$password_confirmation = olc_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = olc_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . APOS);
$check_customer = olc_db_fetch_array($check_customer_query);
if (olc_validate_password($password_current, $check_customer['customers_password'])) {
olc_db_query(SQL_UPDATE . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . APOS);
olc_db_query(SQL_UPDATE . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . APOS);
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
olc_redirect(olc_href_link(FILENAME_ACCOUNT));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, olc_href_link(FILENAME_ACCOUNT));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, olc_href_link(FILENAME_ACCOUNT_PASSWORD));
require DIR_WS_INCLUDES . 'header.php';
if ($messageStack->size('account_password') > 0) {
$smarty->assign('error', $messageStack->output('account_password'));
require_once DIR_FS_INC . 'olc_image_button.inc.php';
require_once DIR_FS_INC . 'olc_validate_password.inc.php';
if (isset($_SESSION['affiliate_id'])) {
olc_redirect(olc_href_link(FILENAME_AFFILIATE_SUMMARY, '', SSL));
}
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$affiliate_username = olc_db_prepare_input($_POST['affiliate_username']);
$affiliate_password = olc_db_prepare_input($_POST['affiliate_password']);
// Check if username exists
$check_affiliate_query = olc_db_query("select affiliate_id, affiliate_firstname, affiliate_password, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . olc_db_input($affiliate_username) . APOS);
if (!olc_db_num_rows($check_affiliate_query)) {
$_GET['login'] = '******';
} else {
$check_affiliate = olc_db_fetch_array($check_affiliate_query);
// Check that password is good
if (!olc_validate_password($affiliate_password, $check_affiliate['affiliate_password'])) {
$_GET['login'] = '******';
} else {
$_SESSION['affiliate_id'] = $check_affiliate['affiliate_id'];
$date_now = date('Ymd');
olc_db_query(SQL_UPDATE . TABLE_AFFILIATE . " set affiliate_date_of_last_logon = now(), affiliate_number_of_logons = affiliate_number_of_logons + 1 where affiliate_id = '" . $_SESSION['affiliate_id'] . APOS);
olc_redirect(olc_href_link(FILENAME_AFFILIATE_SUMMARY, '', SSL));
}
}
}
$breadcrumb->add(NAVBAR_TITLE, olc_href_link(FILENAME_AFFILIATE, '', SSL));
require DIR_WS_INCLUDES . 'header.php';
if (isset($_GET['login']) && $_GET['login'] == 'fail') {
$info_message = TRUE_STRING_S;
} else {
$info_message = FALSE_STRING_S;
olc_php_mail(EMAIL_SUPPORT_ADDRESS, EMAIL_SUPPORT_NAME, $email, EMPTY_STRING, EMPTY_STRING, EMAIL_SUPPORT_REPLY_ADDRESS, EMAIL_SUPPORT_REPLY_ADDRESS_NAME, EMPTY_STRING, EMPTY_STRING, TEXT_EMAIL_SUBJECT, $html_mail, $txt_mail, $customers_email_type);
}
} else {
$info_message = TEXT_WRONG_CODE;
}
} else {
$activate = $action == 'activate';
$remove = $action == 'remove';
$sql_where .= " and mail_key = '" . $key . APOS;
$sql_from = SQL_FROM . TABLE_NEWSLETTER_RECIPIENTS . $sql_where;
if ($activate || $remove) {
$key = olc_db_input($_GET['key']);
$check_mail_query = olc_db_query($sql_select . $sql_from);
if (olc_db_num_rows($check_mail_query)) {
$check_mail = olc_db_fetch_array($check_mail_query);
$valid_entry = olc_validate_password($check_mail['customers_email_address'], $key);
// Accountaktivierung per Emaillink
if ($activate) {
if ($valid_entry) {
olc_db_query(SQL_UPDATE . TABLE_NEWSLETTER_RECIPIENTS . " set mail_status = '1'" . $sql_where);
$info_message = TEXT_EMAIL_ACTIVE;
} else {
$info_message = TEXT_EMAIL_ACTIVE_ERROR;
}
} else {
$info_message = TEXT_EMAIL_DEL;
if ($valid_entry) {
olc_db_query("delete" . $sql_from);
} elseif (!$force) {
$info_message = TEXT_EMAIL_DEL_ERROR;
}
//W. Kaiser - AJAX
if (olc_db_num_rows($check_customer_query) > 0) {
//W. Kaiser - AJAX
// include needed functions
require_once DIR_FS_INC . 'olc_array_to_string.inc.php';
//W. Kaiser - AJAX
$check_customer = olc_db_fetch_array($check_customer_query);
// Check that password is good
$password_stored = $check_customer['customers_password'];
$is_auction = $_GET['auction'];
if ($is_auction) {
require_once DIR_FS_INC . 'olc_validate_password_enc.inc.php';
$password_ok = olc_validate_password_enc($password, $password_stored);
} else {
require_once DIR_FS_INC . 'olc_validate_password.inc.php';
$password_ok = olc_validate_password($password, $password_stored);
}
if ($password_ok) {
/*
if (SESSION_RECREATE == TRUE_STRING_L)
{
olc_session_recreate();
}
*/
$check_country_query = olc_db_query(SELECT . "entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . $check_customer['customers_default_address_id'] . APOS);
$check_country = olc_db_fetch_array($check_country_query);
$_SESSION['customer_gender'] = $check_customer['customers_gender'];
$_SESSION['customer_last_name'] = $check_customer['customers_lastname'];
$_SESSION['customer_id'] = $check_customer['customers_id'];
$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
//Check if user is allowed to work
$RemoteAdress = getenv('REMOTE_ADDR');
$valid = true;
if (EXCLUDE_ADMIN_IP_FOR_MAINTENANCE == $RemoteAdress) {
// ADMIN_IP --> Allow working
} elseif ($allowmaintenance == ADMIN_PASSWORD_FOR_MAINTENANCE) {
// "allowmaintenance"-password --> Allow working
} else {
if ($allowmaintenance) {
//Check password vs. admin-password
$check_customer_query = "select customers_password from " . TABLE_CUSTOMERS . " where customers_id = 1";
$check_customer_query = olc_db_query($check_customer_query);
if (olc_db_num_rows($check_customer_query)) {
$check_customer = olc_db_fetch_array($check_customer_query);
require_once DIR_FS_INC . 'olc_validate_password.inc.php';
$valid = olc_validate_password($allowmaintenance, $check_customer['customers_password']);
}
} else {
$valid = false;
}
}
if ($valid) {
// "allowmaintenance"-password --> Allow working
$_SESSION[$allowmaintenance_text] = true;
} else {
require_once DIR_FS_INC . 'olc_href_link.inc.php';
olc_redirect(olc_href_link(ADMIN_PATH_PREFIX . FILENAME_DOWN_FOR_MAINTENANCE, 'pop_up=true', NONSSL, false, false, false));
}
}
} elseif (WARN_BEFORE_DOWN_FOR_MAINTENANCE == TRUE_STRING_S) {
$ErrorMessage = TEXT_BEFORE_DOWN_FOR_MAINTENANCE;
