function login($VAR) { global $C_auth; # Check for target user $display_this = false; if (!empty($VAR['account_id'])) { // var_dump($VAR); ### Get any authorized groups of the target account $dba =& DB(); $sql = 'SELECT group_id FROM ' . AGILE_DB_PREFIX . 'account_group WHERE site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND account_id = ' . $dba->qstr($VAR['account_id']) . ' AND active = ' . $dba->qstr("1") . ' ORDER BY group_id'; $groups = $dba->Execute($sql); while (!$groups->EOF) { $group[] = $groups->fields['group_id']; $groups->MoveNext(); } ### Verify the user has access to view this account: if (SESS_ACCOUNT != $VAR['account_id']) { $display_this = true; for ($ix = 0; $ix < count($group); $ix++) { if (!$C_auth->auth_group_by_id($group[$ix])) { $display_this = false; } } } else { return false; } } else { return false; } # Logout current user and login as the target user if ($display_this) { $db =& DB(); $sql = 'SELECT username,password FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND id = ' . $dba->qstr($VAR['account_id']); $acct = $db->Execute($sql); $arr['_username'] = $acct->fields['username']; $arr['_password'] = $acct->fields['password']; include_once PATH_CORE . 'login.inc.php'; $login = new CORE_login_handler(); // $login->logout($VAR); $login->login($arr, $md5 = false); define('REDIRECT_PAGE', '?_page=account:account&tid=' . DEFAULT_THEME); } #################################################################### ### Do any db_mapping #################################################################### $db =& DB(); $sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND name = ' . $db->qstr('db_mapping') . ' AND status = ' . $db->qstr("1"); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->login($VAR['account_id']); } }
function login($VAR, $md5 = true) { global $C_translate, $C_debug; # check that the username/password are both set if ($VAR['_username'] == '' || $VAR['_password'] == '') { $C_debug->alert($C_translate->translate('login_enter_both', '', '')); return; } # md5 the password if ($md5) { $pass = md5($VAR['_password']); } else { $pass = $VAR['_password']; } # check the database for a match $db =& DB(); $q = "SELECT id,status,username,password,date_expire FROM " . AGILE_DB_PREFIX . "account WHERE\n\t\t\t\tpassword = '******' AND\n\t\t\t\tusername = '******'_username'] . "' AND\n\t\t\t\tsite_id = '" . DEFAULT_SITE . "'"; $result = $db->Execute($q); # get the account id $id = $result->fields['id']; # check that their is no lock on this account id or IP address: if ($this->locked($id)) { $C_debug->alert($C_translate->translate('login_locked', '', '')); return; } # verify the username/password match. if ($result->fields['username'] == $VAR['_username']) { if ($result->fields['password'] !== $VAR['_password'] && $result->fields['password'] != $pass) { # no match $C_debug->alert($C_translate->translate('login_pw_failed', '', '')); # log as a failed login $this->lock_check($VAR, "0", $id); return; } } else { # no username match $C_debug->alert($C_translate->translate('login_un_pw_failed', '', '')); # reload the login page $VAR["_page"] = 'account:login'; # log as a failed login $this->lock_check($VAR, "0", $VAR['_username']); return; } if ($result->fields['date_expire'] == "0" || $result->fields['date_expire'] == "") { $date_expire = time() + 99; } else { $date_expire = $result->fields['date_expire']; } # check that it is an active account if ($result->fields['status'] != "1" || $date_expire <= time()) { # inactive account $C_debug->alert($C_translate->translate('login_inactive', '', '')); # log as failed login $this->lock_check($VAR, "0", $id); return; } else { # active account - check for password sharing if login_share module is installed include_once PATH_CORE . 'list.inc.php'; $C_list = new CORE_list(); if ($C_list->is_installed('login_share')) { include_once PATH_MODULES . 'login_share/login_share.inc.php'; $share = new login_share(); if (!$share->login($id, $VAR['_username'])) { # shared account alert $C_debug->alert($C_translate->translate('shared_account', 'login_share', '')); # log as failed login $this->lock_check($VAR, "0", $id); return; } } } # set the expiry date of the login session $date_expire = time() + SESSION_EXPIRE * 60; # update the DB $db =& DB(); $q = "UPDATE " . AGILE_DB_PREFIX . "session\n\t\t\t\tSET\n\t\t\t\tip= '" . USER_IP . "',\n\t\t\t\tdate_expire = '{$date_expire}',\n\t\t\t\tlogged = '1',\n\t\t\t\taccount_id = '{$id}'\n\t\t\t\tWHERE\n\t\t\t\tid = '" . SESS . "'\n\t\t\t\tAND\n\t\t\t\tsite_id = '" . DEFAULT_SITE . "'"; $result = $db->Execute($q); # delete any old sessions for this account $db =& DB(); $q = "DELETE FROM " . AGILE_DB_PREFIX . "session WHERE\n\t\t\t\taccount_id = '{$id}' \tAND\n\t\t\t\tid != '" . SESS . "' AND\n\t\t\t\tsite_id = '" . DEFAULT_SITE . "'"; $result = $db->Execute($q); #return logged in message $C_debug->alert($C_translate->translate('login_success', '', '')); # Get the last successful login: $db =& DB(); $q = "SELECT * FROM " . AGILE_DB_PREFIX . "login_log WHERE\n\t\t\t account_id = " . $db->qstr($id) . " \tAND\n\t\t\t status = " . $db->qstr(1) . " AND\n\t\t\t site_id = " . $db->qstr(DEFAULT_SITE) . "\n\t\t\t ORDER BY date_orig DESC LIMIT 1"; $result = $db->Execute($q); if ($result->RecordCount() != 0) { $ip = $result->fields["ip"]; $date = $result->fields["date_orig"]; $date1 = date(UNIX_DATE_FORMAT, $date); $date1 .= " " . date(DEFAULT_TIME_FORMAT, $date); $message = $C_translate->translate('login_log_success', '', ''); $message = ereg_replace('%date%', $date1, $message); $message = ereg_replace('%ip%', $ip, $message); $C_debug->alert($message); } # log the successful login $this->lock_check($VAR, "1", $id); #################################################################### ### Do any db_mapping #################################################################### $sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND name = ' . $db->qstr('db_mapping') . ' AND status = ' . $db->qstr("1"); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->login($id); } }
function add($VAR) { if (!$this->checkLimits()) { return false; } // check account limits $this->account_construct(); global $C_list, $C_translate, $C_debug, $VAR, $smarty; $this->validated = true; ### Set the hidden values: $VAR['account_date_orig'] = time(); $VAR['account_date_last'] = time(); if (defined("SESS_LANGUAGE")) { @($VAR['account_language_id'] = SESS_LANGUAGE); } else { @($VAR['account_language_id'] = DEFAULT_LANGUAGE); } if (defined("SESS_AFFILIATE")) { @($VAR['account_affiliate_id'] = SESS_AFFILIATE); } else { @($VAR['account_affiliate_id'] = DEFAULT_AFFILIATE); } if (defined("SESS_RESELLER")) { @($VAR['account_reseller_id'] = SESS_RESELLER); } else { @($VAR['account_reseller_id'] = DEFAULT_RESELLER); } if (defined("SESS_CURRENCY")) { @($VAR['account_currency_id'] = SESS_CURRENCY); } else { @($VAR['account_currency_id'] = DEFAULT_CURRENCY); } if (defined("SESS_THEME")) { @($VAR['account_theme_id'] = SESS_THEME); } else { @($VAR['account_theme_id'] = DEFAULT_THEME); } if (defined("SESS_CAMPAIGN")) { @($VAR['account_campaign_id'] = SESS_CAMPAIGN); } else { @($VAR['account_campaign_id'] = 0); } if (!isset($VAR['account_email_type']) && @$VAR['account_email_type'] != "1") { @($VAR['account_email_type'] = '0'); } ### Determine the proper account status: if (DEFAULT_ACCOUNT_STATUS != '1') { $status = '1'; } else { $status = '0'; } ## Single field login: if (defined('SINGLE_FIELD_LOGIN') && SINGLE_FIELD_LOGIN == true && empty($VAR['account_password'])) { $VAR['account_password'] = '******'; $VAR['confirm_password'] = '******'; } #################################################################### ### loop through the field list to validate the required fields #################################################################### $type = 'add'; $this->method["{$type}"] = split(",", $this->method["{$type}"]); $arr = $this->method["{$type}"]; include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $this->validated = true; while (list($key, $value) = each($arr)) { # get the field value $field_var = $this->module . '_' . $value; $field_name = $value; #################################################################### ### perform any field validation... #################################################################### # check if this value is unique if (isset($this->field["{$value}"]["unique"]) && isset($VAR["{$field_var}"])) { if (!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["{$field_var}"])) { $this->validated = false; $this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_unique', "", "")); } } # check if the submitted value meets the specifed requirements if (isset($this->field["{$value}"]["validate"])) { if (isset($VAR["{$field_var}"])) { if ($VAR["{$field_var}"] != '') { if (!$validate->validate($field_name, $this->field["{$value}"], $VAR["{$field_var}"], $this->field["{$value}"]["validate"])) { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["{$field_name}"]); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } } #################################################################### ### Validate the password #################################################################### if (isset($VAR['account_password']) && $VAR['account_password'] != "") { if (isset($VAR['confirm_password']) && $VAR['account_password'] == $VAR['confirm_password']) { $password = $VAR['account_password']; $smarty->assign('confirm_account_password', $VAR["account_password"]); } else { ### ERROR: The passwords provided do not match! $smarty->assign('confirm_account_password', ''); $this->validated = false; $this->val_error[] = array('field' => 'account_confirm_password', 'field_trans' => $C_translate->translate('field_confirm_password', $this->module, ""), 'error' => $C_translate->translate('password_change_match', "account", "")); } } else { $smarty->assign('confirm_account_password', ''); } #################################################################### ### Validate that the user's IP & E-mail are not banned! #################################################################### if ($this->validated) { require_once PATH_MODULES . 'blocked_email/blocked_email.inc.php'; $blocked_email = new blocked_email(); if (!$blocked_email->is_blocked($VAR['account_email'])) { $this->val_error[] = array('field' => 'account_email', 'field_trans' => $C_translate->translate('field_email', $this->module, ""), 'error' => $C_translate->translate('validate_banned_email', "", "")); } require_once PATH_MODULES . 'blocked_ip/blocked_ip.inc.php'; $blocked_ip = new blocked_ip(); if (!$blocked_ip->is_blocked(USER_IP)) { $this->val_error[] = array('field' => 'IP Address', 'field_trans' => $C_translate->translate('ip_address', $this->module, ""), 'error' => $C_translate->translate('validate_banned_ip', "", "")); } } // validate the tax_id require_once PATH_MODULES . 'tax/tax.inc.php'; $taxObj = new tax(); $tax_arr = @$VAR['account_tax_id']; if (is_array($tax_arr)) { foreach ($tax_arr as $country_id => $tax_id) { if ($country_id == $VAR['account_country_id']) { $exempt = @$VAR["account_tax_id_exempt"][$country_id]; if (!$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) { $this->validated = false; $this->val_error[] = array('field' => 'account_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", "")); } if ($exempt) { $VAR['account_tax_id'] = false; } else { $VAR['account_tax_id'] = $tax_id; } } } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form($this->module, $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; } #################################################################### ### If validation was failed, skip the db insert & ### set the errors & origonal fields as Smarty objects, ### and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } # Stripslashes global $C_vars; $C_vars->strip_slashes_all(); return; } # Get default invoice options $db =& DB(); $invopt = $db->Execute(sqlSelect($db, "setup_invoice", "*", "")); if ($invopt && $invopt->RecordCount()) { $invoice_delivery = $invopt->fields['invoice_delivery']; $invoice_format = $invopt->fields['invoice_show_itemized']; } /* hash the password */ if (defined('PASSWORD_ENCODING_SHA')) { $password_encoded = sha1($password); } else { $password_encoded = md5($password); } #################################################################### ### Insert the account record #################################################################### $this->account_id = $db->GenID(AGILE_DB_PREFIX . 'account_id'); $validation_str = time(); /** get parent id */ $this->account_id; if (empty($this->parent_id)) { $this->parent_id = $this->account_id; } $sql = ' INSERT INTO ' . AGILE_DB_PREFIX . 'account SET id = ' . $db->qstr($this->account_id) . ', site_id = ' . $db->qstr(DEFAULT_SITE) . ', date_orig = ' . $db->qstr($validation_str) . ', date_last = ' . $db->qstr(time()) . ', language_id = ' . $db->qstr($VAR["account_language_id"]) . ', country_id = ' . $db->qstr($VAR["account_country_id"]) . ', parent_id = ' . $db->qstr($this->parent_id) . ', affiliate_id = ' . $db->qstr(@$VAR["account_affiliate_id"]) . ', campaign_id = ' . $db->qstr(@$VAR["account_campaign_id"]) . ', reseller_id = ' . $db->qstr(@$VAR["account_reseller_id"]) . ', currency_id = ' . $db->qstr($VAR["account_currency_id"]) . ', theme_id = ' . $db->qstr($VAR["account_theme_id"]) . ', username = '******', password = '******', status = ' . $db->qstr($status) . ', first_name = ' . $db->qstr($VAR["account_first_name"], get_magic_quotes_gpc()) . ', middle_name = ' . $db->qstr($VAR["account_middle_name"], get_magic_quotes_gpc()) . ', last_name = ' . $db->qstr($VAR["account_last_name"], get_magic_quotes_gpc()) . ', company = ' . $db->qstr($VAR["account_company"], get_magic_quotes_gpc()) . ', title = ' . $db->qstr($VAR["account_title"], get_magic_quotes_gpc()) . ', email = ' . $db->qstr($VAR["account_email"], get_magic_quotes_gpc()) . ', address1 = ' . $db->qstr($VAR["account_address1"], get_magic_quotes_gpc()) . ', address2 = ' . $db->qstr($VAR["account_address2"], get_magic_quotes_gpc()) . ', city = ' . $db->qstr($VAR["account_city"], get_magic_quotes_gpc()) . ', state = ' . $db->qstr($VAR["account_state"], get_magic_quotes_gpc()) . ', zip = ' . $db->qstr($VAR["account_zip"], get_magic_quotes_gpc()) . ', email_type = ' . $db->qstr($VAR["account_email_type"], get_magic_quotes_gpc()) . ', invoice_delivery= ' . $db->qstr(@$invoice_delivery) . ', invoice_show_itemized=' . $db->qstr(@$invoice_format) . ', invoice_advance_gen = ' . $db->qstr(MAX_INV_GEN_PERIOD) . ', invoice_grace = ' . $db->qstr(GRACE_PERIOD) . ', tax_id = ' . $db->qstr(@$VAR['account_tax_id']); $result = $db->Execute($sql); #################################################################### ### error reporting: #################################################################### if ($result === false) { global $C_debug; $C_debug->error('account.inc.php', 'add', $db->ErrorMsg()); if (isset($this->trigger["{$type}"])) { include_once PATH_CORE . 'trigger.inc.php'; $trigger = new CORE_trigger(); $trigger->trigger($this->trigger["{$type}"], 0, $VAR); } return; } /* password logging class */ if ($C_list->is_installed('account_password_history')) { include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php'; $accountHistory = new account_password_history(); $accountHistory->setNewPassword($this->account_id, $password_encoded); } #################################################################### ### Add the account to the default group: #################################################################### $group_id = $db->GenID(AGILE_DB_PREFIX . 'account_group_id'); $sql = ' INSERT INTO ' . AGILE_DB_PREFIX . 'account_group SET id = ' . $db->qstr($group_id) . ', site_id = ' . $db->qstr(DEFAULT_SITE) . ', date_orig = ' . $db->qstr(time()) . ', group_id = ' . $db->qstr(DEFAULT_GROUP) . ', account_id = ' . $db->qstr($this->account_id) . ', active = ' . $db->qstr('1'); $db->Execute($sql); #################################################################### ### Insert the static vars: #################################################################### $static_var->add($VAR, $this->module, $this->account_id); #################################################################### ### Mail the user the new_account email template #################################################################### require_once PATH_MODULES . 'email_template/email_template.inc.php'; $my = new email_template(); if ($status == "1") { $my->send('account_registration_active', $this->account_id, $this->account_id, '', ''); } else { $validation_str = strtoupper($validation_str . ':' . $this->account_id); $my->send('account_registration_inactive', $this->account_id, '', '', $validation_str); } #################################################################### ### Add the newsletters #################################################################### if (NEWSLETTER_REGISTRATION == "1") { @($VAR['newsletter_html'] = $VAR['account_email_type']); $VAR['newsletter_email'] = $VAR['account_email']; $VAR['newsletter_first_name'] = $VAR['account_first_name']; $VAR['newsletter_last_name'] = $VAR['account_last_name']; require_once PATH_MODULES . '/newsletter/newsletter.inc.php'; $newsletter = new newsletter(); $newsletter->subscribe($VAR, $this); } #################################################################### ### Log in the user & display the welcome message #################################################################### if ($status == "1") { if ($this->parent_id == $this->account_id || empty($this->parent_id)) { $C_debug->alert($C_translate->translate("user_add_active_welcome", "account", "")); if (SESSION_EXPIRE == 0) { $exp = 99999; } else { $exp = SESSION_EXPIRE; } $date_expire = time() + SESSION_EXPIRE * 60; # update the session $db =& DB(); $q = "UPDATE " . AGILE_DB_PREFIX . "session\n\t\t\t\t\t\tSET\n\t\t\t\t\t\tip= " . $db->qstr(USER_IP) . ",\n\t\t\t\t\t\tdate_expire = " . $db->qstr($date_expire) . ",\n\t\t\t\t\t\tlogged = " . $db->qstr('1') . ",\n\t\t\t\t\t\taccount_id = " . $db->qstr($this->account_id) . "\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\tid = " . $db->qstr(SESS) . "\n\t\t\t\t\t\tAND\n\t\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE); $result = $db->Execute($q); ### constants define('FORCE_SESS_ACCOUNT', $this->account_id); define('FORCE_SESS_LOGGED', 1); ### Reload the session auth cache if (CACHE_SESSIONS == '1') { $force = true; $C_auth = new CORE_auth($force); global $C_auth2; $C_auth2 = $C_auth; } if (isset($VAR['_page_next'])) { define('REDIRECT_PAGE', '?_page=' . $VAR['_page_next']); } elseif (isset($VAR['_page'])) { define('REDIRECT_PAGE', '?_page=' . $VAR['_page']); } } #################################################################### ### Do any db_mapping #################################################################### if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); if (!empty($password)) { $db_map->plaintext_password = $password; } else { $db_map->plaintext_password = false; } $db_map->account_add($this->account_id); $db_map = new db_mapping(); $db_map->login($this->account_id); } #################################################################### ### Affiliate Auto Creation #################################################################### if (AUTO_AFFILIATE == 1 && $C_list->is_installed("affiliate")) { $VAR['affiliate_account_id'] = $this->account_id; $VAR['affiliate_template_id'] = DEFAULT_AFFILIATE_TEMPLATE; include_once PATH_MODULES . 'affiliate/affiliate.inc.php'; $affiliate = new affiliate(); $affiliate->add($VAR, $affiliate); } } else { $C_debug->alert($C_translate->translate("user_add_inactive_welcome", "account", "")); define('FORCE_PAGE', 'core:blank'); } }