Ejemplo n.º 1
0
 function makeModule($params)
 {
     $this->params = $params;
     $log_in = $this->getParams($params->params);
     switch ($log_in['log_in']) {
         case 1:
             if (UthandoUser::authorize()) {
                 $return_mod = true;
             }
             break;
         case 0:
             $return_mod = true;
             break;
     }
     $this->module = null;
     if ($return_mod) {
         $this->getModuleHeader();
         $this->getModuleTitle($this->params->module);
         if ($this->params->show_title == 1) {
             $this->module_wrap->appendChild($this->title);
         }
         $this->module = $this->getModule($params->module_name, $this->getParams($params->params));
         //$this->appendChild($this->module_wrap);
         //return $this->toHTML();
         return $this->module_wrap;
     }
 }
Ejemplo n.º 2
0
 private function getAuthorize()
 {
     if (isset($_SESSION['user_id']) && isset($_SESSION['username']) && isset($_SESSION['user_group']) && UthandoUser::checkUser()) {
         // Query the database.
         $row = $this->getResult('user_id, username, user_group', $this->registry->user . 'users', $this->registry->user . 'user_groups', array('where' => 'user_id=' . $_SESSION['user_id'], 'and' => "user_group != 'registered'"), false);
         if ($row) {
             if ($row->username == $_SESSION['username'] && $row->user_id == $_SESSION['user_id'] && $row->user_group == $_SESSION['user_group']) {
                 $this->upid = $this->setUserPermissions($_SESSION['user_group']);
                 if ($this->upid > 0 && $this->upid < 4) {
                     $this->authorized = true;
                 }
             }
         }
     }
 }
Ejemplo n.º 3
0
 private function checkUserCountry()
 {
     global $uthando, $registry;
     if (UthandoUser::authorize()) {
         $row = $uthando->getResult('country_id', $registry->user . $uthando->ushop->prefix . 'user_info', null, array('WHERE' => 'user_id=' . $_SESSION['user_id']), false);
         if ($row) {
             if ($row->country_id > 0) {
                 $_SESSION['CountryCode'] = $row->country_id;
             } else {
                 unset($_SESSION['CountryCode']);
             }
         } else {
             unset($_SESSION['CountryCode']);
         }
     }
 }
Ejemplo n.º 4
0
/*{END_PHP_INI_PATH}*/
// Set include paths.
$ini_path = ini_get('include_path') . PATH_SEPARATOR . __PHP_PATH . PATH_SEPARATOR . __PHP_PATH . '/PEAR' . PATH_SEPARATOR . __PHP_PATH . '/Uthando' . PATH_SEPARATOR . __PHP_PATH . '/Uthando/Admin' . PATH_SEPARATOR . __PHP_PATH . '/Uthando/Admin/FileManager' . PATH_SEPARATOR . __PHP_PATH . '/Uthando/functions' . PATH_SEPARATOR . __SITE_PATH . '/modules' . PATH_SEPARATOR . __SITE_PATH . '/components';
set_include_path($ini_path);
// Include functions.
require_once 'functions.php';
$registry = new Admin_Registry(true);
$registry->setSite(realpath(__SITE_PATH . '/../../uthando/ini/uthandoSites.ini.php'));
$registry->loadIniFiles(array('admin_config' => 'uthandoAdmin', 'config' => 'uthando'));
$registry->setDefaults();
if (isset($_POST['session'])) {
    $pwd = $_POST['session'][0];
    $iv = $_POST['session'][1];
}
$registry->sessionId = Utility::decodeString($pwd, $iv);
$uthando = new UthandoAdmin($registry);
try {
    $registry->db = new DB_Admin($registry);
    $registry->session = new Session($registry);
    UthandoUser::setUserInfo();
    if ($uthando->authorize()) {
        $ushop = new UShop_Manager($registry);
        $ushop->fireEvent(!empty($_POST['action']) ? $_POST['action'] : null);
    }
} catch (PDOException $e) {
    $registry->Error($e->getMessage());
    print_rr($e->getMessage());
}
$registry->db = null;
unset($uthando, $registry);
ob_end_flush();
Ejemplo n.º 5
0
$registry->config = new Config($registry, array('path' => $registry->ini_dir . '/uthando.ini.php'));
$registry->db_default = $registry->config->get('core', 'DATABASE') . '.';
$registry->core = $registry->config->get('core', 'DATABASE') . '.';
$registry->user = $registry->config->get('user', 'DATABASE') . '.';
$registry->sessions = $registry->config->get('session', 'DATABASE') . '.';
$registry->dbug = $registry->config->get('dbug', 'SERVER');
$registry->compress_files = $registry->config->get('compress_files', 'SERVER');
$uthando = new AjaxContent($registry);
$uthando->timer = new Benchmark_Timer();
$uthando->timer->start();
$registry->template = $registry->config->get('site_template', 'SERVER');
$uthando->setTemplate(__SITE_PATH . '/templates/' . $registry->template . '/ajax_content.php');
$uthando->AddParameter('MERCHANT_NAME', $registry->config->get('site_name', 'SERVER'));
$registry->session = new Session($registry);
UthandoUser::setUserInfo();
if (UthandoUser::authorize()) {
    $registry->loggedInUser = true;
    $uthando->AddParameter('LOGIN_STATUS', "<p>You are logged in as: " . $_SESSION['name'] . "</p>");
} else {
    $registry->loggedInUser = false;
}
try {
    $registry->db = new UthandoDB($registry);
    // Load component.
    $uthando->loadComponent();
    // Get Modules and add them.
    $uthando->addModules();
} catch (PDOException $e) {
    $registry->Error($e->getMessage(), $e);
}
if ($registry->component_css) {
Ejemplo n.º 6
0
 // Apply form element filters.
 $form->applyFilter('__ALL__', 'escape_data');
 $email = $form->exportValue('email');
 $rand_chars = $_SESSION['rand_chars'];
 unset($_SESSION['rand_chars']);
 foreach ($rand_chars as $key => $value) {
     $password[$value] = $form->exportValue('pwd' . $key);
 }
 // If user exists then login user else display form.
 $sql = $this->registry->db->query("\n\t\tSELECT user_id, CONCAT(first_name, ' ', last_name) AS name, user_group, password, iv\n\t\tFROM " . $this->registry->user . "users\n\t\tNATURAL JOIN " . $this->registry->user . "user_groups\n\t\tWHERE email = :email\n\t\tAND user_group='registered'\n\t", array(':email' => $email));
 $num_rows = count($sql);
 if ($num_rows == 1) {
     // login user.
     $row = $sql[0];
     // decrypt password.
     $decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv);
     // split the password for checking.
     $decrypted = str_split($decrypted);
     // check password against the characters submitted
     foreach ($password as $key => $value) {
         $pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false;
     }
     // did it pass?
     $validated = true;
     foreach ($pwd_validate as $value) {
         if (!$value) {
             $validated = false;
         }
     }
     if ($validated) {
         session_regenerate_id();
Ejemplo n.º 7
0
<?

// no direct access
defined( 'PARENT_FILE' ) or die( 'Restricted access' );

if (!UthandoUser::authorize()):
	
	$form = new HTML_QuickForm('login', 'post', '/user/register');
	
	$user_config = new Config($this->registry, array('path' => $this->registry->ini_dir.'/user/user.ini.php'));
	
	// Remove name attribute for xhtml strict compliance.
	$form->removeAttribute('name');
	
	// Add form elements.
	// Grouped elements
	$name['first'] = &HTML_QuickForm::createElement('text', 'first', null, array('size' => 20, 'class' => 'inputbox'));
	$name['last'] = &HTML_QuickForm::createElement('text', 'last', null, array('size' => 30, 'class' => 'inputbox'));
	
	$form->addGroup($name, 'name', 'Name (first, last):', '&nbsp;');
	
	$form->addElement('text', 'email1', 'Enter your email address:', array('size' => 20, 'maxlength' => 100, 'class' => 'inputbox'));
	$form->addElement('text', 'email2', 'Comfirm your email address:', array('size' => 20, 'maxlength' => 100, 'class' => 'inputbox'));
	
	$form->addElement('password', 'password1', 'Set your password:'******'size' => 15, 'maxlength' => 12, 'class' => 'inputbox'));
	$form->addElement('password', 'password2', 'Comfirm your password:'******'size' => 15, 'maxlength' => 12, 'class' => 'inputbox'));
	
	// set up rules.
	// name rules
	// Define the rules for each element in the group
	$first_name_rule_1 = array('First Name is required','required');
Ejemplo n.º 8
0
 public function retrieveCart()
 {
     if (UthandoUser::authorize()) {
         if (isset($_SESSION['cart'])) {
             if (!$this->getCart()) {
                 $this->insertCart($_SESSION['cart']);
             }
         }
         $cart = $this->getCart();
         return new UShop_ShoppingCart($this->registry, $cart);
     } else {
         $cart = isset($_SESSION['cart']) ? $_SESSION['cart'] : null;
         return new UShop_ShoppingCart($this->registry, $cart);
     }
 }
Ejemplo n.º 9
0
 $num_rows = $sql->num_rows;
 if ($num_rows == 0) {
     // lets now register the user
     // connect user to database.
     $dsn = array('hostspec' => $this->get('config.database.hostspec'), 'phptype' => $this->get('config.database.phptype'), 'database' => $this->get('config.database.user'));
     $dsn = array_merge($dsn, $this->get('config.database_user'));
     $this->dsn = $dsn['phptype'] . ":host=" . $dsn['hostspec'] . ";dbname=" . $dsn['database'];
     $this->username = $dsn['username'];
     $this->password = $dsn['password'];
     $conn = new PDO($this->dsn, $this->username, $this->password);
     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     try {
         $conn->beginTransaction();
         // encrypt password.
         $user_config = new Config($this->registry, array('path' => $this->registry->ini_dir . '/user/user.ini.php'));
         $pwd = UthandoUser::encodePassword($password, $user_config->get('key', 'cipher'));
         // get user group for user.
         $stmt = $conn->prepare("\n\t\t\t\tSELECT user_group_id\n\t\t\t\tFROM " . $this->registry->user . "user_groups\n\t\t\t\tWHERE user_group='registered'\n\t\t\t");
         $stmt->execute();
         $res = $stmt->fetch(PDO::FETCH_OBJ);
         $stmt = $conn->prepare("\n\t\t\t\tINSERT INTO users (user_group_id, first_name, last_name, username, email, password, iv, cdate)\n\t\t\t\tVALUES (:user_group_id, :first_name, :last_name, :email, :email, :password, :iv, NOW())\n\t\t\t");
         $stmt->execute(array(':user_group_id' => $res->user_group_id, ':first_name' => $name['first'], ':last_name' => $name['last'], ':email' => $email, ':password' => $pwd[0], ':iv' => $pwd[1]));
         if ($conn->commit()) {
             // mail user comfirmation.
             // get mail config.
             $this->registry->mail_config = new Config($this->registry, array('path' => $this->registry->ini_dir . '/mail.ini.php'));
             // get mailer type and call class instance.
             $mailer = $this->registry->mail_config->get('type', 'mailer');
             $mail = new Mailer($mailer, $this->registry);
             $email_type = 'html';
             // set some headers.
Ejemplo n.º 10
0
     $password = $form->exportValue('password1');
     $update['user_group_id'] = $form->exportValue('group');
     if ($update['user_group_id'] == 0) {
         $update['user_group_id'] = $user->user_group_id;
     }
     if (!empty($password)) {
         $user_config = new Config($registry, array('path' => $this->registry->ini_dir . '/user/user.ini.php'));
         // encrypt password.
         // get group id
         $ugid = $this->registry->db->query("\n\t\t\t\t\t\tSELECT user_group\n\t\t\t\t\t\tFROM " . $this->registry->user . "user_groups\n\t\t\t\t\t\tWHERE user_group_id=:group\n\t\t\t\t\t", array(':group' => $update['user_group_id']));
         if ($ugid[0]->user_group == 'registered') {
             $key = array($user_config->get('key', 'cipher'), $this->get('config.server.web_url'));
         } else {
             $key = $user_config->get('key', 'cipher');
         }
         $pwd = UthandoUser::encodePassword($password, $key);
         $update['password'] = $pwd[0];
         $update['iv'] = $pwd[1];
     }
     $result = $this->registry->db->update($update, $this->registry->user . 'users', array('WHERE' => 'user_id=' . $this->registry->params['id']), $quote = true);
     if (!$result) {
         $this->registry->Error('record not updated.');
     } else {
         Uthando::go('/user/overview');
     }
 } else {
     $form->setDefaults(array('name' => array('first' => $user->first_name, 'last' => $user->last_name), 'username' => $user->username, 'email' => $user->email, 'group' => $user->user_group_id));
     // Output the form
     $renderer = new UthandoForm(TEMPLATES . $this->get('admin_config.site.template'));
     $renderer->setFormTemplate('form');
     $renderer->setHeaderTemplate('header');