예제 #1
0
function fn_api_auth_routines($request, $auth)
{
    $status = true;
    $user_login = !empty($request['user_login']) ? trim($request['user_login']) : '';
    $password = !empty($request['password']) ? $request['password'] : '';
    $field = 'email';
    $condition = '';
    if (fn_allowed_for('ULTIMATE')) {
        if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
            $condition = fn_get_company_condition('?:users.company_id');
        }
    }
    $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login);
    if (empty($user_data)) {
        $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
    }
    if (!empty($user_data)) {
        $user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
    }
    if (!empty($user_data['status']) && $user_data['status'] == 'D') {
        fn_set_notification('E', __('error'), __('error_account_disabled'));
        $status = false;
    }
    $salt = isset($user_data['salt']) ? $user_data['salt'] : '';
    return array($status, $user_data, $user_login, $password, $salt);
}
예제 #2
0
function fn_get_user_info($user_id, $get_profile = true, &$profile_id = NULL)
{
    $user_fields = array('user_id', 'user_type', 'status', 'user_login', 'is_root', 'company_id', 'title', 'firstname', 'lastname', 'company', 'email', 'phone', 'fax', 'url', 'tax_exempt', 'lang_code', 'password_change_timestamp');
    $user_fields = implode(',', $user_fields);
    $condition = fn_get_company_condition();
    if (trim($condition)) {
        $condition = "(user_type = 'A' {$condition})";
        $company_customers = db_get_fields("SELECT user_id FROM ?:orders WHERE company_id = ?i", COMPANY_ID);
        if ($company_customers) {
            $condition = db_quote("((user_type = 'C' && user_id IN (?n)) OR {$condition})", $company_customers);
        }
        $condition = " AND {$condition} ";
    }
    $user_data = db_get_row("SELECT {$user_fields} FROM ?:users WHERE user_id = ?i {$condition}", $user_id);
    if (empty($user_data)) {
        return array();
    }
    $user_data['usergroups'] = fn_get_user_usergroups($user_id);
    if ($get_profile == true) {
        if (!empty($profile_id)) {
            $profile_data = db_get_row("SELECT * FROM ?:user_profiles WHERE user_id = ?i AND profile_id = ?i", $user_data['user_id'], $profile_id);
        }
        if (empty($profile_data)) {
            $profile_data = db_get_row("SELECT * FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_data['user_id']);
            $profile_id = $profile_data['profile_id'];
        }
        $user_data = fn_array_merge($user_data, $profile_data);
    }
    // Get additional fields
    $prof_cond = $get_profile && !empty($profile_data['profile_id']) ? db_quote("OR (object_id = ?i AND object_type = 'P')", $profile_data['profile_id']) : '';
    $additional_fields = db_get_hash_single_array("SELECT field_id, value FROM ?:profile_fields_data WHERE (object_id = ?i AND object_type = 'U') {$prof_cond}", array('field_id', 'value'), $user_id);
    $user_data['fields'] = $additional_fields;
    fn_add_user_data_descriptions($user_data);
    fn_set_hook('get_user_info', $user_data);
    return $user_data;
}
예제 #3
0
function fn_auth_routines($request)
{
    $status = true;
    $user_login = $_REQUEST['user_login'];
    $password = $_POST['password'];
    $field = Registry::get('settings.General.use_email_as_login') == 'Y' ? 'email' : 'user_login';
    $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s", $user_login);
    if (!empty($user_data)) {
        $user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
    }
    fn_set_hook('auth_routines', $status, $user_data);
    if (!empty($user_data['user_type']) && $user_data['user_type'] != 'A' && AREA == 'A') {
        fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_area_access_denied'));
        $status = false;
    }
    if (!empty($user_data['status']) && $user_data['status'] == 'D') {
        fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
        $status = false;
    }
    return array($status, $user_data, $user_login, $password);
}
예제 #4
0
/**
 * Promotions post processing
 *
 * @param string $status_to new order status
 * @param string $status_from original order status
 * @param array $order_info order information
 * @param array $force_notification Array with notification rules
 * @return boolean always true
 */
function fn_promotion_post_processing($status_to, $status_from, $order_info, $force_notification = array())
{
    $order_statuses = fn_get_statuses(STATUSES_ORDER, array(), true);
    $notify_user = isset($force_notification['C']) ? $force_notification['C'] : (!empty($order_statuses[$status_to]['params']['notify']) && $order_statuses[$status_to]['params']['notify'] == 'Y' ? true : false);
    $status_from_is_positive = fn_status_is_positive($order_statuses[$status_from]);
    $status_to_is_positive = fn_status_is_positive($order_statuses[$status_to]);
    if (empty($order_info['promotions'])) {
        return false;
    }
    // Process numbers of usage for Open statuses
    if ($status_to != $status_from && fn_status_is_positive($order_statuses[$status_from], true) != fn_status_is_positive($order_statuses[$status_to], true)) {
        // Post processing
        if (fn_status_is_positive($order_statuses[$status_to], true)) {
            db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages + 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
        } else {
            db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages - 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
        }
    }
    if ($status_to != $status_from && $status_from_is_positive != $status_to_is_positive) {
        // Apply pending actions
        foreach ($order_info['promotions'] as $k => $v) {
            if (!empty($v['bonuses'])) {
                foreach ($v['bonuses'] as $bonus) {
                    // Assign usergroup
                    if ($bonus['bonus'] == 'give_usergroup') {
                        $is_ug_already_assigned = false;
                        if (empty($order_info['user_id'])) {
                            continue;
                        }
                        // Don't assing a disabled usergroup
                        $system_usergroups = fn_get_usergroups(array('type' => 'C', 'status' => array('A', 'H')), CART_LANGUAGE);
                        if (!empty($system_usergroups[$bonus['value']]['status']) && in_array($system_usergroups[$bonus['value']]['status'], array('A', 'H'))) {
                            if ($order_statuses[$status_to]['params']['inventory'] == 'D') {
                                // Don't assing the usergroup to the user if it's already assigned
                                $current_user_usergroups = fn_get_user_usergroups($order_info['user_id']);
                                foreach ($current_user_usergroups as $ug) {
                                    if (isset($ug['usergroup_id']) && $bonus['value'] == $ug['usergroup_id'] && in_array($ug['status'], array('A', 'H'))) {
                                        $is_ug_already_assigned = true;
                                        break;
                                    }
                                }
                                if (!$is_ug_already_assigned) {
                                    db_query("REPLACE INTO ?:usergroup_links SET user_id = ?i, usergroup_id = ?i, status = 'A'", $order_info['user_id'], $bonus['value']);
                                    $activated = true;
                                }
                            } else {
                                db_query("UPDATE ?:usergroup_links SET status = 'F' WHERE user_id = ?i AND usergroup_id = ?i", $order_info['user_id'], $bonus['value']);
                                $activated = false;
                            }
                            if ($notify_user == true && !$is_ug_already_assigned) {
                                $prefix = $activated == true ? 'activation' : 'disactivation';
                                Mailer::sendMail(array('to' => $order_info['email'], 'from' => 'company_users_department', 'data' => array('user_data' => fn_get_user_info($order_info['user_id']), 'usergroups' => fn_get_usergroups(array('status' => array('A', 'H')), $order_info['lang_code']), 'usergroup_ids' => (array) $bonus['value']), 'tpl' => 'profiles/usergroup_' . $prefix . '.tpl', 'company_id' => $order_info['company_id']), 'C', $order_info['lang_code']);
                            }
                        } else {
                            if (AREA == 'C') {
                                fn_set_notification('E', __('error'), __('unable_to_assign_usergroup'));
                            }
                        }
                    } elseif ($bonus['bonus'] == 'give_coupon') {
                        $promotion_data = fn_get_promotion_data($bonus['value']);
                        if (empty($promotion_data)) {
                            continue;
                        }
                        if ($status_to_is_positive) {
                            fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'add', 'auto_coupons', $bonus['coupon_code']);
                            if ($notify_user == true) {
                                Mailer::sendMail(array('to' => $order_info['email'], 'from' => 'company_users_department', 'data' => array('promotion_data' => $promotion_data, 'bonus_data' => $bonus, 'order_info' => $order_info), 'tpl' => 'promotions/give_coupon.tpl', 'company_id' => $order_info['company_id']), 'C', $order_info['lang_code']);
                            }
                        } else {
                            fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'remove', 'auto_coupons', $bonus['coupon_code']);
                        }
                        db_query("UPDATE ?:promotions SET conditions = ?s, conditions_hash = ?s, users_conditions_hash = ?s WHERE promotion_id = ?i", serialize($promotion_data['conditions']), fn_promotion_serialize($promotion_data['conditions']['conditions']), fn_promotion_serialize_users_conditions($promotion_data['conditions']['conditions']), $bonus['value']);
                    }
                }
            }
        }
    }
    return true;
}
예제 #5
0
/**
 * Promotions post processing
 *
 * @param char $status_to new order status
 * @param char $status_from original order status
 * @param array $order_info order information
 * @param bool $force_notification force user notification
 * @return boolean always true
 */
function fn_promotion_post_processing($status_to, $status_from, $order_info, $force_notification = array())
{
    $order_statuses = fn_get_statuses(STATUSES_ORDER, false, true);
    $notify_user = isset($force_notification['C']) ? $force_notification['C'] : (!empty($order_statuses[$status_to]['notify']) && $order_statuses[$status_to]['notify'] == 'Y' ? true : false);
    if ($status_to != $status_from && $order_statuses[$status_to]['inventory'] != $order_statuses[$status_from]['inventory']) {
        if (empty($order_info['promotions'])) {
            return false;
        }
        // Post processing
        if ($order_statuses[$status_to]['inventory'] == 'D' && $order_statuses[$status_from]['inventory'] == 'I') {
            db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages + 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
        } else {
            db_query("UPDATE ?:promotions SET number_of_usages = number_of_usages - 1 WHERE promotion_id IN (?n)", array_keys($order_info['promotions']));
        }
        // Apply pending actions
        foreach ($order_info['promotions'] as $k => $v) {
            if (!empty($v['bonuses'])) {
                foreach ($v['bonuses'] as $bonus) {
                    // Assign usergroup
                    if ($bonus['bonus'] == 'give_usergroup') {
                        $is_ug_already_assigned = false;
                        if (empty($order_info['user_id'])) {
                            continue;
                        }
                        // Don't assing a disabled usergroup
                        $system_usergroups = fn_get_usergroups('C', CART_LANGUAGE);
                        if (!empty($system_usergroups[$bonus['value']]['status']) && $system_usergroups[$bonus['value']]['status'] == 'A') {
                            if ($order_statuses[$status_to]['inventory'] == 'D' && $order_statuses[$status_from]['inventory'] == 'I') {
                                // Don't assing the usergroup to the user if it's already assigned
                                $current_user_usergroups = fn_get_user_usergroups($order_info['user_id']);
                                foreach ($current_user_usergroups as $ug) {
                                    if (isset($ug['usergroup_id']) && $bonus['value'] == $ug['usergroup_id'] && $ug['status'] == 'A') {
                                        $is_ug_already_assigned = true;
                                        break;
                                    }
                                }
                                if (!$is_ug_already_assigned) {
                                    db_query("REPLACE INTO ?:usergroup_links SET user_id = ?i, usergroup_id = ?i, status = 'A'", $order_info['user_id'], $bonus['value']);
                                    $activated = true;
                                }
                            } else {
                                db_query("UPDATE ?:usergroup_links SET status = 'F' WHERE user_id = ?i AND usergroup_id = ?i", $order_info['user_id'], $bonus['value']);
                                $activated = false;
                            }
                            if ($notify_user == true && !$is_ug_already_assigned) {
                                Registry::get('view_mail')->assign('user_data', fn_get_user_info($order_info['user_id']));
                                Registry::get('view_mail')->assign('usergroups', fn_get_usergroups('F', $order_info['lang_code']));
                                Registry::get('view_mail')->assign('usergroup_ids', (array) $bonus['value']);
                                $prefix = $activated == true ? 'activation' : 'disactivation';
                                fn_send_mail($order_info['email'], Registry::get('settings.Company.company_users_department'), 'profiles/usergroup_' . $prefix . '_subj.tpl', 'profiles/usergroup_' . $prefix . '.tpl', array(), $order_info['lang_code']);
                            }
                        } else {
                            if (AREA == 'C') {
                                fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('unable_to_assign_usergroup'));
                            }
                        }
                    } elseif ($bonus['bonus'] == 'give_coupon') {
                        $promotion_data = fn_get_promotion_data($bonus['value']);
                        if (empty($promotion_data)) {
                            continue;
                        }
                        if ($order_statuses[$status_to]['inventory'] == 'D' && $order_statuses[$status_from]['inventory'] == 'I') {
                            fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'add', 'auto_coupons', $bonus['coupon_code']);
                            if ($notify_user == true) {
                                Registry::get('view_mail')->assign('promotion_data', $promotion_data);
                                Registry::get('view_mail')->assign('bonus_data', $bonus);
                                Registry::get('view_mail')->assign('order_info', $order_info);
                                fn_send_mail($order_info['email'], Registry::get('settings.Company.company_users_department'), 'promotions/give_coupon_subj.tpl', 'promotions/give_coupon.tpl', array(), $order_info['lang_code']);
                            }
                        } else {
                            fn_promotion_update_condition($promotion_data['conditions']['conditions'], 'remove', 'auto_coupons', $bonus['coupon_code']);
                        }
                        db_query("UPDATE ?:promotions SET conditions = ?s, conditions_hash = ?s WHERE promotion_id = ?i", serialize($promotion_data['conditions']), fn_promotion_serialize($promotion_data['conditions']['conditions']), $bonus['value']);
                    }
                }
            }
        }
    }
    return true;
}
예제 #6
0
/**
 * Performs authentication of user
 *
 * @param array $request Query parameters
 * @param array $auth Authentication data
 * @return array Authentication status, user data, login, password and salt
 */
function fn_auth_routines($request, $auth)
{
    $status = true;
    $user_login = !empty($request['user_login']) ? trim($request['user_login']) : '';
    $password = !empty($request['password']) ? $request['password'] : '';
    $field = 'email';
    $condition = '';
    if (fn_allowed_for('ULTIMATE')) {
        if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
            $condition = fn_get_company_condition('?:users.company_id');
        }
    }
    /**
     * Selects user data
     *
     * @param array $request Query parameters
     * @param array $auth Authentication data
     * @param string $field SQL field to select user by
     * @param string $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR)
     * @param string $user_login Value to select user by
     */
    fn_set_hook('auth_routines', $request, $auth, $field, $condition, $user_login);
    $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login);
    if (empty($user_data)) {
        $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
    }
    if (!empty($user_data)) {
        $user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
    }
    if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) {
        fn_set_notification('E', __('error'), __('error_area_access_denied'));
        $status = false;
    }
    if (!empty($user_data['status']) && $user_data['status'] == 'D') {
        fn_set_notification('E', __('error'), __('error_account_disabled'));
        $status = false;
    }
    $salt = isset($user_data['salt']) ? $user_data['salt'] : '';
    return array($status, $user_data, $user_login, $password, $salt);
}
예제 #7
0
function fn_ult_check_users_usergroup_companies($user_id)
{
    if (Registry::get('runtime.company_id')) {
        $user_groups = fn_get_user_usergroups($user_id);
        foreach ($user_groups as $user_group) {
            if ($user_group['status'] == 'A') {
                $user_group_companies = fn_ult_get_object_shared_companies('usergroups', $user_group['usergroup_id']);
                if (in_array(Registry::get('runtime.company_id'), $user_group_companies)) {
                    return true;
                }
            }
        }
        if ((defined('RESTRICTED_ADMIN') || $_SESSION['auth']['is_root'] == 'Y') && $user_id == $_SESSION['auth']['user_id']) {
            return true;
        }
    }
    return false;
}
예제 #8
0
function fn_twg_api_auth_routines($user_login, $password)
{
    $status = true;
    $field = Registry::get('settings.General.use_email_as_login') == 'Y' ? 'email' : 'user_login';
    $condition = '';
    if (fn_allowed_for('ULTIMATE')) {
        if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
            $condition = fn_get_company_condition('?:users.company_id');
        }
    }
    $user_data = db_get_row("SELECT *\n         FROM ?:users\n         WHERE {$field} = ?s" . $condition, $user_login);
    if (empty($user_data)) {
        $user_data = db_get_row("SELECT *\n             FROM ?:users\n             WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
    }
    if (!empty($user_data)) {
        $user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
    }
    if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) {
        fn_set_notification('E', __('error'), __('error_area_access_denied'));
        $status = false;
    }
    if (!empty($user_data['status']) && $user_data['status'] == 'D') {
        fn_set_notification('E', __('error'), __('error_account_disabled'));
        $status = false;
    }
    $salt = isset($user_data['salt']) ? $user_data['salt'] : '';
    return array($status, $user_data, $user_login, $password, $salt);
}