/** exdoc
* Loads permission data from the database for the specified user.
*
* @param User $user the user to load permissions for.
*
* @node Subsystems:expPermissions
*/
public static function load($user)
{
global $db, $exponent_permissions_r;
// The $has_admin boolean will be flipped to true if the user has any administrate permission anywhere.
// It will be used for figuring out the allowable UI levels.
// $has_admin = 0;
// Clear the global permissions array;
$exponent_permissions_r = array();
if ($user == null) {
// If the user is not logged in, they have no permissions.
return;
}
if ($user->is_acting_admin == 0) {
// Retrieve all of the explicit user permissions, by user id
foreach ($db->selectObjects('userpermission', 'uid=' . $user->id) as $obj) {
$exponent_permissions_r[$obj->module][$obj->source][$obj->internal][$obj->permission] = 1;
}
// Retrieve all of the implicit user permissions (by virtue of group membership).
foreach ($db->selectObjects('groupmembership', 'member_id=' . $user->id) as $memb) {
foreach ($db->selectObjects('grouppermission', 'gid=' . $memb->group_id) as $obj) {
$exponent_permissions_r[$obj->module][$obj->source][$obj->internal][$obj->permission] = 1;
}
}
// Retrieve all of the implicit user permissions (by virtue of subscriptions).
foreach ($db->selectObjects('subscriptions_users', 'user_id=' . $user->id) as $memb) {
foreach ($db->selectObjects('subscriptionpermission', 'subscription_id=' . $memb->subscription_id) as $obj) {
$exponent_permissions_r[$obj->module][$obj->source][$obj->internal][$obj->permission] = 1;
}
}
}
expSession::set('permissions', $exponent_permissions_r);
}
/**
* Smarty {is_logged_in} modifier plugin
*
* Type: modifier<br>
* Name: is_logged_in<br>
* Purpose: determine if user is logged in
*
* @param array
* @return array
*/
function smarty_modifier_is_logged_in($string)
{
if (expSession::loggedIn()) {
return true;
} else {
return false;
}
}
function addToCart($params)
{
global $order;
expSession::set('params', $params);
//get the configuration
$cfg->mod = "ecomconfig";
$cfg->src = "@globalstoresettings";
$cfg->int = "";
$config = new expConfig($cfg);
$this->config = empty($catConfig->config) || @$catConfig->config['use_global'] == 1 ? $config->config : $catConfig->config;
$min_amount = $this->config['minimum_gift_card_purchase'];
$custom_message_product = $this->config['custom_message_product'];
if (empty($params['product_id'])) {
flash('error', gt("Please specify the style of the gift card you want to purchase."));
expHistory::back();
}
if (empty($params['card_amount']) && empty($params['card_amount_txt'])) {
flash('error', gt("You need to specify the card amount for the gift card."));
expHistory::back();
} else {
// eDebug($params, true);
$item = new orderitem($params);
$sm = $order->getCurrentShippingMethod();
$item->shippingmethods_id = $sm->id;
if (isset($params['card_amount_txt'])) {
$params['card_amount_txt'] = preg_replace("/[^0-9.]/", "", $params['card_amount_txt']);
}
if (!empty($params['card_amount_txt']) && $params['card_amount_txt'] > 0) {
$item->products_price = preg_replace("/[^0-9.]/", "", $params['card_amount_txt']);
} else {
$item->products_price = preg_replace("/[^0-9.]/", "", $params['card_amount']);
}
if ($item->products_price < $min_amount) {
flash('error', gt("The minimum amount of gift card is") . " " . $min_amount);
expHistory::back();
}
$item->products_name = expCore::getCurrencySymbol() . $params['card_amount'] . ' ' . $this->title . " Style Gift Card";
if (!empty($params['toname'])) {
$ed['To'] = isset($params['toname']) ? $params['toname'] : '';
}
if (!empty($params['fromname'])) {
$ed['From'] = isset($params['fromname']) ? $params['fromname'] : '';
}
if (!empty($params['msg'])) {
$ed['Message'] = isset($params['msg']) ? $params['msg'] : '';
$item->products_price += $custom_message_product;
$item->products_name = $item->products_name . " (with message)";
}
$item->extra_data = serialize($ed);
// we need to unset the orderitem's ID to force a new entry..other wise we will overwrite any
// other giftcards in the cart already
$item->id = null;
$item->quantity = $this->getDefaultQuantity();
$item->save();
return true;
}
}
/**
* Smarty {get_user} function plugin
*
* Type: function<br>
* Name: get_user<br>
* Purpose: get user name
*
* @param $params
* @param \Smarty $smarty
* @return bool
*/
function smarty_function_get_user($params, &$smarty)
{
if (expSession::loggedIn()) {
global $user;
if (isset($params['assign'])) {
$smarty->assign($params['assign'], $user);
} else {
echo $user->username;
}
}
}
function userForm()
{
// make sure we have some billing options saved.
//if (empty($this->opts)) return false;
//exponent_javascript_toFoot('creditcard',"",null,'', URL_FULL.'framework/core/subsystems/forms/js/AuthorizeNet.validate.js');
//$opts->first_name = isset($this->opts->first_name) ? $this->opts->first_name : null;
//$opts->last_name = isset($this->opts->last_name) ? $this->opts->last_name : null;
$this->opts = expSession::get('billing_options');
$opts->cc_type = isset($this->opts->cc_type) ? $this->opts->cc_type : null;
$opts->cc_number = isset($this->opts->cc_number) ? $this->opts->cc_number : null;
$opts->exp_month = isset($this->opts->exp_month) ? $this->opts->exp_month : null;
$opts->exp_year = isset($this->opts->exp_year) ? $this->opts->exp_year : null;
$opts->cvv = isset($this->opts->cvv) ? $this->opts->cvv : null;
$form = '';
/* FIXME: hard coded options!!
if ($config_object->accept_amex) $cards["AmExCard"] = "American Express";
if ($config_object->accept_discover) $cards["DiscoverCard"] = "Discover";
if ($config_object->accept_mastercard) $cards["MasterCard"] = "MasterCard";
if ($config_object->accept_visa) $cards["VisaCard"] = "Visa";
*/
//$fname = new textcontrol($opts->first_name);
//$lname = new textcontrol($opts->last_name);
/*
$cardtypes = new dropdowncontrol($opts->cc_type,$this->getAvailableCards());
$cardnumber = new textcontrol($opts->cc_number,20,false,20,"integer", true);
$expiration = new monthyearcontrol($opts->exp_month, $opts->exp_year);
$cvv = new textcontrol($opts->cvv,4,false,4,"integer", true);
$cvvhelp = new htmlcontrol("<a href='http://en.wikipedia.org/wiki/Card_Verification_Value' target='_blank'>What's this?</a>");
*/
$cardtypes = new dropdowncontrol("", $this->getAvailableCards());
$cardnumber = new textcontrol("", 20, false, 20, "integer", true);
$expiration = new monthyearcontrol("", "");
$cvv = new textcontrol("", 4, false, 4, "integer", true);
//$cvvhelp = new htmlcontrol("<a href='http://en.wikipedia.org/wiki/Card_Verification_Value' target='_blank'>What's this?</a>");
$cardtypes->id = "cc_type";
$cardnumber->id = "cc_number";
$expiration->id = "expiration";
$cvv->id = "cvv";
$cvv->size = 5;
//$cvvhelp->id = "cvvhelp";
//$form .= $fname->toHTML("First Name", "first_name");
//$form .= $lname->toHTML("Last Name", "last_name");
$form .= $cardtypes->toHTML("Card Type", "cc_type");
$form .= $cardnumber->toHTML("Card #", "cc_number");
//$form .= "<strong class=\"example\">Example: 1234567890987654</strong>";
$form .= $expiration->toHTML("Expiration", "expiration");
$form .= $cvv->toHTML("CVV # <br /><a href='http://en.wikipedia.org/wiki/Card_Verification_Value' target='_blank'>What's this?</a>", 'cvv');
//$form .= $cvvhelp->toHTML('', 'cvvhelp');
//$form .= "<a class=\"exp-ecom-link-dis continue\" href=\"#\" id=\"checkoutnow\"><strong><em>Continue Checkout</em></strong></a>";
//$form .= '<input id="cont-checkout" type="submit" value="Continue Checkout">';
return $form;
}
function update($values, $object)
{
if ($object == null) {
$object = new uploadcontrol();
}
if ($values['identifier'] == "") {
$post = $_POST;
$post['_formError'] = gt('Identifier is required.');
expSession::set("last_POST", $post);
return null;
}
$object->identifier = $values['identifier'];
$object->caption = $values['caption'];
$object->default = $values['default'];
return $object;
}
static function delete($object, $rerank = false)
{
if ($object == null) {
return false;
}
$internal = unserialize($object->internal);
global $db;
$section = expSession::get("last_section");
$secref = $db->selectObject("sectionref", "module='" . $internal->mod . "' AND source='" . $internal->src . "' AND internal='" . $internal->int . "' AND section={$section}");
if ($secref) {
$secref->refcount -= 1;
$db->updateObject($secref, "sectionref", "module='" . $internal->mod . "' AND source='" . $internal->src . "' AND internal='" . $internal->int . "' AND section={$section}");
}
// Fix ranks
if ($rerank) {
$db->decrement("container", "rank", 1, "external='" . $object->external . "' AND rank > " . $object->rank);
}
}
function update($values, $object)
{
if ($object == null) {
$object = new antispamcontrol();
}
if ($values['identifier'] == "") {
$post = $_POST;
$post['_formError'] = gt('Identifier is required.');
expSession::set("last_POST", $post);
return null;
}
$object->identifier = $values['identifier'];
$object->caption = $values['caption'];
$object->default = $values['default'];
$object->size = intval($values['size']);
$object->maxlength = intval($values['maxlength']);
$object->required = isset($values['required']);
return $object;
}
/**
* Smarty {permissions} block plugin
*
* Type: block<br>
* Name: permissions<br>
* Purpose: Set up a permissions block
*
* @param $params
* @param $content
* @param \Smarty $smarty
* @param $repeat
* @return string
*/
function smarty_block_permissions($params, $content, &$smarty, &$repeat)
{
if ($content) {
global $user, $css_core;
if (empty($_GET['recymod'])) {
$uilevel = 99;
if (expSession::exists("uilevel")) {
$uilevel = expSession::get("uilevel");
}
if (empty($css_core['admin-global'])) {
expCSS::pushToHead(array("corecss" => "admin-global"));
}
if (isset($uilevel) && $uilevel == UILEVEL_PREVIEW || !$user->isLoggedIn()) {
$cntnt = "";
} else {
$cntnt = isset($uilevel) && $uilevel == UILEVEL_PREVIEW || !$user->isLoggedIn() ? "" : $content;
}
return $cntnt;
}
}
}
public static function login($username, $password)
{
global $db, $user;
// Retrieve the user object from the database. This may be null, if the username is non-existent.
$user = new user($db->selectValue('user', 'id', "username='******'"));
// if the user object doesn't have an id then we didn't find a valid user account with this username
if (empty($user->id)) {
return false;
}
// try to authenticate the user - use the authentication type specified in the site config
if (USE_LDAP == 1 && (empty($user) || $user->is_ldap == 1)) {
$ldap = new expLDAP();
$ldap->connect();
$authenticated = $ldap->authenticate($ldap->getLdapUserDN($username), $password);
if ($authenticated) {
if (empty($user)) {
$user = $ldap->addLdapUserToDatabase($username, $password);
}
}
$ldap->close();
} else {
$authenticated = $user->authenticate($password);
}
if ($authenticated) {
// Call on the Sessions subsystem to log the user into the site.
expSession::login($user);
//Update the last login timestamp for this user.
$user->updateLastLogin();
}
// $obj = new stdClass();
// $obj->user_id = $user->id;
// $obj->timestamp = time();
// $obj->ip_address = exponent_users_getRealIpAddr();
// $obj->authenticated = $authenticated;
// $db->insertObject($obj, "user_loginAttempts");
//
// return $user;
}
function __construct($module, $view = null, $loc = null, $caching = false, $type = null)
{
$type = !isset($type) ? 'modules' : $type;
//parent::__construct("modules", $module, $view);
parent::__construct($type, $module, $view);
$this->viewparams = expTemplate::getViewParams($this->viewfile);
if ($loc == null) {
$loc = expCore::makeLocation($module);
}
$this->tpl->assign("__loc", $loc);
$this->tpl->assign("__name", $module);
// View Config
global $db;
$container_key = serialize($loc);
$cache = expSession::getCacheValue('containermodule');
if (isset($cache[$container_key])) {
$container = $cache[$container_key];
} else {
$container = $db->selectObject("container", "internal='" . $container_key . "'");
$cache[$container_key] = $container;
}
$this->viewconfig = $container && isset($container->view_data) && $container->view_data != "" ? unserialize($container->view_data) : array();
$this->tpl->assign("__viewconfig", $this->viewconfig);
}
<?php
##################################################
#
# Copyright (c) 2004-2011 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
echo json_encode(expSession::set($_REQUEST['var'], $_REQUEST['value']));
/**
* Routine to check for installation or upgrade
*/
public static function checkVersion()
{
global $db, $user;
$swversion->major = EXPONENT_VERSION_MAJOR;
$swversion->minor = EXPONENT_VERSION_MINOR;
$swversion->revision = EXPONENT_VERSION_REVISION;
$swversion->type = EXPONENT_VERSION_TYPE;
$swversion->iteration = EXPONENT_VERSION_ITERATION;
$swversion->builddate = EXPONENT_VERSION_BUILDDATE;
// check database version against installed software version
if ($db->havedb) {
if ($user->isAdmin()) {
$dbversion = $db->selectObject('version', 1);
if (empty($dbversion)) {
$dbversion->major = 0;
$dbversion->minor = 0;
$dbversion->revision = 0;
$dbversion->type = '';
$dbversion->iteration = '';
}
// check if software version is newer than database version
if (self::compareVersion($dbversion, $swversion)) {
$oldvers = $dbversion->major . '.' . $dbversion->minor . '.' . $dbversion->revision . ($dbversion->type ? $dbversion->type : '') . ($dbversion->iteration ? $dbversion->iteration : '');
$newvers = $swversion->major . '.' . $swversion->minor . '.' . $swversion->revision . ($swversion->type ? $swversion->type : '') . ($swversion->iteration ? $swversion->iteration : '');
flash('message', gt('The database requires upgrading from') . ' v' . $oldvers . ' ' . gt('to') . ' v' . $newvers . '<br><a href="' . makelink(array("controller" => "administration", "action" => "install_exponent")) . '">' . gt('Click here to Upgrade your website') . '</a>');
}
}
} else {
// database is unavailable, so show us as being offline
$template = new standalonetemplate('_maintenance');
$template->assign("db_down", true);
$template->output();
exit;
}
// check if online version is newer than installed software version, but only once per session
if ($user->isAdmin()) {
if (!expSession::is_set('update-check')) {
$onlineVer = self::getOnlineVersion();
expSession::set('update-check', '1');
if (self::compareVersion($swversion, $onlineVer)) {
$newvers = $onlineVer->major . '.' . $onlineVer->minor . '.' . $onlineVer->revision . ($onlineVer->type ? $onlineVer->type : '') . ($onlineVer->iteration ? $onlineVer->iteration : '');
flash('message', gt('A newer version of Exponent is available') . ': v' . $newvers . ' ' . gt('was released') . ' ' . expDateTime::format_date($onlineVer->builddate) . '<br><a href="https://github.com/exponentcms/exponent-cms/downloads" target="_blank">' . gt('Click here to see available Downloads') . '</a>');
}
}
}
}
function update($values, $object)
{
if ($values['identifier'] == "") {
$post = $_POST;
$post['_formError'] = gt('Identifier is required.');
expSession::set("last_POST", $post);
return null;
}
if ($object == null) {
$object = new dropdowncontrol();
}
$object->identifier = $values['identifier'];
$object->caption = $values['caption'];
$object->default = $values['default'];
$object->items = listbuildercontrol::parseData($values, 'items', true);
$object->size = intval($values['size']) <= 0 ? 1 : intval($values['size']);
$object->required = isset($values['required']);
return $object;
}
# Copyright (c) 2004-2011 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
/** @define "BASE" "../../../../.." */
if (!defined('EXPONENT')) {
exit('');
}
$errors = null;
$continue = URL_FULL . 'index.php?section=' . SITE_DEFAULT_SECTION;
expSession::clearAllUsersSessionCache();
$template = new template('importer', '_eql_results', $loc);
//GREP:UPLOADCHECK
if (!expFile::restoreDatabase($db, $_FILES['file']['tmp_name'], $errors)) {
$template->assign('success', 0);
$template->assign('errors', $errors);
} else {
$template->assign('success', 1);
$template->assign('continue', $continue);
}
$template->output();
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
/** @define "BASE" "../../../../.." */
if (!defined('EXPONENT')) {
exit('');
}
$dest_dir = $_POST['dest_dir'];
$files = array();
foreach (array_keys($_POST['mods']) as $file) {
$files[$file] = expFile::canCreate(BASE . 'files/' . $file);
// if (class_exists($mod)) {
// $files[$mod][0] = call_user_func(array($mod,'name'));
// }
// foreach (array_keys(expFile::listFlat($dest_dir.'/files',1,null,array(),$dest_dir.'/files/')) as $file) {
// $files[$mod][1][$file] = expFile::canCreate(BASE.'files/'.$file);
// }
}
expSession::set('dest_dir', $dest_dir);
expSession::set('files_data', $files);
$template = new template('importer', '_files_verifyFiles');
$template->assign('files_data', $files);
$template->output();
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
//expSession::un_set('installer_config');
expSession::clearAllSessionData();
global $user;
if (isset($_REQUEST['upgrade'])) {
// upgrades hit this
// if (unlink(BASE.'install/not_configured')) {
$leaveinstaller = unlink(BASE . 'install/not_configured') || !file_exists(BASE . 'install/not_configured');
if ($leaveinstaller) {
echo '<h2>' . gt('You\'re all set!') . "</h2>";
echo '<p>' . gt('Take me to your leader') . "</p>";
} else {
echo '<h2>' . gt('Hmmmm....') . "</h2>";
echo '<p>' . gt('We weren\'t able to remove /install/not_configured. Remove this file manually to complete your upgrade.') . "</p>";
}
?>
<p><?php
echo gt('Log back in to start using all your fancy new enhancements!');
static function getUserCart()
{
global $db, $user, $router;
$sessAr = expSession::get('verify_shopper');
// initialize this users cart if they have ecomm installed.
$active = $db->selectValue('modstate', 'active', 'module="storeController"');
if (!expModules::controllerExists('cart') || empty($active)) {
// if ecomm is turned off, no cart.
return null;
} else {
if (isset($router->params['controller']) && $router->params['controller'] == 'order' && ($router->params['action'] == 'verifyReturnShopper' || $router->params['action'] == 'verifyAndRestoreCart' || $router->params['action'] == 'clearCart') && (!isset($sessAr['validated']) || $sessAr['validated'] != true)) {
return new order();
} else {
// if ecomm is turned off, no cart.
//$active = ;
if (empty($active)) {
return null;
}
$order = new order();
//initialize a new order object to use the find function from.
$ticket = expSession::getTicketString();
//get this users session ticket. this is how we track anonymous users.
// grab the origional referrer from the session table so that we can transfer it into the cart where it will be used for reporting purposes
// sessions are temporary so we can't report on the referrer in the session table itsef because it may not be there
// and we can't just get the referrer ar this point becaues the user likely navigated the site a bit and we want the origional referring site
$orig_referrer = $db->selectValue('sessionticket', 'referrer', "`ticket`='" . $ticket . "'");
//see if we have a LIVE and ACTIVE session w/ cart and grab it if so
$sessioncart = $order->find('first', "invoice_id='' AND sessionticket_ticket='" . $ticket . "'");
//check to see if the user is logged in, and if so grab their existing cart
if (!empty($user) && $user->isLoggedIn()) {
$usercart = $order->find('first', "invoice_id='' AND user_id=" . $user->id);
}
//eDebug($sessioncart);
//eDebug($usercart);
//enter here if we have NO ACTIVE SESSION CART -OR- We're awaiting a potential cart retore
if (empty($sessioncart->id) || $sessAr['awaiting_choice'] == true) {
if (empty($usercart->id)) {
// no SESSION cart was found and user is not logged in...
//let's see if they have a cart_id cookie set and we'll snag that if so
//they won't have any user data, since they are "logged in" once they get to
//checkout, so all we're really doing here is populating a cart for return
//shoppers
$cookie_cart_id = isset($_COOKIE['cid']) ? $_COOKIE['cid'] : 0;
//eDebug($cookie_cart_id,true);
if ($cookie_cart_id) {
$tmpCart = new order($cookie_cart_id);
if ($tmpCart->id != $cookie_cart_id) {
//cookie set, but we gots no cart in the DB so act as if we had no cookie
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer, 'return_count' => $cart->setReturnCount($orig_referrer)));
order::setCartCookie($cart);
} else {
$u = new user($tmpCart->user_id);
//1) Was Not logged in
if (empty($tmpCart->user_id)) {
$cart = new order($cookie_cart_id);
//update the session ticket and return count
$cart->update(array('sessionticket_ticket' => $ticket, 'return_count' => $cart->setReturnCount($orig_referrer)));
order::setCartCookie($cart);
flash('message', gt('Welcome back'));
} else {
if (!empty($tmpCart->user_id)) {
//check for is admin first
if ($u->isActingAdmin() || $u->isAdmin()) {
//no need to restore anything.
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
order::setCartCookie($cart);
} else {
if (!empty($tmpCart->user_id) && count($tmpCart->orderitem) == 0) {
//silently copy tracking data from old order and continue on
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer, 'return_count' => $tmpCart->setReturnCount($orig_referrer)));
order::setCartCookie($cart);
flash('message', gt('Welcome back'));
} else {
if (!empty($tmpCart->user_id) && count($tmpCart->orderitem) > 0) {
//3) Was Logged in w/ NON-?real user? account
//eDebug(expUtil::right($u->username,10),true);
if ($u->isTempUser()) {
if (isset($sessAr['validated']) && $sessAr['validated']) {
//already went through validation and we're good to go
$cart = new order($sessAr['cid']);
//update the session ticket and return count
$cart->update(array('sessionticket_ticket' => $ticket, 'return_count' => $cart->mergeReturnCount($sessioncart->return_count), 'orig_referrer' => $sessioncart->orig_referrer));
order::setCartCookie($cart);
expSession::un_set('verify_shopper');
$user = new user($cart->user_id);
expSession::login($user);
//Update the last login timestamp for this user.
$user->updateLastLogin();
flash('message', gt('Welcome back') . ' ' . $sessAr['firstname'] . '! ' . gt('Your shopping cart has been restored - you may continue shopping or') . ' <a href="' . makelink(array("controller" => "cart", "action" => "checkout")) . '">checkout</a> ' . gt('at your convenience.'));
} else {
//send to verification? If user has elected to restore their cart
//eDebug($_SESSION);
if (isset($sessAr['awaiting_choice']) && $sessAr['awaiting_choice'] == true) {
/*expSession::set('verify_shopper',array('au'=>1,'orig_path'=>$router->current_url, 'firstname'=>$u->firstname, 'cid'=>$cookie_cart_id));
redirect_to(array("controller"=>"order",'action'=>'verifyReturnShopper'));
orderController::verifyReturnShopper();*/
//just give em the sessioncart
$cart = $sessioncart;
if (count($cart->orderitem) > 0) {
//added items to current cart, so we'll assume they do not want to restore the previous at this point
expSession::un_set('verify_shopper');
order::setCartCookie($cart);
} else {
flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('We see that you have shopped with us before.') . '<br><br><a id="submit-verify" href="' . makelink(array("controller" => "order", "action" => "verifyReturnShopper")) . '" rel="nofollow">' . gt('Click Here to Restore Your Previous Shopping Cart') . '</a><br><br><a class="exp-ecom-link" href="' . makelink(array("controller" => "order", "action" => "clearCart", "id" => $cookie_cart_id)) . '">' . gt('Click Here To Start a New Shopping Cart') . '</a>');
$sessAr['orig_path'] = $router->current_url;
expSession::set('verify_shopper', $sessAr);
}
} else {
//first time...create a default cart, issue message, set session, rinse, repeat
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'return_count' => $cart->setReturnCount($orig_referrer)));
expSession::set('verify_shopper', array('au' => 1, 'orig_path' => $router->current_url, 'firstname' => $u->firstname, 'cid' => $cookie_cart_id, 'awaiting_choice' => true));
//order::setCartCookie($cart);
flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('We see that you have shopped with us before.') . '<br><br><a id="submit-verify" href="' . makelink(array("controller" => "order", "action" => "verifyReturnShopper")) . '" rel="nofollow">' . gt('Click Here to Restore Your Previous Shopping Cart') . '</a><br><br><a class="exp-ecom-link" href="' . makelink(array("controller" => "order", "action" => "clearCart", "id" => $cookie_cart_id)) . '">' . gt('Click Here To Start a New Shopping Cart') . '</a>');
}
}
} else {
//prompt to login and restore, otherwise reset and start fresh
//this should be all we need to do here
//redirect_to(array("controller"=>"order",'action'=>'verifyReturnShopper','au'=>'0'));
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
order::setCartCookie($cart);
flash('message', gt('Welcome back') . ' ' . $u->firstname . '! ' . gt('If you would like to pick up where you left off, click here to login and your previous shopping cart will be restored.'));
}
}
}
}
}
}
}
} else {
$cart = new order();
$cart->update(array("sessionticket_ticket" => $ticket, 'user_id' => $user->id, 'orig_referrer' => $orig_referrer));
order::setCartCookie($cart);
}
} else {
//user is logged in, so we grab their usercart and update the session ticket only
//$usercart->update(array('sessionticket_ticket'=>$ticket, 'orig_referrer'=>$orig_referrer));
$usercart->update(array('sessionticket_ticket' => $ticket));
$cart = $usercart;
}
//enter here if we HAVE an ACTIVE session/cart, but the user is not logged in
} elseif (!empty($sessioncart->id) && $user->id == 0) {
// the user isn't logged in yet...the session cart will do for now.
$cart = $sessioncart;
// if we hit here we've found a session cart AND a usercart because the user just logged in
// and had both...that means we need to merge them
} elseif (!empty($sessioncart->id) && !empty($usercart->id)) {
// if we hit here we've found a session cart and a usercart...that means we need to merge them
// if it's not the same cart.
if ($sessioncart->id == $usercart->id) {
$cart = $sessioncart;
} else {
// if the old user cart had gone through any of the checkout process before, than we
// will clean that data out now and start fresh.
$usercart->cleanOrderitems();
//merge the current session cart with previously saved user cart.
foreach ($sessioncart->orderitem as $orderitem) {
$orderitem->merge(array('orders_id' => $usercart->id, 'user_id' => $user->id));
}
//if session cart HAS coupon codes, delete usercart codes and copy new code to usercart, else leave be
if (count($sessioncart->getOrderDiscounts())) {
foreach ($usercart->getOrderDiscounts() as $od) {
$od->delete();
}
foreach ($sessioncart->getOrderDiscounts() as $sod) {
$sod->orders_id = $usercart->id;
$sod->save();
}
}
$cart = new order($usercart->id);
$sessioncart->delete();
}
order::setCartCookie($cart);
expSession::un_set('verify_shopper');
// the user doesn't have a cart with his/her user id in it. this probably means they just
// logged in so we need to update the cart with the new user id information.
} elseif (!empty($sessioncart->id) && (empty($usercart->id) && $user->isLoggedIn())) {
//$sessioncart->update(array('user_id'=>$user->id, 'orig_referrer'=>$orig_referrer));
$sessioncart->update(array('user_id' => $user->id));
$cart = $sessioncart;
}
$cart->item_count = 0;
foreach ($cart->orderitem as $items) {
if ($items->product->requiresShipping && !$items->product->no_shipping) {
$cart->shipping_required = true;
}
if ($items->product->requiresBilling) {
$cart->billing_required = true;
}
$cart->item_count += $items->quantity;
}
$cart->lastcat = expSession::get('last_ecomm_category');
$cart->total = $cart->getCartTotal();
//eDebug($cart,true);
return $cart;
}
}
}
/** exdoc
* Calls the necessary methods to show a specific module
*
* @param string $module The classname of the module to display
* @param string $view The name of the view to display the module with
* @param string $title The title of the module (support is view-dependent)
* @param string $source The source of the module.
* @param bool $pickable Whether or not the module is pickable in the Source Picker.
* @param null $section
* @param bool $hide_menu
* @param array $params
* @return
* @node Subsystems:Theme
*/
public static function showModule($module, $view = "Default", $title = "", $source = null, $pickable = false, $section = null, $hide_menu = false, $params = array())
{
if (!AUTHORIZED_SECTION && $module != 'navigationmodule' && $module != 'loginController') {
return;
}
global $db, $sectionObj, $module_scope;
// Ensure that we have a section
//FJD - changed to $sectionObj
if ($sectionObj == null) {
$section_id = expSession::get('last_section');
if ($section_id == null) {
$section_id = SITE_DEFAULT_SECTION;
}
$sectionObj = $db->selectObject('section', 'id=' . $section_id);
//$section->id = $section_id;
}
if ($module == "loginController" && defined('PREVIEW_READONLY') && PREVIEW_READONLY == 1) {
return;
}
// if (expSession::is_set("themeopt_override")) {
// $config = expSession::get("themeopt_override");
// if (in_array($module,$config['ignore_mods'])) return;
// }
$loc = expCore::makeLocation($module, $source . "");
if (empty($module_scope[$source][$module]->scope)) {
$module_scope[$source][$module]->scope = 'global';
}
// make sure we've added this module to the sectionref table
if ($db->selectObject("sectionref", "module='{$module}' AND source='" . $loc->src . "'") == null) {
$secref = null;
$secref->module = $module;
$secref->source = $loc->src;
$secref->internal = "";
$secref->refcount = 1000;
if ($sectionObj != null) {
$secref->section = $sectionObj->id;
}
$secref->is_original = 1;
$db->insertObject($secref, 'sectionref');
}
$iscontroller = expModules::controllerExists($module);
if (defined('SELECTOR') && call_user_func(array($module, "hasSources"))) {
containermodule::wrapOutput($module, $view, $loc, $title);
} else {
if (is_callable(array($module, "show")) || $iscontroller) {
// FIXME: we are checking here for a new MVC style controller or an old school module. We only need to perform
// this check until we get the old modules all gone...until then we have the check and a lot of code duplication
// in the if blocks below...oh well, that's life.
if (!$iscontroller) {
if (!$hide_menu && $loc->mod != "containermodule" && (call_user_func(array($module, "hasSources")) || $db->tableExists($loc->mod . "_config"))) {
$container->permissions = array('administrate' => expPermissions::check('administrate', $loc) ? 1 : 0, 'configure' => expPermissions::check('configure', $loc) ? 1 : 0);
if ($container->permissions['administrate'] || $container->permissions['configure']) {
$container->randomizer = mt_rand(1, ceil(microtime(1)));
$container->view = $view;
$container->info['class'] = $loc->mod;
$container->info['module'] = call_user_func(array($module, "name"));
$container->info['source'] = $loc->src;
$container->info['hasConfig'] = $db->tableExists($loc->mod . "_config");
$template = new template('containermodule', '_hardcoded_module_menu', $loc);
$template->assign('container', $container);
$template->output();
}
}
} else {
// if we hit here we're dealing with a controller...not a module
if (!$hide_menu) {
$controller = expModules::getController($module);
$container->permissions = array('administrate' => expPermissions::check('administrate', $loc) ? 1 : 0, 'configure' => expPermissions::check('configure', $loc) ? 1 : 0);
if ($container->permissions['administrate'] || $container->permissions['configure']) {
$container->randomizer = mt_rand(1, ceil(microtime(1)));
$container->view = $view;
$container->action = $params['action'];
$container->info['class'] = $loc->mod;
$container->info['module'] = $controller->displayname();
$container->info['source'] = $loc->src;
$container->info['hasConfig'] = true;
$template = new template('containermodule', '_hardcoded_module_menu', $loc);
$template->assign('container', $container);
$template->output();
}
}
}
if ($iscontroller) {
$params['src'] = $loc->src;
$params['controller'] = $module;
$params['view'] = $view;
$params['moduletitle'] = $title;
if (empty($params['action'])) {
$params['action'] = $view;
}
renderAction($params);
} else {
call_user_func(array($module, "show"), $view, $loc, $title);
}
} else {
echo sprintf(gt('The module "%s" was not found in the system.'), $module);
}
}
}
}
// PERM CHECK
$source_select = array();
$module = "containermodule";
$view = "_sourcePicker";
$clickable_mods = null;
// Show all
$dest = null;
if (expSession::is_set("source_select") && defined('SOURCE_SELECTOR')) {
$source_select = expSession::get("source_select");
$view = $source_select["view"];
$module = $source_select["module"];
$clickable_mods = $source_select["showmodules"];
$dest = $source_select['dest'];
}
expSession::clearAllUsersSessionCache('containermodule');
$orphans = array();
foreach ($db->selectObjects("sectionref", "module='" . preg_replace('/[^A-Za-z0-9_]/', '', $_GET['module']) . "' AND refcount=0") as $orphan) {
$obj = null;
$loc = expCore::makeLocation($orphan->module, $orphan->source, $orphan->internal);
if (class_exists($orphan->module)) {
$modclass = $orphan->module;
$mod = new $modclass();
if (class_exists($modclass)) {
ob_start();
if (expModules::controllerExists($modclass)) {
renderAction(array('controller' => $modclass, 'action' => 'showall', 'src' => $orphan->source));
} else {
$mod->show("Default", $loc);
}
$obj->output = ob_get_contents();
function update($values, $object)
{
if ($object == null) {
$object = new texteditorcontrol();
}
if ($values['identifier'] == "") {
$post = $_POST;
$post['_formError'] = gt('Identifier is required.');
expSession::set("last_POST", $post);
return null;
}
$object->identifier = $values['identifier'];
$object->caption = $values['caption'];
$object->default = $values['default'];
$object->rows = intval($values['rows']);
$object->cols = intval($values['cols']);
$object->maxchars = intval($values['maxchars']);
$object->required = isset($values['required']);
return $object;
}
if (empty($from)) {
$from = trim(SMTP_FROMADDRESS);
}
if (empty($from_name)) {
$from_name = trim(ORGANIZATION_NAME);
}
$headers = array("MIME-Version" => "1.0", "Content-type" => "text/html; charset=" . LANG_CHARSET);
if (count($emaillist)) {
//This is an easy way to remove duplicates
$emaillist = array_flip(array_flip($emaillist));
$emaillist = array_map('trim', $emaillist);
$mail = new expMail();
$mail->quickSend(array('headers' => $headers, 'html_message' => $emailHtml, "text_message" => $emailText, 'to' => $emaillist, 'from' => array(trim($from) => $from_name), 'subject' => $f->subject));
}
}
// clear the users post data from the session.
expSession::un_set('formmodule_data_' . $f->id);
//If is a new post show response, otherwise redirect to the flow.
if (!isset($_POST['data_id'])) {
$template = new template("formbuilder", "_view_response");
$template->assign("backlink", expHistory::getLastNotEditable());
$template->assign("response_html", $f->response);
$template->output();
} else {
flash('message', gt('Record was updated!'));
// expHistory::back();
expHistory::returnTo('editable');
}
} else {
echo SITE_403_HTML;
}
/**
* @param $file
* @return mixed
*/
public static function uploadSuccessful($file)
{
global $db;
if (is_object($file)) {
return $db->insertObject($file, 'file');
} else {
$post = $_POST;
$post['_formError'] = $file;
flash('error', $file);
expSession::set('last_POST', $post);
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
}
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
global $router;
$container = $db->selectObject('container', 'id=' . intval($_REQUEST['id']));
//eDebug($container);
$module_loc = unserialize($container->internal);
$clipboard_object->module = $module_loc->mod;
$clipboard_object->source = $module_loc->src;
$clipboard_object->internal = $module_loc->int;
$clipboard_object->title = $container->title;
$clipboard_object->view = $container->view;
$clipboard_object->copied_from = $db->selectValue('section', 'name', 'id=' . expSession::get('last_section'));
$clipboard_object->section_id = expSession::get('last_section');
$clipboard_object->operation = $_REQUEST['op'];
$clipboard_object->description = $db->selectValue('sectionref', 'description', 'module="' . $clipboard_object->module . '" AND source="' . $clipboard_object->source . '"');
$clipboard_object->refcount = $db->selectValue('sectionref', 'refcount', 'module="' . $clipboard_object->module . '" AND source="' . $clipboard_object->source . '"');
//eDebug($clipboard_object);
$db->insertObject($clipboard_object, 'clipboard');
flash('message', gt('Module copied to clipboard'));
expHistory::back();
$section->sef_name = $router->encode($section->name);
}
if (!section::isValidName($section->sef_name)) {
expValidator::failAndReturnToForm('You have invalid characters in the SEF Name field.');
}
if (section::isDuplicateName($section)) {
expValidator::failAndReturnToForm(gt('The name specified in the SEF Name field is a duplicate of an existing page.'));
}
if (isset($section->id)) {
if ($section->parent != $old_parent) {
// Old_parent id was different than the new parent id. Need to decrement the ranks
// of the old children (after ours), and then add
$section = section::changeParent($section, $old_parent, $section->parent);
}
// Existing section. Update the database record.
// The 'id=x' where clause is implicit with an updateObject
$db->updateObject($section, 'section');
} else {
// Since this is new, we need to increment ranks, in case the user
// added it in the middle of the level.
$db->increment('section', 'rank', 1, 'rank >= ' . $section->rank . ' AND parent=' . $section->parent);
// New section. Insert a new database record.
$section->id = $db->insertObject($section, 'section');
}
expSession::clearAllUsersSessionCache('navigationmodule');
navigationmodule::checkForSectionalAdmins($section->id);
// Go back to where we came from. Probably the navigation manager.
expHistory::back();
} else {
echo SITE_403_HTML;
}
<?php
##################################################
#
# Copyright (c) 2004-2011 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
/** @define "BASE" "." */
// Initialize the Exponent Framework
require_once 'exponent.php';
//Fire off the login form via an exponent action.
expSession::set('redirecturl', expHistory::getLastNotEditable());
redirect_to(array("controller" => "login", "action" => "showlogin"));
static function wrapOutput($modclass, $view, $loc = null, $title = '')
{
global $db;
if (defined('SOURCE_SELECTOR') && strtolower($modclass) != 'containermodule') {
$container = null;
$mod = new $modclass();
ob_start();
if (expModules::controllerExists($modclass)) {
$action = $db->selectValue('container', 'action', "internal='" . serialize($loc) . "'");
renderAction(array('controller' => $modclass, 'action' => $action, 'view' => $view));
} else {
$mod->show($view, $loc, $title);
}
$container->output = ob_get_contents();
ob_end_clean();
$source_select = expSession::get('source_select');
$c_view = $source_select['view'];
$c_module = $source_select['module'];
$clickable_mods = $source_select['showmodules'];
if (!is_array($clickable_mods)) {
$clickable_mods = null;
}
$dest = $source_select['dest'];
$template = new template($c_module, $c_view, $loc);
if ($dest) {
$template->assign('dest', $dest);
}
$container->info = array('module' => $mod->name(), 'source' => $loc->src, 'hasContent' => $mod->hasContent(), 'hasSources' => $mod->hasSources(), 'hasViews' => $mod->hasViews(), 'class' => $modclass, 'clickable' => $clickable_mods == null || in_array($modclass, $clickable_mods));
$template->assign('container', $container);
$template->output();
} else {
call_user_func(array($modclass, 'show'), $view, $loc, $title);
}
}
function showallSubcategories()
{
global $db;
expHistory::set('viewable', $this->params);
$parent = isset($_REQUEST['cat']) ? $_REQUEST['cat'] : expSession::get('last_ecomm_category');
$category = new storeCategory($parent);
$categories = $category->getEcomSubcategories();
$ancestors = $category->pathToNode();
assign_to_template(array('categories' => $categories, 'ancestors' => $ancestors, 'category' => $category));
}
public function customerSignup()
{
expSession::set('customer-signup', true);
redirect_to(array('controller' => 'cart', 'action' => 'checkout'));
}
function afterValidationOnCreate()
{
global $user, $db;
//check if user is logged in. If so, then we won't have the password and capture fields
//eDebug($_POST,true);
if (!$user->isLoggedIn()) {
//user is not logged in, so we assume they are creating their first address
//we'll check to see if they have elected to 'remember me' and if so, check the username and passwords.
//if not, then we just check the captha and create an account manually
$password = $_POST['password'];
if (isset($_POST['remember_me']) && $_POST['remember_me'] == true) {
$user->username = $_POST['email'];
$validateUser = $user->setPassword($password, $_POST['password2']);
if (!is_bool($validateUser)) {
expValidator::failAndReturnToForm($validateUser, $_POST);
}
} else {
$user->username = $_POST['email'] . time();
//make a unique username
$password = md5(time() . rand(50, 00));
//generate random password
$user->setPassword($password, $password);
}
//expValidator::check_antispam($_POST, "Your anti-spam verification failed. Please try again.");
//if we've come this far, we're good to create the new user account
$user->email = $_POST['email'];
$user->firstname = $_POST['firstname'];
$user->lastname = $_POST['lastname'];
//eDebug($_POST);
//eDebug($user);
$checkUser = $db->selectObject('user', 'username="******"');
if (isset($checkUser->id)) {
expValidator::failAndReturnToForm(gt("The email address you entered already exists as a user. If you have lost your password, you may reset it here:") . " <a href='/users/reset_password'>Reset Password</a>.", $_POST);
}
$user->is_system_user = false;
$user->save(true);
$user->login($user->username, $password);
$this->user_id = $user->id;
$this->is_default = true;
//eDebug($user,true);
//$user-> = $_POST['first_name'];
//eDebug($this,true);
//set this back since we now have a logged in user and we don't want things going goofy if they logout and log back in and such
expSession::un_set("ALLOW_ANONYMOUS_CHECKOUT");
}
}
