From 8d082dabc0085080b38a6f38b955f7e8c7a39add Mon Sep 17 00:00:00 2001 From: Chris Dickenson Date: Tue, 17 Feb 2015 13:03:43 +0000 Subject: [PATCH] bug fixes --- admin/edituser.php | 27 +++++++++++++++++++++++++-- includes/class_user.php | 3 +-- includes/messages.inc.php | 6 +++++- language/EN/messages.inc.php | 1 + themes/admin/adminpages.tpl | 2 +- 5 files changed, 33 insertions(+), 6 deletions(-) diff --git a/admin/edituser.php b/admin/edituser.php index b6be4a1c..3ca221cf 100644 --- a/admin/edituser.php +++ b/admin/edituser.php @@ -58,6 +58,11 @@ } } + if (isset($_POST['balance'])) + { + $balance_clean = str_replace('-', '', $_POST['balance']); + } + if (strlen($_POST['password']) > 0 && ($_POST['password'] != $_POST['repeat_password'])) { $ERR = $ERR_006; @@ -102,6 +107,14 @@ { $ERR = $ERR_044; } + elseif (empty($_POST['balance'])) + { + $ERR = $ERR_112; + } + elseif (!$system->CheckMoney($balance_clean)) + { + $ERR = $ERR_081; + } else { if (!empty($_POST['birthdate'])) @@ -112,6 +125,16 @@ { $birthdate = 0; } + + // process balance positive and negative allowed and compare to max allowed credit before it is marked/unmarked as suspended + if ($_POST['balance'] >= -$system->SETTINGS['fee_max_debt']) + { + $balance_sql = ", suspended = 0"; + } + elseif ($_POST['balance'] < -$system->SETTINGS['fee_max_debt']) + { + $balance_sql = ", suspended = 7"; + } $query = "UPDATE " . $DBPrefix . "users SET name = :name, @@ -124,7 +147,7 @@ phone = :phone, birthdate = :birthdate, groups = :groups, - balance = :balance"; + balance = :balance" . $balance_sql; $params = array(); $params[] = array(':name', $system->cleanvars($_POST['name']), 'str'); $params[] = array(':email', $system->cleanvars($_POST['email']), 'str'); @@ -224,7 +247,7 @@ 'ZIP' => $user_data['zip'], 'COUNTRY' => $user_data['country'], 'PHONE' => $user_data['phone'], - 'BALANCE' => $user_data['balance'], + 'BALANCE' => $system->print_money_nosymbol($user_data['balance']), 'DOB' => $birthdate, 'COUNTRY_LIST' => $country_list, 'ID' => $userid, diff --git a/includes/class_user.php b/includes/class_user.php index 10f83316..c7c1fb7e 100644 --- a/includes/class_user.php +++ b/includes/class_user.php @@ -16,13 +16,12 @@ class user { - var $user_data, $numbers, $logged_in; + var $user_data, $logged_in; function user() { global $_SESSION, $system, $DBPrefix; - $this->numbers = '1234567890'; $this->logged_in = false; $this->can_sell = false; $this->can_buy = false; diff --git a/includes/messages.inc.php b/includes/messages.inc.php index a2d7543c..365e9c26 100644 --- a/includes/messages.inc.php +++ b/includes/messages.inc.php @@ -20,7 +20,11 @@ $language = preg_replace("/[^a-zA-Z\s]/", '', $_GET['lan']); if ($user->logged_in) { - $query = "UPDATE " . $DBPrefix . "users SET language = '" . $language . "' WHERE id = " . $user->user_data['id']; + $query = "UPDATE " . $DBPrefix . "users SET language = :language WHERE id = :user_id"; + $params = array(); + $params[] = array(':language', $language, 'str'); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $db->query($query, $params); } else { diff --git a/language/EN/messages.inc.php b/language/EN/messages.inc.php index 168982b0..dee9b510 100644 --- a/language/EN/messages.inc.php +++ b/language/EN/messages.inc.php @@ -103,6 +103,7 @@ $ERR_078 = 'You must agree to the Terms and Conditions'; $ERR_079 = 'The Shipping fee price you inserted is not correct'; $ERR_080 = 'Additional Shipping price you inserted is not correct'; +$ERR_081 = "The balance you entered is not valid"; $ERR_100 = "User does not exist"; $ERR_101 = "Password incorrect"; diff --git a/themes/admin/adminpages.tpl b/themes/admin/adminpages.tpl index a0ace4ca..8c01e706 100644 --- a/themes/admin/adminpages.tpl +++ b/themes/admin/adminpages.tpl @@ -49,7 +49,7 @@ - {block.TAGLINE1} + {block.TAGLINE1} {block.TAGLINE1}