public function __construct() { global $lC_Database, $lC_Language, $lC_MessageStack; parent::__construct(); if (isset($_SESSION['img_resize_flag'])) { unset($_SESSION['img_resize_flag']); } if (!empty($_POST['user_name']) && !empty($_POST['user_password'])) { $Qadmin = $lC_Database->query('select * from :table_administrators where user_name = :user_name'); $Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS); $Qadmin->bindValue(':user_name', $_POST['user_name']); $Qadmin->execute(); if ($Qadmin->numberOfRows() > 0) { if (lc_validate_password($_POST['user_password'], $Qadmin->value('user_password'))) { $_SESSION['admin'] = array('id' => $Qadmin->valueInt('id'), 'firstname' => $Qadmin->value('first_name'), 'lastname' => $Qadmin->value('last_name'), 'username' => $Qadmin->value('user_name'), 'password' => $Qadmin->value('user_password'), 'access' => lC_Access::getUserLevels($Qadmin->valueInt('access_group_id')), 'language_id' => $Qadmin->value('language_id')); $get_string = null; if (isset($_SESSION['redirect_origin'])) { $get_string = http_build_query($_SESSION['redirect_origin']['get']); if (substr($get_string, -1) == '=') { $get_string = substr($get_string, 0, -1); } unset($_SESSION['redirect_origin']); } if (defined('INSTALLATION_ID') && INSTALLATION_ID != NULL) { lc_redirect_admin(lc_href_link_admin(FILENAME_DEFAULT, $get_string)); } else { // redirect to login=register lc_redirect_admin(lc_href_link_admin(FILENAME_DEFAULT, 'login&action=register')); } } } } $_SESSION['error'] = true; $_SESSION['errmsg'] = $lC_Language->get('ms_error_login_invalid'); }
public function __construct() { global $lC_Language; $lC_Language->loadIniFile('modules/summary/revenue.php'); $this->_title = $lC_Language->get('summary_revenue_title'); $this->_title_link = lc_href_link_admin(FILENAME_DEFAULT, 'revenue'); if (lC_Access::hasAccess('orders')) { $this->_setData(); } }
public function lC_Summary_products() { global $lC_Language; $lC_Language->loadIniFile('modules/summary/products.php'); $lC_Language->loadIniFile('products.php'); $this->_title = $lC_Language->get('summary_products_title'); $this->_title_link = lc_href_link_admin(FILENAME_DEFAULT, 'products'); if (lC_Access::hasAccess('products')) { $this->_setData(); } }
public function __construct() { global $lC_Language; $lC_Language->loadIniFile('modules/summary/administrators_log.php'); $lC_Language->loadIniFile('administrators_log.php'); $this->_title = $lC_Language->get('summary_administrators_log_title'); $this->_title_link = lc_href_link_admin(FILENAME_DEFAULT, 'administrators_log'); if (lC_Access::hasAccess('administrators_log')) { $this->_setData(); } }
public static function passwordChange($pass, $email) { global $lC_Database; $lC_Database->startTransaction(); // update the password $Qpass = $lC_Database->query('update :table_administrators set user_password = :user_password where user_name = :user_name'); $Qpass->bindTable(':table_administrators', TABLE_ADMINISTRATORS); $Qpass->bindValue(':user_password', lc_encrypt_string(trim($pass))); $Qpass->bindValue(':user_name', $email); $Qpass->setLogging($_SESSION['module'], $email); $Qpass->execute(); // successful password update, move on if (!$lC_Database->isError()) { // get user info $Qadmin = $lC_Database->query('select * from :table_administrators where user_name = :user_name'); $Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS); $Qadmin->bindValue(':user_name', $email); $Qadmin->execute(); // set session info $_SESSION['admin'] = array('id' => $Qadmin->valueInt('id'), 'firstname' => $Qadmin->value('first_name'), 'lastname' => $Qadmin->value('last_name'), 'username' => $Qadmin->value('user_name'), 'password' => $Qadmin->value('user_pasword'), 'access' => lC_Access::getUserLevels($Qadmin->valueInt('access_group_id'))); // remove key to stop further changes with this key $Qkeyremove = $lC_Database->query('update :table_administrators set verify_key = :verify_key where user_name = :user_name'); $Qkeyremove->bindTable(':table_administrators', TABLE_ADMINISTRATORS); $Qkeyremove->bindValue(':user_name', $email); $Qkeyremove->bindValue(':verify_key', null); $Qkeyremove->execute(); $lC_Database->commitTransaction(); $_SESSION['user_confirmed_email'] = null; $_SESSION['user_not_exists'] = null; return true; } else { $lC_Database->rollbackTransaction(); return false; } }
/** * Get the administrator access modules * * @access public * @return array */ public static function getAccessModules() { global $lC_Language; $lC_DirectoryListing = new lC_DirectoryListing('includes/modules/access'); $lC_DirectoryListing->setIncludeDirectories(false); $modules = array(); foreach ($lC_DirectoryListing->getFiles() as $file) { $module = substr($file['name'], 0, strrpos($file['name'], '.')); if (!class_exists('lC_Access_' . ucfirst($module))) { $lC_Language->loadIniFile('modules/access/' . $file['name']); include $lC_DirectoryListing->getDirectory() . '/' . $file['name']; } $tmp_module = ''; if ($module == 'product_variants' || $module == 'product_settings') { $tmp_module = $module; } $module = 'lC_Access_' . ucfirst($module); $module = new $module(); $module_group = lC_Access::getGroupTitle($module->getGroup()); $module_group = str_replace(" ", "_", $module_group); $modules[$module_group][] = array('id' => $tmp_module != '' ? $tmp_module : $module->getModule(), 'text' => $module->getTitle()); } ksort($modules); return $modules; }
public function drawBigMenu($_section = NULL, $_class = NULL) { global $lC_Access, $lC_Language; $access = array(); if (isset($_SESSION['admin'])) { $access = lC_Access::getLevels(); } ksort($access); switch ($_section) { case 'configuration': // settings menu // settings menu case 'tools': // settings menu $mOpenClass = 'cfg-open'; $newArr = array(); foreach ($access as $key => $value) { if ($key != 'configuration' && $key != 'tools' && $key != 'store') { continue; } $newArr[$key] = $value; } $access = $newArr; break; default: // main big menu $mOpenClass = ''; $newArr = array(); foreach ($access as $key => $value) { if ($key != 'configuration' && $key != 'tools' && $key != 'store') { } else { continue; } $newArr[$key] = $value; } // custom sort $access = array(); if (array_key_exists('orders', $newArr)) { $access['orders'] = $newArr['orders']; } if (array_key_exists('customers', $newArr)) { $access['customers'] = $newArr['customers']; } if (array_key_exists('products', $newArr)) { $access['products'] = $newArr['products']; } if (array_key_exists('content', $newArr)) { $access['content'] = $newArr['content']; } if (array_key_exists('marketing', $newArr)) { $access['marketing'] = $newArr['marketing']; } if (array_key_exists('reports', $newArr)) { $access['reports'] = $newArr['reports']; } // include any other added sections foreach ($newArr as $key => $value) { if (array_key_exists($key, $access)) { continue; } $access[$key] = $value; } } $output = ''; foreach ($access as $group => $links) { ksort($links); if ($group == 'hidden') { continue; } $output .= '<li class="with-right-arrow">'; $output .= ' <span><span class="list-count" id="list-count-' . $group . '">' . count($links) . '</span>' . lC_Access::getGroupTitle($group) . '</span>'; $output .= ' <ul class="big-menu ' . $_class . '">'; foreach ($links as $link) { if ($link['title'] == $lC_Language->get('access_orders_title') || $link['title'] == $lC_Language->get('access_products_title') || $link['title'] == $lC_Language->get('access_customers_title')) { $link['title'] .= ' ' . $lC_Language->get('text_list'); } if (count($link['subgroups']) > 0 && $link['module'] != 'configuration') { $output .= '<li class="with-right-arrow">'; $output .= '<span><span class="list-count" id="list-count-' . $link['title'] . '">' . count($link['subgroups']) . '</span>' . $link['title'] . '</span>'; } else { $output .= '<li><a class="' . $mOpenClass . '" id="big-menu_' . str_replace(" ", "_", strtolower($link['title'])) . '" href="' . lc_href_link_admin(FILENAME_DEFAULT, $link['module']) . '">'; $output .= '<span>' . $link['title'] . '</span></a>'; } if (is_array($link['subgroups']) && !empty($link['subgroups'])) { $output .= '<ul class="big-menu ' . $_class . '">'; foreach ($link['subgroups'] as $subgroup) { if (substr($subgroup['identifier'], 0, 1) == '?') { $output .= '<li><a class="' . $mOpenClass . '" id="big-menu_' . str_replace(" ", "_", strtolower($subgroup['title'])) . '" href="' . lc_href_link_admin(FILENAME_DEFAULT, str_replace('?', '', $subgroup['identifier'])) . '">' . $subgroup['title'] . '</a></li>' . "\n"; } else { $output .= '<li><a class="' . $mOpenClass . '" id="big-menu_' . str_replace(" ", "_", strtolower($subgroup['title'])) . '" href="' . lc_href_link_admin(FILENAME_DEFAULT, $link['module'] . '&' . $subgroup['identifier']) . '">' . $subgroup['title'] . '</a></li>' . "\n"; } } $output .= '</ul>' . "\n"; } $output .= '</li>' . "\n"; } $output .= '</ul>' . "\n"; $output .= '</li>' . "\n"; } return $output; }
if (!isset($_SESSION['admin'])) { if (isset($_GET['action']) && $_GET['action'] == 'validateLogin' || isset($_GET['action']) && $_GET['action'] == 'lostPasswordConfirmEmail' || isset($_GET['action']) && $_GET['action'] == 'lostPasswordConfirmKey' || isset($_GET['action']) && $_GET['action'] == 'passwordChange' || isset($_GET['action']) && $_GET['action'] == 'apiHealthCheck' || isset($_GET['action']) && $_GET['action'] == 'validateSerial') { } else { echo json_encode(array('rpcStatus' => RPC_STATUS_NO_SESSION)); exit; } } $module = null; $class = null; if (empty($_GET) && $_GET['action'] != 'validateLogin') { echo json_encode(array('rpcStatus' => RPC_STATUS_NO_MODULE)); exit; } else { $first_array = array_slice($_GET, 0, 1); $_module = lc_sanitize_string(basename(key($first_array))); if (!lC_Access::hasAccess($_module) && $_GET['action'] != 'validateLogin' && $_GET['action'] != 'apiHealthCheck' && !isset($_GET['addon'])) { echo json_encode(array('rpcStatus' => RPC_STATUS_NO_ACCESS)); exit; } $class = isset($_GET['class']) && !empty($_GET['class']) ? lc_sanitize_string(basename($_GET['class'])) : 'rpc'; $action = isset($_GET['action']) && !empty($_GET['action']) ? lc_sanitize_string(basename($_GET['action'])) : ''; if (empty($action)) { echo json_encode(array('rpcStatus' => RPC_STATUS_NO_ACTION)); exit; } if ($action != 'search' && $action != 'productSearch') { if (file_exists('includes/applications/' . $_module . '/classes/' . $class . '.php') && !isset($_GET['addon'])) { include $lC_Vqmod->modCheck('includes/applications/' . $_module . '/classes/' . $class . '.php'); if (method_exists('lC_' . ucfirst($_module) . '_Admin_' . $class, $action)) { call_user_func(array('lC_' . ucfirst($_module) . '_Admin_' . $class, $action)); exit;