function add($VAR) { if (!$this->checkLimits()) { return false; } // check account limits global $C_translate, $C_debug, $smarty; ### Set the hidden values: $VAR['account_admin_date_orig'] = time(); $VAR['account_admin_date_last'] = time(); if (!empty($VAR["account_admin_date_expire"])) { include_once PATH_CORE . 'validate.inc.php'; $val = new CORE_validate(); $date_expire = $val->DateToEpoch(false, $VAR["account_admin_date_expire"]); } else { $date_expire = 0; } ### Determine the proper account status: if (!isset($VAR['account_admin_status']) || $VAR['account_admin_status'] != "1") { $status = 0; } else { $status = 1; } ### DEFINE A USERNAME: if (empty($VAR['account_admin_username'])) { $length = 4; srand((double) microtime() * 1000000); $vowels = array("a", "e", "i", "o", "u"); $cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl"); $num_vowels = count($vowels); $num_cons = count($cons); for ($i = 0; $i < $length; $i++) { @($VAR['account_admin_username'] .= $cons[rand(0, $num_cons - 1)] . $vowels[rand(0, $num_vowels - 1)]); } } ## Single field login: if (defined('SINGLE_FIELD_LOGIN') && SINGLE_FIELD_LOGIN == true && empty($VAR['account_admin_password'])) { $VAR['account_admin_password'] = '******'; $passwd = 'none'; } ### DEFINE A PASSWORD: if (empty($VAR['account_admin_password'])) { srand((double) microtime() * 1000000); $UniqID = md5(uniqid(rand())); @($VAR['account_admin_password'] = substr(md5(uniqid(rand())), 0, 10)); $passwd = '********'; } else { $passwd = $VAR['account_admin_password']; /* hash the password */ if (defined('PASSWORD_ENCODING_SHA')) { $VAR['account_admin_password'] = sha1($VAR['account_admin_password']); } else { $VAR['account_admin_password'] = md5($VAR['account_admin_password']); } } #################################################################### ### loop through the field list to validate the required fields #################################################################### $type = 'add'; $this->method["{$type}"] = explode(",", $this->method["{$type}"]); $arr = $this->method["{$type}"]; include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $this->validated = true; while (list($key, $value) = each($arr)) { # get the field value $field_var = $this->module . '_' . $value; $field_name = $value; #################################################################### ### perform any field validation... #################################################################### # check if this value is unique if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) { if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) { $this->validated = false; $this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", "")); } } # check if the submitted value meets the specifed requirements if (isset($this->field["{$value}"]["validate"])) { if (isset($VAR["{$field_var}"])) { if ($VAR["{$field_var}"] != '') { if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } } // validate the tax_id require_once PATH_MODULES . 'tax/tax.inc.php'; $taxObj = new tax(); $tax_arr = @$VAR['account_admin_tax_id']; if (is_array($tax_arr)) { foreach ($tax_arr as $country_id => $tax_id) { if ($country_id == $VAR['account_admin_country_id']) { $exempt = @$VAR["account_tax_id_exempt"][$country_id]; if (!$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) { $this->validated = false; $this->val_error[] = array('field' => 'account_admin_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", "")); } if ($exempt) { $account_admin_tax_id = false; } else { $account_admin_tax_id = $tax_id; } } } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form('account', $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; } #################################################################### ### If validation was failed, skip the db insert & ### set the errors & origonal fields as Smarty objects, ### and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } # Stripslashes global $C_vars; $C_vars->strip_slashes_all(); return; } # Get default invoice options $db =& DB(); $invopt = $db->Execute(sqlSelect($db, "setup_invoice", "*", "")); if ($invopt && $invopt->RecordCount()) { $invoice_delivery = $invopt->fields['invoice_delivery']; $invoice_format = $invopt->fields['invoice_show_itemized']; } #################################################################### ### Insert the account record #################################################################### $this->account_id = $db->GenID(AGILE_DB_PREFIX . 'account_id'); $validation_str = time(); /** get parent id */ @($parent_id = @$VAR["account_admin_parent_id"]); if (empty($parent_id)) { $parent_id = $this->account_id; } $sql = ' INSERT INTO ' . AGILE_DB_PREFIX . 'account SET id = ' . $db->qstr($this->account_id) . ', site_id = ' . $db->qstr(DEFAULT_SITE) . ', date_orig = ' . $db->qstr($validation_str) . ', date_last = ' . $db->qstr(time()) . ', date_expire = ' . $db->qstr($date_expire) . ', language_id = ' . $db->qstr($VAR["account_admin_language_id"]) . ', country_id = ' . $db->qstr($VAR["account_admin_country_id"]) . ', parent_id = ' . $db->qstr($parent_id) . ', affiliate_id = ' . $db->qstr(@$VAR["account_admin_affiliate_id"]) . ', reseller_id = ' . $db->qstr(@$VAR["account_admin_reseller_id"]) . ', currency_id = ' . $db->qstr($VAR["account_admin_currency_id"]) . ', theme_id = ' . $db->qstr($VAR["account_admin_theme_id"]) . ', username = '******', password = '******', status = ' . $db->qstr($status) . ', first_name = ' . $db->qstr($VAR["account_admin_first_name"]) . ', middle_name = ' . $db->qstr($VAR["account_admin_middle_name"]) . ', last_name = ' . $db->qstr($VAR["account_admin_last_name"]) . ', company = ' . $db->qstr($VAR["account_admin_company"]) . ', title = ' . $db->qstr($VAR["account_admin_title"]) . ', email = ' . $db->qstr($VAR["account_admin_email"]) . ', address1 = ' . $db->qstr($VAR["account_admin_address1"]) . ', address2 = ' . $db->qstr($VAR["account_admin_address2"]) . ', city = ' . $db->qstr($VAR["account_admin_city"]) . ', state = ' . $db->qstr($VAR["account_admin_state"]) . ', zip = ' . $db->qstr($VAR["account_admin_zip"]) . ', misc = ' . $db->qstr($VAR["account_admin_misc"]) . ', email_type = ' . $db->qstr($VAR["account_admin_email_html"]) . ', invoice_delivery= ' . $db->qstr(@$invoice_delivery) . ', invoice_show_itemized=' . $db->qstr(@$invoice_format) . ', invoice_advance_gen = ' . $db->qstr(MAX_INV_GEN_PERIOD) . ', invoice_grace = ' . $db->qstr(GRACE_PERIOD) . ', tax_id = ' . $db->qstr(@$account_tax_id); $result = $db->Execute($sql); ### error reporting: if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php', 'add', $db->ErrorMsg()); if (isset($this->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($this->trigger["{$type}"], 0, $VAR); } return; } /* password logging class */ global $C_list; if ($C_list->is_installed('account_password_history')) { include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php'; $accountHistory = new account_password_history(); $accountHistory->setNewPassword($this->account_id, $VAR["account_admin_password"]); } ### Add the account to the default group: $this->add_account_groups($VAR['groups'], $this->account_id, $VAR['account_admin_date_expire']); ### Insert the static vars: $static_var->add($VAR, 'account', $this->account_id); ### Mail the new user if (!empty($VAR['welcome_email'])) { require_once PATH_MODULES . 'email_template/email_template.inc.php'; $my = new email_template(); if ($status == "1") { $my->send('account_add_staff_active', $this->account_id, '', '', $passwd); } else { $validation_str = strtoupper($validation_str . ':' . $this->account_id); $my->send('account_add_staff_inactive', $this->account_id, $this->account_id, '', $validation_str); } } ### Do any db_mapping if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); if (!empty($passwd)) { $db_map->plaintext_password = $passwd; } else { $db_map->plaintext_password = false; } $db_map->account_add($this->account_id); } ### Display the welcome message if ($status == "1") { $C_debug->alert($C_translate->translate("staff_add_active", "account_admin", "")); } else { $C_debug->alert($C_translate->translate("staff_add_inactive", "account_admin", "")); } #$VAR["id"] = $this->account_id; $url = '?_page=' . $VAR['_page'] . '&id=' . $this->account_id; if (!empty($VAR['id'])) { $url .= '&_escape=1'; } if (!empty($VAR['field'])) { $url .= '&field=' . $VAR['field']; $url .= '&name=' . $VAR['account_admin_first_name'] . ' ' . $VAR['account_admin_last_name']; } define('REDIRECT_PAGE', $url); ### Affiliate Auto Creation if (AUTO_AFFILIATE == 1 && $C_list->is_installed("affiliate")) { $VAR['affiliate_account_id'] = $this->account_id; $VAR['affiliate_template_id'] = DEFAULT_AFFILIATE_TEMPLATE; @($VAR['affiliate_parent_affiliate_id'] = $VAR['account_admin_affiliate_id']); include_once PATH_MODULES . 'affiliate/affiliate.inc.php'; $affiliate = new affiliate(); $affiliate->add($VAR, $affiliate); } return; }
function verify($VAR) { global $C_debug, $C_translate, $smarty; ### Validate $verify is set... if (!isset($VAR['verify']) || $VAR['verify'] == "") { ### Error: please use the form below ... $smarty->assign('verify_results', false); return; } @($verify = explode(':', $VAR['verify'])); ### Validate the $verify string.... $db =& DB(); $sql = 'SELECT id,username,status FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr(@$verify[1]) . ' AND date_orig = ' . $db->qstr(@$verify[0]); $result = $db->Execute($sql); if ($result->RecordCount() == 0) { ### Error: please use the form below ... $smarty->assign('verify_results', false); return; } ### Check the status: $status = $result->fields['status']; $username = $result->fields['username']; if ($status == "1") { ### Account already active! $smarty->assign('verify_results', true); return; } ### Update the account status $sql = 'UPDATE ' . AGILE_DB_PREFIX . 'account SET status = ' . $db->qstr("1") . ' WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr(@$verify[1]); $result = $db->Execute($sql); ### Account now active! $smarty->assign('verify_results', true); ### Return the success message: $C_debug->alert($C_translate->translate('password_update_success', 'account', '')); #################################################################### ### Do any db_mapping #################################################################### global $C_list; /* if($C_list->is_installed('db_mapping')) { include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' ); $db_map = new db_mapping; $db_map->account_edit ( $VAR['verify'], $username ); } */ if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->plaintext_password = false; $db_map->account_add($verify[1]); } }