Escape(Tools_Http::Post('card_number')); $name = $DB->Escape(Tools_Http::Post('name')); $surname = $DB->Escape(Tools_Http::Post('surname')); $email = $DB->Escape(Tools_Http::Post('email')); $phone = $DB->Escape(Tools_Http::Post('phone')); //$subject = $DB->Escape(Tools_Http::Post('subject')); //$message = $DB->Escape(Tools_Http::Post('msg')); //$product_name = $DB->Escape(Tools_Http::Post('product')); $num = Tools_Http::Post('num'); $num = strtolower($num); $num = trim($num); $do_not_send = Tools_Http::Post('do_not_send',1); $err = ''; $fields = array(); if(isset($_POST['card_number']) && !$card_number) { $err = $L->Str('Please enter your card_number!'); $fields[] = 'card_number'; } if (!$name) { $err = $L->Str('Please enter your name!'); $fields[] = 'name'; } if (!$surname) { $err = $L->Str('Please enter your surname!'); $fields[] = 'surname'; } if (!$email) { $err = $L->Str('Please enter your email!'); $fields[] = 'email'; } if (!$phone) { $err = $L->Str('Please enter your phone!'); $fields[] = 'phone'; } $sess_num = trim($Session->Get('num')); $sess_num = strtolower($sess_num); /* if($sess_num) { if (!$num || $num != $sess_num) { $err = $L->Str('Please enter captcha!').' '.$sess_num.' '.$num; $fields[] = 'captcha'; } } */ //echo $_SESSION['num']; $sql = "SELECT * FROM client_cards WHERE email='".$email."' "; $res = $DB -> Exec($sql); $rows = $DB -> Count($res); if($rows) { $err = $L->Str('This email is in use!').' '.$L->Str('resend_card').''; $fields[] = 'email'; } if($card_number) { $sql = "SELECT * FROM client_cards WHERE number='".$card_number."' "; $res = $DB -> Exec($sql); $rows = $DB -> Count($res); if($rows) { $err = $L->Str('This card bumber is already registered').' '; $fields[] = 'number'; } } if (!$err) { $a = ''; for ($i = 0; $i<6; $i++) { $a .= mt_rand(0,9); } if($card_number) { $a = $card_number; $offline = 1; } else { $offline = 0; } $Session->Set('num',0); $query = 'INSERT INTO client_cards (number,name,surname,email,phone,date,offline,do_not_send) VALUES ("'.$a.'","'.$name.'","'.$surname.'","'.$email.'","'.$phone.'","'.time().'","'.$offline.'","'.$do_not_send.'") '; $DB-> Exec ($query); $card_id = $DB->lastId(); $msg = $L->Str('card_email'); $msg = str_replace('%%card_number%%',$a,$msg); $Tools_Email = new Tools_Email; if(!$offline) $email = $Tools_Email->send_invoice($L->Str('card_email_subject'),$msg,$email,$card_id); if(!$offline && $card_id) { ?> ?>