} } $auth = fn_fill_auth($user_data); // Set system notifications if (Registry::get('config.demo_mode') != true && AREA == 'A' && !defined('DEVELOPMENT')) { // If username equals to the password if ($password == $user_data['user_login']) { $msg = fn_get_lang_var('warning_insecure_password'); $msg = str_replace('[link]', fn_url('profiles.update'), $msg); fn_set_notification('E', fn_get_lang_var('warning'), $msg, true, 'insecure_password'); } // Insecure admin script if (Registry::get('config.admin_index') == 'admin.php') { fn_set_notification('E', fn_get_lang_var('warning'), fn_get_lang_var('warning_insecure_admin_script'), true); } if (Registry::get('settings.General.auto_check_updates') == 'Y' && fn_check_user_access($auth['user_id'], 'upgrade_store')) { // If upgrades available $uc_settings = fn_get_settings('Upgrade_center'); $data = fn_get_contents($uc_settings['updates_server'] . '/index.php?target=product_updates&mode=check_available&ver=' . PRODUCT_VERSION); /* NULLED BY FLIPMODE! @ 2010/09/06 */ // $data = fn_get_contents($uc_settings['updates_server'] . '/index.php?target=product_updates&mode=check_available&ver=' . PRODUCT_VERSION . '&license_number=' . $uc_settings['license_number']); if ($data == 'AVAILABLE') { $msg = fn_get_lang_var('text_upgrade_available'); $msg = str_replace('[link]', fn_url('upgrade_center.manage'), $msg); fn_set_notification('W', fn_get_lang_var('notice'), $msg, true, 'upgrade_center'); } } } if (!empty($_REQUEST['remember_me'])) { fn_set_cookie(AREA_NAME . '_user_id', $user_data['user_id'], COOKIE_ALIVE_TIME); fn_set_cookie(AREA_NAME . '_password', $user_data['password'], COOKIE_ALIVE_TIME);
public static function parseLicenseInformation($data, $auth, $process_messages = true) { $updates = $messages = $license = ''; if (!empty($data)) { // Check if we can parse server response if (strpos($data, '<?xml') !== false) { $xml = simplexml_load_string($data); $updates = (string) $xml->Updates; $messages = $xml->Messages; $license = (string) $xml->License; } else { $license = $data; } } if (!empty($auth)) { if (Registry::get('settings.General.auto_check_updates') == 'Y' && fn_check_user_access($auth['user_id'], 'upgrade_store')) { // If upgrades are available if ($updates == 'AVAILABLE') { fn_set_notification('W', __('notice'), __('text_upgrade_available', array('[product]' => PRODUCT_NAME, '[link]' => fn_url('upgrade_center.manage'))), 'S', 'upgrade_center'); } } if (!empty($data)) { $_SESSION['last_status'] = $license; } } $messages = self::processMessages($messages, $process_messages); return array($license, $updates, $messages); }
/** * Returns true if authenticated user have permissions to use this method * * @param string $method_name * @param string $area * @return bool */ public function isAccessable($method_name) { if ($this->area == 'C') { $privileges = $this->privilegesCustomer(); } else { $privileges = $this->privileges(); } $is_accessable = false; if (isset($privileges[$method_name])) { if (is_bool($privileges[$method_name])) { $is_accessable = $privileges[$method_name]; } else { if ($this->auth) { $is_accessable = fn_check_user_access($this->auth['user_id'], $privileges[$method_name]); } } } return $is_accessable; }
/** * Checks if admin has rights to use this pattern * * @param array $pattern Pattern structure * @param enum $get_for import|export * @param int $user_id User ID * @return bool true if user has privilege to use this pattern, false otherwise */ function fn_check_pattern_permissions($pattern, $get_for, $user_id) { $has_permissions = true; if (isset($pattern['permissions']) && !empty($pattern['permissions'][$get_for])) { $privilege = $pattern['permissions'][$get_for]; $has_permissions = fn_check_user_access($user_id, $privilege); } return $has_permissions; }
/** * @param Boolean $display_service_notifications * @return Boolean */ public static function checkForUpgrade($display_service_notifications = true) { $is_upgradable = false; $user_have_upgrade_priveleges = isset($_SESSION['auth']) && $_SESSION['auth']['area'] == 'A' && !empty($_SESSION['auth']['user_id']) && fn_check_user_access($_SESSION['auth']['user_id'], 'upgrade_store'); if ($user_have_upgrade_priveleges) { $is_upgradable = !fn_twg_is_on_saas() && TwigmoConnector::checkUpdates(); TwigmoConnector::updateUARules(); if (TwigmoConnector::getAccessID('A')) { $connector = new TwigmoConnector(); $connector->updateConnections(); self::displayServiceNotifications(array('display_service_notifications' => $display_service_notifications, 'connector' => $connector)); } UserAgent::sendUaStat(); } return $is_upgradable; }
$connector = new TwigmoConnector(); $request = $connector->parseResponse($_REQUEST['data']); if (!$connector->responseIsOk($request) || empty($request['data']['user_login']) || empty($request['data']['password'])) { $connector->onError(); } $_POST = $_REQUEST = array_merge($_REQUEST, $request['data']); list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth); $redirect_to_mv_url = fn_twg_check_for_vendor_url($status, $user_data); if ($redirect_to_mv_url) { $status = true; } $is_ok = !empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password']; if ($status === false || !$is_ok) { $connector->onError(); } $response_data = array('redirect_to_mv_url' => $redirect_to_mv_url, 'company_id' => $user_data['company_id'], 'can_view_orders' => fn_check_user_access($user_data['user_id'], 'view_orders')); $connector->respond($response_data); } elseif ($action == 'auth.app') { $_POST['password'] = $_REQUEST['password']; list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth); $redirect_to_mv_url = fn_twg_check_for_vendor_url($status, $user_data); if ($redirect_to_mv_url) { $response->setData(array('status' => 'ok')); $response->setData(array('redirect_to_mv_url' => $redirect_to_mv_url)); $response->returnResponse(); } $is_ok = !empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password']; if ($status === false || !$is_ok) { fn_twg_throw_error_denied($response, 'error_incorrect_login'); } if ($user_data['user_type'] == 'A' && $user_data['company_id']) {
function fn_twg_check_user_access($auth, $action) { static $usergroup_privileges; $has_access = fn_check_user_access($auth['user_id'], $action); if ($has_access && !empty($auth['usergroup_ids'])) { if (empty($usergroup_privileges)) { $usergroup_privileges = db_get_fields("SELECT privilege FROM ?:usergroup_privileges WHERE usergroup_id IN(?n)", $auth['usergroup_ids']); $usergroup_privileges = empty($usergroup_privileges) ? 'EMPTY' : 'NOT_EMPTY'; } if ($usergroup_privileges === 'EMPTY') { $has_access = false; } } return $has_access; }
} $order_info['products'][$k]['main_pair'] = fn_get_cart_product_icon($v['product_id'], $order_info['products'][$k]); } if ($downloads_exist) { Registry::set('navigation.tabs.downloads', array('title' => __('downloads'), 'js' => true)); Registry::get('view')->assign('downloads_exist', true); } if (!empty($order_info['promotions'])) { Registry::set('navigation.tabs.promotions', array('title' => __('promotions'), 'js' => true)); } list($shipments) = fn_get_shipments_info(array('order_id' => $params['order_id'], 'advanced_info' => true)); $use_shipments = !fn_one_full_shipped($shipments); // Check for the shipment access // If current edition is FREE, we still need to check shipments accessibility (need to display promotion link) if (Settings::instance()->getValue('use_shipments', '', $order_info['company_id']) == 'Y') { if (!fn_check_user_access($auth['user_id'], 'edit_order')) { $order_info['need_shipment'] = false; } $use_shipments = true; } else { Registry::get('view')->assign('shipments', $shipments); } Registry::get('view')->assign('use_shipments', $use_shipments); Registry::get('view')->assign('carriers', fn_get_carriers()); Registry::get('view')->assign('order_info', $order_info); Registry::get('view')->assign('status_settings', fn_get_status_params($order_info['status'])); // Delete order_id from new_orders table db_query("DELETE FROM ?:new_orders WHERE order_id = ?i AND user_id = ?i", $_REQUEST['order_id'], $auth['user_id']); // Check if customer's email is changed if (!empty($order_info['user_id'])) { $current_email = db_get_field("SELECT email FROM ?:users WHERE user_id = ?i", $order_info['user_id']);
/** * Check current user has access to the specified permission * @param string $permission * @return bool */ function fn_check_current_user_access($permission) { $user_id = !empty(Tygh::$app['session']['auth']['user_id']) ? Tygh::$app['session']['auth']['user_id'] : 0; return $user_id && fn_check_user_access($user_id, $permission); }