function update($VAR)
{
global $C_list, $C_debug;
if (!$this->checkLimits()) {
return false;
}
// check account limits
// validate the tax_id
global $VAR;
require_once PATH_MODULES . 'tax/tax.inc.php';
$taxObj = new tax();
$tax_arr = @$VAR['account_admin_tax_id'];
if (is_array($tax_arr)) {
foreach ($tax_arr as $country_id => $tax_id) {
if ($country_id == $VAR['account_admin_country_id']) {
$exempt = @$VAR["account_tax_id_exempt"][$country_id];
if (!($txRs = $taxObj->TaxIdsValidate($country_id, $tax_id, $exempt))) {
$this->validated = false;
global $C_translate;
$this->val_error[] = array('field' => 'account_admin_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", ""));
}
if ($exempt) {
$VAR['account_admin_tax_id'] = false;
} else {
$VAR['account_admin_tax_id'] = $tax_id;
}
}
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form('account', $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
}
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
return;
}
### Get the old username ( for db mapping )
$db =& DB();
$sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['account_admin_id']);
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
$old_username = $result->fields['username'];
}
### Update the password:
$update_password = false;
if (!empty($VAR['_password'])) {
$VAR['account_admin_password'] = $VAR['_password'];
/* check if new password is ok */
if ($C_list->is_installed('account_password_history')) {
include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php';
$accountHistory = new account_password_history();
if (!$accountHistory->getIsPasswordOk($VAR['account_admin_id'], $VAR['account_admin_password'], false)) {
$C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
unset($VAR['account_admin_password']);
} else {
$update_password = true;
}
}
}
### Update the record
$type = "update";
$this->method["{$type}"] = explode(",", $this->method["{$type}"]);
$db = new CORE_database();
$ok = $db->update($VAR, $this, $type);
if ($ok) {
/* password logging class */
if ($update_password && is_object($accountHistory)) {
$accountHistory->setNewPassword($VAR['account_admin_id'], $VAR["account_admin_password"], false);
}
### Update the static vars:
$static_var->update($VAR, 'account', $VAR['account_admin_id']);
### Do any db_mapping
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
if (!empty($VAR['account_admin_password'])) {
$db_map->plaintext_password = $VAR['account_admin_password'];
} else {
$db_map->plaintext_password = false;
}
$db_map->account_edit($VAR['account_admin_id'], $old_username);
}
// remove login lock
if ($VAR['account_admin_status']) {
$db =& DB();
$delrs = $db->Execute($sql = sqlDelete($db, "login_lock", "account_id={$VAR['account_admin_id']}"));
$delrs = $db->Execute($sql = sqlDelete($db, "login_log", "account_id={$VAR['account_admin_id']} AND status=0"));
}
return true;
}
}
function password_reset($VAR)
{
global $C_translate, $C_debug, $smarty;
### Validate that the password is set... && confirm password is set...
if (!isset($VAR['account_password']) || !isset($VAR['confirm_password'])) {
### ERROR:
$message = $C_translate->translate('password_reset_reqq', 'account', '');
$C_debug->alert($message);
return;
} else {
if ($VAR['account_password'] == "") {
### ERROR:
$message = $C_translate->translate('password_reset_reqq', 'account', '');
$C_debug->alert($message);
return;
} else {
if ($VAR['account_password'] != $VAR['confirm_password']) {
### ERROR:
$message = $C_translate->translate('password_change_match', 'account', '');
$C_debug->alert($message);
return;
} else {
$plaintext_password = $VAR['account_password'];
/* hash the password */
if (defined('PASSWORD_ENCODING_SHA')) {
$password = sha1($VAR['account_password']);
} else {
$password = md5($VAR['account_password']);
}
}
}
}
if (!isset($VAR['validate']) || $VAR['validate'] == "") {
### ERROR: bad link....
$url = '<br><a href="' . URL . '?_page=account:password">' . $C_translate->translate('submit', 'CORE', '') . '</a>';
$message = $C_translate->translate('password_reset_bad_url', 'account', '');
$C_debug->alert($message . '' . $url);
return;
}
### Get the temporary record from the database
$validate = @$VAR['validate'];
$db =& DB();
$sql = 'SELECT field1,field2 FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
date_expire >= ' . $db->qstr(time()) . ' AND
field2 = ' . $db->qstr($validate);
$result = $db->Execute($sql);
if ($result->RecordCount() == 0) {
### ERROR: no match for submitted link, invalid or expired.
$url = '<br><a href="' . URL . '?_page=account:password">' . $C_translate->translate('submit', 'CORE', '') . '</a>';
$message = $C_translate->translate('password_reset_bad_url', 'account', '');
$C_debug->alert($message . '' . $url);
return;
}
$account_id = $result->fields['field1'];
/* check if new password is ok */
global $C_list;
if ($C_list->is_installed('account_password_history')) {
include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php';
$accountHistory = new account_password_history();
if (!$accountHistory->getIsPasswordOk($account_id, $password)) {
$C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
return;
}
}
###############################################################
### Delete the temporary record
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field2 = ' . $db->qstr($validate);
$db->Execute($sql);
###############################################################
### Update the password record:
$db =& DB();
$sql = 'UPDATE ' . AGILE_DB_PREFIX . 'account
SET
date_last = ' . $db->qstr(time()) . ',
password = '******'
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$db->Execute($sql);
/* password logging class */
if (!empty($accountHistory) && is_object($accountHistory)) {
$accountHistory->setNewPassword($account_id, $password);
}
####################################################################
### Get the old username ( for db mapping )
$db =& DB();
$sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
$old_username = $result->fields['username'];
}
####################################################################
### Do any db_mapping
####################################################################
global $C_list;
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
$db_map->plaintext_password = $plaintext_password;
$db_map->account_edit($account_id, $old_username);
}
### Return the success message:
$C_debug->alert($C_translate->translate('password_update_success', 'account', ''));
$smarty->assign('pw_changed', true);
}