* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
//
// $Id: auth.php 10265 2010-07-29 08:38:09Z klerik $
//
if (!defined('AREA')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//
// Login mode
//
if ($mode == 'login') {
$redirect_url = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $index_script;
if (AREA != 'A') {
if (Registry::get('settings.Image_verification.use_for_login') == 'Y' && fn_image_verification('login_' . $_REQUEST['form_name'], empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) {
$suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : '');
return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}");
}
}
list($status, $user_data, $user_login, $password) = fn_auth_routines($_REQUEST);
if ($status === false) {
fn_save_post_data();
$suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : '');
return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}");
}
//
// Success login
//
if (!empty($user_data) && md5($password) == $user_data['password'] && !empty($password)) {
//
fn_login_user($user_id);
$step = 'step_two';
if (empty($profile_fields['B']) && empty($profile_fields['S'])) {
$step = 'step_three';
}
$suffix = '?edit_step=' . $step;
} else {
fn_save_post_data('user_data');
$suffix = '?login_type=register';
}
return array(CONTROLLER_STATUS_OK, 'checkout.checkout' . $suffix);
}
if ($mode == 'customer_info') {
$redirect_params = array();
$cart['guest_checkout'] = !empty($_REQUEST['guest_checkout']);
if (Registry::get('settings.Checkout.disable_anonymous_checkout') == 'Y' && empty($cart['user_data']['email']) && fn_image_verification('checkout', $_REQUEST) == false) {
fn_save_post_data('user_data');
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout?login_type=guest');
}
$profile_fields = fn_get_profile_fields('O');
$user_profile = array();
if (!empty($_REQUEST['user_data'])) {
if (empty($auth['user_id']) && !empty($_REQUEST['user_data']['email'])) {
$email_exists = fn_is_user_exists(0, $_REQUEST['user_data']);
if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
fn_save_post_data('user_data');
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout');
}
}
$user_data = $_REQUEST['user_data'];
* *
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
use Tygh\Registry;
use Tygh\Mailer;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'apply_for_vendor') {
if (Registry::get('settings.Vendors.apply_for_vendor') != 'Y') {
return array(CONTROLLER_STATUS_NO_PAGE);
}
if (fn_image_verification('apply_for_vendor_account', $_REQUEST) == false) {
fn_save_post_data('user_data', 'company_data');
return array(CONTROLLER_STATUS_REDIRECT, 'companies.apply_for_vendor');
}
$data = $_REQUEST['company_data'];
$data['timestamp'] = TIME;
$data['status'] = 'N';
$data['request_user_id'] = !empty($auth['user_id']) ? $auth['user_id'] : 0;
$account_data = array();
$account_data['fields'] = isset($_REQUEST['user_data']['fields']) ? $_REQUEST['user_data']['fields'] : '';
$account_data['admin_firstname'] = isset($_REQUEST['company_data']['admin_firstname']) ? $_REQUEST['company_data']['admin_firstname'] : '';
$account_data['admin_lastname'] = isset($_REQUEST['company_data']['admin_lastname']) ? $_REQUEST['company_data']['admin_lastname'] : '';
$data['request_account_data'] = serialize($account_data);
if (empty($data['request_user_id'])) {
$login_condition = empty($data['request_account_name']) ? '' : db_quote(" OR user_login = ?s", $data['request_account_name']);
$user_account_exists = db_get_field("SELECT user_id FROM ?:users WHERE email = ?s ?p", $data['email'], $login_condition);
* This is commercial software, only users who have purchased a valid *
* license and accept to the terms of the License Agreement can install *
* and use this program. *
* *
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
use Tygh\Registry;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'send_form') {
$suffix = '';
if (fn_image_verification('use_for_form_builder', $_REQUEST) == false) {
fn_save_post_data('form_values');
return array(CONTROLLER_STATUS_REDIRECT, "pages.view?page_id={$_REQUEST['page_id']}");
}
if (fn_send_form($_REQUEST['page_id'], empty($_REQUEST['form_values']) ? array() : $_REQUEST['form_values'])) {
$suffix = '&sent=Y';
}
return array(CONTROLLER_STATUS_OK, "pages.view?page_id={$_REQUEST['page_id']}" . $suffix);
}
return;
}
if ($mode == 'view' && !empty($_REQUEST['page_id'])) {
$page_is_https = db_get_field("SELECT value FROM ?:form_options WHERE element_type = ?s AND page_id = ?i", FORM_IS_SECURE, $_REQUEST['page_id']);
// if form is secure, redirect to https connection
if (!defined('HTTPS') && $page_is_https == 'Y') {
return array(CONTROLLER_STATUS_REDIRECT, Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
* This is commercial software, only users who have purchased a valid *
* license and accept to the terms of the License Agreement can install *
* and use this program. *
* *
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
use Tygh\Registry;
use Tygh\Mailer;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'send') {
if (fn_image_verification('use_for_email_share', $_REQUEST) == false) {
fn_save_post_data('send_data');
return array(CONTROLLER_STATUS_REDIRECT);
}
if (!empty($_REQUEST['send_data']['to_email'])) {
$lnk = fn_url(Registry::get('config.current_url'));
$redirect_url = fn_query_remove($_REQUEST['redirect_url'], 'selected_section');
$index_script = Registry::get('config.customer_index');
if (strpos($lnk, $index_script) !== false) {
$redirect_url = str_replace($index_script, '', $redirect_url);
}
$lnk .= $redirect_url;
$from = array('email' => !empty($_REQUEST['send_data']['from_email']) ? $_REQUEST['send_data']['from_email'] : Registry::get('settings.Company.company_users_department'), 'name' => !empty($_REQUEST['send_data']['from_name']) ? $_REQUEST['send_data']['from_name'] : Registry::get('settings.Company.company_name'));
$mail_sent = Mailer::sendMail(array('to' => $_REQUEST['send_data']['to_email'], 'from' => $from, 'data' => array('link' => $lnk, 'send_data' => $_REQUEST['send_data']), 'tpl' => 'addons/social_buttons/mail.tpl'), 'C');
if ($mail_sent == true) {
fn_set_notification('N', __('notice'), __('text_email_sent'));
* license and accept to the terms of the License Agreement can install *
* and use this program. *
* *
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
//
// $Id: pages.post.php 10229 2010-07-27 14:21:39Z 2tl $
//
if (!defined('AREA')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'send_form') {
if (Registry::get('settings.Image_verification.use_for_form_builder') == 'Y' && fn_image_verification('forms_' . $_REQUEST['page_id'], empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) {
fn_save_post_data();
return array(CONTROLLER_STATUS_REDIRECT, "pages.view?page_id={$_REQUEST['page_id']}");
}
fn_send_form($_REQUEST['page_id'], empty($_REQUEST['form_values']) ? array() : $_REQUEST['form_values']);
return array(CONTROLLER_STATUS_OK, "pages.view?page_id={$_REQUEST['page_id']}&sent=Y");
}
return;
}
if ($mode == 'view' && !empty($_REQUEST['page_id'])) {
// if form is secure, redirect to https connection
$page_is_https = db_get_field("SELECT value FROM ?:form_options WHERE element_type = ?s AND page_id = ?i", FORM_IS_SECURE, $_REQUEST['page_id']);
if (!defined('HTTPS')) {
if ($page_is_https == 'Y') {
return array(CONTROLLER_STATUS_REDIRECT, Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
}
****************************************************************************/
use Tygh\Development;
use Tygh\Registry;
use Tygh\Session;
use Tygh\Helpdesk;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//
// Login mode
//
if ($mode == 'login') {
$redirect_url = '';
if (AREA != 'A') {
if (fn_image_verification('login', $_REQUEST) == false) {
fn_save_post_data('user_login');
return array(CONTROLLER_STATUS_REDIRECT);
}
}
fn_restore_processed_user_password($_REQUEST, $_POST);
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth);
if (!empty($_REQUEST['redirect_url'])) {
$redirect_url = $_REQUEST['redirect_url'];
} else {
$redirect_url = fn_url('auth.login' . !empty($_REQUEST['return_url']) ? '?return_url=' . $_REQUEST['return_url'] : '');
}
if ($status === false) {
fn_save_post_data('user_login');
return array(CONTROLLER_STATUS_REDIRECT, $redirect_url);
}
* license and accept to the terms of the License Agreement can install *
* and use this program. *
* *
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
//
// $Id: send_to_friend.php 10229 2010-07-27 14:21:39Z 2tl $
//
if (!defined('AREA')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'send') {
if (Registry::get('settings.Image_verification.use_for_send_to_friend') == 'Y' && fn_image_verification('send_to_friend', empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) {
fn_save_post_data();
// return array(CONTROLLER_STATUS_REDIRECT);
}
if (!empty($_REQUEST['send_data']['to_email'])) {
$view_mail->assign('send_data', $_REQUEST['send_data']);
$lnk = fn_query_remove($_REQUEST['redirect_url'], 'selected_section');
$http_path = Registry::get('config.http_path');
if (!empty($http_path) && strpos($lnk, $http_path) !== false) {
$lnk = str_replace(Registry::get('config.http_path'), '', $lnk);
} else {
$lnk = '/' . ltrim($lnk, '/');
}
$view_mail->assign('link', Registry::get('config.http_location') . $lnk);
if (fn_send_mail($_REQUEST['send_data']['to_email'], array('email' => $_REQUEST['send_data']['from_email'], 'name' => $_REQUEST['send_data']['from_name']), 'addons/send_to_friend/mail_subj.tpl', 'addons/send_to_friend/mail.tpl', '', CART_LANGUAGE)) {
fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('text_email_sent'));
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
// echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
// echo 'target file='.$target_file;
if (move_uploaded_file($_FILES["p1"]["tmp_name"], $target_file)) {
// echo 'file uploaded,auth_id='.$auth['user_id'];
// echo "The file ". basename( $_FILES["p1"]["name"]). " has been uploaded.";
} else {
// echo "Sorry, there was an error uploading your file.";
// echo 'file not uploaded,tmp name='.$_FILES["p1"]["tmp_name"].";target file=$target_file";
}
}
if (fn_image_verification('use_for_register', $_REQUEST) == false) {
fn_save_post_data('user_data');
return array(CONTROLLER_STATUS_REDIRECT, 'profiles.add');
}
$is_update = !empty($auth['user_id']);
if (!$is_update) {
$is_valid_user_data = true;
if (empty($_REQUEST['user_data']['email'])) {
fn_set_notification('W', __('warning'), __('error_validator_required', array('[field]' => __('email'))));
$is_valid_user_data = false;
} elseif (!fn_validate_email($_REQUEST['user_data']['email'])) {
fn_set_notification('W', __('error'), __('text_not_valid_email', array('[email]' => $_REQUEST['user_data']['email'])));
$is_valid_user_data = false;
}
if (empty($_REQUEST['user_data']['password1']) || empty($_REQUEST['user_data']['password2'])) {
if (empty($_REQUEST['user_data']['password1'])) {
}
$auth['order_ids'] = db_get_fields("SELECT order_id FROM ?:orders WHERE email = ?s", $email);
if (!empty($_REQUEST['o_id']) && in_array($_REQUEST['o_id'], $auth['order_ids'])) {
return array(CONTROLLER_STATUS_REDIRECT, 'orders.details?order_id=' . $_REQUEST['o_id']);
} else {
return array(CONTROLLER_STATUS_REDIRECT, 'orders.search');
}
} else {
return array(CONTROLLER_STATUS_DENIED);
}
exit;
//
// Request for order tracking
//
} elseif ($mode == 'track_request') {
if (fn_image_verification('track_orders', $_REQUEST) == false) {
exit;
}
$condition = fn_get_company_condition('?:orders.company_id');
if (!empty($auth['user_id'])) {
$allowed_id = db_get_field('SELECT user_id ' . 'FROM ?:orders ' . 'WHERE user_id = ?i AND order_id = ?i AND is_parent_order != ?s' . $condition, $auth['user_id'], $_REQUEST['track_data'], 'Y');
if (!empty($allowed_id)) {
Registry::get('ajax')->assign('force_redirection', fn_url('orders.details?order_id=' . $_REQUEST['track_data']));
exit;
} else {
fn_set_notification('E', __('error'), __('warning_track_orders_not_allowed'));
}
} else {
$email = '';
if (!empty($_REQUEST['track_data'])) {
$o_id = 0;
* (c) 2004 Vladimir V. Kalynyak, Alexey V. Vinokurov, Ilya M. Shalnev *
* *
* This is commercial software, only users who have purchased a valid *
* license and accept to the terms of the License Agreement can install *
* and use this program. *
* *
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$return_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : '';
if ($mode == 'request') {
if (fn_image_verification('call_request', $_REQUEST) == false) {
fn_save_post_data('call_data');
} elseif (!empty($_REQUEST['call_data'])) {
$product_data = !empty($_REQUEST['product_data']) ? $_REQUEST['product_data'] : array();
if ($res = fn_do_call_request($_REQUEST['call_data'], $product_data, $_SESSION['cart'], $_SESSION['auth'])) {
if (!empty($res['error'])) {
fn_set_notification('E', __('error'), $res['error']);
} elseif (!empty($res['notice'])) {
fn_set_notification('N', __('notice'), $res['notice']);
}
}
}
}
return array(CONTROLLER_STATUS_OK, $return_url);
}
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
use Tygh\Registry;
use Tygh\Mailer;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$discussion_settings = Registry::get('addons.discussion');
$discussion_object_types = fn_get_discussion_objects();
$suffix = '';
if ($mode == 'add') {
$suffix = '&selected_section=discussion';
if (AREA == 'C') {
if (fn_image_verification('use_for_discussion', $_REQUEST) == false) {
fn_save_post_data('post_data');
return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['redirect_url'] . $suffix);
}
}
$post_data = $_REQUEST['post_data'];
if (!empty($post_data['thread_id'])) {
$object = fn_discussion_get_object_by_thread($post_data['thread_id']);
if (empty($object)) {
fn_set_notification('E', __('error'), __('cant_find_thread'));
return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['redirect_url'] . $suffix);
}
$object_name = $discussion_object_types[$object['object_type']];
$object_data = fn_get_discussion_object_data($object['object_id'], $object['object_type']);
$ip = fn_get_ip();
$post_data['ip_address'] = $ip['host'];
$_suffix = ".{$_REQUEST['redirect_mode']}";
}
if ($mode == 'add_profile') {
if (Registry::get('settings.Image_verification.use_for_register') == 'Y' && fn_image_verification('register', empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) {
fn_save_post_data();
return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout?login_type=register");
}
if ($res = fn_update_user(0, $_REQUEST['user_data'], $auth, false, true)) {
$suffix = '?edit_step=step_two';
} else {
$suffix = '?login_type=register';
}
return array(CONTROLLER_STATUS_OK, "checkout.checkout" . $suffix);
}
if ($mode == 'customer_info') {
if (Registry::get('settings.General.disable_anonymous_checkout') == 'Y' && empty($cart['user_data']['email']) && Registry::get('settings.Image_verification.use_for_checkout') == 'Y' && fn_image_verification('checkout', empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) {
fn_save_post_data();
return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout?login_type=guest");
}
$profile_fields = fn_get_profile_fields('O');
$user_profile = array();
if (!empty($_REQUEST['user_data'])) {
if (empty($auth['user_id']) && !empty($_REQUEST['user_data']['email'])) {
$email_exists = db_get_field("SELECT email FROM ?:users WHERE email = ?s", $_REQUEST['user_data']['email']);
if (!empty($email_exists)) {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_user_exists'));
fn_save_post_data();
return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout");
}
}
$user_data = $_REQUEST['user_data'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'poll_submit') {
if (empty($_REQUEST['page_id'])) {
return array(CONTROLLER_STATUS_NO_PAGE);
}
$condition = " AND (" . fn_find_array_in_set($_SESSION['auth']['usergroup_ids'], '?:pages.usergroup_ids', true) . ")";
$poll_data = db_get_row("SELECT * FROM ?:pages INNER JOIN ?:page_descriptions ON ?:pages.page_id = ?:page_descriptions.page_id WHERE ?:pages.page_id = ?i AND ?:page_descriptions.lang_code = ?s ?p", $_REQUEST['page_id'], CART_LANGUAGE, $condition);
if (empty($poll_data) || $poll_data['status'] == 'D' || $poll_data['use_avail_period'] == 'Y' && ($poll_data['avail_from_timestamp'] > TIME || $poll_data['avail_till_timestamp'] < TIME)) {
return array(CONTROLLER_STATUS_REDIRECT);
}
$ip = fn_get_ip();
if (db_get_field('SELECT vote_id FROM ?:polls_votes WHERE page_id = ?i AND ip_address = ?s', $_REQUEST['page_id'], fn_ip_to_db($ip['host']))) {
return array(CONTROLLER_STATUS_REDIRECT);
}
$prefix = isset($_REQUEST['obj_prefix']) ? $_REQUEST['obj_prefix'] : '';
if (fn_image_verification('polls', $_REQUEST) == false) {
return array(CONTROLLER_STATUS_REDIRECT);
}
if (!empty($_REQUEST['answer'])) {
$answer = $_REQUEST['answer'];
} else {
$answer = array();
}
if (!empty($_REQUEST['answer_text'])) {
$answer_text = $_REQUEST['answer_text'];
} else {
$answer_text = array();
}
if (!empty($_REQUEST['answer_more'])) {
$answer_more = $_REQUEST['answer_more'];
} else {
