function create_plugin_instance()
 {
     $aFilename = oos_get_filename();
     $aModules = oos_get_modules();
     if ($_GET['file'] != $aFilename['login'] && !isset($_SESSION['customer_id'])) {
         $cookie_url_array = parse_url((ENABLE_SSL == true ? OOS_HTTPS_SERVER : OOS_HTTP_SERVER) . substr(OOS_SHOP, 0, -1));
         $cookie_path = $cookie_url_array['path'];
         if (isset($_COOKIE['email_address']) && isset($_COOKIE['password'])) {
             // Get database information
             $dbconn =& oosDBGetConn();
             $oostable =& oosDBGetTables();
             $customerstable = $oostable['customers'];
             $sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n                         customers_password, customers_wishlist_link_id, customers_language,\n                         customers_vat_id_status, customers_email_address, customers_default_address_id,\n                         customers_max_order\n                  FROM {$customerstable}\n                  WHERE customers_login = '******'\n                  AND customers_email_address = '" . oos_db_input($_COOKIE['email_address']) . "'";
             $check_customer_result = $dbconn->Execute($sql);
             if ($check_customer_result->RecordCount()) {
                 $check_customer = $check_customer_result->fields;
                 if (oos_validate_password($_COOKIE['password'], $check_customer['customers_password'])) {
                     $address_booktable = $oostable['address_book'];
                     $sql = "SELECT entry_country_id, entry_zone_id\n                      FROM {$address_booktable}\n                      WHERE customers_id = '" . $check_customer['customers_id'] . "'\n                        AND address_book_id = '1'";
                     $check_country = $dbconn->GetRow($sql);
                     if ($check_customer['customers_language'] == '') {
                         $sLanguage = oos_var_prep_for_os($_SESSION['language']);
                         $customerstable = $oostable['customers'];
                         $dbconn->Execute("UPDATE {$customerstable}\n                                  SET customers_language = '" . oos_db_input($sLanguage) . "'\n                                  WHERE customers_id = '" . intval($check_customer['customers_id']) . "'");
                     }
                     $_SESSION['customer_wishlist_link_id'] = $check_customer['customers_wishlist_link_id'];
                     $_SESSION['customer_id'] = $check_customer['customers_id'];
                     $_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
                     if (ACCOUNT_GENDER == '1') {
                         $_SESSION['customer_gender'] = $check_customer['customers_gender'];
                     }
                     $_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
                     $_SESSION['customer_lastname'] = $check_customer['customers_lastname'];
                     $_SESSION['customer_max_order'] = $check_customer['customers_max_order'];
                     $_SESSION['customer_country_id'] = $check_country['entry_country_id'];
                     $_SESSION['customer_zone_id'] = $check_country['entry_zone_id'];
                     if (ACCOUNT_VAT_ID == '1') {
                         $_SESSION['customers_vat_id_status'] = $check_customer['customers_vat_id_status'];
                     }
                     $_SESSION['member']->restore_group();
                     setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
                     setcookie('password', $check_customer['customers_password'], time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
                     $customers_infotable = $oostable['customers_info'];
                     $dbconn->Execute("UPDATE {$customers_infotable}\n                                SET customers_info_date_of_last_logon = '" . date("Y-m-d H:i:s", time()) . "',\n                                    customers_info_number_of_logons = customers_info_number_of_logons+1\n                                WHERE customers_info_id = '" . intval($_SESSION['customer_id']) . "'");
                     $_SESSION['cart']->restore_contents();
                     // restore cart contents
                 }
             }
         }
     }
     return true;
 }
if (isset($_POST['action']) && $_POST['action'] == 'process' && (isset($_SESSION['formid']) && $_SESSION['formid'] == $_POST['formid'])) {
    $email_address = oos_prepare_input($_POST['email_address']);
    $password = oos_prepare_input($_POST['password']);
    if (empty($email_address) || !is_string($email_address)) {
        MyOOS_CoreApi::redirect(oos_href_link($aPages['main']));
    }
    // Check if email exists
    $customerstable = $oostable['customers'];
    $sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,\n                   customers_password, customers_wishlist_link_id, customers_language,\n                   customers_vat_id_status, customers_email_address, customers_default_address_id,\n                   customers_max_order\n            FROM {$customerstable}\n            WHERE customers_login = '******'\n              AND customers_email_address = '" . oos_db_input($email_address) . "'";
    $check_customer_result = $dbconn->Execute($sql);
    if (!$check_customer_result->RecordCount()) {
        $_GET['login'] = '******';
    } else {
        $check_customer = $check_customer_result->fields;
        // Check that password is good
        if (!oos_validate_password($password, $check_customer['customers_password'])) {
            $_GET['login'] = '******';
        } else {
            $address_booktable = $oostable['address_book'];
            $sql = "SELECT entry_country_id, entry_zone_id\n                    FROM {$address_booktable}\n                    WHERE customers_id = '" . $check_customer['customers_id'] . "'\n                      AND address_book_id = '1'";
            $check_country = $dbconn->GetRow($sql);
            if ($check_customer['customers_language'] == '') {
                $customerstable = $oostable['customers'];
                $dbconn->Execute("UPDATE {$customerstable}\n                                  SET customers_language = '" . oos_db_input($sLanguage) . "'\n                                  WHERE customers_id = '" . intval($check_customer['customers_id']) . "'");
            }
            $_SESSION['customer_wishlist_link_id'] = $check_customer['customers_wishlist_link_id'];
            $_SESSION['customer_id'] = $check_customer['customers_id'];
            $_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
            if (ACCOUNT_GENDER == '1') {
                $_SESSION['customer_gender'] = $check_customer['customers_gender'];
            }
Exemple #3
0
if (!defined('SHOW_CAPTCHA')) {
    define('SHOW_CAPTCHA', '0');
}
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    //Check if userinput and CAPTCHA String are equal
    if (SHOW_CAPTCHA == '1' && $_SESSION['oos_captcha_string'] != $_POST['captchastring']) {
        $_GET['login'] = '******';
    } else {
        // Check if email exists
        $check_admin_result = $dbconn->Execute("SELECT admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum FROM " . $oostable['admin'] . " WHERE admin_email_address = '" . oos_db_input($email_address) . "'");
        if (!$check_admin_result->RecordCount()) {
            $_GET['login'] = '******';
        } else {
            $check_admin = $check_admin_result->fields;
            // Check that password is good
            if (!oos_validate_password($password, $check_admin['login_password'])) {
                $_GET['login'] = '******';
            } else {
                if (isset($_SESSION['password_forgotten'])) {
                    unset($_SESSION['password_forgotten']);
                }
                $_SESSION['login_id'] = $check_admin['login_id'];
                $_SESSION['login_groups_id'] = $check_admin['login_groups_id'];
                $_SESSION['login_first_name'] = $check_admin['login_firstname'];
                $login_email_address = $check_admin['login_email_address'];
                $login_logdate = $check_admin['login_logdate'];
                $login_lognum = $check_admin['login_lognum'];
                $login_modified = $check_admin['login_modified'];
                //$date_now = date('Ymd');
                $dbconn->Execute("UPDATE " . $oostable['admin'] . "\n                        SET admin_logdate = '" . date("Y-m-d H:i:s", time()) . "', admin_lognum = admin_lognum+1\n                        WHERE admin_id = '" . $_SESSION['login_id'] . "'");
                if ($login_lognum == 0 || !$login_logdate || $login_email_address == 'admin@localhost' || $login_modified == '0000-00-00 00:00:00') {
   Copyright (c) 2003 osCommerce
   ----------------------------------------------------------------------
   Released under the GNU General Public License
   ---------------------------------------------------------------------- */
define('OOS_VALID_MOD', 'yes');
require 'includes/oos_main.php';
$current_boxes = OOS_ABSOLUTE_PATH . 'admin/includes/boxes/';
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (!empty($action)) {
    switch ($action) {
        case 'check_password':
            $admintable = $oostable['admin'];
            $check_pass_query = "SELECT admin_password as confirm_password FROM {$admintable} WHERE admin_id = '" . oos_db_input($_POST['id_info']) . "'";
            $check_pass = $dbconn->GetRow($check_pass_query);
            // Check that password is good
            if (!oos_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
                oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'action=check_account&error=password'));
            } else {
                //$confirm = 'confirm_account';
                $_SESSION['confirm_account'] = 'confirm';
                oos_redirect_admin(oos_href_link_admin($aFilename['admin_account'], 'action=edit_process'));
            }
            break;
        case 'save_account':
            $admin_id = oos_db_prepare_input($_POST['id_info']);
            $admin_email_address = oos_db_prepare_input($_POST['admin_email_address']);
            $stored_email[] = 'NONE';
            $admintable = $oostable['admin'];
            $check_email_query = "SELECT admin_email_address FROM " . $admintable . " WHERE admin_id <> " . $admin_id . "";
            $check_email_result =& $dbconn->Execute($check_email_query);
            while ($check_email = $check_email_result->fields) {