/**
 * Check if RUB currency is active and used as a primary.
 *
 * @param mixed $new_value New values of shipping_edost_enabled setting
 * @param mixed $old_value Old values of shipping_edost_enabled setting
 */
function fn_settings_actions_shippings_edost_enabled(&$new_value, $old_value)
{
    $currencies = Registry::get('currencies');
    if ($new_value == 'Y' && (empty($currencies[CURRENCY_RUB]) || $currencies[CURRENCY_RUB]['is_primary'] == 'N')) {
        fn_delete_notification('changes_saved');
        fn_set_notification('E', __('warning'), __('edost_activation_error'));
        $new_value = 'N';
    }
}
예제 #2
0
 public function update($id, $params)
 {
     $data = array();
     $status = Response::STATUS_BAD_REQUEST;
     unset($params['category_id']);
     $lang_code = $this->safeGet($params, 'lang_code', DEFAULT_LANGUAGE);
     $category_id = fn_update_category($params, $id, $lang_code);
     $this->prepareImages($params, $id);
     $updated = fn_attach_image_pairs('category_main', 'category', $id, DESCR_SL);
     if ($category_id || $updated) {
         if ($updated && fn_notification_exists('extra', '404')) {
             fn_delete_notification('404');
         }
         $status = Response::STATUS_OK;
         $data = array('category_id' => $id);
     }
     return array('status' => $status, 'data' => $data);
 }
예제 #3
0
파일: func.php 프로젝트: heg-arc-ne/cscart
function fn_hybrid_auth_link($user_data, $auth_data, $provider)
{
    if (empty($user_data['user_id'])) {
        fn_hybrid_auth_link_provider($user_data['user_id'], $auth_data->identifier, $provider);
    }
    $user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
    $redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : fn_url();
    if ($user_status == LOGIN_STATUS_USER_DISABLED) {
        fn_set_notification('E', __('error'), __('error_account_disabled'));
    } elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
        fn_delete_notification('user_exist');
        fn_set_notification('W', __('warning'), __('hybrid_auth.cant_create_profile'));
    }
    return $redirect_url;
}
예제 #4
0
파일: auth.php 프로젝트: heg-arc-ne/cscart
    if (AREA != 'A') {
        fn_add_breadcrumb(__('recover_password'));
    }
    Registry::get('view')->assign('view_mode', 'simple');
}
if ($mode == 'ekey_login') {
    $ekey = !empty($_REQUEST['ekey']) ? $_REQUEST['ekey'] : '';
    $redirect_url = fn_url();
    $result = fn_recover_password_login($ekey);
    if (!is_null($result)) {
        if ($result === LOGIN_STATUS_USER_NOT_FOUND || $result === LOGIN_STATUS_USER_DISABLED) {
            $redirect_url = fn_url();
        } elseif ($result === false) {
            $redirect_url = fn_url();
        } else {
            fn_delete_notification('notice_text_change_password');
            if (!empty($_REQUEST['redirect_url'])) {
                $redirect_url = $_REQUEST['redirect_url'];
                if (strpos($redirect_url, '://') === false) {
                    $redirect_url = 'http://' . $redirect_url;
                }
            } else {
                $redirect_url = fn_url();
            }
        }
    }
    fn_redirect($redirect_url, true);
}
//
// Display login form in the mainbox
//
예제 #5
0
    }
    return array(CONTROLLER_STATUS_REDIRECT, fn_query_remove(REAL_URL, 'skey'));
}
// UK Cookies Law
if (Registry::get('settings.Security.uk_cookies_law') == 'Y') {
    if (!empty($_REQUEST['cookies_accepted']) && $_REQUEST['cookies_accepted'] == 'Y') {
        Tygh::$app['session']['cookies_accepted'] = true;
    }
    if (!defined('AJAX_REQUEST') && empty(Tygh::$app['session']['cookies_accepted'])) {
        $url = fn_link_attach(Registry::get('config.current_url'), 'cookies_accepted=Y');
        $url = str_replace('&', '&', $url);
        $text = __('uk_cookies_law', array('[url]' => $url));
        fn_delete_notification('uk_cookies_law');
        fn_set_notification('W', __('warning'), $text, 'K', 'uk_cookies_law');
    } else {
        fn_delete_notification('uk_cookies_law');
    }
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    return;
}
//
// Check if store is closed
//
if (Registry::get('settings.General.store_mode') == 'Y') {
    if (!empty($_REQUEST['store_access_key'])) {
        Tygh::$app['session']['store_access_key'] = $_GET['store_access_key'];
    }
    if (!fn_check_permissions(Registry::get('runtime.controller'), Registry::get('runtime.mode'), 'trusted_controllers')) {
        if (empty(Tygh::$app['session']['store_access_key']) || Tygh::$app['session']['store_access_key'] != Registry::get('settings.General.store_access_key')) {
            if (defined('AJAX_REQUEST')) {
예제 #6
0
 public function onSuccessPackageInstall()
 {
     fn_delete_notification('upgrade_center:core');
 }
예제 #7
0
 function fn_settings_actions_stores_share_users(&$new_value, $old_value)
 {
     $emails = fn_get_double_user_emails();
     if (!empty($emails)) {
         fn_delete_notification('changes_saved');
         fn_set_notification('E', __('error'), __('ult_share_users_setting_disabled'));
         $new_value = $old_value;
     }
 }
예제 #8
0
         fn_set_notification('E', __('error'), __('text_allowed_to_upload_file_extension', array('[ext]' => implode(',', Registry::get('config.allowed_pack_exts')))));
     } else {
         $upgrade_pack = $upgrade_pack[0];
         $app->uploadUpgradePack($upgrade_pack);
     }
     return array(CONTROLLER_STATUS_REDIRECT, 'upgrade_center.manage');
 }
 if ($mode == 'install') {
     if (!empty($_REQUEST['change_ftp_settings'])) {
         Log::instance($_REQUEST['id'])->add('Update FTP connection settings');
         foreach ($_REQUEST['change_ftp_settings'] as $setting_name => $value) {
             Settings::instance()->updateValue($setting_name, $value, '', true);
             Registry::set('settings.Upgrade_center.' . $setting_name, $value);
         }
     }
     fn_delete_notification('uc.timeout_check_success');
     list($result, $data) = $app->install($_REQUEST['id'], $_REQUEST);
     if ($result === UpgradeCenter::PACKAGE_INSTALL_RESULT_FAIL) {
         $view = Tygh::$app['view'];
         $view->assign('validation_result', $result);
         $view->assign('validation_data', $data);
         $view->assign('id', str_replace('.', '_', $_REQUEST['id']));
         $view->assign('type', $_REQUEST['type']);
         $view->assign('caption', __('continue'));
         $view->assign('show_pre_upgrade_notice', false);
         if (defined('AJAX_REQUEST')) {
             Tygh::$app['ajax']->updateRequest();
         }
         $view->display('views/upgrade_center/components/notices.tpl');
         $view->display('views/upgrade_center/components/install_button.tpl');
         exit;
예제 #9
0
        $connector = new TwigmoConnector();
        $action = 'te';
        $connector->authPage($action);
        exit;
    }
    if ($mode == 'update' && $_REQUEST['addon'] == 'twigmo') {
        if (!empty($_REQUEST['tw_settings'])) {
            $company_id = fn_twg_get_current_company_id();
            TwigmoSettings::set(array('customer_connections' => array($company_id => $_REQUEST['tw_settings'])));
        }
        return array(CONTROLLER_STATUS_REDIRECT, 'addons.update?addon=twigmo');
    }
} elseif ($mode == 'update') {
    if ($_REQUEST['addon'] == 'twigmo') {
        if (!empty($_REQUEST['selected_section']) and $_REQUEST['selected_section'] == 'twigmo_addon') {
            fn_delete_notification('twigmo_upgrade');
        }
        if (!fn_twg_is_updated()) {
            fn_set_notification('W', __('notice'), __('twgadmin_reinstall'));
        }
        $company_id = fn_twg_get_current_company_id();
        $view = Registry::get('view');
        $view->assign('default_logo', TwigmoImage::getDefaultLogoUrl($company_id));
        $urls = TwigmoConnector::getMobileScriptsUrls();
        $view->assign('favicon', $urls['favicon']);
        $view->assign('logo_object_id', $company_id * 10 + 1);
        $view->assign('favicon_object_id', $company_id * 10 + 2);
        $tw_register['version'] = TWIGMO_VERSION;
        $view->assign('tw_register', $tw_register);
        $view->assign('next_version_info', TwigmoUpgrade::getNextVersionInfo());
        $view->assign('twg_is_connected', TwigmoConnector::anyFrontendIsConnected());
예제 #10
0
    // PCI DSS Compliance
    $auth['password_change_timestamp'] = !empty($auth['password_change_timestamp']) ? $auth['password_change_timestamp'] : 0;
    $time_diff = TIME - $auth['password_change_timestamp'];
    $expire = Registry::get('settings.Security.admin_password_expiration_period') * SECONDS_IN_DAY;
    if (!isset($auth['first_expire_check'])) {
        $auth['first_expire_check'] = true;
    }
    // Make user change the password if:
    // - password has expired
    // - this is the first admin's login and change_admin_password_on_first_login is enabled
    // - this is the first vendor admin's login
    if (empty($auth['password_change_timestamp']) && (Registry::get('settings.Security.change_admin_password_on_first_login') == 'Y' || !empty($auth['company_id'])) || $expire && $time_diff >= $expire) {
        $_SESSION['auth']['forced_password_change'] = true;
        if ($auth['first_expire_check']) {
            // we can redirect only on first check, else we can corrupt some admin's working processes ( such as ajax requests
            fn_delete_notification('insecure_password');
            $return_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : Registry::get('config.current_url');
            return array(CONTROLLER_STATUS_REDIRECT, "auth.password_change?return_url=" . urlencode($return_url));
        } else {
            if (!fn_notification_exists('E', 'password_expire')) {
                fn_set_notification('E', fn_get_lang_var('warning'), str_replace('[link]', fn_url('profiles.update', 'A'), fn_get_lang_var('error_password_expired_change')), true, 'password_expire');
            }
        }
    } else {
        $auth['first_expire_check'] = false;
    }
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    return;
}
// Get base menu
예제 #11
0
function fn_specific_development_before_login($request, $redirect_url)
{
    if (!empty($request['token'])) {
        $auth =& $auth;
        $_request = array();
        $_request[] = 'apiKey=' . Registry::get('addons.specific_development.apikey');
        $_request[] = 'token=' . $request['token'];
        list($header, $_result) = fn_https_request('POST', 'https://rpxnow.com/api/v2/auth_info', $_request);
        $data = fn_from_json($_result, true);
        if (isset($data['stat']) && $data['stat'] == 'ok') {
            $user_data = array();
            $user_data = db_get_row('SELECT user_id, password FROM ?:users WHERE janrain_identifier = ?s', md5($data['profile']['identifier']));
            if (empty($user_data['user_id'])) {
                Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
                $user_data = array();
                $user_data['janrain_identifier'] = md5($data['profile']['identifier']);
                $user_data['email'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
                $user_data['user_login'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
                $user_data['user_type'] = 'C';
                $user_data['is_root'] = 'N';
                $user_data['password1'] = $user_data['password2'] = '';
                $user_data['title'] = 'mr';
                $user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
                $user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
                list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, false, false);
            }
            $user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
            if ($user_status == LOGIN_STATUS_OK) {
                if (empty($user_data['password'])) {
                    $subscriber = db_get_row("SELECT * FROM ?:subscribers WHERE email = ?s", $user_data['email']);
                    if (empty($subscriber)) {
                        $c_data = array('email' => $user_data['email'], 'timestamp' => TIME);
                        $subscriber_id = db_query("INSERT INTO ?:subscribers ?e", $c_data);
                        $_data['subscriber_id'] = $subscriber_id;
                        $_data['list_id'] = "1";
                        $_data['timestamp'] = TIME;
                        $_data['activation_key'] = md5(uniqid(rand()));
                        $_data['unsubscribe_key'] = md5(uniqid(rand()));
                        db_query("INSERT INTO ?:user_mailing_lists ?e", $_data);
                    } else {
                        $subscriber_id = $subscriber['subscriber_id'];
                    }
                    $redirect_url = 'checkout.checkout&edit_step=step_two&from_step=step_one';
                } else {
                    $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
                }
            } elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
                fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
                fn_save_post_data();
                $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
            } elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
                fn_delete_notification('user_exist');
                fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('janrain_cant_create_profile'));
                $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
            }
            fn_delete_user($user_data['user_id']);
        }
        unset($request['token']);
    } elseif (empty($_REQUEST['user_login']) || empty($_REQUEST['password'])) {
        $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
    }
}
예제 #12
0
/**
 * Add/update user
 *
 * @param int $user_id - user ID to update (empty for new user)
 * @param array $user_data - user data
 * @param array $auth - authentication information
 * @param bool $ship_to_another - flag indicates that shipping and billing fields are different
 * @param bool $notify_user - flag indicates that user should be notified
 * @return array with user ID and profile ID if success, false otherwise
 */
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_user)
{
    /**
     * Actions before updating user
     *
     * @param int   $user_id         User ID to update (empty for new user)
     * @param array $user_data       User data
     * @param array $auth            Authentication information
     * @param bool  $ship_to_another Flag indicates that shipping and billing fields are different
     * @param bool  $notify_user     Flag indicates that user should be notified
     */
    fn_set_hook('update_user_pre', $user_id, $user_data, $auth, $ship_to_another, $notify_user);
    array_walk($user_data, 'fn_trim_helper');
    $register_at_checkout = isset($user_data['register_at_checkout']) && $user_data['register_at_checkout'] == 'Y' ? true : false;
    if (fn_allowed_for('ULTIMATE')) {
        if (AREA == 'A' && !empty($user_data['user_type']) && $user_data['user_type'] == 'C' && (empty($user_data['company_id']) || Registry::get('runtime.company_id') && $user_data['company_id'] != Registry::get('runtime.company_id'))) {
            fn_set_notification('W', __('warning'), __('access_denied'));
            return false;
        }
    }
    if (!empty($user_id)) {
        $current_user_data = db_get_row("SELECT user_id, company_id, is_root, status, user_type, user_login, lang_code, password, salt, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
        if (empty($current_user_data)) {
            fn_set_notification('E', __('error'), __('object_not_found', array('[object]' => __('user'))), '', '404');
            return false;
        }
        if (!fn_check_editable_permissions($auth, $current_user_data)) {
            fn_set_notification('E', __('error'), __('access_denied'));
            return false;
        }
        if (!empty($user_data['profile_id']) && AREA != 'A') {
            $profile_ids = db_get_fields("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i", $user_id);
            if (!in_array($user_data['profile_id'], $profile_ids)) {
                fn_set_notification('W', __('warning'), __('access_denied'));
                return false;
            }
        }
        if (fn_allowed_for('ULTIMATE')) {
            if (AREA != 'A' || empty($user_data['company_id'])) {
                //we should set company_id for the frontdend, in the backend company_id received from form
                if ($current_user_data['user_type'] == 'A') {
                    if (!isset($user_data['company_id']) || AREA != 'A' || Registry::get('runtime.company_id')) {
                        // reset administrator's company if it was not set to root
                        $user_data['company_id'] = $current_user_data['company_id'];
                    }
                } elseif (Registry::get('settings.Stores.share_users') == 'Y') {
                    $user_data['company_id'] = $current_user_data['company_id'];
                } else {
                    $user_data['company_id'] = Registry::ifGet('runtime.company_id', 1);
                }
            }
        }
        if (fn_allowed_for('MULTIVENDOR')) {
            if (AREA != 'A') {
                //we should set company_id for the frontend
                $user_data['company_id'] = $current_user_data['company_id'];
            }
        }
        $action = 'update';
    } else {
        $current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
        if (fn_allowed_for('ULTIMATE')) {
            if (!empty($user_data['company_id']) || Registry::get('runtime.company_id') || AREA == 'A') {
                //company_id can be received when we create user account from the backend
                $company_id = !empty($user_data['company_id']) ? $user_data['company_id'] : Registry::get('runtime.company_id');
                if (empty($company_id)) {
                    $company_id = fn_check_user_type_admin_area($user_data['user_type']) ? $user_data['company_id'] : fn_get_default_company_id();
                }
                $user_data['company_id'] = $current_user_data['company_id'] = $company_id;
            } else {
                fn_set_notification('W', __('warning'), __('access_denied'));
                return false;
            }
        }
        $action = 'add';
        $user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
        $user_data['timestamp'] = TIME;
    }
    $original_password = '';
    $current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
    $current_user_data['salt'] = !empty($current_user_data['salt']) ? $current_user_data['salt'] : '';
    // Set the user type
    $user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
    if (Registry::get('runtime.company_id') && !fn_allowed_for('ULTIMATE') && (!fn_check_user_type_admin_area($user_data['user_type']) || isset($current_user_data['company_id']) && $current_user_data['company_id'] != Registry::get('runtime.company_id'))) {
        fn_set_notification('W', __('warning'), __('access_denied'));
        return false;
    }
    // Check if this user needs login/password
    if (fn_user_need_login($user_data['user_type'])) {
        // Check if user_login already exists
        // FIXME
        if (!isset($user_data['email'])) {
            $user_data['email'] = db_get_field("SELECT email FROM ?:users WHERE user_id = ?i", $user_id);
        }
        $is_exist = fn_is_user_exists($user_id, $user_data);
        if ($is_exist) {
            fn_set_notification('E', __('error'), __('error_user_exists'), '', 'user_exist');
            return false;
        }
        // Check the passwords
        if (!empty($user_data['password1']) || !empty($user_data['password2'])) {
            $original_password = trim($user_data['password1']);
            $user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
            $user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
        }
        // if the passwords are not set and this is not a forced password check
        // we will not update password, otherwise let's check password
        if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
            $valid_passwords = true;
            if ($user_data['password1'] != $user_data['password2']) {
                $valid_passwords = false;
                fn_set_notification('E', __('error'), __('error_passwords_dont_match'));
            }
            // PCI DSS Compliance
            if (fn_check_user_type_admin_area($user_data['user_type'])) {
                $msg = array();
                // Check password length
                $min_length = Registry::get('settings.Security.min_admin_password_length');
                if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
                    $valid_passwords = false;
                    $msg[] = str_replace("[number]", $min_length, __('error_password_min_symbols'));
                }
                // Check password content
                if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
                    $tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
                    if (!$tmp_result) {
                        $valid_passwords = false;
                        $msg[] = __('error_password_content');
                    }
                }
                if ($msg) {
                    fn_set_notification('E', __('error'), implode('<br />', $msg));
                }
                // Check last 4 passwords
                if (!empty($user_id)) {
                    $prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
                    if (!empty($_SESSION['auth']['forced_password_change'])) {
                        // if forced password change - new password can't be equal to current password.
                        $prev_passwords[] = $current_user_data['password'];
                    }
                    if (in_array(fn_generate_salted_password($user_data['password1'], $current_user_data['salt']), $prev_passwords)) {
                        $valid_passwords = false;
                        fn_set_notification('E', __('error'), __('error_password_was_used'));
                    } else {
                        if (count($prev_passwords) >= 5) {
                            array_shift($prev_passwords);
                        }
                        $user_data['last_passwords'] = implode(',', $prev_passwords);
                    }
                }
            }
            // PCI DSS Compliance
            if (!$valid_passwords) {
                return false;
            }
            $user_data['salt'] = fn_generate_salt();
            $user_data['password'] = fn_generate_salted_password($user_data['password1'], $user_data['salt']);
            if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
                // if user set current password - there is no necessity to update password_change_timestamp
                $user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
            }
            unset($_SESSION['auth']['forced_password_change']);
            fn_delete_notification('password_expire');
        }
    }
    $user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
    // only administrator can change user status
    // Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
    if (AREA == 'A' || Registry::get('settings.Checkout.address_position') == 'billing_first') {
        $main_address_zone = BILLING_ADDRESS_PREFIX;
        $alt_address_zone = SHIPPING_ADDRESS_PREFIX;
    } else {
        $main_address_zone = SHIPPING_ADDRESS_PREFIX;
        $alt_address_zone = BILLING_ADDRESS_PREFIX;
    }
    $user_data = fn_fill_contact_info_from_address($user_data, $main_address_zone, $alt_address_zone);
    if (!fn_allowed_for('ULTIMATE')) {
        //for ult company_id was set before
        fn_set_company_id($user_data);
    }
    if (!empty($current_user_data['is_root']) && $current_user_data['is_root'] == 'Y') {
        $user_data['is_root'] = 'Y';
    } else {
        $user_data['is_root'] = 'N';
    }
    // check if it is a root admin
    $is_root_admin_exists = db_get_field("SELECT user_id FROM ?:users WHERE company_id = ?i AND is_root = 'Y' AND user_id != ?i", $user_data['company_id'], !empty($user_id) ? $user_id : 0);
    $user_data['is_root'] = empty($is_root_admin_exists) && $user_data['user_type'] !== 'C' ? 'Y' : 'N';
    unset($user_data['user_id']);
    if (!empty($user_id)) {
        db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
        fn_clean_usergroup_links($user_id, $current_user_data['user_type'], $user_data['user_type']);
        fn_log_event('users', 'update', array('user_id' => $user_id));
    } else {
        if (!isset($user_data['password_change_timestamp'])) {
            $user_data['password_change_timestamp'] = 1;
        }
        $user_id = db_query("INSERT INTO ?:users ?e", $user_data);
        fn_log_event('users', 'create', array('user_id' => $user_id));
    }
    $user_data['user_id'] = $user_id;
    // Set/delete insecure password notification
    if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['password1'])) {
        if (!fn_compare_login_password($user_data, $user_data['password1'])) {
            fn_delete_notification('insecure_password');
        } else {
            $lang_var = 'warning_insecure_password_email';
            fn_set_notification('E', __('warning'), __($lang_var, array('[link]' => fn_url("profiles.update?user_id=" . $user_id))), 'K', 'insecure_password');
        }
    }
    if (empty($user_data['user_login'])) {
        // if we're using email as login or user type does not require login, fill login field
        db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
    }
    // Fill shipping info with billing if needed
    if (empty($ship_to_another)) {
        $profile_fields = fn_get_profile_fields($user_data['user_type']);
        $use_default = AREA == 'A' ? true : false;
        fn_fill_address($user_data, $profile_fields, $use_default);
    }
    $user_data['profile_id'] = fn_update_user_profile($user_id, $user_data, $action);
    $user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
    if ($register_at_checkout) {
        $user_data['register_at_checkout'] = 'Y';
    }
    $lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
    if (!fn_allowed_for('ULTIMATE:FREE')) {
        $user_data['usergroups'] = db_get_hash_array("SELECT lnk.link_id, lnk.usergroup_id, lnk.status, a.type, b.usergroup" . " FROM ?:usergroup_links as lnk" . " INNER JOIN ?:usergroups as a ON a.usergroup_id = lnk.usergroup_id AND a.status != 'D'" . " LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s" . " WHERE a.status = 'A' AND lnk.user_id = ?i AND lnk.status != 'D' AND lnk.status != 'F'", 'usergroup_id', $lang_code, $user_id);
    }
    // Send notifications to customer
    if (!empty($notify_user)) {
        $from = 'company_users_department';
        if (fn_allowed_for('MULTIVENDOR')) {
            // Vendor administrator's notification
            // is sent from root users department
            if ($user_data['user_type'] == 'V') {
                $from = 'default_company_users_department';
            }
        }
        // Notify customer about profile activation (when update profile only)
        if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
            Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/profile_activated.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code);
        }
        // Notify customer about profile add/update
        $prefix = $action == 'add' ? 'create' : 'update';
        // Send password to user only if it was created by admin or vendor
        if (AREA != 'C' && $auth['user_id'] != $user_id) {
            $password = $original_password;
        } else {
            $password = null;
        }
        Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('password' => $password, 'user_data' => $user_data), 'tpl' => 'profiles/' . $prefix . '_profile.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code);
    }
    if ($action == 'add') {
        if (AREA != 'A') {
            if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
                fn_set_notification('W', __('important'), __('text_profile_should_be_approved'));
                // Notify administrator about new profile
                Mailer::sendMail(array('to' => 'company_users_department', 'from' => 'company_users_department', 'reply_to' => $user_data['email'], 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/activate_profile.tpl', 'company_id' => $user_data['company_id']), 'A', Registry::get('settings.Appearance.backend_default_language'));
            } else {
                fn_set_notification('N', __('information'), __('text_profile_is_created'));
            }
        }
        if (!is_null($auth)) {
            if (!empty($auth['order_ids'])) {
                db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
            }
        }
    } else {
        if (AREA == 'C') {
            fn_set_notification('N', __('information'), __('text_profile_is_updated'));
        }
    }
    fn_set_hook('update_profile', $action, $user_data, $current_user_data);
    return array($user_id, !empty($user_data['profile_id']) ? $user_data['profile_id'] : false);
}
예제 #13
0
 /**
  * Callback after package installed
  * @param $content_schema
  * @param $information_schema
  */
 public function onSuccessPackageInstall($content_schema, $information_schema)
 {
     fn_delete_notification($this->notification_key);
 }
예제 #14
0
<?php

/***************************************************************************
*                                                                          *
*    Copyright (c) 2004 Simbirsk Technologies Ltd. All rights reserved.    *
*                                                                          *
* This  is  commercial  software,  only  users  who have purchased a valid *
* license  and  accept  to the terms of the  License Agreement can install *
* and use this program.                                                    *
*                                                                          *
****************************************************************************
* PLEASE READ THE FULL TEXT  OF THE SOFTWARE  LICENSE   AGREEMENT  IN  THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE.            *
****************************************************************************/
//
// $Id: index.php 7688 2009-07-10 05:58:05Z zeke $
//
if (!defined('AREA')) {
    die('Access denied');
}
// Generate dashboard
if ($mode == 'index') {
    $events = fn_get_recurring_events();
    if (!fn_is_empty($events)) {
        $msg = fn_get_lang_var('rb_have_events');
        $msg = str_replace('[link]', fn_url("subscriptions.events"), $msg);
        fn_delete_notification('rb_events');
        fn_set_notification('N', fn_get_lang_var('notice'), $msg, true, 'rb_events');
    }
}
예제 #15
0
                    $user_data['title'] = !empty($data['profile']['honorificPrefix']) ? $data['profile']['honorificPrefix'] : 'mr';
                    $user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
                    $user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
                    list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, true, false);
                }
                $user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
                if ($user_status == LOGIN_STATUS_OK) {
                    if (empty($user_data['password'])) {
                        fn_set_notification('W', __('warning'), __('janrain_need_update_profile'));
                        $redirect_url = 'profiles.update';
                    } else {
                        $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
                    }
                } elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
                    fn_set_notification('E', __('error'), __('error_account_disabled'));
                    $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
                } elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
                    fn_delete_notification('user_exist');
                    fn_set_notification('W', __('warning'), __('janrain_cant_create_profile'));
                    $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
                }
            }
            unset($_REQUEST['token']);
        } elseif (empty($_REQUEST['user_login']) || empty($_REQUEST['password'])) {
            $redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
        }
        if (!empty($redirect_url)) {
            return array(CONTROLLER_STATUS_REDIRECT, !empty($redirect_url) ? $redirect_url : fn_url());
        }
    }
}
예제 #16
0
/**
 * Update multiple posts at once
 * @param array $posts posts data
 * @return boolean always true
 */
function fn_update_discussion_posts($posts)
{
    if (!empty($posts) && is_array($posts)) {
        $threads = db_get_hash_single_array("SELECT post_id, thread_id FROM ?:discussion_posts WHERE post_id IN (?n)", array('post_id', 'thread_id'), array_keys($posts));
        $messages_exist = db_get_fields("SELECT post_id FROM ?:discussion_messages WHERE post_id IN (?n)", array_keys($posts));
        $rating_exist = db_get_fields("SELECT post_id FROM ?:discussion_rating WHERE post_id IN (?n)", array_keys($posts));
        fn_delete_notification('company_access_denied');
        foreach ($posts as $p_id => $data) {
            db_query("UPDATE ?:discussion_posts SET ?u WHERE post_id = ?i", $data, $p_id);
            if (in_array($p_id, $messages_exist)) {
                db_query("UPDATE ?:discussion_messages SET ?u WHERE post_id = ?i", $data, $p_id);
            } else {
                $data['thread_id'] = $threads[$p_id];
                $data['post_id'] = $p_id;
                db_query("INSERT INTO ?:discussion_messages ?e", $data);
            }
            if (in_array($p_id, $rating_exist)) {
                db_query("UPDATE ?:discussion_rating SET ?u WHERE post_id = ?i", $data, $p_id);
            } else {
                $data['thread_id'] = $threads[$p_id];
                $data['post_id'] = $p_id;
                db_query("INSERT INTO ?:discussion_rating ?e", $data);
            }
        }
    }
    return true;
}
예제 #17
0
     }
     if ($lc == false) {
         fn_delete_notification('changes_saved');
     }
 }
 if ($mode == 'install_from_po') {
     $uploaded_data = fn_filter_uploaded_data('language_data', array('po', 'zip'));
     if (!empty($uploaded_data['po_file']['path'])) {
         $ext = fn_get_file_ext($uploaded_data['po_file']['name']);
         if ($ext == 'po') {
             $result = Languages::installLanguagePack($uploaded_data['po_file']['path']);
         } else {
             $result = Languages::installZipPack($uploaded_data['po_file']['path']);
         }
         if (!$result) {
             fn_delete_notification('changes_saved');
         }
     }
 }
 if ($mode == 'install' && !empty($_REQUEST['pack'])) {
     $pack_path = Registry::get('config.dir.lang_packs') . fn_basename($_REQUEST['pack']);
     if (Languages::installCrowdinPack($pack_path, array())) {
         return array(CONTROLLER_STATUS_OK, 'languages.manage');
     } else {
         return array(CONTROLLER_STATUS_OK, 'languages.manage?selected_section=available_languages');
     }
 }
 if ($mode == 'delete_variable') {
     LanguageValues::deleteVariables($_REQUEST['name']);
     return array(CONTROLLER_STATUS_REDIRECT);
 }
예제 #18
0
/**
 * Dispathes the execution control to correct controller
 *
 * @return nothing
 */
function fn_dispatch($controller = '', $mode = '', $action = '', $dispatch_extra = '', $area = AREA)
{
    Debugger::checkpoint('After init');
    $auth = $_SESSION['auth'];
    $controller = empty($controller) ? Registry::get('runtime.controller') : $controller;
    $mode = empty($mode) ? Registry::get('runtime.mode') : $mode;
    $action = empty($action) ? Registry::get('runtime.action') : $action;
    $dispatch_extra = empty($dispatch_extra) ? Registry::get('runtime.dispatch_extra') : $dispatch_extra;
    fn_set_hook('before_dispatch', $controller, $mode, $action, $dispatch_extra, $area);
    $view = Registry::get('view');
    $run_controllers = true;
    $external = false;
    $status = CONTROLLER_STATUS_NO_PAGE;
    // CSRF protection
    if (fn_is_csrf_protection_enabled($auth) && !fn_csrf_validate_request(array('server' => $_SERVER, 'request' => $_REQUEST, 'session' => $_SESSION, 'controller' => $controller, 'mode' => $mode, 'action' => $action, 'dispatch_extra' => $dispatch_extra, 'area' => $area, 'auth' => $auth))) {
        fn_set_notification('E', __('error'), __('text_csrf_attack'));
        fn_redirect(fn_url());
    }
    // If $config['http_host'] was different from the domain name, there was redirection to $config['http_host'] value.
    if (strtolower(Registry::get('config.current_host')) != strtolower(REAL_HOST) && $_SERVER['REQUEST_METHOD'] == 'GET' && !defined('CONSOLE')) {
        if (!empty($_SERVER['REDIRECT_URL'])) {
            $qstring = $_SERVER['REDIRECT_URL'];
        } else {
            if (!empty($_SERVER['REQUEST_URI'])) {
                $qstring = $_SERVER['REQUEST_URI'];
            } else {
                $qstring = Registry::get('config.current_url');
            }
        }
        $curent_path = Registry::get('config.current_path');
        if (!empty($curent_path) && strpos($qstring, $curent_path) === 0) {
            $qstring = substr_replace($qstring, '', 0, fn_strlen($curent_path));
        }
        fn_redirect(Registry::get('config.current_location') . $qstring, false, true);
    }
    $upload_max_filesize = Bootstrap::getIniParam('upload_max_filesize');
    $post_max_size = Bootstrap::getIniParam('post_max_size');
    if (!defined('AJAX_REQUEST') && isset($_SERVER['CONTENT_LENGTH']) && ($_SERVER['CONTENT_LENGTH'] > fn_return_bytes($upload_max_filesize) || $_SERVER['CONTENT_LENGTH'] > fn_return_bytes($post_max_size))) {
        $max_size = fn_return_bytes($upload_max_filesize) < fn_return_bytes($post_max_size) ? $upload_max_filesize : $post_max_size;
        fn_set_notification('E', __('error'), __('text_forbidden_uploaded_file_size', array('[size]' => $max_size)));
        fn_redirect($_SERVER['HTTP_REFERER']);
    }
    // If URL contains session ID, remove it
    if (!defined('AJAX_REQUEST') && !empty($_REQUEST[Session::getName()]) && $_SERVER['REQUEST_METHOD'] == 'GET') {
        fn_redirect(fn_query_remove(Registry::get('config.current_url'), Session::getName()));
    }
    // If demo mode is enabled, check permissions FIX ME - why did we need one more user login check?
    if ($area == 'A') {
        if (Registry::get('config.demo_mode') == true) {
            $run_controllers = fn_check_permissions($controller, $mode, 'demo');
            if ($run_controllers == false) {
                fn_set_notification('W', __('demo_mode'), __('demo_mode_content_text'), 'K', 'demo_mode');
                if (defined('AJAX_REQUEST')) {
                    exit;
                }
                fn_delete_notification('changes_saved');
                $status = CONTROLLER_STATUS_REDIRECT;
                $_REQUEST['redirect_url'] = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : fn_url('');
            }
        } else {
            $run_controllers = fn_check_permissions($controller, $mode, 'admin', '', $_REQUEST);
            if ($run_controllers == false) {
                if (defined('AJAX_REQUEST')) {
                    $_info = Debugger::isActive() || fn_is_development() ? ' ' . $controller . '.' . $mode : '';
                    fn_set_notification('W', __('warning'), __('access_denied') . $_info);
                    exit;
                }
                $status = CONTROLLER_STATUS_DENIED;
            }
        }
    }
    if ($_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
        if ($area == 'A' && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) {
            if (!defined('HTTPS') && Registry::get('settings.Security.secure_admin') == 'Y') {
                fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
            } elseif (defined('HTTPS') && Registry::get('settings.Security.secure_admin') != 'Y') {
                fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'));
            }
        } elseif ($area == 'C') {
            $secure_controllers = fn_get_secure_controllers();
            // if we are not on https but controller is secure, redirect to https
            if (!defined('HTTPS') && (Registry::get('settings.Security.secure_storefront') == 'full' || isset($secure_controllers[$controller]) && $secure_controllers[$controller] == 'active')) {
                fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'), false, true);
            }
            // if we are on https and the controller is insecure, redirect to http
            if (defined('HTTPS') && Registry::get('settings.Security.secure_storefront') != 'full' && !isset($secure_controllers[$controller]) && Registry::get('settings.Security.keep_https') != 'Y') {
                fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'), false, true);
            }
        }
    }
    LastView::instance()->prepare($_REQUEST);
    $controllers_cascade = array();
    $controllers_list = array('init');
    if ($run_controllers == true) {
        $controllers_list[] = $controller;
        $controllers_list = array_unique($controllers_list);
    }
    foreach ($controllers_list as $ctrl) {
        $core_controllers = fn_init_core_controllers($ctrl);
        list($addon_controllers) = fn_init_addon_controllers($ctrl);
        if (empty($core_controllers) && empty($addon_controllers)) {
            //$controllers_cascade = array(); // FIXME: controllers_cascade contains INIT. We should not clear initiation code.
            $status = CONTROLLER_STATUS_NO_PAGE;
            $run_controllers = false;
            break;
        }
        if (count($core_controllers) + count($addon_controllers) > 1) {
            throw new DeveloperException('Duplicate controller ' . $controller . var_export(array_merge($core_controllers, $addon_controllers), true));
        }
        $core_pre_controllers = fn_init_core_controllers($ctrl, GET_PRE_CONTROLLERS);
        $core_post_controllers = fn_init_core_controllers($ctrl, GET_POST_CONTROLLERS);
        list($addon_pre_controllers) = fn_init_addon_controllers($ctrl, GET_PRE_CONTROLLERS);
        list($addon_post_controllers, $addons) = fn_init_addon_controllers($ctrl, GET_POST_CONTROLLERS);
        // we put addon post-controller to the top of post-controller cascade if current addon serves this request
        if (count($addon_controllers)) {
            $addon_post_controllers = fn_reorder_post_controllers($addon_post_controllers, $addon_controllers[0]);
        }
        $controllers_cascade = array_merge($controllers_cascade, $addon_pre_controllers, $core_pre_controllers, $core_controllers, $addon_controllers, $core_post_controllers, $addon_post_controllers);
        if (empty($controllers_cascade)) {
            throw new DeveloperException("No controllers for: {$ctrl}");
        }
    }
    if ($mode == 'add') {
        $tpl = 'update.tpl';
    } elseif (strpos($mode, 'add_') === 0) {
        $tpl = str_replace('add_', 'update_', $mode) . '.tpl';
    } else {
        $tpl = $mode . '.tpl';
    }
    $view = Registry::get('view');
    if ($view->templateExists('views/' . $controller . '/' . $tpl)) {
        // try to find template in base views
        $view->assign('content_tpl', 'views/' . $controller . '/' . $tpl);
    } elseif (defined('LOADED_ADDON_PATH') && $view->templateExists('addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl)) {
        // try to find template in addon views
        $view->assign('content_tpl', 'addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl);
    } elseif (!empty($addons)) {
        // try to find template in addon views that extend base views
        foreach ($addons as $addon => $_v) {
            if ($view->templateExists('addons/' . $addon . '/views/' . $controller . '/' . $tpl)) {
                $view->assign('content_tpl', 'addons/' . $addon . '/views/' . $controller . '/' . $tpl);
                break;
            }
        }
    }
    /**
     * Performs actions after template assignment and before controller run
     *
     * @param string $controller          controller name
     * @param string $mode                controller mode name
     * @param string $area                current working area
     * @param array  $controllers_cascade list of controllers to run
     */
    fn_set_hook('dispatch_assign_template', $controller, $mode, $area, $controllers_cascade);
    foreach ($controllers_cascade as $item) {
        $_res = fn_run_controller($item, $controller, $mode, $action, $dispatch_extra);
        // 0 - status, 1 - url
        $url = !empty($_res[1]) ? $_res[1] : '';
        $external = !empty($_res[2]) ? $_res[2] : false;
        $permanent = !empty($_res[3]) ? $_res[3] : false;
        // Status could be changed only if we allow to run controllers despite of init controller
        if ($run_controllers == true) {
            $status = !empty($_res[0]) ? $_res[0] : CONTROLLER_STATUS_OK;
        }
        if ($status == CONTROLLER_STATUS_OK && !empty($url)) {
            $redirect_url = $url;
        } elseif ($status == CONTROLLER_STATUS_REDIRECT && !empty($url)) {
            $redirect_url = $url;
            break;
        } elseif ($status == CONTROLLER_STATUS_DENIED || $status == CONTROLLER_STATUS_NO_PAGE) {
            break;
        }
    }
    LastView::instance()->init($_REQUEST);
    // In console mode, just stop here
    if (defined('CONSOLE')) {
        $notifications = fn_get_notifications();
        $exit_code = 0;
        foreach ($notifications as $n) {
            fn_echo('[' . $n['title'] . '] ' . $n['message'] . "\n");
            if ($n['type'] == 'E') {
                $exit_code = 1;
            }
        }
        exit($exit_code);
    }
    if (!empty($auth['this_login']) && Registry::ifGet($auth['this_login'], 'N') === 'Y') {
        fn_set_notification('E', __('error'), __(ACCOUNT_TYPE . LOGIN_STATUS_USER_DISABLED));
        $status = CONTROLLER_STATUS_DENIED;
    }
    // [Block manager]
    // block manager is disabled for vendors.
    if (!(fn_allowed_for('MULTIVENDOR') && Registry::get('runtime.company_id') || fn_allowed_for('ULTIMATE') && !Registry::get('runtime.company_id'))) {
        if (fn_check_permissions('block_manager', 'manage', 'admin')) {
            $dynamic_object = SchemesManager::getDynamicObject($_REQUEST['dispatch'], $area, $_REQUEST);
            if (!empty($dynamic_object)) {
                if ($area == 'A' && Registry::get('runtime.mode') != 'add' && !empty($_REQUEST[$dynamic_object['key']])) {
                    $object_id = $_REQUEST[$dynamic_object['key']];
                    $location = Location::instance()->get($dynamic_object['customer_dispatch'], $dynamic_object, CART_LANGUAGE);
                    if (!empty($location) && $location['is_default'] != 1) {
                        $params = array('dynamic_object' => array('object_type' => $dynamic_object['object_type'], 'object_id' => $object_id), $dynamic_object['key'] => $object_id, 'manage_url' => Registry::get('config.current_url'));
                        Registry::set('navigation.tabs.blocks', array('title' => __('layouts'), 'href' => 'block_manager.manage_in_tab?' . http_build_query($params), 'ajax' => true));
                    }
                }
            }
        }
    }
    // [/Block manager]
    // Redirect if controller returned successful/redirect status only
    if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($_REQUEST['redirect_url']) && !$external) {
        $redirect_url = $_REQUEST['redirect_url'];
    }
    // If controller returns "Redirect" status, check if redirect url exists
    if ($status == CONTROLLER_STATUS_REDIRECT && empty($redirect_url)) {
        $status = CONTROLLER_STATUS_NO_PAGE;
    }
    // In backend show "changes saved" notification
    if ($area == 'A' && $_SERVER['REQUEST_METHOD'] == 'POST' && in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT))) {
        if (strpos($mode, 'update') !== false && $mode != 'update_status' && $mode != 'update_mode' && !fn_notification_exists('extra', 'demo_mode') && !fn_notification_exists('type', 'E')) {
            fn_set_notification('N', __('notice'), __('text_changes_saved'), 'I', 'changes_saved');
        }
    }
    // Attach params and redirect if needed
    if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($redirect_url)) {
        if (!isset($_REQUEST['return_to_list'])) {
            $params = array('page', 'selected_section', 'active_tab');
            $url_params = array();
            foreach ($params as $param) {
                if (!empty($_REQUEST[$param])) {
                    $url_params[$param] = $_REQUEST[$param];
                }
            }
            if (!empty($url_params)) {
                $redirect_url = fn_link_attach($redirect_url, http_build_query($url_params));
            }
        }
        if (!isset($external)) {
            $external = false;
        }
        if (!isset($permanent)) {
            $permanent = false;
        }
        fn_redirect($redirect_url, $external, $permanent);
    }
    if (!$view->getTemplateVars('content_tpl') && $status == CONTROLLER_STATUS_OK) {
        // FIXME
        $status = CONTROLLER_STATUS_NO_PAGE;
    }
    if ($status != CONTROLLER_STATUS_OK) {
        if ($status == CONTROLLER_STATUS_NO_PAGE) {
            if ($area == 'A' && empty($auth['user_id'])) {
                // If admin is not logged in redirect to login page from not found page
                fn_set_notification('W', __('page_not_found'), __('page_not_found_text'));
                fn_redirect("auth.login_form");
            }
            header(' ', true, 404);
        }
        $view->assign('exception_status', $status);
        if ($area == 'A') {
            $view->assign('content_tpl', 'exception.tpl');
            // for backend only
        }
        if ($status == CONTROLLER_STATUS_DENIED) {
            $view->assign('page_title', __('access_denied'));
        } elseif ($status == CONTROLLER_STATUS_NO_PAGE) {
            $view->assign('page_title', __('page_not_found'));
        }
    }
    fn_set_hook('dispatch_before_display');
    Debugger::checkpoint('Before TPL');
    // Pass current URL to ajax response only if we render whole page
    if (defined('AJAX_REQUEST') && Registry::get('runtime.root_template') == 'index.tpl') {
        Registry::get('ajax')->assign('current_url', fn_url(Registry::get('config.current_url'), $area, 'current'));
    }
    Registry::get('view')->display(Registry::get('runtime.root_template'));
    Debugger::checkpoint('After TPL');
    Debugger::display();
    fn_set_hook('complete');
    if (defined('AJAX_REQUEST')) {
        // HHVM workaround. Destroy Ajax object manually if it has been created.
        $ajax = Registry::get('ajax');
        $ajax = null;
    }
    exit;
    // stop execution
}
예제 #19
0
/**
 * Add/update user
 *
 * @param int $user_id - user ID to update (empty for new user)
 * @param array $user_data - user data
 * @param array $auth - authentication information
 * @param bool $ship_to_another - flag indicates that shipping and billing fields are different
 * @param bool $notify_customer - flag indicates that customer should be notified
 * @param bool $send_password - TRUE if the password should be included into the e-mail
 * @return array with user ID and profile ID if success, false otherwise
 */
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_customer, $send_password = false)
{
    if (!empty($user_id)) {
        $current_user_data = db_get_row("SELECT user_id, company_id, status, user_type, user_login, lang_code, password, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
        $action = 'update';
    } else {
        $current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
        $action = 'add';
        $user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
        $user_data['timestamp'] = TIME;
    }
    $original_password = '';
    $current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
    // Set the user type
    $user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
    if (defined('COMPANY_ID') && ($user_data['user_type'] != 'A' || isset($current_user_data['company_id']) && $current_user_data['company_id'] != COMPANY_ID)) {
        fn_save_post_data();
        fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('access_denied'));
        return false;
    }
    // Check if this user needs login/password
    if (fn_user_need_login($user_data['user_type'])) {
        // Check if user_login already exists
        $is_exist = db_get_field("SELECT user_id FROM ?:users WHERE (email = ?s ?p) AND user_id != ?i", $user_data['email'], empty($user_data['user_login']) ? '' : db_quote(" OR user_login = ?s", $user_data['user_login']), $user_id);
        if ($is_exist) {
            fn_save_post_data();
            fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_user_exists'));
            return false;
        }
        // Check the passwords
        $original_password = $user_data['password1'];
        $user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
        $user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
        // if the passwords are not set and this is not a forced password check
        // we will not update password, otherwise let's check password
        if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
            $valid_passwords = true;
            if ($user_data['password1'] != $user_data['password2']) {
                $valid_passwords = false;
                fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_passwords_dont_match'));
            }
            // PCI DSS Compliance
            if ($user_data['user_type'] == 'A') {
                $msg = array();
                // Check password length
                $min_length = Registry::get('settings.Security.min_admin_password_length');
                if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
                    $valid_passwords = false;
                    $msg[] = str_replace("[number]", $min_length, fn_get_lang_var('error_password_min_symbols'));
                }
                // Check password content
                if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
                    $tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
                    if (!$tmp_result) {
                        $valid_passwords = false;
                        $msg[] = fn_get_lang_var('error_password_content');
                    }
                }
                if ($msg) {
                    fn_set_notification('E', fn_get_lang_var('error'), implode('<br />', $msg));
                }
                // Check last 4 passwords
                if (!empty($user_id)) {
                    $prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
                    if (!empty($_SESSION['auth']['forced_password_change'])) {
                        // if forced password change - new password can't be equal to current password.
                        $prev_passwords[] = $current_user_data['password'];
                    }
                    if (in_array(md5($user_data['password1']), $prev_passwords) || in_array(md5($user_data['password2']), $prev_passwords)) {
                        $valid_passwords = false;
                        fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_password_was_used'));
                    } else {
                        if (count($prev_passwords) >= 5) {
                            array_shift($prev_passwords);
                        }
                        $user_data['last_passwords'] = implode(',', $prev_passwords);
                    }
                }
            }
            // PCI DSS Compliance
            if (!$valid_passwords) {
                fn_save_post_data();
                return false;
            }
            $user_data['password'] = md5($user_data['password1']);
            if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
                // if user set current password - there is no necessity to update password_change_timestamp
                $user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
            }
            unset($_SESSION['auth']['forced_password_change']);
            fn_delete_notification('password_expire');
        }
    }
    $user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
    // only administrator can change user status
    // Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
    if (AREA != 'A') {
        Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
    } else {
        $address_zone = 'b';
    }
    if (!empty($user_data['firstname']) || !empty($user_data[$address_zone . '_firstname'])) {
        $user_data['firstname'] = empty($user_data['firstname']) && !empty($user_data[$address_zone . '_firstname']) ? $user_data[$address_zone . '_firstname'] : $user_data['firstname'];
    }
    if (!empty($user_data['lastname']) || !empty($user_data[$address_zone . '_lastname'])) {
        $user_data['lastname'] = empty($user_data['lastname']) && !empty($user_data[$address_zone . '_lastname']) ? $user_data[$address_zone . '_lastname'] : $user_data['lastname'];
    }
    if (!empty($user_data['phone']) || !empty($user_data[$address_zone . '_phone'])) {
        $user_data['phone'] = empty($user_data['phone']) && !empty($user_data[$address_zone . '_phone']) ? $user_data[$address_zone . '_phone'] : $user_data['phone'];
    }
    // reset company_id for root admin
    if ($user_id == 1) {
        $user_data['company_id'] = 0;
    }
    if (!empty($user_id)) {
        db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
        fn_log_event('users', 'update', array('user_id' => $user_id));
    } else {
        $user_id = db_query("INSERT INTO ?:users ?e", $user_data);
        fn_log_event('users', 'create', array('user_id' => $user_id));
    }
    $user_data['user_id'] = $user_id;
    // Set/delete insecure password notification
    if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['user_login']) && !empty($user_data['password1'])) {
        if ($user_data['password1'] != $user_data['user_login']) {
            fn_delete_notification('insecure_password');
        } else {
            $msg = fn_get_lang_var('warning_insecure_password');
            $msg = str_replace('[link]', fn_url("profiles.update?user_id=" . $user_id), $msg);
            fn_set_notification('E', fn_get_lang_var('warning'), $msg, true, 'insecure_password');
        }
    }
    if (empty($user_data['user_login'])) {
        // if we're using email as login or user type does not require login, fill login field
        db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
    }
    // Fill shipping info with billing if needed
    if (empty($ship_to_another)) {
        $profile_fields = fn_get_profile_fields($user_data['user_type']);
        $use_default = AREA == 'A' ? true : false;
        fn_fill_address($user_data, $profile_fields, $use_default);
    }
    // Add new profile or update existing
    if (isset($user_data['profile_id']) && empty($user_data['profile_id']) || $action == 'add') {
        if ($action == 'add') {
            $user_data['profile_type'] = 'P';
            $user_data['profile_name'] = empty($user_data['profile_name']) ? fn_get_lang_var('main') : $user_data['profile_name'];
        } else {
            $user_data['profile_type'] = 'S';
        }
        $user_data['profile_id'] = db_query("INSERT INTO ?:user_profiles ?e", $user_data);
    } else {
        if (empty($user_data['profile_id'])) {
            $user_data['profile_id'] = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_id);
        }
        db_query("UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i", $user_data, $user_data['profile_id']);
    }
    // Add/Update additional fields
    fn_store_profile_fields($user_data, array('U' => $user_id, 'P' => $user_data['profile_id']), 'UP');
    $user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
    $lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
    Registry::get('view_mail')->assign('password', $original_password);
    Registry::get('view_mail')->assign('send_password', $send_password);
    Registry::get('view_mail')->assign('user_data', $user_data);
    // Send notifications to customer
    if (!empty($notify_customer)) {
        // Notify customer about profile activation (when update profile only)
        if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
            fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/profile_activated_subj.tpl', 'profiles/profile_activated.tpl', '', $lang_code);
        }
        // Notify customer about profile add/update
        if ($action == 'add') {
            fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
            fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
        } else {
            fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
            fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
        }
    }
    if ($action == 'add') {
        $skip_auth = false;
        if (AREA != 'A') {
            if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
                fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_should_be_approved'));
                // Notify administrator about new profile
                fn_send_mail(Registry::get('settings.Company.company_users_department'), Registry::get('settings.Company.company_users_department'), 'profiles/activate_profile_subj.tpl', 'profiles/activate_profile.tpl', '', Registry::get('settings.Appearance.admin_default_language'), $user_data['email']);
                $skip_auth = true;
            } else {
                fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
            }
        } else {
            fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
        }
        if (!is_null($auth)) {
            if (!empty($auth['order_ids'])) {
                db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
            }
            if (empty($skip_auth)) {
                $auth = fn_fill_auth($user_data);
            }
        }
    } else {
        fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_updated'));
    }
    fn_set_hook('update_profile', $action, $user_data, $current_user_data);
    return array($user_id, $user_data['profile_id']);
}