Ejemplo n.º 1
0
     } else {
         function randomize()
         {
             $salt = "abchefghjkmnpqrstuvwxyz0123456789";
             srand((double) microtime() * 1000000);
             $i = 0;
             while ($i <= 7) {
                 $num = rand() % 33;
                 $tmp = substr($salt, $num, 1);
                 $pass = $pass . $tmp;
                 $i++;
             }
             return $pass;
         }
         $makePassword = randomize();
         $sql_data_array = array('admin_groups_id' => smn_db_prepare_input($_POST['admin_groups_id']), 'admin_firstname' => smn_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => smn_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => smn_db_prepare_input($_POST['admin_email_address']), 'admin_password' => smn_encrypt_password($makePassword), 'admin_created' => 'now()');
         smn_db_perform(TABLE_ADMIN, $sql_data_array);
         $admin_id = smn_db_insert_id();
         smn_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
         smn_redirect(smn_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&mID=' . $admin_id));
     }
     break;
 case 'member_edit':
     $admin_id = smn_db_prepare_input($_POST['admin_id']);
     $hiddenPassword = '******';
     $stored_email[] = 'NONE';
     $check_email_query = smn_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
     while ($check_email = smn_db_fetch_array($check_email_query)) {
         $stored_email[] = $check_email['admin_email_address'];
     }
     if (in_array($_POST['admin_email_address'], $stored_email)) {
Ejemplo n.º 2
0
if (isset($_POST['action']) && $_POST['action'] == 'process') {
    $password_current = smn_db_prepare_input($_POST['password_current']);
    $password_new = smn_db_prepare_input($_POST['password_new']);
    $password_confirmation = smn_db_prepare_input($_POST['password_confirmation']);
    $error = false;
    if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
    } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }
    if ($error == false) {
        $check_customer_query = smn_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'");
        $check_customer = smn_db_fetch_array($check_customer_query);
        if (smn_validate_password($password_current, $check_customer['customers_password'])) {
            smn_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $customer_id . "'");
            smn_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'");
            $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
            smn_redirect(smn_href_link(FILENAME_DEFAULT, '', 'NONSSL'));
        } else {
            $error = true;
            $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_1, smn_href_link(FILENAME_ACCOUNT, '', 'NONSSL'));
$breadcrumb->add(NAVBAR_TITLE_2, smn_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'NONSSL'));
Ejemplo n.º 3
0
         }
     }
 }
 if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
     $error = true;
     $messageStack->add('create_account', ENTRY_TELEPHONE_NUMBER_ERROR);
 }
 if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
     $error = true;
     $messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
 } elseif ($password != $confirmation) {
     $error = true;
     $messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
 }
 if ($error == false) {
     $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_password' => smn_encrypt_password($password));
     if (ACCOUNT_GENDER == 'true') {
         $sql_data_array['customers_gender'] = $gender;
     }
     if (ACCOUNT_DOB == 'true') {
         $dob = $dob_day . '/' . $dob_month . '/' . $dob_year;
         $sql_data_array['customers_dob'] = smn_date_raw($dob);
     }
     smn_db_perform(TABLE_CUSTOMERS, $sql_data_array);
     $customer_id = smn_db_insert_id();
     $sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
     if (ACCOUNT_GENDER == 'true') {
         $sql_data_array['entry_gender'] = $gender;
     }
     if (ACCOUNT_COMPANY == 'true') {
         $sql_data_array['entry_company'] = $company;
Ejemplo n.º 4
0
 function set_password($password, $encrypted = false)
 {
     if (!$encrypted) {
         $this->password = smn_encrypt_password($password);
     } else {
         $this->password = $password;
     }
 }
  
  Portions Copyright (c) 2002 osCommerce
  
  This source file is subject to version 2.0 of the GPL license,   
  that is bundled with this package in the file LICENSE. If you
  did not receive a copy of the oscMall System license and are unable 
  to obtain it through the world-wide-web, please send a note to    
  license@systemsmanager.net so we can mail you a copy immediately.
*/
global $page_name;
require DIR_WS_CLASSES . 'mime.php';
require DIR_WS_CLASSES . 'email.php';
// include the password crypto functions
require DIR_WS_FUNCTIONS . 'password_funcs.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    $email_address = smn_db_prepare_input($_POST['email_address']);
    $check_customer_query = smn_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . smn_db_input($email_address) . "'");
    if (smn_db_num_rows($check_customer_query)) {
        $check_customer = smn_db_fetch_array($check_customer_query);
        $new_password = smn_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
        $crypted_password = smn_encrypt_password($new_password);
        smn_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
        smn_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), $store->get_store_owner(), $store->get_store_owner_email_address());
        $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
        smn_redirect(smn_href_link(FILENAME_LOGIN, '', 'NONSSL'));
    } else {
        $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
    }
}
$breadcrumb->add(NAVBAR_TITLE_1, smn_href_link(FILENAME_LOGIN, '', 'NONSSL'));
$breadcrumb->add(NAVBAR_TITLE_2, smn_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'NONSSL'));
Ejemplo n.º 6
0
            if (!smn_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
                smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'action=check_account&error=password'));
            } else {
                //$confirm = 'confirm_account';
                smn_session_register('confirm_account');
                $confirm_account = '1';
                smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));
            }
            break;
        case 'save_account':
            $admin_id = smn_db_prepare_input($_POST['id_info']);
            $admin_email_address = smn_db_prepare_input($_POST['admin_email_address']);
            $stored_email[] = 'NONE';
            $check_email_query = smn_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
            while ($check_email = smn_db_fetch_array($check_email_query)) {
                $stored_email[] = $check_email['admin_email_address'];
            }
            if (in_array($_POST['admin_email_address'], $stored_email)) {
                smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email'));
            } else {
                $sql_data_array = array('admin_firstname' => smn_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => smn_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => smn_db_prepare_input($_POST['admin_email_address']), 'admin_password' => smn_encrypt_password(smn_db_prepare_input($_POST['admin_password'])), 'admin_modified' => 'now()');
                smn_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
                smn_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['check_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $hiddenPassword), $_POST['check_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['check_email_address']);
                smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'page=' . $_GET['page'] . '&mID=' . $admin_id));
            }
            break;
    }
}
$content_page = basename($_SERVER['PHP_SELF']);
require 'templates/default/layout.php';
require DIR_WS_INCLUDES . 'application_bottom.php';
Ejemplo n.º 7
0
     $emailPassword = $makePassword;
     $emailStoreName = STORE_OWNER;
 } else {
     $admin_id = $_POST['admin_id'];
     $extraWhere = ' and admin_id != "' . $admin_id . '"';
     $emailPassword = '******';
     $emailStoreName = MALL_NAME;
 }
 $Qcheck = smn_db_query('select admin_email_address from ' . TABLE_ADMIN . ' where admin_email_address = "' . $email_address . '"' . $extraWhere);
 if (smn_db_num_rows($Qcheck) > 0) {
     echo '{ success: false, errorMsg: "Admin Email Address Already Exists." }';
     exit;
 }
 $sql_data_array = array('admin_groups_id' => $group_id, 'admin_firstname' => $firstname, 'admin_lastname' => $lastname, 'admin_email_address' => $email_address);
 if (isset($makePassword)) {
     $sql_data_array['admin_password'] = smn_encrypt_password($makePassword);
     $sql_data_array['admin_created'] = 'now()';
     smn_db_perform(TABLE_ADMIN, $sql_data_array);
     $admin_id = smn_db_insert_id();
 } else {
     $sql_data_array['admin_modified'] = 'now()';
     smn_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = "' . $admin_id . '"');
 }
 smn_mail($firstname . ' ' . $lastname, $email_address, ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $firstname, HTTP_SERVER . DIR_WS_CATALOG . 'account.php', $email_address, $emailPassword, $emailStoreName), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
 $Qmember = smn_db_query('select a.*, ag.admin_groups_name from ' . TABLE_ADMIN . ' a left join ' . TABLE_ADMIN_GROUPS . ' ag using(admin_groups_id) where admin_id = "' . $admin_id . '"');
 $member = smn_db_fetch_array($Qmember);
 echo '{ 
       success: true,
       admin_id: "' . $member['admin_id'] . '",
       admin_firstname: "' . $member['admin_firstname'] . '", 
       admin_lastname: "' . $member['admin_lastname'] . '", 
    if (!smn_db_num_rows($check_admin_query)) {
        $_GET['login'] = '******';
    } else {
        $check_admin = smn_db_fetch_array($check_admin_query);
        if ($check_admin['check_firstname'] != $firstname) {
            $_GET['login'] = '******';
        } else {
            $_GET['login'] = '******';
            function randomize()
            {
                $salt = "ABCDEFGHIJKLMNOPQRSTUVWXWZabchefghjkmnpqrstuvwxyz0123456789";
                srand((double) microtime() * 1000000);
                $i = 0;
                while ($i <= 7) {
                    $num = rand() % 33;
                    $tmp = substr($salt, $num, 1);
                    $pass = $pass . $tmp;
                    $i++;
                }
                return $pass;
            }
            $makePassword = randomize();
            smn_mail($check_admin['customers_firstname'] . ' ' . $check_admin['customers_lastname'], $check_admin['check_email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $makePassword), $check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address']);
            smn_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'");
        }
    }
}
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN;
$content_page = basename($_SERVER['PHP_SELF']);
require 'templates/default/layout.php';
require DIR_WS_INCLUDES . 'application_bottom.php';