<?php
//logout
if (isset($_REQUEST['logout'])) {
unset($_SESSION['log']);
unset($_SESSION['pass']);
session_unregister('log');
session_unregister('pass');
cartClearCartContet();
RedirectJavaScript('/');
}
//login
if (isset($_POST["login"]) && !isset($_SESSION["log"])) {
if (regAuthenticate($_POST["user_login"], $_POST["user_pw"])) {
$relaccess = checklogin();
if (isset($_POST['check_order'])) {
$cartIsEmpty = cartCartIsEmpty($_POST['user_login']);
if ($cartIsEmpty) {
Redirect('index.php?order2_shipping=yes&shippingAddressID=' . regGetDefaultAddressIDByLogin($_SESSION['log']));
} else {
Redirect('index.php?shopping_cart=yes&make_more_exact_cart_content=yes');
}
} else {
if (in_array(100, $relaccess)) {
Redirect(ADMIN_FILE);
} else {
Redirect("index.php?user_details=yes");
}
}
} else {
$wrongLoginOrPw = true;
$registerResult = regRegisterCustomer($login, $cust_password, $Email, $first_name, $last_name, $subscribed4news, $additional_field_values, $affiliationLogin);
if ($registerResult) {
if (isset($order)) {
$addressID = regAddAddress($receiver_first_name, $receiver_last_name, $countryID, $zoneID, $state, $city, $address, $login, $errorCode);
$billingAddressID = $addressID;
if (!isset($_POST["billing_address_check"])) {
$billingAddressID = regAddAddress($payer_first_name, $payer_last_name, $billingCountryID, $billingZoneID, $billingState, $billingCity, $billingAddress, $login, $errorCode);
}
regSetDefaultAddressIDByLogin($login, $addressID);
} else {
$addressID = regAddAddress($first_name, $last_name, $countryID, $zoneID, $state, $city, $address, $login, $errorCode);
regSetDefaultAddressIDByLogin($login, $addressID);
}
regEmailNotification($smarty_mail, $login, $cust_password, $Email, $first_name, $last_name, $subscribed4news, $additional_field_values, $countryID, $zoneID, $state, $city, $address, 0);
if (!CONF_ENABLE_REGCONFIRMATION) {
regAuthenticate($login, $cust_password);
}
$RedirectURL = '';
if (isset($order)) {
if (isset($billingAddressID)) {
$RedirectURL = "index.php?order2_shipping=yes&shippingAddressID=" . regGetDefaultAddressIDByLogin($login) . "&defaultBillingAddressID=" . $billingAddressID;
} else {
$RedirectURL = "index.php?order2_shipping=yes&shippingAddressID=" . regGetDefaultAddressIDByLogin($login);
}
} elseif (isset($order_without_billing_address)) {
$RedirectURL = "index.php?order2_shipping=yes&shippingAddressID=" . regGetDefaultAddressIDByLogin($login);
} else {
$RedirectURL = "index.php?r_successful=yes";
}
if (CONF_ENABLE_REGCONFIRMATION && (isset($order) || isset($order_without_billing_address))) {
xSaveData('xREGMAILCONF_URLORDER2', $RedirectURL);
} else {
if ($param_value[0] == "order_time") {
$order_time = base64_decode($param_value[1]);
}
}
}
}
}
}
}
if (isset($_POST["remind_password"])) {
regSendPasswordToUser($_POST["login_to_remind_password"], $smarty_mail);
}
$authenticateError = false;
if (isset($_POST["submitLoginAndPassword"])) {
$authenticateError = !regAuthenticate($_POST["login"], $_POST["password"]);
}
//authorized login check
$relaccess = checklogin();
if (!isset($customerID)) {
$customerID = 0;
}
if (!isset($_SESSION["log"]) && $customerID != -1) {
//unauthorized
?>
<form name='MainForm' method=POST>
<table>
<?php
if ($authenticateError) {
?>
<tr>
<?php
if (isset($_GET['act_customer']) && CONF_ENABLE_REGCONFIRMATION) {
$ActErr = false;
if (isset($_GET['act_code'])) {
if ($_GET['act_code']) {
$sql = 'SELECT customerID, Login, cust_password FROM ' . CUSTOMERS_TABLE . '
WHERE ActivationCode="' . xEscapeSQLstring($_GET['act_code']) . '"
AND ActivationCode!="" AND ActivationCode IS NOT NULL';
$Result = db_query($sql);
$Customer = db_fetch_row($Result);
if (isset($Customer['Login']) && $Customer['Login']) {
regActivateCustomer($Customer['customerID']);
regAuthenticate($Customer['Login'], cryptPasswordDeCrypt($Customer['cust_password'], null));
if (isset($_GET['order2']) && xDataExists('xREGMAILCONF_URLORDER2')) {
Redirect(xPopData('xREGMAILCONF_URLORDER2'));
} else {
Redirect(set_query('&act_code=&act_ok=1'));
}
} else {
$smarty->hassign('ActCode', $_GET['act_code']);
$ActErr = true;
}
} else {
$ActErr = true;
}
}
if (isset($_GET['act_ok'])) {
$smarty->assign('ActOk', 1);
}
if (isset($_GET['notact'])) {
define("CURRENCY_WSHOW", $all_currencies[$current_currency]['where2show']);
//$selected_currency_details = $all_currencies[$current_currency];
if (isset($_GET["do"])) {
if (in_array($_GET["do"], array("invoice", "invoice_jur", "invoice_phys", "configurator", "wishcat", "wishlist", "wishprod", "get_file"))) {
include "core/includes/processor/" . $_GET["do"] . ".php";
} else {
header("HTTP/1.0 404 Not Found");
header("HTTP/1.1 404 Not Found");
header("Status: 404 Not Found");
die(ERROR_404_HTML);
}
} else {
$relaccess = checklogin();
if (CONF_BACKEND_SAFEMODE != 1 && (!isset($_SESSION["log"]) || !in_array(100, $relaccess))) {
if (isset($_POST['user_login']) && isset($_POST['user_pw'])) {
if (regAuthenticate($_POST['user_login'], $_POST['user_pw'])) {
Redirect(set_query('&__tt='));
}
die(ERROR_FORBIDDEN);
}
die(ERROR_FORBIDDEN);
}
$eaction = isset($_REQUEST['eaction']) ? $_REQUEST['eaction'] : '';
switch ($eaction) {
case 'cat':
if (isset($_SESSION["log"])) {
$admintempname = $_SESSION["log"];
}
//get new orders count
$q = db_query("select count(*) from " . ORDERS_TABLE . " WHERE statusID=" . (int) CONF_NEW_ORDER_STATUS);
$n = db_fetch_row($q);
