* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: auth.php 10265 2010-07-29 08:38:09Z klerik $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { // // Login mode // if ($mode == 'login') { $redirect_url = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $index_script; if (AREA != 'A') { if (Registry::get('settings.Image_verification.use_for_login') == 'Y' && fn_image_verification('login_' . $_REQUEST['form_name'], empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) { $suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : ''); return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}"); } } list($status, $user_data, $user_login, $password) = fn_auth_routines($_REQUEST); if ($status === false) { fn_save_post_data(); $suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : ''); return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}"); } // // Success login // if (!empty($user_data) && md5($password) == $user_data['password'] && !empty($password)) { //
fn_login_user($user_id); $step = 'step_two'; if (empty($profile_fields['B']) && empty($profile_fields['S'])) { $step = 'step_three'; } $suffix = '?edit_step=' . $step; } else { fn_save_post_data('user_data'); $suffix = '?login_type=register'; } return array(CONTROLLER_STATUS_OK, 'checkout.checkout' . $suffix); } if ($mode == 'customer_info') { $redirect_params = array(); $cart['guest_checkout'] = !empty($_REQUEST['guest_checkout']); if (Registry::get('settings.Checkout.disable_anonymous_checkout') == 'Y' && empty($cart['user_data']['email']) && fn_image_verification('checkout', $_REQUEST) == false) { fn_save_post_data('user_data'); return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout?login_type=guest'); } $profile_fields = fn_get_profile_fields('O'); $user_profile = array(); if (!empty($_REQUEST['user_data'])) { if (empty($auth['user_id']) && !empty($_REQUEST['user_data']['email'])) { $email_exists = fn_is_user_exists(0, $_REQUEST['user_data']); if (!empty($email_exists)) { fn_set_notification('E', __('error'), __('error_user_exists')); fn_save_post_data('user_data'); return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout'); } } $user_data = $_REQUEST['user_data'];
* * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Mailer; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'apply_for_vendor') { if (Registry::get('settings.Vendors.apply_for_vendor') != 'Y') { return array(CONTROLLER_STATUS_NO_PAGE); } if (fn_image_verification('apply_for_vendor_account', $_REQUEST) == false) { fn_save_post_data('user_data', 'company_data'); return array(CONTROLLER_STATUS_REDIRECT, 'companies.apply_for_vendor'); } $data = $_REQUEST['company_data']; $data['timestamp'] = TIME; $data['status'] = 'N'; $data['request_user_id'] = !empty($auth['user_id']) ? $auth['user_id'] : 0; $account_data = array(); $account_data['fields'] = isset($_REQUEST['user_data']['fields']) ? $_REQUEST['user_data']['fields'] : ''; $account_data['admin_firstname'] = isset($_REQUEST['company_data']['admin_firstname']) ? $_REQUEST['company_data']['admin_firstname'] : ''; $account_data['admin_lastname'] = isset($_REQUEST['company_data']['admin_lastname']) ? $_REQUEST['company_data']['admin_lastname'] : ''; $data['request_account_data'] = serialize($account_data); if (empty($data['request_user_id'])) { $login_condition = empty($data['request_account_name']) ? '' : db_quote(" OR user_login = ?s", $data['request_account_name']); $user_account_exists = db_get_field("SELECT user_id FROM ?:users WHERE email = ?s ?p", $data['email'], $login_condition);
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'send_form') { $suffix = ''; if (fn_image_verification('use_for_form_builder', $_REQUEST) == false) { fn_save_post_data('form_values'); return array(CONTROLLER_STATUS_REDIRECT, "pages.view?page_id={$_REQUEST['page_id']}"); } if (fn_send_form($_REQUEST['page_id'], empty($_REQUEST['form_values']) ? array() : $_REQUEST['form_values'])) { $suffix = '&sent=Y'; } return array(CONTROLLER_STATUS_OK, "pages.view?page_id={$_REQUEST['page_id']}" . $suffix); } return; } if ($mode == 'view' && !empty($_REQUEST['page_id'])) { $page_is_https = db_get_field("SELECT value FROM ?:form_options WHERE element_type = ?s AND page_id = ?i", FORM_IS_SECURE, $_REQUEST['page_id']); // if form is secure, redirect to https connection if (!defined('HTTPS') && $page_is_https == 'Y') { return array(CONTROLLER_STATUS_REDIRECT, Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
* This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Mailer; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'send') { if (fn_image_verification('use_for_email_share', $_REQUEST) == false) { fn_save_post_data('send_data'); return array(CONTROLLER_STATUS_REDIRECT); } if (!empty($_REQUEST['send_data']['to_email'])) { $lnk = fn_url(Registry::get('config.current_url')); $redirect_url = fn_query_remove($_REQUEST['redirect_url'], 'selected_section'); $index_script = Registry::get('config.customer_index'); if (strpos($lnk, $index_script) !== false) { $redirect_url = str_replace($index_script, '', $redirect_url); } $lnk .= $redirect_url; $from = array('email' => !empty($_REQUEST['send_data']['from_email']) ? $_REQUEST['send_data']['from_email'] : Registry::get('settings.Company.company_users_department'), 'name' => !empty($_REQUEST['send_data']['from_name']) ? $_REQUEST['send_data']['from_name'] : Registry::get('settings.Company.company_name')); $mail_sent = Mailer::sendMail(array('to' => $_REQUEST['send_data']['to_email'], 'from' => $from, 'data' => array('link' => $lnk, 'send_data' => $_REQUEST['send_data']), 'tpl' => 'addons/social_buttons/mail.tpl'), 'C'); if ($mail_sent == true) { fn_set_notification('N', __('notice'), __('text_email_sent'));
* license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: pages.post.php 10229 2010-07-27 14:21:39Z 2tl $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'send_form') { if (Registry::get('settings.Image_verification.use_for_form_builder') == 'Y' && fn_image_verification('forms_' . $_REQUEST['page_id'], empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) { fn_save_post_data(); return array(CONTROLLER_STATUS_REDIRECT, "pages.view?page_id={$_REQUEST['page_id']}"); } fn_send_form($_REQUEST['page_id'], empty($_REQUEST['form_values']) ? array() : $_REQUEST['form_values']); return array(CONTROLLER_STATUS_OK, "pages.view?page_id={$_REQUEST['page_id']}&sent=Y"); } return; } if ($mode == 'view' && !empty($_REQUEST['page_id'])) { // if form is secure, redirect to https connection $page_is_https = db_get_field("SELECT value FROM ?:form_options WHERE element_type = ?s AND page_id = ?i", FORM_IS_SECURE, $_REQUEST['page_id']); if (!defined('HTTPS')) { if ($page_is_https == 'Y') { return array(CONTROLLER_STATUS_REDIRECT, Registry::get('config.https_location') . '/' . Registry::get('config.current_url')); }
****************************************************************************/ use Tygh\Development; use Tygh\Registry; use Tygh\Session; use Tygh\Helpdesk; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { // // Login mode // if ($mode == 'login') { $redirect_url = ''; if (AREA != 'A') { if (fn_image_verification('login', $_REQUEST) == false) { fn_save_post_data('user_login'); return array(CONTROLLER_STATUS_REDIRECT); } } fn_restore_processed_user_password($_REQUEST, $_POST); list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth); if (!empty($_REQUEST['redirect_url'])) { $redirect_url = $_REQUEST['redirect_url']; } else { $redirect_url = fn_url('auth.login' . !empty($_REQUEST['return_url']) ? '?return_url=' . $_REQUEST['return_url'] : ''); } if ($status === false) { fn_save_post_data('user_login'); return array(CONTROLLER_STATUS_REDIRECT, $redirect_url); }
* license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ // // $Id: send_to_friend.php 10229 2010-07-27 14:21:39Z 2tl $ // if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'send') { if (Registry::get('settings.Image_verification.use_for_send_to_friend') == 'Y' && fn_image_verification('send_to_friend', empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) { fn_save_post_data(); // return array(CONTROLLER_STATUS_REDIRECT); } if (!empty($_REQUEST['send_data']['to_email'])) { $view_mail->assign('send_data', $_REQUEST['send_data']); $lnk = fn_query_remove($_REQUEST['redirect_url'], 'selected_section'); $http_path = Registry::get('config.http_path'); if (!empty($http_path) && strpos($lnk, $http_path) !== false) { $lnk = str_replace(Registry::get('config.http_path'), '', $lnk); } else { $lnk = '/' . ltrim($lnk, '/'); } $view_mail->assign('link', Registry::get('config.http_location') . $lnk); if (fn_send_mail($_REQUEST['send_data']['to_email'], array('email' => $_REQUEST['send_data']['from_email'], 'name' => $_REQUEST['send_data']['from_name']), 'addons/send_to_friend/mail_subj.tpl', 'addons/send_to_friend/mail.tpl', '', CART_LANGUAGE)) { fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('text_email_sent'));
} // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { // echo "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { // echo 'target file='.$target_file; if (move_uploaded_file($_FILES["p1"]["tmp_name"], $target_file)) { // echo 'file uploaded,auth_id='.$auth['user_id']; // echo "The file ". basename( $_FILES["p1"]["name"]). " has been uploaded."; } else { // echo "Sorry, there was an error uploading your file."; // echo 'file not uploaded,tmp name='.$_FILES["p1"]["tmp_name"].";target file=$target_file"; } } if (fn_image_verification('use_for_register', $_REQUEST) == false) { fn_save_post_data('user_data'); return array(CONTROLLER_STATUS_REDIRECT, 'profiles.add'); } $is_update = !empty($auth['user_id']); if (!$is_update) { $is_valid_user_data = true; if (empty($_REQUEST['user_data']['email'])) { fn_set_notification('W', __('warning'), __('error_validator_required', array('[field]' => __('email')))); $is_valid_user_data = false; } elseif (!fn_validate_email($_REQUEST['user_data']['email'])) { fn_set_notification('W', __('error'), __('text_not_valid_email', array('[email]' => $_REQUEST['user_data']['email']))); $is_valid_user_data = false; } if (empty($_REQUEST['user_data']['password1']) || empty($_REQUEST['user_data']['password2'])) { if (empty($_REQUEST['user_data']['password1'])) {
} $auth['order_ids'] = db_get_fields("SELECT order_id FROM ?:orders WHERE email = ?s", $email); if (!empty($_REQUEST['o_id']) && in_array($_REQUEST['o_id'], $auth['order_ids'])) { return array(CONTROLLER_STATUS_REDIRECT, 'orders.details?order_id=' . $_REQUEST['o_id']); } else { return array(CONTROLLER_STATUS_REDIRECT, 'orders.search'); } } else { return array(CONTROLLER_STATUS_DENIED); } exit; // // Request for order tracking // } elseif ($mode == 'track_request') { if (fn_image_verification('track_orders', $_REQUEST) == false) { exit; } $condition = fn_get_company_condition('?:orders.company_id'); if (!empty($auth['user_id'])) { $allowed_id = db_get_field('SELECT user_id ' . 'FROM ?:orders ' . 'WHERE user_id = ?i AND order_id = ?i AND is_parent_order != ?s' . $condition, $auth['user_id'], $_REQUEST['track_data'], 'Y'); if (!empty($allowed_id)) { Registry::get('ajax')->assign('force_redirection', fn_url('orders.details?order_id=' . $_REQUEST['track_data'])); exit; } else { fn_set_notification('E', __('error'), __('warning_track_orders_not_allowed')); } } else { $email = ''; if (!empty($_REQUEST['track_data'])) { $o_id = 0;
* (c) 2004 Vladimir V. Kalynyak, Alexey V. Vinokurov, Ilya M. Shalnev * * * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $return_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : ''; if ($mode == 'request') { if (fn_image_verification('call_request', $_REQUEST) == false) { fn_save_post_data('call_data'); } elseif (!empty($_REQUEST['call_data'])) { $product_data = !empty($_REQUEST['product_data']) ? $_REQUEST['product_data'] : array(); if ($res = fn_do_call_request($_REQUEST['call_data'], $product_data, $_SESSION['cart'], $_SESSION['auth'])) { if (!empty($res['error'])) { fn_set_notification('E', __('error'), $res['error']); } elseif (!empty($res['notice'])) { fn_set_notification('N', __('notice'), $res['notice']); } } } } return array(CONTROLLER_STATUS_OK, $return_url); }
* PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ use Tygh\Registry; use Tygh\Mailer; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $discussion_settings = Registry::get('addons.discussion'); $discussion_object_types = fn_get_discussion_objects(); $suffix = ''; if ($mode == 'add') { $suffix = '&selected_section=discussion'; if (AREA == 'C') { if (fn_image_verification('use_for_discussion', $_REQUEST) == false) { fn_save_post_data('post_data'); return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['redirect_url'] . $suffix); } } $post_data = $_REQUEST['post_data']; if (!empty($post_data['thread_id'])) { $object = fn_discussion_get_object_by_thread($post_data['thread_id']); if (empty($object)) { fn_set_notification('E', __('error'), __('cant_find_thread')); return array(CONTROLLER_STATUS_REDIRECT, $_REQUEST['redirect_url'] . $suffix); } $object_name = $discussion_object_types[$object['object_type']]; $object_data = fn_get_discussion_object_data($object['object_id'], $object['object_type']); $ip = fn_get_ip(); $post_data['ip_address'] = $ip['host'];
$_suffix = ".{$_REQUEST['redirect_mode']}"; } if ($mode == 'add_profile') { if (Registry::get('settings.Image_verification.use_for_register') == 'Y' && fn_image_verification('register', empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) { fn_save_post_data(); return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout?login_type=register"); } if ($res = fn_update_user(0, $_REQUEST['user_data'], $auth, false, true)) { $suffix = '?edit_step=step_two'; } else { $suffix = '?login_type=register'; } return array(CONTROLLER_STATUS_OK, "checkout.checkout" . $suffix); } if ($mode == 'customer_info') { if (Registry::get('settings.General.disable_anonymous_checkout') == 'Y' && empty($cart['user_data']['email']) && Registry::get('settings.Image_verification.use_for_checkout') == 'Y' && fn_image_verification('checkout', empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) { fn_save_post_data(); return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout?login_type=guest"); } $profile_fields = fn_get_profile_fields('O'); $user_profile = array(); if (!empty($_REQUEST['user_data'])) { if (empty($auth['user_id']) && !empty($_REQUEST['user_data']['email'])) { $email_exists = db_get_field("SELECT email FROM ?:users WHERE email = ?s", $_REQUEST['user_data']['email']); if (!empty($email_exists)) { fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_user_exists')); fn_save_post_data(); return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout"); } } $user_data = $_REQUEST['user_data'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($mode == 'poll_submit') { if (empty($_REQUEST['page_id'])) { return array(CONTROLLER_STATUS_NO_PAGE); } $condition = " AND (" . fn_find_array_in_set($_SESSION['auth']['usergroup_ids'], '?:pages.usergroup_ids', true) . ")"; $poll_data = db_get_row("SELECT * FROM ?:pages INNER JOIN ?:page_descriptions ON ?:pages.page_id = ?:page_descriptions.page_id WHERE ?:pages.page_id = ?i AND ?:page_descriptions.lang_code = ?s ?p", $_REQUEST['page_id'], CART_LANGUAGE, $condition); if (empty($poll_data) || $poll_data['status'] == 'D' || $poll_data['use_avail_period'] == 'Y' && ($poll_data['avail_from_timestamp'] > TIME || $poll_data['avail_till_timestamp'] < TIME)) { return array(CONTROLLER_STATUS_REDIRECT); } $ip = fn_get_ip(); if (db_get_field('SELECT vote_id FROM ?:polls_votes WHERE page_id = ?i AND ip_address = ?s', $_REQUEST['page_id'], fn_ip_to_db($ip['host']))) { return array(CONTROLLER_STATUS_REDIRECT); } $prefix = isset($_REQUEST['obj_prefix']) ? $_REQUEST['obj_prefix'] : ''; if (fn_image_verification('polls', $_REQUEST) == false) { return array(CONTROLLER_STATUS_REDIRECT); } if (!empty($_REQUEST['answer'])) { $answer = $_REQUEST['answer']; } else { $answer = array(); } if (!empty($_REQUEST['answer_text'])) { $answer_text = $_REQUEST['answer_text']; } else { $answer_text = array(); } if (!empty($_REQUEST['answer_more'])) { $answer_more = $_REQUEST['answer_more']; } else {