function create_plugin_instance()
{
$aFilename = oos_get_filename();
$aModules = oos_get_modules();
if ($_GET['file'] != $aFilename['login'] && !isset($_SESSION['customer_id'])) {
$cookie_url_array = parse_url((ENABLE_SSL == true ? OOS_HTTPS_SERVER : OOS_HTTP_SERVER) . substr(OOS_SHOP, 0, -1));
$cookie_path = $cookie_url_array['path'];
if (isset($_COOKIE['email_address']) && isset($_COOKIE['password'])) {
// Get database information
$dbconn =& oosDBGetConn();
$oostable =& oosDBGetTables();
$customerstable = $oostable['customers'];
$sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_language,\n customers_vat_id_status, customers_email_address, customers_default_address_id,\n customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($_COOKIE['email_address']) . "'";
$check_customer_result = $dbconn->Execute($sql);
if ($check_customer_result->RecordCount()) {
$check_customer = $check_customer_result->fields;
if (oos_validate_password($_COOKIE['password'], $check_customer['customers_password'])) {
$address_booktable = $oostable['address_book'];
$sql = "SELECT entry_country_id, entry_zone_id\n FROM {$address_booktable}\n WHERE customers_id = '" . $check_customer['customers_id'] . "'\n AND address_book_id = '1'";
$check_country = $dbconn->GetRow($sql);
if ($check_customer['customers_language'] == '') {
$sLanguage = oos_var_prep_for_os($_SESSION['language']);
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_language = '" . oos_db_input($sLanguage) . "'\n WHERE customers_id = '" . intval($check_customer['customers_id']) . "'");
}
$_SESSION['customer_wishlist_link_id'] = $check_customer['customers_wishlist_link_id'];
$_SESSION['customer_id'] = $check_customer['customers_id'];
$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
if (ACCOUNT_GENDER == '1') {
$_SESSION['customer_gender'] = $check_customer['customers_gender'];
}
$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
$_SESSION['customer_lastname'] = $check_customer['customers_lastname'];
$_SESSION['customer_max_order'] = $check_customer['customers_max_order'];
$_SESSION['customer_country_id'] = $check_country['entry_country_id'];
$_SESSION['customer_zone_id'] = $check_country['entry_zone_id'];
if (ACCOUNT_VAT_ID == '1') {
$_SESSION['customers_vat_id_status'] = $check_customer['customers_vat_id_status'];
}
$_SESSION['member']->restore_group();
setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
setcookie('password', $check_customer['customers_password'], time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
$customers_infotable = $oostable['customers_info'];
$dbconn->Execute("UPDATE {$customers_infotable}\n SET customers_info_date_of_last_logon = '" . date("Y-m-d H:i:s", time()) . "',\n customers_info_number_of_logons = customers_info_number_of_logons+1\n WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'");
$_SESSION['cart']->restore_contents();
// restore cart contents
}
}
}
}
return true;
}
if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
$email_address = oos_prepare_input($_POST['email_address']);
$password = oos_prepare_input($_POST['password']);
if (empty($email_address) || !is_string($email_address)) {
MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
}
// Check if email exists
$customerstable = $oostable['customers'];
$sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n customers_password, customers_wishlist_link_id, customers_language,\n customers_vat_id_status, customers_email_address, customers_default_address_id,\n customers_max_order\n FROM {$customerstable}\n WHERE customers_login = '******'\n AND customers_email_address = '" . oos_db_input($email_address) . "'";
$check_customer_result = $dbconn->Execute($sql);
if (!$check_customer_result->RecordCount()) {
$_GET['login'] = '******';
} else {
$check_customer = $check_customer_result->fields;
// Check that password is good
if (!oos_validate_password($password, $check_customer['customers_password'])) {
$_GET['login'] = '******';
} else {
$address_booktable = $oostable['address_book'];
$sql = "SELECT entry_country_id, entry_zone_id\n FROM {$address_booktable}\n WHERE customers_id = '" . $check_customer['customers_id'] . "'\n AND address_book_id = '1'";
$check_country = $dbconn->GetRow($sql);
if ($check_customer['customers_language'] == '') {
$customerstable = $oostable['customers'];
$dbconn->Execute("UPDATE {$customerstable}\n SET customers_language = '" . oos_db_input($sLanguage) . "'\n WHERE customers_id = '" . intval($check_customer['customers_id']) . "'");
}
$_SESSION['customer_wishlist_link_id'] = $check_customer['customers_wishlist_link_id'];
$_SESSION['customer_id'] = $check_customer['customers_id'];
$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
if (ACCOUNT_GENDER == '1') {
$_SESSION['customer_gender'] = $check_customer['customers_gender'];
}
if (!defined('SHOW_CAPTCHA')) {
define('SHOW_CAPTCHA', '0');
}
if (isset($_GET['action']) && $_GET['action'] == 'process') {
//Check if userinput and CAPTCHA String are equal
if (SHOW_CAPTCHA == '1' && $_SESSION['oos_captcha_string'] != $_POST['captchastring']) {
$_GET['login'] = '******';
} else {
// Check if email exists
$check_admin_result = $dbconn->Execute("SELECT admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum FROM " . $oostable['admin'] . " WHERE admin_email_address = '" . oos_db_input($email_address) . "'");
if (!$check_admin_result->RecordCount()) {
$_GET['login'] = '******';
} else {
$check_admin = $check_admin_result->fields;
// Check that password is good
if (!oos_validate_password($password, $check_admin['login_password'])) {
$_GET['login'] = '******';
} else {
if (isset($_SESSION['password_forgotten'])) {
unset($_SESSION['password_forgotten']);
}
$_SESSION['login_id'] = $check_admin['login_id'];
$_SESSION['login_groups_id'] = $check_admin['login_groups_id'];
$_SESSION['login_first_name'] = $check_admin['login_firstname'];
$login_email_address = $check_admin['login_email_address'];
$login_logdate = $check_admin['login_logdate'];
$login_lognum = $check_admin['login_lognum'];
$login_modified = $check_admin['login_modified'];
//$date_now = date('Ymd');
$dbconn->Execute("UPDATE " . $oostable['admin'] . "\n SET admin_logdate = '" . date("Y-m-d H:i:s", time()) . "', admin_lognum = admin_lognum+1\n WHERE admin_id = '" . $_SESSION['login_id'] . "'");
if ($login_lognum == 0 || !$login_logdate || $login_email_address == 'admin@localhost' || $login_modified == '0000-00-00 00:00:00') {
Copyright (c) 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
define('OOS_VALID_MOD', 'yes');
require 'includes/oos_main.php';
$current_boxes = OOS_ABSOLUTE_PATH . 'admin/includes/boxes/';
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (!empty($action)) {
switch ($action) {
case 'check_password':
$admintable = $oostable['admin'];
$check_pass_query = "SELECT admin_password as confirm_password FROM {$admintable} WHERE admin_id = '" . oos_db_input($_POST['id_info']) . "'";
$check_pass = $dbconn->GetRow($check_pass_query);
// Check that password is good
if (!oos_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'action=check_account&error=password'));
} else {
//$confirm = 'confirm_account';
$_SESSION['confirm_account'] = 'confirm';
oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'action=edit_process'));
}
break;
case 'save_account':
$admin_id = oos_db_prepare_input($_POST['id_info']);
$admin_email_address = oos_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$admintable = $oostable['admin'];
$check_email_query = "SELECT admin_email_address FROM " . $admintable . " WHERE admin_id <> " . $admin_id . "";
$check_email_result =& $dbconn->Execute($check_email_query);
while ($check_email = $check_email_result->fields) {