$hiddenPassword = TEXT_INFO_PASSWORD_HIDDEN;
$check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . (int) $admin_id . "");
while ($check_email = xos_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (xos_validate_email($admin_email_address) == false) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_not_valid'));
} elseif (in_array($admin_email_address, $stored_email)) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_used'));
} else {
$my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . "");
$my_old_account = xos_db_fetch_array($my_old_account_query);
$sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()');
$admin_password = xos_db_prepare_input($_POST['admin_password']);
if (xos_not_null($admin_password)) {
$insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password));
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
}
xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\'');
if (SEND_EMAILS == 'true') {
$email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error');
}
}
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT));
}
break;
}
}
$my_account_query = xos_db_query("select a.admin_id, a.admin_firstname, a.admin_lastname, a.admin_email_address, a.admin_created, a.admin_modified, a.admin_logdate, a.admin_lognum, g.admin_groups_name from " . TABLE_ADMIN . " a, " . TABLE_ADMIN_GROUPS . " g where a.admin_id= " . $_SESSION['login_id'] . " and g.admin_groups_id= " . $_SESSION['login_groups_id'] . "");
$check_admin_query = xos_db_query("select admin_id as check_id, admin_firstname as check_firstname, admin_lastname as check_lastname, admin_email_address as check_email_address from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$_GET['login'] = '******';
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
if ($check_admin['check_firstname'] != $firstname) {
$_GET['login'] = '******';
} else {
$_GET['login'] = '******';
$makePassword = xos_create_random_value(7);
@(require DIR_FS_SMARTY . 'admin/languages/' . $_SESSION['language'] . '/' . FILENAME_LOGIN);
$email_to_admin = new mailer($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$mailer_error_message = sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo);
} else {
xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'");
}
}
}
}
$javascript = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function center() {' . "\n" . ' var height = document.getElementById("text").offsetHeight;' . "\n" . ' var marg = (height / 2);' . "\n" . ' document.getElementById("spacer").style.margin = "-" + marg + "px" + " 0px" + " 0px" + " 0px";' . "\n" . '}' . "\n\n" . '$(function(){' . "\n" . ' if (document.cookie.indexOf("' . xos_session_name() . '=' . xos_session_id() . '") != -1) {' . "\n" . ' $("#cookie_error").css("visibility", "hidden");' . "\n" . ' }' . "\n" . '});' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
require DIR_WS_INCLUDES . 'html_header_with_special_stylesheet.php';
require DIR_WS_INCLUDES . 'footer.php';
if (SESSION_FORCE_COOKIE_USE == 'true' && !isset($_COOKIE[session_name()])) {
$smarty->assign('cookie_not_accepted', true);
}
if ($_GET['login'] == 'success') {
$smarty->assign('login_success', true);
} elseif ($_GET['login'] == 'fail') {
$smarty->assign('login_fail', true);
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'member_new':
$admin_email_address = xos_db_prepare_input($_POST['admin_email_address']);
$check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . "");
while ($check_email = xos_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (xos_validate_email($admin_email_address) == false) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_not_valid&action=new_member'));
} elseif (in_array($admin_email_address, $stored_email)) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_used&action=new_member'));
} else {
$makePassword = xos_db_prepare_input(xos_create_random_value(7));
$sql_data_array = array('admin_groups_id' => xos_db_prepare_input($_POST['admin_groups_id']), 'admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_password' => xos_encrypt_password($makePassword), 'admin_created' => 'now()');
xos_db_perform(TABLE_ADMIN, $sql_data_array);
$admin_id = xos_db_insert_id();
if (SEND_EMAILS == 'true') {
$email_to_admin = new mailer($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error');
} else {
$messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $_POST['admin_email_address']), 'success');
}
}
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS));
}
break;
case 'member_edit':
$admin_id = xos_db_prepare_input($_POST['admin_id']);
if ($actionRecorder->canPerform() || !$actionRecorder->check()) {
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$login_error = 'incorrect_values';
$actionRecorder->record(false);
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
// Check that password is good
if (!xos_validate_password($password, $check_admin['login_password'])) {
$login_error = 'incorrect_values';
$actionRecorder->record(false);
} else {
// migrate old hashed password to new phpass password
if (xos_password_type($check_admin['login_password']) != 'phpass') {
xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . (int) $check_admin['login_id'] . "'");
}
if (isset($_SESSION['password_forgotten'])) {
unset($_SESSION['password_forgotten']);
}
$login_email_address = $check_admin['login_email_address'];
$login_logdate = $check_admin['login_logdate'];
$login_lognum = $check_admin['login_lognum'];
$login_modified = $check_admin['login_modified'];
$_SESSION['login_id'] = $check_admin['login_id'];
$_SESSION['login_groups_id'] = $check_admin['login_groups_id'];
$_SESSION['login_firstname'] = $check_admin['login_firstname'];
$actionRecorder->_user_id = $check_admin['login_id'];
$actionRecorder->record();
//$date_now = date('Ymd');
xos_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $_SESSION['login_id'] . "'");
$error = false;
if (!isset($_POST['process_id']) || $_POST['security_code'] != str_decrypt($_POST['process_id'])) {
$error = true;
$messageStack->add('password_forgotten', TEXT_SECURITY_CODE_ERROR);
}
$actionRecorder = new actionRecorder('ar_reset_password', null, $email_address);
if (!$actionRecorder->canPerform() && $actionRecorder->check()) {
$error = true;
$actionRecorder->record(false);
$messageStack->add('password_forgotten', sprintf(ERROR_ACTION_RECORDER, defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5));
}
$check_customer_query = xos_db_query("select customers_firstname, customers_lastname, customers_email_address, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'");
if (xos_db_num_rows($check_customer_query) && $error == false) {
$check_customer = xos_db_fetch_array($check_customer_query);
$new_password = xos_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = xos_encrypt_password($new_password);
$smarty->unregisterFilter('output', 'smarty_outputfilter_trimwhitespace');
$smarty->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => XHTML_LANG, 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG . 'images/email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . SELECTED_TPL . '/') . EMAIL_SHOP_LOGO, 'remote_address' => $_SERVER['REMOTE_ADDR'], 'new_password' => $new_password));
$smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_html');
$output_password_forgotten_email_html = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_html.tpl');
$smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_text');
$output_password_forgotten_email_text = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_text.tpl');
$smarty->clearAssign(array('html_params', 'xhtml_lang', 'charset', 'store_name_address', 'store_name', 'src_embedded_shop_logo', 'src_shop_logo', 'remote_address', 'new_password'));
$email_to_customer = new mailer($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $check_customer['customers_email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, $output_password_forgotten_email_html, $output_password_forgotten_email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SHOP_LOGO);
if (!$email_to_customer->send()) {
$messageStack->add_session('login', sprintf(ERROR_PHPMAILER, $email_to_customer->ErrorInfo));
} else {
$actionRecorder->_user_id = $check_customer['customers_id'];
$actionRecorder->record();
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
$password_current = xos_db_prepare_input($_POST['password_current']);
$password_new = xos_db_prepare_input($_POST['password_new']);
$password_confirmation = xos_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = xos_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = xos_db_fetch_array($check_customer_query);
if (xos_validate_password($password_current, $check_customer['customers_password'])) {
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
if ($error == true) {
$smarty->assign('password_error', true);
}
}
$site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'html_header.php';
$error = true;
$messageStack->add('create_account', ENTRY_TELEPHONE_NUMBER_ERROR);
$smarty->assign('telephone_number_error', true);
}
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($error == true) {
$smarty->assign('password_error', true);
}
if ($error == false) {
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_password' => xos_encrypt_password($password));
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = $dob_year . $dob_month . $dob_day;
}
// if you would like to have an alert in the admin section when either a company name has been entered in
// the appropriate field or a tax id number, or both then uncomment the next line and comment the default
// setting: only alert when a tax_id number has been given
//if ( (ACCOUNT_COMPANY == 'true' && xos_not_null($company) ) || (ACCOUNT_COMPANY == 'true' && xos_not_null($company_tax_id) ) ) {
if (ACCOUNT_COMPANY == 'true' && xos_not_null($company_tax_id)) {
$sql_data_array['customers_group_ra'] = '1';
}
xos_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = xos_db_insert_id();
// Check if email exists
$check_customer_query = xos_db_query("select customers_id, customers_gender, customers_firstname, customers_lastname, customers_group_id, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = xos_db_fetch_array($check_customer_query);
// Check that password is good
if (!xos_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'true') {
xos_session_recreate();
}
// migrate old hashed password to new phpass password
if (xos_password_type($check_customer['customers_password']) != 'phpass') {
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
}
// note that tax rates depend on your registered address!
if ($_GET['skip'] != 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD) {
$existing_customers_query = xos_db_query("select customers_group_id, customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " order by customers_group_id ");
while ($existing_customers = xos_db_fetch_array($existing_customers_query)) {
$existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => " " . $existing_customers['customers_group_name'] . " ");
}
$smarty->assign(array('sppc_toggle_login' => true, 'customers_groups_pull_down_menu' => xos_draw_pull_down_menu('new_customers_group_id', $existing_customers_array, $check_customer['customers_group_id'], 'class="form-control" id="new_customers_group_id"'), 'hidden_field_email_address' => xos_draw_hidden_field('email_address', $_POST['email_address']), 'hidden_field_password' => xos_draw_hidden_field('password', $_POST['password'])));
} else {
$check_country_query = xos_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = xos_db_fetch_array($check_country_query);
if ($_GET['skip'] == 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD && isset($_POST['new_customers_group_id'])) {
$sppc_customer_group_id = $_POST['new_customers_group_id'];
$check_customer_group = xos_db_query("select customers_group_discount, customers_group_show_tax, customers_group_tax_exempt from " . TABLE_CUSTOMERS_GROUPS . " where customers_group_id = '" . (int) $_POST['new_customers_group_id'] . "'");
} else {
