$current_boxes = DIR_FS_ADMIN . DIR_WS_BOXES; $action = isset($_GET['action']) ? $_GET['action'] : ''; if (xos_not_null($action)) { switch ($action) { case 'member_new': $admin_email_address = xos_db_prepare_input($_POST['admin_email_address']); $check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . ""); while ($check_email = xos_db_fetch_array($check_email_query)) { $stored_email[] = $check_email['admin_email_address']; } if (xos_validate_email($admin_email_address) == false) { xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_not_valid&action=new_member')); } elseif (in_array($admin_email_address, $stored_email)) { xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_used&action=new_member')); } else { $makePassword = xos_db_prepare_input(xos_create_random_value(7)); $sql_data_array = array('admin_groups_id' => xos_db_prepare_input($_POST['admin_groups_id']), 'admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_password' => xos_encrypt_password($makePassword), 'admin_created' => 'now()'); xos_db_perform(TABLE_ADMIN, $sql_data_array); $admin_id = xos_db_insert_id(); if (SEND_EMAILS == 'true') { $email_to_admin = new mailer($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); if (!$email_to_admin->send()) { $messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error'); } else { $messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $_POST['admin_email_address']), 'success'); } } xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS)); } break; case 'member_edit':
$firstname = xos_db_prepare_input($_POST['firstname']); $log_times = $_POST['log_times'] + 1; if ($log_times >= 4) { $_SESSION['password_forgotten'] = true; } // Check if email exists $check_admin_query = xos_db_query("select admin_id as check_id, admin_firstname as check_firstname, admin_lastname as check_lastname, admin_email_address as check_email_address from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_admin_query)) { $_GET['login'] = '******'; } else { $check_admin = xos_db_fetch_array($check_admin_query); if ($check_admin['check_firstname'] != $firstname) { $_GET['login'] = '******'; } else { $_GET['login'] = '******'; $makePassword = xos_create_random_value(7); @(require DIR_FS_SMARTY . 'admin/languages/' . $_SESSION['language'] . '/' . FILENAME_LOGIN); $email_to_admin = new mailer($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); if (!$email_to_admin->send()) { $mailer_error_message = sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo); } else { xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'"); } } } } $javascript = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function center() {' . "\n" . ' var height = document.getElementById("text").offsetHeight;' . "\n" . ' var marg = (height / 2);' . "\n" . ' document.getElementById("spacer").style.margin = "-" + marg + "px" + " 0px" + " 0px" + " 0px";' . "\n" . '}' . "\n\n" . '$(function(){' . "\n" . ' if (document.cookie.indexOf("' . xos_session_name() . '=' . xos_session_id() . '") != -1) {' . "\n" . ' $("#cookie_error").css("visibility", "hidden");' . "\n" . ' }' . "\n" . '});' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n"; require DIR_WS_INCLUDES . 'html_header_with_special_stylesheet.php'; require DIR_WS_INCLUDES . 'footer.php'; if (SESSION_FORCE_COOKIE_USE == 'true' && !isset($_COOKIE[session_name()])) { $smarty->assign('cookie_not_accepted', true);
$email_address = xos_db_prepare_input($_POST['email_address']); $error = false; if (!isset($_POST['process_id']) || $_POST['security_code'] != str_decrypt($_POST['process_id'])) { $error = true; $messageStack->add('password_forgotten', TEXT_SECURITY_CODE_ERROR); } $actionRecorder = new actionRecorder('ar_reset_password', null, $email_address); if (!$actionRecorder->canPerform() && $actionRecorder->check()) { $error = true; $actionRecorder->record(false); $messageStack->add('password_forgotten', sprintf(ERROR_ACTION_RECORDER, defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5)); } $check_customer_query = xos_db_query("select customers_firstname, customers_lastname, customers_email_address, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'"); if (xos_db_num_rows($check_customer_query) && $error == false) { $check_customer = xos_db_fetch_array($check_customer_query); $new_password = xos_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $crypted_password = xos_encrypt_password($new_password); $smarty->unregisterFilter('output', 'smarty_outputfilter_trimwhitespace'); $smarty->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => XHTML_LANG, 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG . 'images/email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . SELECTED_TPL . '/') . EMAIL_SHOP_LOGO, 'remote_address' => $_SERVER['REMOTE_ADDR'], 'new_password' => $new_password)); $smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_html'); $output_password_forgotten_email_html = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_html.tpl'); $smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_text'); $output_password_forgotten_email_text = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_text.tpl'); $smarty->clearAssign(array('html_params', 'xhtml_lang', 'charset', 'store_name_address', 'store_name', 'src_embedded_shop_logo', 'src_shop_logo', 'remote_address', 'new_password')); $email_to_customer = new mailer($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $check_customer['customers_email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, $output_password_forgotten_email_html, $output_password_forgotten_email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SHOP_LOGO); if (!$email_to_customer->send()) { $messageStack->add_session('login', sprintf(ERROR_PHPMAILER, $email_to_customer->ErrorInfo)); } else { $actionRecorder->_user_id = $check_customer['customers_id']; $actionRecorder->record(); $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
function generate_cart_id($length = 5) { return xos_create_random_value($length, 'digits'); }
} } xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $address_id = xos_db_insert_id(); xos_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'"); xos_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $_SESSION['customer_id'] . "', '0', now())"); $check_subscriber_query = xos_db_query("select subscriber_id, newsletter_status from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "'"); if (xos_db_num_rows($check_subscriber_query)) { $check_subscriber = xos_db_fetch_array($check_subscriber_query); if ($newsletter == '1' && $check_subscriber['newsletter_status'] == '0') { xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "', newsletter_status = '" . xos_db_input($newsletter) . "', newsletter_status_change = now() where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'"); } else { xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "' where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'"); } } else { $identity_code = xos_create_random_value(12); xos_db_query("insert into " . TABLE_NEWSLETTER_SUBSCRIBERS . " (customers_id, subscriber_language_id, subscriber_email_address, subscriber_identity_code, newsletter_status, subscriber_date_added) values ('" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($language_id) . "', '" . xos_db_input($email_address) . "', '" . $identity_code . "', '" . xos_db_input($newsletter) . "', now())"); } if (SESSION_RECREATE == 'true') { xos_session_recreate(); } if (ACCOUNT_GENDER == 'true') { $_SESSION['customer_gender'] = $gender; } $_SESSION['customer_first_name'] = $firstname; $_SESSION['customer_lastname'] = $lastname; $_SESSION['customer_default_address_id'] = $address_id; $_SESSION['customer_country_id'] = $country; $_SESSION['customer_zone_id'] = $zone_id; // reset session token $_SESSION['sessiontoken'] = md5(xos_rand() . xos_rand() . xos_rand() . xos_rand());