public function __construct()
{
global $lC_Database, $lC_Language, $lC_MessageStack;
parent::__construct();
if (isset($_SESSION['img_resize_flag'])) {
unset($_SESSION['img_resize_flag']);
}
if (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
$Qadmin = $lC_Database->query('select * from :table_administrators where user_name = :user_name');
$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qadmin->bindValue(':user_name', $_POST['user_name']);
$Qadmin->execute();
if ($Qadmin->numberOfRows() > 0) {
if (lc_validate_password($_POST['user_password'], $Qadmin->value('user_password'))) {
$_SESSION['admin'] = array('id' => $Qadmin->valueInt('id'), 'firstname' => $Qadmin->value('first_name'), 'lastname' => $Qadmin->value('last_name'), 'username' => $Qadmin->value('user_name'), 'password' => $Qadmin->value('user_password'), 'access' => lC_Access::getUserLevels($Qadmin->valueInt('access_group_id')), 'language_id' => $Qadmin->value('language_id'));
$get_string = null;
if (isset($_SESSION['redirect_origin'])) {
$get_string = http_build_query($_SESSION['redirect_origin']['get']);
if (substr($get_string, -1) == '=') {
$get_string = substr($get_string, 0, -1);
}
unset($_SESSION['redirect_origin']);
}
if (defined('INSTALLATION_ID') && INSTALLATION_ID != NULL) {
lc_redirect_admin(lc_href_link_admin(FILENAME_DEFAULT, $get_string));
} else {
// redirect to login=register
lc_redirect_admin(lc_href_link_admin(FILENAME_DEFAULT, 'login&action=register'));
}
}
}
}
$_SESSION['error'] = true;
$_SESSION['errmsg'] = $lC_Language->get('ms_error_login_invalid');
}
public function __construct()
{
global $lC_Language;
$lC_Language->loadIniFile('modules/summary/revenue.php');
$this->_title = $lC_Language->get('summary_revenue_title');
$this->_title_link = lc_href_link_admin(FILENAME_DEFAULT, 'revenue');
if (lC_Access::hasAccess('orders')) {
$this->_setData();
}
}
public function lC_Summary_products()
{
global $lC_Language;
$lC_Language->loadIniFile('modules/summary/products.php');
$lC_Language->loadIniFile('products.php');
$this->_title = $lC_Language->get('summary_products_title');
$this->_title_link = lc_href_link_admin(FILENAME_DEFAULT, 'products');
if (lC_Access::hasAccess('products')) {
$this->_setData();
}
}
public function __construct()
{
global $lC_Language;
$lC_Language->loadIniFile('modules/summary/administrators_log.php');
$lC_Language->loadIniFile('administrators_log.php');
$this->_title = $lC_Language->get('summary_administrators_log_title');
$this->_title_link = lc_href_link_admin(FILENAME_DEFAULT, 'administrators_log');
if (lC_Access::hasAccess('administrators_log')) {
$this->_setData();
}
}
public static function passwordChange($pass, $email)
{
global $lC_Database;
$lC_Database->startTransaction();
// update the password
$Qpass = $lC_Database->query('update :table_administrators set user_password = :user_password where user_name = :user_name');
$Qpass->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qpass->bindValue(':user_password', lc_encrypt_string(trim($pass)));
$Qpass->bindValue(':user_name', $email);
$Qpass->setLogging($_SESSION['module'], $email);
$Qpass->execute();
// successful password update, move on
if (!$lC_Database->isError()) {
// get user info
$Qadmin = $lC_Database->query('select * from :table_administrators where user_name = :user_name');
$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qadmin->bindValue(':user_name', $email);
$Qadmin->execute();
// set session info
$_SESSION['admin'] = array('id' => $Qadmin->valueInt('id'), 'firstname' => $Qadmin->value('first_name'), 'lastname' => $Qadmin->value('last_name'), 'username' => $Qadmin->value('user_name'), 'password' => $Qadmin->value('user_pasword'), 'access' => lC_Access::getUserLevels($Qadmin->valueInt('access_group_id')));
// remove key to stop further changes with this key
$Qkeyremove = $lC_Database->query('update :table_administrators set verify_key = :verify_key where user_name = :user_name');
$Qkeyremove->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qkeyremove->bindValue(':user_name', $email);
$Qkeyremove->bindValue(':verify_key', null);
$Qkeyremove->execute();
$lC_Database->commitTransaction();
$_SESSION['user_confirmed_email'] = null;
$_SESSION['user_not_exists'] = null;
return true;
} else {
$lC_Database->rollbackTransaction();
return false;
}
}
/**
* Get the administrator access modules
*
* @access public
* @return array
*/
public static function getAccessModules()
{
global $lC_Language;
$lC_DirectoryListing = new lC_DirectoryListing('includes/modules/access');
$lC_DirectoryListing->setIncludeDirectories(false);
$modules = array();
foreach ($lC_DirectoryListing->getFiles() as $file) {
$module = substr($file['name'], 0, strrpos($file['name'], '.'));
if (!class_exists('lC_Access_' . ucfirst($module))) {
$lC_Language->loadIniFile('modules/access/' . $file['name']);
include $lC_DirectoryListing->getDirectory() . '/' . $file['name'];
}
$tmp_module = '';
if ($module == 'product_variants' || $module == 'product_settings') {
$tmp_module = $module;
}
$module = 'lC_Access_' . ucfirst($module);
$module = new $module();
$module_group = lC_Access::getGroupTitle($module->getGroup());
$module_group = str_replace(" ", "_", $module_group);
$modules[$module_group][] = array('id' => $tmp_module != '' ? $tmp_module : $module->getModule(), 'text' => $module->getTitle());
}
ksort($modules);
return $modules;
}
public function drawBigMenu($_section = NULL, $_class = NULL)
{
global $lC_Access, $lC_Language;
$access = array();
if (isset($_SESSION['admin'])) {
$access = lC_Access::getLevels();
}
ksort($access);
switch ($_section) {
case 'configuration':
// settings menu
// settings menu
case 'tools':
// settings menu
$mOpenClass = 'cfg-open';
$newArr = array();
foreach ($access as $key => $value) {
if ($key != 'configuration' && $key != 'tools' && $key != 'store') {
continue;
}
$newArr[$key] = $value;
}
$access = $newArr;
break;
default:
// main big menu
$mOpenClass = '';
$newArr = array();
foreach ($access as $key => $value) {
if ($key != 'configuration' && $key != 'tools' && $key != 'store') {
} else {
continue;
}
$newArr[$key] = $value;
}
// custom sort
$access = array();
if (array_key_exists('orders', $newArr)) {
$access['orders'] = $newArr['orders'];
}
if (array_key_exists('customers', $newArr)) {
$access['customers'] = $newArr['customers'];
}
if (array_key_exists('products', $newArr)) {
$access['products'] = $newArr['products'];
}
if (array_key_exists('content', $newArr)) {
$access['content'] = $newArr['content'];
}
if (array_key_exists('marketing', $newArr)) {
$access['marketing'] = $newArr['marketing'];
}
if (array_key_exists('reports', $newArr)) {
$access['reports'] = $newArr['reports'];
}
// include any other added sections
foreach ($newArr as $key => $value) {
if (array_key_exists($key, $access)) {
continue;
}
$access[$key] = $value;
}
}
$output = '';
foreach ($access as $group => $links) {
ksort($links);
if ($group == 'hidden') {
continue;
}
$output .= '<li class="with-right-arrow">';
$output .= ' <span><span class="list-count" id="list-count-' . $group . '">' . count($links) . '</span>' . lC_Access::getGroupTitle($group) . '</span>';
$output .= ' <ul class="big-menu ' . $_class . '">';
foreach ($links as $link) {
if ($link['title'] == $lC_Language->get('access_orders_title') || $link['title'] == $lC_Language->get('access_products_title') || $link['title'] == $lC_Language->get('access_customers_title')) {
$link['title'] .= ' ' . $lC_Language->get('text_list');
}
if (count($link['subgroups']) > 0 && $link['module'] != 'configuration') {
$output .= '<li class="with-right-arrow">';
$output .= '<span><span class="list-count" id="list-count-' . $link['title'] . '">' . count($link['subgroups']) . '</span>' . $link['title'] . '</span>';
} else {
$output .= '<li><a class="' . $mOpenClass . '" id="big-menu_' . str_replace(" ", "_", strtolower($link['title'])) . '" href="' . lc_href_link_admin(FILENAME_DEFAULT, $link['module']) . '">';
$output .= '<span>' . $link['title'] . '</span></a>';
}
if (is_array($link['subgroups']) && !empty($link['subgroups'])) {
$output .= '<ul class="big-menu ' . $_class . '">';
foreach ($link['subgroups'] as $subgroup) {
if (substr($subgroup['identifier'], 0, 1) == '?') {
$output .= '<li><a class="' . $mOpenClass . '" id="big-menu_' . str_replace(" ", "_", strtolower($subgroup['title'])) . '" href="' . lc_href_link_admin(FILENAME_DEFAULT, str_replace('?', '', $subgroup['identifier'])) . '">' . $subgroup['title'] . '</a></li>' . "\n";
} else {
$output .= '<li><a class="' . $mOpenClass . '" id="big-menu_' . str_replace(" ", "_", strtolower($subgroup['title'])) . '" href="' . lc_href_link_admin(FILENAME_DEFAULT, $link['module'] . '&' . $subgroup['identifier']) . '">' . $subgroup['title'] . '</a></li>' . "\n";
}
}
$output .= '</ul>' . "\n";
}
$output .= '</li>' . "\n";
}
$output .= '</ul>' . "\n";
$output .= '</li>' . "\n";
}
return $output;
}
if (!isset($_SESSION['admin'])) {
if (isset($_GET['action']) && $_GET['action'] == 'validateLogin' || isset($_GET['action']) && $_GET['action'] == 'lostPasswordConfirmEmail' || isset($_GET['action']) && $_GET['action'] == 'lostPasswordConfirmKey' || isset($_GET['action']) && $_GET['action'] == 'passwordChange' || isset($_GET['action']) && $_GET['action'] == 'apiHealthCheck' || isset($_GET['action']) && $_GET['action'] == 'validateSerial') {
} else {
echo json_encode(array('rpcStatus' => RPC_STATUS_NO_SESSION));
exit;
}
}
$module = null;
$class = null;
if (empty($_GET) && $_GET['action'] != 'validateLogin') {
echo json_encode(array('rpcStatus' => RPC_STATUS_NO_MODULE));
exit;
} else {
$first_array = array_slice($_GET, 0, 1);
$_module = lc_sanitize_string(basename(key($first_array)));
if (!lC_Access::hasAccess($_module) && $_GET['action'] != 'validateLogin' && $_GET['action'] != 'apiHealthCheck' && !isset($_GET['addon'])) {
echo json_encode(array('rpcStatus' => RPC_STATUS_NO_ACCESS));
exit;
}
$class = isset($_GET['class']) && !empty($_GET['class']) ? lc_sanitize_string(basename($_GET['class'])) : 'rpc';
$action = isset($_GET['action']) && !empty($_GET['action']) ? lc_sanitize_string(basename($_GET['action'])) : '';
if (empty($action)) {
echo json_encode(array('rpcStatus' => RPC_STATUS_NO_ACTION));
exit;
}
if ($action != 'search' && $action != 'productSearch') {
if (file_exists('includes/applications/' . $_module . '/classes/' . $class . '.php') && !isset($_GET['addon'])) {
include $lC_Vqmod->modCheck('includes/applications/' . $_module . '/classes/' . $class . '.php');
if (method_exists('lC_' . ucfirst($_module) . '_Admin_' . $class, $action)) {
call_user_func(array('lC_' . ucfirst($_module) . '_Admin_' . $class, $action));
exit;
