/**
* Check if RUB currency is active and used as a primary.
*
* @param mixed $new_value New values of shipping_edost_enabled setting
* @param mixed $old_value Old values of shipping_edost_enabled setting
*/
function fn_settings_actions_shippings_edost_enabled(&$new_value, $old_value)
{
$currencies = Registry::get('currencies');
if ($new_value == 'Y' && (empty($currencies[CURRENCY_RUB]) || $currencies[CURRENCY_RUB]['is_primary'] == 'N')) {
fn_delete_notification('changes_saved');
fn_set_notification('E', __('warning'), __('edost_activation_error'));
$new_value = 'N';
}
}
public function update($id, $params)
{
$data = array();
$status = Response::STATUS_BAD_REQUEST;
unset($params['category_id']);
$lang_code = $this->safeGet($params, 'lang_code', DEFAULT_LANGUAGE);
$category_id = fn_update_category($params, $id, $lang_code);
$this->prepareImages($params, $id);
$updated = fn_attach_image_pairs('category_main', 'category', $id, DESCR_SL);
if ($category_id || $updated) {
if ($updated && fn_notification_exists('extra', '404')) {
fn_delete_notification('404');
}
$status = Response::STATUS_OK;
$data = array('category_id' => $id);
}
return array('status' => $status, 'data' => $data);
}
function fn_hybrid_auth_link($user_data, $auth_data, $provider)
{
if (empty($user_data['user_id'])) {
fn_hybrid_auth_link_provider($user_data['user_id'], $auth_data->identifier, $provider);
}
$user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
$redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : fn_url();
if ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', __('error'), __('error_account_disabled'));
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
fn_set_notification('W', __('warning'), __('hybrid_auth.cant_create_profile'));
}
return $redirect_url;
}
if (AREA != 'A') {
fn_add_breadcrumb(__('recover_password'));
}
Registry::get('view')->assign('view_mode', 'simple');
}
if ($mode == 'ekey_login') {
$ekey = !empty($_REQUEST['ekey']) ? $_REQUEST['ekey'] : '';
$redirect_url = fn_url();
$result = fn_recover_password_login($ekey);
if (!is_null($result)) {
if ($result === LOGIN_STATUS_USER_NOT_FOUND || $result === LOGIN_STATUS_USER_DISABLED) {
$redirect_url = fn_url();
} elseif ($result === false) {
$redirect_url = fn_url();
} else {
fn_delete_notification('notice_text_change_password');
if (!empty($_REQUEST['redirect_url'])) {
$redirect_url = $_REQUEST['redirect_url'];
if (strpos($redirect_url, '://') === false) {
$redirect_url = 'http://' . $redirect_url;
}
} else {
$redirect_url = fn_url();
}
}
}
fn_redirect($redirect_url, true);
}
//
// Display login form in the mainbox
//
}
return array(CONTROLLER_STATUS_REDIRECT, fn_query_remove(REAL_URL, 'skey'));
}
// UK Cookies Law
if (Registry::get('settings.Security.uk_cookies_law') == 'Y') {
if (!empty($_REQUEST['cookies_accepted']) && $_REQUEST['cookies_accepted'] == 'Y') {
Tygh::$app['session']['cookies_accepted'] = true;
}
if (!defined('AJAX_REQUEST') && empty(Tygh::$app['session']['cookies_accepted'])) {
$url = fn_link_attach(Registry::get('config.current_url'), 'cookies_accepted=Y');
$url = str_replace('&', '&', $url);
$text = __('uk_cookies_law', array('[url]' => $url));
fn_delete_notification('uk_cookies_law');
fn_set_notification('W', __('warning'), $text, 'K', 'uk_cookies_law');
} else {
fn_delete_notification('uk_cookies_law');
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
return;
}
//
// Check if store is closed
//
if (Registry::get('settings.General.store_mode') == 'Y') {
if (!empty($_REQUEST['store_access_key'])) {
Tygh::$app['session']['store_access_key'] = $_GET['store_access_key'];
}
if (!fn_check_permissions(Registry::get('runtime.controller'), Registry::get('runtime.mode'), 'trusted_controllers')) {
if (empty(Tygh::$app['session']['store_access_key']) || Tygh::$app['session']['store_access_key'] != Registry::get('settings.General.store_access_key')) {
if (defined('AJAX_REQUEST')) {
public function onSuccessPackageInstall()
{
fn_delete_notification('upgrade_center:core');
}
function fn_settings_actions_stores_share_users(&$new_value, $old_value)
{
$emails = fn_get_double_user_emails();
if (!empty($emails)) {
fn_delete_notification('changes_saved');
fn_set_notification('E', __('error'), __('ult_share_users_setting_disabled'));
$new_value = $old_value;
}
}
fn_set_notification('E', __('error'), __('text_allowed_to_upload_file_extension', array('[ext]' => implode(',', Registry::get('config.allowed_pack_exts')))));
} else {
$upgrade_pack = $upgrade_pack[0];
$app->uploadUpgradePack($upgrade_pack);
}
return array(CONTROLLER_STATUS_REDIRECT, 'upgrade_center.manage');
}
if ($mode == 'install') {
if (!empty($_REQUEST['change_ftp_settings'])) {
Log::instance($_REQUEST['id'])->add('Update FTP connection settings');
foreach ($_REQUEST['change_ftp_settings'] as $setting_name => $value) {
Settings::instance()->updateValue($setting_name, $value, '', true);
Registry::set('settings.Upgrade_center.' . $setting_name, $value);
}
}
fn_delete_notification('uc.timeout_check_success');
list($result, $data) = $app->install($_REQUEST['id'], $_REQUEST);
if ($result === UpgradeCenter::PACKAGE_INSTALL_RESULT_FAIL) {
$view = Tygh::$app['view'];
$view->assign('validation_result', $result);
$view->assign('validation_data', $data);
$view->assign('id', str_replace('.', '_', $_REQUEST['id']));
$view->assign('type', $_REQUEST['type']);
$view->assign('caption', __('continue'));
$view->assign('show_pre_upgrade_notice', false);
if (defined('AJAX_REQUEST')) {
Tygh::$app['ajax']->updateRequest();
}
$view->display('views/upgrade_center/components/notices.tpl');
$view->display('views/upgrade_center/components/install_button.tpl');
exit;
$connector = new TwigmoConnector();
$action = 'te';
$connector->authPage($action);
exit;
}
if ($mode == 'update' && $_REQUEST['addon'] == 'twigmo') {
if (!empty($_REQUEST['tw_settings'])) {
$company_id = fn_twg_get_current_company_id();
TwigmoSettings::set(array('customer_connections' => array($company_id => $_REQUEST['tw_settings'])));
}
return array(CONTROLLER_STATUS_REDIRECT, 'addons.update?addon=twigmo');
}
} elseif ($mode == 'update') {
if ($_REQUEST['addon'] == 'twigmo') {
if (!empty($_REQUEST['selected_section']) and $_REQUEST['selected_section'] == 'twigmo_addon') {
fn_delete_notification('twigmo_upgrade');
}
if (!fn_twg_is_updated()) {
fn_set_notification('W', __('notice'), __('twgadmin_reinstall'));
}
$company_id = fn_twg_get_current_company_id();
$view = Registry::get('view');
$view->assign('default_logo', TwigmoImage::getDefaultLogoUrl($company_id));
$urls = TwigmoConnector::getMobileScriptsUrls();
$view->assign('favicon', $urls['favicon']);
$view->assign('logo_object_id', $company_id * 10 + 1);
$view->assign('favicon_object_id', $company_id * 10 + 2);
$tw_register['version'] = TWIGMO_VERSION;
$view->assign('tw_register', $tw_register);
$view->assign('next_version_info', TwigmoUpgrade::getNextVersionInfo());
$view->assign('twg_is_connected', TwigmoConnector::anyFrontendIsConnected());
// PCI DSS Compliance
$auth['password_change_timestamp'] = !empty($auth['password_change_timestamp']) ? $auth['password_change_timestamp'] : 0;
$time_diff = TIME - $auth['password_change_timestamp'];
$expire = Registry::get('settings.Security.admin_password_expiration_period') * SECONDS_IN_DAY;
if (!isset($auth['first_expire_check'])) {
$auth['first_expire_check'] = true;
}
// Make user change the password if:
// - password has expired
// - this is the first admin's login and change_admin_password_on_first_login is enabled
// - this is the first vendor admin's login
if (empty($auth['password_change_timestamp']) && (Registry::get('settings.Security.change_admin_password_on_first_login') == 'Y' || !empty($auth['company_id'])) || $expire && $time_diff >= $expire) {
$_SESSION['auth']['forced_password_change'] = true;
if ($auth['first_expire_check']) {
// we can redirect only on first check, else we can corrupt some admin's working processes ( such as ajax requests
fn_delete_notification('insecure_password');
$return_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : Registry::get('config.current_url');
return array(CONTROLLER_STATUS_REDIRECT, "auth.password_change?return_url=" . urlencode($return_url));
} else {
if (!fn_notification_exists('E', 'password_expire')) {
fn_set_notification('E', fn_get_lang_var('warning'), str_replace('[link]', fn_url('profiles.update', 'A'), fn_get_lang_var('error_password_expired_change')), true, 'password_expire');
}
}
} else {
$auth['first_expire_check'] = false;
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
return;
}
// Get base menu
function fn_specific_development_before_login($request, $redirect_url)
{
if (!empty($request['token'])) {
$auth =& $auth;
$_request = array();
$_request[] = 'apiKey=' . Registry::get('addons.specific_development.apikey');
$_request[] = 'token=' . $request['token'];
list($header, $_result) = fn_https_request('POST', 'https://rpxnow.com/api/v2/auth_info', $_request);
$data = fn_from_json($_result, true);
if (isset($data['stat']) && $data['stat'] == 'ok') {
$user_data = array();
$user_data = db_get_row('SELECT user_id, password FROM ?:users WHERE janrain_identifier = ?s', md5($data['profile']['identifier']));
if (empty($user_data['user_id'])) {
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
$user_data = array();
$user_data['janrain_identifier'] = md5($data['profile']['identifier']);
$user_data['email'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_login'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_type'] = 'C';
$user_data['is_root'] = 'N';
$user_data['password1'] = $user_data['password2'] = '';
$user_data['title'] = 'mr';
$user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
$user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, false, false);
}
$user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
if ($user_status == LOGIN_STATUS_OK) {
if (empty($user_data['password'])) {
$subscriber = db_get_row("SELECT * FROM ?:subscribers WHERE email = ?s", $user_data['email']);
if (empty($subscriber)) {
$c_data = array('email' => $user_data['email'], 'timestamp' => TIME);
$subscriber_id = db_query("INSERT INTO ?:subscribers ?e", $c_data);
$_data['subscriber_id'] = $subscriber_id;
$_data['list_id'] = "1";
$_data['timestamp'] = TIME;
$_data['activation_key'] = md5(uniqid(rand()));
$_data['unsubscribe_key'] = md5(uniqid(rand()));
db_query("INSERT INTO ?:user_mailing_lists ?e", $_data);
} else {
$subscriber_id = $subscriber['subscriber_id'];
}
$redirect_url = 'checkout.checkout&edit_step=step_two&from_step=step_one';
} else {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
} elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
fn_save_post_data();
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('janrain_cant_create_profile'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
fn_delete_user($user_data['user_id']);
}
unset($request['token']);
} elseif (empty($_REQUEST['user_login']) || empty($_REQUEST['password'])) {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
}
/**
* Add/update user
*
* @param int $user_id - user ID to update (empty for new user)
* @param array $user_data - user data
* @param array $auth - authentication information
* @param bool $ship_to_another - flag indicates that shipping and billing fields are different
* @param bool $notify_user - flag indicates that user should be notified
* @return array with user ID and profile ID if success, false otherwise
*/
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_user)
{
/**
* Actions before updating user
*
* @param int $user_id User ID to update (empty for new user)
* @param array $user_data User data
* @param array $auth Authentication information
* @param bool $ship_to_another Flag indicates that shipping and billing fields are different
* @param bool $notify_user Flag indicates that user should be notified
*/
fn_set_hook('update_user_pre', $user_id, $user_data, $auth, $ship_to_another, $notify_user);
array_walk($user_data, 'fn_trim_helper');
$register_at_checkout = isset($user_data['register_at_checkout']) && $user_data['register_at_checkout'] == 'Y' ? true : false;
if (fn_allowed_for('ULTIMATE')) {
if (AREA == 'A' && !empty($user_data['user_type']) && $user_data['user_type'] == 'C' && (empty($user_data['company_id']) || Registry::get('runtime.company_id') && $user_data['company_id'] != Registry::get('runtime.company_id'))) {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
}
if (!empty($user_id)) {
$current_user_data = db_get_row("SELECT user_id, company_id, is_root, status, user_type, user_login, lang_code, password, salt, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
if (empty($current_user_data)) {
fn_set_notification('E', __('error'), __('object_not_found', array('[object]' => __('user'))), '', '404');
return false;
}
if (!fn_check_editable_permissions($auth, $current_user_data)) {
fn_set_notification('E', __('error'), __('access_denied'));
return false;
}
if (!empty($user_data['profile_id']) && AREA != 'A') {
$profile_ids = db_get_fields("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i", $user_id);
if (!in_array($user_data['profile_id'], $profile_ids)) {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
}
if (fn_allowed_for('ULTIMATE')) {
if (AREA != 'A' || empty($user_data['company_id'])) {
//we should set company_id for the frontdend, in the backend company_id received from form
if ($current_user_data['user_type'] == 'A') {
if (!isset($user_data['company_id']) || AREA != 'A' || Registry::get('runtime.company_id')) {
// reset administrator's company if it was not set to root
$user_data['company_id'] = $current_user_data['company_id'];
}
} elseif (Registry::get('settings.Stores.share_users') == 'Y') {
$user_data['company_id'] = $current_user_data['company_id'];
} else {
$user_data['company_id'] = Registry::ifGet('runtime.company_id', 1);
}
}
}
if (fn_allowed_for('MULTIVENDOR')) {
if (AREA != 'A') {
//we should set company_id for the frontend
$user_data['company_id'] = $current_user_data['company_id'];
}
}
$action = 'update';
} else {
$current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
if (fn_allowed_for('ULTIMATE')) {
if (!empty($user_data['company_id']) || Registry::get('runtime.company_id') || AREA == 'A') {
//company_id can be received when we create user account from the backend
$company_id = !empty($user_data['company_id']) ? $user_data['company_id'] : Registry::get('runtime.company_id');
if (empty($company_id)) {
$company_id = fn_check_user_type_admin_area($user_data['user_type']) ? $user_data['company_id'] : fn_get_default_company_id();
}
$user_data['company_id'] = $current_user_data['company_id'] = $company_id;
} else {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
}
$action = 'add';
$user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
$user_data['timestamp'] = TIME;
}
$original_password = '';
$current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
$current_user_data['salt'] = !empty($current_user_data['salt']) ? $current_user_data['salt'] : '';
// Set the user type
$user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
if (Registry::get('runtime.company_id') && !fn_allowed_for('ULTIMATE') && (!fn_check_user_type_admin_area($user_data['user_type']) || isset($current_user_data['company_id']) && $current_user_data['company_id'] != Registry::get('runtime.company_id'))) {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
// Check if this user needs login/password
if (fn_user_need_login($user_data['user_type'])) {
// Check if user_login already exists
// FIXME
if (!isset($user_data['email'])) {
$user_data['email'] = db_get_field("SELECT email FROM ?:users WHERE user_id = ?i", $user_id);
}
$is_exist = fn_is_user_exists($user_id, $user_data);
if ($is_exist) {
fn_set_notification('E', __('error'), __('error_user_exists'), '', 'user_exist');
return false;
}
// Check the passwords
if (!empty($user_data['password1']) || !empty($user_data['password2'])) {
$original_password = trim($user_data['password1']);
$user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
$user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
}
// if the passwords are not set and this is not a forced password check
// we will not update password, otherwise let's check password
if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
$valid_passwords = true;
if ($user_data['password1'] != $user_data['password2']) {
$valid_passwords = false;
fn_set_notification('E', __('error'), __('error_passwords_dont_match'));
}
// PCI DSS Compliance
if (fn_check_user_type_admin_area($user_data['user_type'])) {
$msg = array();
// Check password length
$min_length = Registry::get('settings.Security.min_admin_password_length');
if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
$valid_passwords = false;
$msg[] = str_replace("[number]", $min_length, __('error_password_min_symbols'));
}
// Check password content
if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
$tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
if (!$tmp_result) {
$valid_passwords = false;
$msg[] = __('error_password_content');
}
}
if ($msg) {
fn_set_notification('E', __('error'), implode('<br />', $msg));
}
// Check last 4 passwords
if (!empty($user_id)) {
$prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
if (!empty($_SESSION['auth']['forced_password_change'])) {
// if forced password change - new password can't be equal to current password.
$prev_passwords[] = $current_user_data['password'];
}
if (in_array(fn_generate_salted_password($user_data['password1'], $current_user_data['salt']), $prev_passwords)) {
$valid_passwords = false;
fn_set_notification('E', __('error'), __('error_password_was_used'));
} else {
if (count($prev_passwords) >= 5) {
array_shift($prev_passwords);
}
$user_data['last_passwords'] = implode(',', $prev_passwords);
}
}
}
// PCI DSS Compliance
if (!$valid_passwords) {
return false;
}
$user_data['salt'] = fn_generate_salt();
$user_data['password'] = fn_generate_salted_password($user_data['password1'], $user_data['salt']);
if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
// if user set current password - there is no necessity to update password_change_timestamp
$user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
}
unset($_SESSION['auth']['forced_password_change']);
fn_delete_notification('password_expire');
}
}
$user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
// only administrator can change user status
// Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
if (AREA == 'A' || Registry::get('settings.Checkout.address_position') == 'billing_first') {
$main_address_zone = BILLING_ADDRESS_PREFIX;
$alt_address_zone = SHIPPING_ADDRESS_PREFIX;
} else {
$main_address_zone = SHIPPING_ADDRESS_PREFIX;
$alt_address_zone = BILLING_ADDRESS_PREFIX;
}
$user_data = fn_fill_contact_info_from_address($user_data, $main_address_zone, $alt_address_zone);
if (!fn_allowed_for('ULTIMATE')) {
//for ult company_id was set before
fn_set_company_id($user_data);
}
if (!empty($current_user_data['is_root']) && $current_user_data['is_root'] == 'Y') {
$user_data['is_root'] = 'Y';
} else {
$user_data['is_root'] = 'N';
}
// check if it is a root admin
$is_root_admin_exists = db_get_field("SELECT user_id FROM ?:users WHERE company_id = ?i AND is_root = 'Y' AND user_id != ?i", $user_data['company_id'], !empty($user_id) ? $user_id : 0);
$user_data['is_root'] = empty($is_root_admin_exists) && $user_data['user_type'] !== 'C' ? 'Y' : 'N';
unset($user_data['user_id']);
if (!empty($user_id)) {
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
fn_clean_usergroup_links($user_id, $current_user_data['user_type'], $user_data['user_type']);
fn_log_event('users', 'update', array('user_id' => $user_id));
} else {
if (!isset($user_data['password_change_timestamp'])) {
$user_data['password_change_timestamp'] = 1;
}
$user_id = db_query("INSERT INTO ?:users ?e", $user_data);
fn_log_event('users', 'create', array('user_id' => $user_id));
}
$user_data['user_id'] = $user_id;
// Set/delete insecure password notification
if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['password1'])) {
if (!fn_compare_login_password($user_data, $user_data['password1'])) {
fn_delete_notification('insecure_password');
} else {
$lang_var = 'warning_insecure_password_email';
fn_set_notification('E', __('warning'), __($lang_var, array('[link]' => fn_url("profiles.update?user_id=" . $user_id))), 'K', 'insecure_password');
}
}
if (empty($user_data['user_login'])) {
// if we're using email as login or user type does not require login, fill login field
db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
}
// Fill shipping info with billing if needed
if (empty($ship_to_another)) {
$profile_fields = fn_get_profile_fields($user_data['user_type']);
$use_default = AREA == 'A' ? true : false;
fn_fill_address($user_data, $profile_fields, $use_default);
}
$user_data['profile_id'] = fn_update_user_profile($user_id, $user_data, $action);
$user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
if ($register_at_checkout) {
$user_data['register_at_checkout'] = 'Y';
}
$lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
if (!fn_allowed_for('ULTIMATE:FREE')) {
$user_data['usergroups'] = db_get_hash_array("SELECT lnk.link_id, lnk.usergroup_id, lnk.status, a.type, b.usergroup" . " FROM ?:usergroup_links as lnk" . " INNER JOIN ?:usergroups as a ON a.usergroup_id = lnk.usergroup_id AND a.status != 'D'" . " LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s" . " WHERE a.status = 'A' AND lnk.user_id = ?i AND lnk.status != 'D' AND lnk.status != 'F'", 'usergroup_id', $lang_code, $user_id);
}
// Send notifications to customer
if (!empty($notify_user)) {
$from = 'company_users_department';
if (fn_allowed_for('MULTIVENDOR')) {
// Vendor administrator's notification
// is sent from root users department
if ($user_data['user_type'] == 'V') {
$from = 'default_company_users_department';
}
}
// Notify customer about profile activation (when update profile only)
if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/profile_activated.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code);
}
// Notify customer about profile add/update
$prefix = $action == 'add' ? 'create' : 'update';
// Send password to user only if it was created by admin or vendor
if (AREA != 'C' && $auth['user_id'] != $user_id) {
$password = $original_password;
} else {
$password = null;
}
Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('password' => $password, 'user_data' => $user_data), 'tpl' => 'profiles/' . $prefix . '_profile.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code);
}
if ($action == 'add') {
if (AREA != 'A') {
if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
fn_set_notification('W', __('important'), __('text_profile_should_be_approved'));
// Notify administrator about new profile
Mailer::sendMail(array('to' => 'company_users_department', 'from' => 'company_users_department', 'reply_to' => $user_data['email'], 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/activate_profile.tpl', 'company_id' => $user_data['company_id']), 'A', Registry::get('settings.Appearance.backend_default_language'));
} else {
fn_set_notification('N', __('information'), __('text_profile_is_created'));
}
}
if (!is_null($auth)) {
if (!empty($auth['order_ids'])) {
db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
}
}
} else {
if (AREA == 'C') {
fn_set_notification('N', __('information'), __('text_profile_is_updated'));
}
}
fn_set_hook('update_profile', $action, $user_data, $current_user_data);
return array($user_id, !empty($user_data['profile_id']) ? $user_data['profile_id'] : false);
}
/**
* Callback after package installed
* @param $content_schema
* @param $information_schema
*/
public function onSuccessPackageInstall($content_schema, $information_schema)
{
fn_delete_notification($this->notification_key);
}
<?php
/***************************************************************************
* *
* Copyright (c) 2004 Simbirsk Technologies Ltd. All rights reserved. *
* *
* This is commercial software, only users who have purchased a valid *
* license and accept to the terms of the License Agreement can install *
* and use this program. *
* *
****************************************************************************
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
//
// $Id: index.php 7688 2009-07-10 05:58:05Z zeke $
//
if (!defined('AREA')) {
die('Access denied');
}
// Generate dashboard
if ($mode == 'index') {
$events = fn_get_recurring_events();
if (!fn_is_empty($events)) {
$msg = fn_get_lang_var('rb_have_events');
$msg = str_replace('[link]', fn_url("subscriptions.events"), $msg);
fn_delete_notification('rb_events');
fn_set_notification('N', fn_get_lang_var('notice'), $msg, true, 'rb_events');
}
}
$user_data['title'] = !empty($data['profile']['honorificPrefix']) ? $data['profile']['honorificPrefix'] : 'mr';
$user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
$user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, true, false);
}
$user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
if ($user_status == LOGIN_STATUS_OK) {
if (empty($user_data['password'])) {
fn_set_notification('W', __('warning'), __('janrain_need_update_profile'));
$redirect_url = 'profiles.update';
} else {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
}
} elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
fn_set_notification('W', __('warning'), __('janrain_cant_create_profile'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
}
}
unset($_REQUEST['token']);
} elseif (empty($_REQUEST['user_login']) || empty($_REQUEST['password'])) {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
}
if (!empty($redirect_url)) {
return array(CONTROLLER_STATUS_REDIRECT, !empty($redirect_url) ? $redirect_url : fn_url());
}
}
}
/**
* Update multiple posts at once
* @param array $posts posts data
* @return boolean always true
*/
function fn_update_discussion_posts($posts)
{
if (!empty($posts) && is_array($posts)) {
$threads = db_get_hash_single_array("SELECT post_id, thread_id FROM ?:discussion_posts WHERE post_id IN (?n)", array('post_id', 'thread_id'), array_keys($posts));
$messages_exist = db_get_fields("SELECT post_id FROM ?:discussion_messages WHERE post_id IN (?n)", array_keys($posts));
$rating_exist = db_get_fields("SELECT post_id FROM ?:discussion_rating WHERE post_id IN (?n)", array_keys($posts));
fn_delete_notification('company_access_denied');
foreach ($posts as $p_id => $data) {
db_query("UPDATE ?:discussion_posts SET ?u WHERE post_id = ?i", $data, $p_id);
if (in_array($p_id, $messages_exist)) {
db_query("UPDATE ?:discussion_messages SET ?u WHERE post_id = ?i", $data, $p_id);
} else {
$data['thread_id'] = $threads[$p_id];
$data['post_id'] = $p_id;
db_query("INSERT INTO ?:discussion_messages ?e", $data);
}
if (in_array($p_id, $rating_exist)) {
db_query("UPDATE ?:discussion_rating SET ?u WHERE post_id = ?i", $data, $p_id);
} else {
$data['thread_id'] = $threads[$p_id];
$data['post_id'] = $p_id;
db_query("INSERT INTO ?:discussion_rating ?e", $data);
}
}
}
return true;
}
}
if ($lc == false) {
fn_delete_notification('changes_saved');
}
}
if ($mode == 'install_from_po') {
$uploaded_data = fn_filter_uploaded_data('language_data', array('po', 'zip'));
if (!empty($uploaded_data['po_file']['path'])) {
$ext = fn_get_file_ext($uploaded_data['po_file']['name']);
if ($ext == 'po') {
$result = Languages::installLanguagePack($uploaded_data['po_file']['path']);
} else {
$result = Languages::installZipPack($uploaded_data['po_file']['path']);
}
if (!$result) {
fn_delete_notification('changes_saved');
}
}
}
if ($mode == 'install' && !empty($_REQUEST['pack'])) {
$pack_path = Registry::get('config.dir.lang_packs') . fn_basename($_REQUEST['pack']);
if (Languages::installCrowdinPack($pack_path, array())) {
return array(CONTROLLER_STATUS_OK, 'languages.manage');
} else {
return array(CONTROLLER_STATUS_OK, 'languages.manage?selected_section=available_languages');
}
}
if ($mode == 'delete_variable') {
LanguageValues::deleteVariables($_REQUEST['name']);
return array(CONTROLLER_STATUS_REDIRECT);
}
/**
* Dispathes the execution control to correct controller
*
* @return nothing
*/
function fn_dispatch($controller = '', $mode = '', $action = '', $dispatch_extra = '', $area = AREA)
{
Debugger::checkpoint('After init');
$auth = $_SESSION['auth'];
$controller = empty($controller) ? Registry::get('runtime.controller') : $controller;
$mode = empty($mode) ? Registry::get('runtime.mode') : $mode;
$action = empty($action) ? Registry::get('runtime.action') : $action;
$dispatch_extra = empty($dispatch_extra) ? Registry::get('runtime.dispatch_extra') : $dispatch_extra;
fn_set_hook('before_dispatch', $controller, $mode, $action, $dispatch_extra, $area);
$view = Registry::get('view');
$run_controllers = true;
$external = false;
$status = CONTROLLER_STATUS_NO_PAGE;
// CSRF protection
if (fn_is_csrf_protection_enabled($auth) && !fn_csrf_validate_request(array('server' => $_SERVER, 'request' => $_REQUEST, 'session' => $_SESSION, 'controller' => $controller, 'mode' => $mode, 'action' => $action, 'dispatch_extra' => $dispatch_extra, 'area' => $area, 'auth' => $auth))) {
fn_set_notification('E', __('error'), __('text_csrf_attack'));
fn_redirect(fn_url());
}
// If $config['http_host'] was different from the domain name, there was redirection to $config['http_host'] value.
if (strtolower(Registry::get('config.current_host')) != strtolower(REAL_HOST) && $_SERVER['REQUEST_METHOD'] == 'GET' && !defined('CONSOLE')) {
if (!empty($_SERVER['REDIRECT_URL'])) {
$qstring = $_SERVER['REDIRECT_URL'];
} else {
if (!empty($_SERVER['REQUEST_URI'])) {
$qstring = $_SERVER['REQUEST_URI'];
} else {
$qstring = Registry::get('config.current_url');
}
}
$curent_path = Registry::get('config.current_path');
if (!empty($curent_path) && strpos($qstring, $curent_path) === 0) {
$qstring = substr_replace($qstring, '', 0, fn_strlen($curent_path));
}
fn_redirect(Registry::get('config.current_location') . $qstring, false, true);
}
$upload_max_filesize = Bootstrap::getIniParam('upload_max_filesize');
$post_max_size = Bootstrap::getIniParam('post_max_size');
if (!defined('AJAX_REQUEST') && isset($_SERVER['CONTENT_LENGTH']) && ($_SERVER['CONTENT_LENGTH'] > fn_return_bytes($upload_max_filesize) || $_SERVER['CONTENT_LENGTH'] > fn_return_bytes($post_max_size))) {
$max_size = fn_return_bytes($upload_max_filesize) < fn_return_bytes($post_max_size) ? $upload_max_filesize : $post_max_size;
fn_set_notification('E', __('error'), __('text_forbidden_uploaded_file_size', array('[size]' => $max_size)));
fn_redirect($_SERVER['HTTP_REFERER']);
}
// If URL contains session ID, remove it
if (!defined('AJAX_REQUEST') && !empty($_REQUEST[Session::getName()]) && $_SERVER['REQUEST_METHOD'] == 'GET') {
fn_redirect(fn_query_remove(Registry::get('config.current_url'), Session::getName()));
}
// If demo mode is enabled, check permissions FIX ME - why did we need one more user login check?
if ($area == 'A') {
if (Registry::get('config.demo_mode') == true) {
$run_controllers = fn_check_permissions($controller, $mode, 'demo');
if ($run_controllers == false) {
fn_set_notification('W', __('demo_mode'), __('demo_mode_content_text'), 'K', 'demo_mode');
if (defined('AJAX_REQUEST')) {
exit;
}
fn_delete_notification('changes_saved');
$status = CONTROLLER_STATUS_REDIRECT;
$_REQUEST['redirect_url'] = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : fn_url('');
}
} else {
$run_controllers = fn_check_permissions($controller, $mode, 'admin', '', $_REQUEST);
if ($run_controllers == false) {
if (defined('AJAX_REQUEST')) {
$_info = Debugger::isActive() || fn_is_development() ? ' ' . $controller . '.' . $mode : '';
fn_set_notification('W', __('warning'), __('access_denied') . $_info);
exit;
}
$status = CONTROLLER_STATUS_DENIED;
}
}
}
if ($_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
if ($area == 'A' && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) {
if (!defined('HTTPS') && Registry::get('settings.Security.secure_admin') == 'Y') {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
} elseif (defined('HTTPS') && Registry::get('settings.Security.secure_admin') != 'Y') {
fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'));
}
} elseif ($area == 'C') {
$secure_controllers = fn_get_secure_controllers();
// if we are not on https but controller is secure, redirect to https
if (!defined('HTTPS') && (Registry::get('settings.Security.secure_storefront') == 'full' || isset($secure_controllers[$controller]) && $secure_controllers[$controller] == 'active')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'), false, true);
}
// if we are on https and the controller is insecure, redirect to http
if (defined('HTTPS') && Registry::get('settings.Security.secure_storefront') != 'full' && !isset($secure_controllers[$controller]) && Registry::get('settings.Security.keep_https') != 'Y') {
fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'), false, true);
}
}
}
LastView::instance()->prepare($_REQUEST);
$controllers_cascade = array();
$controllers_list = array('init');
if ($run_controllers == true) {
$controllers_list[] = $controller;
$controllers_list = array_unique($controllers_list);
}
foreach ($controllers_list as $ctrl) {
$core_controllers = fn_init_core_controllers($ctrl);
list($addon_controllers) = fn_init_addon_controllers($ctrl);
if (empty($core_controllers) && empty($addon_controllers)) {
//$controllers_cascade = array(); // FIXME: controllers_cascade contains INIT. We should not clear initiation code.
$status = CONTROLLER_STATUS_NO_PAGE;
$run_controllers = false;
break;
}
if (count($core_controllers) + count($addon_controllers) > 1) {
throw new DeveloperException('Duplicate controller ' . $controller . var_export(array_merge($core_controllers, $addon_controllers), true));
}
$core_pre_controllers = fn_init_core_controllers($ctrl, GET_PRE_CONTROLLERS);
$core_post_controllers = fn_init_core_controllers($ctrl, GET_POST_CONTROLLERS);
list($addon_pre_controllers) = fn_init_addon_controllers($ctrl, GET_PRE_CONTROLLERS);
list($addon_post_controllers, $addons) = fn_init_addon_controllers($ctrl, GET_POST_CONTROLLERS);
// we put addon post-controller to the top of post-controller cascade if current addon serves this request
if (count($addon_controllers)) {
$addon_post_controllers = fn_reorder_post_controllers($addon_post_controllers, $addon_controllers[0]);
}
$controllers_cascade = array_merge($controllers_cascade, $addon_pre_controllers, $core_pre_controllers, $core_controllers, $addon_controllers, $core_post_controllers, $addon_post_controllers);
if (empty($controllers_cascade)) {
throw new DeveloperException("No controllers for: {$ctrl}");
}
}
if ($mode == 'add') {
$tpl = 'update.tpl';
} elseif (strpos($mode, 'add_') === 0) {
$tpl = str_replace('add_', 'update_', $mode) . '.tpl';
} else {
$tpl = $mode . '.tpl';
}
$view = Registry::get('view');
if ($view->templateExists('views/' . $controller . '/' . $tpl)) {
// try to find template in base views
$view->assign('content_tpl', 'views/' . $controller . '/' . $tpl);
} elseif (defined('LOADED_ADDON_PATH') && $view->templateExists('addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl)) {
// try to find template in addon views
$view->assign('content_tpl', 'addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl);
} elseif (!empty($addons)) {
// try to find template in addon views that extend base views
foreach ($addons as $addon => $_v) {
if ($view->templateExists('addons/' . $addon . '/views/' . $controller . '/' . $tpl)) {
$view->assign('content_tpl', 'addons/' . $addon . '/views/' . $controller . '/' . $tpl);
break;
}
}
}
/**
* Performs actions after template assignment and before controller run
*
* @param string $controller controller name
* @param string $mode controller mode name
* @param string $area current working area
* @param array $controllers_cascade list of controllers to run
*/
fn_set_hook('dispatch_assign_template', $controller, $mode, $area, $controllers_cascade);
foreach ($controllers_cascade as $item) {
$_res = fn_run_controller($item, $controller, $mode, $action, $dispatch_extra);
// 0 - status, 1 - url
$url = !empty($_res[1]) ? $_res[1] : '';
$external = !empty($_res[2]) ? $_res[2] : false;
$permanent = !empty($_res[3]) ? $_res[3] : false;
// Status could be changed only if we allow to run controllers despite of init controller
if ($run_controllers == true) {
$status = !empty($_res[0]) ? $_res[0] : CONTROLLER_STATUS_OK;
}
if ($status == CONTROLLER_STATUS_OK && !empty($url)) {
$redirect_url = $url;
} elseif ($status == CONTROLLER_STATUS_REDIRECT && !empty($url)) {
$redirect_url = $url;
break;
} elseif ($status == CONTROLLER_STATUS_DENIED || $status == CONTROLLER_STATUS_NO_PAGE) {
break;
}
}
LastView::instance()->init($_REQUEST);
// In console mode, just stop here
if (defined('CONSOLE')) {
$notifications = fn_get_notifications();
$exit_code = 0;
foreach ($notifications as $n) {
fn_echo('[' . $n['title'] . '] ' . $n['message'] . "\n");
if ($n['type'] == 'E') {
$exit_code = 1;
}
}
exit($exit_code);
}
if (!empty($auth['this_login']) && Registry::ifGet($auth['this_login'], 'N') === 'Y') {
fn_set_notification('E', __('error'), __(ACCOUNT_TYPE . LOGIN_STATUS_USER_DISABLED));
$status = CONTROLLER_STATUS_DENIED;
}
// [Block manager]
// block manager is disabled for vendors.
if (!(fn_allowed_for('MULTIVENDOR') && Registry::get('runtime.company_id') || fn_allowed_for('ULTIMATE') && !Registry::get('runtime.company_id'))) {
if (fn_check_permissions('block_manager', 'manage', 'admin')) {
$dynamic_object = SchemesManager::getDynamicObject($_REQUEST['dispatch'], $area, $_REQUEST);
if (!empty($dynamic_object)) {
if ($area == 'A' && Registry::get('runtime.mode') != 'add' && !empty($_REQUEST[$dynamic_object['key']])) {
$object_id = $_REQUEST[$dynamic_object['key']];
$location = Location::instance()->get($dynamic_object['customer_dispatch'], $dynamic_object, CART_LANGUAGE);
if (!empty($location) && $location['is_default'] != 1) {
$params = array('dynamic_object' => array('object_type' => $dynamic_object['object_type'], 'object_id' => $object_id), $dynamic_object['key'] => $object_id, 'manage_url' => Registry::get('config.current_url'));
Registry::set('navigation.tabs.blocks', array('title' => __('layouts'), 'href' => 'block_manager.manage_in_tab?' . http_build_query($params), 'ajax' => true));
}
}
}
}
}
// [/Block manager]
// Redirect if controller returned successful/redirect status only
if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($_REQUEST['redirect_url']) && !$external) {
$redirect_url = $_REQUEST['redirect_url'];
}
// If controller returns "Redirect" status, check if redirect url exists
if ($status == CONTROLLER_STATUS_REDIRECT && empty($redirect_url)) {
$status = CONTROLLER_STATUS_NO_PAGE;
}
// In backend show "changes saved" notification
if ($area == 'A' && $_SERVER['REQUEST_METHOD'] == 'POST' && in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT))) {
if (strpos($mode, 'update') !== false && $mode != 'update_status' && $mode != 'update_mode' && !fn_notification_exists('extra', 'demo_mode') && !fn_notification_exists('type', 'E')) {
fn_set_notification('N', __('notice'), __('text_changes_saved'), 'I', 'changes_saved');
}
}
// Attach params and redirect if needed
if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($redirect_url)) {
if (!isset($_REQUEST['return_to_list'])) {
$params = array('page', 'selected_section', 'active_tab');
$url_params = array();
foreach ($params as $param) {
if (!empty($_REQUEST[$param])) {
$url_params[$param] = $_REQUEST[$param];
}
}
if (!empty($url_params)) {
$redirect_url = fn_link_attach($redirect_url, http_build_query($url_params));
}
}
if (!isset($external)) {
$external = false;
}
if (!isset($permanent)) {
$permanent = false;
}
fn_redirect($redirect_url, $external, $permanent);
}
if (!$view->getTemplateVars('content_tpl') && $status == CONTROLLER_STATUS_OK) {
// FIXME
$status = CONTROLLER_STATUS_NO_PAGE;
}
if ($status != CONTROLLER_STATUS_OK) {
if ($status == CONTROLLER_STATUS_NO_PAGE) {
if ($area == 'A' && empty($auth['user_id'])) {
// If admin is not logged in redirect to login page from not found page
fn_set_notification('W', __('page_not_found'), __('page_not_found_text'));
fn_redirect("auth.login_form");
}
header(' ', true, 404);
}
$view->assign('exception_status', $status);
if ($area == 'A') {
$view->assign('content_tpl', 'exception.tpl');
// for backend only
}
if ($status == CONTROLLER_STATUS_DENIED) {
$view->assign('page_title', __('access_denied'));
} elseif ($status == CONTROLLER_STATUS_NO_PAGE) {
$view->assign('page_title', __('page_not_found'));
}
}
fn_set_hook('dispatch_before_display');
Debugger::checkpoint('Before TPL');
// Pass current URL to ajax response only if we render whole page
if (defined('AJAX_REQUEST') && Registry::get('runtime.root_template') == 'index.tpl') {
Registry::get('ajax')->assign('current_url', fn_url(Registry::get('config.current_url'), $area, 'current'));
}
Registry::get('view')->display(Registry::get('runtime.root_template'));
Debugger::checkpoint('After TPL');
Debugger::display();
fn_set_hook('complete');
if (defined('AJAX_REQUEST')) {
// HHVM workaround. Destroy Ajax object manually if it has been created.
$ajax = Registry::get('ajax');
$ajax = null;
}
exit;
// stop execution
}
/**
* Add/update user
*
* @param int $user_id - user ID to update (empty for new user)
* @param array $user_data - user data
* @param array $auth - authentication information
* @param bool $ship_to_another - flag indicates that shipping and billing fields are different
* @param bool $notify_customer - flag indicates that customer should be notified
* @param bool $send_password - TRUE if the password should be included into the e-mail
* @return array with user ID and profile ID if success, false otherwise
*/
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_customer, $send_password = false)
{
if (!empty($user_id)) {
$current_user_data = db_get_row("SELECT user_id, company_id, status, user_type, user_login, lang_code, password, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
$action = 'update';
} else {
$current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
$action = 'add';
$user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
$user_data['timestamp'] = TIME;
}
$original_password = '';
$current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
// Set the user type
$user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
if (defined('COMPANY_ID') && ($user_data['user_type'] != 'A' || isset($current_user_data['company_id']) && $current_user_data['company_id'] != COMPANY_ID)) {
fn_save_post_data();
fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('access_denied'));
return false;
}
// Check if this user needs login/password
if (fn_user_need_login($user_data['user_type'])) {
// Check if user_login already exists
$is_exist = db_get_field("SELECT user_id FROM ?:users WHERE (email = ?s ?p) AND user_id != ?i", $user_data['email'], empty($user_data['user_login']) ? '' : db_quote(" OR user_login = ?s", $user_data['user_login']), $user_id);
if ($is_exist) {
fn_save_post_data();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_user_exists'));
return false;
}
// Check the passwords
$original_password = $user_data['password1'];
$user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
$user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
// if the passwords are not set and this is not a forced password check
// we will not update password, otherwise let's check password
if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
$valid_passwords = true;
if ($user_data['password1'] != $user_data['password2']) {
$valid_passwords = false;
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_passwords_dont_match'));
}
// PCI DSS Compliance
if ($user_data['user_type'] == 'A') {
$msg = array();
// Check password length
$min_length = Registry::get('settings.Security.min_admin_password_length');
if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
$valid_passwords = false;
$msg[] = str_replace("[number]", $min_length, fn_get_lang_var('error_password_min_symbols'));
}
// Check password content
if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
$tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
if (!$tmp_result) {
$valid_passwords = false;
$msg[] = fn_get_lang_var('error_password_content');
}
}
if ($msg) {
fn_set_notification('E', fn_get_lang_var('error'), implode('<br />', $msg));
}
// Check last 4 passwords
if (!empty($user_id)) {
$prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
if (!empty($_SESSION['auth']['forced_password_change'])) {
// if forced password change - new password can't be equal to current password.
$prev_passwords[] = $current_user_data['password'];
}
if (in_array(md5($user_data['password1']), $prev_passwords) || in_array(md5($user_data['password2']), $prev_passwords)) {
$valid_passwords = false;
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_password_was_used'));
} else {
if (count($prev_passwords) >= 5) {
array_shift($prev_passwords);
}
$user_data['last_passwords'] = implode(',', $prev_passwords);
}
}
}
// PCI DSS Compliance
if (!$valid_passwords) {
fn_save_post_data();
return false;
}
$user_data['password'] = md5($user_data['password1']);
if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
// if user set current password - there is no necessity to update password_change_timestamp
$user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
}
unset($_SESSION['auth']['forced_password_change']);
fn_delete_notification('password_expire');
}
}
$user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
// only administrator can change user status
// Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
if (AREA != 'A') {
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
} else {
$address_zone = 'b';
}
if (!empty($user_data['firstname']) || !empty($user_data[$address_zone . '_firstname'])) {
$user_data['firstname'] = empty($user_data['firstname']) && !empty($user_data[$address_zone . '_firstname']) ? $user_data[$address_zone . '_firstname'] : $user_data['firstname'];
}
if (!empty($user_data['lastname']) || !empty($user_data[$address_zone . '_lastname'])) {
$user_data['lastname'] = empty($user_data['lastname']) && !empty($user_data[$address_zone . '_lastname']) ? $user_data[$address_zone . '_lastname'] : $user_data['lastname'];
}
if (!empty($user_data['phone']) || !empty($user_data[$address_zone . '_phone'])) {
$user_data['phone'] = empty($user_data['phone']) && !empty($user_data[$address_zone . '_phone']) ? $user_data[$address_zone . '_phone'] : $user_data['phone'];
}
// reset company_id for root admin
if ($user_id == 1) {
$user_data['company_id'] = 0;
}
if (!empty($user_id)) {
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
fn_log_event('users', 'update', array('user_id' => $user_id));
} else {
$user_id = db_query("INSERT INTO ?:users ?e", $user_data);
fn_log_event('users', 'create', array('user_id' => $user_id));
}
$user_data['user_id'] = $user_id;
// Set/delete insecure password notification
if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['user_login']) && !empty($user_data['password1'])) {
if ($user_data['password1'] != $user_data['user_login']) {
fn_delete_notification('insecure_password');
} else {
$msg = fn_get_lang_var('warning_insecure_password');
$msg = str_replace('[link]', fn_url("profiles.update?user_id=" . $user_id), $msg);
fn_set_notification('E', fn_get_lang_var('warning'), $msg, true, 'insecure_password');
}
}
if (empty($user_data['user_login'])) {
// if we're using email as login or user type does not require login, fill login field
db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
}
// Fill shipping info with billing if needed
if (empty($ship_to_another)) {
$profile_fields = fn_get_profile_fields($user_data['user_type']);
$use_default = AREA == 'A' ? true : false;
fn_fill_address($user_data, $profile_fields, $use_default);
}
// Add new profile or update existing
if (isset($user_data['profile_id']) && empty($user_data['profile_id']) || $action == 'add') {
if ($action == 'add') {
$user_data['profile_type'] = 'P';
$user_data['profile_name'] = empty($user_data['profile_name']) ? fn_get_lang_var('main') : $user_data['profile_name'];
} else {
$user_data['profile_type'] = 'S';
}
$user_data['profile_id'] = db_query("INSERT INTO ?:user_profiles ?e", $user_data);
} else {
if (empty($user_data['profile_id'])) {
$user_data['profile_id'] = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_id);
}
db_query("UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i", $user_data, $user_data['profile_id']);
}
// Add/Update additional fields
fn_store_profile_fields($user_data, array('U' => $user_id, 'P' => $user_data['profile_id']), 'UP');
$user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
$lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
Registry::get('view_mail')->assign('password', $original_password);
Registry::get('view_mail')->assign('send_password', $send_password);
Registry::get('view_mail')->assign('user_data', $user_data);
// Send notifications to customer
if (!empty($notify_customer)) {
// Notify customer about profile activation (when update profile only)
if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/profile_activated_subj.tpl', 'profiles/profile_activated.tpl', '', $lang_code);
}
// Notify customer about profile add/update
if ($action == 'add') {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
} else {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
}
}
if ($action == 'add') {
$skip_auth = false;
if (AREA != 'A') {
if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_should_be_approved'));
// Notify administrator about new profile
fn_send_mail(Registry::get('settings.Company.company_users_department'), Registry::get('settings.Company.company_users_department'), 'profiles/activate_profile_subj.tpl', 'profiles/activate_profile.tpl', '', Registry::get('settings.Appearance.admin_default_language'), $user_data['email']);
$skip_auth = true;
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
}
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
}
if (!is_null($auth)) {
if (!empty($auth['order_ids'])) {
db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
}
if (empty($skip_auth)) {
$auth = fn_fill_auth($user_data);
}
}
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_updated'));
}
fn_set_hook('update_profile', $action, $user_data, $current_user_data);
return array($user_id, $user_data['profile_id']);
}