/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
if (\HaaseIT\HCSF\Customer\Helper::getUserData()) {
$this->P->oPayload->cl_html = $this->textcats->T("denied_default");
} else {
$sql = 'SELECT cust_email, cust_id FROM customer ' . 'WHERE cust_emailverificationcode = :key AND cust_emailverified = \'n\'';
/** @var \PDOStatement $hResult */
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':key', $_GET["key"], \PDO::PARAM_STR);
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 1) {
$aRow = $hResult->fetch();
$aData = ['cust_emailverified' => 'y', 'cust_id' => $aRow['cust_id']];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
/** @var \PDOStatement $hResult */
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$this->P->oPayload->cl_html = $this->textcats->T("register_emailverificationsuccess");
} else {
$this->P->oPayload->cl_html = $this->textcats->T("register_emailverificationfail");
}
}
}
public function write()
{
$aData = ['cl_html' => !empty($this->purifier) ? $this->purifier->purify($this->cl_html) : $this->cl_html, 'cl_title' => filter_var($this->cl_title, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cl_description' => filter_var($this->cl_description, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cl_keywords' => filter_var($this->cl_keywords, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cl_id' => $this->cl_id];
$sql = DBTools::buildPSUpdateQuery($aData, 'content_lang', 'cl_id');
$hResult = $this->serviceManager->get('db')->prepare($sql);
foreach ($aData as $sKey => $sValue) {
/** @var \PDOStatement $hResult */
$hResult->bindValue(':' . $sKey, $sValue);
}
return $hResult->execute();
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$this->P->cb_subnav = 'admin';
$this->P->cb_customcontenttemplate = 'shop/shopadmin';
if (isset($_POST["change"])) {
$iID = filter_var(trim(Tools::getFormfield("id")), FILTER_SANITIZE_NUMBER_INT);
$aData = ['o_lastedit_timestamp' => time(), 'o_remarks_internal' => filter_var(trim(Tools::getFormfield("remarks_internal")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_transaction_no' => filter_var(trim(Tools::getFormfield("transaction_no")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_paymentcompleted' => filter_var(trim(Tools::getFormfield("order_paymentcompleted")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_ordercompleted' => filter_var(trim(Tools::getFormfield("order_completed")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_lastedit_user' => isset($_SERVER["PHP_AUTH_USER"]) ? $_SERVER["PHP_AUTH_USER"] : '', 'o_shipping_service' => filter_var(trim(Tools::getFormfield("order_shipping_service")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_shipping_trackingno' => filter_var(trim(Tools::getFormfield("order_shipping_trackingno")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_id' => $iID];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'orders', 'o_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
header('Location: /_admin/shopadmin.html?action=edit&id=' . $iID);
die;
}
$aPData = ['searchform_type' => Tools::getFormfield('type', 'openinwork'), 'searchform_fromday' => Tools::getFormfield('fromday', '01'), 'searchform_frommonth' => Tools::getFormfield('frommonth', '01'), 'searchform_fromyear' => Tools::getFormfield('fromyear', '2014'), 'searchform_today' => Tools::getFormfield('today', date("d")), 'searchform_tomonth' => Tools::getFormfield('tomonth', date("m")), 'searchform_toyear' => Tools::getFormfield('toyear', date("Y"))];
$CSA = ['list_orders' => [['title' => HardcodedText::get('shopadmin_list_customer'), 'key' => 'o_cust', 'width' => 280, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_sumnettoall'), 'key' => 'o_sumnettoall', 'width' => 75, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_orderstatus'), 'key' => 'o_order_status', 'width' => 80, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_ordertimenumber'), 'key' => 'o_ordertime_number', 'width' => 100, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_hostpayment'), 'key' => 'o_order_host_payment', 'width' => 140, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_edit'), 'key' => 'o_id', 'width' => 45, 'linked' => true, 'ltarget' => '/_admin/shopadmin.html', 'lkeyname' => 'id', 'lgetvars' => ['action' => 'edit']]], 'list_orderitems' => [['title' => HardcodedText::get('shopadmin_list_itemno'), 'key' => 'oi_itemno', 'width' => 95, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemname'), 'key' => 'oi_itemname', 'width' => 350, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemamount'), 'key' => 'oi_amount', 'width' => 50, 'linked' => false, 'style-data' => 'text-align: center;'], ['title' => HardcodedText::get('shopadmin_list_itemnetto'), 'key' => 'oi_price_netto', 'width' => 70, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemsumnetto'), 'key' => 'ges_netto', 'width' => 75, 'linked' => false]]];
$aShopadmin = $this->handleShopAdmin($CSA);
$this->P->cb_customdata = array_merge($aPData, $aShopadmin);
}
/**
* @param $CUA
* @param $twig
* @return mixed
*/
private function handleCustomerAdmin($CUA, $twig)
{
$sType = 'all';
if (isset($_REQUEST["type"])) {
if ($_REQUEST["type"] == 'active') {
$sType = 'active';
} elseif ($_REQUEST["type"] == 'inactive') {
$sType = 'inactive';
}
}
$return = '';
if (!isset($_GET["action"])) {
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer';
if ($sType == 'active') {
$sql .= ' WHERE cust_active = \'y\'';
} elseif ($sType == 'inactive') {
$sql .= ' WHERE cust_active = \'n\'';
}
$sql .= ' ORDER BY cust_no ASC';
$hResult = $this->db->query($sql);
if ($hResult->rowCount() != 0) {
$aData = $hResult->fetchAll();
$return .= \HaaseIT\Tools::makeListtable($CUA, $aData, $twig);
} else {
$aInfo["nodatafound"] = true;
}
} elseif (isset($_GET["action"]) && $_GET["action"] == 'edit') {
$iId = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$aErr = [];
if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') {
$sCustno = filter_var(trim($_POST["custno"]), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
if (strlen($sCustno) < HelperConfig::$customer["minimum_length_custno"]) {
$aErr["custnoinvalid"] = true;
} else {
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_no = :custno';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->bindValue(':custno', $sCustno);
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 1) {
$aErr["custnoalreadytaken"] = true;
}
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->bindValue(':email', filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL));
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 1) {
$aErr["emailalreadytaken"] = true;
}
$aErr = CHelper::validateCustomerForm(HelperConfig::$lang, $aErr, true);
if (count($aErr) == 0) {
$aData = ['cust_no' => $sCustno, 'cust_email' => trim(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)), 'cust_corp' => trim(filter_input(INPUT_POST, 'corpname', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_name' => trim(filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_street' => trim(filter_input(INPUT_POST, 'street', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_zip' => trim(filter_input(INPUT_POST, 'zip', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_town' => trim(filter_input(INPUT_POST, 'town', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_phone' => trim(filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_cellphone' => trim(filter_input(INPUT_POST, 'cellphone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_fax' => trim(filter_input(INPUT_POST, 'fax', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_country' => trim(filter_input(INPUT_POST, 'country', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_group' => trim(filter_input(INPUT_POST, 'custgroup', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_emailverified' => isset($_POST["emailverified"]) && $_POST["emailverified"] == 'y' ? 'y' : 'n', 'cust_active' => isset($_POST["active"]) && $_POST["active"] == 'y' ? 'y' : 'n', 'cust_id' => $iId];
if (isset($_POST["pwd"]) && $_POST["pwd"] != '') {
$aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
$aInfo["passwordchanged"] = true;
}
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$aInfo["changeswritten"] = true;
}
}
}
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id = :id';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->execute();
if ($hResult->rowCount() == 1) {
$aUser = $hResult->fetch();
$aPData["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'admin', $aErr, $aUser);
} else {
$aInfo["nosuchuserfound"] = true;
}
}
$aPData["customeradmin"]["text"] = $return;
$aPData["customeradmin"]["type"] = $sType;
if (isset($aInfo)) {
$aPData["customeradmin"]["info"] = $aInfo;
}
return $aPData;
}
/**
* @param $purifier
* @return bool
*/
private function admin_updateItem($purifier)
{
$aData = ['itm_name' => filter_var($this->post["name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_group' => filter_var($this->post["group"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_img' => filter_var($this->post["bild"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_index' => filter_var($this->post["index"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_order' => filter_var($this->post["prio"], FILTER_SANITIZE_NUMBER_INT), 'itm_price' => filter_var($this->post["price"], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'itm_rg' => filter_var($this->post["rg"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_data' => filter_var($this->post["data"], FILTER_UNSAFE_RAW), 'itm_weight' => filter_var($this->post["weight"], FILTER_SANITIZE_NUMBER_INT), 'itm_id' => filter_var($this->post["id"], FILTER_SANITIZE_NUMBER_INT)];
if (!HelperConfig::$shop["vat_disable"]) {
$aData['itm_vatid'] = filter_var($this->post["vatid"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
} else {
$aData['itm_vatid'] = 'full';
}
$sql = DBTools::buildPSUpdateQuery($aData, 'item_base', 'itm_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
if (isset($this->post["textid"])) {
$aData = ['itml_text1' => $purifier->purify($this->post["text1"]), 'itml_text2' => $purifier->purify($this->post["text2"]), 'itml_name_override' => filter_var($this->post["name_override"], FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW), 'itml_id' => filter_var($this->post["textid"], FILTER_SANITIZE_NUMBER_INT)];
$sql = DBTools::buildPSUpdateQuery($aData, 'item_lang', 'itml_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
}
return true;
}
/**
* @param $purifier
* @return string
*/
private function admin_updateGroup($purifier)
{
$sql = 'SELECT * FROM itemgroups_base WHERE itmg_id != :id AND itmg_no = :gno';
$hResult = $this->db->prepare($sql);
$iGID = filter_var($_REQUEST["gid"], FILTER_SANITIZE_NUMBER_INT);
$sGNo = filter_var($_REQUEST["no"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$hResult->bindValue(':id', $iGID);
$hResult->bindValue(':gno', $sGNo);
$hResult->execute();
$iNumRows = $hResult->rowCount();
if ($iNumRows > 0) {
return 'duplicateno';
}
$aData = ['itmg_name' => filter_var($_REQUEST["name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itmg_no' => $sGNo, 'itmg_img' => filter_var($_REQUEST["img"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itmg_id' => $iGID];
$sql = DBTools::buildPSUpdateQuery($aData, 'itemgroups_base', 'itmg_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$sql = 'SELECT itmgt_id FROM itemgroups_text WHERE itmgt_pid = :gid AND itmgt_lang = :lang';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':gid', $iGID);
$hResult->bindValue(':lang', HelperConfig::$lang, \PDO::PARAM_STR);
$hResult->execute();
$iNumRows = $hResult->rowCount();
if ($iNumRows == 1) {
$aRow = $hResult->fetch();
$aData = ['itmgt_shorttext' => $purifier->purify($_REQUEST["shorttext"]), 'itmgt_details' => $purifier->purify($_REQUEST["details"]), 'itmgt_id' => $aRow['itmgt_id']];
$sql = DBTools::buildPSUpdateQuery($aData, 'itemgroups_text', 'itmgt_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
}
return 'success';
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$sLogData = '';
$iId = \filter_input(INPUT_POST, 'custom', FILTER_SANITIZE_NUMBER_INT);
$sql = 'SELECT * FROM orders WHERE o_id = ' . $iId . ' AND o_paymentmethod' . " = 'paypal' AND o_paymentcompleted = 'n'";
$hResult = $this->db->query($sql);
if ($hResult->rowCount() == 1) {
$aOrder = $hResult->fetch();
$fGesamtbrutto = \HaaseIT\HCSF\Shop\Helper::calculateTotalFromDB($aOrder);
$postdata = '';
foreach ($_POST as $i => $v) {
$postdata .= $i . '=' . urlencode($v) . '&';
}
$postdata .= 'cmd=_notify-validate';
$web = parse_url(HelperConfig::$shop["paypal"]["url"]);
if ($web['scheme'] == 'https') {
$web['port'] = 443;
$ssl = 'ssl://';
} else {
$web['port'] = 80;
$ssl = '';
}
$fp = @fsockopen($ssl . $web['host'], $web['port'], $errnum, $errstr, 30);
if ($fp) {
fputs($fp, "POST " . $web['path'] . " HTTP/1.1\r\n");
fputs($fp, "Host: " . $web['host'] . "\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: " . strlen($postdata) . "\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $postdata . "\r\n\r\n");
$info = [];
while (!feof($fp)) {
$info[] = @fgets($fp, 1024);
}
fclose($fp);
$info = implode(',', $info);
if (!(strpos($info, 'VERIFIED') === false)) {
$sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\n";
$sLogData .= "W00T!\n\n";
$sLogData .= \HaaseIT\Tools::debug($_REQUEST, '', true, true) . "\n\n";
// Check if the transaction id has been used before
$sTxn_idQ = 'SELECT o_paypal_tx FROM orders WHERE o_paypal_tx = :txn_id';
$hTxn_idResult = $this->db->prepare($sTxn_idQ);
$hTxn_idResult->bindValue(':txn_id', $_REQUEST["txn_id"]);
$hTxn_idResult->execute();
if ($hTxn_idResult->rowCount() == 0) {
if ($_REQUEST["mc_gross"] == number_format($fGesamtbrutto, 2, '.', '') && $_REQUEST["custom"] == $aOrder['o_id'] && $_REQUEST["payment_status"] == "Completed" && $_REQUEST["mc_currency"] == HelperConfig::$shop["paypal"]["currency_id"] && $_REQUEST["business"] == HelperConfig::$shop["paypal"]["business"]) {
$aTxnUpdateData = ['o_paypal_tx' => $_REQUEST["txn_id"], 'o_paymentcompleted' => 'y', 'o_id' => $iId];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aTxnUpdateData, 'orders', 'o_id');
$hResult = $this->db->prepare($sql);
foreach ($aTxnUpdateData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$sLogData .= "-- Alles ok. Zahlung erfolgreich. TXNID: " . $_REQUEST["txn_id"] . " --\n\n";
} else {
$sLogData .= "-- In my country we have problem; Problem is evaluation. Throw the data down the log!\n";
$sLogData .= "mc_gross: " . $_REQUEST["mc_gross"] . ' - number_format($fGesamtbrutto, 2, \'.\', \'\'): ' . number_format($fGesamtbrutto, 2, '.', '') . "\n";
$sLogData .= "custom: " . $_REQUEST["custom"] . ' - $aOrder[\'o_id\']: ' . $aOrder['o_id'] . "\n";
$sLogData .= "payment_status: " . $_REQUEST["payment_status"] . "\n";
$sLogData .= "mc_currency: " . $_REQUEST["mc_currency"] . ' - HelperConfig::$shop["paypal"]["currency_id"]: ' . HelperConfig::$shop["paypal"]["currency_id"] . "\n";
$sLogData .= "business: " . $_REQUEST["receiver_email"] . ' - HelperConfig::$shop["paypal"]["business"]: ' . HelperConfig::$shop["paypal"]["business"] . "\n\n";
}
} else {
// INVALID LOGGING ERROR
$sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL\n\n";
$sLogData .= "!!! JEMAND HAT EINE ALTE TXN_ID BENUTZT: " . $_REQUEST["txn_id"] . " !!!\n\n";
$sLogData .= "!!! INVALID !!!\n\n";
}
} else {
$sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL - Transaktion fehlgeschlagen. TXNID: " . $_REQUEST["txn_id"] . "\n" . $info . "\n\n";
}
$fp = fopen(PATH_LOGS . FILE_PAYPALLOG, 'a');
// Write $somecontent to our opened file.
fwrite($fp, $sLogData);
fclose($fp);
}
}
die;
}
/**
* @param $iLID
* @param $sText
*/
public function saveText($iLID, $sText)
{
if (!empty($this->purifier)) {
$sText = $this->purifier->purify($sText);
}
$aData = ['tcl_id' => filter_var($iLID, FILTER_SANITIZE_NUMBER_INT), 'tcl_text' => $sText];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'textcat_lang', 'tcl_id');
$hResult = $this->DB->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
if (!CHelper::getUserData()) {
$this->P->oPayload->cl_html = $this->textcats->T("denied_notloggedin");
} else {
$this->P->cb_customcontenttemplate = 'customer/customerhome';
$aPData["display_logingreeting"] = false;
if (isset($_GET["login"]) && $_GET["login"]) {
$aPData["display_logingreeting"] = true;
}
if (isset($_GET["editprofile"])) {
$sErr = '';
if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') {
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email';
$sEmail = filter_var(trim(Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $_SESSION["user"]['cust_id'], \PDO::PARAM_INT);
$hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 1) {
$sErr .= $this->textcats->T("userprofile_emailalreadyinuse") . '<br>';
}
$sErr = CHelper::validateCustomerForm(HelperConfig::$lang, $sErr, true);
if ($sErr == '') {
if (HelperConfig::$customer["allow_edituserprofile"]) {
$aData = ['cust_corp' => filter_var(trim(Tools::getFormfield("corpname")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_name' => filter_var(trim(Tools::getFormfield("name")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_street' => filter_var(trim(Tools::getFormfield("street")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_zip' => filter_var(trim(Tools::getFormfield("zip")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_town' => filter_var(trim(Tools::getFormfield("town")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_phone' => filter_var(trim(Tools::getFormfield("phone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_cellphone' => filter_var(trim(Tools::getFormfield("cellphone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_fax' => filter_var(trim(Tools::getFormfield("fax")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_country' => filter_var(trim(Tools::getFormfield("country")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)];
}
if (isset($_POST["pwd"]) && $_POST["pwd"] != '') {
$aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
$aPData["infopasswordchanged"] = true;
}
$aData['cust_id'] = $_SESSION["user"]['cust_id'];
if (count($aData) > 1) {
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$aPData["infochangessaved"] = true;
} else {
$aPData["infonothingchanged"] = true;
}
}
}
$this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'editprofile', $sErr);
//if (HelperConfig::$customer["allow_edituserprofile"]) $P["lang"]["cl_html"] .= '<br>'.$this->textcats->T("userprofile_infoeditemail"); // Future implementation
} else {
$this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'userhome');
}
$aPData["showprofilelinks"] = false;
if (!isset($_GET["editprofile"])) {
$aPData["showprofilelinks"] = true;
}
if (isset($aPData) && count($aPData)) {
$this->P->cb_customdata["userhome"] = $aPData;
}
}
}
/**
* @param $aErr
* @return array
*/
private function handleForgotPassword($aErr)
{
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$aErr[] = 'emailinvalid';
} else {
$sql = 'SELECT * FROM customer WHERE cust_email = :email';
$sEmail = filter_var(trim(\HaaseIT\Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$hResult->execute();
if ($hResult->rowCount() != 1) {
$aErr[] = 'emailunknown';
} else {
$aResult = $hResult->fetch();
$iTimestamp = time();
if ($iTimestamp - HOUR < $aResult['cust_pwresettimestamp']) {
// 1 hour delay between requests
$aErr[] = 'pwresetstilllocked';
} else {
$sResetCode = md5($aResult['cust_email'] . $iTimestamp);
$aData = ['cust_pwresetcode' => $sResetCode, 'cust_pwresettimestamp' => $iTimestamp, 'cust_id' => $aResult['cust_id']];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$sTargetAddress = $aResult['cust_email'];
$sSubject = $this->textcats->T("forgotpw_mail_subject");
$sMessage = $this->textcats->T("forgotpw_mail_text1");
$sMessage .= "<br><br>" . '<a href="http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
$sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '">';
$sMessage .= 'http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
$sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '</a>';
$sMessage .= '<br><br>' . $this->textcats->T("forgotpw_mail_text2");
\HaaseIT\HCSF\Helper::mailWrapper($sTargetAddress, $sSubject, $sMessage);
}
}
}
return $aErr;
}
/**
* @param $aErr
* @param $iID
* @return array
*/
private function handlePasswordReset($aErr, $iID)
{
if (isset($_POST["pwd"]) && trim($_POST["pwd"]) != '') {
if (strlen($_POST["pwd"]) < HelperConfig::$customer["minimum_length_password"] || strlen($_POST["pwd"]) > HelperConfig::$customer["maximum_length_password"]) {
$aErr[] = 'pwlength';
}
if ($_POST["pwd"] != $_POST["pwdc"]) {
$aErr[] = 'pwmatch';
}
if (count($aErr) == 0) {
$sEnc = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
$aData = ['cust_password' => $sEnc, 'cust_pwresetcode' => '', 'cust_id' => $iID];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
}
} else {
$aErr[] = 'nopw';
}
return $aErr;
}
