/**
* If we created an account for the customer, this logs them in and notes that the record was created for PayPal EC purposes
*/
function user_login($email_address, $redirect = true)
{
global $db, $order;
global $session_started;
if ($session_started == false) {
zen_redirect(zen_href_link(FILENAME_COOKIE_USAGE));
}
$sql = "SELECT * FROM " . TABLE_CUSTOMERS . "\r\n WHERE customers_email_address = :custEmail ";
$sql = $db->bindVars($sql, ':custEmail', $email_address, 'string');
$check_customer = $db->Execute($sql);
if ($check_customer->EOF) {
$this->terminateEC(MODULE_PAYMENT_PAYPALWPP_TEXT_BAD_LOGIN, true);
}
if (SESSION_RECREATE == 'True') {
zen_session_recreate();
}
$sql = "SELECT entry_country_id, entry_zone_id\r\n FROM " . TABLE_ADDRESS_BOOK . "\r\n WHERE customers_id = :custID\r\n AND address_book_id = :addrID ";
$sql = $db->bindVars($sql, ':custID', $check_customer->fields['customers_id'], 'integer');
$sql = $db->bindVars($sql, ':addrID', $check_customer->fields['customers_default_address_id'], 'integer');
$check_country = $db->Execute($sql);
$_SESSION['customer_id'] = (int) $check_customer->fields['customers_id'];
$_SESSION['customer_default_address_id'] = $check_customer->fields['customers_default_address_id'];
$_SESSION['customer_first_name'] = $check_customer->fields['customers_firstname'];
$_SESSION['customer_country_id'] = $check_country->fields['entry_country_id'];
$_SESSION['customer_zone_id'] = $check_country->fields['entry_zone_id'];
$order->customer['id'] = $_SESSION['customer_id'];
$sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\r\n SET customers_info_date_of_last_logon = now(),\r\n customers_info_number_of_logons = customers_info_number_of_logons+1\r\n WHERE customers_info_id = :custID ";
$sql = $db->bindVars($sql, ':custID', $_SESSION['customer_id'], 'integer');
$db->Execute($sql);
$_SESSION['cart']->restore_contents();
if ($redirect) {
$this->terminateEC();
}
return true;
}
/**
* If we created an account for the customer, this logs them in and notes that the record was created for PayPal EC purposes
*/
function user_login($email_address, $redirect = true)
{
global $db, $order, $messageStack;
global $session_started;
if ($session_started == false) {
zen_redirect(zen_href_link(FILENAME_COOKIE_USAGE));
}
$sql = "SELECT * FROM " . TABLE_CUSTOMERS . "\n WHERE customers_email_address = :custEmail ";
$sql = $db->bindVars($sql, ':custEmail', $email_address, 'string');
$check_customer = $db->Execute($sql);
if ($check_customer->EOF) {
$this->terminateEC(MODULE_PAYMENT_PAYPALWPP_TEXT_BAD_LOGIN, true);
}
if (SESSION_RECREATE == 'True') {
zen_session_recreate();
}
$sql = "SELECT entry_country_id, entry_zone_id\n FROM " . TABLE_ADDRESS_BOOK . "\n WHERE customers_id = :custID\n AND address_book_id = :addrID ";
$sql = $db->bindVars($sql, ':custID', $check_customer->fields['customers_id'], 'integer');
$sql = $db->bindVars($sql, ':addrID', $check_customer->fields['customers_default_address_id'], 'integer');
$check_country = $db->Execute($sql);
$_SESSION['customer_id'] = (int) $check_customer->fields['customers_id'];
$_SESSION['customer_default_address_id'] = $check_customer->fields['customers_default_address_id'];
$_SESSION['customer_first_name'] = $check_customer->fields['customers_firstname'];
$_SESSION['customer_country_id'] = $check_country->fields['entry_country_id'];
$_SESSION['customer_zone_id'] = $check_country->fields['entry_zone_id'];
$order->customer['id'] = $_SESSION['customer_id'];
$sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\n SET customers_info_date_of_last_logon = now(),\n customers_info_number_of_logons = customers_info_number_of_logons+1\n WHERE customers_info_id = :custID ";
$sql = $db->bindVars($sql, ':custID', $_SESSION['customer_id'], 'integer');
$db->Execute($sql);
// bof: contents merge notice
// save current cart contents count if required
if (SHOW_SHOPPING_CART_COMBINED > 0) {
$zc_check_basket_before = $_SESSION['cart']->count_contents();
}
// bof: not require part of contents merge notice
// restore cart contents
$_SESSION['cart']->restore_contents();
// eof: not require part of contents merge notice
// check current cart contents count if required
if (SHOW_SHOPPING_CART_COMBINED > 0 && $zc_check_basket_before > 0) {
$zc_check_basket_after = $_SESSION['cart']->count_contents();
if ($zc_check_basket_before != $zc_check_basket_after && $_SESSION['cart']->count_contents() > 0 && SHOW_SHOPPING_CART_COMBINED > 0) {
if (SHOW_SHOPPING_CART_COMBINED == 2) {
// warning only do not send to cart
$messageStack->add_session('header', WARNING_SHOPPING_CART_COMBINED, 'caution');
}
if (SHOW_SHOPPING_CART_COMBINED == 1) {
// show warning and send to shopping cart for review
$messageStack->add_session('shopping_cart', WARNING_SHOPPING_CART_COMBINED, 'caution');
zen_redirect(zen_href_link(FILENAME_SHOPPING_CART, '', 'NONSSL'));
}
}
}
// eof: contents merge notice
if ($redirect) {
$this->terminateEC();
}
return true;
}
/**
* Verify login according to security requirements
* @param $admin_name
* @param $admin_pass
*/
function zen_validate_user_login($admin_name, $admin_pass)
{
global $db;
$camefrom = isset($_GET['camefrom']) ? $_GET['camefrom'] : FILENAME_DEFAULT;
$error = $expired = false;
$message = $redirect = '';
$expired_token = 0;
$result = zen_read_user($admin_name);
if (!isset($result) || $result == FALSE || $admin_name != $result['admin_name']) {
// invalid login
$error = true;
$message = ERROR_WRONG_LOGIN;
zen_record_admin_activity(sprintf(TEXT_ERROR_FAILED_ADMIN_LOGIN_FOR_USER) . ' ' . $admin_name, 'warning');
} else {
if ($result['lockout_expires'] > time()) {
// account locked
$error = true;
$message = ERROR_SECURITY_ERROR;
// account locked. Simply give generic error, since otherwise we alert that the account name is correct
zen_record_admin_activity(TEXT_ERROR_ATTEMPTED_TO_LOG_IN_TO_LOCKED_ACCOUNT . ' ' . $admin_name, 'warning');
}
if ($result['reset_token'] != '') {
list($expired_token, $token) = explode('}', $result['reset_token']);
if ($expired_token > 0) {
if ($expired_token <= time() && $result['admin_pass'] != '') {
// reset the reset_token field to blank, since token has expired
$sql = "update " . TABLE_ADMIN . " set reset_token = '' where admin_name = :adminname: ";
$sql = $db->bindVars($sql, ':adminname:', $admin_name, 'string');
$db->Execute($sql);
$expired = false;
} else {
if (!zen_validate_password($admin_pass, $token)) {
$error = true;
$message = ERROR_WRONG_LOGIN;
zen_record_admin_activity(sprintf(TEXT_ERROR_INCORRECT_PASSWORD_DURING_RESET_FOR_USER) . ' ' . $admin_name, 'warning');
} else {
$error = true;
$expired = true;
$message = TEXT_TEMPORARY_PASSWORD_MUST_BE_CHANGED;
}
}
}
}
if ($result['admin_pass'] == '') {
$error = true;
$expired = true;
$message = TEXT_TEMPORARY_PASSWORD_MUST_BE_CHANGED;
} else {
$token = $result['admin_pass'];
if (!zen_validate_password($admin_pass, $token)) {
$error = true;
if (!$expired) {
$message = ERROR_WRONG_LOGIN;
zen_record_admin_activity(sprintf(TEXT_ERROR_FAILED_ADMIN_LOGIN_FOR_USER) . ' ' . $admin_name, 'warning');
}
}
}
if (password_needs_rehash($token, PASSWORD_DEFAULT)) {
$token = zcPassword::getInstance(PHP_VERSION)->updateNotLoggedInAdminPassword($admin_pass, $admin_name);
}
// BEGIN 2-factor authentication
if ($error == FALSE && defined('ZC_ADMIN_TWO_FACTOR_AUTHENTICATION_SERVICE') && ZC_ADMIN_TWO_FACTOR_AUTHENTICATION_SERVICE != '') {
if (function_exists(ZC_ADMIN_TWO_FACTOR_AUTHENTICATION_SERVICE)) {
$response = zen_call_function(ZC_ADMIN_TWO_FACTOR_AUTHENTICATION_SERVICE, array($result['admin_id'], $result['admin_email'], $result['admin_name']));
if ($response !== TRUE) {
$error = TRUE;
$message = ERROR_WRONG_LOGIN;
zen_record_admin_activity('TFA Failure - Two-factor authentication failed', 'warning');
} elseif ($response === TRUE) {
zen_record_admin_activity('TFA Passed - Two-factor authentication passed', 'warning');
}
}
}
}
// BEGIN LOGIN SLAM PREVENTION
if ($error == TRUE) {
if (!isset($_SESSION['login_attempt'])) {
$_SESSION['login_attempt'] = 0;
}
$_SESSION['login_attempt']++;
$sql = "UPDATE " . TABLE_ADMIN . " SET failed_logins = failed_logins + 1, last_failed_attempt = now(), last_failed_ip = :ip: WHERE admin_name = :adminname: ";
$sql = $db->bindVars($sql, ':adminname:', $admin_name, 'string');
$sql = $db->bindVars($sql, ':ip:', $_SERVER['REMOTE_ADDR'], 'string');
$db->Execute($sql);
if (($_SESSION['login_attempt'] > 3 || $result['failed_logins'] > 3) && isset($result['admin_email']) && $result['admin_email'] != '' && ADMIN_SWITCH_SEND_LOGIN_FAILURE_EMAILS == 'Yes') {
$html_msg['EMAIL_CUSTOMERS_NAME'] = $result['admin_name'];
$html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MULTIPLE_LOGIN_FAILURES, $_SERVER['REMOTE_ADDR']);
zen_record_admin_activity(sprintf(TEXT_EMAIL_MULTIPLE_LOGIN_FAILURES, $_SERVER['REMOTE_ADDR']), 'warning');
zen_mail($result['admin_name'], $result['admin_email'], TEXT_EMAIL_SUBJECT_LOGIN_FAILURES, sprintf(TEXT_EMAIL_MULTIPLE_LOGIN_FAILURES, $_SERVER['REMOTE_ADDR']), STORE_NAME, EMAIL_FROM, $html_msg, 'no_archive');
}
if ($expired_token < 10000) {
if ($_SESSION['login_attempt'] > 6 || $result['failed_logins'] > 6) {
$sql = "UPDATE " . TABLE_ADMIN . " SET lockout_expires = " . (time() + ADMIN_LOGIN_LOCKOUT_TIMER) . " WHERE admin_name = :adminname: ";
$sql = $db->bindVars($sql, ':adminname:', $admin_name, 'string');
$db->Execute($sql);
zen_session_destroy();
zen_record_admin_activity('Too many login failures. Account locked for ' . ADMIN_LOGIN_LOCKOUT_TIMER / 60 . ' minutes', 'warning');
sleep(15);
$redirect = zen_href_link(FILENAME_DEFAULT, '', 'SSL');
return array($error, $expired, $message, $redirect);
} else {
sleep(4);
}
}
}
// END LOGIN SLAM PREVENTION
// deal with expireds for SSL change
if ($error == FALSE && $result['pwd_last_change_date'] == '1990-01-01 14:02:22') {
$expired = true;
$error = true;
$message = ($message == '' ? '' : $message . '<br /><br />') . EXPIRED_DUE_TO_SSL;
}
// deal with expireds for PA-DSS
if ($error == FALSE && PADSS_PWD_EXPIRY_ENFORCED == 1 && $result['pwd_last_change_date'] < date('Y-m-d H:i:s', ADMIN_PASSWORD_EXPIRES_INTERVAL)) {
$expired = true;
$error = true;
}
if ($error == false) {
unset($_SESSION['login_attempt']);
$sql = "UPDATE " . TABLE_ADMIN . " SET failed_logins = 0, lockout_expires = 0, last_login_date = now(), last_login_ip = :ip: WHERE admin_name = :adminname: ";
$sql = $db->bindVars($sql, ':adminname:', $admin_name, 'string');
$sql = $db->bindVars($sql, ':ip:', $_SERVER['REMOTE_ADDR'], 'string');
$db->Execute($sql);
$_SESSION['admin_id'] = $result['admin_id'];
if (SESSION_RECREATE == 'True') {
zen_session_recreate();
}
$redirect = zen_href_link($camefrom, zen_get_all_get_params(array('camefrom')), 'SSL');
}
return array($error, $expired, $message, $redirect);
}
}
}
*/
// Check if email exists
$check_customer_query = "SELECT customers_id, customers_firstname, customers_lastname, customers_password,\r\n customers_email_address, customers_default_address_id,\r\n customers_authorization, customers_referral\r\n FROM " . TABLE_CUSTOMERS . "\r\n WHERE customers_email_address = :email";
$check_customer_query = $db->bindVars($check_customer_query, ':email', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);
if (!$check_customer->RecordCount()) {
$error = true;
} else {
// Check that password is good
if (!zen_validate_password($password, $check_customer->fields['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'True') {
zen_session_recreate();
}
$check_country_query = "SELECT entry_country_id, entry_zone_id\r\n FROM " . TABLE_ADDRESS_BOOK . "\r\n WHERE customers_id = :customersID\r\n AND address_book_id = :adressBookID";
$check_country_query = $db->bindVars($check_country_query, ':customersID', $check_customer->fields['customers_id'], 'integer');
$check_country_query = $db->bindVars($check_country_query, ':adressBookID', $check_customer->fields['customers_default_address_id'], 'integer');
$check_country = $db->Execute($check_country_query);
$_SESSION['customer_id'] = $check_customer->fields['customers_id'];
$_SESSION['customer_default_address_id'] = $check_customer->fields['customers_default_address_id'];
$_SESSION['customers_authorization'] = $check_customer->fields['customers_authorization'];
$_SESSION['customer_first_name'] = $check_customer->fields['customers_firstname'];
$_SESSION['customer_last_name'] = $check_customer->fields['customers_lastname'];
$_SESSION['customer_country_id'] = $check_country->fields['entry_country_id'];
$_SESSION['customer_zone_id'] = $check_country->fields['entry_zone_id'];
$sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "\r\n SET customers_info_date_of_last_logon = now(),\r\n customers_info_number_of_logons = customers_info_number_of_logons+1\r\n WHERE customers_info_id = :customersID";
$sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
$db->Execute($sql);
function module_create_visitor($return = array())
{
global $db, $messageStack, $zco_notifier;
$return = $this->zoneOptions($return);
$process = false;
/**
* Process form contents
*/
if (isset($_POST['action']) && $_POST['action'] == 'process') {
$process = true;
$return['error'] = false;
$return['error_messages'] = array();
$return = $this->prosessPrivacyConditions($return);
$return = $this->processGender($return);
$return = $this->processEmailFormat($return);
$return = $this->processNames($return);
$return = $this->processDOB($return);
$return = $this->processEmailAddress($return);
$return = $this->processAddress($return);
$return = $this->processEmailFormat($return);
$return = $this->processCustomersAuthorization($return);
$return = $this->processCustomersReferral($return);
if (count($return['error_messages']) > 0) {
foreach ($return['error_messages'] as $error_message) {
$messageStack->add('create_visitor', $error_message['message'], $error_message['type']);
}
}
if ($return['error'] == true) {
// hook notifier class
$zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_VISITOR');
} else {
extract($return);
$sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_nick' => '', 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => 0, 'customers_email_format' => $email_format, 'customers_default_address_id' => '0', 'customers_password' => '', 'customers_authorization' => (int) CUSTOMERS_APPROVAL_AUTHORIZATION);
// ->furikana
if (FURIKANA_NESESSARY) {
$sql_data_array['customers_firstname_kana'] = $firstname_kana;
$sql_data_array['customers_lastname_kana'] = $lastname_kana;
}
// <-furikana
if (CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '') {
$sql_data_array['customers_referral'] = $customers_referral;
}
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['customers_gender'] = $gender;
}
if (ACCOUNT_DOB == 'true') {
$sql_data_array['customers_dob'] = empty($_POST['dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']);
}
zen_db_perform(TABLE_CUSTOMERS, $sql_data_array);
$_SESSION['customer_id'] = $db->Insert_ID();
// create a visitor
$sql_data_array = array('visitors_id' => $_SESSION['customer_id'], 'visitors_email_address' => $email_address, 'visitors_info_date_account_created' => 'now()');
zen_db_perform(TABLE_VISITORS, $sql_data_array);
$_SESSION['visitors_id'] = $_SESSION['customer_id'];
$sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_telephone' => $telephone, 'entry_fax' => $fax, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country);
// ->furikana
if (FURIKANA_NESESSARY) {
$sql_data_array['entry_firstname_kana'] = $firstname_kana;
$sql_data_array['entry_lastname_kana'] = $lastname_kana;
}
// <-furikana
if (ACCOUNT_GENDER == 'true') {
$sql_data_array['entry_gender'] = $gender;
}
if (ACCOUNT_COMPANY == 'true') {
$sql_data_array['entry_company'] = $company;
}
if (ACCOUNT_SUBURB == 'true') {
$sql_data_array['entry_suburb'] = $suburb;
}
if (ACCOUNT_STATE == 'true') {
if ($zone_id > 0) {
$sql_data_array['entry_zone_id'] = $return['zone_id'];
$sql_data_array['entry_state'] = '';
} else {
$sql_data_array['entry_zone_id'] = '0';
$sql_data_array['entry_state'] = $return['state'];
}
}
zen_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = $db->Insert_ID();
$sql = "\r\n UPDATE " . TABLE_CUSTOMERS . "\r\n SET customers_default_address_id = '" . (int) $address_id . "'\r\n WHERE customers_id = '" . (int) $_SESSION['customer_id'] . "'";
$db->Execute($sql);
$sql = "\r\n INSERT INTO " . TABLE_CUSTOMERS_INFO . "\r\n (customers_info_id, customers_info_number_of_logons,\r\n customers_info_date_account_created)\r\n VALUES\r\n ('" . (int) $_SESSION['customer_id'] . "', '0', now())\r\n ;";
$db->Execute($sql);
if (SESSION_RECREATE == 'True') {
zen_session_recreate();
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_last_name'] = $lastname;
// ->furikana
if (FURIKANA_NESESSARY) {
$_SESSION['customer_first_name_kana'] = $firstname_kana;
$_SESSION['customer_last_name_kana'] = $lastname_kana;
}
// <-furikana
$_SESSION['customer_default_address_id'] = $address_id;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id;
$_SESSION['customers_authorization'] = $customers_authorization;
// restore cart contents
$_SESSION['cart']->restore_contents();
// hook notifier class
$zco_notifier->notify('NOTIFY_LOGIN_SUCCESS_VIA_CREATE_VISITOR');
zen_redirect(zen_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}
//endif !error
}
$return['process'] = $process;
return $return;
}