function update($VAR)
    {
        global $C_list, $C_debug;
        if (!$this->checkLimits()) {
            return false;
        }
        // check account limits
        // validate the tax_id
        global $VAR;
        require_once PATH_MODULES . 'tax/tax.inc.php';
        $taxObj = new tax();
        $tax_arr = @$VAR['account_admin_tax_id'];
        if (is_array($tax_arr)) {
            foreach ($tax_arr as $country_id => $tax_id) {
                if ($country_id == $VAR['account_admin_country_id']) {
                    $exempt = @$VAR["account_tax_id_exempt"][$country_id];
                    if (!($txRs = $taxObj->TaxIdsValidate($country_id, $tax_id, $exempt))) {
                        $this->validated = false;
                        global $C_translate;
                        $this->val_error[] = array('field' => 'account_admin_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", ""));
                    }
                    if ($exempt) {
                        $VAR['account_admin_tax_id'] = false;
                    } else {
                        $VAR['account_admin_tax_id'] = $tax_id;
                    }
                }
            }
        }
        ####################################################################
        ### Get required static_Vars and validate them... return an array
        ### w/ ALL errors...
        ####################################################################
        require_once PATH_CORE . 'static_var.inc.php';
        $static_var = new CORE_static_var();
        if (!isset($this->val_error)) {
            $this->val_error = false;
        }
        $all_error = $static_var->validate_form('account', $this->val_error);
        if ($all_error != false && gettype($all_error) == 'array') {
            $this->validated = false;
        } else {
            $this->validated = true;
        }
        ####################################################################
        # If validation was failed, skip the db insert &
        # set the errors & origonal fields as Smarty objects,
        # and change the page to be loaded.
        ####################################################################
        if (!$this->validated) {
            global $smarty;
            # set the errors as a Smarty Object
            $smarty->assign('form_validation', $all_error);
            # set the page to be loaded
            if (!defined("FORCE_PAGE")) {
                define('FORCE_PAGE', $VAR['_page_current']);
            }
            return;
        }
        ### Get the old username ( for db mapping )
        $db =& DB();
        $sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
					site_id     = ' . $db->qstr(DEFAULT_SITE) . ' AND
					id          = ' . $db->qstr($VAR['account_admin_id']);
        $result = $db->Execute($sql);
        if ($result->RecordCount() > 0) {
            $old_username = $result->fields['username'];
        }
        ### Update the password:
        $update_password = false;
        if (!empty($VAR['_password'])) {
            $VAR['account_admin_password'] = $VAR['_password'];
            /* check if new password is ok */
            if ($C_list->is_installed('account_password_history')) {
                include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php';
                $accountHistory = new account_password_history();
                if (!$accountHistory->getIsPasswordOk($VAR['account_admin_id'], $VAR['account_admin_password'], false)) {
                    $C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
                    unset($VAR['account_admin_password']);
                } else {
                    $update_password = true;
                }
            }
        }
        ### Update the record
        $type = "update";
        $this->method["{$type}"] = explode(",", $this->method["{$type}"]);
        $db = new CORE_database();
        $ok = $db->update($VAR, $this, $type);
        if ($ok) {
            /* password logging class */
            if ($update_password && is_object($accountHistory)) {
                $accountHistory->setNewPassword($VAR['account_admin_id'], $VAR["account_admin_password"], false);
            }
            ### Update the static vars:
            $static_var->update($VAR, 'account', $VAR['account_admin_id']);
            ### Do any db_mapping
            if ($C_list->is_installed('db_mapping')) {
                include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
                $db_map = new db_mapping();
                if (!empty($VAR['account_admin_password'])) {
                    $db_map->plaintext_password = $VAR['account_admin_password'];
                } else {
                    $db_map->plaintext_password = false;
                }
                $db_map->account_edit($VAR['account_admin_id'], $old_username);
            }
            // remove login lock
            if ($VAR['account_admin_status']) {
                $db =& DB();
                $delrs = $db->Execute($sql = sqlDelete($db, "login_lock", "account_id={$VAR['account_admin_id']}"));
                $delrs = $db->Execute($sql = sqlDelete($db, "login_log", "account_id={$VAR['account_admin_id']} AND status=0"));
            }
            return true;
        }
    }
Example #2
0
    function password_reset($VAR)
    {
        global $C_translate, $C_debug, $smarty;
        ### Validate that the password is set... && confirm password is set...
        if (!isset($VAR['account_password']) || !isset($VAR['confirm_password'])) {
            ### ERROR:
            $message = $C_translate->translate('password_reset_reqq', 'account', '');
            $C_debug->alert($message);
            return;
        } else {
            if ($VAR['account_password'] == "") {
                ### ERROR:
                $message = $C_translate->translate('password_reset_reqq', 'account', '');
                $C_debug->alert($message);
                return;
            } else {
                if ($VAR['account_password'] != $VAR['confirm_password']) {
                    ### ERROR:
                    $message = $C_translate->translate('password_change_match', 'account', '');
                    $C_debug->alert($message);
                    return;
                } else {
                    $plaintext_password = $VAR['account_password'];
                    /* hash the password */
                    if (defined('PASSWORD_ENCODING_SHA')) {
                        $password = sha1($VAR['account_password']);
                    } else {
                        $password = md5($VAR['account_password']);
                    }
                }
            }
        }
        if (!isset($VAR['validate']) || $VAR['validate'] == "") {
            ### ERROR: bad link....
            $url = '<br><a href="' . URL . '?_page=account:password">' . $C_translate->translate('submit', 'CORE', '') . '</a>';
            $message = $C_translate->translate('password_reset_bad_url', 'account', '');
            $C_debug->alert($message . '' . $url);
            return;
        }
        ### Get the temporary record from the database
        $validate = @$VAR['validate'];
        $db =& DB();
        $sql = 'SELECT field1,field2 FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
					site_id     = ' . $db->qstr(DEFAULT_SITE) . ' AND
					date_expire >= ' . $db->qstr(time()) . ' AND
					field2      = ' . $db->qstr($validate);
        $result = $db->Execute($sql);
        if ($result->RecordCount() == 0) {
            ### ERROR: no match for submitted link, invalid or expired.
            $url = '<br><a href="' . URL . '?_page=account:password">' . $C_translate->translate('submit', 'CORE', '') . '</a>';
            $message = $C_translate->translate('password_reset_bad_url', 'account', '');
            $C_debug->alert($message . '' . $url);
            return;
        }
        $account_id = $result->fields['field1'];
        /* check if new password is ok */
        global $C_list;
        if ($C_list->is_installed('account_password_history')) {
            include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php';
            $accountHistory = new account_password_history();
            if (!$accountHistory->getIsPasswordOk($account_id, $password)) {
                $C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
                return;
            }
        }
        ###############################################################
        ### Delete the temporary record
        $sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
				site_id     = ' . $db->qstr(DEFAULT_SITE) . ' AND
				field2      = ' . $db->qstr($validate);
        $db->Execute($sql);
        ###############################################################
        ### Update the password record:
        $db =& DB();
        $sql = 'UPDATE ' . AGILE_DB_PREFIX . 'account
				SET
				date_last   = ' . $db->qstr(time()) . ',
				password    = '******'
				WHERE
				site_id     = ' . $db->qstr(DEFAULT_SITE) . ' AND
				id          = ' . $db->qstr($account_id);
        $db->Execute($sql);
        /* password logging class */
        if (!empty($accountHistory) && is_object($accountHistory)) {
            $accountHistory->setNewPassword($account_id, $password);
        }
        ####################################################################
        ### Get the old username ( for db mapping )
        $db =& DB();
        $sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
					site_id     = ' . $db->qstr(DEFAULT_SITE) . ' AND
					id          = ' . $db->qstr($account_id);
        $result = $db->Execute($sql);
        if ($result->RecordCount() > 0) {
            $old_username = $result->fields['username'];
        }
        ####################################################################
        ### Do any db_mapping
        ####################################################################
        global $C_list;
        if ($C_list->is_installed('db_mapping')) {
            include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
            $db_map = new db_mapping();
            $db_map->plaintext_password = $plaintext_password;
            $db_map->account_edit($account_id, $old_username);
        }
        ### Return the success message:
        $C_debug->alert($C_translate->translate('password_update_success', 'account', ''));
        $smarty->assign('pw_changed', true);
    }