/** * */ public function preparePage() { $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager); $this->P->cb_pagetype = 'content'; if (\HaaseIT\HCSF\Customer\Helper::getUserData()) { $this->P->oPayload->cl_html = $this->textcats->T("denied_default"); } else { $sql = 'SELECT cust_email, cust_id FROM customer ' . 'WHERE cust_emailverificationcode = :key AND cust_emailverified = \'n\''; /** @var \PDOStatement $hResult */ $hResult = $this->db->prepare($sql); $hResult->bindValue(':key', $_GET["key"], \PDO::PARAM_STR); $hResult->execute(); $iRows = $hResult->rowCount(); if ($iRows == 1) { $aRow = $hResult->fetch(); $aData = ['cust_emailverified' => 'y', 'cust_id' => $aRow['cust_id']]; $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id'); /** @var \PDOStatement $hResult */ $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); $this->P->oPayload->cl_html = $this->textcats->T("register_emailverificationsuccess"); } else { $this->P->oPayload->cl_html = $this->textcats->T("register_emailverificationfail"); } } }
public function write() { $aData = ['cl_html' => !empty($this->purifier) ? $this->purifier->purify($this->cl_html) : $this->cl_html, 'cl_title' => filter_var($this->cl_title, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cl_description' => filter_var($this->cl_description, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cl_keywords' => filter_var($this->cl_keywords, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cl_id' => $this->cl_id]; $sql = DBTools::buildPSUpdateQuery($aData, 'content_lang', 'cl_id'); $hResult = $this->serviceManager->get('db')->prepare($sql); foreach ($aData as $sKey => $sValue) { /** @var \PDOStatement $hResult */ $hResult->bindValue(':' . $sKey, $sValue); } return $hResult->execute(); }
/** * */ public function preparePage() { $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager); $this->P->cb_pagetype = 'content'; $this->P->cb_subnav = 'admin'; $this->P->cb_customcontenttemplate = 'shop/shopadmin'; if (isset($_POST["change"])) { $iID = filter_var(trim(Tools::getFormfield("id")), FILTER_SANITIZE_NUMBER_INT); $aData = ['o_lastedit_timestamp' => time(), 'o_remarks_internal' => filter_var(trim(Tools::getFormfield("remarks_internal")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_transaction_no' => filter_var(trim(Tools::getFormfield("transaction_no")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_paymentcompleted' => filter_var(trim(Tools::getFormfield("order_paymentcompleted")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_ordercompleted' => filter_var(trim(Tools::getFormfield("order_completed")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_lastedit_user' => isset($_SERVER["PHP_AUTH_USER"]) ? $_SERVER["PHP_AUTH_USER"] : '', 'o_shipping_service' => filter_var(trim(Tools::getFormfield("order_shipping_service")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_shipping_trackingno' => filter_var(trim(Tools::getFormfield("order_shipping_trackingno")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_id' => $iID]; $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'orders', 'o_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); header('Location: /_admin/shopadmin.html?action=edit&id=' . $iID); die; } $aPData = ['searchform_type' => Tools::getFormfield('type', 'openinwork'), 'searchform_fromday' => Tools::getFormfield('fromday', '01'), 'searchform_frommonth' => Tools::getFormfield('frommonth', '01'), 'searchform_fromyear' => Tools::getFormfield('fromyear', '2014'), 'searchform_today' => Tools::getFormfield('today', date("d")), 'searchform_tomonth' => Tools::getFormfield('tomonth', date("m")), 'searchform_toyear' => Tools::getFormfield('toyear', date("Y"))]; $CSA = ['list_orders' => [['title' => HardcodedText::get('shopadmin_list_customer'), 'key' => 'o_cust', 'width' => 280, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_sumnettoall'), 'key' => 'o_sumnettoall', 'width' => 75, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_orderstatus'), 'key' => 'o_order_status', 'width' => 80, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_ordertimenumber'), 'key' => 'o_ordertime_number', 'width' => 100, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_hostpayment'), 'key' => 'o_order_host_payment', 'width' => 140, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_edit'), 'key' => 'o_id', 'width' => 45, 'linked' => true, 'ltarget' => '/_admin/shopadmin.html', 'lkeyname' => 'id', 'lgetvars' => ['action' => 'edit']]], 'list_orderitems' => [['title' => HardcodedText::get('shopadmin_list_itemno'), 'key' => 'oi_itemno', 'width' => 95, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemname'), 'key' => 'oi_itemname', 'width' => 350, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemamount'), 'key' => 'oi_amount', 'width' => 50, 'linked' => false, 'style-data' => 'text-align: center;'], ['title' => HardcodedText::get('shopadmin_list_itemnetto'), 'key' => 'oi_price_netto', 'width' => 70, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemsumnetto'), 'key' => 'ges_netto', 'width' => 75, 'linked' => false]]]; $aShopadmin = $this->handleShopAdmin($CSA); $this->P->cb_customdata = array_merge($aPData, $aShopadmin); }
/** * @param $CUA * @param $twig * @return mixed */ private function handleCustomerAdmin($CUA, $twig) { $sType = 'all'; if (isset($_REQUEST["type"])) { if ($_REQUEST["type"] == 'active') { $sType = 'active'; } elseif ($_REQUEST["type"] == 'inactive') { $sType = 'inactive'; } } $return = ''; if (!isset($_GET["action"])) { $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer'; if ($sType == 'active') { $sql .= ' WHERE cust_active = \'y\''; } elseif ($sType == 'inactive') { $sql .= ' WHERE cust_active = \'n\''; } $sql .= ' ORDER BY cust_no ASC'; $hResult = $this->db->query($sql); if ($hResult->rowCount() != 0) { $aData = $hResult->fetchAll(); $return .= \HaaseIT\Tools::makeListtable($CUA, $aData, $twig); } else { $aInfo["nodatafound"] = true; } } elseif (isset($_GET["action"]) && $_GET["action"] == 'edit') { $iId = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); $aErr = []; if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') { $sCustno = filter_var(trim($_POST["custno"]), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); if (strlen($sCustno) < HelperConfig::$customer["minimum_length_custno"]) { $aErr["custnoinvalid"] = true; } else { $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_no = :custno'; $hResult = $this->db->prepare($sql); $hResult->bindValue(':id', $iId); $hResult->bindValue(':custno', $sCustno); $hResult->execute(); $iRows = $hResult->rowCount(); if ($iRows == 1) { $aErr["custnoalreadytaken"] = true; } $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email'; $hResult = $this->db->prepare($sql); $hResult->bindValue(':id', $iId); $hResult->bindValue(':email', filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)); $hResult->execute(); $iRows = $hResult->rowCount(); if ($iRows == 1) { $aErr["emailalreadytaken"] = true; } $aErr = CHelper::validateCustomerForm(HelperConfig::$lang, $aErr, true); if (count($aErr) == 0) { $aData = ['cust_no' => $sCustno, 'cust_email' => trim(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)), 'cust_corp' => trim(filter_input(INPUT_POST, 'corpname', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_name' => trim(filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_street' => trim(filter_input(INPUT_POST, 'street', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_zip' => trim(filter_input(INPUT_POST, 'zip', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_town' => trim(filter_input(INPUT_POST, 'town', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_phone' => trim(filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_cellphone' => trim(filter_input(INPUT_POST, 'cellphone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_fax' => trim(filter_input(INPUT_POST, 'fax', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_country' => trim(filter_input(INPUT_POST, 'country', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_group' => trim(filter_input(INPUT_POST, 'custgroup', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_emailverified' => isset($_POST["emailverified"]) && $_POST["emailverified"] == 'y' ? 'y' : 'n', 'cust_active' => isset($_POST["active"]) && $_POST["active"] == 'y' ? 'y' : 'n', 'cust_id' => $iId]; if (isset($_POST["pwd"]) && $_POST["pwd"] != '') { $aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT); $aInfo["passwordchanged"] = true; } $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); $aInfo["changeswritten"] = true; } } } $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id = :id'; $hResult = $this->db->prepare($sql); $hResult->bindValue(':id', $iId); $hResult->execute(); if ($hResult->rowCount() == 1) { $aUser = $hResult->fetch(); $aPData["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'admin', $aErr, $aUser); } else { $aInfo["nosuchuserfound"] = true; } } $aPData["customeradmin"]["text"] = $return; $aPData["customeradmin"]["type"] = $sType; if (isset($aInfo)) { $aPData["customeradmin"]["info"] = $aInfo; } return $aPData; }
/** * @param $purifier * @return bool */ private function admin_updateItem($purifier) { $aData = ['itm_name' => filter_var($this->post["name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_group' => filter_var($this->post["group"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_img' => filter_var($this->post["bild"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_index' => filter_var($this->post["index"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_order' => filter_var($this->post["prio"], FILTER_SANITIZE_NUMBER_INT), 'itm_price' => filter_var($this->post["price"], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'itm_rg' => filter_var($this->post["rg"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_data' => filter_var($this->post["data"], FILTER_UNSAFE_RAW), 'itm_weight' => filter_var($this->post["weight"], FILTER_SANITIZE_NUMBER_INT), 'itm_id' => filter_var($this->post["id"], FILTER_SANITIZE_NUMBER_INT)]; if (!HelperConfig::$shop["vat_disable"]) { $aData['itm_vatid'] = filter_var($this->post["vatid"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); } else { $aData['itm_vatid'] = 'full'; } $sql = DBTools::buildPSUpdateQuery($aData, 'item_base', 'itm_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); if (isset($this->post["textid"])) { $aData = ['itml_text1' => $purifier->purify($this->post["text1"]), 'itml_text2' => $purifier->purify($this->post["text2"]), 'itml_name_override' => filter_var($this->post["name_override"], FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW), 'itml_id' => filter_var($this->post["textid"], FILTER_SANITIZE_NUMBER_INT)]; $sql = DBTools::buildPSUpdateQuery($aData, 'item_lang', 'itml_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); } return true; }
/** * @param $purifier * @return string */ private function admin_updateGroup($purifier) { $sql = 'SELECT * FROM itemgroups_base WHERE itmg_id != :id AND itmg_no = :gno'; $hResult = $this->db->prepare($sql); $iGID = filter_var($_REQUEST["gid"], FILTER_SANITIZE_NUMBER_INT); $sGNo = filter_var($_REQUEST["no"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); $hResult->bindValue(':id', $iGID); $hResult->bindValue(':gno', $sGNo); $hResult->execute(); $iNumRows = $hResult->rowCount(); if ($iNumRows > 0) { return 'duplicateno'; } $aData = ['itmg_name' => filter_var($_REQUEST["name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itmg_no' => $sGNo, 'itmg_img' => filter_var($_REQUEST["img"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itmg_id' => $iGID]; $sql = DBTools::buildPSUpdateQuery($aData, 'itemgroups_base', 'itmg_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); $sql = 'SELECT itmgt_id FROM itemgroups_text WHERE itmgt_pid = :gid AND itmgt_lang = :lang'; $hResult = $this->db->prepare($sql); $hResult->bindValue(':gid', $iGID); $hResult->bindValue(':lang', HelperConfig::$lang, \PDO::PARAM_STR); $hResult->execute(); $iNumRows = $hResult->rowCount(); if ($iNumRows == 1) { $aRow = $hResult->fetch(); $aData = ['itmgt_shorttext' => $purifier->purify($_REQUEST["shorttext"]), 'itmgt_details' => $purifier->purify($_REQUEST["details"]), 'itmgt_id' => $aRow['itmgt_id']]; $sql = DBTools::buildPSUpdateQuery($aData, 'itemgroups_text', 'itmgt_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); } return 'success'; }
/** * */ public function preparePage() { $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager); $this->P->cb_pagetype = 'content'; $sLogData = ''; $iId = \filter_input(INPUT_POST, 'custom', FILTER_SANITIZE_NUMBER_INT); $sql = 'SELECT * FROM orders WHERE o_id = ' . $iId . ' AND o_paymentmethod' . " = 'paypal' AND o_paymentcompleted = 'n'"; $hResult = $this->db->query($sql); if ($hResult->rowCount() == 1) { $aOrder = $hResult->fetch(); $fGesamtbrutto = \HaaseIT\HCSF\Shop\Helper::calculateTotalFromDB($aOrder); $postdata = ''; foreach ($_POST as $i => $v) { $postdata .= $i . '=' . urlencode($v) . '&'; } $postdata .= 'cmd=_notify-validate'; $web = parse_url(HelperConfig::$shop["paypal"]["url"]); if ($web['scheme'] == 'https') { $web['port'] = 443; $ssl = 'ssl://'; } else { $web['port'] = 80; $ssl = ''; } $fp = @fsockopen($ssl . $web['host'], $web['port'], $errnum, $errstr, 30); if ($fp) { fputs($fp, "POST " . $web['path'] . " HTTP/1.1\r\n"); fputs($fp, "Host: " . $web['host'] . "\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Content-length: " . strlen($postdata) . "\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $postdata . "\r\n\r\n"); $info = []; while (!feof($fp)) { $info[] = @fgets($fp, 1024); } fclose($fp); $info = implode(',', $info); if (!(strpos($info, 'VERIFIED') === false)) { $sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\n"; $sLogData .= "W00T!\n\n"; $sLogData .= \HaaseIT\Tools::debug($_REQUEST, '', true, true) . "\n\n"; // Check if the transaction id has been used before $sTxn_idQ = 'SELECT o_paypal_tx FROM orders WHERE o_paypal_tx = :txn_id'; $hTxn_idResult = $this->db->prepare($sTxn_idQ); $hTxn_idResult->bindValue(':txn_id', $_REQUEST["txn_id"]); $hTxn_idResult->execute(); if ($hTxn_idResult->rowCount() == 0) { if ($_REQUEST["mc_gross"] == number_format($fGesamtbrutto, 2, '.', '') && $_REQUEST["custom"] == $aOrder['o_id'] && $_REQUEST["payment_status"] == "Completed" && $_REQUEST["mc_currency"] == HelperConfig::$shop["paypal"]["currency_id"] && $_REQUEST["business"] == HelperConfig::$shop["paypal"]["business"]) { $aTxnUpdateData = ['o_paypal_tx' => $_REQUEST["txn_id"], 'o_paymentcompleted' => 'y', 'o_id' => $iId]; $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aTxnUpdateData, 'orders', 'o_id'); $hResult = $this->db->prepare($sql); foreach ($aTxnUpdateData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); $sLogData .= "-- Alles ok. Zahlung erfolgreich. TXNID: " . $_REQUEST["txn_id"] . " --\n\n"; } else { $sLogData .= "-- In my country we have problem; Problem is evaluation. Throw the data down the log!\n"; $sLogData .= "mc_gross: " . $_REQUEST["mc_gross"] . ' - number_format($fGesamtbrutto, 2, \'.\', \'\'): ' . number_format($fGesamtbrutto, 2, '.', '') . "\n"; $sLogData .= "custom: " . $_REQUEST["custom"] . ' - $aOrder[\'o_id\']: ' . $aOrder['o_id'] . "\n"; $sLogData .= "payment_status: " . $_REQUEST["payment_status"] . "\n"; $sLogData .= "mc_currency: " . $_REQUEST["mc_currency"] . ' - HelperConfig::$shop["paypal"]["currency_id"]: ' . HelperConfig::$shop["paypal"]["currency_id"] . "\n"; $sLogData .= "business: " . $_REQUEST["receiver_email"] . ' - HelperConfig::$shop["paypal"]["business"]: ' . HelperConfig::$shop["paypal"]["business"] . "\n\n"; } } else { // INVALID LOGGING ERROR $sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL\n\n"; $sLogData .= "!!! JEMAND HAT EINE ALTE TXN_ID BENUTZT: " . $_REQUEST["txn_id"] . " !!!\n\n"; $sLogData .= "!!! INVALID !!!\n\n"; } } else { $sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL - Transaktion fehlgeschlagen. TXNID: " . $_REQUEST["txn_id"] . "\n" . $info . "\n\n"; } $fp = fopen(PATH_LOGS . FILE_PAYPALLOG, 'a'); // Write $somecontent to our opened file. fwrite($fp, $sLogData); fclose($fp); } } die; }
/** * @param $iLID * @param $sText */ public function saveText($iLID, $sText) { if (!empty($this->purifier)) { $sText = $this->purifier->purify($sText); } $aData = ['tcl_id' => filter_var($iLID, FILTER_SANITIZE_NUMBER_INT), 'tcl_text' => $sText]; $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'textcat_lang', 'tcl_id'); $hResult = $this->DB->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); }
/** * */ public function preparePage() { $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager); $this->P->cb_pagetype = 'content'; if (!CHelper::getUserData()) { $this->P->oPayload->cl_html = $this->textcats->T("denied_notloggedin"); } else { $this->P->cb_customcontenttemplate = 'customer/customerhome'; $aPData["display_logingreeting"] = false; if (isset($_GET["login"]) && $_GET["login"]) { $aPData["display_logingreeting"] = true; } if (isset($_GET["editprofile"])) { $sErr = ''; if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') { $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email'; $sEmail = filter_var(trim(Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL); $hResult = $this->db->prepare($sql); $hResult->bindValue(':id', $_SESSION["user"]['cust_id'], \PDO::PARAM_INT); $hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR); $hResult->execute(); $iRows = $hResult->rowCount(); if ($iRows == 1) { $sErr .= $this->textcats->T("userprofile_emailalreadyinuse") . '<br>'; } $sErr = CHelper::validateCustomerForm(HelperConfig::$lang, $sErr, true); if ($sErr == '') { if (HelperConfig::$customer["allow_edituserprofile"]) { $aData = ['cust_corp' => filter_var(trim(Tools::getFormfield("corpname")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_name' => filter_var(trim(Tools::getFormfield("name")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_street' => filter_var(trim(Tools::getFormfield("street")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_zip' => filter_var(trim(Tools::getFormfield("zip")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_town' => filter_var(trim(Tools::getFormfield("town")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_phone' => filter_var(trim(Tools::getFormfield("phone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_cellphone' => filter_var(trim(Tools::getFormfield("cellphone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_fax' => filter_var(trim(Tools::getFormfield("fax")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_country' => filter_var(trim(Tools::getFormfield("country")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)]; } if (isset($_POST["pwd"]) && $_POST["pwd"] != '') { $aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT); $aPData["infopasswordchanged"] = true; } $aData['cust_id'] = $_SESSION["user"]['cust_id']; if (count($aData) > 1) { $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); $aPData["infochangessaved"] = true; } else { $aPData["infonothingchanged"] = true; } } } $this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'editprofile', $sErr); //if (HelperConfig::$customer["allow_edituserprofile"]) $P["lang"]["cl_html"] .= '<br>'.$this->textcats->T("userprofile_infoeditemail"); // Future implementation } else { $this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'userhome'); } $aPData["showprofilelinks"] = false; if (!isset($_GET["editprofile"])) { $aPData["showprofilelinks"] = true; } if (isset($aPData) && count($aPData)) { $this->P->cb_customdata["userhome"] = $aPData; } } }
/** * @param $aErr * @return array */ private function handleForgotPassword($aErr) { if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) { $aErr[] = 'emailinvalid'; } else { $sql = 'SELECT * FROM customer WHERE cust_email = :email'; $sEmail = filter_var(trim(\HaaseIT\Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL); $hResult = $this->db->prepare($sql); $hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR); $hResult->execute(); if ($hResult->rowCount() != 1) { $aErr[] = 'emailunknown'; } else { $aResult = $hResult->fetch(); $iTimestamp = time(); if ($iTimestamp - HOUR < $aResult['cust_pwresettimestamp']) { // 1 hour delay between requests $aErr[] = 'pwresetstilllocked'; } else { $sResetCode = md5($aResult['cust_email'] . $iTimestamp); $aData = ['cust_pwresetcode' => $sResetCode, 'cust_pwresettimestamp' => $iTimestamp, 'cust_id' => $aResult['cust_id']]; $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); $sTargetAddress = $aResult['cust_email']; $sSubject = $this->textcats->T("forgotpw_mail_subject"); $sMessage = $this->textcats->T("forgotpw_mail_text1"); $sMessage .= "<br><br>" . '<a href="http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://'; $sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '">'; $sMessage .= 'http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://'; $sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '</a>'; $sMessage .= '<br><br>' . $this->textcats->T("forgotpw_mail_text2"); \HaaseIT\HCSF\Helper::mailWrapper($sTargetAddress, $sSubject, $sMessage); } } } return $aErr; }
/** * @param $aErr * @param $iID * @return array */ private function handlePasswordReset($aErr, $iID) { if (isset($_POST["pwd"]) && trim($_POST["pwd"]) != '') { if (strlen($_POST["pwd"]) < HelperConfig::$customer["minimum_length_password"] || strlen($_POST["pwd"]) > HelperConfig::$customer["maximum_length_password"]) { $aErr[] = 'pwlength'; } if ($_POST["pwd"] != $_POST["pwdc"]) { $aErr[] = 'pwmatch'; } if (count($aErr) == 0) { $sEnc = password_hash($_POST["pwd"], PASSWORD_DEFAULT); $aData = ['cust_password' => $sEnc, 'cust_pwresetcode' => '', 'cust_id' => $iID]; $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id'); $hResult = $this->db->prepare($sql); foreach ($aData as $sKey => $sValue) { $hResult->bindValue(':' . $sKey, $sValue); } $hResult->execute(); } } else { $aErr[] = 'nopw'; } return $aErr; }