bug fixes

admin/edituser.php

@@ -58,6 +58,11 @@
 			}
 		}
 
+		if (isset($_POST['balance']))
+		{
+			$balance_clean = str_replace('-', '', $_POST['balance']);
+        }
+
 		if (strlen($_POST['password']) > 0 && ($_POST['password'] != $_POST['repeat_password']))
 		{
 			$ERR = $ERR_006;
@@ -102,6 +107,14 @@
 		{
 			$ERR = $ERR_044;
 		}
+        elseif (empty($_POST['balance']))
+        {
+            $ERR = $ERR_112;
+        }
+        elseif (!$system->CheckMoney($balance_clean))
+        {
+            $ERR = $ERR_081;
+        }
 		else
 		{
 			if (!empty($_POST['birthdate']))
@@ -112,6 +125,16 @@
 			{
 				$birthdate = 0;
 			}
+
+			// process balance positive and negative allowed and compare to max allowed credit before it is marked/unmarked as suspended
+			if ($_POST['balance'] >= -$system->SETTINGS['fee_max_debt'])
+			{
+				$balance_sql =  ", suspended = 0";
+			}
+			elseif ($_POST['balance'] < -$system->SETTINGS['fee_max_debt'])
+			{
+				$balance_sql =  ", suspended = 7";
+			}
 
 			$query = "UPDATE " . $DBPrefix . "users SET 
 				  name = :name,
@@ -124,7 +147,7 @@
 				  phone = :phone,
 				  birthdate = :birthdate,
 				  groups = :groups,
-				  balance = :balance";
+				  balance = :balance" . $balance_sql;
 			$params = array();
 			$params[] = array(':name', $system->cleanvars($_POST['name']), 'str');
 			$params[] = array(':email', $system->cleanvars($_POST['email']), 'str');
@@ -224,7 +247,7 @@
 		'ZIP' => $user_data['zip'],
 		'COUNTRY' => $user_data['country'],
 		'PHONE' => $user_data['phone'],
-		'BALANCE' => $user_data['balance'],
+		'BALANCE' => $system->print_money_nosymbol($user_data['balance']),
 		'DOB' => $birthdate,
 		'COUNTRY_LIST' => $country_list,
 		'ID' => $userid,

includes/class_user.php

@@ -16,13 +16,12 @@
 
 class user
 {
-	var $user_data, $numbers, $logged_in;
+	var $user_data, $logged_in;
 
 	function user()
 	{
 		global $_SESSION, $system, $DBPrefix;
 
-		$this->numbers = '1234567890';
 		$this->logged_in = false;
 		$this->can_sell = false;
 		$this->can_buy = false;

includes/messages.inc.php

@@ -20,7 +20,11 @@
 	$language = preg_replace("/[^a-zA-Z\s]/", '', $_GET['lan']);
 	if ($user->logged_in)
 	{
-		$query = "UPDATE " . $DBPrefix . "users SET language = '" . $language . "' WHERE id = " . $user->user_data['id'];
+		$query = "UPDATE " . $DBPrefix . "users SET language = :language WHERE id = :user_id";
+		$params = array();
+		$params[] = array(':language', $language, 'str');
+		$params[] = array(':user_id', $user->user_data['id'], 'int');
+		$db->query($query, $params);
 	}
 	else
 	{

language/EN/messages.inc.php

@@ -103,6 +103,7 @@
 $ERR_078 = 'You must agree to the Terms and Conditions';
 $ERR_079 = 'The Shipping fee price you inserted is not correct';
 $ERR_080 = 'Additional Shipping price you inserted is not correct';
+$ERR_081 = "The balance you entered is not valid";
 
 $ERR_100 = "User does not exist";
 $ERR_101 = "Password incorrect";

themes/admin/adminpages.tpl

@@ -49,7 +49,7 @@
 	<!-- ELSEIF block.TYPE eq 'textarea' -->
 				<textarea name="{block.NAME}" cols="65" rows="10">{block.DEFAULT}</textarea>
 	<!-- ELSEIF block.TYPE eq 'days' -->
-				<input type="text" name="{block.NAME}" value="{block.DEFAULT}" size="4" maxlength="4"> {block.TAGLINE1}
+				<input type="text" name="{block.NAME}" value="{block.DEFAULT}" size="6" maxlength="6"> {block.TAGLINE1}
 	<!-- ELSEIF block.TYPE eq 'percent' -->
 				<input type="text" name="{block.NAME}" value="{block.DEFAULT}" size="3" maxlength="3"> {block.TAGLINE1}
 	<!-- ELSEIF block.TYPE eq 'decimals' -->