function makeModule($params)
{
$this->params = $params;
$log_in = $this->getParams($params->params);
switch ($log_in['log_in']) {
case 1:
if (UthandoUser::authorize()) {
$return_mod = true;
}
break;
case 0:
$return_mod = true;
break;
}
$this->module = null;
if ($return_mod) {
$this->getModuleHeader();
$this->getModuleTitle($this->params->module);
if ($this->params->show_title == 1) {
$this->module_wrap->appendChild($this->title);
}
$this->module = $this->getModule($params->module_name, $this->getParams($params->params));
//$this->appendChild($this->module_wrap);
//return $this->toHTML();
return $this->module_wrap;
}
}
private function getAuthorize()
{
if (isset($_SESSION['user_id']) && isset($_SESSION['username']) && isset($_SESSION['user_group']) && UthandoUser::checkUser()) {
// Query the database.
$row = $this->getResult('user_id, username, user_group', $this->registry->user . 'users', $this->registry->user . 'user_groups', array('where' => 'user_id=' . $_SESSION['user_id'], 'and' => "user_group != 'registered'"), false);
if ($row) {
if ($row->username == $_SESSION['username'] && $row->user_id == $_SESSION['user_id'] && $row->user_group == $_SESSION['user_group']) {
$this->upid = $this->setUserPermissions($_SESSION['user_group']);
if ($this->upid > 0 && $this->upid < 4) {
$this->authorized = true;
}
}
}
}
}
private function checkUserCountry()
{
global $uthando, $registry;
if (UthandoUser::authorize()) {
$row = $uthando->getResult('country_id', $registry->user . $uthando->ushop->prefix . 'user_info', null, array('WHERE' => 'user_id=' . $_SESSION['user_id']), false);
if ($row) {
if ($row->country_id > 0) {
$_SESSION['CountryCode'] = $row->country_id;
} else {
unset($_SESSION['CountryCode']);
}
} else {
unset($_SESSION['CountryCode']);
}
}
}
/*{END_PHP_INI_PATH}*/
// Set include paths.
$ini_path = ini_get('include_path') . PATH_SEPARATOR . __PHP_PATH . PATH_SEPARATOR . __PHP_PATH . '/PEAR' . PATH_SEPARATOR . __PHP_PATH . '/Uthando' . PATH_SEPARATOR . __PHP_PATH . '/Uthando/Admin' . PATH_SEPARATOR . __PHP_PATH . '/Uthando/Admin/FileManager' . PATH_SEPARATOR . __PHP_PATH . '/Uthando/functions' . PATH_SEPARATOR . __SITE_PATH . '/modules' . PATH_SEPARATOR . __SITE_PATH . '/components';
set_include_path($ini_path);
// Include functions.
require_once 'functions.php';
$registry = new Admin_Registry(true);
$registry->setSite(realpath(__SITE_PATH . '/../../uthando/ini/uthandoSites.ini.php'));
$registry->loadIniFiles(array('admin_config' => 'uthandoAdmin', 'config' => 'uthando'));
$registry->setDefaults();
if (isset($_POST['session'])) {
$pwd = $_POST['session'][0];
$iv = $_POST['session'][1];
}
$registry->sessionId = Utility::decodeString($pwd, $iv);
$uthando = new UthandoAdmin($registry);
try {
$registry->db = new DB_Admin($registry);
$registry->session = new Session($registry);
UthandoUser::setUserInfo();
if ($uthando->authorize()) {
$ushop = new UShop_Manager($registry);
$ushop->fireEvent(!empty($_POST['action']) ? $_POST['action'] : null);
}
} catch (PDOException $e) {
$registry->Error($e->getMessage());
print_rr($e->getMessage());
}
$registry->db = null;
unset($uthando, $registry);
ob_end_flush();
$registry->config = new Config($registry, array('path' => $registry->ini_dir . '/uthando.ini.php'));
$registry->db_default = $registry->config->get('core', 'DATABASE') . '.';
$registry->core = $registry->config->get('core', 'DATABASE') . '.';
$registry->user = $registry->config->get('user', 'DATABASE') . '.';
$registry->sessions = $registry->config->get('session', 'DATABASE') . '.';
$registry->dbug = $registry->config->get('dbug', 'SERVER');
$registry->compress_files = $registry->config->get('compress_files', 'SERVER');
$uthando = new AjaxContent($registry);
$uthando->timer = new Benchmark_Timer();
$uthando->timer->start();
$registry->template = $registry->config->get('site_template', 'SERVER');
$uthando->setTemplate(__SITE_PATH . '/templates/' . $registry->template . '/ajax_content.php');
$uthando->AddParameter('MERCHANT_NAME', $registry->config->get('site_name', 'SERVER'));
$registry->session = new Session($registry);
UthandoUser::setUserInfo();
if (UthandoUser::authorize()) {
$registry->loggedInUser = true;
$uthando->AddParameter('LOGIN_STATUS', "<p>You are logged in as: " . $_SESSION['name'] . "</p>");
} else {
$registry->loggedInUser = false;
}
try {
$registry->db = new UthandoDB($registry);
// Load component.
$uthando->loadComponent();
// Get Modules and add them.
$uthando->addModules();
} catch (PDOException $e) {
$registry->Error($e->getMessage(), $e);
}
if ($registry->component_css) {
// Apply form element filters.
$form->applyFilter('__ALL__', 'escape_data');
$email = $form->exportValue('email');
$rand_chars = $_SESSION['rand_chars'];
unset($_SESSION['rand_chars']);
foreach ($rand_chars as $key => $value) {
$password[$value] = $form->exportValue('pwd' . $key);
}
// If user exists then login user else display form.
$sql = $this->registry->db->query("\n\t\tSELECT user_id, CONCAT(first_name, ' ', last_name) AS name, user_group, password, iv\n\t\tFROM " . $this->registry->user . "users\n\t\tNATURAL JOIN " . $this->registry->user . "user_groups\n\t\tWHERE email = :email\n\t\tAND user_group='registered'\n\t", array(':email' => $email));
$num_rows = count($sql);
if ($num_rows == 1) {
// login user.
$row = $sql[0];
// decrypt password.
$decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv);
// split the password for checking.
$decrypted = str_split($decrypted);
// check password against the characters submitted
foreach ($password as $key => $value) {
$pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false;
}
// did it pass?
$validated = true;
foreach ($pwd_validate as $value) {
if (!$value) {
$validated = false;
}
}
if ($validated) {
session_regenerate_id();
<?
// no direct access
defined( 'PARENT_FILE' ) or die( 'Restricted access' );
if (!UthandoUser::authorize()):
$form = new HTML_QuickForm('login', 'post', '/user/register');
$user_config = new Config($this->registry, array('path' => $this->registry->ini_dir.'/user/user.ini.php'));
// Remove name attribute for xhtml strict compliance.
$form->removeAttribute('name');
// Add form elements.
// Grouped elements
$name['first'] = &HTML_QuickForm::createElement('text', 'first', null, array('size' => 20, 'class' => 'inputbox'));
$name['last'] = &HTML_QuickForm::createElement('text', 'last', null, array('size' => 30, 'class' => 'inputbox'));
$form->addGroup($name, 'name', 'Name (first, last):', ' ');
$form->addElement('text', 'email1', 'Enter your email address:', array('size' => 20, 'maxlength' => 100, 'class' => 'inputbox'));
$form->addElement('text', 'email2', 'Comfirm your email address:', array('size' => 20, 'maxlength' => 100, 'class' => 'inputbox'));
$form->addElement('password', 'password1', 'Set your password:'******'size' => 15, 'maxlength' => 12, 'class' => 'inputbox'));
$form->addElement('password', 'password2', 'Comfirm your password:'******'size' => 15, 'maxlength' => 12, 'class' => 'inputbox'));
// set up rules.
// name rules
// Define the rules for each element in the group
$first_name_rule_1 = array('First Name is required','required');
public function retrieveCart()
{
if (UthandoUser::authorize()) {
if (isset($_SESSION['cart'])) {
if (!$this->getCart()) {
$this->insertCart($_SESSION['cart']);
}
}
$cart = $this->getCart();
return new UShop_ShoppingCart($this->registry, $cart);
} else {
$cart = isset($_SESSION['cart']) ? $_SESSION['cart'] : null;
return new UShop_ShoppingCart($this->registry, $cart);
}
}
$num_rows = $sql->num_rows;
if ($num_rows == 0) {
// lets now register the user
// connect user to database.
$dsn = array('hostspec' => $this->get('config.database.hostspec'), 'phptype' => $this->get('config.database.phptype'), 'database' => $this->get('config.database.user'));
$dsn = array_merge($dsn, $this->get('config.database_user'));
$this->dsn = $dsn['phptype'] . ":host=" . $dsn['hostspec'] . ";dbname=" . $dsn['database'];
$this->username = $dsn['username'];
$this->password = $dsn['password'];
$conn = new PDO($this->dsn, $this->username, $this->password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$conn->beginTransaction();
// encrypt password.
$user_config = new Config($this->registry, array('path' => $this->registry->ini_dir . '/user/user.ini.php'));
$pwd = UthandoUser::encodePassword($password, $user_config->get('key', 'cipher'));
// get user group for user.
$stmt = $conn->prepare("\n\t\t\t\tSELECT user_group_id\n\t\t\t\tFROM " . $this->registry->user . "user_groups\n\t\t\t\tWHERE user_group='registered'\n\t\t\t");
$stmt->execute();
$res = $stmt->fetch(PDO::FETCH_OBJ);
$stmt = $conn->prepare("\n\t\t\t\tINSERT INTO users (user_group_id, first_name, last_name, username, email, password, iv, cdate)\n\t\t\t\tVALUES (:user_group_id, :first_name, :last_name, :email, :email, :password, :iv, NOW())\n\t\t\t");
$stmt->execute(array(':user_group_id' => $res->user_group_id, ':first_name' => $name['first'], ':last_name' => $name['last'], ':email' => $email, ':password' => $pwd[0], ':iv' => $pwd[1]));
if ($conn->commit()) {
// mail user comfirmation.
// get mail config.
$this->registry->mail_config = new Config($this->registry, array('path' => $this->registry->ini_dir . '/mail.ini.php'));
// get mailer type and call class instance.
$mailer = $this->registry->mail_config->get('type', 'mailer');
$mail = new Mailer($mailer, $this->registry);
$email_type = 'html';
// set some headers.
$password = $form->exportValue('password1');
$update['user_group_id'] = $form->exportValue('group');
if ($update['user_group_id'] == 0) {
$update['user_group_id'] = $user->user_group_id;
}
if (!empty($password)) {
$user_config = new Config($registry, array('path' => $this->registry->ini_dir . '/user/user.ini.php'));
// encrypt password.
// get group id
$ugid = $this->registry->db->query("\n\t\t\t\t\t\tSELECT user_group\n\t\t\t\t\t\tFROM " . $this->registry->user . "user_groups\n\t\t\t\t\t\tWHERE user_group_id=:group\n\t\t\t\t\t", array(':group' => $update['user_group_id']));
if ($ugid[0]->user_group == 'registered') {
$key = array($user_config->get('key', 'cipher'), $this->get('config.server.web_url'));
} else {
$key = $user_config->get('key', 'cipher');
}
$pwd = UthandoUser::encodePassword($password, $key);
$update['password'] = $pwd[0];
$update['iv'] = $pwd[1];
}
$result = $this->registry->db->update($update, $this->registry->user . 'users', array('WHERE' => 'user_id=' . $this->registry->params['id']), $quote = true);
if (!$result) {
$this->registry->Error('record not updated.');
} else {
Uthando::go('/user/overview');
}
} else {
$form->setDefaults(array('name' => array('first' => $user->first_name, 'last' => $user->last_name), 'username' => $user->username, 'email' => $user->email, 'group' => $user->user_group_id));
// Output the form
$renderer = new UthandoForm(TEMPLATES . $this->get('admin_config.site.template'));
$renderer->setFormTemplate('form');
$renderer->setHeaderTemplate('header');
