header('HTTP/1.1 503 Service Temporarily Unavailable'); header('Status: 503 Service Temporarily Unavailable'); $_SESSION['navigation']->remove_current_page(); require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_OFFLINE; $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process') { $email_address = xos_db_prepare_input($_POST['email_address']); $password = xos_db_prepare_input($_POST['password']); // Check if email exists $check_admin_query = xos_db_query("select admin_id as login_id, admin_email_address as login_email_address, admin_password as login_password from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_admin_query)) { $error = true; } else { $check_admin = xos_db_fetch_array($check_admin_query); // Check that password is good if (!xos_validate_password($password, $check_admin['login_password'])) { $error = true; } else { $_SESSION['access_allowed'] = true; xos_redirect(xos_href_link(FILENAME_DEFAULT), false); } } } if ($error == true) { unset($_SESSION['access_allowed']); $messageStack->add('offline', TEXT_OFFLINE_ERROR); } $site_trail->add(NAVBAR_TITLE, xos_href_link(FILENAME_OFFLINE, '', 'SSL')); require DIR_WS_INCLUDES . 'html_header.php'; // require(DIR_WS_INCLUDES . 'boxes.php'); // require(DIR_WS_INCLUDES . 'header.php');
if (isset($_POST['action']) && $_POST['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $password_current = xos_db_prepare_input($_POST['password_current']); $password_new = xos_db_prepare_input($_POST['password_new']); $password_confirmation = xos_db_prepare_input($_POST['password_confirmation']); $error = false; if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = xos_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $check_customer = xos_db_fetch_array($check_customer_query); if (xos_validate_password($password_current, $check_customer['customers_password'])) { xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'"); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); } else { $error = true; $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } } if ($error == true) { $smarty->assign('password_error', true); } } $site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); $site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
// Copyright (c) 2002 osCommerce // filename: admin_account.php // // Released under the GNU General Public License //////////////////////////////////////////////////////////////////////////////// require 'includes/application_top.php'; if (!(@(include DIR_FS_SMARTY . 'admin/templates/' . ADMIN_TPL . '/php/' . FILENAME_ADMIN_ACCOUNT) == 'overwrite_all')) { $current_boxes = DIR_FS_ADMIN . DIR_WS_BOXES; $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'check_password': $check_pass_query = xos_db_query("select admin_password as confirm_password from " . TABLE_ADMIN . " where admin_id = '" . (int) $_POST['id_info'] . "'"); $check_pass = xos_db_fetch_array($check_pass_query); // Check that password is good if (!xos_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) { xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=check_account&error=password')); } else { //$confirm = 'confirm_account'; $_SESSION['confirm_account'] = true; xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process')); } break; case 'save_account': $admin_id = xos_db_prepare_input($_POST['id_info']); $admin_email_address = xos_db_prepare_input($_POST['admin_email_address']); $stored_email[] = 'NONE'; $hiddenPassword = TEXT_INFO_PASSWORD_HIDDEN; $check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . (int) $admin_id . ""); while ($check_email = xos_db_fetch_array($check_email_query)) { $stored_email[] = $check_email['admin_email_address'];
if ($session_started == false) { xos_redirect(xos_href_link(FILENAME_COOKIE_USAGE)); } require DIR_FS_SMARTY . 'catalog/languages/' . $_SESSION['language'] . '/' . FILENAME_LOGIN; $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $email_address = xos_db_prepare_input($_POST['email_address']); $password = xos_db_prepare_input($_POST['password']); // Check if email exists $check_customer_query = xos_db_query("select customers_id, customers_gender, customers_firstname, customers_lastname, customers_group_id, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = xos_db_fetch_array($check_customer_query); // Check that password is good if (!xos_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'true') { xos_session_recreate(); } // migrate old hashed password to new phpass password if (xos_password_type($check_customer['customers_password']) != 'phpass') { xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'"); } // note that tax rates depend on your registered address! if ($_GET['skip'] != 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD) { $existing_customers_query = xos_db_query("select customers_group_id, customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " order by customers_group_id "); while ($existing_customers = xos_db_fetch_array($existing_customers_query)) { $existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => " " . $existing_customers['customers_group_name'] . " "); }