$hiddenPassword = TEXT_INFO_PASSWORD_HIDDEN; $check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . (int) $admin_id . ""); while ($check_email = xos_db_fetch_array($check_email_query)) { $stored_email[] = $check_email['admin_email_address']; } if (xos_validate_email($admin_email_address) == false) { xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_not_valid')); } elseif (in_array($admin_email_address, $stored_email)) { xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=email_used')); } else { $my_old_account_query = xos_db_query("select admin_id, admin_firstname, admin_lastname, admin_email_address from " . TABLE_ADMIN . " where admin_id= " . $_SESSION['login_id'] . ""); $my_old_account = xos_db_fetch_array($my_old_account_query); $sql_data_array = array('admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_modified' => 'now()'); $admin_password = xos_db_prepare_input($_POST['admin_password']); if (xos_not_null($admin_password)) { $insert_sql_data = array('admin_password' => xos_encrypt_password($admin_password)); $sql_data_array = array_merge($sql_data_array, $insert_sql_data); } xos_db_perform(TABLE_ADMIN, $sql_data_array, 'update', 'admin_id = \'' . $admin_id . '\''); if (SEND_EMAILS == 'true') { $email_to_admin = new mailer($my_old_account['admin_firstname'] . ' ' . $my_old_account['admin_lastname'], $my_old_account['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $my_old_account['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $my_old_account['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); if (!$email_to_admin->send()) { $messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error'); } } xos_redirect(xos_href_link(FILENAME_ADMIN_ACCOUNT)); } break; } } $my_account_query = xos_db_query("select a.admin_id, a.admin_firstname, a.admin_lastname, a.admin_email_address, a.admin_created, a.admin_modified, a.admin_logdate, a.admin_lognum, g.admin_groups_name from " . TABLE_ADMIN . " a, " . TABLE_ADMIN_GROUPS . " g where a.admin_id= " . $_SESSION['login_id'] . " and g.admin_groups_id= " . $_SESSION['login_groups_id'] . "");
$check_admin_query = xos_db_query("select admin_id as check_id, admin_firstname as check_firstname, admin_lastname as check_lastname, admin_email_address as check_email_address from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_admin_query)) { $_GET['login'] = '******'; } else { $check_admin = xos_db_fetch_array($check_admin_query); if ($check_admin['check_firstname'] != $firstname) { $_GET['login'] = '******'; } else { $_GET['login'] = '******'; $makePassword = xos_create_random_value(7); @(require DIR_FS_SMARTY . 'admin/languages/' . $_SESSION['language'] . '/' . FILENAME_LOGIN); $email_to_admin = new mailer($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); if (!$email_to_admin->send()) { $mailer_error_message = sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo); } else { xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'"); } } } } $javascript = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function center() {' . "\n" . ' var height = document.getElementById("text").offsetHeight;' . "\n" . ' var marg = (height / 2);' . "\n" . ' document.getElementById("spacer").style.margin = "-" + marg + "px" + " 0px" + " 0px" + " 0px";' . "\n" . '}' . "\n\n" . '$(function(){' . "\n" . ' if (document.cookie.indexOf("' . xos_session_name() . '=' . xos_session_id() . '") != -1) {' . "\n" . ' $("#cookie_error").css("visibility", "hidden");' . "\n" . ' }' . "\n" . '});' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n"; require DIR_WS_INCLUDES . 'html_header_with_special_stylesheet.php'; require DIR_WS_INCLUDES . 'footer.php'; if (SESSION_FORCE_COOKIE_USE == 'true' && !isset($_COOKIE[session_name()])) { $smarty->assign('cookie_not_accepted', true); } if ($_GET['login'] == 'success') { $smarty->assign('login_success', true); } elseif ($_GET['login'] == 'fail') { $smarty->assign('login_fail', true); }
$action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'member_new': $admin_email_address = xos_db_prepare_input($_POST['admin_email_address']); $check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . ""); while ($check_email = xos_db_fetch_array($check_email_query)) { $stored_email[] = $check_email['admin_email_address']; } if (xos_validate_email($admin_email_address) == false) { xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_not_valid&action=new_member')); } elseif (in_array($admin_email_address, $stored_email)) { xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_used&action=new_member')); } else { $makePassword = xos_db_prepare_input(xos_create_random_value(7)); $sql_data_array = array('admin_groups_id' => xos_db_prepare_input($_POST['admin_groups_id']), 'admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_password' => xos_encrypt_password($makePassword), 'admin_created' => 'now()'); xos_db_perform(TABLE_ADMIN, $sql_data_array); $admin_id = xos_db_insert_id(); if (SEND_EMAILS == 'true') { $email_to_admin = new mailer($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); if (!$email_to_admin->send()) { $messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error'); } else { $messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $_POST['admin_email_address']), 'success'); } } xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS)); } break; case 'member_edit': $admin_id = xos_db_prepare_input($_POST['admin_id']);
if ($actionRecorder->canPerform() || !$actionRecorder->check()) { // Check if email exists $check_admin_query = xos_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_admin_query)) { $login_error = 'incorrect_values'; $actionRecorder->record(false); } else { $check_admin = xos_db_fetch_array($check_admin_query); // Check that password is good if (!xos_validate_password($password, $check_admin['login_password'])) { $login_error = 'incorrect_values'; $actionRecorder->record(false); } else { // migrate old hashed password to new phpass password if (xos_password_type($check_admin['login_password']) != 'phpass') { xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . (int) $check_admin['login_id'] . "'"); } if (isset($_SESSION['password_forgotten'])) { unset($_SESSION['password_forgotten']); } $login_email_address = $check_admin['login_email_address']; $login_logdate = $check_admin['login_logdate']; $login_lognum = $check_admin['login_lognum']; $login_modified = $check_admin['login_modified']; $_SESSION['login_id'] = $check_admin['login_id']; $_SESSION['login_groups_id'] = $check_admin['login_groups_id']; $_SESSION['login_firstname'] = $check_admin['login_firstname']; $actionRecorder->_user_id = $check_admin['login_id']; $actionRecorder->record(); //$date_now = date('Ymd'); xos_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $_SESSION['login_id'] . "'");
$error = false; if (!isset($_POST['process_id']) || $_POST['security_code'] != str_decrypt($_POST['process_id'])) { $error = true; $messageStack->add('password_forgotten', TEXT_SECURITY_CODE_ERROR); } $actionRecorder = new actionRecorder('ar_reset_password', null, $email_address); if (!$actionRecorder->canPerform() && $actionRecorder->check()) { $error = true; $actionRecorder->record(false); $messageStack->add('password_forgotten', sprintf(ERROR_ACTION_RECORDER, defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5)); } $check_customer_query = xos_db_query("select customers_firstname, customers_lastname, customers_email_address, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'"); if (xos_db_num_rows($check_customer_query) && $error == false) { $check_customer = xos_db_fetch_array($check_customer_query); $new_password = xos_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $crypted_password = xos_encrypt_password($new_password); $smarty->unregisterFilter('output', 'smarty_outputfilter_trimwhitespace'); $smarty->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => XHTML_LANG, 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG . 'images/email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . SELECTED_TPL . '/') . EMAIL_SHOP_LOGO, 'remote_address' => $_SERVER['REMOTE_ADDR'], 'new_password' => $new_password)); $smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_html'); $output_password_forgotten_email_html = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_html.tpl'); $smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_text'); $output_password_forgotten_email_text = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_text.tpl'); $smarty->clearAssign(array('html_params', 'xhtml_lang', 'charset', 'store_name_address', 'store_name', 'src_embedded_shop_logo', 'src_shop_logo', 'remote_address', 'new_password')); $email_to_customer = new mailer($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $check_customer['customers_email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, $output_password_forgotten_email_html, $output_password_forgotten_email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SHOP_LOGO); if (!$email_to_customer->send()) { $messageStack->add_session('login', sprintf(ERROR_PHPMAILER, $email_to_customer->ErrorInfo)); } else { $actionRecorder->_user_id = $check_customer['customers_id']; $actionRecorder->record(); $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success'); xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
$password_current = xos_db_prepare_input($_POST['password_current']); $password_new = xos_db_prepare_input($_POST['password_new']); $password_confirmation = xos_db_prepare_input($_POST['password_confirmation']); $error = false; if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = xos_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); $check_customer = xos_db_fetch_array($check_customer_query); if (xos_validate_password($password_current, $check_customer['customers_password'])) { xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $_SESSION['customer_id'] . "'"); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); xos_redirect(xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); } else { $error = true; $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } } if ($error == true) { $smarty->assign('password_error', true); } } $site_trail->add(NAVBAR_TITLE_1, xos_href_link(FILENAME_ACCOUNT, '', 'SSL')); $site_trail->add(NAVBAR_TITLE_2, xos_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL')); require DIR_WS_INCLUDES . 'html_header.php';
$error = true; $messageStack->add('create_account', ENTRY_TELEPHONE_NUMBER_ERROR); $smarty->assign('telephone_number_error', true); } if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('create_account', ENTRY_PASSWORD_ERROR); } elseif ($password != $confirmation) { $error = true; $messageStack->add('create_account', ENTRY_PASSWORD_ERROR_NOT_MATCHING); } if ($error == true) { $smarty->assign('password_error', true); } if ($error == false) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_language_id' => $language_id, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_password' => xos_encrypt_password($password)); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = $dob_year . $dob_month . $dob_day; } // if you would like to have an alert in the admin section when either a company name has been entered in // the appropriate field or a tax id number, or both then uncomment the next line and comment the default // setting: only alert when a tax_id number has been given //if ( (ACCOUNT_COMPANY == 'true' && xos_not_null($company) ) || (ACCOUNT_COMPANY == 'true' && xos_not_null($company_tax_id) ) ) { if (ACCOUNT_COMPANY == 'true' && xos_not_null($company_tax_id)) { $sql_data_array['customers_group_ra'] = '1'; } xos_db_perform(TABLE_CUSTOMERS, $sql_data_array); $_SESSION['customer_id'] = xos_db_insert_id();
// Check if email exists $check_customer_query = xos_db_query("select customers_id, customers_gender, customers_firstname, customers_lastname, customers_group_id, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = xos_db_fetch_array($check_customer_query); // Check that password is good if (!xos_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'true') { xos_session_recreate(); } // migrate old hashed password to new phpass password if (xos_password_type($check_customer['customers_password']) != 'phpass') { xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'"); } // note that tax rates depend on your registered address! if ($_GET['skip'] != 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD) { $existing_customers_query = xos_db_query("select customers_group_id, customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " order by customers_group_id "); while ($existing_customers = xos_db_fetch_array($existing_customers_query)) { $existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => " " . $existing_customers['customers_group_name'] . " "); } $smarty->assign(array('sppc_toggle_login' => true, 'customers_groups_pull_down_menu' => xos_draw_pull_down_menu('new_customers_group_id', $existing_customers_array, $check_customer['customers_group_id'], 'class="form-control" id="new_customers_group_id"'), 'hidden_field_email_address' => xos_draw_hidden_field('email_address', $_POST['email_address']), 'hidden_field_password' => xos_draw_hidden_field('password', $_POST['password']))); } else { $check_country_query = xos_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'"); $check_country = xos_db_fetch_array($check_country_query); if ($_GET['skip'] == 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD && isset($_POST['new_customers_group_id'])) { $sppc_customer_group_id = $_POST['new_customers_group_id']; $check_customer_group = xos_db_query("select customers_group_discount, customers_group_show_tax, customers_group_tax_exempt from " . TABLE_CUSTOMERS_GROUPS . " where customers_group_id = '" . (int) $_POST['new_customers_group_id'] . "'"); } else {