/** * Bind the post data to the JUser object and the VM tables, then saves it * It is used to register new users * This function can also change already registered users, this is important when a registered user changes his email within the checkout. * * @author Max Milbers * @author Oscar van Eijk * @return boolean True is the save was successful, false otherwise. */ public function store(&$data) { $message = ''; vRequest::vmCheckToken('Invalid Token, while trying to save user'); if (empty($data)) { vmError('Developer notice, no data to store for user'); return false; } //To find out, if we have to register a new user, we take a look on the id of the usermodel object. //The constructor sets automatically the right id. $new = false; if (empty($this->_id) or $this->_id < 1) { $new = true; $user = new JUser(); //thealmega http://forum.tsmart.net/index.php?topic=99755.msg393758#msg393758 } else { $cUser = JFactory::getUser(); if (!vmAccess::manager('user.edit') and $cUser->id != $this->_id) { vmWarn('Insufficient permission'); return false; } $user = JFactory::getUser($this->_id); } $gid = $user->get('gid'); // Save original gid // Preformat and control user datas by plugin JPluginHelper::importPlugin('vmuserfield'); $dispatcher = JDispatcher::getInstance(); $valid = true; $dispatcher->trigger('plgVmOnBeforeUserfieldDataSave', array(&$valid, $this->_id, &$data, $user)); // $valid must be false if plugin detect an error if (!$valid) { return false; } // Before I used this "if($cart && !$new)" // This construction is necessary, because this function is used to register a new JUser, so we need all the JUser data in $data. // On the other hand this function is also used just for updating JUser data, like the email for the BT address. In this case the // name, username, password and so on is already stored in the JUser and dont need to be entered again. if (empty($data['email'])) { $email = $user->get('email'); if (!empty($email)) { $data['email'] = $email; } } else { $data['email'] = vRequest::getEmail('email', ''); } //$data['email'] = str_replace(array('\'','"',',','%','*','/','\\','?','^','`','{','}','|','~'),array(''),$data['email']); //This is important, when a user changes his email address from the cart, //that means using view user layout edit_address (which is called from the cart) $user->set('email', $data['email']); if (empty($data['name'])) { $name = $user->get('name'); if (!empty($name)) { $data['name'] = $name; } } else { $data['name'] = vRequest::getWord('name', ''); } $data['name'] = str_replace(array('\'', '"', ',', '%', '*', '/', '\\', '?', '^', '`', '{', '}', '|', '~'), array(''), $data['name']); if (empty($data['username'])) { $username = $user->get('username'); if (!empty($username)) { $data['username'] = $username; } else { $data['username'] = vRequest::getWord('username', ''); } } if (empty($data['password'])) { $data['password'] = vRequest::getCmd('password', ''); if ($data['password'] != vRequest::get('password')) { vmError('Password contained invalid character combination.'); return false; } } if (empty($data['password2'])) { $data['password2'] = vRequest::getCmd('password2'); if ($data['password2'] != vRequest::get('password2')) { vmError('Password2 contained invalid character combination.'); return false; } } if (!$new and empty($data['password2'])) { unset($data['password']); unset($data['password2']); } if (!vmAccess::manager('core')) { $whiteDataToBind = array(); if (isset($data['name'])) { $whiteDataToBind['name'] = $data['name']; } if (isset($data['username'])) { $whiteDataToBind['username'] = $data['username']; } if (isset($data['email'])) { $whiteDataToBind['email'] = $data['email']; } if (isset($data['language'])) { $whiteDataToBind['language'] = $data['language']; } if (isset($data['editor'])) { $whiteDataToBind['editor'] = $data['editor']; } if (isset($data['password'])) { $whiteDataToBind['password'] = $data['password']; } if (isset($data['password2'])) { $whiteDataToBind['password2'] = $data['password2']; } unset($data['isRoot']); } else { $whiteDataToBind = $data; } // Bind Joomla userdata if (!$user->bind($whiteDataToBind)) { vmdebug('Couldnt bind data to joomla user'); //array('user'=>$user,'password'=>$data['password'],'message'=>$message,'newId'=>$newId,'success'=>false); } if ($new) { // If user registration is not allowed, show 403 not authorized. // But it is possible for admins and storeadmins to save $usersConfig = JComponentHelper::getParams('com_users'); $cUser = JFactory::getUser(); if ($usersConfig->get('allowUserRegistration') == '0' and !vmAccess::manager('user')) { tsmConfig::loadJLang('com_tsmart'); vmError(tsmText::_('com_tsmart_ACCESS_FORBIDDEN')); return; } // Initialize new usertype setting $newUsertype = $usersConfig->get('new_usertype'); if (!$newUsertype) { $newUsertype = 2; } // Set some initial user values $user->set('usertype', $newUsertype); $user->groups[] = $newUsertype; $date = JFactory::getDate(); $user->set('registerDate', $date->toSQL()); // If user activation is turned on, we need to set the activation information $useractivation = $usersConfig->get('useractivation'); $doUserActivation = false; if ($useractivation == '1' or $useractivation == '2') { $doUserActivation = true; } if ($doUserActivation) { jimport('joomla.user.helper'); $user->set('activation', vRequest::getHash(JUserHelper::genRandomPassword())); $user->set('block', '1'); //$user->set('lastvisitDate', '0000-00-00 00:00:00'); } } $option = vRequest::getCmd('option'); // If an exising superadmin gets a new group, make sure enough admins are left... if (!$new && $user->get('gid') != $gid && $gid == __SUPER_ADMIN_GID) { if ($this->getSuperAdminCount() <= 1) { vmError(tsmText::_('com_tsmart_USER_ERR_ONLYSUPERADMIN')); return false; } } if (isset($data['language'])) { $user->setParam('language', $data['language']); } // Save the JUser object if (!$user->save()) { $msg = tsmText::sprintf('JLIB_APPLICATION_ERROR_SAVE_FAILED', $user->getError()); vmError($msg, $msg); return false; } else { $data['name'] = $user->get('name'); $data['username'] = $user->get('username'); $data['email'] = $user->get('email'); $data['language'] = $user->get('language'); $data['editor'] = $user->get('editor'); } $newId = $user->get('id'); $data['tsmart_user_id'] = $newId; //We need this in that case, because data is bound to table later $this->setUserId($newId); //Save the VM user stuff if (!$this->saveUserData($data) || !self::storeAddress($data)) { vmError('com_tsmart_NOT_ABLE_TO_SAVE_USER_DATA'); // vmError(vmText::_('com_tsmart_NOT_ABLE_TO_SAVE_USERINFO_DATA')); } else { if ($new) { $user->userInfo = $data; $password = ''; if ($usersConfig->get('sendpassword', 1)) { $password = $user->password_clear; } $this->sendRegistrationEmail($user, $password, $doUserActivation); if ($doUserActivation) { vmInfo('com_tsmart_REG_COMPLETE_ACTIVATE'); } else { vmInfo('com_tsmart_REG_COMPLETE'); $user->set('activation', ''); $user->set('block', '0'); $user->set('guest', '0'); } } else { vmInfo('com_tsmart_USER_DATA_STORED'); } } //The extra check for isset vendor_name prevents storing of the vendor if there is no form (edit address cart) if ((int) $data['user_is_vendor'] == 1 and isset($data['vendor_currency'])) { vmdebug('vendor recognised ' . $data['tsmart_vendor_id']); if ($this->storeVendorData($data)) { if ($new) { if ($doUserActivation) { vmInfo('com_tsmart_REG_VENDOR_COMPLETE_ACTIVATE'); } else { vmInfo('com_tsmart_REG_VENDOR_COMPLETE'); } } else { vmInfo('com_tsmart_VENDOR_DATA_STORED'); } } } return array('user' => $user, 'password' => $data['password'], 'message' => $message, 'newId' => $newId, 'success' => true); }
private static function _checkCreateKeyFile($date) { jimport('joomla.filesystem.file'); vmSetStartTime('check'); static $existingKeys = false; $keyPath = self::_getEncryptSafepath(); if (!$existingKeys) { $dir = opendir($keyPath); if (is_resource($dir)) { $existingKeys = array(); while (false !== ($file = readdir($dir))) { if ($file != '.' && $file != '..') { if (!is_dir($keyPath . DS . $file)) { $ext = Jfile::getExt($file); if ($ext == 'ini' and file_exists($keyPath . DS . $file)) { $content = parse_ini_file($keyPath . DS . $file); if ($content and is_array($content) and isset($content['unixtime'])) { $key = $content['unixtime']; unset($content['unixtime']); $existingKeys[$key] = $content; //vmdebug('Reading '.$keyPath .DS. $file,$content); } } else { vmdebug('Resource says there is file, but does not exists? ' . $keyPath . DS . $file); } } else { //vmdebug('Directory in they keyfolder? '.$keyPath .DS. $file); } } else { //vmdebug('Directory in the keyfolder '.$keyPath .DS. $file); } } } else { static $warn = false; if (!$warn) { vmWarn('Key folder in safepath unaccessible ' . $keyPath); } $warn = true; } } if ($existingKeys and is_array($existingKeys) and count($existingKeys) > 0) { ksort($existingKeys); if (!empty($date)) { $key = ''; foreach ($existingKeys as $unixDate => $values) { if ($unixDate - 30 >= $date) { vmdebug('$unixDate ' . $unixDate . ' >= $date ' . $date); continue; } vmdebug('$unixDate < $date'); //$usedKey = $values; $key = $values['key']; } vmdebug('Use key file ', $key); //include($keyPath .DS. $usedKey.'.php'); } else { $usedKey = end($existingKeys); $key = $usedKey['key']; } vmTime('my time', 'check'); return $key; } else { $usedKey = date("ymd"); $filename = $keyPath . DS . $usedKey . '.ini'; if (!JFile::exists($filename)) { $token = vRequest::getHash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt); $key = base64_encode($hashedToken); $date = JFactory::getDate(); $today = $date->toUnix(); //$key = pack('H*',$key); $content = ';<?php die(); */ [keys] key = "' . $key . '" unixtime = "' . $today . '" date = "' . date("Y-m-d H:i:s") . '" ; */ ?>'; $result = JFile::write($filename, $content); vmTime('my time', 'check'); return $key; } } vmTime('my time', 'check'); //return pack('H*',$key); }
function emptyCartFromStorageSession($session_id, $order_number) { $conf = JFactory::getConfig(); $handler = $conf->get('session_handler', 'none'); $config['session_name'] = 'site'; $name = vRequest::getHash($config['session_name']); $options['name'] = $name; $sessionStorage = JSessionStorage::getInstance($handler, $options); $delete = false; // we remove the session for unsecure unserialized PHP version $phpVersion = phpversion(); if (version_compare($phpVersion, '5.4.0') >= 0) { if (version_compare($phpVersion, '5.4.38') == -1) { $delete = true; } else { if (version_compare($phpVersion, '5.5.0') >= 0) { if (version_compare($phpVersion, '5.5.22') == -1) { $delete = true; } else { if (version_compare($phpVersion, '5.6.0') >= 0) { if (version_compare($phpVersion, '5.6.6') == -1) { $delete = true; } } } } } } // The session store MUST be registered. $sessionStorage->register(); if ($delete) { $sessionStorage->write($session_id, NULL); return; } // reads directly the session from the storage $sessionStored = $sessionStorage->read($session_id); if (empty($sessionStored)) { return; } $sessionStorageDecoded = self::session_decode($sessionStored); $vm_namespace = '__vm'; $cart_name = 'vmcart'; if (isset($sessionStorageDecoded[$vm_namespace])) { // vm session is there $vm_sessionStorage = $sessionStorageDecoded[$vm_namespace]; if (isset($vm_sessionStorage[$cart_name])) { // vm cart session is there unset($sessionStorageDecoded[$vm_namespace][$cart_name]); //$sessionStorageDecoded[$vm_namespace][$cart_name] = json_encode ($cart); $sessionStorageEncoded = self::session_encode($sessionStorageDecoded); $sessionStorage->write($session_id, $sessionStorageEncoded); //} } } }
function emptyCartFromStorageSession($session_id, $order_number) { $conf = JFactory::getConfig(); $handler = $conf->get('session_handler', 'none'); $config['session_name'] = 'site'; $name = vRequest::getHash($config['session_name']); $options['name'] = $name; $sessionStorage = JSessionStorage::getInstance($handler, $options); // The session store MUST be registered. $sessionStorage->register(); // reads directly the session from the storage $sessionStored = $sessionStorage->read($session_id); if (empty($sessionStored)) { return; } $sessionStorageDecoded = self::session_decode($sessionStored); $vm_namespace = '__vm'; $cart_name = 'vmcart'; if (isset($sessionStorageDecoded[$vm_namespace])) { // vm session is there $vm_sessionStorage = $sessionStorageDecoded[$vm_namespace]; if (isset($vm_sessionStorage[$cart_name])) { // vm cart session is there unset($sessionStorageDecoded[$vm_namespace][$cart_name]); //$sessionStorageDecoded[$vm_namespace][$cart_name] = json_encode ($cart); $sessionStorageEncoded = self::session_encode($sessionStorageDecoded); $sessionStorage->write($session_id, $sessionStorageEncoded); //} } } }