_suffix = '';

	if ($sortby) {
	  $sort_prefix = '<a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('page', 'info', 'sort')) . 'page=1&sort=' . $colnum . ($sortby == $colnum . 'a' ? 'd' : 'a')) . '" title="' . tep_output_string(TEXT_SORT_PRODUCTS . ($sortby == $colnum . 'd' || substr($sortby, 0, 1) != $colnum ? TEXT_ASCENDINGLY : TEXT_DESCENDINGLY) . TEXT_BY . $heading) . '" class="productListing-heading">' ;
	  $sort_suffix = (substr($sortby, 0, 1) == $colnum ? (substr($sortby, 1, 1) == 'a' ? '+' : '-') : '') . '</a>';
	}

	return $sort_prefix . $heading . $sort_suffix;
  }

////
// Recursively go through the categories and retreive all parent categories IDs
// TABLES: categories
  function tep_get_parent_categories(&$categories, $categories_id) {
	$parent_categories_query = tep_db_query("select parent_id from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$categories_id . "'");
	while ($parent_categories = tep_db_fetch_array($parent_categories_query)) {
	  if ($parent_categories['parent_id'] == 0) return true;
	  $categories[sizeof($categories)] = $parent_categories['parent_id'];
	  if ($parent_categories['parent_id'] != $categories_id) {
		tep_get_parent_categories($categories, $parent_categories['parent_id']);
	  }
	}
  }

////
// Construct a category path to the product
// TABLES: products_to_categories
  function tep_get_product_path($products_id) {
	$cPath = '';

	$category_query = tep_db_query("select p2c.categories_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = '" . (int)$products_id . "' and p.products_status = '1' and p.products_id = p2c.products_id limit 1");
	if (tep_db_num_rows($category_query)) {
	  $category = tep_db_fetch_array($category_query);

	  $categories = array();
	  tep_get_parent_categories($categories, $category['categories_id']);

	  $categories = array_reverse($categories);

	  $cPath = implode('_', $categories);

	  if (tep_not_null($cPath)) $cPath .= '_';
	  $cPath .= $category['categories_id'];
	}

	return $cPath;
  }

////
// Return a product ID with attributes
  function tep_get_uprid($prid, $params) {
	if (is_numeric($prid)) {
	  $uprid = $prid;

	  if (is_array($params) && (sizeof($params) > 0)) {
		$attributes_check = true;
		$attributes_ids = '';

		reset($params);
		while (list($option, $value) = each($params)) {
		  if (is_numeric($option) && is_numeric($value)) {
			$attributes_ids .= '{' . (int)$option . '}' . (int)$value;
		  } else {
			$attributes_check = false;
			break;
		  }
		}

		if ($attributes_check == true) {
		  $uprid .= $attributes_ids;
		}
	  }
	} else {
	  $uprid = tep_get_prid($prid);

	  if (is_numeric($uprid)) {
		if (strpos($prid, '{') !== false) {
		  $attributes_check = true;
		  $attributes_ids = '';

// strpos()+1 to remove up to and including the first { which would create an empty array element in explode()
		  $attributes = explode('{', substr($prid, strpos($prid, '{')+1));

		  for ($i=0, $n=sizeof($attributes); $i<$n; $i++) {
			$pair = explode('}', $attributes[$i]);

			if (is_numeric($pair[0]) && is_numeric($pair[1])) {
			  $attributes_ids .= '{' . (int)$pair[0] . '}' . (int)$pair[1];
			} else {
			  $attributes_check = false;
			  break;
			}
		  }

		  if ($attributes_check == true) {
			$uprid .= $attributes_ids;
		  }
		}
	  } else {
		return false;
	  }
	}

	return $uprid;
  }

////
// Return a product ID from a product ID with attributes
  function tep_get_prid($uprid) {
	$pieces = explode('{', $uprid);

	if (is_numeric($pieces[0])) {
	  return $pieces[0];
	} else {
	  return false;
	}
  }

////
// Return a customer greeting
  function tep_customer_greeting() {
	global $customer_id, $customer_first_name;

	if (tep_session_is_registered('customer_first_name') && tep_session_is_registered('customer_id')) {
	  $greeting_string = sprintf(TEXT_GREETING_PERSONAL, tep_output_string_protected($customer_first_name), tep_href_link(FILENAME_PRODUCTS_NEW));
	} else {
	  $greeting_string = sprintf(TEXT_GREETING_GUEST, tep_href_link(FILENAME_LOGIN, '', 'SSL'), tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
	}

	return $greeting_string;
  }

////
//! Send email (text/html) using MIME
// This is the central mail function. The SMTP Server should be configured
// correct in php.ini
// Parameters:
// $to_name		   The name of the recipient, e.g. "Jan Wildeboer"
// $to_email_address  The eMail address of the recipient,
//					e.g. jan.wildeboer@gmx.de
// $email_subject	 The subject of the eMail
// $email_text		The text of the eMail, may contain HTML entities
// $from_email_name   The name of the sender, e.g. Shop Administration
// $from_email_adress The eMail address of the sender,
//					e.g. info@mytepshop.com

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address, $htm=false) {	if (SEND_EMAILS != 'true') return false;

	// Instantiate a new mail object
	$message = new email(array('X-Mailer: osCommerce Mailer'));

	// Build the text version
	$text = strip_tags($email_text);
	if (EMAIL_USE_HTML == 'true') {
	  $message->add_html($email_text, $text, '',$htm);
	} else {
	  $message->add_text($text);
	}

	// Send message
	$message->build_message();
	$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
  }

////
// Check if product has attributes
  function tep_has_product_attributes($products_id) {
	$attributes_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$products_id . "'");
	$attributes = tep_db_fetch_array($attributes_query);

	if ($attributes['count'] > 0) {
	  return true;
	} else {
	  return false;
	}
  }

////
// Get the number of times a word/character is present in a string
  function tep_word_count($string, $needle) {
	$temp_array = split($needle, $string);

	return sizeof($temp_array);
  }

  function tep_count_modules($modules = '') {
	$count = 0;

	if (empty($modules)) return $count;

	$modules_array = split(';', $modules);

	for ($i=0, $n=sizeof($modules_array); $i<$n; $i++) {
	  $class = substr($modules_array[$i], 0, strrpos($modules_array[$i], '.'));

	  if (is_object($GLOBALS[$class])) {
		if ($GLOBALS[$class]->enabled) {
		  $count++;
		}
	  }
	}

	return $count;
  }

  function tep_count_payment_modules() {
	return tep_count_modules(MODULE_PAYMENT_INSTALLED);
  }

  function tep_count_shipping_modules() {
	return tep_count_modules(MODULE_SHIPPING_INSTALLED);
  }

  function tep_create_random_value($length, $type = 'mixed') {
	if ( ($type != 'mixed') && ($type != 'chars') && ($type != 'digits')) return false;

	$rand_value = '';
	while (strlen($rand_value) < $length) {
	  if ($type == 'digits') {
		$char = tep_rand(0,9);
	  } else {
		$char = chr(tep_rand(0,255));
	  }
	  if ($type == 'mixed') {
		if (eregi('^[a-z0-9]$', $char)) $rand_value .= $char;
	  } elseif ($type == 'chars') {
		if (eregi('^[a-z]$', $char)) $rand_value .= $char;
	  } elseif ($type == 'digits') {
		if (ereg('^[0-9]$', $char)) $rand_value .= $char;
	  }
	}

	return $rand_value;
  }

  function tep_array_to_string($array, $exclude = '', $equals = '=', $separator = '&') {
	if (!is_array($exclude)) $exclude = array();

	$get_string = '';
	if (sizeof($array) > 0) {
	  while (list($key, $value) = each($array)) {
		if ( (!in_array($key, $exclude)) && ($key != 'x') && ($key != 'y') ) {
		  $get_string .= $key . $equals . $value . $separator;
		}
	  }
	  $remove_chars = strlen($separator);
	  $get_string = substr($get_string, 0, -$remove_chars);
	}

	return $get_string;
  }

  function tep_not_null($value) {
	if (is_array($value)) {
	  if (sizeof($value) > 0) {
		return true;
	  } else {
		return false;
	  }
	} else {
	  if (($value != '') && (strtolower($value) != 'null') && (strlen(trim($value)) > 0)) {
		return true;
	  } else {
		return false;
	  }
	}
  }

////
// Output the tax percentage with optional padded decimals
  function tep_display_tax_value($value, $padding = TAX_DECIMAL_PLACES) {
	if (strpos($value, '.')) {
	  $loop = true;
	  while ($loop) {
		if (substr($value, -1) == '0') {
		  $value = substr($value, 0, -1);
		} else {
		  $loop = false;
		  if (substr($value, -1) == '.') {
			$value = substr($value, 0, -1);
		  }
		}
	  }
	}

	if ($padding > 0) {
	  if ($decimal_pos = strpos($value, '.')) {
		$decimals = strlen(substr($value, ($decimal_pos+1)));
		for ($i=$decimals; $i<$padding; $i++) {
		  $value .= '0';
		}
	  } else {
		$value .= '.';
		for ($i=0; $i<$padding; $i++) {
		  $value .= '0';
		}
	  }
	}

	return $value;
  }

////
// Checks to see if the currency code exists as a currency
// TABLES: currencies
  function tep_currency_exists($code) {
	$code = tep_db_prepare_input($code);

	$currency_query = tep_db_query("select code from " . TABLE_CURRENCIES . " where code = '" . tep_db_input($code) . "' limit 1");
	if (tep_db_num_rows($currency_query)) {
	  $currency = tep_db_fetch_array($currency_query);
	  return $currency['code'];
	} else {
	  return false;
	}
  }

  function tep_string_to_int($string) {
	return (int)$string;
  }

////
// Parse and secure the cPath parameter values
  function tep_parse_category_path($cPath) {
// make sure the category IDs are integers
	$cPath_array = array_map('tep_string_to_int', explode('_', $cPath));

// make sure no duplicate category IDs exist which could lock the server in a loop
	$tmp_array = array();
	$n = sizeof($cPath_array);
	for ($i=0; $i<$n; $i++) {
	  if (!in_array($cPath_array[$i], $tmp_array)) {
		$tmp_array[] = $cPath_array[$i];
	  }
	}

	return $tmp_array;
  }

////
// Return a random value
  function tep_rand($min = null, $max = null) {
	static $seeded;

	if (!isset($seeded)) {
	  mt_srand((double)microtime()*1000000);
	  $seeded = true;
	}

	if (isset($min) && isset($max)) {
	  if ($min >= $max) {
		return $min;
	  } else {
		return mt_rand($min, $max);
	  }
	} else {
	  return mt_rand();
	}
  }

  function tep_setcookie($name, $value = '', $expire = 0, $path = '/', $domain = '', $secure = 0) {
	setcookie($name, $value, $expire, $path, (tep_not_null($domain) ? $domain : ''), $secure);
  }

  function tep_get_ip_address() {
	global $HTTP_SERVER_VARS;

	if (isset($HTTP_SERVER_VARS)) {
	  if (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
		$ip = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
	  } elseif (isset($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
		$ip = $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
	  } else {
		$ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
	  }
	} else {
	  if (getenv('HTTP_X_FORWARDED_FOR')) {
		$ip = getenv('HTTP_X_FORWARDED_FOR');
	  } elseif (getenv('HTTP_CLIENT_IP')) {
		$ip = getenv('HTTP_CLIENT_IP');
	  } else {
		$ip = getenv('REMOTE_ADDR');
	  }
	}

	return $ip;
  }

  function tep_count_customer_orders($id = '', $check_session = true) {
	global $customer_id;

	if (is_numeric($id) == false) {
	  if (tep_session_is_registered('customer_id')) {
		$id = $customer_id;
	  } else {
		return 0;
	  }
	}

	if ($check_session == true) {
	  if ( (tep_session_is_registered('customer_id') == false) || ($id != $customer_id) ) {
		return 0;
	  }
	}

	$orders_check_query = tep_db_query("select count(*) as total from " . TABLE_ORDERS . " where customers_id = '" . (int)$id . "'");
	$orders_check = tep_db_fetch_array($orders_check_query);

	return $orders_check['total'];
  }

  function tep_count_customer_address_book_entries($id = '', $check_session = true) {
	global $customer_id;

	if (is_numeric($id) == false) {
	  if (tep_session_is_registered('customer_id')) {
		$id = $customer_id;
	  } else {
		return 0;
	  }
	}

	if ($check_session == true) {
	  if ( (tep_session_is_registered('customer_id') == false) || ($id != $customer_id) ) {
		return 0;
	  }
	}

	$addresses_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$id . "'");
	$addresses = tep_db_fetch_array($addresses_query);

	return $addresses['total'];
  }

// nl2br() prior PHP 4.2.0 did not convert linefeeds on all OSs (it only converted \n)
  function tep_convert_linefeeds($from, $to, $string) {
	if ((PHP_VERSION < "4.0.5") && is_array($from)) {
	  returge();
	$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
  }
  

?>

ANYTHING TO DO WITH THE DHTML_STATE WHATEVER CONTRIBUTION CAN BE DELETED

Thanks in advance for all the help

[aelalfy1989]

NVM my last post, I have fixed the issue

1) my question is I notice that when you change country using drop down menu, the stat doesn't automatically update? why? I changed it from canada to us and still have canada zones in my stat drop down.
   Here take a look please http://www.bestmacdiscounts.com/create_account.php

2) in my address book under edit the stat menu is not a drop down but a text menu instead? any ideas why? All the files were copied from the contribution because I didn't mind it since I didn't make many changes before and I have the old ones backed up. So basically all the files are copied except some in the includes file such as form_check.js.php and english.php because it was small changes to be made. anyways please take a look you can create an account to see for yourself how the edit address looks like. if someone can help please do

Thank you,
AE

OH please dont mind how the pages look, since i copied them, I didn't have the time to change them yet. but they work so its good.  One thing I don't know how to change is that grey background so if anyone knows please feel free to let me know

Edited by aelalfy1989, 28 January 2010 - 01:05 AM.

[spooks]

aelalfy1989, on 28 January 2010 - 01:03 AM, said:

1) my question is I notice that when you change country using drop down menu, the stat doesn't automatically update? why? I changed it from canada to us and still have canada zones in my stat drop down.
   Here take a look please http://www.bestmacdi...ate_account.php

2) in my address book under edit the stat menu is not a drop down but a text menu instead? any ideas why? All the files were copied from the contribution because I didn't mind it since I didn't make many changes before and I have the old ones backed up. So basically all the files are copied except some in the includes file such as form_check.js.php and english.php because it was small changes to be made. anyways please take a look you can create an account to see for yourself how the edit address looks like. if someone can help please do

1 This contib is mostly php based, that would require javascript/ajax, note: same behaviour as standard osc after country/county selection.

2. Not implemented on this version, wait for a update.

[aelalfy1989]

spooks, on 28 January 2010 - 01:44 AM, said:

1 This contib is mostly php based, that would require javascript/ajax, note: same behaviour as standard osc after country/county selection.

2. Not implemented on this version, wait for a update.

1) This was the whole point of me switching to this contribution. The other contribution does it, can we combine them in any way?

2) If you do have the time to make an update can you include the other contribution in that as well? the auto update state as soon as you pick the country. do you need the code for that contribution? or the name of the contribution? I don't think  it's hard to include just by looking at the steps it took me to install that contribution. Let me know what you think.  Email me with anything you want me to do. I'm not a progammer so my skills are limited but I think your contribution is really good and could be even better with a few tweeks.

Thanks
AE

[spooks]

aelalfy1989, on 28 January 2010 - 03:38 AM, said:

1) This was the whole point of me switching to this contribution. The other contribution does it, can we combine them in any way?

2) If you do have the time to make an update can you include the other contribution in that as well? the auto update state as soon as you pick the country. do you need the code for that contribution? or the name of the contribution? I don't think  it's hard to include just by looking at the steps it took me to install that contribution. Let me know what you think.  Email me with anything you want me to do. I'm not a progammer so my skills are limited but I think your contribution is really good and could be even better with a few tweeks.

Thanks
AE

1 if u can give a link to the other contribution I'll take a look

[Roaddoctor]

spooks, on 26 January 2010 - 12:42 PM, said:

Hi, thats anoying, 1st test with this:

return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/iU", "", urldecode($vars));

otherwise its perhaps that your PCRE library has not been compiled with Unicode support, I`ve never played with server configs.


The zip test could be modded to reformat, I`ll look to that on a update.

Sam,

I tried

		return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/iU", "", urldecode($vars));

and it still seemed to sanitize the unicode. no change. I will dig into my server config today to see what I can find on my end.

[spooks]

Uploaded new version 1.2

• Modified cleaning code to expand server compatibilty.
• Altered so default subject is used if none entered in Contact Us.
• Increased post code validation to include UK, USA, Canada, Australia & France.
• All validated post codes will be restructured to the standard form if they pass checks.
• Modified Contact Us so e-mail is always editable, name is now only locked for logged in.
• Added default State/Province/County pull down for account edit.
• Added Ajax function for County pull down, based on some code provided by insaini, but with modifications.
• Operation is as similar as possible with javascript off.
• Added 'Please Select' Default to County pull down on country change.
• Fixed osC Country edit bug in modules/address_book_details.php.

  Though the post code validation covers only a small list of countries, the included functions cover most formats used world-wide so increasing the scope of checks would be easy. [img]http://forums.oscommerce.com/public/style_emoticons/default/wink.gif[/img]



Keep your site safe.  [img]http://forums.oscommerce.com/public/style_emoticons/default/smile.gif[/img]

[Roaddoctor]

Thank you for the update... all seems to be working well.
minor bug for me:
This line in create_account.php is not showing what I am guessing should be a flag? I've got the red "X 223"

				<td class="main"><?php echo tep_get_country_list('country',$country, 'onchange="getStates(this.value, \'states\');"') . '&nbsp;' . (tep_not_null(ENTRY_COUNTRY_TEXT) ? '<span class="inputRequirement">' . ENTRY_COUNTRY_TEXT . '</span>': '') . tep_image('pixel_trans.gif',$country,8,8); ?></td>

I do have all the flag images in /images/flags/xx.gif  (i.e. us.gif)

[Roaddoctor]

ooops, bug #2
during checkout, if I try to EDIT an existing address, below City and the city entry field, all I see is

State/Province:

without and entry field nor the country being displayed. Same for ship-to and bill-to edit address pages.

[spooks]

Roaddoctor, on 29 January 2010 - 06:38 PM, said:

ooops, bug #2
during checkout, if I try to EDIT an existing address, below City and the city entry field, all I see is

State/Province:

without and entry field nor the country being displayed. Same for ship-to and bill-to edit address pages.

You havent uploaded the new files in the latest package or done the edits for the module?

ship-to and bill-to edit address havent been done yet, so will be as the original osc package


the image is just a test left over, but you should have 'pixel_trans.gif', its a standard osc file!!

[Roaddoctor]

Looks like I have this module intalled: Easy Address Change 0.9
Which makes changes to checkout_shipping_address.php and checkout_payment_address.php
http://addons.oscommerce.com/info/3720/v,22

Something I have changed during the install of anti-hacker has Easy Address Change stopping as soon as it reaches State/Province.

What happenned to "code box" for posting a long snippet? I will try to sort it.

[Roaddoctor]

Roaddoctor, on 29 January 2010 - 08:19 PM, said:

Looks like I have this module intalled: Easy Address Change 0.9
Which makes changes to checkout_shipping_address.php and checkout_payment_address.php
http://addons.oscommerce.com/info/3720/v,22

Something I have changed during the install of anti-hacker has Easy Address Change stopping as soon as it reaches State/Province.

Sorted.

I took the changes you made in address_book_process.php and applied the same to address_edit_process and billing_address_edit_process.php.

All works fine.

Edited by Roaddoctor, 30 January 2010 - 03:42 AM.

[aelalfy1989]

HEy,

Hey man I respect that you for doing that upgrade. Very very nice of you and i'm very thankful for the clean simple update.

Thanks
AE

Edited by aelalfy1989, 30 January 2010 - 06:19 AM.

[Roaddoctor]

Do note that the little fix posted above only applies if you have Easy Address Change 0.9 installed and it only fixes the EDITING of existing addresses... ie address_edit_process.php and billing_address_edit_process.php.

I would like to post a request for Sam to see about adding anti hacker to the files:
Checkout_shipping_address.php and checkout_payment_address.php. This would button up the last bits of common user input fields... when time allows.

Thanks Sam

David

[aelalfy1989]

Hey

Can you give me a hand

I installed your lastest update. Which works great. But I'm having a few problems

1) [img]http://www.bestmacdiscounts.com/screenshot5.jpg[/img]

It seems that when I go my account and click "View or change my account information." it takes me to the page in the image above but even if I don't change anything and click ok. It gives me the error above.

2) when i go back to my account area and click " View or change entries in my address book." then click add new address, the state is a text box not a drop down. why?

Please let me know what I'm doing wrong.

Thanks
AE

[aelalfy1989]

aelalfy1989, on 31 January 2010 - 08:31 PM, said:

Hey

Can you give me a hand

I installed your lastest update. Which works great. But I'm having a few problems

1) [img]http://www.bestmacdiscounts.com/screenshot5.jpg[/img]

It seems that when I go my account and click "View or change my account information." it takes me to the page in the image above but even if I don't change anything and click ok. It gives me the error above.

2) when i go back to my account area and click " View or change entries in my address book." then click add new address, the state is a text box not a drop down. why?

Please let me know what I'm doing wrong.

Thanks
AE

Sorry the image didn't show up
[img]http://www.bestmacdiscounts.com/images/screenshot5.jpg[/img]

Edited by aelalfy1989, 31 January 2010 - 08:50 PM.

[spooks]

aelalfy1989, on 31 January 2010 - 08:31 PM, said:

1 check your install, have u added

$_POST['dob'] = $_POST['dob_ind'].'/'.$_POST['dob_inm'].'/'.$_POST['dob_in'];

etc

2. not been done yet, so will be as the original osc package

[aelalfy1989]

spooks, on 31 January 2010 - 10:52 PM, said:

1 check your install, have u added

$_POST['dob'] = $_POST['dob_ind'].'/'.$_POST['dob_inm'].'/'.$_POST['dob_in'];

etc

2. not been done yet, so will be as the original osc package

Hi,

1) The whole file was replaced I thought it worked so I edited some cosmetic work nothing to do with anything really.

Here is the code:

<?php
/*
  $Id: account_edit.php,v 2 2010/01/16 23:03:52 spooks Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2010 osCommerce

  Released under the GNU General Public License
*/
// anti-hacker account	
  require('includes/functions/account_secure.php');
	clean_post ();
	$_POST['dob'] = $_POST['dob_ind'].'/'.$_POST['dob_inm'].'/'.$_POST['dob_in'];
	// EOF anti-hacker account	
  require('includes/application_top.php');
		
  if (!tep_session_is_registered('customer_id')) {
	$navigation->set_snapshot();
	tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
  }

// needs to be included earlier to set the success message in the messageStack
  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_EDIT);

  if (isset($_POST['action']) && ($_POST['action'] == 'process')) {
	if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($_POST['gender']);
	$firstname = tep_db_prepare_input($_POST['firstname']);
	$lastname = tep_db_prepare_input($_POST['lastname']);
	if (ACCOUNT_DOB == 'true') $dob = tep_db_prepare_input($_POST['dob']);
	$email_address = tep_db_prepare_input($_POST['email_address']);
	$telephone = tep_db_prepare_input($_POST['telephone']);
	$fax = tep_db_prepare_input($_POST['fax']);

	$error = false;

	if (ACCOUNT_GENDER == 'true') {
	  if ( ($gender != 'm') && ($gender != 'f') ) {
		$error = true;

		$messageStack->add('account_edit', ENTRY_GENDER_ERROR);
	  }
	}

	if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
	  $error = true;

	  $messageStack->add('account_edit', ENTRY_FIRST_NAME_ERROR);
	}

	if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
	  $error = true;

	  $messageStack->add('account_edit', ENTRY_LAST_NAME_ERROR);
	}

	if (ACCOUNT_DOB == 'true') {
	  if (!checkdate(substr(tep_date_raw($dob), 4, 2), substr(tep_date_raw($dob), 6, 2), substr(tep_date_raw($dob), 0, 4))) {
		$error = true;

		$messageStack->add('account_edit', ENTRY_DATE_OF_BIRTH_ERROR);
	  }
	}

	if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
	  $error = true;

	  $messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR);
	}

	if (!tep_validate_email($email_address)) {
	  $error = true;

	  $messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
	}

	$check_email_query = tep_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' and customers_id != '" . (int)$customer_id . "'");
	$check_email = tep_db_fetch_array($check_email_query);
	if ($check_email['total'] > 0) {
	  $error = true;

	  $messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
	}
// anti-hacker account
		$telephone = ValidatePhone($telephone);
		if ($telephone === NULL) {
		$error = true;
		$messageStack->add('account_edit', ENTRY_PHONE_ERROR);
		} else {
			$_POST['telephone'] = $telephone;	
		}
		$fax = ValidatePhone($fax);
		if ($fax === NULL) {
		$error = true;
		$messageStack->add('account_edit', ENTRY_FAX_ERROR);
		} else {	
			$_POST['fax'] = $fax;	
		}		
// EOF anti-hacker account	
	if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
	  $error = true;

	  $messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR);
	}

	if ($error == false) {
	  $sql_data_array = array('customers_firstname' => $firstname,
							  'customers_lastname' => $lastname,
							  'customers_email_address' => $email_address,
							  'customers_telephone' => $telephone,
							  'customers_fax' => $fax);

	  if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;
	  if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = tep_date_raw($dob);

	  tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'");

	  tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'");

	  $sql_data_array = array('entry_firstname' => $firstname,
							  'entry_lastname' => $lastname);

	  tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$customer_default_address_id . "'");

// reset the session variables
	  $customer_first_name = $firstname;
			
			$messageStack->add_session('account', '', 'none');
	  $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success');

	  tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
	}
  }

  $account_query = tep_db_query("select customers_gender, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
  $account = tep_db_fetch_array($account_query);

  $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
  $breadcrumb->add(NAVBAR_TITLE_2);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<?php require('includes/form_check.js.php'); ?>
</head>
<body>
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->
<!-- body //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0">
  <tr>
	<td width="100%" class="col_center">
	 <!-- breadcrumb //-->
	<div id="breadcrumb_wrap">
<ul id="breadcrumb">
		<li><a href="http://www.bestmacdiscounts.com" title="Home"><img src="images/home.png" alt="Home" class="home" /></a></li>
		<li><?php echo $breadcrumb->trail(' &nbsp; ')?></li>
</ul>
<div>
  <div id="ddtabs1" class="basictab">
<ul>
<li><!-- BEGIN ProvideSupport.com Text Chat Link Code -->
<div id="scdiKA" style="display:inline"></div><div id="sddiKA" style="display:none"></div><script type="text/javascript">var sediKA=document.createElement("script");sediKA.type="text/javascript";var sediKAs=(location.protocol.indexOf("https")==0?"https":"http")+"://image.providesupport.com/js/aelalfy1989/safe-textlink.js?ps_h=diKA&ps_t="+new Date().getTime()+"&online-link-html=Live%20Help&offline-link-html=Live%20Help";setTimeout("sediKA.src=sediKAs;document.getElementById('sddiKA').appendChild(sediKA)",1)</script><noscript><div style="display:inline"><a href="http://www.providesupport.com?messenger=aelalfy1989">Online Chat</a></div></noscript>
<!-- END ProvideSupport.com Text Chat Link Code --></li>
<li><a href="<?php echo tep_href_link('account.php')?>">Account</a></li>
<li><a href="<?php echo tep_href_link('shopping_cart.php')?>">Cart <?php echo $cart->count_contents()?><img src="images/cart.png" width="22" height="16" style="vertical-align:middle; border:0px;" /></a></li>
</ul>
</div>
</div>
</div>
</tr>
<!-- body_text //-->
<tr>
<? tep_draw_heading_top_4();?>
<!-- body_text //-->
	<td width="100%" valign="top"><?php echo tep_draw_form('account_edit', tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'), 'post', 'onsubmit="return check_form(account_edit);"') . tep_draw_hidden_field('action', 'process'); ?><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">
		  <tr>
			<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
		  </tr>
		</table></td>
	  </tr>
	  <tr>
		<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
	  </tr>
<?php
  if ($messageStack->size('account_edit') > 0) {
?>
	  <tr>
		<td><?php echo $messageStack->output('account_edit'); ?></td>
	  </tr>
	  <tr>
		<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
	  </tr>
<?php
  }
?>
	  <tr>
		<td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
		  <tr>
			<td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
			  <tr>
				<td class="main"><b><?php echo MY_ACCOUNT_TITLE; ?></b></td>
				<td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION; ?></td>
			  </tr>
			</table></td>
		  </tr>
		  <tr>
			<td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
			  <tr class="infoBoxContents">
				<td><table border="0" summary="" cellspacing="2" cellpadding="2">
<?php
  if (ACCOUNT_GENDER == 'true') {
	if (isset($gender)) {
	  $male = ($gender == 'm') ? true : false;
	} else {
	  $male = ($account['customers_gender'] == 'm') ? true : false;
	}
	$female = !$male;
?>
				  <tr>
					<td class="main"><?php echo ENTRY_GENDER; ?></td>
					<td class="main"><?php echo tep_draw_radio_field('gender', 'm', $male) . '&nbsp;&nbsp;' . MALE . '&nbsp;&nbsp;' . tep_draw_radio_field('gender', 'f', $female) . '&nbsp;&nbsp;' . FEMALE . '&nbsp;' . (tep_not_null(ENTRY_GENDER_TEXT) ? '<span class="inputRequirement">' . ENTRY_GENDER_TEXT . '</span>': ''); ?></td>
				  </tr>
<?php
  }
?>
				  <tr>
					<td class="main"><?php echo ENTRY_FIRST_NAME; ?></td>
					<td class="main"><?php echo tep_draw_input_field('firstname', $account['customers_firstname']) . '&nbsp;' . (tep_not_null(ENTRY_FIRST_NAME_TEXT) ? '<span class="inputRequirement">' . ENTRY_FIRST_NAME_TEXT . '</span>': ''); ?></td>
				  </tr>
				  <tr>
					<td class="main"><?php echo ENTRY_LAST_NAME; ?></td>
					<td class="main"><?php echo tep_draw_input_field('lastname', $account['customers_lastname']) . '&nbsp;' . (tep_not_null(ENTRY_LAST_NAME_TEXT) ? '<span class="inputRequirement">' . ENTRY_LAST_NAME_TEXT . '</span>': ''); ?></td>
				  </tr>
<?php
  if (ACCOUNT_DOB == 'true') {
	// anti-hacker account
	$day = substr($account['customers_dob'], 8, 2);
	$month = substr($account['customers_dob'], 5, 2);
	$year = substr($account['customers_dob'], 0, 4);
	$day = isset($_POST['dob_ind']) ? $_POST['dob_ind'] : $day;
	$month = isset($_POST['dob_inm']) ? $_POST['dob_inm'] : $month;
	$year = isset($_POST['dob_in']) ? $_POST['dob_in'] : $year;
?>
			  <tr>
				<td class="main"><?php echo ENTRY_DATE_OF_BIRTH; ?></td>
				<td class="main"><?php echo tep_pull_down_date('dob_in', $day, $month, $year, true) . '&nbsp;' . (tep_not_null(ENTRY_DATE_OF_BIRTH_TEXT) ? '<span class="inputRequirement">' . ENTRY_DATE_OF_BIRTH_TEXT . '</span>': ''); ?></td>

				  </tr>
<?php
  // EOF anti-hacker account
  }
?>
				  <tr>
					<td class="main"><?php echo ENTRY_EMAIL_ADDRESS; ?></td>
					<td class="main"><?php echo tep_draw_input_field('email_address', $account['customers_email_address']) . '&nbsp;' . (tep_not_null(ENTRY_EMAIL_ADDRESS_TEXT) ? '<span class="inputRequirement">' . ENTRY_EMAIL_ADDRESS_TEXT . '</span>': ''); ?></td>
				  </tr>
				  <tr>
					<td class="main"><?php echo ENTRY_TELEPHONE_NUMBER; ?></td>
					<td class="main"><?php echo tep_draw_input_field('telephone', $account['customers_telephone']) . '&nbsp;' . (tep_not_null(ENTRY_TELEPHONE_NUMBER_TEXT) ? '<span class="inputRequirement">' . ENTRY_TELEPHONE_NUMBER_TEXT . '</span>': ''); ?></td>
				  </tr>
				  <tr>
					<td class="main"><?php echo ENTRY_FAX_NUMBER; ?></td>
					<td class="main"><?php echo tep_draw_input_field('fax', $account['customers_fax']) . '&nbsp;' . (tep_not_null(ENTRY_FAX_NUMBER_TEXT) ? '<span class="inputRequirement">' . ENTRY_FAX_NUMBER_TEXT . '</span>': ''); ?></td>
				  </tr>
				</table></td>
			  </tr>
			</table></td>
		  </tr>
		</table></td>
	  </tr>
	  <tr>
		<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
	  </tr>
	  <tr>
		<td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
		  <tr class="infoBoxContents">
			<td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
			  <tr>
				<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
				<td><?php echo '<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>
				<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
				<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
			  </tr>
			</table></td>
		  </tr>
		</table></td>
	  </tr>
	</table></form></td>
<!-- body_text_eof //-->
<? tep_draw_heading_bottom_4();?>
  </tr>
<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
</table>
<!-- body_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

2) surprised its not done because isn't the file been edited by you? sorry I'm not following. You did it for the edit an account, did you maybe forget to do it for the new account? just wondering.

One new problem I noticed. In all the files you edited, it seems that in the country drop down it allows you to select "please select" option and if you do, it puts the old text field state. why?

Thanks alot for your help and this contribution
AE