/** * Creates admin account * @param string $email Administrator email * @param string $password Administrator password * * @return bool Always true */ private function _createAdminAccount($email, $password) { // Insert root admin $user_data = array('user_id' => 1, 'status' => 'A', 'user_type' => 'A', 'is_root' => 'Y', 'password' => md5($password), 'email' => $email, 'user_login' => 'admin', 'title' => 'mr', 'firstname' => 'Администратор', 'lastname' => 'Главный', 'company' => 'Simtech', 'phone' => '55 55 555 5555', 'lang_code' => $this->_cart_settings['main_language'], 'profile_name' => 'Main'); $profile = array('title' => 'mr', 'firstname' => 'Администратор', 'lastname' => 'Главный', 'address' => 'Ленина 1', 'address_2' => 'Прогресса, 1', 'city' => 'Калининград', 'county' => '', 'state' => 'ULY', 'country' => 'RU', 'zipcode' => '432000', 'phone' => '55 55 555 5555'); foreach ($profile as $k => $v) { $user_data['b_' . $k] = $v; $user_data['s_' . $k] = $v; } db_query("REPLACE INTO ?:users ?e", $user_data); fn_update_user_profile(1, $user_data, 'add'); return true; }
/** * Add/update user * * @param int $user_id - user ID to update (empty for new user) * @param array $user_data - user data * @param array $auth - authentication information * @param bool $ship_to_another - flag indicates that shipping and billing fields are different * @param bool $notify_user - flag indicates that user should be notified * @return array with user ID and profile ID if success, false otherwise */ function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_user) { /** * Actions before updating user * * @param int $user_id User ID to update (empty for new user) * @param array $user_data User data * @param array $auth Authentication information * @param bool $ship_to_another Flag indicates that shipping and billing fields are different * @param bool $notify_user Flag indicates that user should be notified */ fn_set_hook('update_user_pre', $user_id, $user_data, $auth, $ship_to_another, $notify_user); array_walk($user_data, 'fn_trim_helper'); $register_at_checkout = isset($user_data['register_at_checkout']) && $user_data['register_at_checkout'] == 'Y' ? true : false; if (fn_allowed_for('ULTIMATE')) { if (AREA == 'A' && !empty($user_data['user_type']) && $user_data['user_type'] == 'C' && (empty($user_data['company_id']) || Registry::get('runtime.company_id') && $user_data['company_id'] != Registry::get('runtime.company_id'))) { fn_set_notification('W', __('warning'), __('access_denied')); return false; } } if (!empty($user_id)) { $current_user_data = db_get_row("SELECT user_id, company_id, is_root, status, user_type, user_login, lang_code, password, salt, last_passwords FROM ?:users WHERE user_id = ?i", $user_id); if (empty($current_user_data)) { fn_set_notification('E', __('error'), __('object_not_found', array('[object]' => __('user'))), '', '404'); return false; } if (!fn_check_editable_permissions($auth, $current_user_data)) { fn_set_notification('E', __('error'), __('access_denied')); return false; } if (!empty($user_data['profile_id']) && AREA != 'A') { $profile_ids = db_get_fields("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i", $user_id); if (!in_array($user_data['profile_id'], $profile_ids)) { fn_set_notification('W', __('warning'), __('access_denied')); return false; } } if (fn_allowed_for('ULTIMATE')) { if (AREA != 'A' || empty($user_data['company_id'])) { //we should set company_id for the frontdend, in the backend company_id received from form if ($current_user_data['user_type'] == 'A') { if (!isset($user_data['company_id']) || AREA != 'A' || Registry::get('runtime.company_id')) { // reset administrator's company if it was not set to root $user_data['company_id'] = $current_user_data['company_id']; } } elseif (Registry::get('settings.Stores.share_users') == 'Y') { $user_data['company_id'] = $current_user_data['company_id']; } else { $user_data['company_id'] = Registry::ifGet('runtime.company_id', 1); } } } if (fn_allowed_for('MULTIVENDOR')) { if (AREA != 'A') { //we should set company_id for the frontend $user_data['company_id'] = $current_user_data['company_id']; } } $action = 'update'; } else { $current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C'); if (fn_allowed_for('ULTIMATE')) { if (!empty($user_data['company_id']) || Registry::get('runtime.company_id') || AREA == 'A') { //company_id can be received when we create user account from the backend $company_id = !empty($user_data['company_id']) ? $user_data['company_id'] : Registry::get('runtime.company_id'); if (empty($company_id)) { $company_id = fn_check_user_type_admin_area($user_data['user_type']) ? $user_data['company_id'] : fn_get_default_company_id(); } $user_data['company_id'] = $current_user_data['company_id'] = $company_id; } else { fn_set_notification('W', __('warning'), __('access_denied')); return false; } } $action = 'add'; $user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE; $user_data['timestamp'] = TIME; } $original_password = ''; $current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : ''; $current_user_data['salt'] = !empty($current_user_data['salt']) ? $current_user_data['salt'] : ''; // Set the user type $user_data['user_type'] = fn_check_user_type($user_data, $current_user_data); if (Registry::get('runtime.company_id') && !fn_allowed_for('ULTIMATE') && (!fn_check_user_type_admin_area($user_data['user_type']) || isset($current_user_data['company_id']) && $current_user_data['company_id'] != Registry::get('runtime.company_id'))) { fn_set_notification('W', __('warning'), __('access_denied')); return false; } // Check if this user needs login/password if (fn_user_need_login($user_data['user_type'])) { // Check if user_login already exists // FIXME if (!isset($user_data['email'])) { $user_data['email'] = db_get_field("SELECT email FROM ?:users WHERE user_id = ?i", $user_id); } $is_exist = fn_is_user_exists($user_id, $user_data); if ($is_exist) { fn_set_notification('E', __('error'), __('error_user_exists'), '', 'user_exist'); return false; } // Check the passwords if (!empty($user_data['password1']) || !empty($user_data['password2'])) { $original_password = trim($user_data['password1']); $user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : ''; $user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : ''; } // if the passwords are not set and this is not a forced password check // we will not update password, otherwise let's check password if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) { $valid_passwords = true; if ($user_data['password1'] != $user_data['password2']) { $valid_passwords = false; fn_set_notification('E', __('error'), __('error_passwords_dont_match')); } // PCI DSS Compliance if (fn_check_user_type_admin_area($user_data['user_type'])) { $msg = array(); // Check password length $min_length = Registry::get('settings.Security.min_admin_password_length'); if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) { $valid_passwords = false; $msg[] = str_replace("[number]", $min_length, __('error_password_min_symbols')); } // Check password content if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') { $tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']); if (!$tmp_result) { $valid_passwords = false; $msg[] = __('error_password_content'); } } if ($msg) { fn_set_notification('E', __('error'), implode('<br />', $msg)); } // Check last 4 passwords if (!empty($user_id)) { $prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array(); if (!empty($_SESSION['auth']['forced_password_change'])) { // if forced password change - new password can't be equal to current password. $prev_passwords[] = $current_user_data['password']; } if (in_array(fn_generate_salted_password($user_data['password1'], $current_user_data['salt']), $prev_passwords)) { $valid_passwords = false; fn_set_notification('E', __('error'), __('error_password_was_used')); } else { if (count($prev_passwords) >= 5) { array_shift($prev_passwords); } $user_data['last_passwords'] = implode(',', $prev_passwords); } } } // PCI DSS Compliance if (!$valid_passwords) { return false; } $user_data['salt'] = fn_generate_salt(); $user_data['password'] = fn_generate_salted_password($user_data['password1'], $user_data['salt']); if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) { // if user set current password - there is no necessity to update password_change_timestamp $user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME; } unset($_SESSION['auth']['forced_password_change']); fn_delete_notification('password_expire'); } } $user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status']; // only administrator can change user status // Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area. if (AREA == 'A' || Registry::get('settings.Checkout.address_position') == 'billing_first') { $main_address_zone = BILLING_ADDRESS_PREFIX; $alt_address_zone = SHIPPING_ADDRESS_PREFIX; } else { $main_address_zone = SHIPPING_ADDRESS_PREFIX; $alt_address_zone = BILLING_ADDRESS_PREFIX; } $user_data = fn_fill_contact_info_from_address($user_data, $main_address_zone, $alt_address_zone); if (!fn_allowed_for('ULTIMATE')) { //for ult company_id was set before fn_set_company_id($user_data); } if (!empty($current_user_data['is_root']) && $current_user_data['is_root'] == 'Y') { $user_data['is_root'] = 'Y'; } else { $user_data['is_root'] = 'N'; } // check if it is a root admin $is_root_admin_exists = db_get_field("SELECT user_id FROM ?:users WHERE company_id = ?i AND is_root = 'Y' AND user_id != ?i", $user_data['company_id'], !empty($user_id) ? $user_id : 0); $user_data['is_root'] = empty($is_root_admin_exists) && $user_data['user_type'] !== 'C' ? 'Y' : 'N'; unset($user_data['user_id']); if (!empty($user_id)) { db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id); fn_clean_usergroup_links($user_id, $current_user_data['user_type'], $user_data['user_type']); fn_log_event('users', 'update', array('user_id' => $user_id)); } else { if (!isset($user_data['password_change_timestamp'])) { $user_data['password_change_timestamp'] = 1; } $user_id = db_query("INSERT INTO ?:users ?e", $user_data); fn_log_event('users', 'create', array('user_id' => $user_id)); } $user_data['user_id'] = $user_id; // Set/delete insecure password notification if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['password1'])) { if (!fn_compare_login_password($user_data, $user_data['password1'])) { fn_delete_notification('insecure_password'); } else { $lang_var = 'warning_insecure_password_email'; fn_set_notification('E', __('warning'), __($lang_var, array('[link]' => fn_url("profiles.update?user_id=" . $user_id))), 'K', 'insecure_password'); } } if (empty($user_data['user_login'])) { // if we're using email as login or user type does not require login, fill login field db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id); } // Fill shipping info with billing if needed if (empty($ship_to_another)) { $profile_fields = fn_get_profile_fields($user_data['user_type']); $use_default = AREA == 'A' ? true : false; fn_fill_address($user_data, $profile_fields, $use_default); } $user_data['profile_id'] = fn_update_user_profile($user_id, $user_data, $action); $user_data = fn_get_user_info($user_id, true, $user_data['profile_id']); if ($register_at_checkout) { $user_data['register_at_checkout'] = 'Y'; } $lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE; if (!fn_allowed_for('ULTIMATE:FREE')) { $user_data['usergroups'] = db_get_hash_array("SELECT lnk.link_id, lnk.usergroup_id, lnk.status, a.type, b.usergroup" . " FROM ?:usergroup_links as lnk" . " INNER JOIN ?:usergroups as a ON a.usergroup_id = lnk.usergroup_id AND a.status != 'D'" . " LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s" . " WHERE a.status = 'A' AND lnk.user_id = ?i AND lnk.status != 'D' AND lnk.status != 'F'", 'usergroup_id', $lang_code, $user_id); } // Send notifications to customer if (!empty($notify_user)) { $from = 'company_users_department'; if (fn_allowed_for('MULTIVENDOR')) { // Vendor administrator's notification // is sent from root users department if ($user_data['user_type'] == 'V') { $from = 'default_company_users_department'; } } // Notify customer about profile activation (when update profile only) if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') { Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/profile_activated.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code); } // Notify customer about profile add/update $prefix = $action == 'add' ? 'create' : 'update'; // Send password to user only if it was created by admin or vendor if (AREA != 'C' && $auth['user_id'] != $user_id) { $password = $original_password; } else { $password = null; } Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('password' => $password, 'user_data' => $user_data), 'tpl' => 'profiles/' . $prefix . '_profile.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code); } if ($action == 'add') { if (AREA != 'A') { if (Registry::get('settings.General.approve_user_profiles') == 'Y') { fn_set_notification('W', __('important'), __('text_profile_should_be_approved')); // Notify administrator about new profile Mailer::sendMail(array('to' => 'company_users_department', 'from' => 'company_users_department', 'reply_to' => $user_data['email'], 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/activate_profile.tpl', 'company_id' => $user_data['company_id']), 'A', Registry::get('settings.Appearance.backend_default_language')); } else { fn_set_notification('N', __('information'), __('text_profile_is_created')); } } if (!is_null($auth)) { if (!empty($auth['order_ids'])) { db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']); } } } else { if (AREA == 'C') { fn_set_notification('N', __('information'), __('text_profile_is_updated')); } } fn_set_hook('update_profile', $action, $user_data, $current_user_data); return array($user_id, !empty($user_data['profile_id']) ? $user_data['profile_id'] : false); }
/** * Creates admin account * @param string $email Administrator email * @param string $password Administrator password * * @return bool Always true */ private function _createAdminAccount($email, $password) { // Insert root admin $user_data = array('user_id' => 1, 'status' => 'A', 'user_type' => 'A', 'is_root' => 'Y', 'password' => md5($password), 'email' => $email, 'user_login' => 'admin', 'title' => 'mr', 'firstname' => 'Admin', 'lastname' => 'Admin', 'company' => 'Your company', 'phone' => '55 55 555 5555', 'lang_code' => $this->_cart_settings['main_language'], 'profile_name' => 'Main'); $profile = array('title' => 'mr', 'firstname' => 'John', 'lastname' => 'Doe', 'address' => '44 Main street', 'address_2' => 'test', 'city' => 'Boston', 'county' => '', 'state' => 'MA', 'country' => 'US', 'zipcode' => '02134', 'phone' => ''); foreach ($profile as $k => $v) { $user_data['b_' . $k] = $v; $user_data['s_' . $k] = $v; } db_query("REPLACE INTO ?:users ?e", $user_data); fn_update_user_profile(1, $user_data, 'add'); return true; }