$current_boxes = DIR_FS_ADMIN . DIR_WS_BOXES;
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (xos_not_null($action)) {
switch ($action) {
case 'member_new':
$admin_email_address = xos_db_prepare_input($_POST['admin_email_address']);
$check_email_query = xos_db_query("select admin_email_address from " . TABLE_ADMIN . "");
while ($check_email = xos_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
}
if (xos_validate_email($admin_email_address) == false) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_not_valid&action=new_member'));
} elseif (in_array($admin_email_address, $stored_email)) {
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $_GET['page'] . '&error=email_used&action=new_member'));
} else {
$makePassword = xos_db_prepare_input(xos_create_random_value(7));
$sql_data_array = array('admin_groups_id' => xos_db_prepare_input($_POST['admin_groups_id']), 'admin_firstname' => xos_db_prepare_input($_POST['admin_firstname']), 'admin_lastname' => xos_db_prepare_input($_POST['admin_lastname']), 'admin_email_address' => $admin_email_address, 'admin_password' => xos_encrypt_password($makePassword), 'admin_created' => 'now()');
xos_db_perform(TABLE_ADMIN, $sql_data_array);
$admin_id = xos_db_insert_id();
if (SEND_EMAILS == 'true') {
$email_to_admin = new mailer($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $_POST['admin_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$messageStack->add_session('header', sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo), 'error');
} else {
$messageStack->add_session('header', sprintf(NOTICE_EMAIL_SENT_TO, $_POST['admin_email_address']), 'success');
}
}
xos_redirect(xos_href_link(FILENAME_ADMIN_MEMBERS));
}
break;
case 'member_edit':
$firstname = xos_db_prepare_input($_POST['firstname']);
$log_times = $_POST['log_times'] + 1;
if ($log_times >= 4) {
$_SESSION['password_forgotten'] = true;
}
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as check_id, admin_firstname as check_firstname, admin_lastname as check_lastname, admin_email_address as check_email_address from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$_GET['login'] = '******';
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
if ($check_admin['check_firstname'] != $firstname) {
$_GET['login'] = '******';
} else {
$_GET['login'] = '******';
$makePassword = xos_create_random_value(7);
@(require DIR_FS_SMARTY . 'admin/languages/' . $_SESSION['language'] . '/' . FILENAME_LOGIN);
$email_to_admin = new mailer($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, '', sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
if (!$email_to_admin->send()) {
$mailer_error_message = sprintf(ERROR_PHPMAILER, $email_to_admin->ErrorInfo);
} else {
xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . $check_admin['check_id'] . "'");
}
}
}
}
$javascript = '<script type="text/javascript">' . "\n" . '/* <![CDATA[ */' . "\n" . 'function center() {' . "\n" . ' var height = document.getElementById("text").offsetHeight;' . "\n" . ' var marg = (height / 2);' . "\n" . ' document.getElementById("spacer").style.margin = "-" + marg + "px" + " 0px" + " 0px" + " 0px";' . "\n" . '}' . "\n\n" . '$(function(){' . "\n" . ' if (document.cookie.indexOf("' . xos_session_name() . '=' . xos_session_id() . '") != -1) {' . "\n" . ' $("#cookie_error").css("visibility", "hidden");' . "\n" . ' }' . "\n" . '});' . "\n" . '/* ]]> */' . "\n" . '</script>' . "\n";
require DIR_WS_INCLUDES . 'html_header_with_special_stylesheet.php';
require DIR_WS_INCLUDES . 'footer.php';
if (SESSION_FORCE_COOKIE_USE == 'true' && !isset($_COOKIE[session_name()])) {
$smarty->assign('cookie_not_accepted', true);
$email_address = xos_db_prepare_input($_POST['email_address']);
$error = false;
if (!isset($_POST['process_id']) || $_POST['security_code'] != str_decrypt($_POST['process_id'])) {
$error = true;
$messageStack->add('password_forgotten', TEXT_SECURITY_CODE_ERROR);
}
$actionRecorder = new actionRecorder('ar_reset_password', null, $email_address);
if (!$actionRecorder->canPerform() && $actionRecorder->check()) {
$error = true;
$actionRecorder->record(false);
$messageStack->add('password_forgotten', sprintf(ERROR_ACTION_RECORDER, defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5));
}
$check_customer_query = xos_db_query("select customers_firstname, customers_lastname, customers_email_address, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'");
if (xos_db_num_rows($check_customer_query) && $error == false) {
$check_customer = xos_db_fetch_array($check_customer_query);
$new_password = xos_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
$crypted_password = xos_encrypt_password($new_password);
$smarty->unregisterFilter('output', 'smarty_outputfilter_trimwhitespace');
$smarty->assign(array('html_params' => HTML_PARAMS, 'xhtml_lang' => XHTML_LANG, 'charset' => CHARSET, 'store_name_address' => STORE_NAME_ADDRESS, 'store_name' => STORE_NAME, 'src_embedded_shop_logo' => 'cid:shop_logo', 'src_shop_logo' => HTTP_SERVER . DIR_WS_CATALOG . DIR_WS_IMAGES . (is_file(DIR_FS_CATALOG . 'images/email_shop_logo/' . EMAIL_SHOP_LOGO) ? 'email_shop_logo/' : 'catalog/templates/' . SELECTED_TPL . '/') . EMAIL_SHOP_LOGO, 'remote_address' => $_SERVER['REMOTE_ADDR'], 'new_password' => $new_password));
$smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_html');
$output_password_forgotten_email_html = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_html.tpl');
$smarty->configLoad('languages/' . $_SESSION['language'] . '_email.conf', 'password_forgotten_email_text');
$output_password_forgotten_email_text = $smarty->fetch(SELECTED_TPL . '/includes/email/password_forgotten_email_text.tpl');
$smarty->clearAssign(array('html_params', 'xhtml_lang', 'charset', 'store_name_address', 'store_name', 'src_embedded_shop_logo', 'src_shop_logo', 'remote_address', 'new_password'));
$email_to_customer = new mailer($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $check_customer['customers_email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, $output_password_forgotten_email_html, $output_password_forgotten_email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SHOP_LOGO);
if (!$email_to_customer->send()) {
$messageStack->add_session('login', sprintf(ERROR_PHPMAILER, $email_to_customer->ErrorInfo));
} else {
$actionRecorder->_user_id = $check_customer['customers_id'];
$actionRecorder->record();
$messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');
function generate_cart_id($length = 5)
{
return xos_create_random_value($length, 'digits');
}
}
}
xos_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
$address_id = xos_db_insert_id();
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_default_address_id = '" . (int) $address_id . "' where customers_id = '" . (int) $_SESSION['customer_id'] . "'");
xos_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . (int) $_SESSION['customer_id'] . "', '0', now())");
$check_subscriber_query = xos_db_query("select subscriber_id, newsletter_status from " . TABLE_NEWSLETTER_SUBSCRIBERS . " where subscriber_email_address = '" . xos_db_input($email_address) . "'");
if (xos_db_num_rows($check_subscriber_query)) {
$check_subscriber = xos_db_fetch_array($check_subscriber_query);
if ($newsletter == '1' && $check_subscriber['newsletter_status'] == '0') {
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "', newsletter_status = '" . xos_db_input($newsletter) . "', newsletter_status_change = now() where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'");
} else {
xos_db_query("update " . TABLE_NEWSLETTER_SUBSCRIBERS . " set customers_id = '" . (int) $_SESSION['customer_id'] . "', subscriber_language_id = '" . xos_db_input($language_id) . "' where subscriber_id = '" . (int) $check_subscriber['subscriber_id'] . "'");
}
} else {
$identity_code = xos_create_random_value(12);
xos_db_query("insert into " . TABLE_NEWSLETTER_SUBSCRIBERS . " (customers_id, subscriber_language_id, subscriber_email_address, subscriber_identity_code, newsletter_status, subscriber_date_added) values ('" . (int) $_SESSION['customer_id'] . "', '" . xos_db_input($language_id) . "', '" . xos_db_input($email_address) . "', '" . $identity_code . "', '" . xos_db_input($newsletter) . "', now())");
}
if (SESSION_RECREATE == 'true') {
xos_session_recreate();
}
if (ACCOUNT_GENDER == 'true') {
$_SESSION['customer_gender'] = $gender;
}
$_SESSION['customer_first_name'] = $firstname;
$_SESSION['customer_lastname'] = $lastname;
$_SESSION['customer_default_address_id'] = $address_id;
$_SESSION['customer_country_id'] = $country;
$_SESSION['customer_zone_id'] = $zone_id;
// reset session token
$_SESSION['sessiontoken'] = md5(xos_rand() . xos_rand() . xos_rand() . xos_rand());
