function RemoveFromList($key, $mail)
{
require_once DIR_FS_INC . 'xtc_validate_password.inc.php';
$check_mail_query = xtc_db_query("select customers_email_address, mail_key from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address = '" . xtc_db_input($mail) . "' and mail_key = '" . xtc_db_input($key) . "'");
if (!xtc_db_num_rows($check_mail_query)) {
$this->message = TEXT_EMAIL_NOT_EXIST;
$this->message_id = 1;
} else {
$check_mail = xtc_db_fetch_array($check_mail_query);
if (!xtc_validate_password($mail, $key)) {
$this->message = TEXT_EMAIL_DEL_ERROR;
$this->message_id = 2;
} else {
$del_query = xtc_db_query("delete from " . TABLE_NEWSLETTER_RECIPIENTS . " where customers_email_address ='" . xtc_db_input($mail) . "' and mail_key = '" . xtc_db_input($key) . "'");
$this->message = TEXT_EMAIL_DEL;
$this->message_id = 3;
}
}
}
$password_confirmation = xtc_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = xtc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = xtc_db_fetch_array($check_customer_query);
if (xtc_validate_password($password_current, $check_customer['customers_password'])) {
xtc_db_query("UPDATE " . TABLE_CUSTOMERS . " SET customers_password = '******', customers_last_modified=now() WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xtc_db_query("UPDATE " . TABLE_CUSTOMERS_INFO . " SET customers_info_date_account_last_modified = now() WHERE customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
xtc_redirect(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, xtc_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
if ($messageStack->size('account_password') > 0) {
$smarty->assign('error', $messageStack->output('account_password'));
xtc_redirect(xtc_href_link(FILENAME_COOKIE_USAGE));
}
$info_message = false;
//DokuMan - 2010-02-28 - set undefined variable
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$email_address = xtc_db_prepare_input($_POST['email_address']);
$password = xtc_db_prepare_input($_POST['password']);
// Check if email exists
$check_customer_query = xtc_db_query("select customers_id, customers_vat_id, customers_firstname,customers_lastname, customers_gender, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xtc_db_input($email_address) . "' and account_type = '0'");
if (!xtc_db_num_rows($check_customer_query)) {
$_GET['login'] = '******';
$info_message = TEXT_NO_EMAIL_ADDRESS_FOUND;
} else {
$check_customer = xtc_db_fetch_array($check_customer_query);
// Check that password is good
if (!xtc_validate_password($password, $check_customer['customers_password'])) {
$_GET['login'] = '******';
$info_message = TEXT_LOGIN_ERROR;
} else {
if (SESSION_RECREATE == 'True') {
xtc_session_recreate();
}
$check_country_query = xtc_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . $check_customer['customers_default_address_id'] . "'");
$check_country = xtc_db_fetch_array($check_country_query);
$_SESSION['customer_gender'] = $check_customer['customers_gender'];
$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
$_SESSION['customer_last_name'] = $check_customer['customers_lastname'];
$_SESSION['customer_id'] = $check_customer['customers_id'];
$_SESSION['customer_vat_id'] = $check_customer['customers_vat_id'];
$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
$_SESSION['customer_country_id'] = $check_country['entry_country_id'];
require_once DIR_FS_INC . 'xtc_validate_password.inc.php';
require_once DIR_WS_CLASSES . 'class.inputfilter.php';
xtc_db_connect() or die('Unable to connect to database server!');
//$_POST security
$InputFilter = new InputFilter();
$_POST = $InputFilter->process($_POST);
$_POST = $InputFilter->safeSQL($_POST);
$check_customer_query = xtc_db_query('
SELECT customers_id,
customers_password,
customers_email_address
FROM ' . TABLE_CUSTOMERS . '
WHERE customers_email_address = "' . xtc_db_input($_POST['email_address']) . '"
AND customers_status = 0');
$check_customer = xtc_db_fetch_array($check_customer_query);
if (!xtc_validate_password(xtc_db_input($_POST['password']), $check_customer['customers_password'], $check_customer['customers_email_address'])) {
die('Zugriff verweigert. E-Mail und/oder Passwort falsch!');
} else {
if (isset($_POST['repair']) && xtc_not_null($_POST['repair'])) {
//repair options
switch ($_POST['repair']) {
// turn off SEO friendy URLs
case 'seo_friendly':
xtc_db_query('
UPDATE configuration
SET configuration_value = "false"
WHERE configuration_key = "SEARCH_ENGINE_FRIENDLY_URLS"
');
die('Report: Die Einstellung "Suchmaschinenfreundliche URLs verwenden" wurde deaktiviert.');
break;
// reset session write directory
require_once DIR_FS_INC . 'xtc_image_button.inc.php';
require_once DIR_FS_INC . 'xtc_validate_password.inc.php';
if (isset($_SESSION['affiliate_id'])) {
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL'));
}
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$affiliate_username = xtc_db_prepare_input($_POST['affiliate_username']);
$affiliate_password = xtc_db_prepare_input($_POST['affiliate_password']);
// Check if username exists
$check_affiliate_query = xtc_db_query("select affiliate_id, affiliate_firstname, affiliate_password, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . xtc_db_input($affiliate_username) . "'");
if (!xtc_db_num_rows($check_affiliate_query)) {
$_GET['login'] = '******';
} else {
$check_affiliate = xtc_db_fetch_array($check_affiliate_query);
// Check that password is good
if (!xtc_validate_password($affiliate_password, $check_affiliate['affiliate_password'])) {
$_GET['login'] = '******';
} else {
$_SESSION['affiliate_id'] = $check_affiliate['affiliate_id'];
$date_now = date('Ymd');
xtc_db_query("update " . TABLE_AFFILIATE . " set affiliate_date_of_last_logon = now(), affiliate_number_of_logons = affiliate_number_of_logons + 1 where affiliate_id = '" . $_SESSION['affiliate_id'] . "'");
xtc_redirect(xtc_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL'));
}
}
}
$breadcrumb->add(NAVBAR_TITLE, xtc_href_link(FILENAME_AFFILIATE, '', 'SSL'));
require DIR_WS_INCLUDES . 'header.php';
if (isset($_GET['login']) && $_GET['login'] == 'fail') {
$info_message = 'true';
} else {
$info_message = 'false';
