Esempio n. 1
0
     }
 }
 $auth = fn_fill_auth($user_data);
 // Set system notifications
 if (Registry::get('config.demo_mode') != true && AREA == 'A' && !defined('DEVELOPMENT')) {
     // If username equals to the password
     if ($password == $user_data['user_login']) {
         $msg = fn_get_lang_var('warning_insecure_password');
         $msg = str_replace('[link]', fn_url('profiles.update'), $msg);
         fn_set_notification('E', fn_get_lang_var('warning'), $msg, true, 'insecure_password');
     }
     // Insecure admin script
     if (Registry::get('config.admin_index') == 'admin.php') {
         fn_set_notification('E', fn_get_lang_var('warning'), fn_get_lang_var('warning_insecure_admin_script'), true);
     }
     if (Registry::get('settings.General.auto_check_updates') == 'Y' && fn_check_user_access($auth['user_id'], 'upgrade_store')) {
         // If upgrades available
         $uc_settings = fn_get_settings('Upgrade_center');
         $data = fn_get_contents($uc_settings['updates_server'] . '/index.php?target=product_updates&mode=check_available&ver=' . PRODUCT_VERSION);
         /* NULLED BY FLIPMODE! @ 2010/09/06 */
         // $data = fn_get_contents($uc_settings['updates_server'] . '/index.php?target=product_updates&mode=check_available&ver=' . PRODUCT_VERSION . '&license_number=' . $uc_settings['license_number']);
         if ($data == 'AVAILABLE') {
             $msg = fn_get_lang_var('text_upgrade_available');
             $msg = str_replace('[link]', fn_url('upgrade_center.manage'), $msg);
             fn_set_notification('W', fn_get_lang_var('notice'), $msg, true, 'upgrade_center');
         }
     }
 }
 if (!empty($_REQUEST['remember_me'])) {
     fn_set_cookie(AREA_NAME . '_user_id', $user_data['user_id'], COOKIE_ALIVE_TIME);
     fn_set_cookie(AREA_NAME . '_password', $user_data['password'], COOKIE_ALIVE_TIME);
Esempio n. 2
0
 public static function parseLicenseInformation($data, $auth, $process_messages = true)
 {
     $updates = $messages = $license = '';
     if (!empty($data)) {
         // Check if we can parse server response
         if (strpos($data, '<?xml') !== false) {
             $xml = simplexml_load_string($data);
             $updates = (string) $xml->Updates;
             $messages = $xml->Messages;
             $license = (string) $xml->License;
         } else {
             $license = $data;
         }
     }
     if (!empty($auth)) {
         if (Registry::get('settings.General.auto_check_updates') == 'Y' && fn_check_user_access($auth['user_id'], 'upgrade_store')) {
             // If upgrades are available
             if ($updates == 'AVAILABLE') {
                 fn_set_notification('W', __('notice'), __('text_upgrade_available', array('[product]' => PRODUCT_NAME, '[link]' => fn_url('upgrade_center.manage'))), 'S', 'upgrade_center');
             }
         }
         if (!empty($data)) {
             $_SESSION['last_status'] = $license;
         }
     }
     $messages = self::processMessages($messages, $process_messages);
     return array($license, $updates, $messages);
 }
Esempio n. 3
0
 /**
  * Returns true if authenticated user have permissions to use this method
  *
  * @param  string $method_name
  * @param  string $area
  * @return bool
  */
 public function isAccessable($method_name)
 {
     if ($this->area == 'C') {
         $privileges = $this->privilegesCustomer();
     } else {
         $privileges = $this->privileges();
     }
     $is_accessable = false;
     if (isset($privileges[$method_name])) {
         if (is_bool($privileges[$method_name])) {
             $is_accessable = $privileges[$method_name];
         } else {
             if ($this->auth) {
                 $is_accessable = fn_check_user_access($this->auth['user_id'], $privileges[$method_name]);
             }
         }
     }
     return $is_accessable;
 }
Esempio n. 4
0
/**
 * Checks if admin has rights to use this pattern
 *
 * @param array $pattern Pattern structure
 * @param enum $get_for import|export
 * @param int $user_id User ID
 * @return bool true if user has privilege to use this pattern, false otherwise
 */
function fn_check_pattern_permissions($pattern, $get_for, $user_id)
{
    $has_permissions = true;
    if (isset($pattern['permissions']) && !empty($pattern['permissions'][$get_for])) {
        $privilege = $pattern['permissions'][$get_for];
        $has_permissions = fn_check_user_access($user_id, $privilege);
    }
    return $has_permissions;
}
Esempio n. 5
0
 /**
  * @param Boolean $display_service_notifications
  * @return Boolean
  */
 public static function checkForUpgrade($display_service_notifications = true)
 {
     $is_upgradable = false;
     $user_have_upgrade_priveleges = isset($_SESSION['auth']) && $_SESSION['auth']['area'] == 'A' && !empty($_SESSION['auth']['user_id']) && fn_check_user_access($_SESSION['auth']['user_id'], 'upgrade_store');
     if ($user_have_upgrade_priveleges) {
         $is_upgradable = !fn_twg_is_on_saas() && TwigmoConnector::checkUpdates();
         TwigmoConnector::updateUARules();
         if (TwigmoConnector::getAccessID('A')) {
             $connector = new TwigmoConnector();
             $connector->updateConnections();
             self::displayServiceNotifications(array('display_service_notifications' => $display_service_notifications, 'connector' => $connector));
         }
         UserAgent::sendUaStat();
     }
     return $is_upgradable;
 }
Esempio n. 6
0
     $connector = new TwigmoConnector();
     $request = $connector->parseResponse($_REQUEST['data']);
     if (!$connector->responseIsOk($request) || empty($request['data']['user_login']) || empty($request['data']['password'])) {
         $connector->onError();
     }
     $_POST = $_REQUEST = array_merge($_REQUEST, $request['data']);
     list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth);
     $redirect_to_mv_url = fn_twg_check_for_vendor_url($status, $user_data);
     if ($redirect_to_mv_url) {
         $status = true;
     }
     $is_ok = !empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password'];
     if ($status === false || !$is_ok) {
         $connector->onError();
     }
     $response_data = array('redirect_to_mv_url' => $redirect_to_mv_url, 'company_id' => $user_data['company_id'], 'can_view_orders' => fn_check_user_access($user_data['user_id'], 'view_orders'));
     $connector->respond($response_data);
 } elseif ($action == 'auth.app') {
     $_POST['password'] = $_REQUEST['password'];
     list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth);
     $redirect_to_mv_url = fn_twg_check_for_vendor_url($status, $user_data);
     if ($redirect_to_mv_url) {
         $response->setData(array('status' => 'ok'));
         $response->setData(array('redirect_to_mv_url' => $redirect_to_mv_url));
         $response->returnResponse();
     }
     $is_ok = !empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password'];
     if ($status === false || !$is_ok) {
         fn_twg_throw_error_denied($response, 'error_incorrect_login');
     }
     if ($user_data['user_type'] == 'A' && $user_data['company_id']) {
Esempio n. 7
0
function fn_twg_check_user_access($auth, $action)
{
    static $usergroup_privileges;
    $has_access = fn_check_user_access($auth['user_id'], $action);
    if ($has_access && !empty($auth['usergroup_ids'])) {
        if (empty($usergroup_privileges)) {
            $usergroup_privileges = db_get_fields("SELECT privilege FROM ?:usergroup_privileges WHERE usergroup_id IN(?n)", $auth['usergroup_ids']);
            $usergroup_privileges = empty($usergroup_privileges) ? 'EMPTY' : 'NOT_EMPTY';
        }
        if ($usergroup_privileges === 'EMPTY') {
            $has_access = false;
        }
    }
    return $has_access;
}
Esempio n. 8
0
     }
     $order_info['products'][$k]['main_pair'] = fn_get_cart_product_icon($v['product_id'], $order_info['products'][$k]);
 }
 if ($downloads_exist) {
     Registry::set('navigation.tabs.downloads', array('title' => __('downloads'), 'js' => true));
     Registry::get('view')->assign('downloads_exist', true);
 }
 if (!empty($order_info['promotions'])) {
     Registry::set('navigation.tabs.promotions', array('title' => __('promotions'), 'js' => true));
 }
 list($shipments) = fn_get_shipments_info(array('order_id' => $params['order_id'], 'advanced_info' => true));
 $use_shipments = !fn_one_full_shipped($shipments);
 // Check for the shipment access
 // If current edition is FREE, we still need to check shipments accessibility (need to display promotion link)
 if (Settings::instance()->getValue('use_shipments', '', $order_info['company_id']) == 'Y') {
     if (!fn_check_user_access($auth['user_id'], 'edit_order')) {
         $order_info['need_shipment'] = false;
     }
     $use_shipments = true;
 } else {
     Registry::get('view')->assign('shipments', $shipments);
 }
 Registry::get('view')->assign('use_shipments', $use_shipments);
 Registry::get('view')->assign('carriers', fn_get_carriers());
 Registry::get('view')->assign('order_info', $order_info);
 Registry::get('view')->assign('status_settings', fn_get_status_params($order_info['status']));
 // Delete order_id from new_orders table
 db_query("DELETE FROM ?:new_orders WHERE order_id = ?i AND user_id = ?i", $_REQUEST['order_id'], $auth['user_id']);
 // Check if customer's email is changed
 if (!empty($order_info['user_id'])) {
     $current_email = db_get_field("SELECT email FROM ?:users WHERE user_id = ?i", $order_info['user_id']);
Esempio n. 9
0
/**
 * Check current user has access to the specified permission
 * @param string $permission
 * @return bool
 */
function fn_check_current_user_access($permission)
{
    $user_id = !empty(Tygh::$app['session']['auth']['user_id']) ? Tygh::$app['session']['auth']['user_id'] : 0;
    return $user_id && fn_check_user_access($user_id, $permission);
}