Jump to content
Sign in to follow this  
spooks

Anti-hacker Account Mods, Secure your account pages

Recommended Posts

It appears you have characters in the email that are being sanitised, what are the ones u have that are removed?

 

definitely getting sanitized for sure

unfortunately the email addy was basic small caps.... vipinquiry @ theactualdomainbeganwith"e...".net and should not have needed sanitization...

 

Im thinking its something more broad inscope & effect error on my part, or perhaps a conflicting mod... go here and try to create an account... you will see what I mean immediately upon hitting submit. the site is a store under construction so feel free to abuse, er um test, it :)

 

Thanks for the quick reply as usual!

In case its relevent, the only thing I did not mention in the first post is that I also changed HTTP_GET and HTTP_POST to the $_GET and $_POST form as I went along.


-Dave

Share this post


Link to post
Share on other sites

 

 

 

Perhaps your server doesn't understand the charset, what version php do you have?

 

in account_secure.php try changing

 

return preg_replace("/[^\p{L}\d\r@ :{}_.-]/i", "", urldecode($vars));

 

to

 

return preg_replace("/[^\p{L}\w\r@ :{}_.-]/i", "", urldecode($vars)); 


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Perhaps your server doesn't understand the charset, what version php do you have?

 

in account_secure.php try changing

 

return preg_replace("/[^\p{L}\d\r@ :{}_.-]/i", "", urldecode($vars));

 

to

 

return preg_replace("/[^\p{L}\w\r@ :{}_.-]/i", "", urldecode($vars)); 

 

Wow. That seems to have fixed it. I will test further now. Thank you!!

Can you briefly explain that fix. What was changed with the /w ? Just trying to understand.

 

and PHP Version: 5.1.6 (Zend: 2.1.0)

 

 

Also - a minor bug report: when creating a new account, the zip code would not accept the standard US zip+4 format of 12345-1234. I had to put 123451234 to pass validation.


-Dave

Share this post


Link to post
Share on other sites

Wow. That seems to have fixed it. I will test further now. Thank you!!

Can you briefly explain that fix. What was changed with the /w ? Just trying to understand.

 

and PHP Version: 5.1.6 (Zend: 2.1.0)

 

 

Also - a minor bug report: when creating a new account, the zip code would not accept the standard US zip+4 format of 12345-1234. I had to put 123451234 to pass validation.

 

 

the \w says any alphanumeric char, but the previous \p{L} says any char (or code point to use the regex term) within the letter category (ie including foriegn chars) it seams your server don't understand that!! Its possible your server has chars as code points within the mark category.

 

You will note you currently clean àáâãäåçéèêëìíîïñòóôõöùúûüýÿ ÀÁÂÃÄÅÇÉÈÊËÌÍÎÏÑÒÓÔÕÖÙÚÛÜÝŸ which \p{L} is supposed to avoid.

 

Would you mind replacing the \p{L} with \p{L}\p{M} and see it the above accented remain?

 

 

 

On the zip code front (I admit I didn't test it much blush.gif ) try:

 

return preg_match("/(^[0-9]{5}[-\s]*([0-9]{4})?$)|(^\w{2,4}\ \w{2,4}$)/i", $zip);

 

would you mind saying exactly what formats are valid? thanks smile.gif


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

As for the server I have complete access so if a misconfigured server is the culprit I could probably fix that.

 

I tested

return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/i", "", urldecode($vars));

 

still sanitized âãäåçéèêëìíîï... when updating the email address.

 

For Zip, the following two are most proper Zip & Zip+4 inputs. The +4 is not mandatory.

12345

12345-1234

 

These should probably be acceptable entries (not rejected at least), and if possible be autoformated to 12345-1234 if its easy.

123451234

12345 1234

 

I quick tested your suggestion and it did accept 12345-1234 format.

 

Thank you Sam


-Dave

Share this post


Link to post
Share on other sites

 

 

Hi, thats anoying, 1st test with this:

 

return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/iU", "", urldecode($vars));

 

otherwise its perhaps that your PCRE library has not been compiled with Unicode support, I`ve never played with server configs.

 

 

The zip test could be modded to reformat, I`ll look to that on a update.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Sam,

V1.1 on contact_us I'm getting an uneditable Full Name entry (like sky-diver was getting on email address) if there are invalid inputs on the page, other input fields were editable.

 

and I'm getting:

[b]Parse error[/b]: syntax error, unexpected $end in [b]/home/XXXXX/public_html/TESTSITE/account_edit.php[/b] on line [b]436[/b]

 

Line 436, last line:

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

:(

Edited by Mark Evans

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Sam,

V1.1 on contact_us I'm getting an uneditable Full Name entry (like sky-diver was getting on email address) if there are invalid inputs on the page, other input fields were editable.

 

and I'm getting:

[b]Parse error[/b]: syntax error, unexpected $end in [b]/home/XXXXX/public_html/TESTSITE/account_edit.php[/b] on line [b]436[/b]

 

Line 436, last line:

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

sad.gif

 

 

name, thats just so if the name is set (ie logged in) it wont be changed, if u want it different change:

 

<td class="main"><?php echo ($name ? $name . tep_draw_hidden_field('name',$name) : tep_draw_input_field('name', '', 'size="28"')); ?></td>

to

 

<td class="main"><?php echo tep_draw_input_field('name', $name , 'size="28"'); ?></td>

 

 

your error is a install mistake, you have added an extra { or removed too many }

Edited by Mark Evans

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

name, thats just so if the name is set (ie logged in) it wont be changed, if u want it different change:

 

<td class="main"><?php echo ($name ? $name . tep_draw_hidden_field('name',$name) : tep_draw_input_field('name', '', 'size="28"')); ?></td>

to

 

<td class="main"><?php echo tep_draw_input_field('name', $name , 'size="28"'); ?></td>

 

 

your error is a install mistake, you have added an extra { or removed too many }

 

I started again and have fixed my error with } . thanks

 

The name can't be changed when logged out if errors on contact-us page (am happy for name to be unchangeable when logged in though). code posted messes up the formatting on the page? input box moves right >_<

 

Should the customer be able to send contact_us email if no subject entered?


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

The name can't be changed when logged out if errors on contact-us page (am happy for name to be unchangeable when logged in though). code posted messes up the formatting on the page? input box moves right pinch.gif

 

Should the customer be able to send contact_us email if no subject entered?

 

 

you cant have pasted it exactly, sounds like 1 of the td tags is messed, perhaps u would prefer:

 

<td class="main"><?php echo ($account['customers_lastname'] ? $name . tep_draw_hidden_field('name',$name) : tep_draw_input_field('name', $name, 'size="28"')); ?></td>

 

that means logged in can't edit name, otherwise always editable

 

The subject could be checked, but as it never used to have one I didn't bother.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

<td class="main"><?php echo ($account['customers_lastname'] ? $name . tep_draw_hidden_field('name',$name) : tep_draw_input_field('name', $name, 'size="28"')); ?></td>

 

works a treat, ta v much

 

The subject could be checked, but as it never used to have one I didn't bother.

 

Is it possible to use the old tag if customer doesn't enter a subject?

define('EMAIL_SUBJECT', 'Web Enquiry from ' . STORE_NAME);

Sorry for being fussy B)


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

'EMAIL_SUBJECT'

 

Is it possible to use the old tag if customer doesn't enter a subject?

 

 

 

 

yes after:

  $xipaddress = $_SERVER["REMOTE_ADDR"];

add:

  $subject = $subject ? $subject : EMAIL_SUBJECT;


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

'EMAIL_SUBJECT'

 

 

yes after:

 $xipaddress = $_SERVER["REMOTE_ADDR"];

add:

 $subject = $subject ? $subject : EMAIL_SUBJECT;

 

You are fantastic! :thumbsup:

 

Everything working - Fan Dabby Dosey.

You can stop :sweating: now

Thank you so much Sam.


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Hi,

 

I recently installed a contribution to make my state a drop down menu and it worked fine but then i decided to check for a date of birth drop down and came across this contribution. Its promising, but i have a few question

 

1) if I create an account its profiled with the store owner country correct? if I switch that to another country will it automatically change the zones?

 

2) I don't understand some of the instructions provided with this contribution. Most of the files provided with this contribution will be replaced so I don't have to do most of the stuff tigergirl wrote in my case but the initial stuff don't understand

 

"If your store uses normal dates in place of the American 'mixed' format you need to ensure you have changed line 21 on" -------------------> What does this mean? I don't know what format I have. Also if I do am I changing the text below? or something else?

 

define('DATE_FORMAT_SHORT', '%m/%d/%Y'); // this is used for strftime()

define('DATE_FORMAT_LONG', '%A %d %B, %Y'); // this is used for strftime()

define('DATE_FORMAT', 'm/d/Y'); // this is used for date()

define('DATE_TIME_FORMAT', DATE_FORMAT_SHORT . ' %H:%M:%S');

 

////

// Return date in raw format

// $date should be in format mm/dd/yyyy

// raw date is in format YYYYMMDD, or DDMMYYYY

function tep_date_raw($date, $reverse = false) {

if ($reverse) {

return substr($date, 3, 2) . substr($date, 0, 2) . substr($date, 6, 4);

} else {

return substr($date, 6, 4) . substr($date, 0, 2) . substr($date, 3, 2);

}

}

Replace with:

define('DATE_FORMAT_SHORT', '%d.%m.%Y'); // this is used for strftime()

define('DATE_FORMAT_LONG', '%A, %d. %B %Y'); // this is used for strftime()

define('DATE_FORMAT', 'd.m.Y'); // this is used for strftime()

define('PHP_DATE_TIME_FORMAT', 'd.m.Y H:i:s'); // this is used for date()

define('DATE_TIME_FORMAT', DATE_FORMAT_SHORT . ' %H:%M:%S');

 

////

// Return date in raw format

// $date should be in format mm/dd/yyyy

// raw date is in format YYYYMMDD, or DDMMYYYY

function tep_date_raw($date, $reverse = false) {

if ($reverse) {

return substr($date, 0, 2) . substr($date, 3, 2) . substr($date, 6, 4);

} else {

return substr($date, 6, 4) . substr($date, 3, 2) . substr($date, 0, 2);

}

}

"You need to do the same for your admin file." -----------------> Need to do what?

"If you enable the strong password option:" -------------------> where is that option to enable strong password option? I don't see any of the files in this contribution going to the admin side so is there a defined option already?

 

find:

define('ENTRY_PASSWORD_TEXT', '*');

define('ENTRY_PASSWORD_NEW_TEXT', '*');

Replace with:

define('ENTRY_PASSWORD_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');

define('ENTRY_PASSWORD_NEW_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');

Edited by aelalfy1989

Thank you in advance,

AE

Share this post


Link to post
Share on other sites

"If you enable the strong password option:" -------------------> where is that option to enable strong password option? I don't see any of the files in this contribution going to the admin side so is there a defined option already?

 

Please read the included instruction file for the answer:

Sam's_anti-hacker_account_mods.html


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Please read the included instruction file for the answer:

Sam's_anti-hacker_account_mods.html

 

OMG, This is from the instructions. I'm quoting parts of the instruction that I dont understand


Thank you in advance,

AE

Share this post


Link to post
Share on other sites

OMG, This is from the instructions. I'm quoting parts of the instruction that I dont understand

 

in the instruction file quoted it says:

The line $strong_pw = false; apears in account_secure.php, set to true to require a strong password (at least one lower case, one upper case & one number )

 

which answers part of your original post. there are no settings in admin for this mod. if you look at that file you will find the code. unless I'm misunderstanding your question. there are 2 installation files...

 

and if you enable stong paaswords then in includes/languages/english.php you may wish to

find:
define('ENTRY_PASSWORD_TEXT', '*');
define('ENTRY_PASSWORD_NEW_TEXT', '*');
Replace with:
define('ENTRY_PASSWORD_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');
define('ENTRY_PASSWORD_NEW_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

Hi everyone,

 

I tried to install this contribution and got an error. The website till runs somewhat but I have this error above it

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/a/e/l/aelalfy1989/html/includes/functions/html_output.php:353) in /home/content/a/e/l/aelalfy1989/html/includes/functions/sessions.php on line 97

 

I think this has to do with the other contribution I installed that was suppose to auto set my state in a dropdown menu (contribution name: dhtml_state_selection) . Can anyone help me correct this please? also if i try to log in, add to cart or soemthing, it does what i tell it to but gives me a blank page of error then when i got back im logged in or item been added to cart. here is the other error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/a/e/l/aelalfy1989/html/includes/functions/html_output.php:353) in /home/content/a/e/l/aelalfy1989/html/includes/functions/sessions.php on line 97

 

Warning: Cannot modify header information - headers already sent by (output started at /home/content/a/e/l/aelalfy1989/html/includes/functions/html_output.php:353) in /home/content/a/e/l/aelalfy1989/html/includes/functions/general.php on line 36

 

ILL ADD THE CODE FOR AL THE ABOVE MENTIONED ERRORS

 

CODE FOR SESSIONS.PHP:

 

<?php
/*
 $Id: sessions.php,v 1.19 2003/07/02 22:10:34 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2007 osCommerce

 Released under the GNU General Public License
*/

 if (STORE_SESSIONS == 'mysql') {
   if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
     $SESS_LIFE = 1440;
   }

   function _sess_open($save_path, $session_name) {
     return true;
   }

   function _sess_close() {
     return true;
   }

   function _sess_read($key) {
     $value_query = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'");
     $value = tep_db_fetch_array($value_query);

     if (isset($value['value'])) {
       return $value['value'];
     }

     return false;
   }

   function _sess_write($key, $val) {
     global $SESS_LIFE;

     $expiry = time() + $SESS_LIFE;
     $value = $val;

     $check_query = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
     $check = tep_db_fetch_array($check_query);

     if ($check['total'] > 0) {
       return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'");
     } else {
       return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')");
     }
   }

   function _sess_destroy($key) {
     return tep_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
   }

   function _sess_gc($maxlifetime) {
     tep_db_query("delete from " . TABLE_SESSIONS . " where expiry < '" . time() . "'");

     return true;
   }

   session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
 }

 function tep_session_start() {
   global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;

   $sane_session_id = true;

   if (isset($HTTP_GET_VARS[tep_session_name()])) {
     if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) {
       unset($HTTP_GET_VARS[tep_session_name()]);

       $sane_session_id = false;
     }
   } elseif (isset($HTTP_POST_VARS[tep_session_name()])) {
     if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) {
       unset($HTTP_POST_VARS[tep_session_name()]);

       $sane_session_id = false;
     }
   } elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {
     if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) {
       $session_data = session_get_cookie_params();

       setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']);

       $sane_session_id = false;
     }
   }

   if ($sane_session_id == false) {
     tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
   }

   return session_start();
 }

 function tep_session_register($variable) {
   global $session_started;

   if ($session_started == true) {
     if (PHP_VERSION < 4.3) {
       return session_register($variable);
     } else {
       $_SESSION[$variable] = (isset($GLOBALS[$variable])) ? $GLOBALS[$variable] : null;

       $GLOBALS[$variable] =& $_SESSION[$variable];
     }
   }

   return false;
 }

 function tep_session_is_registered($variable) {
   if (PHP_VERSION < 4.3) {
     return session_is_registered($variable);
   } else {
     return isset($_SESSION[$variable]);
   }
 }

 function tep_session_unregister($variable) {
   if (PHP_VERSION < 4.3) {
     return session_unregister($variable);
   } else {
     unset($_SESSION[$variable]);
   }
 }

 function tep_session_id($sessid = '') {
   if (!empty($sessid)) {
     return session_id($sessid);
   } else {
     return session_id();
   }
 }

 function tep_session_name($name = '') {
   if (!empty($name)) {
     return session_name($name);
   } else {
     return session_name();
   }
 }

 function tep_session_close() {
   if (PHP_VERSION >= '4.0.4') {
     return session_write_close();
   } elseif (function_exists('session_close')) {
     return session_close();
   }
 }

 function tep_session_destroy() {
   return session_destroy();
 }

 function tep_session_save_path($path = '') {
   if (!empty($path)) {
     return session_save_path($path);
   } else {
     return session_save_path();
   }
 }

 function tep_session_recreate() {
   if (PHP_VERSION >= 4.1) {
     $session_backup = $_SESSION;

     unset($_COOKIE[tep_session_name()]);

     tep_session_destroy();

     if (STORE_SESSIONS == 'mysql') {
       session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
     }

     tep_session_start();

     $_SESSION = $session_backup;
     unset($session_backup);
   }
 }
?>

 

CODE FOR HTML_OUTPUT.PHP

 

<?php
/*
 $Id: html_output.php,v 1.56 2003/07/09 01:15:48 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2007 osCommerce

 Released under the GNU General Public License
*/

//// 
// ULTIMATE Seo Urls 5 by FWR Media 
// The HTML href link wrapper function 
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { 
   global $seo_urls, $languages_id, $request_type, $session_started, $sid;                 
   if ( !is_object($seo_urls) ){ 
     include_once DIR_WS_MODULES . 'ultimate_seo_urls5' . DIRECTORY_SEPARATOR . 'classes' . DIRECTORY_SEPARATOR . 'usu.php'; 
     $seo_urls = new usu($languages_id, $request_type, $session_started, $sid); 
   } 
   return $seo_urls->href_link($page, $parameters, $connection, $add_session_id); 

 }


////
// The HTML image wrapper function
 function tep_image($src, $alt = '', $width = '', $height = '', $parameters = '') {
   if ( (empty($src) || ($src == DIR_WS_IMAGES)) && (IMAGE_REQUIRED == 'false') ) {
     return false;
   }

// alt is added to the img tag even if it is null to prevent browsers from outputting
// the image filename as default
   $image = '<img src="' . tep_output_string($src) . '" border="0" alt="' . tep_output_string($alt) . '"';

   if (tep_not_null($alt)) {
     $image .= ' title=" ' . tep_output_string($alt) . ' "';
   }

   if ( (CONFIG_CALCULATE_IMAGE_SIZE == 'true') && (empty($width) || empty($height)) ) {
     if ($image_size = @getimagesize($src)) {
       if (empty($width) && tep_not_null($height)) {
         $ratio = $height / $image_size[1];
         $width = intval($image_size[0] * $ratio);
       } elseif (tep_not_null($width) && empty($height)) {
         $ratio = $width / $image_size[0];
         $height = intval($image_size[1] * $ratio);
       } elseif (empty($width) && empty($height)) {
         $width = $image_size[0];
         $height = $image_size[1];
       }
     } elseif (IMAGE_REQUIRED == 'false') {
       return false;
     }
   }

   if (tep_not_null($width) && tep_not_null($height)) {
     $image .= ' width="' . tep_output_string($width) . '" height="' . tep_output_string($height) . '"';
   }

   if (tep_not_null($parameters)) $image .= ' ' . $parameters;

   $image .= '>';

   return $image;
 }

////
// The HTML form submit button wrapper function
// Outputs a button in the selected language
 function tep_image_submit($image, $alt = '', $parameters = '') {
   global $language;

   $image_submit = '<input type="image" src="' . tep_output_string(DIR_WS_LANGUAGES . $language . '/images/buttons/' . $image) . '" border="0" alt="' . tep_output_string($alt) . '"';

   if (tep_not_null($alt)) $image_submit .= ' title=" ' . tep_output_string($alt) . ' "';

   if (tep_not_null($parameters)) $image_submit .= ' ' . $parameters;

   $image_submit .= '>';

   return $image_submit;
 }

////
// Output a function button in the selected language
 function tep_image_button($image, $alt = '', $parameters = '') {
   global $language;

   return tep_image(DIR_WS_LANGUAGES . $language . '/images/buttons/' . $image, $alt, '', '', $parameters);
 }

////
// Output a separator either through whitespace, or with an image
 function tep_draw_separator($image = 'pixel_black.gif', $width = '100%', $height = '1') {
   return tep_image(DIR_WS_IMAGES . $image, '', $width, $height);
 }

////
// Output a form
 function tep_draw_form($name, $action, $method = 'post', $parameters = '') {
   $form = '<form name="' . tep_output_string($name) . '" action="' . tep_output_string($action) . '" method="' . tep_output_string($method) . '"';

   if (tep_not_null($parameters)) $form .= ' ' . $parameters;

   $form .= '>';

   return $form;
 }

////
// Output a form input field
 function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) {
   global $HTTP_GET_VARS, $HTTP_POST_VARS;

   $field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';

   if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
     if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
       $value = stripslashes($HTTP_GET_VARS[$name]);
     } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
       $value = stripslashes($HTTP_POST_VARS[$name]);
     }
   }

   if (tep_not_null($value)) {
     $field .= ' value="' . tep_output_string($value) . '"';
   }

   if (tep_not_null($parameters)) $field .= ' ' . $parameters;

   $field .= '>';

   return $field;
 }

////
// Output a form password field
 function tep_draw_password_field($name, $value = '', $parameters = 'maxlength="40"') {
   return tep_draw_input_field($name, $value, $parameters, 'password', false);
 }

////
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field()
 function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') {
   global $HTTP_GET_VARS, $HTTP_POST_VARS;

   $selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';

   if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"';

   if ( ($checked == true) || (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name]) && (($HTTP_GET_VARS[$name] == 'on') || (stripslashes($HTTP_GET_VARS[$name]) == $value))) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name]) && (($HTTP_POST_VARS[$name] == 'on') || (stripslashes($HTTP_POST_VARS[$name]) == $value))) ) {
     $selection .= ' CHECKED';
   }

   if (tep_not_null($parameters)) $selection .= ' ' . $parameters;

   $selection .= '>';

   return $selection;
 }

////
// Output a form checkbox field
 function tep_draw_checkbox_field($name, $value = '', $checked = false, $parameters = ' style="background:none;"') {
   return tep_draw_selection_field($name, 'checkbox', $value, $checked, $parameters);
 }

////
// Output a form radio field
 function tep_draw_radio_field($name, $value = '', $checked = false, $parameters = ' style="background:none;"') {
   return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters);
 }

////
// Output a form textarea field
 function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) {
   global $HTTP_GET_VARS, $HTTP_POST_VARS;

   $field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"';

   if (tep_not_null($parameters)) $field .= ' ' . $parameters;

   $field .= '>';

   if ( ($reinsert_value == true) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
     if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
       $field .= tep_output_string_protected(stripslashes($HTTP_GET_VARS[$name]));
     } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
       $field .= tep_output_string_protected(stripslashes($HTTP_POST_VARS[$name]));
     }
   } elseif (tep_not_null($text)) {
     $field .= tep_output_string_protected($text);
   }

   $field .= '</textarea>';

   return $field;
 }


////
// Output a form textarea field w/ fckeditor
 function tep_draw_fckeditor($name, $width, $height, $text) {

$oFCKeditor = new FCKeditor($name);
$oFCKeditor -> Width  = $width;
$oFCKeditor -> Height = $height;
$oFCKeditor -> BasePath	= 'fckeditor/';
$oFCKeditor -> Value = $text;

   $field = $oFCKeditor->Create($name);

   return $field;
 }

////
// Output a form hidden field
 function tep_draw_hidden_field($name, $value = '', $parameters = '') {
   global $HTTP_GET_VARS, $HTTP_POST_VARS;

   $field = '<input type="hidden" name="' . tep_output_string($name) . '"';

   if (tep_not_null($value)) {
     $field .= ' value="' . tep_output_string($value) . '"';
   } elseif ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) {
     if ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) ) {
       $field .= ' value="' . tep_output_string(stripslashes($HTTP_GET_VARS[$name])) . '"';
     } elseif ( (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) {
       $field .= ' value="' . tep_output_string(stripslashes($HTTP_POST_VARS[$name])) . '"';
     }
   }

   if (tep_not_null($parameters)) $field .= ' ' . $parameters;

   $field .= '>';

   return $field;
 }

////
// Hide form elements
 function tep_hide_session_id() {
   global $session_started, $SID;

   if (($session_started == true) && tep_not_null($SID)) {
     return tep_draw_hidden_field(tep_session_name(), tep_session_id());
   }
 }

////
// Output a form pull down menu
 function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) {
   global $HTTP_GET_VARS, $HTTP_POST_VARS;

   $field = '<select name="' . tep_output_string($name) . '"';

   if (tep_not_null($parameters)) $field .= ' ' . $parameters;

   $field .= '>';

   if (empty($default) && ( (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) || (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) ) ) {
     if (isset($HTTP_GET_VARS[$name]) && is_string($HTTP_GET_VARS[$name])) {
       $default = stripslashes($HTTP_GET_VARS[$name]);
     } elseif (isset($HTTP_POST_VARS[$name]) && is_string($HTTP_POST_VARS[$name])) {
       $default = stripslashes($HTTP_POST_VARS[$name]);
     }
   }

   for ($i=0, $n=sizeof($values); $i<$n; $i++) {
     $field .= '<option value="' . tep_output_string($values[$i]['id']) . '"';
     if ($default == $values[$i]['id']) {
       $field .= ' SELECTED';
     }

     $field .= '>' . tep_output_string($values[$i]['text'], array('"' => '"', '\'' => ''', '<' => '<', '>' => '>')) . '</option>';
   }
   $field .= '</select>';

   if ($required == true) $field .= TEXT_FIELD_REQUIRED;

   return $field;
 }

////
// Creates a pull-down list of countries
 function tep_get_country_list($name, $selected = '', $parameters = '') {
   $countries_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT));
   $countries = tep_get_countries();

   for ($i=0, $n=sizeof($countries); $i<$n; $i++) {
     $countries_array[] = array('id' => $countries[$i]['countries_id'], 'text' => $countries[$i]['countries_name']);
   }

   return tep_draw_pull_down_menu($name, $countries_array, $selected, $parameters);
 }

////
// Creates a pull-down list for dates	
function tep_pull_down_date($name='date', $day='', $month='', $year='', $mnth=false, $starty=1900){
$day = $day ? $day : date('d');
$month = $month ? $month : date('m');
$year = $year ? $year : date('Y');
$endy = date('Y') - 8; // latest year in drop (ie 8 years ago)
if ($starty=='') {$starty=date('Y')-1;$endy=date('Y')+2;} 
$named = $name . 'd';
$namem = $name . 'm';
// Array for days
$days=array();
$days[] = array('id' => '00', 'text' => ENTRY_DAY);
for($i=1; $i<=31; $i++){
 	$j = strlen($i)!= 2 ? '0' . $i : $i;
 	$days[] = array('id' => $j, 'text' => $j); 
}
// Array for months
if ($mnth) {  // if true output full textual month otherwise numeric
	$months[] = array('id' => '00', 'text' => ENTRY_MONTH);
	for($i=1; $i<=12; $i++){
	  $j = strlen($i)!= 2 ? '0' . $i : $i;
   	$months[] = array('id' => $j, 'text' => date('F',mktime(0, 0, 0, $i, 12, 1980)));
	}
} else {
	for($i=1; $i<=12; $i++){
   	 $j = strlen($i)!= 2 ? '0' . $i : $i;
    	 $months[] = array('id' => $j, 'text' => $j); 
   }
}
 // Array for years
for($i=$starty; $i<=$endy; $i++){
	$years[] = array('id' => $i, 'text' => $i); 
}
// Output drop formated by country

// mm dd yy contries = 38 canada,139 Micronesia,163 Palau,168 Philippines,223 & 224 United States
 $rev_dates = array(223, 224, 38, 139, 163, 168);
if (in_array(STORE_COUNTRY,$rev_dates)) { 
	$field = tep_draw_pull_down_menu($named, $months, $month);
	$field .= tep_draw_pull_down_menu($namem, $days, $day); 
} else {
	$field = tep_draw_pull_down_menu($named, $days, $day);
	$field .= tep_draw_pull_down_menu($namem, $months, $month); 
}
$field .= tep_draw_pull_down_menu($name, $years, $year);

return $field ;
}


?>

 

CODE FOR GENERAL.PHP:

 

<?php
/*
 $Id: general.php,v 1.231 2003/07/09 01:15:48 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2007 osCommerce

 Released under the GNU General Public License
*/

////
// Stop from parsing any further PHP code
 function tep_exit() {
  tep_session_close();
  exit();
 }

// ULTIMATE Seo Urls 5 by FWR Media 
// Redirect to another page or site 
 function tep_redirect($url) { 
   if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {  
     tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); 
   } 

   if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page 
     if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url 
       $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL 
     } 
   } 
   if ( false !== strpos($url, '&') ){ 
     $url = str_replace('&', '&', $url); 
   } 
   session_write_close(); 
   header('Location: ' . $url); 
   exit; 
 }

////
// Parse the data used in the html tags to ensure the tags will not break
 function tep_parse_input_field_data($data, $parse) {
   return strtr(trim($data), $parse);
 }

 function tep_output_string($string, $translate = false, $protected = false) {
   if ($protected == true) {
     return htmlspecialchars($string);
   } else {
     if ($translate == false) {
       return tep_parse_input_field_data($string, array('"' => '"'));
     } else {
       return tep_parse_input_field_data($string, $translate);
     }
   }
 }

 function tep_output_string_protected($string) {
   return tep_output_string($string, false, true);
 }

 function tep_sanitize_string($string) {
   $string = ereg_replace(' +', ' ', trim($string));

   return preg_replace("/[<>]/", '_', $string);
 }

////
// Return a random row from a database query
 function tep_random_select($query) {
   $random_product = '';
   $random_query = tep_db_query($query);
   $num_rows = tep_db_num_rows($random_query);
   if ($num_rows > 0) {
     $random_row = tep_rand(0, ($num_rows - 1));
     tep_db_data_seek($random_query, $random_row);
     $random_product = tep_db_fetch_array($random_query);
   }

   return $random_product;
 }

////
// Return a product's name
// TABLES: products
 function tep_get_products_name($product_id, $language = '') {
   global $languages_id;

   if (empty($language)) $language = $languages_id;

   $product_query = tep_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int)$product_id . "' and language_id = '" . (int)$language . "'");
   $product = tep_db_fetch_array($product_query);

   return $product['products_name'];
 }

////
// Return a product's special price (returns nothing if there is no offer)
// TABLES: products
 function tep_get_products_special_price($product_id) {
   $product_query = tep_db_query("select specials_new_products_price from " . TABLE_SPECIALS . " where products_id = '" . (int)$product_id . "' and status");
   $product = tep_db_fetch_array($product_query);

   return $product['specials_new_products_price'];
 }

////
// Return a product's stock
// TABLES: products
 function tep_get_products_stock($products_id) {
   $products_id = tep_get_prid($products_id);
   $stock_query = tep_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . (int)$products_id . "'");
   $stock_values = tep_db_fetch_array($stock_query);

   return $stock_values['products_quantity'];
 }

////
// Check if the required stock is available
// If insufficent stock is available return an out of stock message
 function tep_check_stock($products_id, $products_quantity) {
   $stock_left = tep_get_products_stock($products_id) - $products_quantity;
   $out_of_stock = '';

   if ($stock_left < 0) {
     $out_of_stock = '<span class="markProductOutOfStock">' . STOCK_MARK_PRODUCT_OUT_OF_STOCK . '</span>';
   }

   return $out_of_stock;
 }

////
// Break a word in a string if it is longer than a specified length ($len)
 function tep_break_string($string, $len, $break_char = '-') {
   $l = 0;
   $output = '';
   for ($i=0, $n=strlen($string); $i<$n; $i++) {
     $char = substr($string, $i, 1);
     if ($char != ' ') {
       $l++;
     } else {
       $l = 0;
     }
     if ($l > $len) {
       $l = 1;
       $output .= $break_char;
     }
     $output .= $char;
   }

   return $output;
 }

////
// Return all HTTP GET variables, except those passed as a parameter
 function tep_get_all_get_params($exclude_array = '') {
   global $HTTP_GET_VARS;

   if (!is_array($exclude_array)) $exclude_array = array();

   $get_url = '';
   if (is_array($HTTP_GET_VARS) && (sizeof($HTTP_GET_VARS) > 0)) {
     reset($HTTP_GET_VARS);
     while (list($key, $value) = each($HTTP_GET_VARS)) {
       if ( (strlen($value) > 0) && ($key != tep_session_name()) && ($key != 'error') && (!in_array($key, $exclude_array)) && ($key != 'x') && ($key != 'y') ) {
         $get_url .= $key . '=' . rawurlencode(stripslashes($value)) . '&';
       }
     }
   }

   return $get_url;
 }

////
// Returns an array with countries
// TABLES: countries
 function tep_get_countries($countries_id = '', $with_iso_codes = false) {
   $countries_array = array();
   if (tep_not_null($countries_id)) {
     if ($with_iso_codes == true) {
       $countries = tep_db_query("select countries_name, countries_iso_code_2, countries_iso_code_3 from " . TABLE_COUNTRIES . " where countries_id = '" . (int)$countries_id . "' order by countries_name");
       $countries_values = tep_db_fetch_array($countries);
       $countries_array = array('countries_name' => $countries_values['countries_name'],
                                'countries_iso_code_2' => $countries_values['countries_iso_code_2'],
                                'countries_iso_code_3' => $countries_values['countries_iso_code_3']);
     } else {
       $countries = tep_db_query("select countries_name from " . TABLE_COUNTRIES . " where countries_id = '" . (int)$countries_id . "'");
       $countries_values = tep_db_fetch_array($countries);
       $countries_array = array('countries_name' => $countries_values['countries_name']);
     }
   } else {
     $countries = tep_db_query("select countries_id, countries_name from " . TABLE_COUNTRIES . " order by countries_name");
     while ($countries_values = tep_db_fetch_array($countries)) {
       $countries_array[] = array('countries_id' => $countries_values['countries_id'],
                                  'countries_name' => $countries_values['countries_name']);
     }
   }

   return $countries_array;
 }

////
// Alias function to tep_get_countries, which also returns the countries iso codes
 function tep_get_countries_with_iso_codes($countries_id) {
   return tep_get_countries($countries_id, true);
 }

////
// Generate a path to categories
 function tep_get_path($current_category_id = '') {
   global $cPath_array;

   if (tep_not_null($current_category_id)) {
     $cp_size = sizeof($cPath_array);
     if ($cp_size == 0) {
       $cPath_new = $current_category_id;
     } else {
       $cPath_new = '';
       $last_category_query = tep_db_query("select parent_id from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$cPath_array[($cp_size-1)] . "'");
       $last_category = tep_db_fetch_array($last_category_query);

       $current_category_query = tep_db_query("select parent_id from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");
       $current_category = tep_db_fetch_array($current_category_query);

       if ($last_category['parent_id'] == $current_category['parent_id']) {
         for ($i=0; $i<($cp_size-1); $i++) {
           $cPath_new .= '_' . $cPath_array[$i];
         }
       } else {
         for ($i=0; $i<$cp_size; $i++) {
           $cPath_new .= '_' . $cPath_array[$i];
         }
       }
       $cPath_new .= '_' . $current_category_id;

       if (substr($cPath_new, 0, 1) == '_') {
         $cPath_new = substr($cPath_new, 1);
       }
     }
   } else {
     $cPath_new = implode('_', $cPath_array);
   }

   return 'cPath=' . $cPath_new;
 }

////
// Returns the clients browser
 function tep_browser_detect($component) {
   global $HTTP_USER_AGENT;

   return stristr($HTTP_USER_AGENT, $component);
 }

////
// Alias function to tep_get_countries()
 function tep_get_country_name($country_id) {
   $country_array = tep_get_countries($country_id);

   return $country_array['countries_name'];
 }

////
// Returns the zone (State/Province) name
// TABLES: zones
 function tep_get_zone_name($country_id, $zone_id, $default_zone) {
   $zone_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country_id . "' and zone_id = '" . (int)$zone_id . "'");
   if (tep_db_num_rows($zone_query)) {
     $zone = tep_db_fetch_array($zone_query);
     return $zone['zone_name'];
   } else {
     return $default_zone;
   }
 }

////
// Returns the zone (State/Province) code
// TABLES: zones
 function tep_get_zone_code($country_id, $zone_id, $default_zone) {
   $zone_query = tep_db_query("select zone_code from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country_id . "' and zone_id = '" . (int)$zone_id . "'");
   if (tep_db_num_rows($zone_query)) {
     $zone = tep_db_fetch_array($zone_query);
     return $zone['zone_code'];
   } else {
     return $default_zone;
   }
 }

////
// Wrapper function for round()
 function tep_round($number, $precision) {
   if (strpos($number, '.') && (strlen(substr($number, strpos($number, '.')+1)) > $precision)) {
     $number = substr($number, 0, strpos($number, '.') + 1 + $precision + 1);

     if (substr($number, -1) >= 5) {
       if ($precision > 1) {
         $number = substr($number, 0, -1) + ('0.' . str_repeat(0, $precision-1) . '1');
       } elseif ($precision == 1) {
         $number = substr($number, 0, -1) + 0.1;
       } else {
         $number = substr($number, 0, -1) + 1;
       }
     } else {
       $number = substr($number, 0, -1);
     }
   }

   return $number;
 }

////
// Returns the tax rate for a zone / class
// TABLES: tax_rates, zones_to_geo_zones
 function tep_get_tax_rate($class_id, $country_id = -1, $zone_id = -1) {
   global $customer_zone_id, $customer_country_id;

   if ( ($country_id == -1) && ($zone_id == -1) ) {
     if (!tep_session_is_registered('customer_id')) {
       $country_id = STORE_COUNTRY;
       $zone_id = STORE_ZONE;
     } else {
       $country_id = $customer_country_id;
       $zone_id = $customer_zone_id;
     }
   }

   $tax_query = tep_db_query("select sum(tax_rate) as tax_rate from " . TABLE_TAX_RATES . " tr left join " . TABLE_ZONES_TO_GEO_ZONES . " za on (tr.tax_zone_id = za.geo_zone_id) left join " . TABLE_GEO_ZONES . " tz on (tz.geo_zone_id = tr.tax_zone_id) where (za.zone_country_id is null or za.zone_country_id = '0' or za.zone_country_id = '" . (int)$country_id . "') and (za.zone_id is null or za.zone_id = '0' or za.zone_id = '" . (int)$zone_id . "') and tr.tax_class_id = '" . (int)$class_id . "' group by tr.tax_priority");
   if (tep_db_num_rows($tax_query)) {
     $tax_multiplier = 1.0;
     while ($tax = tep_db_fetch_array($tax_query)) {
       $tax_multiplier *= 1.0 + ($tax['tax_rate'] / 100);
     }
     return ($tax_multiplier - 1.0) * 100;
   } else {
     return 0;
   }
 }

////
// Return the tax description for a zone / class
// TABLES: tax_rates;
 function tep_get_tax_description($class_id, $country_id, $zone_id) {
   $tax_query = tep_db_query("select tax_description from " . TABLE_TAX_RATES . " tr left join " . TABLE_ZONES_TO_GEO_ZONES . " za on (tr.tax_zone_id = za.geo_zone_id) left join " . TABLE_GEO_ZONES . " tz on (tz.geo_zone_id = tr.tax_zone_id) where (za.zone_country_id is null or za.zone_country_id = '0' or za.zone_country_id = '" . (int)$country_id . "') and (za.zone_id is null or za.zone_id = '0' or za.zone_id = '" . (int)$zone_id . "') and tr.tax_class_id = '" . (int)$class_id . "' order by tr.tax_priority");
   if (tep_db_num_rows($tax_query)) {
     $tax_description = '';
     while ($tax = tep_db_fetch_array($tax_query)) {
       $tax_description .= $tax['tax_description'] . ' + ';
     }
     $tax_description = substr($tax_description, 0, -3);

     return $tax_description;
   } else {
     return TEXT_UNKNOWN_TAX_RATE;
   }
 }

////
// Add tax to a products price
 function tep_add_tax($price, $tax) {
   if ( (DISPLAY_PRICE_WITH_TAX == 'true') && ($tax > 0) ) {
     return $price + tep_calculate_tax($price, $tax);
   } else {
     return $price;
   }
 }

// Calculates Tax rounding the result
 function tep_calculate_tax($price, $tax) {
   return $price * $tax / 100;
 }

////
// Return the number of products in a category
// TABLES: products, products_to_categories, categories
 function tep_count_products_in_category($category_id, $include_inactive = false) {
   $products_count = 0;
   if ($include_inactive == true) {
     $products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$category_id . "'");
   } else {
     $products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = p2c.products_id and p.products_status = '1' and p2c.categories_id = '" . (int)$category_id . "'");
   }
   $products = tep_db_fetch_array($products_query);
   $products_count += $products['total'];

   $child_categories_query = tep_db_query("select categories_id from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$category_id . "'");
   if (tep_db_num_rows($child_categories_query)) {
     while ($child_categories = tep_db_fetch_array($child_categories_query)) {
       $products_count += tep_count_products_in_category($child_categories['categories_id'], $include_inactive);
     }
   }

   return $products_count;
 }

////
// Return true if the category has subcategories
// TABLES: categories
 function tep_has_category_subcategories($category_id) {
   $child_category_query = tep_db_query("select count(*) as count from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$category_id . "'");
   $child_category = tep_db_fetch_array($child_category_query);

   if ($child_category['count'] > 0) {
     return true;
   } else {
     return false;
   }
 }

////
// Returns the address_format_id for the given country
// TABLES: countries;
 function tep_get_address_format_id($country_id) {
   $address_format_query = tep_db_query("select address_format_id as format_id from " . TABLE_COUNTRIES . " where countries_id = '" . (int)$country_id . "'");
   if (tep_db_num_rows($address_format_query)) {
     $address_format = tep_db_fetch_array($address_format_query);
     return $address_format['format_id'];
   } else {
     return '1';
   }
 }

////
// Return a formatted address
// TABLES: address_format
 function tep_address_format($address_format_id, $address, $html, $boln, $eoln) {
   $address_format_query = tep_db_query("select address_format as format from " . TABLE_ADDRESS_FORMAT . " where address_format_id = '" . (int)$address_format_id . "'");
   $address_format = tep_db_fetch_array($address_format_query);

   $company = tep_output_string_protected($address['company']);
   if (isset($address['firstname']) && tep_not_null($address['firstname'])) {
     $firstname = tep_output_string_protected($address['firstname']);
     $lastname = tep_output_string_protected($address['lastname']);
   } elseif (isset($address['name']) && tep_not_null($address['name'])) {
     $firstname = tep_output_string_protected($address['name']);
     $lastname = '';
   } else {
     $firstname = '';
     $lastname = '';
   }
   $street = tep_output_string_protected($address['street_address']);
   $suburb = tep_output_string_protected($address['suburb']);
   $city = tep_output_string_protected($address['city']);
   $state = tep_output_string_protected($address['state']);
   if (isset($address['country_id']) && tep_not_null($address['country_id'])) {
     $country = tep_get_country_name($address['country_id']);

     if (isset($address['zone_id']) && tep_not_null($address['zone_id'])) {
       $state = tep_get_zone_code($address['country_id'], $address['zone_id'], $state);
     }
   } elseif (isset($address['country']) && tep_not_null($address['country'])) {
     $country = tep_output_string_protected($address['country']['title']);
   } else {
     $country = '';
   }
   $postcode = tep_output_string_protected($address['postcode']);
   $zip = $postcode;

   if ($html) {
// HTML Mode
     $HR = '<hr>';
     $hr = '<hr>';
     if ( ($boln == '') && ($eoln == "\n") ) { // Values not specified, use rational defaults
       $CR = '<br>';
       $cr = '<br>';
       $eoln = $cr;
     } else { // Use values supplied
       $CR = $eoln . $boln;
       $cr = $CR;
     }
   } else {
// Text Mode
     $CR = $eoln;
     $cr = $CR;
     $HR = '----------------------------------------';
     $hr = '----------------------------------------';
   }

   $statecomma = '';
   $streets = $street;
   if ($suburb != '') $streets = $street . $cr . $suburb;
   if ($state != '') $statecomma = $state . ', ';

   $fmt = $address_format['format'];
   eval("\$address = \"$fmt\";");

   if ( (ACCOUNT_COMPANY == 'true') && (tep_not_null($company)) ) {
     $address = $company . $cr . $address;
   }

   return $address;
 }

////
// Return a formatted address
// TABLES: customers, address_book
 function tep_address_label($customers_id, $address_id = 1, $html = false, $boln = '', $eoln = "\n") {
   $address_query = tep_db_query("select entry_firstname as firstname, entry_lastname as lastname, entry_company as company, entry_street_address as street_address, entry_suburb as suburb, entry_city as city, entry_postcode as postcode, entry_state as state, entry_zone_id as zone_id, entry_country_id as country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customers_id . "' and address_book_id = '" . (int)$address_id . "'");
   $address = tep_db_fetch_array($address_query);

   $format_id = tep_get_address_format_id($address['country_id']);

   return tep_address_format($format_id, $address, $html, $boln, $eoln);
 }

 function tep_row_number_format($number) {
   if ( ($number < 10) && (substr($number, 0, 1) != '0') ) $number = '0' . $number;

   return $number;
 }

 function tep_get_categories($categories_array = '', $parent_id = '0', $indent = '') {
   global $languages_id;

   if (!is_array($categories_array)) $categories_array = array();

   $categories_query = tep_db_query("select c.categories_id, cd.categories_name from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where parent_id = '" . (int)$parent_id . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name");
   while ($categories = tep_db_fetch_array($categories_query)) {
     $categories_array[] = array('id' => $categories['categories_id'],
                                 'text' => $indent . $categories['categories_name']);

     if ($categories['categories_id'] != $parent_id) {
       $categories_array = tep_get_categories($categories_array, $categories['categories_id'], $indent . '  ');
     }
   }

   return $categories_array;
 }

 function tep_get_manufacturers($manufacturers_array = '') {
   if (!is_array($manufacturers_array)) $manufacturers_array = array();

   $manufacturers_query = tep_db_query("select manufacturers_id, manufacturers_name from " . TABLE_MANUFACTURERS . " order by manufacturers_name");
   while ($manufacturers = tep_db_fetch_array($manufacturers_query)) {
     $manufacturers_array[] = array('id' => $manufacturers['manufacturers_id'], 'text' => $manufacturers['manufacturers_name']);
   }

   return $manufacturers_array;
 }

////
// Return all subcategory IDs
// TABLES: categories
 function tep_get_subcategories(&$subcategories_array, $parent_id = 0) {
   $subcategories_query = tep_db_query("select categories_id from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$parent_id . "'");
   while ($subcategories = tep_db_fetch_array($subcategories_query)) {
     $subcategories_array[sizeof($subcategories_array)] = $subcategories['categories_id'];
     if ($subcategories['categories_id'] != $parent_id) {
       tep_get_subcategories($subcategories_array, $subcategories['categories_id']);
     }
   }
 }

// Output a raw date string in the selected locale date format
// $raw_date needs to be in this format: YYYY-MM-DD HH:MM:SS
 function tep_date_long($raw_date) {
   if ( ($raw_date == '0000-00-00 00:00:00') || ($raw_date == '') ) return false;

   $year = (int)substr($raw_date, 0, 4);
   $month = (int)substr($raw_date, 5, 2);
   $day = (int)substr($raw_date, 8, 2);
   $hour = (int)substr($raw_date, 11, 2);
   $minute = (int)substr($raw_date, 14, 2);
   $second = (int)substr($raw_date, 17, 2);

   return strftime(DATE_FORMAT_LONG, mktime($hour,$minute,$second,$month,$day,$year));
 }

////
// Output a raw date string in the selected locale date format
// $raw_date needs to be in this format: YYYY-MM-DD HH:MM:SS
// NOTE: Includes a workaround for dates before 01/01/1970 that fail on windows servers
 function tep_date_short($raw_date) {
   if ( ($raw_date == '0000-00-00 00:00:00') || empty($raw_date) ) return false;

   $year = substr($raw_date, 0, 4);
   $month = (int)substr($raw_date, 5, 2);
   $day = (int)substr($raw_date, 8, 2);
   $hour = (int)substr($raw_date, 11, 2);
   $minute = (int)substr($raw_date, 14, 2);
   $second = (int)substr($raw_date, 17, 2);

   if (@date('Y', mktime($hour, $minute, $second, $month, $day, $year)) == $year) {
     return date(DATE_FORMAT, mktime($hour, $minute, $second, $month, $day, $year));
   } else {
     return ereg_replace('2037' . '$', $year, date(DATE_FORMAT, mktime($hour, $minute, $second, $month, $day, 2037)));
   }
 }

////
// Parse search string into indivual objects
 function tep_parse_search_string($search_str = '', &$objects) {
   $search_str = trim(strtolower($search_str));

// Break up $search_str on whitespace; quoted string will be reconstructed later
   $pieces = split('[[:space:]]+', $search_str);
   $objects = array();
   $tmpstring = '';
   $flag = '';

   for ($k=0; $k<count($pieces); $k++) {
     while (substr($pieces[$k], 0, 1) == '(') {
       $objects[] = '(';
       if (strlen($pieces[$k]) > 1) {
         $pieces[$k] = substr($pieces[$k], 1);
       } else {
         $pieces[$k] = '';
       }
     }

     $post_objects = array();

     while (substr($pieces[$k], -1) == ')')  {
       $post_objects[] = ')';
       if (strlen($pieces[$k]) > 1) {
         $pieces[$k] = substr($pieces[$k], 0, -1);
       } else {
         $pieces[$k] = '';
       }
     }

// Check individual words

     if ( (substr($pieces[$k], -1) != '"') && (substr($pieces[$k], 0, 1) != '"') ) {
       $objects[] = trim($pieces[$k]);

       for ($j=0; $j<count($post_objects); $j++) {
         $objects[] = $post_objects[$j];
       }
     } else {
/* This means that the $piece is either the beginning or the end of a string.
  So, we'll slurp up the $pieces and stick them together until we get to the
  end of the string or run out of pieces.
*/

// Add this word to the $tmpstring, starting the $tmpstring
       $tmpstring = trim(ereg_replace('"', ' ', $pieces[$k]));

// Check for one possible exception to the rule. That there is a single quoted word.
       if (substr($pieces[$k], -1 ) == '"') {
// Turn the flag off for future iterations
         $flag = 'off';

         $objects[] = trim($pieces[$k]);

         for ($j=0; $j<count($post_objects); $j++) {
           $objects[] = $post_objects[$j];
         }

         unset($tmpstring);

// Stop looking for the end of the string and move onto the next word.
         continue;
       }

// Otherwise, turn on the flag to indicate no quotes have been found attached to this word in the string.
       $flag = 'on';

// Move on to the next word
       $k++;

// Keep reading until the end of the string as long as the $flag is on

       while ( ($flag == 'on') && ($k < count($pieces)) ) {
         while (substr($pieces[$k], -1) == ')') {
           $post_objects[] = ')';
           if (strlen($pieces[$k]) > 1) {
             $pieces[$k] = substr($pieces[$k], 0, -1);
           } else {
             $pieces[$k] = '';
           }
         }

// If the word doesn't end in double quotes, append it to the $tmpstring.
         if (substr($pieces[$k], -1) != '"') {
// Tack this word onto the current string entity
           $tmpstring .= ' ' . $pieces[$k];

// Move on to the next word
           $k++;
           continue;
         } else {
/* If the $piece ends in double quotes, strip the double quotes, tack the
  $piece onto the tail of the string, push the $tmpstring onto the $haves,
  kill the $tmpstring, turn the $flag "off", and return.
*/
           $tmpstring .= ' ' . trim(ereg_replace('"', ' ', $pieces[$k]));

// Push the $tmpstring onto the array of stuff to search for
           $objects[] = trim($tmpstring);

           for ($j=0; $j<count($post_objects); $j++) {
             $objects[] = $post_objects[$j];
           }

           unset($tmpstring);

// Turn off the flag to exit the loop
           $flag = 'off';
         }
       }
     }
   }

// add default logical operators if needed
   $temp = array();
   for($i=0; $i<(count($objects)-1); $i++) {
     $temp[] = $objects[$i];
     if ( ($objects[$i] != 'and') &&
          ($objects[$i] != 'or') &&
          ($objects[$i] != '(') &&
          ($objects[$i+1] != 'and') &&
          ($objects[$i+1] != 'or') &&
          ($objects[$i+1] != ')') ) {
       $temp[] = ADVANCED_SEARCH_DEFAULT_OPERATOR;
     }
   }
   $temp[] = $objects[$i];
   $objects = $temp;

   $keyword_count = 0;
   $operator_count = 0;
   $balance = 0;
   for($i=0; $i<count($objects); $i++) {
     if ($objects[$i] == '(') $balance --;
     if ($objects[$i] == ')') $balance ++;
     if ( ($objects[$i] == 'and') || ($objects[$i] == 'or') ) {
       $operator_count ++;
     } elseif ( ($objects[$i]) && ($objects[$i] != '(') && ($objects[$i] != ')') ) {
       $keyword_count ++;
     }
   }

   if ( ($operator_count < $keyword_count) && ($balance == 0) ) {
     return true;
   } else {
     return false;
   }
 }

////
// Check date
 function tep_checkdate($date_to_check, $format_string, &$date_array) {
   $separator_idx = -1;

   $separators = array('-', ' ', '/', '.');
   $month_abbr = array('jan','feb','mar','apr','may','jun','jul','aug','sep','oct','nov','dec');
   $no_of_days = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);

   $format_string = strtolower($format_string);

   if (strlen($date_to_check) != strlen($format_string)) {
     return false;
   }

   $size = sizeof($separators);
   for ($i=0; $i<$size; $i++) {
     $pos_separator = strpos($date_to_check, $separators[$i]);
     if ($pos_separator != false) {
       $date_separator_idx = $i;
       break;
     }
   }

   for ($i=0; $i<$size; $i++) {
     $pos_separator = strpos($format_string, $separators[$i]);
     if ($pos_separator != false) {
       $format_separator_idx = $i;
       break;
     }
   }

   if ($date_separator_idx != $format_separator_idx) {
     return false;
   }

   if ($date_separator_idx != -1) {
     $format_string_array = explode( $separators[$date_separator_idx], $format_string );
     if (sizeof($format_string_array) != 3) {
       return false;
     }

     $date_to_check_array = explode( $separators[$date_separator_idx], $date_to_check );
     if (sizeof($date_to_check_array) != 3) {
       return false;
     }

     $size = sizeof($format_string_array);
     for ($i=0; $i<$size; $i++) {
       if ($format_string_array[$i] == 'mm' || $format_string_array[$i] == 'mmm') $month = $date_to_check_array[$i];
       if ($format_string_array[$i] == 'dd') $day = $date_to_check_array[$i];
       if ( ($format_string_array[$i] == 'yyyy') || ($format_string_array[$i] == 'aaaa') ) $year = $date_to_check_array[$i];
     }
   } else {
     if (strlen($format_string) == 8 || strlen($format_string) == 9) {
       $pos_month = strpos($format_string, 'mmm');
       if ($pos_month != false) {
         $month = substr( $date_to_check, $pos_month, 3 );
         $size = sizeof($month_abbr);
         for ($i=0; $i<$size; $i++) {
           if ($month == $month_abbr[$i]) {
             $month = $i;
             break;
           }
         }
       } else {
         $month = substr($date_to_check, strpos($format_string, 'mm'), 2);
       }
     } else {
       return false;
     }

     $day = substr($date_to_check, strpos($format_string, 'dd'), 2);
     $year = substr($date_to_check, strpos($format_string, 'yyyy'), 4);
   }

   if (strlen($year) != 4) {
     return false;
   }

   if (!settype($year, 'integer') || !settype($month, 'integer') || !settype($day, 'integer')) {
     return false;
   }

   if ($month > 12 || $month < 1) {
     return false;
   }

   if ($day < 1) {
     return false;
   }

   if (tep_is_leap_year($year)) {
     $no_of_days[1] = 29;
   }

   if ($day > $no_of_days[$month - 1]) {
     return false;
   }

   $date_array = array($year, $month, $day);

   return true;
 }

////
// Check if year is a leap year
 function tep_is_leap_year($year) {
   if ($year % 100 == 0) {
     if ($year % 400 == 0) return true;
   } else {
     if (($year % 4) == 0) return true;
   }

   return false;
 }

////
// Return table heading with sorting capabilities
 function tep_create_sort_heading($sortby, $colnum, $heading) {
   global $PHP_SELF;

   $sort_prefix = '';
   $sort_suffix = '';

   if ($sortby) {
     $sort_prefix = '<a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('page', 'info', 'sort')) . 'page=1&sort=' . $colnum . ($sortby == $colnum . 'a' ? 'd' : 'a')) . '" title="' . tep_output_string(TEXT_SORT_PRODUCTS . ($sortby == $colnum . 'd' || substr($sortby, 0, 1) != $colnum ? TEXT_ASCENDINGLY : TEXT_DESCENDINGLY) . TEXT_BY . $heading) . '" class="productListing-heading">' ;
     $sort_suffix = (substr($sortby, 0, 1) == $colnum ? (substr($sortby, 1, 1) == 'a' ? '+' : '-') : '') . '</a>';
   }

   return $sort_prefix . $heading . $sort_suffix;
 }

////
// Recursively go through the categories and retreive all parent categories IDs
// TABLES: categories
 function tep_get_parent_categories(&$categories, $categories_id) {
   $parent_categories_query = tep_db_query("select parent_id from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$categories_id . "'");
   while ($parent_categories = tep_db_fetch_array($parent_categories_query)) {
     if ($parent_categories['parent_id'] == 0) return true;
     $categories[sizeof($categories)] = $parent_categories['parent_id'];
     if ($parent_categories['parent_id'] != $categories_id) {
       tep_get_parent_categories($categories, $parent_categories['parent_id']);
     }
   }
 }

////
// Construct a category path to the product
// TABLES: products_to_categories
 function tep_get_product_path($products_id) {
   $cPath = '';

   $category_query = tep_db_query("select p2c.categories_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_id = '" . (int)$products_id . "' and p.products_status = '1' and p.products_id = p2c.products_id limit 1");
   if (tep_db_num_rows($category_query)) {
     $category = tep_db_fetch_array($category_query);

     $categories = array();
     tep_get_parent_categories($categories, $category['categories_id']);

     $categories = array_reverse($categories);

     $cPath = implode('_', $categories);

     if (tep_not_null($cPath)) $cPath .= '_';
     $cPath .= $category['categories_id'];
   }

   return $cPath;
 }

////
// Return a product ID with attributes
 function tep_get_uprid($prid, $params) {
   if (is_numeric($prid)) {
     $uprid = $prid;

     if (is_array($params) && (sizeof($params) > 0)) {
       $attributes_check = true;
       $attributes_ids = '';

       reset($params);
       while (list($option, $value) = each($params)) {
         if (is_numeric($option) && is_numeric($value)) {
           $attributes_ids .= '{' . (int)$option . '}' . (int)$value;
         } else {
           $attributes_check = false;
           break;
         }
       }

       if ($attributes_check == true) {
         $uprid .= $attributes_ids;
       }
     }
   } else {
     $uprid = tep_get_prid($prid);

     if (is_numeric($uprid)) {
       if (strpos($prid, '{') !== false) {
         $attributes_check = true;
         $attributes_ids = '';

// strpos()+1 to remove up to and including the first { which would create an empty array element in explode()
         $attributes = explode('{', substr($prid, strpos($prid, '{')+1));

         for ($i=0, $n=sizeof($attributes); $i<$n; $i++) {
           $pair = explode('}', $attributes[$i]);

           if (is_numeric($pair[0]) && is_numeric($pair[1])) {
             $attributes_ids .= '{' . (int)$pair[0] . '}' . (int)$pair[1];
           } else {
             $attributes_check = false;
             break;
           }
         }

         if ($attributes_check == true) {
           $uprid .= $attributes_ids;
         }
       }
     } else {
       return false;
     }
   }

   return $uprid;
 }

////
// Return a product ID from a product ID with attributes
 function tep_get_prid($uprid) {
   $pieces = explode('{', $uprid);

   if (is_numeric($pieces[0])) {
     return $pieces[0];
   } else {
     return false;
   }
 }

////
// Return a customer greeting
 function tep_customer_greeting() {
   global $customer_id, $customer_first_name;

   if (tep_session_is_registered('customer_first_name') && tep_session_is_registered('customer_id')) {
     $greeting_string = sprintf(TEXT_GREETING_PERSONAL, tep_output_string_protected($customer_first_name), tep_href_link(FILENAME_PRODUCTS_NEW));
   } else {
     $greeting_string = sprintf(TEXT_GREETING_GUEST, tep_href_link(FILENAME_LOGIN, '', 'SSL'), tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
   }

   return $greeting_string;
 }

////
//! Send email (text/html) using MIME
// This is the central mail function. The SMTP Server should be configured
// correct in php.ini
// Parameters:
// $to_name           The name of the recipient, e.g. "Jan Wildeboer"
// $to_email_address  The eMail address of the recipient,
//                    e.g. jan.wildeboer@gmx.de
// $email_subject     The subject of the eMail
// $email_text        The text of the eMail, may contain HTML entities
// $from_email_name   The name of the sender, e.g. Shop Administration
// $from_email_adress The eMail address of the sender,
//                    e.g. info@mytepshop.com

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address, $htm=false) {    if (SEND_EMAILS != 'true') return false;

   // Instantiate a new mail object
   $message = new email(array('X-Mailer: osCommerce Mailer'));

   // Build the text version
   $text = strip_tags($email_text);
   if (EMAIL_USE_HTML == 'true') {
     $message->add_html($email_text, $text, '',$htm);
   } else {
     $message->add_text($text);
   }

   // Send message
   $message->build_message();
   $message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
 }

////
// Check if product has attributes
 function tep_has_product_attributes($products_id) {
   $attributes_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_ATTRIBUTES . " where products_id = '" . (int)$products_id . "'");
   $attributes = tep_db_fetch_array($attributes_query);

   if ($attributes['count'] > 0) {
     return true;
   } else {
     return false;
   }
 }

////
// Get the number of times a word/character is present in a string
 function tep_word_count($string, $needle) {
   $temp_array = split($needle, $string);

   return sizeof($temp_array);
 }

 function tep_count_modules($modules = '') {
   $count = 0;

   if (empty($modules)) return $count;

   $modules_array = split(';', $modules);

   for ($i=0, $n=sizeof($modules_array); $i<$n; $i++) {
     $class = substr($modules_array[$i], 0, strrpos($modules_array[$i], '.'));

     if (is_object($GLOBALS[$class])) {
       if ($GLOBALS[$class]->enabled) {
         $count++;
       }
     }
   }

   return $count;
 }

 function tep_count_payment_modules() {
   return tep_count_modules(MODULE_PAYMENT_INSTALLED);
 }

 function tep_count_shipping_modules() {
   return tep_count_modules(MODULE_SHIPPING_INSTALLED);
 }

 function tep_create_random_value($length, $type = 'mixed') {
   if ( ($type != 'mixed') && ($type != 'chars') && ($type != 'digits')) return false;

   $rand_value = '';
   while (strlen($rand_value) < $length) {
     if ($type == 'digits') {
       $char = tep_rand(0,9);
     } else {
       $char = chr(tep_rand(0,255));
     }
     if ($type == 'mixed') {
       if (eregi('^[a-z0-9]$', $char)) $rand_value .= $char;
     } elseif ($type == 'chars') {
       if (eregi('^[a-z]$', $char)) $rand_value .= $char;
     } elseif ($type == 'digits') {
       if (ereg('^[0-9]$', $char)) $rand_value .= $char;
     }
   }

   return $rand_value;
 }

 function tep_array_to_string($array, $exclude = '', $equals = '=', $separator = '&') {
   if (!is_array($exclude)) $exclude = array();

   $get_string = '';
   if (sizeof($array) > 0) {
     while (list($key, $value) = each($array)) {
       if ( (!in_array($key, $exclude)) && ($key != 'x') && ($key != 'y') ) {
         $get_string .= $key . $equals . $value . $separator;
       }
     }
     $remove_chars = strlen($separator);
     $get_string = substr($get_string, 0, -$remove_chars);
   }

   return $get_string;
 }

 function tep_not_null($value) {
   if (is_array($value)) {
     if (sizeof($value) > 0) {
       return true;
     } else {
       return false;
     }
   } else {
     if (($value != '') && (strtolower($value) != 'null') && (strlen(trim($value)) > 0)) {
       return true;
     } else {
       return false;
     }
   }
 }

////
// Output the tax percentage with optional padded decimals
 function tep_display_tax_value($value, $padding = TAX_DECIMAL_PLACES) {
   if (strpos($value, '.')) {
     $loop = true;
     while ($loop) {
       if (substr($value, -1) == '0') {
         $value = substr($value, 0, -1);
       } else {
         $loop = false;
         if (substr($value, -1) == '.') {
           $value = substr($value, 0, -1);
         }
       }
     }
   }

   if ($padding > 0) {
     if ($decimal_pos = strpos($value, '.')) {
       $decimals = strlen(substr($value, ($decimal_pos+1)));
       for ($i=$decimals; $i<$padding; $i++) {
         $value .= '0';
       }
     } else {
       $value .= '.';
       for ($i=0; $i<$padding; $i++) {
         $value .= '0';
       }
     }
   }

   return $value;
 }

////
// Checks to see if the currency code exists as a currency
// TABLES: currencies
 function tep_currency_exists($code) {
   $code = tep_db_prepare_input($code);

   $currency_query = tep_db_query("select code from " . TABLE_CURRENCIES . " where code = '" . tep_db_input($code) . "' limit 1");
   if (tep_db_num_rows($currency_query)) {
     $currency = tep_db_fetch_array($currency_query);
     return $currency['code'];
   } else {
     return false;
   }
 }

 function tep_string_to_int($string) {
   return (int)$string;
 }

////
// Parse and secure the cPath parameter values
 function tep_parse_category_path($cPath) {
// make sure the category IDs are integers
   $cPath_array = array_map('tep_string_to_int', explode('_', $cPath));

// make sure no duplicate category IDs exist which could lock the server in a loop
   $tmp_array = array();
   $n = sizeof($cPath_array);
   for ($i=0; $i<$n; $i++) {
     if (!in_array($cPath_array[$i], $tmp_array)) {
       $tmp_array[] = $cPath_array[$i];
     }
   }

   return $tmp_array;
 }

////
// Return a random value
 function tep_rand($min = null, $max = null) {
   static $seeded;

   if (!isset($seeded)) {
     mt_srand((double)microtime()*1000000);
     $seeded = true;
   }

   if (isset($min) && isset($max)) {
     if ($min >= $max) {
       return $min;
     } else {
       return mt_rand($min, $max);
     }
   } else {
     return mt_rand();
   }
 }

 function tep_setcookie($name, $value = '', $expire = 0, $path = '/', $domain = '', $secure = 0) {
   setcookie($name, $value, $expire, $path, (tep_not_null($domain) ? $domain : ''), $secure);
 }

 function tep_get_ip_address() {
   global $HTTP_SERVER_VARS;

   if (isset($HTTP_SERVER_VARS)) {
     if (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
       $ip = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
     } elseif (isset($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
       $ip = $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
     } else {
       $ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
     }
   } else {
     if (getenv('HTTP_X_FORWARDED_FOR')) {
       $ip = getenv('HTTP_X_FORWARDED_FOR');
     } elseif (getenv('HTTP_CLIENT_IP')) {
       $ip = getenv('HTTP_CLIENT_IP');
     } else {
       $ip = getenv('REMOTE_ADDR');
     }
   }

   return $ip;
 }

 function tep_count_customer_orders($id = '', $check_session = true) {
   global $customer_id;

   if (is_numeric($id) == false) {
     if (tep_session_is_registered('customer_id')) {
       $id = $customer_id;
     } else {
       return 0;
     }
   }

   if ($check_session == true) {
     if ( (tep_session_is_registered('customer_id') == false) || ($id != $customer_id) ) {
       return 0;
     }
   }

   $orders_check_query = tep_db_query("select count(*) as total from " . TABLE_ORDERS . " where customers_id = '" . (int)$id . "'");
   $orders_check = tep_db_fetch_array($orders_check_query);

   return $orders_check['total'];
 }

 function tep_count_customer_address_book_entries($id = '', $check_session = true) {
   global $customer_id;

   if (is_numeric($id) == false) {
     if (tep_session_is_registered('customer_id')) {
       $id = $customer_id;
     } else {
       return 0;
     }
   }

   if ($check_session == true) {
     if ( (tep_session_is_registered('customer_id') == false) || ($id != $customer_id) ) {
       return 0;
     }
   }

   $addresses_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$id . "'");
   $addresses = tep_db_fetch_array($addresses_query);

   return $addresses['total'];
 }

// nl2br() prior PHP 4.2.0 did not convert linefeeds on all OSs (it only converted \n)
 function tep_convert_linefeeds($from, $to, $string) {
   if ((PHP_VERSION < "4.0.5") && is_array($from)) {
     returge();
   $message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
 }


?>

 

 

ANYTHING TO DO WITH THE DHTML_STATE WHATEVER CONTRIBUTION CAN BE DELETED

 

Thanks in advance for all the help


Thank you in advance,

AE

Share this post


Link to post
Share on other sites

NVM my last post, I have fixed the issue

 

1) my question is I notice that when you change country using drop down menu, the stat doesn't automatically update? why? I changed it from canada to us and still have canada zones in my stat drop down.

Here take a look please http://www.bestmacdiscounts.com/create_account.php

 

2) in my address book under edit the stat menu is not a drop down but a text menu instead? any ideas why? All the files were copied from the contribution because I didn't mind it since I didn't make many changes before and I have the old ones backed up. So basically all the files are copied except some in the includes file such as form_check.js.php and english.php because it was small changes to be made. anyways please take a look you can create an account to see for yourself how the edit address looks like. if someone can help please do

 

Thank you,

AE

 

OH please dont mind how the pages look, since i copied them, I didn't have the time to change them yet. but they work so its good. One thing I don't know how to change is that grey background so if anyone knows please feel free to let me know

Edited by aelalfy1989

Thank you in advance,

AE

Share this post


Link to post
Share on other sites

1) my question is I notice that when you change country using drop down menu, the stat doesn't automatically update? why? I changed it from canada to us and still have canada zones in my stat drop down.

Here take a look please http://www.bestmacdi...ate_account.php

 

2) in my address book under edit the stat menu is not a drop down but a text menu instead? any ideas why? All the files were copied from the contribution because I didn't mind it since I didn't make many changes before and I have the old ones backed up. So basically all the files are copied except some in the includes file such as form_check.js.php and english.php because it was small changes to be made. anyways please take a look you can create an account to see for yourself how the edit address looks like. if someone can help please do

 

 

1 This contib is mostly php based, that would require javascript/ajax, note: same behaviour as standard osc after country/county selection.

 

2. Not implemented on this version, wait for a update.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

1 This contib is mostly php based, that would require javascript/ajax, note: same behaviour as standard osc after country/county selection.

 

2. Not implemented on this version, wait for a update.

 

 

1) This was the whole point of me switching to this contribution. The other contribution does it, can we combine them in any way?

 

2) If you do have the time to make an update can you include the other contribution in that as well? the auto update state as soon as you pick the country. do you need the code for that contribution? or the name of the contribution? I don't think it's hard to include just by looking at the steps it took me to install that contribution. Let me know what you think. Email me with anything you want me to do. I'm not a progammer so my skills are limited but I think your contribution is really good and could be even better with a few tweeks.

 

Thanks

AE


Thank you in advance,

AE

Share this post


Link to post
Share on other sites

1) This was the whole point of me switching to this contribution. The other contribution does it, can we combine them in any way?

 

2) If you do have the time to make an update can you include the other contribution in that as well? the auto update state as soon as you pick the country. do you need the code for that contribution? or the name of the contribution? I don't think it's hard to include just by looking at the steps it took me to install that contribution. Let me know what you think. Email me with anything you want me to do. I'm not a progammer so my skills are limited but I think your contribution is really good and could be even better with a few tweeks.

 

Thanks

AE

 

 

1 if u can give a link to the other contribution I'll take a look


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Hi, thats anoying, 1st test with this:

 

return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/iU", "", urldecode($vars));

 

otherwise its perhaps that your PCRE library has not been compiled with Unicode support, I`ve never played with server configs.

 

 

The zip test could be modded to reformat, I`ll look to that on a update.

 

Sam,

 

I tried

        return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/iU", "", urldecode($vars));

 

and it still seemed to sanitize the unicode. no change. I will dig into my server config today to see what I can find on my end.


-Dave

Share this post


Link to post
Share on other sites

Uploaded new version 1.2

 

  1. Modified cleaning code to expand server compatibilty.
  2. Altered so default subject is used if none entered in Contact Us.
  3. Increased post code validation to include UK, USA, Canada, Australia & France.
  4. All validated post codes will be restructured to the standard form if they pass checks.
  5. Modified Contact Us so e-mail is always editable, name is now only locked for logged in.
  6. Added default State/Province/County pull down for account edit.
  7. Added Ajax function for County pull down, based on some code provided by insaini, but with modifications.
  8. Operation is as similar as possible with javascript off.
  9. Added 'Please Select' Default to County pull down on country change.
  10. Fixed osC Country edit bug in modules/address_book_details.php.

Though the post code validation covers only a small list of countries, the included functions cover most formats used world-wide so increasing the scope of checks would be easy. wink.gif

 

 

 

Keep your site safe. smile.gif

 

 


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Thank you for the update... all seems to be working well.

minor bug for me:

This line in create_account.php is not showing what I am guessing should be a flag? I've got the red "X 223"

 

                <td class="main"><?php echo tep_get_country_list('country',$country, 'onChange="getStates(this.value, \'states\');"') . ' ' . (tep_not_null(ENTRY_COUNTRY_TEXT) ? '<span class="inputRequirement">' . ENTRY_COUNTRY_TEXT . '</span>': '') . tep_image('pixel_trans.gif',$country,8,8); ?></td>

 

I do have all the flag images in /images/flags/xx.gif (i.e. us.gif)


-Dave

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×