function fn_api_auth_routines($request, $auth)
{
$status = true;
$user_login = !empty($request['user_login']) ? trim($request['user_login']) : '';
$password = !empty($request['password']) ? $request['password'] : '';
$field = 'email';
$condition = '';
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
$condition = fn_get_company_condition('?:users.company_id');
}
}
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login);
if (empty($user_data)) {
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
}
if (!empty($user_data)) {
$user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
}
if (!empty($user_data['status']) && $user_data['status'] == 'D') {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$status = false;
}
$salt = isset($user_data['salt']) ? $user_data['salt'] : '';
return array($status, $user_data, $user_login, $password, $salt);
}
function fn_get_user_info($user_id, $get_profile = true, &$profile_id = NULL)
{
$user_fields = array('user_id', 'user_type', 'status', 'user_login', 'is_root', 'company_id', 'title', 'firstname', 'lastname', 'company', 'email', 'phone', 'fax', 'url', 'tax_exempt', 'lang_code', 'password_change_timestamp');
$user_fields = implode(',', $user_fields);
$condition = fn_get_company_condition();
if (trim($condition)) {
$condition = "(user_type = 'A' {$condition})";
$company_customers = db_get_fields("SELECT user_id FROM ?:orders WHERE company_id = ?i", COMPANY_ID);
if ($company_customers) {
$condition = db_quote("((user_type = 'C' && user_id IN (?n)) OR {$condition})", $company_customers);
}
$condition = " AND {$condition} ";
}
$user_data = db_get_row("SELECT {$user_fields} FROM ?:users WHERE user_id = ?i {$condition}", $user_id);
if (empty($user_data)) {
return array();
}
$user_data['usergroups'] = fn_get_user_usergroups($user_id);
if ($get_profile == true) {
if (!empty($profile_id)) {
$profile_data = db_get_row("SELECT * FROM ?:user_profiles WHERE user_id = ?i AND profile_id = ?i", $user_data['user_id'], $profile_id);
}
if (empty($profile_data)) {
$profile_data = db_get_row("SELECT * FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_data['user_id']);
$profile_id = $profile_data['profile_id'];
}
$user_data = fn_array_merge($user_data, $profile_data);
}
// Get additional fields
$prof_cond = $get_profile && !empty($profile_data['profile_id']) ? db_quote("OR (object_id = ?i AND object_type = 'P')", $profile_data['profile_id']) : '';
$additional_fields = db_get_hash_single_array("SELECT field_id, value FROM ?:profile_fields_data WHERE (object_id = ?i AND object_type = 'U') {$prof_cond}", array('field_id', 'value'), $user_id);
$user_data['fields'] = $additional_fields;
fn_add_user_data_descriptions($user_data);
fn_set_hook('get_user_info', $user_data);
return $user_data;
}
function fn_auth_routines($request)
{
$status = true;
$user_login = $_REQUEST['user_login'];
$password = $_POST['password'];
$field = Registry::get('settings.General.use_email_as_login') == 'Y' ? 'email' : 'user_login';
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s", $user_login);
if (!empty($user_data)) {
$user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
}
fn_set_hook('auth_routines', $status, $user_data);
if (!empty($user_data['user_type']) && $user_data['user_type'] != 'A' && AREA == 'A') {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_area_access_denied'));
$status = false;
}
if (!empty($user_data['status']) && $user_data['status'] == 'D') {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
$status = false;
}
return array($status, $user_data, $user_login, $password);
}
/**
* Promotions post processing
*
* @param string $status_to new order status
* @param string $status_from original order status
* @param array $order_info order information
* @param array $force_notification Array with notification rules
* @return boolean always true
*/
function fn_promotion_post_processing($status_to, $status_from, $order_info, $force_notification = array())
{
$order_statuses = fn_get_statuses(STATUSES_ORDER, array(), true);
$notify_user = isset($force_notification['C']) ? $force_notification['C'] : (!empty($order_statuses[$status_to]['params']['notify']) && $order_statuses[$status_to]['params']['notify'] == 'Y' ? true : false);
$status_from_is_positive = fn_status_is_positive($order_statuses[$status_from]);
$status_to_is_positive = fn_status_is_positive($order_statuses[$status_to]);
if (empty($order_info['promotions'])) {
return false;
}
// Process numbers of usage for Open statuses
if ($status_to != $status_from && fn_status_is_positive($order_statuses[$status_from], true) != fn_status_is_positive($order_statuses[$status_to], true)) {
// Post processing
if (fn_status_is_positive($order_statuses[$status_to], true)) {
db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages + 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
} else {
db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages - 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
}
}
if ($status_to != $status_from && $status_from_is_positive != $status_to_is_positive) {
// Apply pending actions
foreach ($order_info['promotions'] as $k => $v) {
if (!empty($v['bonuses'])) {
foreach ($v['bonuses'] as $bonus) {
// Assign usergroup
if ($bonus['bonus'] == 'give_usergroup') {
$is_ug_already_assigned = false;
if (empty($order_info['user_id'])) {
continue;
}
// Don't assing a disabled usergroup
$system_usergroups = fn_get_usergroups(array('type' => 'C', 'status' => array('A', 'H')), CART_LANGUAGE);
if (!empty($system_usergroups[$bonus['value']]['status']) && in_array($system_usergroups[$bonus['value']]['status'], array('A', 'H'))) {
if ($order_statuses[$status_to]['params']['inventory'] == 'D') {
// Don't assing the usergroup to the user if it's already assigned
$current_user_usergroups = fn_get_user_usergroups($order_info['user_id']);
foreach ($current_user_usergroups as $ug) {
if (isset($ug['usergroup_id']) && $bonus['value'] == $ug['usergroup_id'] && in_array($ug['status'], array('A', 'H'))) {
$is_ug_already_assigned = true;
break;
}
}
if (!$is_ug_already_assigned) {
db_query("REPLACE INTO ?:usergroup_links SET user_id = ?i, usergroup_id = ?i, status = 'A'", $order_info['user_id'], $bonus['value']);
$activated = true;
}
} else {
db_query("UPDATE ?:usergroup_links SET status = 'F' WHERE user_id = ?i AND usergroup_id = ?i", $order_info['user_id'], $bonus['value']);
$activated = false;
}
if ($notify_user == true && !$is_ug_already_assigned) {
$prefix = $activated == true ? 'activation' : 'disactivation';
Mailer::sendMail(array('to' => $order_info['email'], 'from' => 'company_users_department', 'data' => array('user_data' => fn_get_user_info($order_info['user_id']), 'usergroups' => fn_get_usergroups(array('status' => array('A', 'H')), $order_info['lang_code']), 'usergroup_ids' => (array) $bonus['value']), 'tpl' => 'profiles/usergroup_' . $prefix . '.tpl', 'company_id' => $order_info['company_id']), 'C', $order_info['lang_code']);
}
} else {
if (AREA == 'C') {
fn_set_notification('E', __('error'), __('unable_to_assign_usergroup'));
}
}
} elseif ($bonus['bonus'] == 'give_coupon') {
$promotion_data = fn_get_promotion_data($bonus['value']);
if (empty($promotion_data)) {
continue;
}
if ($status_to_is_positive) {
fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'add', 'auto_coupons', $bonus['coupon_code']);
if ($notify_user == true) {
Mailer::sendMail(array('to' => $order_info['email'], 'from' => 'company_users_department', 'data' => array('promotion_data' => $promotion_data, 'bonus_data' => $bonus, 'order_info' => $order_info), 'tpl' => 'promotions/give_coupon.tpl', 'company_id' => $order_info['company_id']), 'C', $order_info['lang_code']);
}
} else {
fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'remove', 'auto_coupons', $bonus['coupon_code']);
}
db_query("UPDATE ?:promotions SET conditions = ?s, conditions_hash = ?s, users_conditions_hash = ?s WHERE promotion_id = ?i", serialize($promotion_data['conditions']), fn_promotion_serialize($promotion_data['conditions']['conditions']), fn_promotion_serialize_users_conditions($promotion_data['conditions']['conditions']), $bonus['value']);
}
}
}
}
}
return true;
}
/**
* Promotions post processing
*
* @param char $status_to new order status
* @param char $status_from original order status
* @param array $order_info order information
* @param bool $force_notification force user notification
* @return boolean always true
*/
function fn_promotion_post_processing($status_to, $status_from, $order_info, $force_notification = array())
{
$order_statuses = fn_get_statuses(STATUSES_ORDER, false, true);
$notify_user = isset($force_notification['C']) ? $force_notification['C'] : (!empty($order_statuses[$status_to]['notify']) && $order_statuses[$status_to]['notify'] == 'Y' ? true : false);
if ($status_to != $status_from && $order_statuses[$status_to]['inventory'] != $order_statuses[$status_from]['inventory']) {
if (empty($order_info['promotions'])) {
return false;
}
// Post processing
if ($order_statuses[$status_to]['inventory'] == 'D' && $order_statuses[$status_from]['inventory'] == 'I') {
db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages + 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
} else {
db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages - 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
}
// Apply pending actions
foreach ($order_info['promotions'] as $k => $v) {
if (!empty($v['bonuses'])) {
foreach ($v['bonuses'] as $bonus) {
// Assign usergroup
if ($bonus['bonus'] == 'give_usergroup') {
$is_ug_already_assigned = false;
if (empty($order_info['user_id'])) {
continue;
}
// Don't assing a disabled usergroup
$system_usergroups = fn_get_usergroups('C', CART_LANGUAGE);
if (!empty($system_usergroups[$bonus['value']]['status']) && $system_usergroups[$bonus['value']]['status'] == 'A') {
if ($order_statuses[$status_to]['inventory'] == 'D' && $order_statuses[$status_from]['inventory'] == 'I') {
// Don't assing the usergroup to the user if it's already assigned
$current_user_usergroups = fn_get_user_usergroups($order_info['user_id']);
foreach ($current_user_usergroups as $ug) {
if (isset($ug['usergroup_id']) && $bonus['value'] == $ug['usergroup_id'] && $ug['status'] == 'A') {
$is_ug_already_assigned = true;
break;
}
}
if (!$is_ug_already_assigned) {
db_query("REPLACE INTO ?:usergroup_links SET user_id = ?i, usergroup_id = ?i, status = 'A'", $order_info['user_id'], $bonus['value']);
$activated = true;
}
} else {
db_query("UPDATE ?:usergroup_links SET status = 'F' WHERE user_id = ?i AND usergroup_id = ?i", $order_info['user_id'], $bonus['value']);
$activated = false;
}
if ($notify_user == true && !$is_ug_already_assigned) {
Registry::get('view_mail')->assign('user_data', fn_get_user_info($order_info['user_id']));
Registry::get('view_mail')->assign('usergroups', fn_get_usergroups('F', $order_info['lang_code']));
Registry::get('view_mail')->assign('usergroup_ids', (array) $bonus['value']);
$prefix = $activated == true ? 'activation' : 'disactivation';
fn_send_mail($order_info['email'], Registry::get('settings.Company.company_users_department'), 'profiles/usergroup_' . $prefix . '_subj.tpl', 'profiles/usergroup_' . $prefix . '.tpl', array(), $order_info['lang_code']);
}
} else {
if (AREA == 'C') {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('unable_to_assign_usergroup'));
}
}
} elseif ($bonus['bonus'] == 'give_coupon') {
$promotion_data = fn_get_promotion_data($bonus['value']);
if (empty($promotion_data)) {
continue;
}
if ($order_statuses[$status_to]['inventory'] == 'D' && $order_statuses[$status_from]['inventory'] == 'I') {
fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'add', 'auto_coupons', $bonus['coupon_code']);
if ($notify_user == true) {
Registry::get('view_mail')->assign('promotion_data', $promotion_data);
Registry::get('view_mail')->assign('bonus_data', $bonus);
Registry::get('view_mail')->assign('order_info', $order_info);
fn_send_mail($order_info['email'], Registry::get('settings.Company.company_users_department'), 'promotions/give_coupon_subj.tpl', 'promotions/give_coupon.tpl', array(), $order_info['lang_code']);
}
} else {
fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'remove', 'auto_coupons', $bonus['coupon_code']);
}
db_query("UPDATE ?:promotions SET conditions = ?s, conditions_hash = ?s WHERE promotion_id = ?i", serialize($promotion_data['conditions']), fn_promotion_serialize($promotion_data['conditions']['conditions']), $bonus['value']);
}
}
}
}
}
return true;
}
/**
* Performs authentication of user
*
* @param array $request Query parameters
* @param array $auth Authentication data
* @return array Authentication status, user data, login, password and salt
*/
function fn_auth_routines($request, $auth)
{
$status = true;
$user_login = !empty($request['user_login']) ? trim($request['user_login']) : '';
$password = !empty($request['password']) ? $request['password'] : '';
$field = 'email';
$condition = '';
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
$condition = fn_get_company_condition('?:users.company_id');
}
}
/**
* Selects user data
*
* @param array $request Query parameters
* @param array $auth Authentication data
* @param string $field SQL field to select user by
* @param string $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR)
* @param string $user_login Value to select user by
*/
fn_set_hook('auth_routines', $request, $auth, $field, $condition, $user_login);
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login);
if (empty($user_data)) {
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
}
if (!empty($user_data)) {
$user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
}
if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) {
fn_set_notification('E', __('error'), __('error_area_access_denied'));
$status = false;
}
if (!empty($user_data['status']) && $user_data['status'] == 'D') {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$status = false;
}
$salt = isset($user_data['salt']) ? $user_data['salt'] : '';
return array($status, $user_data, $user_login, $password, $salt);
}
function fn_ult_check_users_usergroup_companies($user_id)
{
if (Registry::get('runtime.company_id')) {
$user_groups = fn_get_user_usergroups($user_id);
foreach ($user_groups as $user_group) {
if ($user_group['status'] == 'A') {
$user_group_companies = fn_ult_get_object_shared_companies('usergroups', $user_group['usergroup_id']);
if (in_array(Registry::get('runtime.company_id'), $user_group_companies)) {
return true;
}
}
}
if ((defined('RESTRICTED_ADMIN') || $_SESSION['auth']['is_root'] == 'Y') && $user_id == $_SESSION['auth']['user_id']) {
return true;
}
}
return false;
}
function fn_twg_api_auth_routines($user_login, $password)
{
$status = true;
$field = Registry::get('settings.General.use_email_as_login') == 'Y' ? 'email' : 'user_login';
$condition = '';
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
$condition = fn_get_company_condition('?:users.company_id');
}
}
$user_data = db_get_row("SELECT *\n FROM ?:users\n WHERE {$field} = ?s" . $condition, $user_login);
if (empty($user_data)) {
$user_data = db_get_row("SELECT *\n FROM ?:users\n WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
}
if (!empty($user_data)) {
$user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
}
if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) {
fn_set_notification('E', __('error'), __('error_area_access_denied'));
$status = false;
}
if (!empty($user_data['status']) && $user_data['status'] == 'D') {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$status = false;
}
$salt = isset($user_data['salt']) ? $user_data['salt'] : '';
return array($status, $user_data, $user_login, $password, $salt);
}