if (!empty($_REQUEST['company_data']['admin_username']) && db_get_field("SELECT COUNT(*) FROM ?:users WHERE user_login = ?s", $_REQUEST['company_data']['admin_username']) > 0) {
fn_set_notification('E', __('error'), __('error_admin_not_created_name_already_used'));
fn_save_post_data('company_data', 'update');
// company data and settings
$suffix = '.add';
} else {
// Adding company record
$company_id = fn_update_company($_REQUEST['company_data']);
if (!empty($company_id)) {
$suffix = ".update?company_id={$company_id}";
if (isset($_REQUEST['company_data']['is_create_vendor_admin']) && $_REQUEST['company_data']['is_create_vendor_admin'] == 'Y') {
if (db_get_field("SELECT COUNT(*) FROM ?:users WHERE email = ?s", $_REQUEST['company_data']['email']) > 0) {
fn_set_notification('E', __('error'), __('error_admin_not_created_email_already_used'));
} else {
// Add company's administrator
if (fn_is_restricted_admin($_REQUEST) == true) {
return array(CONTROLLER_STATUS_DENIED);
}
$company_data = $_REQUEST['company_data'];
$company_data['company_id'] = $company_id;
$company_data['is_root'] = 'N';
$fields = isset($_REQUEST['user_data']['fields']) ? $_REQUEST['user_data']['fields'] : '';
$user_data = fn_create_company_admin($company_data, $fields, true);
}
}
} else {
fn_save_post_data('company_data', 'update');
}
}
} else {
$company_id = fn_update_company($_REQUEST['company_data']);
/**
* Checks is it possible or not to delete user
*
* @param array $user_data Array with user data (should contain at least user_id, is_root and company_id fields)
* @param array $auth Array with authorization data
* @return bool True if user can be deleted, false otherwise.
*/
function fn_check_rights_delete_user($user_data, $auth)
{
$result = true;
if ($user_data['is_root'] == 'Y' && !$user_data['company_id'] || fn_is_restricted_admin($user_data) || !empty($auth['user_id']) && $auth['user_id'] == $user_data['user_id'] || Registry::get('runtime.company_id') && $user_data['is_root'] == 'Y' || Registry::get('runtime.company_id') && fn_allowed_for('ULTIMATE') && $user_data['company_id'] != Registry::get('runtime.company_id')) {
$result = false;
}
/**
* Hook for changing the result of check
*
* @param array $user_data Array with user data
* @param bool $result Result of check
*/
fn_set_hook('check_rights_delete_user', $user_data, $auth, $result);
return $result;
}
/**
* Changes the result of administrator access to profiles checking
*
* @param boolean $result Result of check : true if administeator has access, false otherwise
* @param string $user_type Types of profiles
* @return bool Always true
*/
function fn_mve_check_permission_manage_profiles(&$result, &$user_type)
{
$params = array('user_type' => $user_type);
$result = $result && !fn_is_restricted_admin($params);
if (Registry::get('runtime.company_id') && $result) {
$result = $user_type == 'V' && Registry::get('runtime.company_id');
}
return true;
}
$where = defined('RESTRICTED_ADMIN') ? "a.type!='A' " : '1';
$usergroups = db_get_array("SELECT a.usergroup_id, a.status, a.type, b.usergroup FROM ?:usergroups as a LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s WHERE {$where} ORDER BY usergroup", DESCR_SL);
$view->assign('usergroups', $usergroups);
Registry::set('navigation.tabs', array('general_0' => array('title' => fn_get_lang_var('general'), 'js' => true)));
} elseif ($mode == 'update') {
$usergroup = db_get_row("SELECT a.usergroup_id, a.status, a.type, b.usergroup FROM ?:usergroups as a LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s WHERE a.usergroup_id = ?i", DESCR_SL, $_REQUEST['usergroup_id']);
$view->assign('usergroup', $usergroup);
Registry::set('navigation.tabs', array('general_' . $_REQUEST['usergroup_id'] => array('title' => fn_get_lang_var('general'), 'js' => true)));
} elseif ($mode == 'delete') {
if (!empty($_REQUEST['usergroup_id'])) {
fn_delete_usergroups((array) $_REQUEST['usergroup_id']);
}
return array(CONTROLLER_STATUS_REDIRECT, "usergroups.manage");
} elseif ($mode == 'update_status') {
$user_data = fn_get_user_info($_REQUEST['user_id']);
if (empty($user_data) || defined('COMPANY_ID') && $user_data['is_root'] == 'Y' || defined('RESTRICTED_ADMIN') && ($auth['user_id'] == $_REQUEST['user_id'] || fn_is_restricted_admin(array('user_id' => $_REQUEST['user_id'])))) {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('access_denied'));
exit;
}
$old_status = db_get_field("SELECT status FROM ?:usergroup_links WHERE user_id = ?i AND usergroup_id = ?i", $_REQUEST['user_id'], $_REQUEST['id']);
$result = fn_change_usergroup_status($_REQUEST['status'], $_REQUEST['user_id'], $_REQUEST['id'], fn_get_notification_rules($_REQUEST));
if ($result) {
fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('status_changed'));
} else {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_status_not_changed'));
$ajax->assign('return_status', empty($old_status) ? 'F' : $old_status);
}
exit;
} elseif ($mode == 'requests') {
fn_add_breadcrumb(fn_get_lang_var('usergroups'), "usergroups.manage");
list($requests, $search) = fn_get_usergroup_requests($_REQUEST, Registry::get('settings.Appearance.admin_orders_per_page'));
foreach ($usergroup_links as $u_id => $val) {
fn_send_usergroup_status_notification($u_id, array_keys($val), $new_status);
}
}
}
$suffix = ".requests";
}
if ($mode == 'delete') {
if (!empty($_REQUEST['usergroup_id'])) {
fn_delete_usergroups((array) $_REQUEST['usergroup_id']);
}
return array(CONTROLLER_STATUS_REDIRECT, 'usergroups.manage');
}
if ($mode == 'update_status') {
$user_data = fn_get_user_info($_REQUEST['user_id']);
if (empty($user_data) || Registry::get('runtime.company_id') && $user_data['is_root'] == 'Y' || defined('RESTRICTED_ADMIN') && ($auth['user_id'] == $_REQUEST['user_id'] || fn_is_restricted_admin(array('user_id' => $_REQUEST['user_id'])))) {
fn_set_notification('E', __('error'), __('access_denied'));
exit;
}
$group_type = db_get_field("SELECT type FROM ?:usergroups WHERE usergroup_id = ?i", $_REQUEST['id']);
if (empty($group_type) || $group_type == 'A' && !in_array($user_data['user_type'], array('A', 'V'))) {
fn_set_notification('E', __('error'), __('access_denied'));
exit;
}
$old_status = db_get_field("SELECT status FROM ?:usergroup_links WHERE user_id = ?i AND usergroup_id = ?i", $_REQUEST['user_id'], $_REQUEST['id']);
$result = fn_change_usergroup_status($_REQUEST['status'], $_REQUEST['user_id'], $_REQUEST['id'], fn_get_notification_rules($_REQUEST));
if ($result) {
fn_set_notification('N', __('notice'), __('status_changed'));
} else {
fn_set_notification('E', __('error'), __('error_status_not_changed'));
Registry::get('ajax')->assign('return_status', empty($old_status) ? 'F' : $old_status);
}
/**
* Only admin can set the api key.
*/
if (fn_check_user_type_admin_area($user_data) && !empty($user_data['user_id']) && ($auth['user_type'] == 'A' || $user_data['api_key'])) {
$navigation['api'] = array('title' => __('api_access'), 'js' => true);
Registry::get('view')->assign('show_api_tab', true);
if ($auth['user_type'] != 'A') {
Registry::get('view')->assign('hide_api_checkbox', true);
}
}
Registry::set('navigation.tabs', $navigation);
Registry::get('view')->assign('usergroups', $usergroups);
$profile_fields = fn_get_profile_fields($user_type);
Registry::get('view')->assign('user_type', $user_type);
Registry::get('view')->assign('profile_fields', $profile_fields);
Registry::get('view')->assign('user_data', $user_data);
Registry::get('view')->assign('ship_to_another', fn_check_shipping_billing($user_data, $profile_fields));
if (Registry::get('settings.General.user_multiple_profiles') == 'Y' && !empty($user_id)) {
Registry::get('view')->assign('user_profiles', fn_get_user_profiles($user_id));
}
Registry::get('view')->assign('countries', fn_get_simple_countries(true, CART_LANGUAGE));
Registry::get('view')->assign('states', fn_get_all_states());
} elseif ($mode == 'delete_profile') {
if (fn_is_restricted_admin($_REQUEST)) {
return array(CONTROLLER_STATUS_DENIED);
}
$user_id = empty($_REQUEST['user_id']) ? $auth['user_id'] : $_REQUEST['user_id'];
fn_delete_user_profile($user_id, $_REQUEST['profile_id']);
return array(CONTROLLER_STATUS_OK, "profiles.update?user_id=" . $user_id);
}
reset($cards);
$cards[key($cards)]['default'] = true;
}
$cards_data = array('credit_cards' => empty($cards) ? '' : fn_encrypt_text(serialize($cards)));
db_query('UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i', $cards_data, $_REQUEST['profile_id']);
if (AREA == 'A') {
$uid = empty($_REQUEST['user_id']) ? $auth['user_id'] : $_REQUEST['user_id'];
} else {
$uid = $auth['user_id'];
}
return array(CONTROLLER_STATUS_OK, "profiles.update?user_id={$uid}&profile_id={$_REQUEST['profile_id']}");
}
}
exit;
} elseif ($mode == 'request_usergroup') {
if (AREA == 'A' && fn_is_restricted_admin($_REQUEST) == true) {
return array(CONTROLLER_STATUS_DENIED);
}
$uid = $auth['user_id'];
if (!empty($uid)) {
$_data = array('user_id' => $uid, 'usergroup_id' => $_REQUEST['usergroup_id']);
if ($_REQUEST['status'] == 'A' || $_REQUEST['status'] == 'P') {
$_data['status'] = 'F';
} elseif ($_REQUEST['status'] == 'F' || $_REQUEST['status'] == 'D') {
$_data['status'] = 'P';
$usergroup_request = true;
}
db_query("REPLACE INTO ?:usergroup_links SET ?u", $_data);
if (!empty($usergroup_request)) {
$user_data = fn_get_user_info($uid);
Registry::get('view_mail')->assign('user_data', $user_data);
function fn_delete_user($user_id)
{
$condition = fn_get_company_condition();
$user_data = db_get_row("SELECT is_root, company_id FROM ?:users WHERE user_id = ?i {$condition}", $user_id);
if (empty($user_data) || $user_data['is_root'] == 'Y' && !$user_data['company_id'] || $user_data['is_root'] == 'Y' && defined('COMPANY_ID') || fn_is_restricted_admin(array('user_id' => $user_id))) {
// ($user_data['is_root'] == Y && !$user_data['company_id']) root admin
// ($user_data['is_root'] == Y && defined('COMPANY_ID')) vendor root admin
return false;
}
// Log user deletion
fn_log_event('users', 'delete', array('user_id' => $user_id));
db_query("DELETE FROM ?:users WHERE user_id = ?i", $user_id);
db_query("DELETE FROM ?:user_profiles WHERE user_id = ?i", $user_id);
db_query("DELETE FROM ?:user_session_products WHERE user_id = ?i", $user_id);
db_query("DELETE FROM ?:user_data WHERE user_id = ?i", $user_id);
db_query("UPDATE ?:orders SET user_id = 0 WHERE user_id = ?i", $user_id);
db_query("DELETE FROM ?:usergroup_links WHERE user_id = ?i", $user_id);
fn_set_hook('delete_user', $user_id);
return true;
}
