header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
$_SESSION['navigation']->remove_current_page();
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$email_address = xos_db_prepare_input($_POST['email_address']);
$password = xos_db_prepare_input($_POST['password']);
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$error = true;
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
// Check that password is good
if (!xos_validate_password($password, $check_admin['login_password'])) {
$error = true;
} else {
$_SESSION['access_allowed'] = true;
xos_redirect(xos_href_link(FILENAME_DEFAULT), false);
}
}
}
if ($error == true) {
unset($_SESSION['access_allowed']);
$messageStack->add('offline', TEXT_OFFLINE_ERROR);
}
$site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_OFFLINE, '', 'SSL'));
require DIR_WS_INCLUDES . 'html_header.php';
// require(DIR_WS_INCLUDES . 'boxes.php');
// require(DIR_WS_INCLUDES . 'header.php');
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$password_current = xos_db_prepare_input($_POST['password_current']);
$password_new = xos_db_prepare_input($_POST['password_new']);
$password_confirmation = xos_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = xos_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$check_customer = xos_db_fetch_array($check_customer_query);
if (xos_validate_password($password_current, $check_customer['customers_password'])) {
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
if ($error == true) {
$smarty->assign('password_error', true);
}
}
$site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
// Copyright (c) 2002 osCommerce
// filename: admin_account.php
//
// Released under the GNU General Public License
////////////////////////////////////////////////////////////////////////////////
require 'includes/application_top.php';
if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_ADMIN_ACCOUNT) == 'overwrite_all')) {
$current_boxes = DIR_FS_ADMIN . DIR_WS_BOXES;
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'check_password':
$check_pass_query = xos_db_query("select admin_password as confirm_password from " . TABLE_ADMIN . " where admin_id = '" . (int) $_POST['id_info'] . "'");
$check_pass = xos_db_fetch_array($check_pass_query);
// Check that password is good
if (!xos_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=check_account&error=password'));
} else {
//$confirm = 'confirm_account';
$_SESSION['confirm_account'] = true;
xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));
}
break;
case 'save_account':
$admin_id = xos_db_prepare_input($_POST['id_info']);
$admin_email_address = xos_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$hiddenPassword = TEXT_INFO_PASSWORD_HIDDEN;
$check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . (int) $admin_id . "");
while ($check_email = xos_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
if ($session_started == false) {
xos_redirect(xos_href_link(FILENAME_COOKIE_USAGE));
}
require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_LOGIN;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = xos_db_prepare_input($_POST['email_address']);
$password = xos_db_prepare_input($_POST['password']);
// Check if email exists
$check_customer_query = xos_db_query("select customers_id, customers_gender, customers_firstname, customers_lastname, customers_group_id, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = xos_db_fetch_array($check_customer_query);
// Check that password is good
if (!xos_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'true') {
xos_session_recreate();
}
// migrate old hashed password to new phpass password
if (xos_password_type($check_customer['customers_password']) != 'phpass') {
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
}
// note that tax rates depend on your registered address!
if ($_GET['skip'] != 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD) {
$existing_customers_query = xos_db_query("select customers_group_id, customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " order by customers_group_id ");
while ($existing_customers = xos_db_fetch_array($existing_customers_query)) {
$existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => " " . $existing_customers['customers_group_name'] . " ");
}
