}
//valid password
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add_session('easy_createaccount', ENTRY_PASSWORD_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add_session('easy_createaccount', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($error == true) {
// hook notifier class
$zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT');
// redirect back to login page
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
} else {
$sql_data_array = array('customers_email_address' => $email_address, 'customers_password' => zen_encrypt_password($password), 'customers_nick' => $nick, 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION);
if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') {
$sql_data_array['customers_referral'] = $customers_referral;
}
/* if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;
if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = (empty($_POST['dob']) || $dob_entered == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']));*/
zen_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = $db->Insert_ID();
$_SESSION['shipping'] = '';
$sql = "insert into " . TABLE_CUSTOMERS_INFO . "\n\t\t\t (customers_info_id, customers_info_number_of_logons,\n\t\t\t customers_info_date_account_created)\n values ('" . (int) $_SESSION['customer_id'] . "', '0', now())";
$db->Execute($sql);
// BEGIN newsletter_subscribe mod 1/1
// If a newsletter only account exists we update the info,
// but keep the subscription active, and give them a message that to
// change they should do so on their account page (after creation).
if (defined('NEWSONLY_SUBSCRIPTION_ENABLED') && NEWSONLY_SUBSCRIPTION_ENABLED == 'true') {
} else {
$entry_antirobotreg_error = false;
}
}
if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR);
} elseif ($password != $confirmation) {
$error = true;
$messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
}
if ($error == true) {
// hook notifier class
$zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT');
} else {
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_nick' => $nick, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_default_address_id' => 0, 'customers_password' => zen_encrypt_password($password), 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION);
if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') {
$sql_data_array['customers_referral'] = $customers_referral;
}
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = empty($_POST['dob']) || $dob_entered == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']);
}
zen_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = $db->Insert_ID();
$zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD', array_merge(array('customer_id' => $_SESSION['customer_id']), $sql_data_array));
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
$admin_email = zen_db_prepare_input($_POST['admin_email']);
$password_new = zen_db_prepare_input($password_new);
$admin_level = zen_db_prepare_input($_POST['admin_level']);
$password_new = zen_db_prepare_input($password_new);
$sql_data_array = array('admin_name' => $admin_name, 'admin_email' => $admin_email, 'admin_level' => $admin_level);
if ($action == 'insert') {
$insert_sql_data = array('admin_pass' => zen_encrypt_password($password_new));
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
zen_db_perform(TABLE_ADMIN, $sql_data_array);
$admin_id = zen_db_insert_id();
$admins_id = $admin_id;
} elseif ($action == 'save') {
zen_db_perform(TABLE_ADMIN, $sql_data_array, 'update', "admin_id = '" . (int) $admins_id . "'");
$db->Execute("Update " . TABLE_CONFIGURATION . " set configuration_value='" . $_POST['demo_status'] . "' where configuration_key='ADMIN_DEMO'");
} elseif ($action == 'reset') {
$update_sql_data = array('admin_pass' => zen_encrypt_password($password_new));
$sql_data_array = array_merge($sql_data_array, $update_sql_data);
zen_db_perform(TABLE_ADMIN, $sql_data_array, 'update', "admin_id = '" . (int) $admins_id . "'");
}
// end action check
zen_redirect(zen_href_link(FILENAME_ADMIN, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'adminID=' . $admins_id));
}
// end error check
//echo $action;
// zen_redirect(zen_href_link(FILENAME_ADMIN, (isset($_GET['page']) ? 'page=' . '&' : '') . 'adminID=' . $admins_id));
break;
// ----------------------------------------------------------------------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------------------------------------------------------------------
case 'deleteconfirm':
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = "SELECT customers_password, customers_nick\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_id = :customersID";
$check_customer_query = $db->bindVars($check_customer_query, ':customersID', $_SESSION['customer_id'], 'integer');
$check_customer = $db->Execute($check_customer_query);
if (zen_validate_password($password_current, $check_customer->fields['customers_password'])) {
$nickname = $check_customer->fields['customers_nick'];
$sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password \n WHERE customers_id = :customersID";
$sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
$sql = $db->bindVars($sql, ':password', zen_encrypt_password($password_new), 'string');
$db->Execute($sql);
$sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\n SET customers_info_date_account_last_modified = now()\n WHERE customers_info_id = :customersID";
$sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
$db->Execute($sql);
if ($phpBB->phpBB['installed'] == true) {
if (zen_not_null($nickname) && $nickname != '') {
$phpBB->phpbb_change_password($nickname, $password_new);
}
}
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
function module_visitor_to_account($return = array())
{
global $db, $messageStack, $zco_notifier;
$return = $this->zoneOptions($return);
$process = false;
/**
* Process form contents
*/
if (isset($_POST['action']) && $_POST['action'] == 'process') {
$process = true;
$return['error'] = false;
$return['error_messages'] = array();
$return = $this->prosessPrivacyConditions($return);
$return = $this->processGender($return);
$return = $this->processNames($return);
$return = $this->processNick($return);
$return = $this->processDOB($return);
$return = $this->processEmailAddress($return);
$return = $this->processAddress($return);
$return = $this->processEmailFormat($return);
$return = $this->processCustomersAuthorization($return);
$return = $this->processCustomersReferral($return);
$return = $this->processNewsletter($return);
$return = $this->processPassword($return);
if (count($return['error_messages']) > 0) {
foreach ($return['error_messages'] as $error_message) {
$messageStack->add('create_account', $error_message['message'], $error_message['type']);
}
}
if ($return['error'] == true) {
// hook notifier class
$zco_notifier->notify('NOTIFY_FAILURE_DURING_VISITOR_TO_ACCOUNT');
} else {
extract($return);
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_nick' => $nick, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_password' => zen_encrypt_password($password), 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION);
// ->furikana
if (FURIKANA_NESESSARY) {
$sql_data_array['customers_firstname_kana'] = $firstname_kana;
$sql_data_array['customers_lastname_kana'] = $lastname_kana;
}
// <-furikana
if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') {
$sql_data_array['customers_referral'] = $customers_referral;
}
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
// if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = zen_date_raw($dob);
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']);
}
zen_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'");
// delete a visitor
$db->Execute("delete from " . TABLE_VISITORS . "\r\n where visitors_id = '" . (int) $_SESSION['visitors_id'] . "'");
unset($_SESSION['visitors_id']);
$sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_telephone' => $telephone, 'entry_fax' => $fax, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
// ->furikana
if (FURIKANA_NESESSARY) {
$sql_data_array['entry_firstname_kana'] = $firstname_kana;
$sql_data_array['entry_lastname_kana'] = $lastname_kana;
}
// <-furikana
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $zone_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $state;
}
}
zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'");
$sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\r\n SET customers_info_date_account_last_modified = now()\r\n WHERE customers_info_id = :customersID";
$sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
// phpBB create account
if ($phpBB->phpBB['installed'] == true) {
$phpBB->phpbb_create_account($nick, $password, $email_address);
}
// End phppBB create account
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_last_name'] = $lastname;
// ->furikana
if (FURIKANA_NESESSARY) {
$_SESSION['customer_first_name_kana'] = $firstname_kana;
$_SESSION['customer_last_name_kana'] = $lastname_kana;
}
// <-furikana
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id;
// restore cart contents
$_SESSION['cart']->restore_contents();
// hook notifier class
$zco_notifier->notify('NOTIFY_LOGIN_SUCCESS_VIA_VISITOR_TO_ACCOUNT');
// build the message content
$name = $firstname . ' ' . $lastname;
if (ACCOUNT_GENDER == 'true') {
if ($gender == 'm') {
$email_text = sprintf(EMAIL_GREET_MR, $name);
} else {
$email_text = sprintf(EMAIL_GREET_MS, $name);
}
} else {
$email_text = sprintf(EMAIL_GREET_NONE, $name);
}
$html_msg['EMAIL_GREETING'] = str_replace('\\n', '', $email_text);
$html_msg['EMAIL_FIRST_NAME'] = $firstname;
$html_msg['EMAIL_LAST_NAME'] = $lastname;
// initial welcome
$email_text .= EMAIL_WELCOME;
$html_msg['EMAIL_WELCOME'] = str_replace('\\n', '', EMAIL_WELCOME);
if (NEW_SIGNUP_DISCOUNT_COUPON != '' and NEW_SIGNUP_DISCOUNT_COUPON != '0') {
$coupon_id = NEW_SIGNUP_DISCOUNT_COUPON;
$coupon = $db->Execute("select * from " . TABLE_COUPONS . " where coupon_id = '" . $coupon_id . "'");
$coupon_desc = $db->Execute("select coupon_description from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $coupon_id . "' and language_id = '" . $_SESSION['languages_id'] . "'");
$db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )");
// if on, add in Discount Coupon explanation
// $email_text .= EMAIL_COUPON_INCENTIVE_HEADER .
$email_text .= "\n" . EMAIL_COUPON_INCENTIVE_HEADER . (!empty($coupon_desc->fields['coupon_description']) ? $coupon_desc->fields['coupon_description'] . "\n\n" : '') . strip_tags(sprintf(EMAIL_COUPON_REDEEM, ' ' . $coupon->fields['coupon_code'])) . EMAIL_SEPARATOR;
$html_msg['COUPON_TEXT_VOUCHER_IS'] = EMAIL_COUPON_INCENTIVE_HEADER;
$html_msg['COUPON_DESCRIPTION'] = !empty($coupon_desc->fields['coupon_description']) ? '<strong>' . $coupon_desc->fields['coupon_description'] . '</strong>' : '';
$html_msg['COUPON_TEXT_TO_REDEEM'] = str_replace("\n", '', sprintf(EMAIL_COUPON_REDEEM, ''));
$html_msg['COUPON_CODE'] = $coupon->fields['coupon_code'];
}
//endif coupon
if (NEW_SIGNUP_GIFT_VOUCHER_AMOUNT > 0) {
$coupon_code = zen_create_coupon_code();
$insert_query = $db->Execute("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $coupon_code . "', 'G', '" . NEW_SIGNUP_GIFT_VOUCHER_AMOUNT . "', now())");
$insert_id = $db->Insert_ID();
$db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $email_address . "', now() )");
// if on, add in GV explanation
$email_text .= "\n\n" . sprintf(EMAIL_GV_INCENTIVE_HEADER, $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT)) . sprintf(EMAIL_GV_REDEEM, $coupon_code) . EMAIL_GV_LINK . zen_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false) . "\n\n" . EMAIL_GV_LINK_OTHER . EMAIL_SEPARATOR;
$html_msg['GV_WORTH'] = str_replace('\\n', '', sprintf(EMAIL_GV_INCENTIVE_HEADER, $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT)));
$html_msg['GV_REDEEM'] = str_replace('\\n', '', str_replace('\\n\\n', '<br />', sprintf(EMAIL_GV_REDEEM, '<strong>' . $coupon_code . '</strong>')));
$html_msg['GV_CODE_NUM'] = $coupon_code;
$html_msg['GV_CODE_URL'] = str_replace('\\n', '', EMAIL_GV_LINK . '<a href="' . zen_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false) . '">' . TEXT_GV_NAME . ': ' . $coupon_code . '</a>');
$html_msg['GV_LINK_OTHER'] = EMAIL_GV_LINK_OTHER;
}
// endif voucher
// add in regular email welcome text
$email_text .= "\n\n" . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_GV_CLOSURE;
$html_msg['EMAIL_MESSAGE_HTML'] = str_replace('\\n', '', EMAIL_TEXT);
$html_msg['EMAIL_CONTACT_OWNER'] = str_replace('\\n', '', EMAIL_CONTACT);
$html_msg['EMAIL_CLOSURE'] = nl2br(EMAIL_GV_CLOSURE);
// include create-account-specific disclaimer
$email_text .= "\n\n" . sprintf(EMAIL_DISCLAIMER_NEW_CUSTOMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n";
$html_msg['EMAIL_DISCLAIMER'] = sprintf(EMAIL_DISCLAIMER_NEW_CUSTOMER, '<a href="mailto:' . STORE_OWNER_EMAIL_ADDRESS . '">' . STORE_OWNER_EMAIL_ADDRESS . ' </a>');
// send welcome email
zen_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_NAME, EMAIL_FROM, $html_msg, 'welcome');
// send additional emails
if (SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO_STATUS == '1' and SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO != '') {
if ($_SESSION['customer_id']) {
$account_query = "select customers_firstname, customers_lastname, customers_email_address\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$account = $db->Execute($account_query);
}
$extra_info = email_collect_extra_info($name, $email_address, $account->fields['customers_firstname'] . ' ' . $account->fields['customers_lastname'], $account->fields['customers_email_address']);
$html_msg['EXTRA_INFO'] = $extra_info['HTML'];
zen_mail('', SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO, SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO_SUBJECT . ' ' . EMAIL_SUBJECT, $email_text . $extra_info['TEXT'], STORE_NAME, EMAIL_FROM, $html_msg, 'welcome_extra');
}
//endif send extra emails
$_SESSION['navigation']->clear_snapshot();
zen_redirect(zen_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL'));
}
//endif !error
} else {
$return = $this->getFormDefault($return);
}
return $return;
}
$error_check = false;
if (isset($_POST['submit'])) {
if (!$_POST['admin_email']) {
$error_check = true;
$email_message = ERROR_WRONG_EMAIL_NULL;
}
$admin_email = zen_db_prepare_input($_POST['admin_email']);
$sql = "select admin_id, admin_name, admin_email, admin_pass from " . TABLE_ADMIN . " where admin_email = '" . zen_db_input($admin_email) . "'";
$result = $db->Execute($sql);
if (!($admin_email == $result->fields['admin_email'])) {
$error_check = true;
$email_message = ERROR_WRONG_EMAIL;
}
if ($error_check == false) {
$new_password = zen_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$admin_pass = zen_encrypt_password($new_password);
$sql = "update " . TABLE_ADMIN . " set admin_pass = '******' where admin_email = '" . $result->fields['admin_email'] . "'";
$db->Execute($sql);
$html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name'];
$html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE, $new_password);
zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT, sprintf(TEXT_EMAIL_MESSAGE, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin');
$email_message = SUCCESS_PASSWORD_SENT;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php
echo HTML_PARAMS;
?>
>
<head>
function dbAdminSetup()
{
$this->dbActivate();
// can likely remove this line for v1.4
$sql = "update " . DB_PREFIX . "admin set admin_name = '" . $this->configInfo['admin_username'] . "', admin_email = '" . $this->configInfo['admin_email'] . "', admin_pass = '******'admin_pass']) . "' where admin_id = 1";
$this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg());
// enable/disable automatic version-checking
$sql = "update " . DB_PREFIX . "configuration set configuration_value = '" . ($this->configInfo['check_for_updates'] ? 'true' : 'false') . "' where configuration_key = 'SHOW_VERSION_UPDATE_IN_HEADER'";
$this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg());
$this->db->Close();
}
// BEGIN SLAM PREVENTION
if ($_POST['email_address'] != '') {
if (!isset($_SESSION['login_attempt'])) {
$_SESSION['login_attempt'] = 0;
}
$_SESSION['login_attempt']++;
}
// END SLAM PREVENTION
$email_address = zen_db_prepare_input($_POST['email_address']);
$check_customer_query = "SELECT customers_firstname, customers_lastname, customers_password, customers_id\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = :emailAddress";
$check_customer_query = $db->bindVars($check_customer_query, ':emailAddress', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);
if ($check_customer->RecordCount() > 0) {
$zco_notifier->notify('NOTIFY_PASSWORD_FORGOTTEN_VALIDATED');
$new_password = zen_create_PADSS_password(ENTRY_PASSWORD_MIN_LENGTH > 0 ? ENTRY_PASSWORD_MIN_LENGTH : 5);
$crypted_password = zen_encrypt_password($new_password);
$sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID";
$sql = $db->bindVars($sql, ':password', $crypted_password, 'string');
$sql = $db->bindVars($sql, ':customersID', $check_customer->fields['customers_id'], 'integer');
$db->Execute($sql);
$html_msg['EMAIL_CUSTOMERS_NAME'] = $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'];
$html_msg['EMAIL_MESSAGE_HTML'] = sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password);
// send the email
zen_mail($check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten');
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
} else {
$messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
}
}
$breadcrumb->add(NAVBAR_TITLE_1, zen_href_link(FILENAME_LOGIN, '', 'SSL'));
$how_know_web = zen_db_prepare_input($_POST['how_know_web']);
} else {
$how_know_web = 0;
}
$check_email_query = "select count(*) as total\n from " . TABLE_CUSTOMERS . "\n where customers_email_address = '" . zen_db_input($email_address) . "'";
$check_email = $db->Execute($check_email_query);
if ($check_email->fields['total'] > 0) {
$error = true;
$messageStack->add_session('login', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if ($error == true) {
// hook notifier class
$zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT');
} else {
$sql_data_array = array('customers_lastname' => 'New Customer', 'customers_email_address' => $email_address, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_default_address_id' => 0, 'customers_password' => zen_encrypt_password($password), 'customers_describes' => $describes, 'customers_referral' => $customers_referral, 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION);
zen_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = $db->Insert_ID();
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'from_type_id' => $how_know_web);
zen_db_perform(TABLE_ORIGIN, $sql_data_array);
$freq_type_id = $how_know_web;
$sql_update_origin = "UPDATE " . TABLE_ORIGIN_FREQ . " SET `from_type_freq` = `from_type_freq` +'1' WHERE `from_type_id` = " . $freq_type_id . " LIMIT 1 ; ";
$db->Execute($sql_update_origin);
$zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD', array_merge(array('customer_id' => $_SESSION['customer_id']), $sql_data_array));
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_company' => $company);
zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = $db->Insert_ID();
$zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_ADDRESS_BOOK_RECORD', array_merge(array('address_id' => $address_id), $sql_data_array));
$sql = "update " . TABLE_CUSTOMERS . "\n set customers_default_address_id = '" . (int) $address_id . "'\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$db->Execute($sql);
$sql = "insert into " . TABLE_CUSTOMERS_INFO . "\n (customers_info_id, customers_info_number_of_logons,\n customers_info_date_account_created)\n values ('" . (int) $_SESSION['customer_id'] . "', '0', now())";
function email_templates_make_new_passord($customers_id, $email_address)
{
global $db;
$new_password = zen_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = zen_encrypt_password($new_password);
$sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID";
$sql = $db->bindVars($sql, ':password', $crypted_password, 'string');
$sql = $db->bindVars($sql, ':customersID', $customers_id, 'integer');
$db->Execute($sql);
return $new_password;
}
$customer_exists = $db->Execute("select customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . makeSqlString($data[$root]['buyer-billing-address']['email']['VALUE']) . "'");
// Check if the GC buyer id exists
$customer_info = $db->Execute("select gct.customers_id from " . $googlepayment->table_name . " gct " . " inner join " . TABLE_CUSTOMERS . " tc on gct.customers_id = tc.customers_id " . " where gct.buyer_id = " . makeSqlString($data[$root]['buyer-id']['VALUE']));
$new_user = false;
// Ignore session to avoid mix of Cart-GC sessions/emails
// GC email is the most important one
// if ((isset($_SESSION['customer_id']) && $_SESSION['customer_id'] != '')
// || $customer_exists->RecordCount() != 0) {
if ($customer_exists->RecordCount() != 0) {
$_SESSION['customer_id'] = $customer_exists->fields['customers_id'];
} else {
if ($customer_info->RecordCount() != 0) {
$_SESSION['customer_id'] = $customer_info->fields['customers_id'];
} else {
list($firstname, $lastname) = explode(' ', makeSqlString($data[$root]['buyer-billing-address']['contact-name']['VALUE']), 2);
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $data[$root]['buyer-billing-address']['email']['VALUE'], 'customers_nick' => '', 'customers_telephone' => $data[$root]['buyer-billing-address']['phone']['VALUE'], 'customers_fax' => $data[$root]['buyer-billing-address']['fax']['VALUE'], 'customers_default_address_id' => 0, 'customers_password' => zen_encrypt_password(makeSqlString($data[$root]['buyer-id']['VALUE'])), 'customers_newsletter' => $data[$root]['buyer-marketing-preferences']['email-allowed']['VALUE'] == 'true' ? 1 : 0);
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = 'now()';
}
zen_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = $db->Insert_ID();
$db->Execute("insert into " . TABLE_CUSTOMERS_INFO . "\n (customers_info_id, customers_info_number_of_logons,\n customers_info_date_account_created)\n values ('" . (int) $_SESSION['customer_id'] . "', '0', now())");
/* $db->Execute("insert into " . $googlepayment->table_name . " " .
" values ( " . $_SESSION['customer_id'] . ", " .
$data[$root]['buyer-id']['VALUE'] . ")");*/
$new_user = true;
}
}
// thx ZachAnderson ;)
$customer_in_gc = $db->Execute("select gct.customers_id from " . $googlepayment->table_name . " gct " . " where gct.buyer_id = " . makeSqlString($data[$root]['buyer-id']['VALUE']));
if ($customer_in_gc->RecordCount() == 0) {
$admin_pass_confirm = zen_db_prepare_input($_POST['admin_pass_confirm']);
if (isset($_POST['check_for_updates']) && $_POST['check_for_updates'] == '1') {
$check_for_updates = 1;
} else {
$check_for_updates = 0;
}
$zc_install->isEmpty($admin_username, ERROR_TEXT_ADMIN_USERNAME_ISEMPTY, ERROR_CODE_ADMIN_USERNAME_ISEMPTY);
$zc_install->isEmpty($admin_email, ERROR_TEXT_ADMIN_EMAIL_ISEMPTY, ERROR_CODE_ADMIN_EMAIL_ISEMPTY);
$zc_install->isEmail($admin_email, ERROR_TEXT_ADMIN_EMAIL_NOTEMAIL, ERROR_CODE_ADMIN_EMAIL_NOTEMAIL);
$zc_install->isEmpty($admin_pass, ERROR_TEXT_ADMIN_PASS_ISEMPTY, ERROR_CODE_ADMIN_PASS_ISEMPTY);
$zc_install->isEqual($admin_pass, $admin_pass_confirm, ERROR_TEXT_ADMIN_PASS_NOTEQUAL, ERROR_CODE_ADMIN_PASS_NOTEQUAL);
if (!$zc_install->error) {
require '../includes/classes/db/' . DB_TYPE . '/query_factory.php';
$db = new queryFactory();
$db->Connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE) or die("Unable to connect to database");
$sql = "update " . DB_PREFIX . "admin set admin_name = '" . $admin_username . "', admin_email = '" . $admin_email . "', admin_pass = '******' where admin_id = 1";
$db->Execute($sql) or die("Error in query: {$sql}" . $db->ErrorMsg());
// enable/disable automatic version-checking
$sql = "update " . DB_PREFIX . "configuration set configuration_value = '" . ($check_for_updates ? 'true' : 'false') . "' where configuration_key = 'SHOW_VERSION_UPDATE_IN_HEADER'";
$db->Execute($sql) or die("Error in query: {$sql}" . $db->ErrorMsg());
$db->Close();
header('location: index.php?main_page=finished&language=' . $language);
exit;
}
}
if (!isset($_POST['admin_username'])) {
$_POST['admin_username'] = '';
}
if (!isset($_POST['admin_email'])) {
$_POST['admin_email'] = '';
}
function zen_reset_password($id, $password, $compare)
{
global $db;
$errors = array();
$id = (int) $id;
if ($password != 'no password' || $compare != 'no password') {
$password = zen_db_prepare_input($password);
$compare = zen_db_prepare_input($compare);
if ($password != $compare) {
$errors[] = ERROR_PASSWORDS_NOT_MATCHING;
}
if (zen_check_for_password_problems($password, $id)) {
$errors[] = ENTRY_PASSWORD_CHANGE_ERROR . ' ' . sprintf(ERROR_PASSWORD_RULES, (int) ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int) ADMIN_PASSWORD_MIN_LENGTH);
}
}
if (sizeof($errors) == 0) {
$encryptedPassword = zen_encrypt_password($password);
$sql = "UPDATE " . TABLE_ADMIN . "\r\n SET prev_pass3 = prev_pass2, prev_pass2 = prev_pass1, prev_pass1 = admin_pass, admin_pass = :newpwd:, pwd_last_change_date = now()\r\n WHERE admin_id = :adminID:";
$sql = $db->bindVars($sql, ':adminID:', $id, 'integer');
$sql = $db->bindVars($sql, ':newpwd:', zen_encrypt_password($password), 'string');
$db->Execute($sql);
}
return $errors;
}
if (!($admin_email == $result->fields['admin_email'])) {
$error = true;
$email_message = MESSAGE_PASSWORD_SENT;
$resetToken = 'bad';
}
// BEGIN SLAM PREVENTION
if ($_POST['admin_email'] != '') {
if (!isset($_SESSION['login_attempt'])) {
$_SESSION['login_attempt'] = 0;
}
$_SESSION['login_attempt']++;
}
// END SLAM PREVENTION
if ($error == false) {
$new_password = zen_create_PADSS_password((int) ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int) ADMIN_PASSWORD_MIN_LENGTH);
$resetToken = time() + ADMIN_PWD_TOKEN_DURATION . '}' . zen_encrypt_password($new_password);
$sql = "update " . TABLE_ADMIN . " set reset_token = :token: where admin_id = :admID: ";
$sql = $db->bindVars($sql, ':token:', $resetToken, 'string');
$sql = $db->bindVars($sql, ':admID:', $result->fields['admin_id'], 'string');
$db->Execute($sql);
$html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name'];
$html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password);
zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT_PWD_RESET, sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin');
$email_message = MESSAGE_PASSWORD_SENT;
}
}
?>
<!DOCTYPE html >
<html <?php
echo HTML_PARAMS;
?>
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = "select customers_password, customers_nick\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$check_customer = $db->Execute($check_customer_query);
if (zen_validate_password($password_current, $check_customer->fields['customers_password'])) {
$nickname = $check_customer->fields['customers_nick'];
$db->Execute("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
$sql = "update " . TABLE_CUSTOMERS_INFO . "\r\n set customers_info_date_account_last_modified = now()\r\n where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'";
$db->Execute($sql);
if ($sniffer->phpBB['installed'] == true) {
if (zen_not_null($nickname) && $nickname != '') {
// require($sniffer->phpBB['phpbb_path'] . 'config.php');
$db_phpbb = new queryFactory();
$db_phpbb->connect($sniffer->phpBB['dbhost'], $sniffer->phpBB['dbuser'], $sniffer->phpBB['dbpasswd'], $sniffer->phpBB['dbname'], USE_PCONNECT, false);
$sql = "update " . $sniffer->phpBB['users_table'] . " set user_password='******'\r\n where username = '******'";
$phpbb_users = $db_phpbb->Execute($sql);
$db->connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE, USE_PCONNECT, false);
}
}
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
function zen_encrypt_password($plain)
{
$password = '';
for ($i = 0; $i < 10; $i++) {
$password .= zen_rand();
}
$salt = substr(md5($password), 0, 2);
$password = md5($salt . $plain) . ':' . $salt;
return $password;
}
function zen_rand($min = null, $max = null)
{
static $seeded;
if (!$seeded) {
mt_srand((double) microtime() * 1000000);
$seeded = true;
}
if (isset($min) && isset($max)) {
if ($min >= $max) {
return $min;
} else {
return mt_rand($min, $max);
}
} else {
return mt_rand();
}
}
$f = STDIN;
$password = fgets($f);
$value = zen_encrypt_password($password);
echo "{$value}";
function dbAdminSetup()
{
$this->dbActivate();
$sql = "update " . DB_PREFIX . "admin set admin_name = '" . $this->db->prepareInput($this->configInfo['admin_username']) . "', admin_email = '" . $this->db->prepareInput($this->configInfo['admin_email']) . "', admin_pass = '******'admin_pass']) . "', pwd_last_change_date = 0, reset_token = '" . (time() + 72 * 60 * 60) . '}' . $this->db->prepareInput(zen_encrypt_password($this->configInfo['admin_pass'])) . "' where admin_id = 1";
$this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg());
// enable/disable automatic version-checking
$sql = "update " . DB_PREFIX . "configuration set configuration_value = '" . ($this->configInfo['check_for_updates'] ? 'true' : 'false') . "' where configuration_key = 'SHOW_VERSION_UPDATE_IN_HEADER'";
$this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg());
$this->db->Close();
}
/**
* Complete the step2 phase by creating accounts if needed, linking data, placing order, etc.
*/
function ec_step2_finish($paypal_ec_payer_info, $new_acct_notify)
{
global $db, $order;
// register the payer_info in the session
$_SESSION['paypal_ec_payer_info'] = $paypal_ec_payer_info;
// debug
$this->zcLog('ec_step2_finish - 1', 'START: paypal_ec_payer_info= ' . print_r($_SESSION['paypal_ec_payer_info'], true));
/**
* Building customer zone/address from returned data
*/
// set some defaults, which will be updated later:
$country_id = '223';
$address_format_id = 2;
$state_id = 0;
$acct_exists = false;
// store default address id for later use/reference
$original_default_address_id = $_SESSION['customer_default_address_id'];
// Get the customer's country ID based on name or ISO code
$sql = "SELECT countries_id, address_format_id, countries_iso_code_2, countries_iso_code_3\r\n FROM " . TABLE_COUNTRIES . "\r\n WHERE countries_iso_code_2 = :countryId\r\n OR countries_name = :countryId\r\n LIMIT 1";
$sql1 = $db->bindVars($sql, ':countryId', $paypal_ec_payer_info['ship_country_name'], 'string');
$country1 = $db->Execute($sql1);
$sql2 = $db->bindVars($sql, ':countryId', $paypal_ec_payer_info['ship_country_code'], 'string');
$country2 = $db->Execute($sql2);
// see if we found a record, if yes, then use it instead of default American format
if ($country1->RecordCount() > 0) {
$country_id = $country1->fields['countries_id'];
if (!isset($paypal_ec_payer_info['ship_country_code']) || $paypal_ec_payer_info['ship_country_code'] == '') {
$paypal_ec_payer_info['ship_country_code'] = $country1->fields['countries_iso_code_2'];
}
$country_code3 = $country1->fields['countries_iso_code_3'];
$address_format_id = (int) $country1->fields['address_format_id'];
} elseif ($country2->RecordCount() > 0) {
// if didn't find it based on name, check using ISO code (ie: in case of no-shipping-address required/supplied)
$country_id = $country2->fields['countries_id'];
$country_code3 = $country2->fields['countries_iso_code_3'];
$address_format_id = (int) $country2->fields['address_format_id'];
}
// Need to determine zone, based on zone name first, and then zone code if name fails check. Otherwise uses 0.
$sql = "SELECT zone_id\r\n FROM " . TABLE_ZONES . "\r\n WHERE zone_country_id = :zCountry\r\n AND zone_code = :zoneCode\r\n OR zone_name = :zoneCode\r\n LIMIT 1";
$sql = $db->bindVars($sql, ':zCountry', $country_id, 'integer');
$sql = $db->bindVars($sql, ':zoneCode', $paypal_ec_payer_info['ship_state'], 'string');
$states = $db->Execute($sql);
if ($states->RecordCount() > 0) {
$state_id = $states->fields['zone_id'];
}
/**
* Using the supplied data from PayPal, set the data into the order record
*/
// customer
$order->customer['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname'];
$order->customer['company'] = $paypal_ec_payer_info['payer_business'];
$order->customer['street_address'] = $paypal_ec_payer_info['ship_street_1'];
$order->customer['suburb'] = $paypal_ec_payer_info['ship_street_2'];
$order->customer['city'] = $paypal_ec_payer_info['ship_city'];
$order->customer['postcode'] = $paypal_ec_payer_info['ship_postal_code'];
$order->customer['state'] = $paypal_ec_payer_info['ship_state'];
$order->customer['country'] = array('id' => $country_id, 'title' => $paypal_ec_payer_info['ship_country_name'], 'iso_code_2' => $paypal_ec_payer_info['ship_country_code'], 'iso_code_3' => $country_code3);
$order->customer['country']['id'] = $country_id;
$order->customer['country']['iso_code_2'] = $paypal_ec_payer_info['ship_country_code'];
$order->customer['format_id'] = $address_format_id;
$order->customer['email_address'] = $paypal_ec_payer_info['payer_email'];
$order->customer['telephone'] = $paypal_ec_payer_info['ship_phone'];
$order->customer['zone_id'] = $state_id;
// billing
$order->billing['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname'];
$order->billing['company'] = $paypal_ec_payer_info['payer_business'];
$order->billing['street_address'] = $paypal_ec_payer_info['ship_street_1'];
$order->billing['suburb'] = $paypal_ec_payer_info['ship_street_2'];
$order->billing['city'] = $paypal_ec_payer_info['ship_city'];
$order->billing['postcode'] = $paypal_ec_payer_info['ship_postal_code'];
$order->billing['state'] = $paypal_ec_payer_info['ship_state'];
$order->billing['country'] = array('id' => $country_id, 'title' => $paypal_ec_payer_info['ship_country_name'], 'iso_code_2' => $paypal_ec_payer_info['ship_country_code'], 'iso_code_3' => $country_code3);
$order->billing['country']['id'] = $country_id;
$order->billing['country']['iso_code_2'] = $paypal_ec_payer_info['ship_country_code'];
$order->billing['format_id'] = $address_format_id;
$order->billing['zone_id'] = $state_id;
// delivery
if ($_SESSION['paypal_ec_payer_info']['ship_address_status'] != 'None') {
$order->delivery['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname'];
$order->delivery['company'] = $paypal_ec_payer_info['payer_business'];
$order->delivery['street_address'] = $paypal_ec_payer_info['ship_street_1'];
$order->delivery['suburb'] = $paypal_ec_payer_info['ship_street_2'];
$order->delivery['city'] = $paypal_ec_payer_info['ship_city'];
$order->delivery['postcode'] = $paypal_ec_payer_info['ship_postal_code'];
$order->delivery['state'] = $paypal_ec_payer_info['ship_state'];
$order->delivery['country'] = array('id' => $country_id, 'title' => $paypal_ec_payer_info['ship_country_name'], 'iso_code_2' => $paypal_ec_payer_info['ship_country_code'], 'iso_code_3' => $country_code3);
$order->delivery['country_id'] = $country_id;
$order->delivery['format_id'] = $address_format_id;
$order->delivery['zone_id'] = $state_id;
}
// debug
$this->zcLog('ec_step2_finish - 2', 'country_id = ' . $country_id . ' ' . $paypal_ec_payer_info['ship_country_name'] . ' ' . $paypal_ec_payer_info['ship_country_code'] . "\naddress_format_id = " . $address_format_id . "\nstate_id = " . $state_id . ' (original state tested: ' . $paypal_ec_payer_info['ship_state'] . ')' . "\ncountry1->fields['countries_id'] = " . $country1->fields['countries_id'] . "\ncountry2->fields['countries_id'] = " . $country2->fields['countries_id'] . "\n" . '$order = ' . print_r($order, true));
// check to see whether PayPal should still be offered to this customer, based on the zone of their address:
$this->update_status();
if (!$this->enabled) {
$this->terminateEC(MODULE_PAYMENT_PAYPALWPP_TEXT_INVALID_ZONE_ERROR, true, FILENAME_SHOPPING_CART);
}
// see if the user is logged in
if (!empty($_SESSION['customer_first_name']) && !empty($_SESSION['customer_id'])) {
// They're logged in, so forward them straight to checkout stages, depending on address needs etc
$order->customer['id'] = $_SESSION['customer_id'];
// set the session value for express checkout temp
$_SESSION['paypal_ec_temp'] = false;
// if no address required for shipping, leave shipping portion alone
if ($_SESSION['paypal_ec_payer_info']['ship_address_status'] != 'None' && $_SESSION['paypal_ec_payer_info']['ship_street_1'] != '') {
// set the session info for the sendto
$_SESSION['sendto'] = $_SESSION['customer_default_address_id'];
// This is the address matching section
// try to match it first
// note: this is by no means 100%
$address_book_id = $this->findMatchingAddressBookEntry($_SESSION['customer_id'], $order->delivery);
// no match, so add the record
if (!$address_book_id) {
$address_book_id = $this->addAddressBookEntry($_SESSION['customer_id'], $order->delivery, false);
}
// set the address for use
$_SESSION['sendto'] = $address_book_id;
}
// set the users billto information (default address)
if (!isset($_SESSION['billto'])) {
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
}
// debug
$this->zcLog('ec_step2_finish - 3', 'Exiting ec_step2_finish logged-in mode.' . "\n" . 'Selected address: ' . $address_book_id . "\nOriginal was: " . $original_default_address_id);
// select a shipping method, based on cheapest available option
if (MODULE_PAYMENT_PAYPALWPP_AUTOSELECT_CHEAPEST_SHIPPING == 'Yes') {
$this->setShippingMethod();
}
// send the user on
if ($_SESSION['paypal_ec_markflow'] == 1) {
$this->terminateEC('', false, FILENAME_CHECKOUT_PROCESS);
} else {
$this->terminateEC('', false, FILENAME_CHECKOUT_CONFIRMATION);
}
} else {
// They're not logged in. Create an account if necessary, and then log them in.
// First, see if they're an existing customer, and log them in automatically
// If Paypal didn't supply us an email address, something went wrong
if (trim($paypal_ec_payer_info['payer_email']) == '') {
$this->terminateEC(MODULE_PAYMENT_PAYPALWPP_INVALID_RESPONSE, true);
}
// attempt to obtain the user information using the payer_email from the info returned from PayPal, via email address
$sql = "SELECT customers_id, customers_firstname, customers_lastname, customers_paypal_payerid, customers_paypal_ec\r\n FROM " . TABLE_CUSTOMERS . "\r\n WHERE customers_email_address = :emailAddress ";
$sql = $db->bindVars($sql, ':emailAddress', $paypal_ec_payer_info['payer_email'], 'string');
$check_customer = $db->Execute($sql);
// debug
$this->zcLog('ec_step2_finish - 4', 'Not logged in. Looking for account.' . "\n" . $sql . "\n" . print_r($check_customer, true));
if (!$check_customer->EOF) {
$acct_exists = true;
// see if this was only a temp account -- if so, remove it
if ($check_customer->fields['customers_paypal_ec'] == '1') {
// Delete the existing temporary account
$this->ec_delete_user($check_customer->fields['customers_id']);
$acct_exists = false;
// debug
$this->zcLog('ec_step2_finish - 5', 'Found temporary account - deleting it.');
}
}
// Create an account, if the account does not exist
if (!$acct_exists) {
// debug
$this->zcLog('ec_step2_finish - 6', 'No ZC account found for this customer. Creating new account.' . "\n" . '$this->new_acct_notify =' . $this->new_acct_notify);
// Generate a random 8-char password
$password = zen_create_random_value(8);
$sql_data_array = array();
// set the customer information in the array for the table insertion
$sql_data_array = array('customers_firstname' => $paypal_ec_payer_info['payer_firstname'], 'customers_lastname' => $paypal_ec_payer_info['payer_lastname'], 'customers_email_address' => $paypal_ec_payer_info['payer_email'], 'customers_telephone' => $paypal_ec_payer_info['ship_phone'], 'customers_fax' => '', 'customers_gender' => $paypal_ec_payer_info['payer_gender'], 'customers_newsletter' => '0', 'customers_password' => zen_encrypt_password($password), 'customers_paypal_payerid' => $_SESSION['paypal_ec_payer_id']);
// insert the data
$result = zen_db_perform(TABLE_CUSTOMERS, $sql_data_array);
// grab the customer_id (last insert id)
$customer_id = $db->Insert_ID();
// set the Guest customer ID -- for PWA purposes
$_SESSION['customer_guest_id'] = $customer_id;
// set the customer address information in the array for the table insertion
$sql_data_array = array('customers_id' => $customer_id, 'entry_gender' => $paypal_ec_payer_info['payer_gender'], 'entry_firstname' => $paypal_ec_payer_info['payer_firstname'], 'entry_lastname' => $paypal_ec_payer_info['payer_lastname'], 'entry_street_address' => $paypal_ec_payer_info['ship_street_1'], 'entry_suburb' => $paypal_ec_payer_info['ship_street_2'], 'entry_city' => $paypal_ec_payer_info['ship_city'], 'entry_zone_id' => $state_id, 'entry_postcode' => $paypal_ec_payer_info['ship_postal_code'], 'entry_country_id' => $country_id);
if ($state_id > 0) {
$sql_data_array['entry_zone_id'] = $state_id;
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = 0;
$sql_data_array['entry_state'] = $paypal_ec_payer_info['ship_state'];
}
// insert the data
zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
// grab the address_id (last insert id)
$address_id = $db->Insert_ID();
// set the address id lookup for the customer
$sql = "UPDATE " . TABLE_CUSTOMERS . "\r\n SET customers_default_address_id = :addrID\r\n WHERE customers_id = :custID";
$sql = $db->bindVars($sql, ':addrID', $address_id, 'integer');
$sql = $db->bindVars($sql, ':custID', $customer_id, 'integer');
$db->Execute($sql);
// insert the new customer_id into the customers info table for consistency
$sql = "INSERT INTO " . TABLE_CUSTOMERS_INFO . "\r\n (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created)\r\n VALUES (:custID, 0, now())";
$sql = $db->bindVars($sql, ':custID', $customer_id, 'integer');
$db->Execute($sql);
// send Welcome Email if appropriate
if ($this->new_acct_notify == 'Yes') {
// require the language file
global $language_page_directory, $template_dir;
if (!isset($language_page_directory)) {
$language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/';
}
if (file_exists($language_page_directory . $template_dir . '/create_account.php')) {
$template_dir_select = $template_dir . '/';
} else {
$template_dir_select = '';
}
require $language_page_directory . $template_dir_select . '/create_account.php';
// set the mail text
$email_text = sprintf(EMAIL_GREET_NONE, $paypal_ec_payer_info['payer_firstname']) . EMAIL_WELCOME . EMAIL_TEXT;
$email_text .= "\n\n" . EMAIL_EC_ACCOUNT_INFORMATION . "\nUsername: "******"\nPassword: "******"\n\n";
$email_text .= EMAIL_CONTACT;
// send the mail
zen_mail($paypal_ec_payer_info['payer_firstname'] . " " . $paypal_ec_payer_info['payer_lastname'], $paypal_ec_payer_info['payer_email'], EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($email_text)), 'welcome');
// set the express checkout temp -- false means the account is no longer "only" for EC ... it'll be permanent
$_SESSION['paypal_ec_temp'] = false;
} else {
// Make it a temporary account that'll be deleted once they've checked out
$sql = "UPDATE " . TABLE_CUSTOMERS . "\r\n SET customers_paypal_ec = 1\r\n WHERE customers_id = :custID ";
$sql = $db->bindVars($sql, ':custID', $customer_id, 'integer');
$db->Execute($sql);
// set the boolean ec temp value since we created account strictly for EC purposes
$_SESSION['paypal_ec_temp'] = true;
}
// hook notifier class vis a vis account-creation
$this->notify('NOTIFY_LOGIN_SUCCESS_VIA_CREATE_ACCOUNT');
} else {
// set the boolean ec temp value for the account to false, since we didn't have to create one
$_SESSION['paypal_ec_temp'] = false;
}
// log the user in with the email sent back from paypal response
$this->user_login($_SESSION['paypal_ec_payer_info']['payer_email'], false);
// debug
$this->zcLog('ec_step2_finish - 7', 'Auto-Logged customer in. (' . $_SESSION['paypal_ec_payer_info']['payer_email'] . ') (' . $_SESSION['customer_id'] . ')' . "\n" . '$_SESSION[paypal_ec_temp]=' . $_SESSION['paypal_ec_temp']);
// This is the address matching section
// try to match it first
// note: this is by no means 100%
$address_book_id = $this->findMatchingAddressBookEntry($_SESSION['customer_id'], $order->delivery);
// no match add the record
if (!$address_book_id) {
$address_book_id = $this->addAddressBookEntry($_SESSION['customer_id'], $order->delivery, false);
if (!$address_book_id) {
$address_book_id = $_SESSION['customer_default_address_id'];
}
}
// set the sendto to the address
$_SESSION['sendto'] = $address_book_id;
// set billto in the session
$_SESSION['billto'] = $_SESSION['customer_default_address_id'];
// select a shipping method, based on cheapest available option
if (MODULE_PAYMENT_PAYPALWPP_AUTOSELECT_CHEAPEST_SHIPPING == 'Yes') {
$this->setShippingMethod();
}
// debug
$this->zcLog('ec_step2_finish - 8', 'Exiting via terminateEC (from originally-not-logged-in mode).' . "\n" . 'Selected address: ' . $address_book_id . "\nOriginal was: " . $original_default_address_id . "\nprepared data: " . print_r($order->delivery, true));
// send the user on
if ($_SESSION['paypal_ec_markflow'] == 1) {
$this->terminateEC('', false, FILENAME_CHECKOUT_PROCESS);
} else {
$this->terminateEC('', false, FILENAME_CHECKOUT_CONFIRMATION);
}
}
}
} else {
$error = true;
$messageStack->add('email_edit', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
break;
case 'password_edit':
$switchbox = 'password_edit';
$password_current = zen_db_prepare_input($_POST['existing_password_1']);
$new_password = zen_db_prepare_input($_POST['password']);
$error = false;
$check_customer_query = "SELECT customers_password\n\t\t\t FROM " . TABLE_CUSTOMERS . "\n\t\t\t WHERE customers_id = :customersID";
$check_customer_query = $db->bindVars($check_customer_query, ':customersID', $_SESSION['customer_id'], 'integer');
$check_customer = $db->Execute($check_customer_query);
if (zen_validate_password($password_current, $check_customer->fields['customers_password'])) {
if ($error == false) {
$sql_data_array = array(array('fieldName' => 'customers_password', 'value' => zen_encrypt_password($new_password), 'type' => 'string'));
$where_clause = "customers_id = :customersID";
$where_clause = $db->bindVars($where_clause, ':customersID', $_SESSION['customer_id'], 'integer');
$db->perform(TABLE_CUSTOMERS, $sql_data_array, 'update', $where_clause);
$sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\n\t\t\t\t\t SET customers_info_date_account_last_modified = now()\n\t\t\t\t\t WHERE customers_info_id = :customersID";
$sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
$db->Execute($sql);
$zco_notifier->notify('NOTIFY_HEADER_ACCOUNT_EDIT_UPDATES_COMPLETE');
// reset the session variables
$messageStack->add('password_edit', SUCCESS_ACCOUNT_UPDATED, 'success');
}
} else {
$error = true;
$messageStack->add('password_edit', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
break;
