} else {
function randomize()
{
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double) microtime() * 1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$makePassword = randomize();
$sql_data_array = array('admin_groups_id' => smn_db_prepare_input($_POST['admin_groups_id']), 'admin_firstname' => smn_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => smn_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => smn_db_prepare_input($_POST['admin_email_address']), 'admin_password' => smn_encrypt_password($makePassword), 'admin_created' => 'now()');
smn_db_perform(TABLE_ADMIN, $sql_data_array);
$admin_id = smn_db_insert_id();
smn_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
smn_redirect(smn_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&mID=' . $admin_id));
}
break;
case 'member_edit':
$admin_id = smn_db_prepare_input($_POST['admin_id']);
$hiddenPassword = '******';
$stored_email[] = 'NONE';
$check_email_query = smn_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
while ($check_email = smn_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (in_array($_POST['admin_email_address'], $stored_email)) {
if (isset($_POST['action']) && $_POST['action'] == 'process') {
$password_current = smn_db_prepare_input($_POST['password_current']);
$password_new = smn_db_prepare_input($_POST['password_new']);
$password_confirmation = smn_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = smn_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'");
$check_customer = smn_db_fetch_array($check_customer_query);
if (smn_validate_password($password_current, $check_customer['customers_password'])) {
smn_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $customer_id . "'");
smn_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
smn_redirect(smn_href_link(FILENAME_DEFAULT, '', 'NONSSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1, smn_href_link(FILENAME_ACCOUNT, '', 'NONSSL'));
$breadcrumb->add(NAVBAR_TITLE_2, smn_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'NONSSL'));
}
}
}
if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_TELEPHONE_NUMBER_ERROR);
}
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($error == false) {
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_password' => smn_encrypt_password($password));
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$dob = $dob_day . '/' . $dob_month . '/' . $dob_year;
$sql_data_array['customers_dob'] = smn_date_raw($dob);
}
smn_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$customer_id = smn_db_insert_id();
$sql_data_array = array('customers_id' => $customer_id, 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['entry_company'] = $company;
function set_password($password, $encrypted = false)
{
if (!$encrypted) {
$this->password = smn_encrypt_password($password);
} else {
$this->password = $password;
}
}
Portions Copyright (c) 2002 osCommerce
This source file is subject to version 2.0 of the GPL license,
that is bundled with this package in the file LICENSE. If you
did not receive a copy of the oscMall System license and are unable
to obtain it through the world-wide-web, please send a note to
license@systemsmanager.net so we can mail you a copy immediately.
*/
global $page_name;
require DIR_WS_CLASSES . 'mime.php';
require DIR_WS_CLASSES . 'email.php';
// include the password crypto functions
require DIR_WS_FUNCTIONS . 'password_funcs.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$email_address = smn_db_prepare_input($_POST['email_address']);
$check_customer_query = smn_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . smn_db_input($email_address) . "'");
if (smn_db_num_rows($check_customer_query)) {
$check_customer = smn_db_fetch_array($check_customer_query);
$new_password = smn_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = smn_encrypt_password($new_password);
smn_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
smn_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), $store->get_store_owner(), $store->get_store_owner_email_address());
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
smn_redirect(smn_href_link(FILENAME_LOGIN, '', 'NONSSL'));
} else {
$messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
}
}
$breadcrumb->add(NAVBAR_TITLE_1, smn_href_link(FILENAME_LOGIN, '', 'NONSSL'));
$breadcrumb->add(NAVBAR_TITLE_2, smn_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'NONSSL'));
if (!smn_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'action=check_account&error=password'));
} else {
//$confirm = 'confirm_account';
smn_session_register('confirm_account');
$confirm_account = '1';
smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));
}
break;
case 'save_account':
$admin_id = smn_db_prepare_input($_POST['id_info']);
$admin_email_address = smn_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$check_email_query = smn_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
while ($check_email = smn_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (in_array($_POST['admin_email_address'], $stored_email)) {
smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email'));
} else {
$sql_data_array = array('admin_firstname' => smn_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => smn_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => smn_db_prepare_input($_POST['admin_email_address']), 'admin_password' => smn_encrypt_password(smn_db_prepare_input($_POST['admin_password'])), 'admin_modified' => 'now()');
smn_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
smn_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['check_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $hiddenPassword), $_POST['check_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['check_email_address']);
smn_redirect(smn_href_link(FILENAME_ADMIN_ACCOUNT, 'page=' . $_GET['page'] . '&mID=' . $admin_id));
}
break;
}
}
$content_page = basename($_SERVER['PHP_SELF']);
require 'templates/default/layout.php';
require DIR_WS_INCLUDES . 'application_bottom.php';
$emailPassword = $makePassword;
$emailStoreName = STORE_OWNER;
} else {
$admin_id = $_POST['admin_id'];
$extraWhere = ' and admin_id != "' . $admin_id . '"';
$emailPassword = '******';
$emailStoreName = MALL_NAME;
}
$Qcheck = smn_db_query('select admin_email_address from ' . TABLE_ADMIN . ' where admin_email_address = "' . $email_address . '"' . $extraWhere);
if (smn_db_num_rows($Qcheck) > 0) {
echo '{ success: false, errorMsg: "Admin Email Address Already Exists." }';
exit;
}
$sql_data_array = array('admin_groups_id' => $group_id, 'admin_firstname' => $firstname, 'admin_lastname' => $lastname, 'admin_email_address' => $email_address);
if (isset($makePassword)) {
$sql_data_array['admin_password'] = smn_encrypt_password($makePassword);
$sql_data_array['admin_created'] = 'now()';
smn_db_perform(TABLE_ADMIN, $sql_data_array);
$admin_id = smn_db_insert_id();
} else {
$sql_data_array['admin_modified'] = 'now()';
smn_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = "' . $admin_id . '"');
}
smn_mail($firstname . ' ' . $lastname, $email_address, ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $firstname, HTTP_SERVER . DIR_WS_CATALOG . 'account.php', $email_address, $emailPassword, $emailStoreName), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
$Qmember = smn_db_query('select a.*, ag.admin_groups_name from ' . TABLE_ADMIN . ' a left join ' . TABLE_ADMIN_GROUPS . ' ag using(admin_groups_id) where admin_id = "' . $admin_id . '"');
$member = smn_db_fetch_array($Qmember);
echo '{
success: true,
admin_id: "' . $member['admin_id'] . '",
admin_firstname: "' . $member['admin_firstname'] . '",
admin_lastname: "' . $member['admin_lastname'] . '",
if (!smn_db_num_rows($check_admin_query)) {
$_GET['login'] = '******';
} else {
$check_admin = smn_db_fetch_array($check_admin_query);
if ($check_admin['check_firstname'] != $firstname) {
$_GET['login'] = '******';
} else {
$_GET['login'] = '******';
function randomize()
{
$salt = "ABCDEFGHIJKLMNOPQRSTUVWXWZabchefghjkmnpqrstuvwxyz0123456789";
srand((double) microtime() * 1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$makePassword = randomize();
smn_mail($check_admin['customers_firstname'] . ' ' . $check_admin['customers_lastname'], $check_admin['check_email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $makePassword), $check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address']);
smn_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'");
}
}
}
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN;
$content_page = basename($_SERVER['PHP_SELF']);
require 'templates/default/layout.php';
require DIR_WS_INCLUDES . 'application_bottom.php';
