if (!empty($_REQUEST['company_data']['admin_username']) && db_get_field("SELECT COUNT(*) FROM ?:users WHERE user_login = ?s", $_REQUEST['company_data']['admin_username']) > 0) { fn_set_notification('E', __('error'), __('error_admin_not_created_name_already_used')); fn_save_post_data('company_data', 'update'); // company data and settings $suffix = '.add'; } else { // Adding company record $company_id = fn_update_company($_REQUEST['company_data']); if (!empty($company_id)) { $suffix = ".update?company_id={$company_id}"; if (isset($_REQUEST['company_data']['is_create_vendor_admin']) && $_REQUEST['company_data']['is_create_vendor_admin'] == 'Y') { if (db_get_field("SELECT COUNT(*) FROM ?:users WHERE email = ?s", $_REQUEST['company_data']['email']) > 0) { fn_set_notification('E', __('error'), __('error_admin_not_created_email_already_used')); } else { // Add company's administrator if (fn_is_restricted_admin($_REQUEST) == true) { return array(CONTROLLER_STATUS_DENIED); } $company_data = $_REQUEST['company_data']; $company_data['company_id'] = $company_id; $company_data['is_root'] = 'N'; $fields = isset($_REQUEST['user_data']['fields']) ? $_REQUEST['user_data']['fields'] : ''; $user_data = fn_create_company_admin($company_data, $fields, true); } } } else { fn_save_post_data('company_data', 'update'); } } } else { $company_id = fn_update_company($_REQUEST['company_data']);
/** * Checks is it possible or not to delete user * * @param array $user_data Array with user data (should contain at least user_id, is_root and company_id fields) * @param array $auth Array with authorization data * @return bool True if user can be deleted, false otherwise. */ function fn_check_rights_delete_user($user_data, $auth) { $result = true; if ($user_data['is_root'] == 'Y' && !$user_data['company_id'] || fn_is_restricted_admin($user_data) || !empty($auth['user_id']) && $auth['user_id'] == $user_data['user_id'] || Registry::get('runtime.company_id') && $user_data['is_root'] == 'Y' || Registry::get('runtime.company_id') && fn_allowed_for('ULTIMATE') && $user_data['company_id'] != Registry::get('runtime.company_id')) { $result = false; } /** * Hook for changing the result of check * * @param array $user_data Array with user data * @param bool $result Result of check */ fn_set_hook('check_rights_delete_user', $user_data, $auth, $result); return $result; }
/** * Changes the result of administrator access to profiles checking * * @param boolean $result Result of check : true if administeator has access, false otherwise * @param string $user_type Types of profiles * @return bool Always true */ function fn_mve_check_permission_manage_profiles(&$result, &$user_type) { $params = array('user_type' => $user_type); $result = $result && !fn_is_restricted_admin($params); if (Registry::get('runtime.company_id') && $result) { $result = $user_type == 'V' && Registry::get('runtime.company_id'); } return true; }
$where = defined('RESTRICTED_ADMIN') ? "a.type!='A' " : '1'; $usergroups = db_get_array("SELECT a.usergroup_id, a.status, a.type, b.usergroup FROM ?:usergroups as a LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s WHERE {$where} ORDER BY usergroup", DESCR_SL); $view->assign('usergroups', $usergroups); Registry::set('navigation.tabs', array('general_0' => array('title' => fn_get_lang_var('general'), 'js' => true))); } elseif ($mode == 'update') { $usergroup = db_get_row("SELECT a.usergroup_id, a.status, a.type, b.usergroup FROM ?:usergroups as a LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s WHERE a.usergroup_id = ?i", DESCR_SL, $_REQUEST['usergroup_id']); $view->assign('usergroup', $usergroup); Registry::set('navigation.tabs', array('general_' . $_REQUEST['usergroup_id'] => array('title' => fn_get_lang_var('general'), 'js' => true))); } elseif ($mode == 'delete') { if (!empty($_REQUEST['usergroup_id'])) { fn_delete_usergroups((array) $_REQUEST['usergroup_id']); } return array(CONTROLLER_STATUS_REDIRECT, "usergroups.manage"); } elseif ($mode == 'update_status') { $user_data = fn_get_user_info($_REQUEST['user_id']); if (empty($user_data) || defined('COMPANY_ID') && $user_data['is_root'] == 'Y' || defined('RESTRICTED_ADMIN') && ($auth['user_id'] == $_REQUEST['user_id'] || fn_is_restricted_admin(array('user_id' => $_REQUEST['user_id'])))) { fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('access_denied')); exit; } $old_status = db_get_field("SELECT status FROM ?:usergroup_links WHERE user_id = ?i AND usergroup_id = ?i", $_REQUEST['user_id'], $_REQUEST['id']); $result = fn_change_usergroup_status($_REQUEST['status'], $_REQUEST['user_id'], $_REQUEST['id'], fn_get_notification_rules($_REQUEST)); if ($result) { fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('status_changed')); } else { fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_status_not_changed')); $ajax->assign('return_status', empty($old_status) ? 'F' : $old_status); } exit; } elseif ($mode == 'requests') { fn_add_breadcrumb(fn_get_lang_var('usergroups'), "usergroups.manage"); list($requests, $search) = fn_get_usergroup_requests($_REQUEST, Registry::get('settings.Appearance.admin_orders_per_page'));
foreach ($usergroup_links as $u_id => $val) { fn_send_usergroup_status_notification($u_id, array_keys($val), $new_status); } } } $suffix = ".requests"; } if ($mode == 'delete') { if (!empty($_REQUEST['usergroup_id'])) { fn_delete_usergroups((array) $_REQUEST['usergroup_id']); } return array(CONTROLLER_STATUS_REDIRECT, 'usergroups.manage'); } if ($mode == 'update_status') { $user_data = fn_get_user_info($_REQUEST['user_id']); if (empty($user_data) || Registry::get('runtime.company_id') && $user_data['is_root'] == 'Y' || defined('RESTRICTED_ADMIN') && ($auth['user_id'] == $_REQUEST['user_id'] || fn_is_restricted_admin(array('user_id' => $_REQUEST['user_id'])))) { fn_set_notification('E', __('error'), __('access_denied')); exit; } $group_type = db_get_field("SELECT type FROM ?:usergroups WHERE usergroup_id = ?i", $_REQUEST['id']); if (empty($group_type) || $group_type == 'A' && !in_array($user_data['user_type'], array('A', 'V'))) { fn_set_notification('E', __('error'), __('access_denied')); exit; } $old_status = db_get_field("SELECT status FROM ?:usergroup_links WHERE user_id = ?i AND usergroup_id = ?i", $_REQUEST['user_id'], $_REQUEST['id']); $result = fn_change_usergroup_status($_REQUEST['status'], $_REQUEST['user_id'], $_REQUEST['id'], fn_get_notification_rules($_REQUEST)); if ($result) { fn_set_notification('N', __('notice'), __('status_changed')); } else { fn_set_notification('E', __('error'), __('error_status_not_changed')); Registry::get('ajax')->assign('return_status', empty($old_status) ? 'F' : $old_status);
} /** * Only admin can set the api key. */ if (fn_check_user_type_admin_area($user_data) && !empty($user_data['user_id']) && ($auth['user_type'] == 'A' || $user_data['api_key'])) { $navigation['api'] = array('title' => __('api_access'), 'js' => true); Registry::get('view')->assign('show_api_tab', true); if ($auth['user_type'] != 'A') { Registry::get('view')->assign('hide_api_checkbox', true); } } Registry::set('navigation.tabs', $navigation); Registry::get('view')->assign('usergroups', $usergroups); $profile_fields = fn_get_profile_fields($user_type); Registry::get('view')->assign('user_type', $user_type); Registry::get('view')->assign('profile_fields', $profile_fields); Registry::get('view')->assign('user_data', $user_data); Registry::get('view')->assign('ship_to_another', fn_check_shipping_billing($user_data, $profile_fields)); if (Registry::get('settings.General.user_multiple_profiles') == 'Y' && !empty($user_id)) { Registry::get('view')->assign('user_profiles', fn_get_user_profiles($user_id)); } Registry::get('view')->assign('countries', fn_get_simple_countries(true, CART_LANGUAGE)); Registry::get('view')->assign('states', fn_get_all_states()); } elseif ($mode == 'delete_profile') { if (fn_is_restricted_admin($_REQUEST)) { return array(CONTROLLER_STATUS_DENIED); } $user_id = empty($_REQUEST['user_id']) ? $auth['user_id'] : $_REQUEST['user_id']; fn_delete_user_profile($user_id, $_REQUEST['profile_id']); return array(CONTROLLER_STATUS_OK, "profiles.update?user_id=" . $user_id); }
reset($cards); $cards[key($cards)]['default'] = true; } $cards_data = array('credit_cards' => empty($cards) ? '' : fn_encrypt_text(serialize($cards))); db_query('UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i', $cards_data, $_REQUEST['profile_id']); if (AREA == 'A') { $uid = empty($_REQUEST['user_id']) ? $auth['user_id'] : $_REQUEST['user_id']; } else { $uid = $auth['user_id']; } return array(CONTROLLER_STATUS_OK, "profiles.update?user_id={$uid}&profile_id={$_REQUEST['profile_id']}"); } } exit; } elseif ($mode == 'request_usergroup') { if (AREA == 'A' && fn_is_restricted_admin($_REQUEST) == true) { return array(CONTROLLER_STATUS_DENIED); } $uid = $auth['user_id']; if (!empty($uid)) { $_data = array('user_id' => $uid, 'usergroup_id' => $_REQUEST['usergroup_id']); if ($_REQUEST['status'] == 'A' || $_REQUEST['status'] == 'P') { $_data['status'] = 'F'; } elseif ($_REQUEST['status'] == 'F' || $_REQUEST['status'] == 'D') { $_data['status'] = 'P'; $usergroup_request = true; } db_query("REPLACE INTO ?:usergroup_links SET ?u", $_data); if (!empty($usergroup_request)) { $user_data = fn_get_user_info($uid); Registry::get('view_mail')->assign('user_data', $user_data);
function fn_delete_user($user_id) { $condition = fn_get_company_condition(); $user_data = db_get_row("SELECT is_root, company_id FROM ?:users WHERE user_id = ?i {$condition}", $user_id); if (empty($user_data) || $user_data['is_root'] == 'Y' && !$user_data['company_id'] || $user_data['is_root'] == 'Y' && defined('COMPANY_ID') || fn_is_restricted_admin(array('user_id' => $user_id))) { // ($user_data['is_root'] == Y && !$user_data['company_id']) root admin // ($user_data['is_root'] == Y && defined('COMPANY_ID')) vendor root admin return false; } // Log user deletion fn_log_event('users', 'delete', array('user_id' => $user_id)); db_query("DELETE FROM ?:users WHERE user_id = ?i", $user_id); db_query("DELETE FROM ?:user_profiles WHERE user_id = ?i", $user_id); db_query("DELETE FROM ?:user_session_products WHERE user_id = ?i", $user_id); db_query("DELETE FROM ?:user_data WHERE user_id = ?i", $user_id); db_query("UPDATE ?:orders SET user_id = 0 WHERE user_id = ?i", $user_id); db_query("DELETE FROM ?:usergroup_links WHERE user_id = ?i", $user_id); fn_set_hook('delete_user', $user_id); return true; }