$obj_customer->id = @security_form_input_predefined("int", "id_customer", 1, "");
// check password (if the user has requested to change it)
if ($_POST["password"] || $_POST["password_confirm"]) {
$data["password"] = @security_form_input_predefined("any", "password", 4, "");
$data["password_confirm"] = @security_form_input_predefined("any", "password_confirm", 4, "");
if ($data["password"] != $data["password_confirm"]) {
$_SESSION["error"]["message"][] = "Customer passwords do not match.";
$_SESSION["error"]["password-error"] = 1;
$_SESSION["error"]["password_confirm-error"] = 1;
}
}
/*
Error Handling
*/
// verify valid customer ID
if (!$obj_customer->verify_id()) {
log_write("error", "process", "The customer you have attempted to edit - " . $obj_customer->id . " - does not exist in this system.");
}
// make sure the module is enabled
if (sql_get_singlevalue("SELECT value FROM config WHERE name='MODULE_CUSTOMER_PORTAL' LIMIT 1") != "enabled") {
log_write("error", "page_output", "MODULE_CUSTOMER_PORTAL is disabled, enable it if you wish to adjust customer portal configuration options.");
}
if (error_check()) {
$_SESSION["error"]["form"]["customer_portal"] = "failed";
header("Location: ../index.php?page=customers/portal.php");
exit(0);
}
/*
Process Data
*/
// update portal
function customer_portal_auth($id_customer, $code_customer, $password_plaintext)
{
log_debug("customers", "Executing customer_portal_auth({$id_customer}, {$code_customer}, *plaintextpassword*)");
if (user_permissions_get("customers_portal_auth")) {
$obj_customer = new customer_portal();
/*
Load SOAP Data
*/
$data["id"] = @security_script_input_predefined("int", $id_customer);
$data["code_customer"] = @security_script_input_predefined("any", $code_customer);
$data["password_plaintext"] = @security_script_input_predefined("any", $password_plaintext);
foreach (array_keys($data) as $key) {
if ($data[$key] == "error" && $data[$key] != 0) {
throw new SoapFault("Sender", "INVALID_INPUT ");
}
}
/*
Fetch & verify ID
*/
if (!$data["id"]) {
// verify the supplied customer code and fetch the ID from it
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM customers WHERE code_customer='" . $data["code_customer"] . "' LIMIT 1";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
$obj_customer->id = $sql_obj->data[0]["id"];
} else {
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
}
} else {
// use supplied ID
$obj_customer->id = $data["id"];
// verify valid ID
if (!$obj_customer->verify_id()) {
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
}
}
/*
Verify Password
*/
if ($obj_customer->auth_login($data["password_plaintext"])) {
return $obj_customer->id;
} else {
throw new SoapFault("Sender", "INVALID_AUTHDETAILS");
}
} else {
throw new SoapFault("Sender", "ACCESS DENIED");
}
}