} //valid password if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add_session('easy_createaccount', ENTRY_PASSWORD_ERROR); } elseif ($password != $confirmation) { $error = true; $messageStack->add_session('easy_createaccount', ENTRY_PASSWORD_ERROR_NOT_MATCHING); } if ($error == true) { // hook notifier class $zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT'); // redirect back to login page zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); } else { $sql_data_array = array('customers_email_address' => $email_address, 'customers_password' => zen_encrypt_password($password), 'customers_nick' => $nick, 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION); if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') { $sql_data_array['customers_referral'] = $customers_referral; } /* if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender; if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = (empty($_POST['dob']) || $dob_entered == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']));*/ zen_db_perform(TABLE_CUSTOMERS, $sql_data_array); $_SESSION['customer_id'] = $db->Insert_ID(); $_SESSION['shipping'] = ''; $sql = "insert into " . TABLE_CUSTOMERS_INFO . "\n\t\t\t (customers_info_id, customers_info_number_of_logons,\n\t\t\t customers_info_date_account_created)\n values ('" . (int) $_SESSION['customer_id'] . "', '0', now())"; $db->Execute($sql); // BEGIN newsletter_subscribe mod 1/1 // If a newsletter only account exists we update the info, // but keep the subscription active, and give them a message that to // change they should do so on their account page (after creation). if (defined('NEWSONLY_SUBSCRIPTION_ENABLED') && NEWSONLY_SUBSCRIPTION_ENABLED == 'true') {
} else { $entry_antirobotreg_error = false; } } if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('create_account', ENTRY_PASSWORD_ERROR); } elseif ($password != $confirmation) { $error = true; $messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING); } if ($error == true) { // hook notifier class $zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT'); } else { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_nick' => $nick, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_default_address_id' => 0, 'customers_password' => zen_encrypt_password($password), 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION); if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') { $sql_data_array['customers_referral'] = $customers_referral; } if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = empty($_POST['dob']) || $dob_entered == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']); } zen_db_perform(TABLE_CUSTOMERS, $sql_data_array); $_SESSION['customer_id'] = $db->Insert_ID(); $zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD', array_merge(array('customer_id' => $_SESSION['customer_id']), $sql_data_array)); $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country); if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender;
$admin_email = zen_db_prepare_input($_POST['admin_email']); $password_new = zen_db_prepare_input($password_new); $admin_level = zen_db_prepare_input($_POST['admin_level']); $password_new = zen_db_prepare_input($password_new); $sql_data_array = array('admin_name' => $admin_name, 'admin_email' => $admin_email, 'admin_level' => $admin_level); if ($action == 'insert') { $insert_sql_data = array('admin_pass' => zen_encrypt_password($password_new)); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); zen_db_perform(TABLE_ADMIN, $sql_data_array); $admin_id = zen_db_insert_id(); $admins_id = $admin_id; } elseif ($action == 'save') { zen_db_perform(TABLE_ADMIN, $sql_data_array, 'update', "admin_id = '" . (int) $admins_id . "'"); $db->Execute("Update " . TABLE_CONFIGURATION . " set configuration_value='" . $_POST['demo_status'] . "' where configuration_key='ADMIN_DEMO'"); } elseif ($action == 'reset') { $update_sql_data = array('admin_pass' => zen_encrypt_password($password_new)); $sql_data_array = array_merge($sql_data_array, $update_sql_data); zen_db_perform(TABLE_ADMIN, $sql_data_array, 'update', "admin_id = '" . (int) $admins_id . "'"); } // end action check zen_redirect(zen_href_link(FILENAME_ADMIN, (isset($_GET['page']) ? 'page=' . $_GET['page'] . '&' : '') . 'adminID=' . $admins_id)); } // end error check //echo $action; // zen_redirect(zen_href_link(FILENAME_ADMIN, (isset($_GET['page']) ? 'page=' . '&' : '') . 'adminID=' . $admins_id)); break; // ---------------------------------------------------------------------------------------------------------------------------------------------------------------- // ---------------------------------------------------------------------------------------------------------------------------------------------------------------- // ---------------------------------------------------------------------------------------------------------------------------------------------------------------- // ---------------------------------------------------------------------------------------------------------------------------------------------------------------- case 'deleteconfirm':
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = "SELECT customers_password, customers_nick\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_id = :customersID"; $check_customer_query = $db->bindVars($check_customer_query, ':customersID', $_SESSION['customer_id'], 'integer'); $check_customer = $db->Execute($check_customer_query); if (zen_validate_password($password_current, $check_customer->fields['customers_password'])) { $nickname = $check_customer->fields['customers_nick']; $sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password \n WHERE customers_id = :customersID"; $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer'); $sql = $db->bindVars($sql, ':password', zen_encrypt_password($password_new), 'string'); $db->Execute($sql); $sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\n SET customers_info_date_account_last_modified = now()\n WHERE customers_info_id = :customersID"; $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer'); $db->Execute($sql); if ($phpBB->phpBB['installed'] == true) { if (zen_not_null($nickname) && $nickname != '') { $phpBB->phpbb_change_password($nickname, $password_new); } } $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL')); } else { $error = true; $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); }
function module_visitor_to_account($return = array()) { global $db, $messageStack, $zco_notifier; $return = $this->zoneOptions($return); $process = false; /** * Process form contents */ if (isset($_POST['action']) && $_POST['action'] == 'process') { $process = true; $return['error'] = false; $return['error_messages'] = array(); $return = $this->prosessPrivacyConditions($return); $return = $this->processGender($return); $return = $this->processNames($return); $return = $this->processNick($return); $return = $this->processDOB($return); $return = $this->processEmailAddress($return); $return = $this->processAddress($return); $return = $this->processEmailFormat($return); $return = $this->processCustomersAuthorization($return); $return = $this->processCustomersReferral($return); $return = $this->processNewsletter($return); $return = $this->processPassword($return); if (count($return['error_messages']) > 0) { foreach ($return['error_messages'] as $error_message) { $messageStack->add('create_account', $error_message['message'], $error_message['type']); } } if ($return['error'] == true) { // hook notifier class $zco_notifier->notify('NOTIFY_FAILURE_DURING_VISITOR_TO_ACCOUNT'); } else { extract($return); $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_nick' => $nick, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_password' => zen_encrypt_password($password), 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION); // ->furikana if (FURIKANA_NESESSARY) { $sql_data_array['customers_firstname_kana'] = $firstname_kana; $sql_data_array['customers_lastname_kana'] = $lastname_kana; } // <-furikana if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') { $sql_data_array['customers_referral'] = $customers_referral; } if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } // if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = zen_date_raw($dob); if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']); } zen_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "'"); // delete a visitor $db->Execute("delete from " . TABLE_VISITORS . "\r\n where visitors_id = '" . (int) $_SESSION['visitors_id'] . "'"); unset($_SESSION['visitors_id']); $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_telephone' => $telephone, 'entry_fax' => $fax, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country); // ->furikana if (FURIKANA_NESESSARY) { $sql_data_array['entry_firstname_kana'] = $firstname_kana; $sql_data_array['entry_lastname_kana'] = $lastname_kana; } // <-furikana if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } if (ACCOUNT_COMPANY == 'true') { $sql_data_array['entry_company'] = $company; } if (ACCOUNT_SUBURB == 'true') { $sql_data_array['entry_suburb'] = $suburb; } if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = $zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int) $_SESSION['customer_id'] . "' and address_book_id = '" . (int) $_SESSION['customer_default_address_id'] . "'"); $sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\r\n SET customers_info_date_account_last_modified = now()\r\n WHERE customers_info_id = :customersID"; $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer'); // phpBB create account if ($phpBB->phpBB['installed'] == true) { $phpBB->phpbb_create_account($nick, $password, $email_address); } // End phppBB create account $_SESSION['customer_first_name'] = $firstname; $_SESSION['customer_last_name'] = $lastname; // ->furikana if (FURIKANA_NESESSARY) { $_SESSION['customer_first_name_kana'] = $firstname_kana; $_SESSION['customer_last_name_kana'] = $lastname_kana; } // <-furikana $_SESSION['customer_country_id'] = $country; $_SESSION['customer_zone_id'] = $zone_id; // restore cart contents $_SESSION['cart']->restore_contents(); // hook notifier class $zco_notifier->notify('NOTIFY_LOGIN_SUCCESS_VIA_VISITOR_TO_ACCOUNT'); // build the message content $name = $firstname . ' ' . $lastname; if (ACCOUNT_GENDER == 'true') { if ($gender == 'm') { $email_text = sprintf(EMAIL_GREET_MR, $name); } else { $email_text = sprintf(EMAIL_GREET_MS, $name); } } else { $email_text = sprintf(EMAIL_GREET_NONE, $name); } $html_msg['EMAIL_GREETING'] = str_replace('\\n', '', $email_text); $html_msg['EMAIL_FIRST_NAME'] = $firstname; $html_msg['EMAIL_LAST_NAME'] = $lastname; // initial welcome $email_text .= EMAIL_WELCOME; $html_msg['EMAIL_WELCOME'] = str_replace('\\n', '', EMAIL_WELCOME); if (NEW_SIGNUP_DISCOUNT_COUPON != '' and NEW_SIGNUP_DISCOUNT_COUPON != '0') { $coupon_id = NEW_SIGNUP_DISCOUNT_COUPON; $coupon = $db->Execute("select * from " . TABLE_COUPONS . " where coupon_id = '" . $coupon_id . "'"); $coupon_desc = $db->Execute("select coupon_description from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . $coupon_id . "' and language_id = '" . $_SESSION['languages_id'] . "'"); $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $coupon_id . "', '0', 'Admin', '" . $email_address . "', now() )"); // if on, add in Discount Coupon explanation // $email_text .= EMAIL_COUPON_INCENTIVE_HEADER . $email_text .= "\n" . EMAIL_COUPON_INCENTIVE_HEADER . (!empty($coupon_desc->fields['coupon_description']) ? $coupon_desc->fields['coupon_description'] . "\n\n" : '') . strip_tags(sprintf(EMAIL_COUPON_REDEEM, ' ' . $coupon->fields['coupon_code'])) . EMAIL_SEPARATOR; $html_msg['COUPON_TEXT_VOUCHER_IS'] = EMAIL_COUPON_INCENTIVE_HEADER; $html_msg['COUPON_DESCRIPTION'] = !empty($coupon_desc->fields['coupon_description']) ? '<strong>' . $coupon_desc->fields['coupon_description'] . '</strong>' : ''; $html_msg['COUPON_TEXT_TO_REDEEM'] = str_replace("\n", '', sprintf(EMAIL_COUPON_REDEEM, '')); $html_msg['COUPON_CODE'] = $coupon->fields['coupon_code']; } //endif coupon if (NEW_SIGNUP_GIFT_VOUCHER_AMOUNT > 0) { $coupon_code = zen_create_coupon_code(); $insert_query = $db->Execute("insert into " . TABLE_COUPONS . " (coupon_code, coupon_type, coupon_amount, date_created) values ('" . $coupon_code . "', 'G', '" . NEW_SIGNUP_GIFT_VOUCHER_AMOUNT . "', now())"); $insert_id = $db->Insert_ID(); $db->Execute("insert into " . TABLE_COUPON_EMAIL_TRACK . " (coupon_id, customer_id_sent, sent_firstname, emailed_to, date_sent) values ('" . $insert_id . "', '0', 'Admin', '" . $email_address . "', now() )"); // if on, add in GV explanation $email_text .= "\n\n" . sprintf(EMAIL_GV_INCENTIVE_HEADER, $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT)) . sprintf(EMAIL_GV_REDEEM, $coupon_code) . EMAIL_GV_LINK . zen_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false) . "\n\n" . EMAIL_GV_LINK_OTHER . EMAIL_SEPARATOR; $html_msg['GV_WORTH'] = str_replace('\\n', '', sprintf(EMAIL_GV_INCENTIVE_HEADER, $currencies->format(NEW_SIGNUP_GIFT_VOUCHER_AMOUNT))); $html_msg['GV_REDEEM'] = str_replace('\\n', '', str_replace('\\n\\n', '<br />', sprintf(EMAIL_GV_REDEEM, '<strong>' . $coupon_code . '</strong>'))); $html_msg['GV_CODE_NUM'] = $coupon_code; $html_msg['GV_CODE_URL'] = str_replace('\\n', '', EMAIL_GV_LINK . '<a href="' . zen_href_link(FILENAME_GV_REDEEM, 'gv_no=' . $coupon_code, 'NONSSL', false) . '">' . TEXT_GV_NAME . ': ' . $coupon_code . '</a>'); $html_msg['GV_LINK_OTHER'] = EMAIL_GV_LINK_OTHER; } // endif voucher // add in regular email welcome text $email_text .= "\n\n" . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_GV_CLOSURE; $html_msg['EMAIL_MESSAGE_HTML'] = str_replace('\\n', '', EMAIL_TEXT); $html_msg['EMAIL_CONTACT_OWNER'] = str_replace('\\n', '', EMAIL_CONTACT); $html_msg['EMAIL_CLOSURE'] = nl2br(EMAIL_GV_CLOSURE); // include create-account-specific disclaimer $email_text .= "\n\n" . sprintf(EMAIL_DISCLAIMER_NEW_CUSTOMER, STORE_OWNER_EMAIL_ADDRESS) . "\n\n"; $html_msg['EMAIL_DISCLAIMER'] = sprintf(EMAIL_DISCLAIMER_NEW_CUSTOMER, '<a href="mailto:' . STORE_OWNER_EMAIL_ADDRESS . '">' . STORE_OWNER_EMAIL_ADDRESS . ' </a>'); // send welcome email zen_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_NAME, EMAIL_FROM, $html_msg, 'welcome'); // send additional emails if (SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO_STATUS == '1' and SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO != '') { if ($_SESSION['customer_id']) { $account_query = "select customers_firstname, customers_lastname, customers_email_address\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'"; $account = $db->Execute($account_query); } $extra_info = email_collect_extra_info($name, $email_address, $account->fields['customers_firstname'] . ' ' . $account->fields['customers_lastname'], $account->fields['customers_email_address']); $html_msg['EXTRA_INFO'] = $extra_info['HTML']; zen_mail('', SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO, SEND_EXTRA_CREATE_ACCOUNT_EMAILS_TO_SUBJECT . ' ' . EMAIL_SUBJECT, $email_text . $extra_info['TEXT'], STORE_NAME, EMAIL_FROM, $html_msg, 'welcome_extra'); } //endif send extra emails $_SESSION['navigation']->clear_snapshot(); zen_redirect(zen_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL')); } //endif !error } else { $return = $this->getFormDefault($return); } return $return; }
$error_check = false; if (isset($_POST['submit'])) { if (!$_POST['admin_email']) { $error_check = true; $email_message = ERROR_WRONG_EMAIL_NULL; } $admin_email = zen_db_prepare_input($_POST['admin_email']); $sql = "select admin_id, admin_name, admin_email, admin_pass from " . TABLE_ADMIN . " where admin_email = '" . zen_db_input($admin_email) . "'"; $result = $db->Execute($sql); if (!($admin_email == $result->fields['admin_email'])) { $error_check = true; $email_message = ERROR_WRONG_EMAIL; } if ($error_check == false) { $new_password = zen_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $admin_pass = zen_encrypt_password($new_password); $sql = "update " . TABLE_ADMIN . " set admin_pass = '******' where admin_email = '" . $result->fields['admin_email'] . "'"; $db->Execute($sql); $html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name']; $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE, $new_password); zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT, sprintf(TEXT_EMAIL_MESSAGE, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin'); $email_message = SUCCESS_PASSWORD_SENT; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" <?php echo HTML_PARAMS; ?> > <head>
function dbAdminSetup() { $this->dbActivate(); // can likely remove this line for v1.4 $sql = "update " . DB_PREFIX . "admin set admin_name = '" . $this->configInfo['admin_username'] . "', admin_email = '" . $this->configInfo['admin_email'] . "', admin_pass = '******'admin_pass']) . "' where admin_id = 1"; $this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg()); // enable/disable automatic version-checking $sql = "update " . DB_PREFIX . "configuration set configuration_value = '" . ($this->configInfo['check_for_updates'] ? 'true' : 'false') . "' where configuration_key = 'SHOW_VERSION_UPDATE_IN_HEADER'"; $this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg()); $this->db->Close(); }
// BEGIN SLAM PREVENTION if ($_POST['email_address'] != '') { if (!isset($_SESSION['login_attempt'])) { $_SESSION['login_attempt'] = 0; } $_SESSION['login_attempt']++; } // END SLAM PREVENTION $email_address = zen_db_prepare_input($_POST['email_address']); $check_customer_query = "SELECT customers_firstname, customers_lastname, customers_password, customers_id\n FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = :emailAddress"; $check_customer_query = $db->bindVars($check_customer_query, ':emailAddress', $email_address, 'string'); $check_customer = $db->Execute($check_customer_query); if ($check_customer->RecordCount() > 0) { $zco_notifier->notify('NOTIFY_PASSWORD_FORGOTTEN_VALIDATED'); $new_password = zen_create_PADSS_password(ENTRY_PASSWORD_MIN_LENGTH > 0 ? ENTRY_PASSWORD_MIN_LENGTH : 5); $crypted_password = zen_encrypt_password($new_password); $sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID"; $sql = $db->bindVars($sql, ':password', $crypted_password, 'string'); $sql = $db->bindVars($sql, ':customersID', $check_customer->fields['customers_id'], 'integer'); $db->Execute($sql); $html_msg['EMAIL_CUSTOMERS_NAME'] = $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname']; $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password); // send the email zen_mail($check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten'); $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success'); zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); } else { $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND); } } $breadcrumb->add(NAVBAR_TITLE_1, zen_href_link(FILENAME_LOGIN, '', 'SSL'));
$how_know_web = zen_db_prepare_input($_POST['how_know_web']); } else { $how_know_web = 0; } $check_email_query = "select count(*) as total\n from " . TABLE_CUSTOMERS . "\n where customers_email_address = '" . zen_db_input($email_address) . "'"; $check_email = $db->Execute($check_email_query); if ($check_email->fields['total'] > 0) { $error = true; $messageStack->add_session('login', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS); zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); } if ($error == true) { // hook notifier class $zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT'); } else { $sql_data_array = array('customers_lastname' => 'New Customer', 'customers_email_address' => $email_address, 'customers_newsletter' => (int) $newsletter, 'customers_email_format' => $email_format, 'customers_default_address_id' => 0, 'customers_password' => zen_encrypt_password($password), 'customers_describes' => $describes, 'customers_referral' => $customers_referral, 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION); zen_db_perform(TABLE_CUSTOMERS, $sql_data_array); $_SESSION['customer_id'] = $db->Insert_ID(); $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'from_type_id' => $how_know_web); zen_db_perform(TABLE_ORIGIN, $sql_data_array); $freq_type_id = $how_know_web; $sql_update_origin = "UPDATE " . TABLE_ORIGIN_FREQ . " SET `from_type_freq` = `from_type_freq` +'1' WHERE `from_type_id` = " . $freq_type_id . " LIMIT 1 ; "; $db->Execute($sql_update_origin); $zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD', array_merge(array('customer_id' => $_SESSION['customer_id']), $sql_data_array)); $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_company' => $company); zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $address_id = $db->Insert_ID(); $zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_ADDRESS_BOOK_RECORD', array_merge(array('address_id' => $address_id), $sql_data_array)); $sql = "update " . TABLE_CUSTOMERS . "\n set customers_default_address_id = '" . (int) $address_id . "'\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'"; $db->Execute($sql); $sql = "insert into " . TABLE_CUSTOMERS_INFO . "\n (customers_info_id, customers_info_number_of_logons,\n customers_info_date_account_created)\n values ('" . (int) $_SESSION['customer_id'] . "', '0', now())";
function email_templates_make_new_passord($customers_id, $email_address) { global $db; $new_password = zen_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $crypted_password = zen_encrypt_password($new_password); $sql = "UPDATE " . TABLE_CUSTOMERS . "\n SET customers_password = :password\n WHERE customers_id = :customersID"; $sql = $db->bindVars($sql, ':password', $crypted_password, 'string'); $sql = $db->bindVars($sql, ':customersID', $customers_id, 'integer'); $db->Execute($sql); return $new_password; }
$customer_exists = $db->Execute("select customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . makeSqlString($data[$root]['buyer-billing-address']['email']['VALUE']) . "'"); // Check if the GC buyer id exists $customer_info = $db->Execute("select gct.customers_id from " . $googlepayment->table_name . " gct " . " inner join " . TABLE_CUSTOMERS . " tc on gct.customers_id = tc.customers_id " . " where gct.buyer_id = " . makeSqlString($data[$root]['buyer-id']['VALUE'])); $new_user = false; // Ignore session to avoid mix of Cart-GC sessions/emails // GC email is the most important one // if ((isset($_SESSION['customer_id']) && $_SESSION['customer_id'] != '') // || $customer_exists->RecordCount() != 0) { if ($customer_exists->RecordCount() != 0) { $_SESSION['customer_id'] = $customer_exists->fields['customers_id']; } else { if ($customer_info->RecordCount() != 0) { $_SESSION['customer_id'] = $customer_info->fields['customers_id']; } else { list($firstname, $lastname) = explode(' ', makeSqlString($data[$root]['buyer-billing-address']['contact-name']['VALUE']), 2); $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $data[$root]['buyer-billing-address']['email']['VALUE'], 'customers_nick' => '', 'customers_telephone' => $data[$root]['buyer-billing-address']['phone']['VALUE'], 'customers_fax' => $data[$root]['buyer-billing-address']['fax']['VALUE'], 'customers_default_address_id' => 0, 'customers_password' => zen_encrypt_password(makeSqlString($data[$root]['buyer-id']['VALUE'])), 'customers_newsletter' => $data[$root]['buyer-marketing-preferences']['email-allowed']['VALUE'] == 'true' ? 1 : 0); if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = 'now()'; } zen_db_perform(TABLE_CUSTOMERS, $sql_data_array); $_SESSION['customer_id'] = $db->Insert_ID(); $db->Execute("insert into " . TABLE_CUSTOMERS_INFO . "\n (customers_info_id, customers_info_number_of_logons,\n customers_info_date_account_created)\n values ('" . (int) $_SESSION['customer_id'] . "', '0', now())"); /* $db->Execute("insert into " . $googlepayment->table_name . " " . " values ( " . $_SESSION['customer_id'] . ", " . $data[$root]['buyer-id']['VALUE'] . ")");*/ $new_user = true; } } // thx ZachAnderson ;) $customer_in_gc = $db->Execute("select gct.customers_id from " . $googlepayment->table_name . " gct " . " where gct.buyer_id = " . makeSqlString($data[$root]['buyer-id']['VALUE'])); if ($customer_in_gc->RecordCount() == 0) {
$admin_pass_confirm = zen_db_prepare_input($_POST['admin_pass_confirm']); if (isset($_POST['check_for_updates']) && $_POST['check_for_updates'] == '1') { $check_for_updates = 1; } else { $check_for_updates = 0; } $zc_install->isEmpty($admin_username, ERROR_TEXT_ADMIN_USERNAME_ISEMPTY, ERROR_CODE_ADMIN_USERNAME_ISEMPTY); $zc_install->isEmpty($admin_email, ERROR_TEXT_ADMIN_EMAIL_ISEMPTY, ERROR_CODE_ADMIN_EMAIL_ISEMPTY); $zc_install->isEmail($admin_email, ERROR_TEXT_ADMIN_EMAIL_NOTEMAIL, ERROR_CODE_ADMIN_EMAIL_NOTEMAIL); $zc_install->isEmpty($admin_pass, ERROR_TEXT_ADMIN_PASS_ISEMPTY, ERROR_CODE_ADMIN_PASS_ISEMPTY); $zc_install->isEqual($admin_pass, $admin_pass_confirm, ERROR_TEXT_ADMIN_PASS_NOTEQUAL, ERROR_CODE_ADMIN_PASS_NOTEQUAL); if (!$zc_install->error) { require '../includes/classes/db/' . DB_TYPE . '/query_factory.php'; $db = new queryFactory(); $db->Connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE) or die("Unable to connect to database"); $sql = "update " . DB_PREFIX . "admin set admin_name = '" . $admin_username . "', admin_email = '" . $admin_email . "', admin_pass = '******' where admin_id = 1"; $db->Execute($sql) or die("Error in query: {$sql}" . $db->ErrorMsg()); // enable/disable automatic version-checking $sql = "update " . DB_PREFIX . "configuration set configuration_value = '" . ($check_for_updates ? 'true' : 'false') . "' where configuration_key = 'SHOW_VERSION_UPDATE_IN_HEADER'"; $db->Execute($sql) or die("Error in query: {$sql}" . $db->ErrorMsg()); $db->Close(); header('location: index.php?main_page=finished&language=' . $language); exit; } } if (!isset($_POST['admin_username'])) { $_POST['admin_username'] = ''; } if (!isset($_POST['admin_email'])) { $_POST['admin_email'] = ''; }
function zen_reset_password($id, $password, $compare) { global $db; $errors = array(); $id = (int) $id; if ($password != 'no password' || $compare != 'no password') { $password = zen_db_prepare_input($password); $compare = zen_db_prepare_input($compare); if ($password != $compare) { $errors[] = ERROR_PASSWORDS_NOT_MATCHING; } if (zen_check_for_password_problems($password, $id)) { $errors[] = ENTRY_PASSWORD_CHANGE_ERROR . ' ' . sprintf(ERROR_PASSWORD_RULES, (int) ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int) ADMIN_PASSWORD_MIN_LENGTH); } } if (sizeof($errors) == 0) { $encryptedPassword = zen_encrypt_password($password); $sql = "UPDATE " . TABLE_ADMIN . "\r\n SET prev_pass3 = prev_pass2, prev_pass2 = prev_pass1, prev_pass1 = admin_pass, admin_pass = :newpwd:, pwd_last_change_date = now()\r\n WHERE admin_id = :adminID:"; $sql = $db->bindVars($sql, ':adminID:', $id, 'integer'); $sql = $db->bindVars($sql, ':newpwd:', zen_encrypt_password($password), 'string'); $db->Execute($sql); } return $errors; }
if (!($admin_email == $result->fields['admin_email'])) { $error = true; $email_message = MESSAGE_PASSWORD_SENT; $resetToken = 'bad'; } // BEGIN SLAM PREVENTION if ($_POST['admin_email'] != '') { if (!isset($_SESSION['login_attempt'])) { $_SESSION['login_attempt'] = 0; } $_SESSION['login_attempt']++; } // END SLAM PREVENTION if ($error == false) { $new_password = zen_create_PADSS_password((int) ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int) ADMIN_PASSWORD_MIN_LENGTH); $resetToken = time() + ADMIN_PWD_TOKEN_DURATION . '}' . zen_encrypt_password($new_password); $sql = "update " . TABLE_ADMIN . " set reset_token = :token: where admin_id = :admID: "; $sql = $db->bindVars($sql, ':token:', $resetToken, 'string'); $sql = $db->bindVars($sql, ':admID:', $result->fields['admin_id'], 'string'); $db->Execute($sql); $html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name']; $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password); zen_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT_PWD_RESET, sprintf(TEXT_EMAIL_MESSAGE_PWD_RESET, $_SERVER['REMOTE_ADDR'], $new_password), STORE_NAME, EMAIL_FROM, $html_msg, 'password_forgotten_admin'); $email_message = MESSAGE_PASSWORD_SENT; } } ?> <!DOCTYPE html > <html <?php echo HTML_PARAMS; ?>
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR); } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = "select customers_password, customers_nick\r\n from " . TABLE_CUSTOMERS . "\r\n where customers_id = '" . (int) $_SESSION['customer_id'] . "'"; $check_customer = $db->Execute($check_customer_query); if (zen_validate_password($password_current, $check_customer->fields['customers_password'])) { $nickname = $check_customer->fields['customers_nick']; $db->Execute("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $sql = "update " . TABLE_CUSTOMERS_INFO . "\r\n set customers_info_date_account_last_modified = now()\r\n where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'"; $db->Execute($sql); if ($sniffer->phpBB['installed'] == true) { if (zen_not_null($nickname) && $nickname != '') { // require($sniffer->phpBB['phpbb_path'] . 'config.php'); $db_phpbb = new queryFactory(); $db_phpbb->connect($sniffer->phpBB['dbhost'], $sniffer->phpBB['dbuser'], $sniffer->phpBB['dbpasswd'], $sniffer->phpBB['dbname'], USE_PCONNECT, false); $sql = "update " . $sniffer->phpBB['users_table'] . " set user_password='******'\r\n where username = '******'"; $phpbb_users = $db_phpbb->Execute($sql); $db->connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE, USE_PCONNECT, false); } } $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL')); } else {
function zen_encrypt_password($plain) { $password = ''; for ($i = 0; $i < 10; $i++) { $password .= zen_rand(); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; return $password; } function zen_rand($min = null, $max = null) { static $seeded; if (!$seeded) { mt_srand((double) microtime() * 1000000); $seeded = true; } if (isset($min) && isset($max)) { if ($min >= $max) { return $min; } else { return mt_rand($min, $max); } } else { return mt_rand(); } } $f = STDIN; $password = fgets($f); $value = zen_encrypt_password($password); echo "{$value}";
function dbAdminSetup() { $this->dbActivate(); $sql = "update " . DB_PREFIX . "admin set admin_name = '" . $this->db->prepareInput($this->configInfo['admin_username']) . "', admin_email = '" . $this->db->prepareInput($this->configInfo['admin_email']) . "', admin_pass = '******'admin_pass']) . "', pwd_last_change_date = 0, reset_token = '" . (time() + 72 * 60 * 60) . '}' . $this->db->prepareInput(zen_encrypt_password($this->configInfo['admin_pass'])) . "' where admin_id = 1"; $this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg()); // enable/disable automatic version-checking $sql = "update " . DB_PREFIX . "configuration set configuration_value = '" . ($this->configInfo['check_for_updates'] ? 'true' : 'false') . "' where configuration_key = 'SHOW_VERSION_UPDATE_IN_HEADER'"; $this->db->Execute($sql) or die("Error in query: {$sql}" . $this->db->ErrorMsg()); $this->db->Close(); }
/** * Complete the step2 phase by creating accounts if needed, linking data, placing order, etc. */ function ec_step2_finish($paypal_ec_payer_info, $new_acct_notify) { global $db, $order; // register the payer_info in the session $_SESSION['paypal_ec_payer_info'] = $paypal_ec_payer_info; // debug $this->zcLog('ec_step2_finish - 1', 'START: paypal_ec_payer_info= ' . print_r($_SESSION['paypal_ec_payer_info'], true)); /** * Building customer zone/address from returned data */ // set some defaults, which will be updated later: $country_id = '223'; $address_format_id = 2; $state_id = 0; $acct_exists = false; // store default address id for later use/reference $original_default_address_id = $_SESSION['customer_default_address_id']; // Get the customer's country ID based on name or ISO code $sql = "SELECT countries_id, address_format_id, countries_iso_code_2, countries_iso_code_3\r\n FROM " . TABLE_COUNTRIES . "\r\n WHERE countries_iso_code_2 = :countryId\r\n OR countries_name = :countryId\r\n LIMIT 1"; $sql1 = $db->bindVars($sql, ':countryId', $paypal_ec_payer_info['ship_country_name'], 'string'); $country1 = $db->Execute($sql1); $sql2 = $db->bindVars($sql, ':countryId', $paypal_ec_payer_info['ship_country_code'], 'string'); $country2 = $db->Execute($sql2); // see if we found a record, if yes, then use it instead of default American format if ($country1->RecordCount() > 0) { $country_id = $country1->fields['countries_id']; if (!isset($paypal_ec_payer_info['ship_country_code']) || $paypal_ec_payer_info['ship_country_code'] == '') { $paypal_ec_payer_info['ship_country_code'] = $country1->fields['countries_iso_code_2']; } $country_code3 = $country1->fields['countries_iso_code_3']; $address_format_id = (int) $country1->fields['address_format_id']; } elseif ($country2->RecordCount() > 0) { // if didn't find it based on name, check using ISO code (ie: in case of no-shipping-address required/supplied) $country_id = $country2->fields['countries_id']; $country_code3 = $country2->fields['countries_iso_code_3']; $address_format_id = (int) $country2->fields['address_format_id']; } // Need to determine zone, based on zone name first, and then zone code if name fails check. Otherwise uses 0. $sql = "SELECT zone_id\r\n FROM " . TABLE_ZONES . "\r\n WHERE zone_country_id = :zCountry\r\n AND zone_code = :zoneCode\r\n OR zone_name = :zoneCode\r\n LIMIT 1"; $sql = $db->bindVars($sql, ':zCountry', $country_id, 'integer'); $sql = $db->bindVars($sql, ':zoneCode', $paypal_ec_payer_info['ship_state'], 'string'); $states = $db->Execute($sql); if ($states->RecordCount() > 0) { $state_id = $states->fields['zone_id']; } /** * Using the supplied data from PayPal, set the data into the order record */ // customer $order->customer['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname']; $order->customer['company'] = $paypal_ec_payer_info['payer_business']; $order->customer['street_address'] = $paypal_ec_payer_info['ship_street_1']; $order->customer['suburb'] = $paypal_ec_payer_info['ship_street_2']; $order->customer['city'] = $paypal_ec_payer_info['ship_city']; $order->customer['postcode'] = $paypal_ec_payer_info['ship_postal_code']; $order->customer['state'] = $paypal_ec_payer_info['ship_state']; $order->customer['country'] = array('id' => $country_id, 'title' => $paypal_ec_payer_info['ship_country_name'], 'iso_code_2' => $paypal_ec_payer_info['ship_country_code'], 'iso_code_3' => $country_code3); $order->customer['country']['id'] = $country_id; $order->customer['country']['iso_code_2'] = $paypal_ec_payer_info['ship_country_code']; $order->customer['format_id'] = $address_format_id; $order->customer['email_address'] = $paypal_ec_payer_info['payer_email']; $order->customer['telephone'] = $paypal_ec_payer_info['ship_phone']; $order->customer['zone_id'] = $state_id; // billing $order->billing['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname']; $order->billing['company'] = $paypal_ec_payer_info['payer_business']; $order->billing['street_address'] = $paypal_ec_payer_info['ship_street_1']; $order->billing['suburb'] = $paypal_ec_payer_info['ship_street_2']; $order->billing['city'] = $paypal_ec_payer_info['ship_city']; $order->billing['postcode'] = $paypal_ec_payer_info['ship_postal_code']; $order->billing['state'] = $paypal_ec_payer_info['ship_state']; $order->billing['country'] = array('id' => $country_id, 'title' => $paypal_ec_payer_info['ship_country_name'], 'iso_code_2' => $paypal_ec_payer_info['ship_country_code'], 'iso_code_3' => $country_code3); $order->billing['country']['id'] = $country_id; $order->billing['country']['iso_code_2'] = $paypal_ec_payer_info['ship_country_code']; $order->billing['format_id'] = $address_format_id; $order->billing['zone_id'] = $state_id; // delivery if ($_SESSION['paypal_ec_payer_info']['ship_address_status'] != 'None') { $order->delivery['name'] = $paypal_ec_payer_info['payer_firstname'] . ' ' . $paypal_ec_payer_info['payer_lastname']; $order->delivery['company'] = $paypal_ec_payer_info['payer_business']; $order->delivery['street_address'] = $paypal_ec_payer_info['ship_street_1']; $order->delivery['suburb'] = $paypal_ec_payer_info['ship_street_2']; $order->delivery['city'] = $paypal_ec_payer_info['ship_city']; $order->delivery['postcode'] = $paypal_ec_payer_info['ship_postal_code']; $order->delivery['state'] = $paypal_ec_payer_info['ship_state']; $order->delivery['country'] = array('id' => $country_id, 'title' => $paypal_ec_payer_info['ship_country_name'], 'iso_code_2' => $paypal_ec_payer_info['ship_country_code'], 'iso_code_3' => $country_code3); $order->delivery['country_id'] = $country_id; $order->delivery['format_id'] = $address_format_id; $order->delivery['zone_id'] = $state_id; } // debug $this->zcLog('ec_step2_finish - 2', 'country_id = ' . $country_id . ' ' . $paypal_ec_payer_info['ship_country_name'] . ' ' . $paypal_ec_payer_info['ship_country_code'] . "\naddress_format_id = " . $address_format_id . "\nstate_id = " . $state_id . ' (original state tested: ' . $paypal_ec_payer_info['ship_state'] . ')' . "\ncountry1->fields['countries_id'] = " . $country1->fields['countries_id'] . "\ncountry2->fields['countries_id'] = " . $country2->fields['countries_id'] . "\n" . '$order = ' . print_r($order, true)); // check to see whether PayPal should still be offered to this customer, based on the zone of their address: $this->update_status(); if (!$this->enabled) { $this->terminateEC(MODULE_PAYMENT_PAYPALWPP_TEXT_INVALID_ZONE_ERROR, true, FILENAME_SHOPPING_CART); } // see if the user is logged in if (!empty($_SESSION['customer_first_name']) && !empty($_SESSION['customer_id'])) { // They're logged in, so forward them straight to checkout stages, depending on address needs etc $order->customer['id'] = $_SESSION['customer_id']; // set the session value for express checkout temp $_SESSION['paypal_ec_temp'] = false; // if no address required for shipping, leave shipping portion alone if ($_SESSION['paypal_ec_payer_info']['ship_address_status'] != 'None' && $_SESSION['paypal_ec_payer_info']['ship_street_1'] != '') { // set the session info for the sendto $_SESSION['sendto'] = $_SESSION['customer_default_address_id']; // This is the address matching section // try to match it first // note: this is by no means 100% $address_book_id = $this->findMatchingAddressBookEntry($_SESSION['customer_id'], $order->delivery); // no match, so add the record if (!$address_book_id) { $address_book_id = $this->addAddressBookEntry($_SESSION['customer_id'], $order->delivery, false); } // set the address for use $_SESSION['sendto'] = $address_book_id; } // set the users billto information (default address) if (!isset($_SESSION['billto'])) { $_SESSION['billto'] = $_SESSION['customer_default_address_id']; } // debug $this->zcLog('ec_step2_finish - 3', 'Exiting ec_step2_finish logged-in mode.' . "\n" . 'Selected address: ' . $address_book_id . "\nOriginal was: " . $original_default_address_id); // select a shipping method, based on cheapest available option if (MODULE_PAYMENT_PAYPALWPP_AUTOSELECT_CHEAPEST_SHIPPING == 'Yes') { $this->setShippingMethod(); } // send the user on if ($_SESSION['paypal_ec_markflow'] == 1) { $this->terminateEC('', false, FILENAME_CHECKOUT_PROCESS); } else { $this->terminateEC('', false, FILENAME_CHECKOUT_CONFIRMATION); } } else { // They're not logged in. Create an account if necessary, and then log them in. // First, see if they're an existing customer, and log them in automatically // If Paypal didn't supply us an email address, something went wrong if (trim($paypal_ec_payer_info['payer_email']) == '') { $this->terminateEC(MODULE_PAYMENT_PAYPALWPP_INVALID_RESPONSE, true); } // attempt to obtain the user information using the payer_email from the info returned from PayPal, via email address $sql = "SELECT customers_id, customers_firstname, customers_lastname, customers_paypal_payerid, customers_paypal_ec\r\n FROM " . TABLE_CUSTOMERS . "\r\n WHERE customers_email_address = :emailAddress "; $sql = $db->bindVars($sql, ':emailAddress', $paypal_ec_payer_info['payer_email'], 'string'); $check_customer = $db->Execute($sql); // debug $this->zcLog('ec_step2_finish - 4', 'Not logged in. Looking for account.' . "\n" . $sql . "\n" . print_r($check_customer, true)); if (!$check_customer->EOF) { $acct_exists = true; // see if this was only a temp account -- if so, remove it if ($check_customer->fields['customers_paypal_ec'] == '1') { // Delete the existing temporary account $this->ec_delete_user($check_customer->fields['customers_id']); $acct_exists = false; // debug $this->zcLog('ec_step2_finish - 5', 'Found temporary account - deleting it.'); } } // Create an account, if the account does not exist if (!$acct_exists) { // debug $this->zcLog('ec_step2_finish - 6', 'No ZC account found for this customer. Creating new account.' . "\n" . '$this->new_acct_notify =' . $this->new_acct_notify); // Generate a random 8-char password $password = zen_create_random_value(8); $sql_data_array = array(); // set the customer information in the array for the table insertion $sql_data_array = array('customers_firstname' => $paypal_ec_payer_info['payer_firstname'], 'customers_lastname' => $paypal_ec_payer_info['payer_lastname'], 'customers_email_address' => $paypal_ec_payer_info['payer_email'], 'customers_telephone' => $paypal_ec_payer_info['ship_phone'], 'customers_fax' => '', 'customers_gender' => $paypal_ec_payer_info['payer_gender'], 'customers_newsletter' => '0', 'customers_password' => zen_encrypt_password($password), 'customers_paypal_payerid' => $_SESSION['paypal_ec_payer_id']); // insert the data $result = zen_db_perform(TABLE_CUSTOMERS, $sql_data_array); // grab the customer_id (last insert id) $customer_id = $db->Insert_ID(); // set the Guest customer ID -- for PWA purposes $_SESSION['customer_guest_id'] = $customer_id; // set the customer address information in the array for the table insertion $sql_data_array = array('customers_id' => $customer_id, 'entry_gender' => $paypal_ec_payer_info['payer_gender'], 'entry_firstname' => $paypal_ec_payer_info['payer_firstname'], 'entry_lastname' => $paypal_ec_payer_info['payer_lastname'], 'entry_street_address' => $paypal_ec_payer_info['ship_street_1'], 'entry_suburb' => $paypal_ec_payer_info['ship_street_2'], 'entry_city' => $paypal_ec_payer_info['ship_city'], 'entry_zone_id' => $state_id, 'entry_postcode' => $paypal_ec_payer_info['ship_postal_code'], 'entry_country_id' => $country_id); if ($state_id > 0) { $sql_data_array['entry_zone_id'] = $state_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = 0; $sql_data_array['entry_state'] = $paypal_ec_payer_info['ship_state']; } // insert the data zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); // grab the address_id (last insert id) $address_id = $db->Insert_ID(); // set the address id lookup for the customer $sql = "UPDATE " . TABLE_CUSTOMERS . "\r\n SET customers_default_address_id = :addrID\r\n WHERE customers_id = :custID"; $sql = $db->bindVars($sql, ':addrID', $address_id, 'integer'); $sql = $db->bindVars($sql, ':custID', $customer_id, 'integer'); $db->Execute($sql); // insert the new customer_id into the customers info table for consistency $sql = "INSERT INTO " . TABLE_CUSTOMERS_INFO . "\r\n (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created)\r\n VALUES (:custID, 0, now())"; $sql = $db->bindVars($sql, ':custID', $customer_id, 'integer'); $db->Execute($sql); // send Welcome Email if appropriate if ($this->new_acct_notify == 'Yes') { // require the language file global $language_page_directory, $template_dir; if (!isset($language_page_directory)) { $language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/'; } if (file_exists($language_page_directory . $template_dir . '/create_account.php')) { $template_dir_select = $template_dir . '/'; } else { $template_dir_select = ''; } require $language_page_directory . $template_dir_select . '/create_account.php'; // set the mail text $email_text = sprintf(EMAIL_GREET_NONE, $paypal_ec_payer_info['payer_firstname']) . EMAIL_WELCOME . EMAIL_TEXT; $email_text .= "\n\n" . EMAIL_EC_ACCOUNT_INFORMATION . "\nUsername: "******"\nPassword: "******"\n\n"; $email_text .= EMAIL_CONTACT; // send the mail zen_mail($paypal_ec_payer_info['payer_firstname'] . " " . $paypal_ec_payer_info['payer_lastname'], $paypal_ec_payer_info['payer_email'], EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, array('EMAIL_MESSAGE_HTML' => nl2br($email_text)), 'welcome'); // set the express checkout temp -- false means the account is no longer "only" for EC ... it'll be permanent $_SESSION['paypal_ec_temp'] = false; } else { // Make it a temporary account that'll be deleted once they've checked out $sql = "UPDATE " . TABLE_CUSTOMERS . "\r\n SET customers_paypal_ec = 1\r\n WHERE customers_id = :custID "; $sql = $db->bindVars($sql, ':custID', $customer_id, 'integer'); $db->Execute($sql); // set the boolean ec temp value since we created account strictly for EC purposes $_SESSION['paypal_ec_temp'] = true; } // hook notifier class vis a vis account-creation $this->notify('NOTIFY_LOGIN_SUCCESS_VIA_CREATE_ACCOUNT'); } else { // set the boolean ec temp value for the account to false, since we didn't have to create one $_SESSION['paypal_ec_temp'] = false; } // log the user in with the email sent back from paypal response $this->user_login($_SESSION['paypal_ec_payer_info']['payer_email'], false); // debug $this->zcLog('ec_step2_finish - 7', 'Auto-Logged customer in. (' . $_SESSION['paypal_ec_payer_info']['payer_email'] . ') (' . $_SESSION['customer_id'] . ')' . "\n" . '$_SESSION[paypal_ec_temp]=' . $_SESSION['paypal_ec_temp']); // This is the address matching section // try to match it first // note: this is by no means 100% $address_book_id = $this->findMatchingAddressBookEntry($_SESSION['customer_id'], $order->delivery); // no match add the record if (!$address_book_id) { $address_book_id = $this->addAddressBookEntry($_SESSION['customer_id'], $order->delivery, false); if (!$address_book_id) { $address_book_id = $_SESSION['customer_default_address_id']; } } // set the sendto to the address $_SESSION['sendto'] = $address_book_id; // set billto in the session $_SESSION['billto'] = $_SESSION['customer_default_address_id']; // select a shipping method, based on cheapest available option if (MODULE_PAYMENT_PAYPALWPP_AUTOSELECT_CHEAPEST_SHIPPING == 'Yes') { $this->setShippingMethod(); } // debug $this->zcLog('ec_step2_finish - 8', 'Exiting via terminateEC (from originally-not-logged-in mode).' . "\n" . 'Selected address: ' . $address_book_id . "\nOriginal was: " . $original_default_address_id . "\nprepared data: " . print_r($order->delivery, true)); // send the user on if ($_SESSION['paypal_ec_markflow'] == 1) { $this->terminateEC('', false, FILENAME_CHECKOUT_PROCESS); } else { $this->terminateEC('', false, FILENAME_CHECKOUT_CONFIRMATION); } } }
} else { $error = true; $messageStack->add('email_edit', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } break; case 'password_edit': $switchbox = 'password_edit'; $password_current = zen_db_prepare_input($_POST['existing_password_1']); $new_password = zen_db_prepare_input($_POST['password']); $error = false; $check_customer_query = "SELECT customers_password\n\t\t\t FROM " . TABLE_CUSTOMERS . "\n\t\t\t WHERE customers_id = :customersID"; $check_customer_query = $db->bindVars($check_customer_query, ':customersID', $_SESSION['customer_id'], 'integer'); $check_customer = $db->Execute($check_customer_query); if (zen_validate_password($password_current, $check_customer->fields['customers_password'])) { if ($error == false) { $sql_data_array = array(array('fieldName' => 'customers_password', 'value' => zen_encrypt_password($new_password), 'type' => 'string')); $where_clause = "customers_id = :customersID"; $where_clause = $db->bindVars($where_clause, ':customersID', $_SESSION['customer_id'], 'integer'); $db->perform(TABLE_CUSTOMERS, $sql_data_array, 'update', $where_clause); $sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\n\t\t\t\t\t SET customers_info_date_account_last_modified = now()\n\t\t\t\t\t WHERE customers_info_id = :customersID"; $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer'); $db->Execute($sql); $zco_notifier->notify('NOTIFY_HEADER_ACCOUNT_EDIT_UPDATES_COMPLETE'); // reset the session variables $messageStack->add('password_edit', SUCCESS_ACCOUNT_UPDATED, 'success'); } } else { $error = true; $messageStack->add('password_edit', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } break;